From c9f3d14bc623d0c3ad44b33c298d47ff4463a137 Mon Sep 17 00:00:00 2001
From: anolis-bot <sam.zyc@alibaba-inc.com>
Date: Wed, 19 Oct 2022 09:59:48 +0800
Subject: [PATCH 1/2] update to firefox-102.3.0-7.el8_6

Signed-off-by: anolis-bot <sam.zyc@alibaba-inc.com>
---
 D158770.diff                                  | 25 ++++++
 ...refs.js => firefox-redhat-default-prefs.js |  9 +-
 firefox.spec                                  | 84 +++++++++++--------
 webrtc-nss-fix.patch                          | 25 ++++++
 4 files changed, 105 insertions(+), 38 deletions(-)
 create mode 100644 D158770.diff
 rename firefox-anolis-default-prefs.js => firefox-redhat-default-prefs.js (84%)
 create mode 100644 webrtc-nss-fix.patch

diff --git a/D158770.diff b/D158770.diff
new file mode 100644
index 0000000..1d76995
--- /dev/null
+++ b/D158770.diff
@@ -0,0 +1,25 @@
+diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c
+--- a/parser/expat/lib/xmlparse.c
++++ b/parser/expat/lib/xmlparse.c
+@@ -5652,12 +5652,18 @@
+   else
+ #endif /* XML_DTD */
+   {
+     processor = contentProcessor;
+     /* see externalEntityContentProcessor vs contentProcessor */
+-    return doContent(parser, parentParser ? 1 : 0, encoding, s, end,
+-                     nextPtr, (XML_Bool)!ps_finalBuffer);
++    result = doContent(parser, parser->m_parentParser ? 1 : 0,
++                       parser->m_encoding, s, end, nextPtr,
++                       (XML_Bool)! parser->m_parsingStatus.finalBuffer);
++    if (result == XML_ERROR_NONE) {
++      if (! storeRawNames(parser))
++        return XML_ERROR_NO_MEMORY;
++    }
++    return result;
+   }
+ }
+ 
+ static enum XML_Error PTRCALL
+ errorProcessor(XML_Parser parser,
+
diff --git a/firefox-anolis-default-prefs.js b/firefox-redhat-default-prefs.js
similarity index 84%
rename from firefox-anolis-default-prefs.js
rename to firefox-redhat-default-prefs.js
index c0e8ebf..7bf5098 100644
--- a/firefox-anolis-default-prefs.js
+++ b/firefox-redhat-default-prefs.js
@@ -14,10 +14,9 @@ pref("browser.shell.checkDefaultBrowser",   false);
 pref("network.manage-offline-status",       true);
 pref("extensions.shownSelectionUI",         true);
 pref("ui.SpellCheckerUnderlineStyle",       1);
-pref("startup.homepage_override_url",       "https://openanolis.cn/");
-pref("startup.homepage_welcome_url",        "https://openanolis.cn/");
-pref("browser.startup.homepage",            "data:text/plain,browser.startup.homepage=file:///usr/share/doc/HTML/index.html");
-pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
+pref("startup.homepage_override_url",       "http://www.redhat.com");
+pref("startup.homepage_welcome_url",        "http://www.redhat.com");
+pref("browser.startup.homepage",            "data:text/plain,browser.startup.homepage=file:///%PREFIX%/share/doc/HTML/index.html");
 pref("media.gmp-gmpopenh264.provider.enabled",false);
 pref("media.gmp-gmpopenh264.autoupdate",false);
 pref("media.gmp-gmpopenh264.enabled",false);
@@ -37,4 +36,4 @@ pref("browser.gnome-search-provider.enabled",true);
 /* Enable ffvpx playback for WebRTC */
 pref("media.navigator.mediadatadecoder_vpx_enabled", true);
 /* See https://bugzilla.redhat.com/show_bug.cgi?id=1672424 */
-pref("storage.nfs_filesystem", true);
+pref("storage.nfs_filesystem", true);
\ No newline at end of file
diff --git a/firefox.spec b/firefox.spec
index 9bf2ebb..18f4d4c 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -1,4 +1,3 @@
-%define anolis_release .0.1
 %global disable_toolsets  0
 # Produce a build suitable for release, i.e. use PGO/LTO. You can turn it off
 # when building locally to reduce build time.
@@ -17,15 +16,15 @@
 
