Hello community, here is the log from the commit of package mozjs68 for openSUSE:Factory checked in at 2020-06-11 09:58:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old) and /work/SRC/openSUSE:Factory/.mozjs68.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozjs68" Thu Jun 11 09:58:47 2020 rev:6 rq:811796 version:68.9.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes 2020-05-14 23:23:35.784824108 +0200 +++ /work/SRC/openSUSE:Factory/.mozjs68.new.3606/mozjs68.changes 2020-06-11 09:59:11.818097679 +0200 @@ -1,0 +2,25 @@ +Fri Jun 5 09:41:37 UTC 2020 - Bjørn Lie <[email protected]> + +- Update to version 68.9.0esr: + * CVE-2020-12399: Timing attack on DSA signatures in NSS library + * CVE-2020-12405: Use-after-free in SharedWorkerService + * CVE-2020-12406: JavaScript Type confusion with NativeTypes + * CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and + Firefox ESR 68.9 +- Changes from version 68.8.0esr: + * CVE-2020-12387: Use-after-free during worker shutdown + * CVE-2020-12388: Sandbox escape with improperly guarded Access + Tokens + * CVE-2020-12389: Sandbox escape with improperly separated + process types + * CVE-2020-6831: Buffer overflow in SCTP chunk input validation + * CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' + * CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully + escape website-controlled data, potentially leading to command + injection + * CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and + Firefox ESR 68.8 +- Drop gcc10-include-fix.patch: Fixed upstream. +- Add Drop_backwards_test-Nuuk.patch: This is now Nuuk in tzdata. + +------------------------------------------------------------------- Old: ---- firefox-68.7.0esr.source.tar.xz gcc10-include-fix.patch New: ---- Drop_backwards_test-Nuuk.patch firefox-68.9.0esr.source.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozjs68.spec ++++++ --- /var/tmp/diff_new_pack.wFwUrr/_old 2020-06-11 09:59:16.154111614 +0200 +++ /var/tmp/diff_new_pack.wFwUrr/_new 2020-06-11 09:59:16.154111614 +0200 @@ -18,7 +18,7 @@ %global major 68 Name: mozjs%{major} -Version: 68.7.0 +Version: 68.9.0 Release: 0 Summary: MozJS, or SpiderMonkey, is Mozilla's JavaScript engine written in C and C++ License: MPL-2.0 @@ -37,9 +37,9 @@ Patch8: TestingFunctions-Update-ICU-s-default-tz-when-setting-TZ.patch Patch9: Skip-time-zone-tests-that-fails-with-system-ICU.patch Patch10: Skip-tests-expected-fail-i586-ppc64.patch -Patch11: gcc10-include-fix.patch Patch12: mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch Patch13: Remove-unused-LLVM-and-Rust-build-dependencies.patch +Patch14: Drop_backwards_test-Nuuk.patch BuildRequires: autoconf213 BuildRequires: gcc-c++ ++++++ Drop_backwards_test-Nuuk.patch ++++++ --- firefox-68.9.0-orig/js/src/tests/non262/Intl/DateTimeFormat/timeZone_backward_links.js 2020-05-28 02:01:51.000000000 +0200 +++ firefox-68.9.0/js/src/tests/non262/Intl/DateTimeFormat/timeZone_backward_links.js 2020-06-05 13:38:22.645892749 +0200 @@ -17,7 +17,6 @@ "America/Catamarca": "America/Argentina/Catamarca", "America/Cordoba": "America/Argentina/Cordoba", "America/Fort_Wayne": "America/Indiana/Indianapolis", - "America/Godthab": "America/Nuuk", "America/Indianapolis": "America/Indiana/Indianapolis", "America/Jujuy": "America/Argentina/Jujuy", "America/Knox_IN": "America/Indiana/Knox", ++++++ firefox-68.7.0esr.source.tar.xz -> firefox-68.9.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/mozjs68/firefox-68.7.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.mozjs68.new.3606/firefox-68.9.0esr.source.tar.xz differ: char 15, line 1
