commit mozjs68 for openSUSE:Factory
Hello community, here is the log from the commit of package mozjs68 for openSUSE:Factory checked in at 2020-10-24 15:14:10 Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old) and /work/SRC/openSUSE:Factory/.mozjs68.new.3463 (New) Package is "mozjs68" Sat Oct 24 15:14:10 2020 rev:10 rq:843022 version:68.12.0 Changes: --- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes 2020-09-09 17:46:27.930403349 +0200 +++ /work/SRC/openSUSE:Factory/.mozjs68.new.3463/mozjs68.changes 2020-10-24 15:14:18.716016154 +0200 @@ -1,0 +2,5 @@ +Tue Oct 20 18:16:58 UTC 2020 - Stefan Brüns + +- Increase disk constraints to 9G, x86_64 uses ~8.7G currently + +--- Other differences: -- ++ _constraints ++ --- /var/tmp/diff_new_pack.D5nNiJ/_old 2020-10-24 15:14:20.320018154 +0200 +++ /var/tmp/diff_new_pack.D5nNiJ/_new 2020-10-24 15:14:20.324018160 +0200 @@ -2,7 +2,7 @@ - 8 + 9 4
commit mozjs68 for openSUSE:Factory
Hello community,
here is the log from the commit of package mozjs68 for openSUSE:Factory checked
in at 2020-09-09 17:46:02
Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old)
and /work/SRC/openSUSE:Factory/.mozjs68.new.3399 (New)
Package is "mozjs68"
Wed Sep 9 17:46:02 2020 rev:9 rq:832496 version:68.12.0
Changes:
--- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes 2020-09-03
01:11:51.644421115 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs68.new.3399/mozjs68.changes
2020-09-09 17:46:27.930403349 +0200
@@ -1,0 +2,33 @@
+Fri Sep 4 19:20:27 UTC 2020 - Bjørn Lie
+
+- Update to version 68.12.0esr:
+ * CVE-2020-15663: Downgrade attack on the Mozilla Maintenance
+Service could have resulted in escalation of privilege.
+ * CVE-2020-15664: Attacker-induced prompt for extension
+installation.
+ * CVE-2020-15669: Use-After-Free when aborting an operation.
+- Changes from version 68.11.0esr:
+ * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and
+Firefox ESR 68.11.
+ * CVE-2020-15649: Exfiltrating local files through malicious file
+picker application.
+ * CVE-2020-15650: Overwriting local files through malicious file
+picker application.
+ * CVE-2020-6463: Use-after-free in ANGLE
+gl::Texture::onUnbindAsSamplerTexture.
+ * CVE-2020-6514: WebRTC data channel leaks internal address to
+peer.
+ * CVE-2020-15652: Potential leak of redirect targets when loading
+scripts in a worker.
+- Changes from version 68.10.0esr:
+ * CVE-2020-12421: Add-On updates did not respect the same
+certificate trust rules as software updates.
+ * CVE-2020-12420: Use-After-Free when trying to connect to a STUN
+server.
+ * CVE-2020-12419: Use-after-free in nsGlobalWindowInner.
+ * CVE-2020-12418: Information disclosure due to manipulated URL
+object.
+ * CVE-2020-12417: Memory corruption due to missing sign-extension
+for ValueTags on ARM64.
