diff --git a/_service b/_service
new file mode 100644
index 0000000..cf5d73e
--- /dev/null
+++ b/_service
@@ -0,0 +1,14 @@
+
+
+ git
+ https://github.com/hramrach/quickjs.git
+ master
+ @PARENT_TAG@+git@TAG_OFFSET@.%h
+ enable
+
+
+ *.tar
+ xz
+
+
+
diff --git a/_servicedata b/_servicedata
new file mode 100644
index 0000000..198c623
--- /dev/null
+++ b/_servicedata
@@ -0,0 +1,4 @@
+
+
+ https://github.com/hramrach/quickjs.git
+ bc629c8b659edd31eb532ae7ccc5f7816098d5d6
\ No newline at end of file
diff --git a/quickjs-2025-09-13-2.tar.xz b/quickjs-2025-09-13-2.tar.xz
deleted file mode 100644
index f581742..0000000
--- a/quickjs-2025-09-13-2.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:996c6b5018fc955ad4d06426d0e9cb713685a00c825aa5c0418bd53f7df8b0b4
-size 596244
diff --git a/quickjs-20250913+git83.bc629c8.tar.xz b/quickjs-20250913+git83.bc629c8.tar.xz
new file mode 100644
index 0000000..9ea0dea
--- /dev/null
+++ b/quickjs-20250913+git83.bc629c8.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8bf8852d07af33f0c063936757ead83f254d24bebe003d1630798c1282bac3a5
+size 449696
diff --git a/quickjs.changes b/quickjs.changes
index 4387f53..1a83bd3 100644
--- a/quickjs.changes
+++ b/quickjs.changes
@@ -1,3 +1,60 @@
+-------------------------------------------------------------------
+Mon Feb 16 11:44:51 UTC 2026 - msuchanek@suse.de
+
+- Update to version 20250913+git83.bc629c8 (upstream git snapshot + cherry-picked fixes):
+ * Fix heap buffer overflow via side-effects in js_typed_array_constructor
+ * Fix heap buffer overflow in js_typed_array_constructor_ta (bsc#1256914 CVE-2026-1145)
+ * Add tests for OOB access in atomic ops
+ * Fix use-after-free in Atomics operations with resizable ArrayBuffers (bsc#1256911 CVE-2026-1144)
+ * \x{N} is a syntax error
+ * slightly faster lexical variable assignment
+ * Don't call well-known Symbol methods for RegExp on primitive values
+ * removed use after free in js_create_module_bytecode_function() (#467)
+ * removed memory leak in case of error in cpool_add() (#468)
+ * fixed fast array extension optimization when there are multiple realms
+ * added regexp duplicate named groups - fixed reset of captures with quantizers
+ * updated to unicode 17.0.0 - updated test262 version
+ * fixed Worker freeing logic (#462)
+ * - optimized Regexp.prototype.exec - optimized String.prototype.replace - optimized 'arguments' object creation - optimized access to non strict 'arguments' elements
+ * faster and simpler implementation of regexp backtracking
+ * fixed BJSON array serialization (#457)
+ * Added Iterator.concat (initial patch by bnoordhuis)
+ * optimized add/sub int32 overflow
+ * added error checking in JS_InstantiateFunctionListItem()
+ * Closure optimization
+ * Restore a mistakenly removed goto on error in js_build_module_ns() (igorburago)
+ * fixed JS_PROP_AUTOINIT handling in js_closure_define_global_var() (#455)
+ * fixed exception handling in put_var operation (regression introduced by commit a6816be) (#454)
+ * More informative "not a constructor" error message (initial patch by bnoordhuis) (#368)
+ * Fix length check in ArrayBuffer.prototype.slice (bnoordhuis) (#451)
+ * fixed DataView resizing
+ * qjs: added --strict option
+ * Much faster destructuring at the expense of a slight incompatibility with the spec when direct evals are present (v8 behaves the same way).
+ * fixed operation order in Regexp constructor
+ * changed module rejection order according to spec change
+ * optimized Array.prototype.push
+ * added js_string_eq()
+ * fixed argument evaluation order in Date constructor and Date.UTC()
+ * faster and safer dbuf functions (#443)
+ * Faster context creation and exception checks in JS_NewContext (#404)
+ * faster appending of elements in arrays
+ * optimized string_buffer_putc()
+ * optimized post_inc and post_dec
+ * optimized array access
+ * optimized global variable access
+ * optimize the create of arrays
+ * Improve error handling in Promise.withResolvers (bnoordhuis)
+ * fixed Date parsing: "1997-03-08 11:19:10-0700" is a valid date and "1997-03-08T11:19:10-07" should yield an error
+ * added Math.sumPrecise()
+ * added Map and WeakMap upsert methods (bnoordhuis)
+ * - added Atomics.pause (bnoordhuis)
+ * - added resizable array buffers (bnoordhuis)
+ * fixed parsing of computed property name
+ * - added ArrayBuffer.prototype.transfer (Divy Srivastava)
+ * added the Iterator object
+ * added set methods (bnoordhuis)
+ * removed memory leak (#441)
+
-------------------------------------------------------------------
Fri Feb 6 01:23:13 UTC 2026 - Avindra Goolcharan
diff --git a/quickjs.spec b/quickjs.spec
index 9a827f3..994b5a1 100644
--- a/quickjs.spec
+++ b/quickjs.spec
@@ -16,8 +16,6 @@
#
-%define ver 2025-09-13-2
-%define ver2 2025-09-13
%if 0%{?suse_version} && 0%{?suse_version} < 1500
%define compiler CC=gcc-7
# /usr/include/c++/12/stdatomic.h
@@ -26,12 +24,12 @@ BuildRequires: gcc7-c++
BuildRequires: gcc-c++
%endif
Name: quickjs
-Version: 20250913
+Version: 20250913+git83.bc629c8
Release: 0
Summary: Small and embeddable Javascript engine
License: MIT
URL: https://bellard.org/quickjs/
-Source0: https://bellard.org/quickjs/%{name}-%{ver}.tar.xz
+Source0: %{name}-%{version}.tar.xz
BuildRequires: make
%description
@@ -51,7 +49,7 @@ Summary: Development headers for quickjs
Development headers for quickjs
%prep
-%setup -q -n %{name}-%{ver2}
+%setup -q -n %{name}-%{version}
# inject optflags (cannot be passed normally to build)
cat >> "./Makefile" <<-EOF
CFLAGS += %{optflags} -ffat-lto-objects