[PR PATCH] quickjs: update to 2023.12.09.

[PR PATCH] quickjs: update to 2023.12.09.

[Gottox]

[-- Attachment #1: Type: text/plain, Size: 328 bytes --]

There is a new pull request by Gottox against master on the void-packages repository

https://github.com/Gottox/void-packages quickjs-2023.12.09
https://github.com/void-linux/void-packages/pull/47661

quickjs: update to 2023.12.09.
None

A patch file from https://github.com/void-linux/void-packages/pull/47661.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-quickjs-2023.12.09-47661.patch --]
[-- Type: text/x-diff, Size: 2756 bytes --]

From 8cd95f81fce0d9b2a174313bc08c8fcd4780cc22 Mon Sep 17 00:00:00 2001
From: Enno Boland <gottox@voidlinux.org>
Date: Sat, 9 Dec 2023 15:26:41 +0100
Subject: [PATCH] quickjs: update to 2023.12.09.

---
 .../patch-gh-issue-178-cve-2023-31922.patch   | 42 -------------------
 srcpkgs/quickjs/template                      |  6 +--
 2 files changed, 3 insertions(+), 45 deletions(-)
 delete mode 100644 srcpkgs/quickjs/patches/patch-gh-issue-178-cve-2023-31922.patch

diff --git a/srcpkgs/quickjs/patches/patch-gh-issue-178-cve-2023-31922.patch b/srcpkgs/quickjs/patches/patch-gh-issue-178-cve-2023-31922.patch
deleted file mode 100644
index 754924c606394..0000000000000
--- a/srcpkgs/quickjs/patches/patch-gh-issue-178-cve-2023-31922.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 056459314305f666aee132565df710c42f41ec04 Mon Sep 17 00:00:00 2001
-From: Nick Vatamaniuc <vatamane@gmail.com>
-Date: Sun, 28 May 2023 01:50:46 -0400
-Subject: [PATCH] Fix stack overflow in CVE-2023-31922
-
-isArray and proxy isArray can call each other indefinitely in a mutually
-recursive loop.
-
-Add a stack overflow check in the js_proxy_isArray function before calling
-JS_isArray(ctx, s->target).
-
-With ASAN the the poc.js from issue 178:
-
-```
-./qjs ./poc.js
-InternalError: stack overflow
-  at isArray (native)
-  at <eval> (./poc.js:4)
-```
-
-Fix: https://github.com/bellard/quickjs/issues/178
----
- quickjs.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/quickjs.c b/quickjs.c
-index 79160139..a3b0b55f 100644
---- a/quickjs.c
-+++ b/quickjs.c
-@@ -45243,6 +45243,12 @@ static int js_proxy_isArray(JSContext *ctx, JSValueConst obj)
-     JSProxyData *s = JS_GetOpaque(obj, JS_CLASS_PROXY);
-     if (!s)
-         return FALSE;
-+
-+    if (js_check_stack_overflow(ctx->rt, 0)) {
-+        JS_ThrowStackOverflow(ctx);
-+        return -1;
-+    }
-+
-     if (s->is_revoked) {
-         JS_ThrowTypeErrorRevokedProxy(ctx);
-         return -1;
diff --git a/srcpkgs/quickjs/template b/srcpkgs/quickjs/template
index da651cba2cbc4..28e2557c42eb6 100644
--- a/srcpkgs/quickjs/template
+++ b/srcpkgs/quickjs/template
@@ -1,7 +1,7 @@
 # Template file for 'quickjs'
 pkgname=quickjs
-version=2021.03.27
-revision=4
+version=2023.12.09
+revision=1
 build_style=gnu-makefile
 make_use_env=true
 make_build_args="CONFIG_LTO="
@@ -10,7 +10,7 @@ maintainer="Leah Neukirchen <leah@vuxu.org>"
 license="MIT"
 homepage="https://bellard.org/quickjs/"
 distfiles="https://bellard.org/quickjs/quickjs-${version//./-}.tar.xz"
-checksum=a45bface4c3379538dea8533878d694e289330488ea7028b105f72572fe7fe1a
+checksum=e8afe386f875d0e52310ea91aa48e2b0e04182e821f19147794e3e272f4c8d8c
 
 if [ "$CROSS_BUILD" ]; then
 	make_build_args+=" CROSS_PREFIX=${XBPS_CROSS_TRIPLET}-"

Re: [PR PATCH] [Merged]: quickjs: update to 2023.12.09.

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 168 bytes --]

There's a merged pull request on the void-packages repository

quickjs: update to 2023.12.09.
https://github.com/void-linux/void-packages/pull/47661

Description:
None