 %{lua:
 function dist_to_rhel_minor(str, start)
-  match = string.match(str, ".module%+an8.%d+")
+  match = string.match(str, ".module%+el8.%d+")
   if match then
      return string.sub(match, 13)
   end
-  match = string.match(str, ".an8_%d+")
+  match = string.match(str, ".el8_%d+")
   if match then
      return string.sub(match, 6)
   end
-  match = string.match(str, ".an8")
+  match = string.match(str, ".el8")
   if match then
      return 7
   end
@@ -202,7 +201,7 @@ end}
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
 Version:        102.3.0
-Release:        6%{anolis_release}%{?dist}
+Release:        7%{?dist}
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 
@@ -231,7 +230,7 @@ Source1:        firefox-langpacks-%{version}%{?pre_version}-20220913.tar.xz
 Source2:        cbindgen-vendor.tar.xz
 Source3:        process-official-tarball
 Source10:       firefox-mozconfig
-Source12:       firefox-anolis-default-prefs.js
+Source12:       firefox-redhat-default-prefs.js
 Source20:       firefox.desktop
 Source21:       firefox.sh.in
 Source23:       firefox.1
@@ -290,6 +289,7 @@ Patch226:        rhbz-1354671.patch
 Patch228:        disable-openh264-download.patch
 Patch229:        firefox-nss-addon-hack.patch
 Patch230:        D110204-fscreen.diff
+Patch231:        webrtc-nss-fix.patch
 
 # Upstream patches
 Patch415:        mozilla-1670333.patch
@@ -301,6 +301,7 @@ Patch420:        mozilla-bmo998749.patch
 Patch421:        mozilla-s390x-skia-gradient.patch
 Patch422:        one_swizzle_to_rule_them_all.patch
 Patch423:        svg-rendering.patch
+Patch424:        D158770.diff
 
 # PGO/LTO patches
 Patch600:        pgo.patch
@@ -426,12 +427,12 @@ BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 
 BuildRequires:  desktop-file-utils
-Requires:       anolis-indexhtml
+Requires:       redhat-indexhtml
 
-#%if !0%{?flatpak}
+%if !0%{?flatpak}
 #TODO
-#BuildRequires:  system-bookmarks
-#%endif
+BuildRequires:  system-bookmarks
+%endif
 %if %{?system_ffi}
 BuildRequires:  pkgconfig(libffi)
 %endif
@@ -514,50 +515,66 @@ BuildRequires: gcc-toolset-12-annobin-plugin-gcc
 
