Accepting request 1103476 from GNOME:Next

- Update to version 102.14.0:
  + Various security fixes and other quality improvements.
  + CVE-2023-4045: Offscreen Canvas could have bypassed
    cross-origin restrictions.
  + CVE-2023-4046: Incorrect value used during WASM compilation.
  + CVE-2023-4047: Potential permissions request bypass via
    clickjacking.
  + CVE-2023-4048: Crash in DOMParser due to out-of-memory
    conditions.
  + CVE-2023-4049: Fix potential race conditions when releasing
    platform objects.
  + CVE-2023-4050: Stack buffer overflow in StorageManager.
  + CVE-2023-4054: Lack of warning when opening appref-ms files.
  + CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar
    state.
  + CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox
    ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and
    Thunderbird 102.14.
- Changes from version 102.13.0:
  + Various security fixes and other quality improvements.
  + CVE-2023-37201: Use-after-free in WebRTC certificate generation
  + CVE-2023-37202: Potential use-after-free from compartment
    mismatch in SpiderMonkey
  + CVE-2023-37207: Fullscreen notification obscured
  + CVE-2023-37208: Lack of warning when opening Diagcab files
  + CVE-2023-37211: Memory safety bugs fixed in Firefox 115,
    Firefox ESR 102.13, and Thunderbird 102.13

OBS-URL: https://build.opensuse.org/request/show/1103476
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=27

firefox-102.12.0esr.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d7296d0e6cf572a5604498d19801faf274ba64b195add5231e90cf8edacd31a1
-size 483008152

firefox-102.12.0esr.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmR043gACgkQ4207E/PZ
-MnTCYQ//QnKqqImcb6/TsGiPc8Jlo1cT5Qdataz4+/N9rBO4W/7rPYfHYQjowuzw
-VzO2DDiGLzVMlU2bj/RJMxKYyq5Vnbaw/A91k+jMgmzC2AHeDr7t9TARSfUyAzUE
-68aFd2IoYswjo2VkMAqkd2PXNnitH5ZqoZVkguDKIHG3cEQSPeD10g0JIt8D7E73
-8zLHY3YrHOOo34FMxu45OdxMYTFRm1Gzf6YznKjNEWK9S6FogusGYdZWpzMtehet
-gAvy0EdBVV5nigjg+1p6jIlGHbkx0KxbHn9N2hDDN1d62d5ZLSW+pgZhpwSA8u+4
-JCVAx6abp12v66b2gV0hrUg8HdyIIXTdSBXWTA4brkhZRlgXaCLKpgc1btL4WsTv
-dP5XouYMCA6wYqEgCPqvi4CXFgN+zszT+BTX9csgcBwOvLs/gYEgpKwsUgef6JsG
-9cBkqPs+zKer9nhi5F9Zo7jTDp6kXVhQZqDltl3bAiF6kohA8XReyoG77iZbSovG
-jSyHtxP8Nl38xoumXcEtqxMyaadfMJoMiznwraUCfUtXZ6N2qiiL/hJnD8C1kdqS
-0s5piQANCoV9q4bLCwQfkbOiAD5sGwvMaOO16uONgMkOvThBmdmMa1ZXDUVgqZFK
-XPjO9HnbOCviZQl64qgtk+ze9k0cAwsUiuatze01ez25k3bx1CI=
-=r5rj
------END PGP SIGNATURE-----

firefox-102.14.0esr.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1ab85081c08a472cfd869873dba0e76ae6d9e83c1b8f23741e4c9d5471a5efee
+size 479449456