+
+---
Old:
firefox-68.9.0esr.source.tar.xz
New:
firefox-68.12.0esr.source.tar.xz
Other differences:
--
++ mozjs68.spec ++
--- /var/tmp/diff_new_pack.W2VVsT/_old 2020-09-09 17:46:37.626411226 +0200
+++ /var/tmp/diff_new_pack.W2VVsT/_new 2020-09-09 17:46:37.626411226 +0200
@@ -18,7 +18,7 @@
%global major 68
Name: mozjs%{major}
-Version:68.9.0
+Version:68.12.0
Release:0
Summary:MozJS, or SpiderMonkey, is Mozilla's JavaScript engine written
in C and C++
License:MPL-2.0
++ firefox-68.9.0esr.source.tar.xz -> firefox-68.12.0esr.source.tar.xz
++
/work/SRC/openSUSE:Factory/mozjs68/firefox-68.9.0esr.source.tar.xz
/work/SRC/openSUSE:Factory/.mozjs68.new.3399/firefox-68.12.0esr.source.tar.xz
differ: char 15, line 1
commit mozjs68 for openSUSE:Factory
Hello community, here is the log from the commit of package mozjs68 for openSUSE:Factory checked in at 2020-09-03 01:11:15 Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old) and /work/SRC/openSUSE:Factory/.mozjs68.new.3399 (New) Package is "mozjs68" Thu Sep 3 01:11:15 2020 rev:8 rq:830031 version:68.9.0 Changes: --- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes 2020-08-23 09:20:01.142646544 +0200 +++ /work/SRC/openSUSE:Factory/.mozjs68.new.3399/mozjs68.changes 2020-09-03 01:11:51.644421115 +0200 @@ -1,0 +2,6 @@ +Thu Aug 27 14:02:14 UTC 2020 - Michel Normand + +- reset memoryperjob for PowerPC avoid dispatcher to not find worker + and still use %limit_build macro for them. + +--- Other differences: -- ++ mozjs68.spec ++ --- /var/tmp/diff_new_pack.y7loXo/_old 2020-09-03 01:11:54.352422018 +0200 +++ /var/tmp/diff_new_pack.y7loXo/_new 2020-09-03 01:11:54.352422018 +0200 @@ -51,6 +51,9 @@ BuildRequires: pkgconfig(icu-i18n) >= 63.1 BuildRequires: pkgconfig(libffi) BuildRequires: pkgconfig(zlib) +%ifarch ppc ppc64 ppc64le +BuildRequires: memory-constraints +%endif %description JavaScript is the Netscape-developed object scripting language used in millions @@ -130,6 +133,9 @@ --enable-posix-nspr-emulation \ # do not eat all memory +%ifarch ppc ppc64 ppc64le +%limit_build -m 1300 +%endif %make_build ++ _constraints ++ --- /var/tmp/diff_new_pack.y7loXo/_old 2020-09-03 01:11:54.448422050 +0200 +++ /var/tmp/diff_new_pack.y7loXo/_new 2020-09-03 01:11:54.448422050 +0200 @@ -13,6 +13,7 @@ + ppc ppc64 ppc64le @@ -20,6 +21,9 @@ 8192 + +0 +
commit mozjs68 for openSUSE:Factory
Hello community, here is the log from the commit of package mozjs68 for openSUSE:Factory checked in at 2020-08-23 09:19:59 Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old) and /work/SRC/openSUSE:Factory/.mozjs68.new.3399 (New) Package is "mozjs68" Sun Aug 23 09:19:59 2020 rev:7 rq:828127 version:68.9.0 Changes: --- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes 2020-06-11 09:59:11.818097679 +0200 +++ /work/SRC/openSUSE:Factory/.mozjs68.new.3399/mozjs68.changes 2020-08-23 09:20:01.142646544 +0200 @@ -1,0 +2,5 @@ +Thu Aug 20 08:58:55 UTC 2020 - Martin Liška + +- Use memoryperjob constraint instead of %limit_build macro. + +--- Other differences: -- ++ mozjs68.spec ++ --- /var/tmp/diff_new_pack.NXy8wc/_old 2020-08-23 09:20:03.650647933 +0200 +++ /var/tmp/diff_new_pack.NXy8wc/_new 2020-08-23 09:20:03.654647936 +0200 @@ -43,7 +43,6 @@ BuildRequires: autoconf213 BuildRequires: gcc-c++ -BuildRequires: memory-constraints BuildRequires: pkgconfig BuildRequires: python BuildRequires: python-xml @@ -131,7 +130,6 @@ --enable-posix-nspr-emulation \ # do not eat all memory -%limit_build -m 1300 %make_build ++ _constraints ++ --- /var/tmp/diff_new_pack.NXy8wc/_old 2020-08-23 09:20:03.762647996 +0200 +++ /var/tmp/diff_new_pack.NXy8wc/_new 2020-08-23 09:20:03.766647998 +0200 @@ -7,6 +7,9 @@ 4 + + 1300 +
