- Mozilla Firefox 113.0

* https://www.mozilla.org/en-US/firefox/113.0/releasenotes MFSA 2023-16 (bsc#1211175) * CVE-2023-32205 (bmo#1753339, bmo#1753341) Browser prompts could have been obscured by popups * CVE-2023-32206 (bmo#1824892) Crash in RLBox Expat driver * CVE-2023-32207 (bmo#1826116) Potential permissions request bypass via clickjacking * CVE-2023-32208 (bmo#1646034) Leak of script base URL in service workers via import() * CVE-2023-32209 (bmo#1767194) Persistent DoS via favicon image * CVE-2023-32210 (bmo#1776755) Incorrect principal object ordering * CVE-2023-32211 (bmo#1823379) Content process crash due to invalid wasm code * CVE-2023-32212 (bmo#1826622) Potential spoof due to obscured address bar * CVE-2023-32213 (bmo#1826666) Potential memory corruption in FileReader::DoReadData() * MFSA-TMP-2023-0002 (bmo#1814560, bmo#1814790, bmo#1819796) Race condition in dav1d decoding * CVE-2023-32214 (bmo#1828716) Potential DoS via exposed protocol handlers * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210, bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359, bmo#1830186) Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 * CVE-2023-32216 (bmo#1746479, bmo#1806852, bmo#1815987, OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1059
2023-05-10 06:26:50 +00:00 · 2023-05-10 06:26:50 +00:00 · f16518afb3
commit f16518afb3
parent 4ae7064205
11 changed files with 103 additions and 66 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Tue May  9 21:12:38 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 113.0
+  * https://www.mozilla.org/en-US/firefox/113.0/releasenotes
+  MFSA 2023-16 (bsc#1211175)
+  * CVE-2023-32205 (bmo#1753339, bmo#1753341)
+    Browser prompts could have been obscured by popups
+  * CVE-2023-32206 (bmo#1824892)
+    Crash in RLBox Expat driver
+  * CVE-2023-32207 (bmo#1826116)
+    Potential permissions request bypass via clickjacking
+  * CVE-2023-32208 (bmo#1646034)
+    Leak of script base URL in service workers via import()
+  * CVE-2023-32209 (bmo#1767194)
+    Persistent DoS via favicon image
+  * CVE-2023-32210 (bmo#1776755)
+    Incorrect principal object ordering
+  * CVE-2023-32211 (bmo#1823379)
+    Content process crash due to invalid wasm code
+  * CVE-2023-32212 (bmo#1826622)
+    Potential spoof due to obscured address bar
+  * CVE-2023-32213 (bmo#1826666)
+    Potential memory corruption in FileReader::DoReadData()
+  * MFSA-TMP-2023-0002 (bmo#1814560, bmo#1814790, bmo#1819796)
+    Race condition in dav1d decoding
+  * CVE-2023-32214 (bmo#1828716)
+    Potential DoS via exposed protocol handlers
+  * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210,
+    bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359,
+    bmo#1830186)
+    Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
+  * CVE-2023-32216 (bmo#1746479, bmo#1806852, bmo#1815987,
+    bmo#1820359, bmo#1823568, bmo#1824803, bmo#1824834, bmo#1825170,
+    bmo#1827020, bmo#1828130)
+    Memory safety bugs fixed in Firefox 113
+- removed obsolete mozilla-bmo1568145.patch
+
 -------------------------------------------------------------------
 Sun May  7 19:47:00 UTC 2023 - Aaron Puchert <aaronpuchert@alice-dsl.net>