 # Bundled libraries
 Provides: bundled(angle)
+Provides: bundled(audioipc-2)
+Provides: bundled(brotli)
 Provides: bundled(cairo)
+Provides: bundled(cfworker)
+Provides: bundled(d3.js)
+Provides: bundled(double-conversion)
+Provides: bundled(expat)
+Provides: bundled(fdlibm)
+Provides: bundled(ffvpx)
+Provides: bundled(freetype2)
 Provides: bundled(graphite2)
 Provides: bundled(harfbuzz)
-Provides: bundled(ots)
-Provides: bundled(sfntly)
-Provides: bundled(skia)
-Provides: bundled(thebes)
-Provides: bundled(WebRender)
-Provides: bundled(audioipc-2)
-Provides: bundled(ffvpx)
+Provides: bundled(highway)
+Provides: bundled(intgemm)
 Provides: bundled(kissfft)
 Provides: bundled(libaom)
 Provides: bundled(libcubeb)
 Provides: bundled(libdav1d)
 Provides: bundled(libjpeg)
+Provides: bundled(libjxl)
+Provides: bundled(libjxl)
+Provides: bundled(libmar)
 Provides: bundled(libmkv)
 Provides: bundled(libnestegg)
 Provides: bundled(libogg)
 Provides: bundled(libopus)
 Provides: bundled(libpng)
+Provides: bundled(libprio)
 Provides: bundled(libsoundtouch)
 Provides: bundled(libspeex_resampler)
+Provides: bundled(libsrtp)
 Provides: bundled(libtheora)
 Provides: bundled(libtremor)
 Provides: bundled(libvorbis)
 Provides: bundled(libvpx)
 Provides: bundled(libwebp)
+Provides: bundled(libwebrtc)
 Provides: bundled(libyuv)
 Provides: bundled(mp4parse-rust)
+Provides: bundled(mp4parse-rust)
+Provides: bundled(msgpack-c)
+Provides: bundled(msgpack-c)
 Provides: bundled(mtransport)
 Provides: bundled(openmax_dl)
-Provides: bundled(double-conversion)
-Provides: bundled(brotli)
-Provides: bundled(fdlibm)
-Provides: bundled(freetype2)
-Provides: bundled(libmar)
+Provides: bundled(openmax_il)
+Provides: bundled(openmax_il)
+Provides: bundled(ots)
+Provides: bundled(qcms)
+Provides: bundled(rlbox_sandboxing_api)
+Provides: bundled(sfntly)
+Provides: bundled(sipcc)
+Provides: bundled(skia)
+Provides: bundled(sqlite3)
+Provides: bundled(thebes)
+Provides: bundled(wasm2c)
+Provides: bundled(WebRender)
 Provides: bundled(woff2)
 Provides: bundled(xz-embedded)
+Provides: bundled(ycbcr)
 Provides: bundled(zlib)
-Provides: bundled(expat)
-Provides: bundled(msgpack-c)
-Provides: bundled(libprio)
-Provides: bundled(rlbox_sandboxing_api)
-Provides: bundled(sqlite3)
 
 %if 0%{?bundle_nss}
 Provides: bundled(nss) = 3.79.0
@@ -634,6 +651,7 @@ echo "use_rustts            %{?use_rustts}"
 %patch228 -p1 -b .disable-openh264-download
 %patch229 -p1 -b .firefox-nss-addon-hack
 %patch230 -p1 -b .D110204-fscreen.diff
+%patch231 -p1 -b .webrtc-nss-fix
 
 %patch415 -p1 -b .1670333
 %patch416 -p1 -b .mozilla-bmo1005535
@@ -644,6 +662,7 @@ echo "use_rustts            %{?use_rustts}"
 %patch421 -p1 -b .mozilla-s390x-skia-gradient
 %patch422 -p1 -b .one_swizzle_to_rule_them_all
 %patch423 -p1 -b .svg-rendering
+%patch424 -p1 -b .D158770.diff
 
 # PGO patches
 %if %{build_with_pgo}
@@ -1107,9 +1126,9 @@ mkdir -p test_results
 %endif
 
 # set up our default bookmarks
-#%if !0%{?flatpak}
-#%{__cp} -p %{default_bookmarks_file} objdir/dist/bin/browser/chrome/browser/content/browser/default-bookmarks.html
-#%endif
+%if !0%{?flatpak}
+%{__cp} -p %{default_bookmarks_file} objdir/dist/bin/browser/chrome/browser/content/browser/default-bookmarks.html
+%endif
 
 # Make sure locale works for langpacks
 %{__cat} > objdir/dist/bin/browser/defaults/preferences/firefox-l10n.js << EOF
@@ -1402,9 +1421,8 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------
 
