commit mozjs102 for openSUSE:Factory

Thu, 13 Apr 2023 05:10:42 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mozjs102 for openSUSE:Factory 
checked in at 2023-04-13 14:10:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozjs102 (Old)
 and      /work/SRC/openSUSE:Factory/.mozjs102.new.19717 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mozjs102"

Thu Apr 13 14:10:03 2023 rev:10 rq:1078632 version:102.10.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozjs102/mozjs102.changes        2023-03-15 
18:54:10.204275643 +0100
+++ /work/SRC/openSUSE:Factory/.mozjs102.new.19717/mozjs102.changes     
2023-04-13 14:10:22.436167864 +0200
@@ -1,0 +2,30 @@
+Wed Apr 12 03:13:05 UTC 2023 - Bjørn Lie <bjorn....@gmail.com>
+
+- Update to version 102.10.0:
+  + Various security fixes.
+  + CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
+  + CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
+  + CVE-2023-29533: Fullscreen notification obscured
+  + MFSA-TMP-2023-0001: Double-free in libwebp
+  + CVE-2023-29535: Potential Memory Corruption following Garbage
+    Collector compaction
+  + CVE-2023-29536: Invalid free from JavaScript code
+  + CVE-2023-29539: Content-Disposition filename truncation leads
+    to Reflected File Download
+  + CVE-2023-29541: Files with malicious extensions could have been
+    downloaded unsafely on Linux
+  + CVE-2023-29542: Bypass of file download extension restrictions
+  + CVE-2023-29545: Windows Save As dialog resolved environment
+    variables
+  + CVE-2023-1945: Memory Corruption in Safe Browsing Code
+  + CVE-2023-29548: Incorrect optimization result on ARM64
+  + CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and
+    Firefox ESR 102.10
+
+-------------------------------------------------------------------
+Fri Apr  7 09:22:05 UTC 2023 - Bjørn Lie <bjorn....@gmail.com>
+
+- Replace clang-devel and llvm-devel with clang and llvm-gold
+  BuildRequires.
+
+-------------------------------------------------------------------

Old:
----
  firefox-102.9.0esr.source.tar.xz
  firefox-102.9.0esr.source.tar.xz.asc

New:
----
  firefox-102.10.0esr.source.tar.xz
  firefox-102.10.0esr.source.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozjs102.spec ++++++
--- /var/tmp/diff_new_pack.4i185n/_old  2023-04-13 14:10:28.624203395 +0200
+++ /var/tmp/diff_new_pack.4i185n/_new  2023-04-13 14:10:28.628203417 +0200
@@ -39,7 +39,7 @@
 %global big_endian 1
 %endif
 Name:           mozjs%{major}
-Version:        102.9.0
+Version:        102.10.0
 Release:        1%{?dist}
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0
@@ -72,12 +72,12 @@
 BuildRequires:  autoconf213
 BuildRequires:  cargo
 BuildRequires:  ccache
-BuildRequires:  clang-devel
+BuildRequires:  clang
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
 BuildRequires:  llvm
-BuildRequires:  llvm-devel
+BuildRequires:  llvm-gold
 BuildRequires:  nasm
 BuildRequires:  pkgconfig
 BuildRequires:  python3-devel

++++++ firefox-102.9.0esr.source.tar.xz -> firefox-102.10.0esr.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/mozjs102/firefox-102.9.0esr.source.tar.xz 
/work/SRC/openSUSE:Factory/.mozjs102.new.19717/firefox-102.10.0esr.source.tar.xz
 differ: char 16, line 1

Reply via email to