!11 upstream to 1.3.2

From: @leeffo 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl

0001-Issue-162-Check-stack-overflow-during-regexp-compila.patch

@@ -1,64 +0,0 @@
-From 160ae29578054dc09fd91e5401ef040d52797e61 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Tue, 17 May 2022 15:31:50 +0200
-Subject: [PATCH 1/3] Issue #162: Check stack overflow during regexp
- compilation.
-
-Only bother checking during the first compilation pass that counts
-the size of the program.
----
- regexp.c | 21 +++++++++++----------
- 1 file changed, 11 insertions(+), 10 deletions(-)
-
-diff --git a/regexp.c b/regexp.c
-index 9d16867..8a43fef 100644
---- a/regexp.c
-+++ b/regexp.c
-@@ -622,25 +622,26 @@ struct Reinst {
- 	Reinst *y;
- };
- 
--static int count(struct cstate *g, Renode *node)
-+static int count(struct cstate *g, Renode *node, int depth)
- {
- 	int min, max, n;
- 	if (!node) return 0;
-+	if (++depth > REG_MAXREC) die(g, "stack overflow");
- 	switch (node->type) {
- 	default: return 1;
--	case P_CAT: return count(g, node->x) + count(g, node->y);
--	case P_ALT: return count(g, node->x) + count(g, node->y) + 2;
-+	case P_CAT: return count(g, node->x, depth) + count(g, node->y, depth);
-+	case P_ALT: return count(g, node->x, depth) + count(g, node->y, depth) + 2;
- 	case P_REP:
- 		min = node->m;
- 		max = node->n;
--		if (min == max) n = count(g, node->x) * min;
--		else if (max < REPINF) n = count(g, node->x) * max + (max - min);
--		else n = count(g, node->x) * (min + 1) + 2;
-+		if (min == max) n = count(g, node->x, depth) * min;
-+		else if (max < REPINF) n = count(g, node->x, depth) * max + (max - min);
-+		else n = count(g, node->x, depth) * (min + 1) + 2;
- 		if (n < 0 || n > REG_MAXPROG) die(g, "program too large");
- 		return n;
--	case P_PAR: return count(g, node->x) + 2;
--	case P_PLA: return count(g, node->x) + 2;
--	case P_NLA: return count(g, node->x) + 2;
-+	case P_PAR: return count(g, node->x, depth) + 2;
-+	case P_PLA: return count(g, node->x, depth) + 2;
-+	case P_NLA: return count(g, node->x, depth) + 2;
- 	}
- }
- 
-@@ -903,7 +904,7 @@ Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
- 	putchar('\n');
- #endif
- 
--	n = 6 + count(&g, node);
-+	n = 6 + count(&g, node, 0);
- 	if (n < 0 || n > REG_MAXPROG)
- 		die(&g, "program too large");
- 
--- 
-2.20.1
-

0002-Issue-161-Don-t-fclose-a-FILE-that-is-NULL.patch

@@ -1,25 +0,0 @@
-From 910acc807c3c057e1c0726160808f3a9f37b40ec Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Tue, 17 May 2022 15:53:30 +0200
-Subject: [PATCH 2/3] Issue #161: Don't fclose a FILE that is NULL.
-
----
- pp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/pp.c b/pp.c
-index bf6000c..2657369 100644
---- a/pp.c
-+++ b/pp.c
-@@ -34,7 +34,7 @@ void js_ppfile(js_State *J, const char *filename, int minify)
- 
- 	if (js_try(J)) {
- 		js_free(J, s);
--		fclose(f);
-+		if (f) fclose(f);
- 		js_throw(J);
- 	}
- 
--- 
-2.20.1
-