 %changelog
-* Tue Sep 27 2022 Liwei Ge <geliwei@openanolis.org> - 102.3.0-6.0.1
-- Add firefox-anolis-default-prefs.js
-- Remove bookmarks
+* Tue Oct 11 2022 Jan Horak <jhorak@redhat.com> - 102.3.0-7
+- Fix for expat CVE-2022-40674 and non functional webrtc
 
 * Tue Sep 13 2022 Jan Horak <jhorak@redhat.com> - 102.3.0-6
 - Update to 102.3.0 build1
diff --git a/webrtc-nss-fix.patch b/webrtc-nss-fix.patch
new file mode 100644
index 0000000..78b458d
--- /dev/null
+++ b/webrtc-nss-fix.patch
@@ -0,0 +1,25 @@
+diff -up firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c.webrtc-fix firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c
+--- firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c.webrtc-fix	2022-10-04 18:58:30.563683229 +0200
++++ firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c	2022-10-04 18:58:44.583652963 +0200
+@@ -293,7 +293,7 @@ static srtp_err_status_t srtp_aes_gcm_ns
+ 
+     int rv;
+     SECItem param = { siBuffer, (unsigned char *)&c->params,
+-                      sizeof(CK_GCM_PARAMS) };
++                      sizeof(CK_NSS_GCM_PARAMS) };
+     if (encrypt) {
+         rv = PK11_Encrypt(c->key, CKM_AES_GCM, &param, buf, enc_len,
+                           *enc_len + 16, buf, *enc_len);
+diff -up firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h.webrtc-fix firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h
+--- firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h.webrtc-fix	2022-10-04 18:59:16.635583764 +0200
++++ firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h	2022-10-04 18:59:31.848550924 +0200
+@@ -101,7 +101,7 @@ typedef struct {
+     uint8_t iv[12];
+     uint8_t aad[MAX_AD_SIZE];
+     int aad_size;
+-    CK_GCM_PARAMS params;
++    CK_NSS_GCM_PARAMS params;
+     uint8_t tag[16];
+ } srtp_aes_gcm_ctx_t;
+ 
+diff -up firefox-102.3.0/third_party/prio/prio/encrypt.c.webrtc-fix firefox-102.3.0/third_party/prio/prio/encrypt.c
-- 
Gitee


From 5b98e0e57ea1f6d3079c36fcb92df3a4f7dbf7a9 Mon Sep 17 00:00:00 2001
From: Zhao Hang <wb-zh951434@alibaba-inc.com>
Date: Thu, 16 Dec 2021 06:12:47 +0000
Subject: [PATCH 2/2] rebrand: add firefox-anolis-default-prefs.js

---
 ...refs.js => firefox-anolis-default-prefs.js |  9 +++---
 firefox.spec                                  | 29 +++++++++++--------
 2 files changed, 22 insertions(+), 16 deletions(-)
 rename firefox-redhat-default-prefs.js => firefox-anolis-default-prefs.js (84%)