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -28,9 +28,9 @@
 # orig_suffix b3
 # major 69
 # mainver %%major.99
-%define major          112
-%define mainver        %major.0.2
-%define orig_version   112.0.2
+%define major          113
+%define mainver        %major.0
+%define orig_version   113.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@ -220,20 +220,19 @@ Patch6:         mozilla-s390-context.patch
 Patch7:         mozilla-pgo.patch
 Patch8:         mozilla-reduce-rust-debuginfo.patch
 Patch9:         mozilla-bmo1005535.patch
-Patch10:        mozilla-bmo1568145.patch
-Patch11:        mozilla-bmo1504834-part1.patch
-Patch13:        mozilla-bmo1504834-part3.patch
-Patch14:        mozilla-bmo1512162.patch
-Patch15:        mozilla-fix-top-level-asm.patch
-Patch17:        mozilla-bmo849632.patch
-Patch18:        mozilla-bmo998749.patch
-Patch20:        mozilla-s390x-skia-gradient.patch
-Patch21:        mozilla-libavcodec58_91.patch
-Patch22:        mozilla-silence-no-return-type.patch
-Patch23:        mozilla-bmo531915.patch
-Patch25:        one_swizzle_to_rule_them_all.patch
-Patch26:        svg-rendering.patch
-Patch27:        mozilla-buildfixes.patch
+Patch10:        mozilla-bmo1504834-part1.patch
+Patch11:        mozilla-bmo1504834-part3.patch
+Patch12:        mozilla-bmo1512162.patch
+Patch13:        mozilla-fix-top-level-asm.patch
+Patch14:        mozilla-bmo849632.patch
+Patch15:        mozilla-bmo998749.patch
+Patch16:        mozilla-s390x-skia-gradient.patch
+Patch17:        mozilla-libavcodec58_91.patch
+Patch18:        mozilla-silence-no-return-type.patch
+Patch19:        mozilla-bmo531915.patch
+Patch20:        one_swizzle_to_rule_them_all.patch
+Patch21:        svg-rendering.patch
+Patch22:        mozilla-buildfixes.patch
 # Firefox/browser
 Patch101:       firefox-kde.patch
 Patch102:       firefox-branded-icons.patch
--- a/firefox-112.0.2.source.tar.xz
+++ b/firefox-112.0.2.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e6a4819a3b82b1ca6c45296e50e6c9ab653306eeb540e50ba8683e339565992e
-size 504773576
--- a/firefox-112.0.2.source.tar.xz.asc
+++ b/firefox-112.0.2.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmRGjd4ACgkQ6+QekPbx
-L23SBQ//RPY7WWltyiYjbLBgpb/PusAkDlsQbLFymkX3teSoiWstGjOjvKCUB9es
-Ryg7e2k52K9FF1Tj1RnpZm5AezHofkwjgQEGxMqyko2imikpv75/xiMdsqoy6lDV
-uYDgkBO9FFNf5L6ESDtadrE3q1btK0xwesJVd9qT8HSIdVEYd5P6dsecIBC6BTD/
-slyTrzs+RBaDjtK+NkzqkIpHJbxNYUWW+7+Jpm6OT2QvEKSTES8HfiJkEzhixsif
-HGDEbTVWnGqKGL9zjqgiilWhIIQtXP+BPCCbGJTq4p2RxE5rUrelfOz3tngHfaaI
-ZVNY27h8iDYWGjODiZIpM46MIZ4+53YdSAe4uwvKP7uDWOKRNY/N4jxa4DLaE4QN
-ElKLde0w+G8kRyDnI6tB4+PbcHYm0rjIdPyhez0PZU0SgZFcHZJ2Y8jDh7iBJsXW
-LGgKCV1fw/3TnZoe8EgA9v7EdMcD0QvQQiDbBcFq5LqvINSI2U8mEG17ABjomqX2