commit mozjs68 for openSUSE:Factory
Hello community,
here is the log from the commit of package mozjs68 for openSUSE:Factory checked
in at 2020-06-11 09:58:47
Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old)
and /work/SRC/openSUSE:Factory/.mozjs68.new.3606 (New)
Package is "mozjs68"
Thu Jun 11 09:58:47 2020 rev:6 rq:811796 version:68.9.0
Changes:
--- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes 2020-05-14
23:23:35.784824108 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs68.new.3606/mozjs68.changes
2020-06-11 09:59:11.818097679 +0200
@@ -1,0 +2,25 @@
+Fri Jun 5 09:41:37 UTC 2020 - Bjørn Lie
+
+- Update to version 68.9.0esr:
+ * CVE-2020-12399: Timing attack on DSA signatures in NSS library
+ * CVE-2020-12405: Use-after-free in SharedWorkerService
+ * CVE-2020-12406: JavaScript Type confusion with NativeTypes
+ * CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and
+Firefox ESR 68.9
+- Changes from version 68.8.0esr:
+ * CVE-2020-12387: Use-after-free during worker shutdown
+ * CVE-2020-12388: Sandbox escape with improperly guarded Access
+Tokens
+ * CVE-2020-12389: Sandbox escape with improperly separated
+process types
+ * CVE-2020-6831: Buffer overflow in SCTP chunk input validation
+ * CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
+ * CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully
+escape website-controlled data, potentially leading to command
+injection
+ * CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and
+Firefox ESR 68.8
+- Drop gcc10-include-fix.patch: Fixed upstream.
+- Add Drop_backwards_test-Nuuk.patch: This is now Nuuk in tzdata.
+
+---
Old:
firefox-68.7.0esr.source.tar.xz
gcc10-include-fix.patch
New:
Drop_backwards_test-Nuuk.patch
firefox-68.9.0esr.source.tar.xz
Other differences:
--
++ mozjs68.spec ++
--- /var/tmp/diff_new_pack.wFwUrr/_old 2020-06-11 09:59:16.154111614 +0200
+++ /var/tmp/diff_new_pack.wFwUrr/_new 2020-06-11 09:59:16.154111614 +0200
@@ -18,7 +18,7 @@
%global major 68
Name: mozjs%{major}
-Version:68.7.0
+Version:68.9.0
Release:0
Summary:MozJS, or SpiderMonkey, is Mozilla's JavaScript engine written
in C and C++
License:MPL-2.0
@@ -37,9 +37,9 @@
Patch8: TestingFunctions-Update-ICU-s-default-tz-when-setting-TZ.patch
Patch9: Skip-time-zone-tests-that-fails-with-system-ICU.patch
Patch10:Skip-tests-expected-fail-i586-ppc64.patch
-Patch11:gcc10-include-fix.patch
Patch12:mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
Patch13:Remove-unused-LLVM-and-Rust-build-dependencies.patch
+Patch14:Drop_backwards_test-Nuuk.patch
BuildRequires: autoconf213
BuildRequires: gcc-c++
++ Drop_backwards_test-Nuuk.patch ++
---
firefox-68.9.0-orig/js/src/tests/non262/Intl/DateTimeFormat/timeZone_backward_links.js
2020-05-28 02:01:51.0 +0200
+++
firefox-68.9.0/js/src/tests/non262/Intl/DateTimeFormat/timeZone_backward_links.js
2020-06-05 13:38:22.645892749 +0200
@@ -17,7 +17,6 @@
"America/Catamarca": "America/Argentina/Catamarca",
"America/Cordoba": "America/Argentina/Cordoba",
"America/Fort_Wayne": "America/Indiana/Indianapolis",
-"America/Godthab": "America/Nuuk",
"America/Indianapolis": "America/Indiana/Indianapolis",
"America/Jujuy": "America/Argentina/Jujuy",
"America/Knox_IN": "America/Indiana/Knox",
