spot pushed to v8 (f20). "fix for CVE-2014-3152"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 23 19:11:51 UTC 2015
>From d4f1ff32d72846e7d453c06d5e6fc4ca8864d569 Mon Sep 17 00:00:00 2001
From: Tom Callaway <spot at fedoraproject.org>
Date: Thu, 23 Apr 2015 15:11:43 -0400
Subject: fix for CVE-2014-3152
diff --git a/v8-3.4.14-CVE-2014-3152.patch b/v8-3.4.14-CVE-2014-3152.patch
new file mode 100644
index 0000000..a399c79
--- /dev/null
+++ b/v8-3.4.14-CVE-2014-3152.patch
@@ -0,0 +1,13 @@
+diff -up v8-3.14.5.10/src/arm/lithium-codegen-arm.cc.cve20143152 v8-3.14.5.10/src/arm/lithium-codegen-arm.cc
+--- v8-3.14.5.10/src/arm/lithium-codegen-arm.cc.cve20143152 2015-04-23 14:51:20.095648219 -0400
++++ v8-3.14.5.10/src/arm/lithium-codegen-arm.cc 2015-04-23 14:53:28.834149299 -0400
+@@ -3034,7 +3034,8 @@ MemOperand LCodeGen::PrepareKeyedOperand
+ return MemOperand(base, scratch0(), LSL, shift_size);
+ } else {
+ ASSERT_EQ(-1, shift_size);
+- return MemOperand(base, scratch0(), LSR, 1);
++ // key can be negative, so using ASR here.
++ return MemOperand(base, scratch0(), ASR, 1);
+ }
+ }
+
diff --git a/v8.spec b/v8.spec
index 45b05ec..eb77fb1 100644
--- a/v8.spec
+++ b/v8.spec
@@ -23,7 +23,7 @@
Name: v8
Version: %{somajor}.%{sominor}.%{sobuild}.%{sotiny}
-Release: 17%{?dist}
+Release: 18%{?dist}
Epoch: 1
Summary: JavaScript Engine
Group: System Environment/Libraries
@@ -118,6 +118,11 @@ Patch17: v8-3.14.5.10-busy-loop.patch
# https://codereview.chromium.org/806143002
Patch18: v8-3.14.5.10-profiler-log.patch
+# Fix CVE in ARM code
+# https://bugzilla.redhat.com/show_bug.cgi?id=1101057
+# https://codereview.chromium.org/219473002
+Patch19: v8-3.4.14-CVE-2014-3152.patch
+
%description
V8 is Google's open source JavaScript engine. V8 is written in C++ and is used
in Google Chrome, the open source browser from Google. V8 implements ECMAScript
@@ -151,6 +156,7 @@ Development headers and libraries for v8.
%patch16 -p1 -b .unhandled-ReferenceError
%patch17 -p1 -b .busy-loop
%patch18 -p1 -b .profiler-log
+%patch19 -p1 -b .cve20143152
# Do not need this lying about.
rm -rf src/third_party/valgrind
@@ -318,6 +324,9 @@ rm -rf %{buildroot}
%{python_sitelib}/j*.py*
%changelog
+* Thu Apr 23 2015 Tom Callaway <spot at fedoraproject.org> - 1:3.14.5.10-18
+- backport security fix for ARM - CVE-2014-3152
+
* Thu Feb 19 2015 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-17
- backports for nodejs 0.10.36
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/v8.git/commit/?h=f20&id=d4f1ff32d72846e7d453c06d5e6fc4ca8864d569
More information about the scm-commits
mailing list