-myQB6/oks9nhaEys7h+j1vFYTEKyRz3sAZmeEB9OZkXwZNUzZPShKj/QDUAjb+vC
-nCqvUcBdkZXdTry6tdoUiclzl4hxkqC+ppSc1PcqR8MsMwa2D5lR0enbiALXoNqr
-KSGUmRGhNGOm3+1VqfshdBGYPiv4U4VvMNwzPBoXMl21zH+it58=
-=BPGw
-----END PGP SIGNATURE-----
--- a/firefox-113.0.source.tar.xz
+++ b/firefox-113.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7a266044cb9d0c63079b3453507ea0c80a23389f4cbf6a4f6fd15146c6072627
+size 499018844
--- a/firefox-113.0.source.tar.xz.asc
+++ b/firefox-113.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmRULscACgkQ6+QekPbx
+L21qIA/+OPp8dofIkpSVDhSgTJYUkH43MZNfZg+niFA/c/kwMPmKdZMVAZ15hLp9
+hSqpt6+Jb1fpUWVYWGFcG6wZurFX1xQeUVxb0xCnx0IS6HJrWJmr29KcrPr6nry
+R61MA4e4q91r4nf9WDmvuqcbYIuWcCXDCfOlan7zMupdqW+JN4/2nhtJ1QN8+sf5
+J/ITe0WbvmxXpiJ0zRCpWIGjo7tLrJxl07REEKrheTSV3yqQL8bIa0846+uHoUeu
+Gje8ET5YA3JM5xhcL8oneVNuCZoS901JryCjdOZ4oCqSSHskpEBST4ywpvT4rTT/
+x5WbZ5GJEZDuMq1lVD0SVaLp5bTPwLnGvWEuACWE2KQdb19fZTPHFfHsHZ//npWs
+V5b1MMpGz8HI2xRwvH/AlSMk9bEjdSCeYfLCAOv9lKXQO67m0YQeYOLSbnHUugEZ
+F2IfhQDffUvKXylWZ2Yh/hAJluZsAKD+SKG0Ulmg32vvkOtr+2K9J90pZP8P7WUV
+5ZlEJWcgQ6blzigxldj/0XTNLXX4f7zQYUjn1DSnKmbFNCDM9mAXgnW10SUDqZmj
+bfgJLM+YVeZCa6YLUUwcVwlkSv5NsDQKg8fJkkTSDPdx6rz0UOADIgRP5BphhXOW
+I2zteba5tFpuNKUDgoFugSJLK99bbn3LlOvTdErieyrmlxsPTck=
+=bUdI
+-----END PGP SIGNATURE-----
--- a/l10n-112.0.2.tar.xz
+++ b/l10n-112.0.2.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bfcb9aa86f10704616f8537774856f96ea5b8d5d609d4cea9c623a3ac3e9f96f
-size 50942092
--- a/l10n-113.0.tar.xz
+++ b/l10n-113.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cb3fecd9caf154ac43451927c567b6d6ca50ccabe55cba63801a761ac06ee6f2
+size 30791208
--- a/mozilla-kde.patch
+++ b/mozilla-kde.patch
@ -3,7 +3,7 @@
 # Date 1559294891 -7200
 #      Fri May 31 11:28:11 2019 +0200
 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112
-# Parent  b6b4d42b51c6a815116505bf7e9b34a5e2f0c65b
+# Parent  4f8492f0f4bfa17f5b4523a1cdda15a45e3d74d3
 Description: Add KDE integration to Firefox (toolkit parts)
 Author: Wolfgang Rosenauer <wolfgang@rosenauer.org>
 Author: Lubos Lunak <lunak@suse.com>
@ -13,7 +13,7 @@ Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=140751
 diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
 --- a/modules/libpref/Preferences.cpp
 +++ b/modules/libpref/Preferences.cpp
-@@ -90,16 +90,17 @@
+@@ -91,16 +91,17 @@
 #include "plstr.h"
 #include "prdtoa.h"
 #include "prlink.h"
@ -31,7 +31,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
 #ifdef MOZ_MEMORY
 #  include "mozmemory.h"
 #endif
-@@ -4908,16 +4909,27 @@ nsresult Preferences::InitInitialObjects
+@@ -4907,16 +4908,27 @@ nsresult Preferences::InitInitialObjects
     "unix.js"
 #  if defined(_AIX)
     ,
@ -59,7 +59,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
 