diff --git a/firefox-redhat-default-prefs.js b/firefox-anolis-default-prefs.js
similarity index 84%
rename from firefox-redhat-default-prefs.js
rename to firefox-anolis-default-prefs.js
index 7bf5098..c0e8ebf 100644
--- a/firefox-redhat-default-prefs.js
+++ b/firefox-anolis-default-prefs.js
@@ -14,9 +14,10 @@ pref("browser.shell.checkDefaultBrowser",   false);
 pref("network.manage-offline-status",       true);
 pref("extensions.shownSelectionUI",         true);
 pref("ui.SpellCheckerUnderlineStyle",       1);
-pref("startup.homepage_override_url",       "http://www.redhat.com");
-pref("startup.homepage_welcome_url",        "http://www.redhat.com");
-pref("browser.startup.homepage",            "data:text/plain,browser.startup.homepage=file:///%PREFIX%/share/doc/HTML/index.html");
+pref("startup.homepage_override_url",       "https://openanolis.cn/");
+pref("startup.homepage_welcome_url",        "https://openanolis.cn/");
+pref("browser.startup.homepage",            "data:text/plain,browser.startup.homepage=file:///usr/share/doc/HTML/index.html");
+pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
 pref("media.gmp-gmpopenh264.provider.enabled",false);
 pref("media.gmp-gmpopenh264.autoupdate",false);
 pref("media.gmp-gmpopenh264.enabled",false);
@@ -36,4 +37,4 @@ pref("browser.gnome-search-provider.enabled",true);
 /* Enable ffvpx playback for WebRTC */
 pref("media.navigator.mediadatadecoder_vpx_enabled", true);
 /* See https://bugzilla.redhat.com/show_bug.cgi?id=1672424 */
-pref("storage.nfs_filesystem", true);
\ No newline at end of file
+pref("storage.nfs_filesystem", true);
diff --git a/firefox.spec b/firefox.spec
index 18f4d4c..d5a8613 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -1,3 +1,4 @@
+%define anolis_release .0.1
 %global disable_toolsets  0
 # Produce a build suitable for release, i.e. use PGO/LTO. You can turn it off
 # when building locally to reduce build time.
@@ -16,15 +17,15 @@
 
 %{lua:
 function dist_to_rhel_minor(str, start)
-  match = string.match(str, ".module%+el8.%d+")
+  match = string.match(str, ".module%+an8.%d+")
   if match then
      return string.sub(match, 13)
   end
-  match = string.match(str, ".el8_%d+")
+  match = string.match(str, ".an8_%d+")
   if match then
      return string.sub(match, 6)
   end
-  match = string.match(str, ".el8")
+  match = string.match(str, ".an8")
   if match then
      return 7
   end
@@ -201,7 +202,7 @@ end}
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
 Version:        102.3.0
-Release:        7%{?dist}
+Release:        7%{anolis_release}%{?dist}
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 
@@ -230,7 +231,7 @@ Source1:        firefox-langpacks-%{version}%{?pre_version}-20220913.tar.xz
 Source2:        cbindgen-vendor.tar.xz
 Source3:        process-official-tarball
 Source10:       firefox-mozconfig
-Source12:       firefox-redhat-default-prefs.js
+Source12:       firefox-anolis-default-prefs.js
 Source20:       firefox.desktop
 Source21:       firefox.sh.in
 Source23:       firefox.1
@@ -427,12 +428,12 @@ BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 
 BuildRequires:  desktop-file-utils
-Requires:       redhat-indexhtml
+Requires:       anolis-indexhtml
 
-%if !0%{?flatpak}
+#%if !0%{?flatpak}
 #TODO
-BuildRequires:  system-bookmarks
-%endif
+#BuildRequires:  system-bookmarks
+#%endif
 %if %{?system_ffi}
 BuildRequires:  pkgconfig(libffi)
 %endif
@@ -1126,9 +1127,9 @@ mkdir -p test_results
 %endif
 
 # set up our default bookmarks
-%if !0%{?flatpak}
-%{__cp} -p %{default_bookmarks_file} objdir/dist/bin/browser/chrome/browser/content/browser/default-bookmarks.html
-%endif
+#%if !0%{?flatpak}
+#%{__cp} -p %{default_bookmarks_file} objdir/dist/bin/browser/chrome/browser/content/browser/default-bookmarks.html
+#%endif
 
 # Make sure locale works for langpacks
 %{__cat} > objdir/dist/bin/browser/defaults/preferences/firefox-l10n.js << EOF
@@ -1421,6 +1422,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------
 
 %changelog
+* Wed Oct 19 2022 Liwei Ge <geliwei@openanolis.org> - 102.3.0-7.0.1
+- Add firefox-anolis-default-prefs.js
+- Remove bookmarks
+
 * Tue Oct 11 2022 Jan Horak <jhorak@redhat.com> - 102.3.0-7
 - Fix for expat CVE-2022-40674 and non functional webrtc
 
-- 
Gitee