Hello Jeremy, or anyone else affected, Accepted gjs into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gjs/1.74.0-0ubuntu1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: gjs (Ubuntu Jammy) Status: New => Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gjs in Ubuntu. https://bugs.launchpad.net/bugs/1993214 Title: [jammy] Update gjs to 1.74 using mozjs102 102.3 Status in gjs package in Ubuntu: Confirmed Status in mozjs102 package in Ubuntu: Confirmed Status in gjs source package in Jammy: Fix Committed Status in mozjs102 source package in Jammy: Fix Committed Bug description: Impact ------ GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year. This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10. This will be done as a Security Update. Updating mozjs in stable Ubuntu releases was recommended when Ubuntu first switched back to GNOME, but this is the first time it's been done. Security Impact --------------- I looked through https://github.com/mozilla/gecko-dev/commits/esr102/js and searched for referenced bug numbers in https://www.mozilla.org/en-US/security/advisories/ for Firefox ESR releases since Ubuntu's 91.10 and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE issued) mentioned at https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/ Uploaded Packages ----------------- We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe. And we'll update gjs. No other packages need to be updated for this change. mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it. Test Case --------- https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs Security Sponsoring ------------------- sudo apt install git-buildpackage gbp clone https://salsa.debian.org/gnome-team/gjs cd gjs git checkout ubuntu/jammy gbp buildpackage --git-builder="debuild -S -nc" mkdir ../tarballs; cd ../tarballs pull-lp-source mozjs102 kinetic cd .. gbp clone https://salsa.debian.org/gnome-team/mozjs cd mozjs git checkout ubuntu/102/jammy gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs # That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while. Initial Testing Done -------------------- I built the packages in my PPA. I installed the packages on Ubuntu 22.04 LTS and successfully completed the Test Case. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gjs/+bug/1993214/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
