From aebd730b24d2d49aaea66f61da3ce7e24e40b5e0 Mon Sep 17 00:00:00 2001
From: peng2285 <jiangpeng01@ncti-gba.cn>
Date: Fri, 13 Jan 2023 10:35:41 +0800
Subject: [PATCH] fix CVE-2022-43680

---
 expat-CVE-2022-43680.patch | 17 +++++++++++++++++
 firefox.spec               |  7 ++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 expat-CVE-2022-43680.patch

diff --git a/expat-CVE-2022-43680.patch b/expat-CVE-2022-43680.patch
new file mode 100644
index 0000000..e5e42dd
--- /dev/null
+++ b/expat-CVE-2022-43680.patch
@@ -0,0 +1,17 @@
+--- firefox-79.0/parser/expat/lib/xmlparse.c.cve-2022-43680	2022-11-18 10:00:58.441551281 +0800
++++ firefox-79.0/parser/expat/lib/xmlparse.c	2022-11-18 10:05:30.523029488 +0800
+@@ -1004,6 +1004,14 @@ parserCreate(const XML_Char *encodingNam
+   parserInit(parser, encodingName);
+ 
+   if (encodingName && !protocolEncodingName) {
++    if (dtd) {
++      // We need to stop the upcoming call to XML_ParserFree from happily
++      // destroying parser->m_dtd because the DTD is shared with the parent
++      // parser and the only guard that keeps XML_ParserFree from destroying
++      // parser->m_dtd is parser->m_isParamEntity but it will be set to
++      // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
++      parser->m_dtd = NULL;
++    }
+     XML_ParserFree(parser);
+     return NULL;
+   }
diff --git a/firefox.spec b/firefox.spec
index 80913a4..89cc6dc 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -88,7 +88,7 @@
 Summary:             Mozilla Firefox Web browser
 Name:                firefox
 Version:             79.0
-Release:             13
+Release:             14
 URL:                 https://www.mozilla.org/firefox/
 License:             MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:             https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@@ -189,6 +189,7 @@ Patch644:            Deny-clone3-to-force-glibc-fallback.patch
 Patch645:            0001-fix-wl_proxy_marshal_flags.patch
 Patch646:            0002-fix-from-collections-import-Iterable.patch
 Patch647:            fix-attribute-error-module-distutils-has-no-attribute-sysconfig.patch
+Patch648:            expat-CVE-2022-43680.patch
 
 %if %{?system_nss}
 BuildRequires:       pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
@@ -371,6 +372,7 @@ tar -xf %{SOURCE3}
 %patch645 -p1
 %patch646 -p1
 %patch647 -p1
+%patch648 -p1
 
 %{__rm} -f .mozconfig
 %{__cp} %{SOURCE10} .mozconfig
@@ -813,6 +815,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif
 
 %changelog
+* Fri Jan 13 2023 jiangpeng <jiangpeng01@ncti-gba.cn> - 79.0-14
+- fix CVE-2022-43680
+
 * Thu Jul 21 2022 xu_ping <xuping33@h-partners.com> - 79.0-13
 - Fix attribute error module distutils has no attribute sysconfig
 
-- 
Gitee