spot pushed to v8 (f20). "fix for CVE-2014-3152"

notifications at fedoraproject.org notifications at fedoraproject.org
Thu Apr 23 19:11:51 UTC 2015 

>From d4f1ff32d72846e7d453c06d5e6fc4ca8864d569 Mon Sep 17 00:00:00 2001
From: Tom Callaway <spot at fedoraproject.org>
Date: Thu, 23 Apr 2015 15:11:43 -0400
Subject: fix for CVE-2014-3152


diff --git a/v8-3.4.14-CVE-2014-3152.patch b/v8-3.4.14-CVE-2014-3152.patch
new file mode 100644
index 0000000..a399c79
--- /dev/null
+++ b/v8-3.4.14-CVE-2014-3152.patch
@@ -0,0 +1,13 @@
+diff -up v8-3.14.5.10/src/arm/lithium-codegen-arm.cc.cve20143152 v8-3.14.5.10/src/arm/lithium-codegen-arm.cc
+--- v8-3.14.5.10/src/arm/lithium-codegen-arm.cc.cve20143152	2015-04-23 14:51:20.095648219 -0400
++++ v8-3.14.5.10/src/arm/lithium-codegen-arm.cc	2015-04-23 14:53:28.834149299 -0400
+@@ -3034,7 +3034,8 @@ MemOperand LCodeGen::PrepareKeyedOperand
+     return MemOperand(base, scratch0(), LSL, shift_size);
+   } else {
+     ASSERT_EQ(-1, shift_size);
+-    return MemOperand(base, scratch0(), LSR, 1);
++    // key can be negative, so using ASR here.
++    return MemOperand(base, scratch0(), ASR, 1);
+   }
+ }
+ 
diff --git a/v8.spec b/v8.spec
index 45b05ec..eb77fb1 100644
--- a/v8.spec
+++ b/v8.spec
@@ -23,7 +23,7 @@
 
 Name:		v8
 Version:	%{somajor}.%{sominor}.%{sobuild}.%{sotiny}
-Release:	17%{?dist}
+Release:	18%{?dist}
 Epoch:		1
 Summary:	JavaScript Engine
 Group:		System Environment/Libraries
@@ -118,6 +118,11 @@ Patch17:    v8-3.14.5.10-busy-loop.patch
 # https://codereview.chromium.org/806143002
 Patch18:    v8-3.14.5.10-profiler-log.patch
 
+# Fix CVE in ARM code
+# https://bugzilla.redhat.com/show_bug.cgi?id=1101057
+# https://codereview.chromium.org/219473002
+Patch19:    v8-3.4.14-CVE-2014-3152.patch
+
 %description
 V8 is Google's open source JavaScript engine. V8 is written in C++ and is used 
 in Google Chrome, the open source browser from Google. V8 implements ECMAScript 
@@ -151,6 +156,7 @@ Development headers and libraries for v8.
 %patch16 -p1 -b .unhandled-ReferenceError
 %patch17 -p1 -b .busy-loop
 %patch18 -p1 -b .profiler-log
+%patch19 -p1 -b .cve20143152
 
 # Do not need this lying about.
 rm -rf src/third_party/valgrind
@@ -318,6 +324,9 @@ rm -rf %{buildroot}
 %{python_sitelib}/j*.py*
 
 %changelog
+* Thu Apr 23 2015 Tom Callaway <spot at fedoraproject.org> - 1:3.14.5.10-18
+- backport security fix for ARM - CVE-2014-3152
+
 * Thu Feb 19 2015 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-17
 - backports for nodejs 0.10.36
 
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/v8.git/commit/?h=f20&id=d4f1ff32d72846e7d453c06d5e6fc4ca8864d569

More information about the scm-commits mailing list