   // Load jar:$app/omni.jar!/defaults/preferences/*.js
   // or jar:$gre/omni.jar!/defaults/preferences/*.js.
-@@ -4982,17 +4994,17 @@ nsresult Preferences::InitInitialObjects
+@@ -4981,17 +4993,17 @@ nsresult Preferences::InitInitialObjects
       }
 
       nsCOMPtr<nsIFile> path = do_QueryInterface(elem);
@ -105,7 +105,7 @@ diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build
 diff --git a/python/mozbuild/mozpack/chrome/flags.py b/python/mozbuild/mozpack/chrome/flags.py
 --- a/python/mozbuild/mozpack/chrome/flags.py
 +++ b/python/mozbuild/mozpack/chrome/flags.py
-@@ -228,16 +228,17 @@ class Flags(OrderedDict):
+@@ -229,16 +229,17 @@ class Flags(OrderedDict):
         "os": StringFlag,
         "osversion": VersionFlag,
         "abi": StringFlag,
@ -126,7 +126,7 @@ diff --git a/python/mozbuild/mozpack/chrome/flags.py b/python/mozbuild/mozpack/c
 diff --git a/python/mozbuild/mozpack/chrome/manifest.py b/python/mozbuild/mozpack/chrome/manifest.py
 --- a/python/mozbuild/mozpack/chrome/manifest.py
 +++ b/python/mozbuild/mozpack/chrome/manifest.py
-@@ -37,16 +37,17 @@ class ManifestEntry(object):
+@@ -38,16 +38,17 @@ class ManifestEntry(object):
         "os",
         "osversion",
         "abi",
@ -749,14 +749,14 @@ new file mode 100644
 diff --git a/uriloader/exthandler/HandlerServiceParent.cpp b/uriloader/exthandler/HandlerServiceParent.cpp
 --- a/uriloader/exthandler/HandlerServiceParent.cpp
 +++ b/uriloader/exthandler/HandlerServiceParent.cpp
-@@ -7,17 +7,17 @@
- #include "mozilla/ipc/ProtocolUtils.h"
- #include "mozilla/Logging.h"
- #include "HandlerServiceParent.h"
- #include "nsIHandlerService.h"
- #include "nsIMIMEInfo.h"
+@@ -13,17 +13,17 @@
 #include "ContentHandlerService.h"
+ #include "nsIExternalProtocolService.h"
 #include "nsStringEnumerator.h"
+ #include "nsIMutableArray.h"
+ #include "nsCExternalHandlerService.h"
+ #include "nsComponentManagerUtils.h"
+ #include "nsServiceManagerUtils.h"
 #ifdef MOZ_WIDGET_GTK
 -#  include "unix/nsGNOMERegistry.h"
 +#  include "unix/nsCommonRegistry.h"
@ -768,7 +768,7 @@ diff --git a/uriloader/exthandler/HandlerServiceParent.cpp b/uriloader/exthandle
 using mozilla::dom::RemoteHandlerApp;
 
 namespace {
-@@ -300,17 +300,17 @@ mozilla::ipc::IPCResult HandlerServicePa
+@@ -306,17 +306,17 @@ mozilla::ipc::IPCResult HandlerServicePa
     const nsACString& aProtocolScheme, bool* aHandlerExists) {
   if (aProtocolScheme.Length() > MAX_SCHEME_LENGTH) {
     *aHandlerExists = false;
--- a/mozilla-silence-no-return-type.patch
+++ b/mozilla-silence-no-return-type.patch
@ -1,10 +1,10 @@
 # HG changeset patch
-# Parent  6bace0b1d6e9c82e8d3f557cac1a4bcc10ec9c13
+# Parent  2f49ea20acb4b0e890ae49f4833ac9d69b7e800c

