From e5ea77c89aca921f2fe57dc252518c7683b325ef Mon Sep 17 00:00:00 2001
From: lvfei <lvfei@kylinos.cn>
Date: Fri, 1 Nov 2024 16:42:52 +0800
Subject: [PATCH] CVE-2021-29970

---
 CVE-2021-29970.patch | 41 +++++++++++++++++++++++++++++++++++++++++
 firefox.spec         |  7 ++++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2021-29970.patch

diff --git a/CVE-2021-29970.patch b/CVE-2021-29970.patch
new file mode 100644
index 0000000..90dd422
--- /dev/null
+++ b/CVE-2021-29970.patch
@@ -0,0 +1,41 @@
+From 454d20cad04692c443e7a66dd53f0918b22a5638 Mon Sep 17 00:00:00 2001
+From: Eitan Isaacson <eitan@monotonous.org>
+Date: Tue, 08 Jun 2021 22:21:05 +0000 (2021-06-09)
+Subject: [PATCH] CVE-2021-29970
+
+---
+ accessible/base/SelectionManager.cpp | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/accessible/base/SelectionManager.cpp b/accessible/base/SelectionManager.cpp
+index 5b37cf1528..c86841d20c 100644
+--- a/accessible/base/SelectionManager.cpp
++++ b/accessible/base/SelectionManager.cpp
+@@ -101,6 +101,24 @@ void SelectionManager::RemoveDocSelectionListener(PresShell* aPresShell) {
+   // selection.
+   Selection* spellSel = frameSel->GetSelection(SelectionType::eSpellCheck);
+   spellSel->RemoveSelectionListener(this);
++  
++  if (mCurrCtrlNormalSel) {
++    if (mCurrCtrlNormalSel->GetPresShell() == aPresShell) {
++      // Remove 'this' registered as selection listener for the normal selection
++      // if we are removing listeners for its PresShell.
++      mCurrCtrlNormalSel->RemoveSelectionListener(this);
++      mCurrCtrlNormalSel = nullptr;
++    }
++  }
++
++  if (mCurrCtrlSpellSel) {
++    if (mCurrCtrlSpellSel->GetPresShell() == aPresShell) {
++      // Remove 'this' registered as selection listener for the spellcheck
++      // selection if we are removing listeners for its PresShell.
++      mCurrCtrlSpellSel->RemoveSelectionListener(this);
++      mCurrCtrlSpellSel = nullptr;
++    }
++  }
+ }
+ 
+ void SelectionManager::ProcessTextSelChangeEvent(AccEvent* aEvent) {
+-- 
+2.27.0
+
diff --git a/firefox.spec b/firefox.spec
index 62a192e..6b7945b 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -88,7 +88,7 @@
 Summary:             Mozilla Firefox Web browser
 Name:                firefox
 Version:             79.0
-Release:             32
+Release:             33
 URL:                 https://www.mozilla.org/firefox/
 License:             MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:             https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@@ -213,6 +213,7 @@ Patch669:            CVE-2021-23998.patch
 Patch670:            CVE-2022-29912.patch
 Patch671:            CVE-2024-0745.patch
 Patch672:            CVE-2023-1945.patch
+Patch673:            CVE-2021-29970.patch
 
 %if %{?system_nss}
 BuildRequires:       pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
@@ -420,6 +421,7 @@ tar -xf %{SOURCE3}
 %patch670 -p1
 %patch671 -p1
 %patch672 -p1
+%patch673 -p1
 
 %{__rm} -f .mozconfig
 %{__cp} %{SOURCE10} .mozconfig
@@ -868,6 +870,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif
 
 %changelog
+* Fri Nov 01 2024 lvfei <lvfei@kylinos.cn> - 79.0-33
+- Fix CVE-2021-29970
+
 * Wed Aug 14 2024 happyworker <208suo@208suo.com> - 79.0-32
 - Fix CVE-2023-1945
 
-- 
Gitee