++ firefox-68.7.0esr.source.tar.xz -> firefox-68.9.0esr.source.tar.xz ++
/work/SRC/openSUSE:Factory/mozjs68/firefox-68.7.0esr.source.tar.xz
/work/SRC/openSUSE:Factory/.mozjs68.new.3606/firefox-68.9.0esr.source.tar.xz
differ: char 15, line 1
commit mozjs68 for openSUSE:Factory
Hello community, here is the log from the commit of package mozjs68 for openSUSE:Factory checked in at 2020-05-14 23:23:26 Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old) and /work/SRC/openSUSE:Factory/.mozjs68.new.2738 (New) Package is "mozjs68" Thu May 14 23:23:26 2020 rev:5 rq:805242 version:68.7.0 Changes: --- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes 2020-05-05 18:54:05.493244890 +0200 +++ /work/SRC/openSUSE:Factory/.mozjs68.new.2738/mozjs68.changes 2020-05-14 23:23:35.784824108 +0200 @@ -1,0 +2,5 @@ +Wed May 13 08:04:50 UTC 2020 - Michel Normand + +- Increase memory for PowerPC in _constraints file + +--- Other differences: -- ++ _constraints ++ --- /var/tmp/diff_new_pack.Vtrukl/_old 2020-05-14 23:23:37.356827539 +0200 +++ /var/tmp/diff_new_pack.Vtrukl/_new 2020-05-14 23:23:37.356827539 +0200 @@ -8,4 +8,15 @@ 4 + + + ppc64 + ppc64le + + + +8192 + + +
commit mozjs68 for openSUSE:Factory
Hello community,
here is the log from the commit of package mozjs68 for openSUSE:Factory checked
in at 2020-05-05 18:54:01
Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old)
and /work/SRC/openSUSE:Factory/.mozjs68.new.2738 (New)
Package is "mozjs68"
Tue May 5 18:54:01 2020 rev:4 rq:799700 version:68.7.0
Changes:
--- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes 2020-04-25
20:19:30.608931542 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs68.new.2738/mozjs68.changes
2020-05-05 18:54:05.493244890 +0200
@@ -1,0 +2,7 @@
+Sat May 2 13:59:04 UTC 2020 - John Paul Adrian Glaubitz
+
+- Add patch to drop unused LLVM and Rust build dependencies
+ + Remove-unused-LLVM-and-Rust-build-dependencies.patch
+- Drop cargo, clang-devel, llvm-devel and rust from BuildRequires
+
+---
New:
Remove-unused-LLVM-and-Rust-build-dependencies.patch
Other differences:
--
++ mozjs68.spec ++
--- /var/tmp/diff_new_pack.pla7Pe/_old 2020-05-05 18:54:09.041252530 +0200
+++ /var/tmp/diff_new_pack.pla7Pe/_new 2020-05-05 18:54:09.041252530 +0200
@@ -39,19 +39,16 @@
Patch10:Skip-tests-expected-fail-i586-ppc64.patch
Patch11:gcc10-include-fix.patch
Patch12:mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
+Patch13:Remove-unused-LLVM-and-Rust-build-dependencies.patch
BuildRequires: autoconf213
-BuildRequires: cargo
-BuildRequires: clang-devel
BuildRequires: gcc-c++
-BuildRequires: llvm-devel
BuildRequires: memory-constraints
BuildRequires: pkgconfig
BuildRequires: python
BuildRequires: python-xml
BuildRequires: python3-base
BuildRequires: readline-devel
-BuildRequires: rust
BuildRequires: pkgconfig(icu-i18n) >= 63.1
BuildRequires: pkgconfig(libffi)
BuildRequires: pkgconfig(zlib)
++ Remove-unused-LLVM-and-Rust-build-dependencies.patch ++
Description: Remove unused LLVM and Rust build dependencies
Since the Javascript engine is normally part of Firefox, its build
system has dependencies on the LLVM and Rust toolchains. This limits
the number of architectures which mozjs68 can be built on.
.
It turns out, however, that neither LLVM nor Rust are used when mozjs68
is being built and these build dependencies are therefore not necessary.
.
This patch removes them and allows mozjs68 to be built on any architecture.
.