firefox-102.14.0esr.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmS+rSsACgkQ4207E/PZ
+MnR2wg/+O6AgiUSAfsE/OCLTRbpb8T1bhC1NogqjS+xlx2yV+G7sUEaTHRpja7UI
+WzCko+Ue7D0nHaHBoCwR0x5SIgQRNoWq1h2M6DPm1u9t6kYiQbxg1xjftnPgrd1o
+vCGtnVAp4FnNivy97XKW7AMxf72+eXAcPrVU4taXxMkYsIExMx8uS1Dvm1Vz+KBP
+nCVI1zbYWBSK7XhqcPtl4uGLrohvgwg8bHyFTtThy+MG9vGzfBgb8v8LkmueU1Ua
+oSDenoJ78nv0/J8d+jGI+STzoztyePO30YRWgN9rK17JyYPVxXBIfur005csZCYj
+VWXDEnA/DHzJCO/g7+YJeH+aBzme2RQ+OKmAmGQhvyZxySMUhcqtrAFEcerW1D+e
+RRwZyogRfmsDrxKdwJkVRN05vck8TuIxbeGOqEIpqtOx4xodNTcRYrZezL5N5hlh
++G7NKyh+C5SHA2xgtMQpulfQdsbFwrlBO/+dl/KgUR1kxqLS9qpCTO9Cux3LcoLg
+BoBXQIySW6/XruGwec1umcway7Ddi9gTJtdJC8//Qx2MkRtAiQ+OWIlE+o6XJbwd
+oRJybGxxIjnSzTn1uxfIiZ2oJjRjPuuoo+Zxo8Dm2nK4qULIonaF5zDoRSqo/C43
+xGjm6jOI8LxjJAm0pL2o1urk1BK2S6WRer1qnfNFgAuxZKkVJ3U=
+=yZYx
+-----END PGP SIGNATURE-----

mozilla.keyring

@@ -12,8 +12,8 @@ pub   rsa4096 2015-07-17 [SC]
 uid           [  full  ] Mozilla Software Releases <release@mozilla.com>
 sub   rsa4096 2015-07-17 [S] [expired: 2017-07-16]
 sub   rsa4096 2017-06-22 [S] [expired: 2019-06-22]
-sub   rsa4096 2019-05-30 [S] [expires: 2021-05-29]
-sub   rsa4096 2021-05-17 [S] [expires: 2023-05-17]
+sub   rsa4096 2019-05-30 [S] [expired: 2021-05-29]
+sub   rsa4096 2021-05-17 [S] [expired: 2023-05-17]
 sub   rsa4096 2023-05-05 [S] [expires: 2025-05-04]
 
 -----BEGIN PGP PUBLIC KEY BLOCK-----

mozjs102.changes

@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Fri Aug 11 10:54:47 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 102.14.0:
+  + Various security fixes and other quality improvements.
+  + CVE-2023-4045: Offscreen Canvas could have bypassed
+    cross-origin restrictions.
+  + CVE-2023-4046: Incorrect value used during WASM compilation.
+  + CVE-2023-4047: Potential permissions request bypass via
+    clickjacking.
+  + CVE-2023-4048: Crash in DOMParser due to out-of-memory
+    conditions.
+  + CVE-2023-4049: Fix potential race conditions when releasing
+    platform objects.
+  + CVE-2023-4050: Stack buffer overflow in StorageManager.
+  + CVE-2023-4054: Lack of warning when opening appref-ms files.
+  + CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar
+    state.
+  + CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox
+    ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and
+    Thunderbird 102.14.
+- Changes from version 102.13.0:
+  + Various security fixes and other quality improvements.
+  + CVE-2023-37201: Use-after-free in WebRTC certificate generation
+  + CVE-2023-37202: Potential use-after-free from compartment
+    mismatch in SpiderMonkey
+  + CVE-2023-37207: Fullscreen notification obscured
+  + CVE-2023-37208: Lack of warning when opening Diagcab files
+  + CVE-2023-37211: Memory safety bugs fixed in Firefox 115,
+    Firefox ESR 102.13, and Thunderbird 102.13
+
 -------------------------------------------------------------------
 Mon Jun 26 12:32:11 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
 

mozjs102.spec

@@ -41,7 +41,7 @@ BuildArch:      i686
 %global big_endian 1
 %endif
 Name:           mozjs%{major}
-Version:        102.12.0
+Version:        102.14.0
 Release:        1%{?dist}
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0