 diff --git a/Cargo.lock b/Cargo.lock
 --- a/Cargo.lock
 +++ b/Cargo.lock
-@@ -2370,18 +2370,16 @@ name = "glsl-to-cxx"
+@@ -2254,18 +2254,16 @@ name = "glsl-to-cxx"
 version = "0.1.0"
 dependencies = [
  "glsl",
@ -26,24 +26,24 @@ diff --git a/Cargo.lock b/Cargo.lock
 diff --git a/Cargo.toml b/Cargo.toml
 --- a/Cargo.toml
 +++ b/Cargo.toml
-@@ -161,16 +161,17 @@ chardetng_c = { git = "https://github.co
+@@ -157,16 +157,17 @@ chardetng = { git = "https://github.com/
+ chardetng_c = { git = "https://github.com/hsivonen/chardetng_c", rev="ed8a4c6f900a90d4dbc1d64b856e61490a1c3570" }
 coremidi = { git = "https://github.com/chris-zen/coremidi.git", rev="fc68464b5445caf111e41f643a2e69ccce0b4f83" }
 firefox-on-glean = { path = "toolkit/components/glean/api" }
 libudev-sys = { path = "dom/webauthn/libudev-sys" }
 packed_simd = { package = "packed_simd_2", git = "https://github.com/hsivonen/packed_simd", rev="412f9a0aa556611de021bde89dee8fefe6e0fbbd" }
 midir = { git = "https://github.com/mozilla/midir.git", rev = "519e651241e867af3391db08f9ae6400bc023e18" }
- minidump-writer = { git = "https://github.com/rust-minidump/minidump-writer.git", rev = "7d76616d27b9dc87fe3a94639b8b4f947d52a6aa" }
 # warp 0.3.3 + https://github.com/seanmonstar/warp/pull/1007
 warp = { git = "https://github.com/glandium/warp", rev = "4af45fae95bc98b0eba1ef0db17e1dac471bb23d" }
 +glslopt = { path = "third_party/rust/glslopt/" }
 
- cssparser = { git = "https://github.com/servo/rust-cssparser", rev = "b196a164dcbb317016d4aa6c58c13147e6045ebb" }
+ cssparser = { git = "https://github.com/servo/rust-cssparser", rev = "45bc47e2bcb846f1efb5aea156be5fe7d18624bf" }
 
 # application-services overrides to make updating them all simpler.
- interrupt-support = { git = "https://github.com/mozilla/application-services", rev = "fe2867dbe82a2aaa85a856648107be94b1534683" }
- sql-support = { git = "https://github.com/mozilla/application-services", rev = "fe2867dbe82a2aaa85a856648107be94b1534683" }
- sync15 = { git = "https://github.com/mozilla/application-services", rev = "fe2867dbe82a2aaa85a856648107be94b1534683" }
- tabs = { git = "https://github.com/mozilla/application-services", rev = "fe2867dbe82a2aaa85a856648107be94b1534683" }
+ interrupt-support = { git = "https://github.com/mozilla/application-services", rev = "86c84c217036c12283d19368867323a66bf35883" }
+ sql-support = { git = "https://github.com/mozilla/application-services", rev = "86c84c217036c12283d19368867323a66bf35883" }
+ sync15 = { git = "https://github.com/mozilla/application-services", rev = "86c84c217036c12283d19368867323a66bf35883" }
+ tabs = { git = "https://github.com/mozilla/application-services", rev = "86c84c217036c12283d19368867323a66bf35883" }
 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h
 --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h
 +++ b/gfx/skia/skia/include/codec/SkEncodedOrigin.h
@ -2204,7 +2204,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_imp
 
 // Maximum lengths that frame of samples being passed from the render side to
 // the capture side can have (does not apply to AEC3).
-@@ -1982,16 +1983,17 @@ void AudioProcessingImpl::InitializeNois
+@@ -1989,16 +1990,17 @@ void AudioProcessingImpl::InitializeNois
             case NoiseSuppresionConfig::kModerate:
               return NsConfig::SuppressionLevel::k12dB;
             case NoiseSuppresionConfig::kHigh:
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="112.0.2"
+VERSION="113.0"
 VERSION_SUFFIX=""
-PREV_VERSION="112.0.1"
+PREV_VERSION="112.0.2"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="50d8cc21a93a1343250b71090f4a9c9fee37091c"
-RELEASE_TIMESTAMP="20230424110519"
+RELEASE_TAG="484eaf4a955245421f5b6a29a4f7cf28a2a2dc1d"
+RELEASE_TIMESTAMP="20230504192738"