Author: John Paul Adrian Glaubitz
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959144
Forwarded: no
Last-Update: 2020-04-30
Index: mozjs68-68.6.0/js/moz.configure
===
--- mozjs68-68.6.0.orig/js/moz.configure
+++ mozjs68-68.6.0/js/moz.configure
@@ -18,11 +18,6 @@ def building_js(build_project):
option(env='JS_STANDALONE', default=building_js,
help='Reserved for internal use')
-include('../build/moz.configure/rust.configure',
-when='--enable-compile-environment')
-include('../build/moz.configure/bindgen.configure',
-when='--enable-compile-environment')
-
@depends('JS_STANDALONE')
def js_standalone(value):
if value:
Index: mozjs68-68.6.0/moz.configure
===
--- mozjs68-68.6.0.orig/moz.configure
+++ mozjs68-68.6.0/moz.configure
@@ -598,36 +598,6 @@ set_config('MAKENSISU_FLAGS', nsis_flags
check_prog('7Z', ('7z', '7za'), allow_missing=True, when=target_is_windows)
-
-@depends(host_c_compiler, c_compiler, bindgen_config_paths)
-def llvm_objdump(host_c_compiler, c_compiler, bindgen_config_paths):
-clang = None
-for compiler in (host_c_compiler, c_compiler):
-if compiler and compiler.type == 'clang':
-clang = compiler.compiler
-break
-elif compiler and compiler.type == 'clang-cl':
-clang = os.path.join(os.path.dirname(compiler.compiler), 'clang')
-break
-
-if not clang and bindgen_config_paths:
-clang = bindgen_config_paths.clang_path
-llvm_objdump = 'llvm-objdump'
-if clang:
-out = check_cmd_output(clang, '--print-prog-name=llvm-objdump',
- onerror=lambda: None)
-if out:
-llvm_objdump = out.rstrip()
-return (llvm_objdump,)
-
-
-llvm_objdump = check_prog('LLVM_OBJDUMP', llvm_objdump, what='llvm-objdump',
- when='--enable-compile-environment',
- paths=toolchain_search_path)
-
-add_old_configure_assignment('LLVM_OBJDUMP', llvm_objdump)
-
-
# Please do not add configure checks from here on.
# Fallthrough to autoconf-based configure
commit mozjs68 for openSUSE:Factory
Hello community,
here is the log from the commit of package mozjs68 for openSUSE:Factory checked
in at 2020-04-25 20:16:24
Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old)
and /work/SRC/openSUSE:Factory/.mozjs68.new.2738 (New)
Package is "mozjs68"
Sat Apr 25 20:16:24 2020 rev:3 rq:797144 version:68.7.0
Changes:
--- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes 2020-04-16
23:02:40.279646546 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs68.new.2738/mozjs68.changes
2020-04-25 20:19:30.608931542 +0200
@@ -1,0 +2,11 @@
+Fri Apr 24 10:11:19 UTC 2020 - Guillaume GARDET
+
+- Add patch to fix build on armv7:
+ * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
+
+---
+Tue Apr 21 07:35:41 UTC 2020 - Martin Liška
+
+- Add gcc10-include-fix.patch in order to fix boo#1170020.
+
+---
New:
gcc10-include-fix.patch
mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
Other differences:
--
++ mozjs68.spec ++
--- /var/tmp/diff_new_pack.Zt39lf/_old 2020-04-25 20:19:34.732940044 +0200
+++ /var/tmp/diff_new_pack.Zt39lf/_new 2020-04-25 20:19:34.736940053 +0200
@@ -37,6 +37,8 @@
Patch8: TestingFunctions-Update-ICU-s-default-tz-when-setting-TZ.patch
Patch9: Skip-time-zone-tests-that-fails-with-system-ICU.patch
Patch10:Skip-tests-expected-fail-i586-ppc64.patch
+Patch11:gcc10-include-fix.patch
+Patch12:mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
BuildRequires: autoconf213
BuildRequires: cargo
@@ -50,9 +52,9 @@
BuildRequires: python3-base
BuildRequires: readline-devel
BuildRequires: rust
+BuildRequires: pkgconfig(icu-i18n) >= 63.1
BuildRequires: pkgconfig(libffi)
BuildRequires: pkgconfig(zlib)
-BuildRequires: pkgconfig(icu-i18n) >= 63.1
%description
JavaScript is the Netscape-developed object scripting language used in millions
@@ -131,7 +133,6 @@
--enable-unaligned-private-values \
--enable-posix-nspr-emulation \
-
# do not eat all memory
%limit_build -m 1300
++ gcc10-include-fix.patch ++
diff --git a/mfbt/FunctionTypeTraits.h b/mfbt/FunctionTypeTraits.h
--- a/mfbt/FunctionTypeTraits.h
+++ b/mfbt/FunctionTypeTraits.h
@@ -4,16 +4,17 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* Helpers to manipulate function types that don't fit in TypeTraits.h */
#ifndef mozilla_FunctionTypeTraits_h
#define mozilla_FunctionTypeTraits_h
+#include /* for size_t */
#include
namespace mozilla {
// Main FunctionTypeTraits declaration, taking one template argument.