0003-Issue-161-Cope-with-empty-programs-in-mujs-pp.patch

@@ -1,54 +0,0 @@
-From f5b3c703e18725e380b83427004632e744f85a6f Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Tue, 17 May 2022 15:57:00 +0200
-Subject: [PATCH 3/3] Issue #161: Cope with empty programs in mujs-pp.
-
----
- jsdump.c | 24 ++++++++++++++----------
- 1 file changed, 14 insertions(+), 10 deletions(-)
-
-diff --git a/jsdump.c b/jsdump.c
-index 86361e6..42c9f0f 100644
---- a/jsdump.c
-+++ b/jsdump.c
-@@ -682,11 +682,13 @@ static void pstmlist(int d, js_Ast *list)
- void jsP_dumpsyntax(js_State *J, js_Ast *prog, int dominify)
- {
- 	minify = dominify;
--	if (prog->type == AST_LIST)
--		pstmlist(-1, prog);
--	else {
--		pstm(0, prog);
--		nl();
-+	if (prog) {
-+		if (prog->type == AST_LIST)
-+			pstmlist(-1, prog);
-+		else {
-+			pstm(0, prog);
-+			nl();
-+		}
- 	}
- 	if (minify > 1)
- 		putchar('\n');
-@@ -768,11 +770,13 @@ static void sblock(int d, js_Ast *list)
- void jsP_dumplist(js_State *J, js_Ast *prog)
- {
- 	minify = 0;
--	if (prog->type == AST_LIST)
--		sblock(0, prog);
--	else
--		snode(0, prog);
--	nl();
-+	if (prog) {
-+		if (prog->type == AST_LIST)
-+			sblock(0, prog);
-+		else
-+			snode(0, prog);
-+		nl();
-+	}
- }
- 
- /* Compiled code */
--- 
-2.20.1
-

mujs.spec

@@ -1,6 +1,6 @@
 Name:           mujs
-Version:        1.2.0
+Version:        1.3.2
-Release:        2
+Release:        1
 Summary:        An embeddable Javascript interpreter
 License:        ISC
 URL:            http://mujs.com/
@@ -8,13 +8,8 @@ URL:            http://mujs.com/
 # Github mirror of mujs.com repository provides releases from tags
 Source0:        https://mujs.com/downloads/mujs-%{version}.tar.gz
 
-# CVE-2022-30974
-Patch0001:      0001-Issue-162-Check-stack-overflow-during-regexp-compila.patch
-Patch0002:      0002-Issue-161-Don-t-fclose-a-FILE-that-is-NULL.patch
-# CVE-2022-30975
-Patch0003:      0003-Issue-161-Cope-with-empty-programs-in-mujs-pp.patch
 
-BuildRequires:  coreutils
+#BuildRequires:  coreutils
 BuildRequires:  gcc
 BuildRequires:  grep
 BuildRequires:  make
@@ -26,6 +21,7 @@ other software to extend them with scripting capabilities.
 
 %package devel
 Summary:        MuJS development files
+Requires:       %{name}%{?_isa} = %{version}-%{release}
 Provides:       %{name}-static = %{version}-%{release}
 
 %description devel
@@ -35,9 +31,6 @@ This package provides the MuJS static library.
 %setup -q -n %{name}-%{version}
 chmod a-x -v docs/*
 
-%patch0001 -p1
-%patch0002 -p1
-%patch0003 -p1
 
 %build
 make debug %{?_smp_mflags} XCFLAGS="%{optflags} -fPIC" LDFLAGS="%{?__global_ldflags}"
@@ -59,6 +52,10 @@ make install DESTDIR=%{buildroot} prefix="%{_prefix}" libdir="%{_libdir}" \
 %{_libdir}/lib%{name}.a
 
 %changelog
+* Tue Feb 21 2023 liweiganga <liweiganga@uniontech.com> - 1.3.2-1
+- upstream to 1.3.2
+- fix CVE-2022-44789
+
 * Tue Sep 27 2022 liweiganga <liweiganga@uniontech.com> - 1.2.0-2
 - fix: fix CVE-2022-30974 CVE-2022-30974