//
// Given a function type, FunctionTypeTraits will expose the following members:
// - ReturnType: Return type.
++ mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch ++
# HG changeset patch
# Parent 9bc02ee6567ae3f1dad1f8578e650c0a1faa0179
diff --git a/js/src/wasm/WasmSignalHandlers.cpp
b/js/src/wasm/WasmSignalHandlers.cpp
--- a/js/src/wasm/WasmSignalHandlers.cpp
+++ b/js/src/wasm/WasmSignalHandlers.cpp
@@ -240,17 +240,17 @@ using mozilla::DebugOnly;
// Those definitions are however not present in the headers of every Linux
// distro - Raspbian is known to be a problem, for example. However those
// distros are tier-3 platforms.
//
// If you run into compile problems on a tier-3 platform, you can disable the
// emulation here.
#if defined(__linux__) && defined(__arm__)
-# define WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS
+// # define WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS
#endif
#ifdef WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS
# include
#endif
#if defined(ANDROID)
// Not all versions of the Android NDK define ucontext_t or mcontext_t.
commit mozjs68 for openSUSE:Factory
Hello community,
here is the log from the commit of package mozjs68 for openSUSE:Factory checked
in at 2020-04-16 23:02:20
Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old)
and /work/SRC/openSUSE:Factory/.mozjs68.new.2738 (New)
Package is "mozjs68"
Thu Apr 16 23:02:20 2020 rev:2 rq:794321 version:68.7.0
Changes:
--- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes 2020-04-15
19:54:28.681598533 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs68.new.2738/mozjs68.changes
2020-04-16 23:02:40.279646546 +0200
@@ -1,0 +2,24 @@
+Wed Apr 8 19:06:06 UTC 2020 - Bjørn Lie
+
+- Update to version 68.7.0esr:
+ * CVE-2020-6828: Preference overwrite via crafted Intent from
+malicious Android application.
+ * CVE-2020-6827: Custom Tabs in Firefox for Android could have
+the URI spoofed.
+ * CVE-2020-6821: Uninitialized memory could be read when using
+the WebGL copyTexSubImage method.
+ * CVE-2020-6822: Out of bounds write in GMPDecodeData when
+processing large images.
+ * CVE-2020-6825: Memory safety bugs fixed in Firefox 75 and
+Firefox ESR 68.7.
+
+---
+Mon Apr 6 15:20:37 UTC 2020 - Bjørn Lie
+
+- Update to version 68.6.1esr:
+ + MFSA 2020-11:
+- CVE-2020-6819: Use-after-free while running the nsDocShell
+ destructor
+- CVE-2020-6820: Use-after-free when handling a ReadableStream
+
+---
Old:
firefox-68.6.0esr.source.tar.xz
New:
firefox-68.7.0esr.source.tar.xz
Other differences:
--
++ mozjs68.spec ++
--- /var/tmp/diff_new_pack.yun2i2/_old 2020-04-16 23:02:45.439650434 +0200
+++ /var/tmp/diff_new_pack.yun2i2/_new 2020-04-16 23:02:45.439650434 +0200
@@ -2,7 +2,6 @@
# spec file for package mozjs68
#
# Copyright (c) 2020 SUSE LLC
-# Copyright (c) 2018 Luciano Santos .
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +18,7 @@
%global major 68
Name: mozjs%{major}
-Version:68.6.0
+Version:68.7.0
Release:0
Summary:MozJS, or SpiderMonkey, is Mozilla's JavaScript engine written
in C and C++
License:MPL-2.0
++ firefox-68.6.0esr.source.tar.xz -> firefox-68.7.0esr.source.tar.xz ++
/work/SRC/openSUSE:Factory/mozjs68/firefox-68.6.0esr.source.tar.xz
/work/SRC/openSUSE:Factory/.mozjs68.new.2738/firefox-68.7.0esr.source.tar.xz
differ: char 15, line 1
