Accepting request 1103892 from GNOME:Factory

OBS-URL: https://build.opensuse.org/request/show/1103892 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozjs102?expand=0&rev=14
2023-08-15 14:39:33 +00:00 · 2023-08-15 14:39:33 +00:00 · cc9ff8efe9
commit cc9ff8efe9
parent 2673e56133 1bea55c9a5
7 changed files with 53 additions and 22 deletions
--- a/firefox-102.12.0esr.source.tar.xz
+++ b/firefox-102.12.0esr.source.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:d7296d0e6cf572a5604498d19801faf274ba64b195add5231e90cf8edacd31a1
 size 483008152
--- a/firefox-102.12.0esr.source.tar.xz.asc
+++ b/firefox-102.12.0esr.source.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmR043gACgkQ4207E/PZ
 MnTCYQ//QnKqqImcb6/TsGiPc8Jlo1cT5Qdataz4+/N9rBO4W/7rPYfHYQjowuzw
 VzO2DDiGLzVMlU2bj/RJMxKYyq5Vnbaw/A91k+jMgmzC2AHeDr7t9TARSfUyAzUE
 68aFd2IoYswjo2VkMAqkd2PXNnitH5ZqoZVkguDKIHG3cEQSPeD10g0JIt8D7E73
 8zLHY3YrHOOo34FMxu45OdxMYTFRm1Gzf6YznKjNEWK9S6FogusGYdZWpzMtehet
 gAvy0EdBVV5nigjg+1p6jIlGHbkx0KxbHn9N2hDDN1d62d5ZLSW+pgZhpwSA8u+4
 JCVAx6abp12v66b2gV0hrUg8HdyIIXTdSBXWTA4brkhZRlgXaCLKpgc1btL4WsTv
 dP5XouYMCA6wYqEgCPqvi4CXFgN+zszT+BTX9csgcBwOvLs/gYEgpKwsUgef6JsG
 9cBkqPs+zKer9nhi5F9Zo7jTDp6kXVhQZqDltl3bAiF6kohA8XReyoG77iZbSovG
 jSyHtxP8Nl38xoumXcEtqxMyaadfMJoMiznwraUCfUtXZ6N2qiiL/hJnD8C1kdqS
 0s5piQANCoV9q4bLCwQfkbOiAD5sGwvMaOO16uONgMkOvThBmdmMa1ZXDUVgqZFK
 XPjO9HnbOCviZQl64qgtk+ze9k0cAwsUiuatze01ez25k3bx1CI=
 =r5rj
 -----END PGP SIGNATURE-----
--- a/firefox-102.14.0esr.source.tar.xz
+++ b/firefox-102.14.0esr.source.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:1ab85081c08a472cfd869873dba0e76ae6d9e83c1b8f23741e4c9d5471a5efee
 size 479449456
--- a/firefox-102.14.0esr.source.tar.xz.asc
+++ b/firefox-102.14.0esr.source.tar.xz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmS+rSsACgkQ4207E/PZ
 MnR2wg/+O6AgiUSAfsE/OCLTRbpb8T1bhC1NogqjS+xlx2yV+G7sUEaTHRpja7UI
 WzCko+Ue7D0nHaHBoCwR0x5SIgQRNoWq1h2M6DPm1u9t6kYiQbxg1xjftnPgrd1o
 vCGtnVAp4FnNivy97XKW7AMxf72+eXAcPrVU4taXxMkYsIExMx8uS1Dvm1Vz+KBP
 nCVI1zbYWBSK7XhqcPtl4uGLrohvgwg8bHyFTtThy+MG9vGzfBgb8v8LkmueU1Ua
 oSDenoJ78nv0/J8d+jGI+STzoztyePO30YRWgN9rK17JyYPVxXBIfur005csZCYj
 VWXDEnA/DHzJCO/g7+YJeH+aBzme2RQ+OKmAmGQhvyZxySMUhcqtrAFEcerW1D+e
 RRwZyogRfmsDrxKdwJkVRN05vck8TuIxbeGOqEIpqtOx4xodNTcRYrZezL5N5hlh
 +G7NKyh+C5SHA2xgtMQpulfQdsbFwrlBO/+dl/KgUR1kxqLS9qpCTO9Cux3LcoLg
 BoBXQIySW6/XruGwec1umcway7Ddi9gTJtdJC8//Qx2MkRtAiQ+OWIlE+o6XJbwd
 oRJybGxxIjnSzTn1uxfIiZ2oJjRjPuuoo+Zxo8Dm2nK4qULIonaF5zDoRSqo/C43
 xGjm6jOI8LxjJAm0pL2o1urk1BK2S6WRer1qnfNFgAuxZKkVJ3U=
 =yZYx
 -----END PGP SIGNATURE-----
--- a/mozilla.keyring
+++ b/mozilla.keyring
@ -12,8 +12,8 @@ pub   rsa4096 2015-07-17 [SC]
 uid           [  full  ] Mozilla Software Releases <release@mozilla.com>
 sub   rsa4096 2015-07-17 [S] [expired: 2017-07-16]
 sub   rsa4096 2017-06-22 [S] [expired: 2019-06-22]
-sub   rsa4096 2019-05-30 [S] [expires: 2021-05-29]
+sub   rsa4096 2019-05-30 [S] [expired: 2021-05-29]
-sub   rsa4096 2021-05-17 [S] [expires: 2023-05-17]
+sub   rsa4096 2021-05-17 [S] [expired: 2023-05-17]
 sub   rsa4096 2023-05-05 [S] [expires: 2025-05-04]
 -----BEGIN PGP PUBLIC KEY BLOCK-----
--- a/mozjs102.changes
+++ b/mozjs102.changes
@ -1,3 +1,34 @@
 -------------------------------------------------------------------
 Fri Aug 11 10:54:47 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
 - Update to version 102.14.0:
  + Various security fixes and other quality improvements.
  + CVE-2023-4045: Offscreen Canvas could have bypassed
    cross-origin restrictions.
  + CVE-2023-4046: Incorrect value used during WASM compilation.
  + CVE-2023-4047: Potential permissions request bypass via
    clickjacking.
  + CVE-2023-4048: Crash in DOMParser due to out-of-memory
    conditions.
  + CVE-2023-4049: Fix potential race conditions when releasing
    platform objects.
  + CVE-2023-4050: Stack buffer overflow in StorageManager.
  + CVE-2023-4054: Lack of warning when opening appref-ms files.
  + CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar
    state.
  + CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox
    ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and
    Thunderbird 102.14.
 - Changes from version 102.13.0:
  + Various security fixes and other quality improvements.
  + CVE-2023-37201: Use-after-free in WebRTC certificate generation
  + CVE-2023-37202: Potential use-after-free from compartment
    mismatch in SpiderMonkey
  + CVE-2023-37207: Fullscreen notification obscured
  + CVE-2023-37208: Lack of warning when opening Diagcab files
  + CVE-2023-37211: Memory safety bugs fixed in Firefox 115,
    Firefox ESR 102.13, and Thunderbird 102.13
 -------------------------------------------------------------------
 Mon Jun 26 12:32:11 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
--- a/mozjs102.spec
+++ b/mozjs102.spec
@ -41,7 +41,7 @@ BuildArch:      i686
 %global big_endian 1
 %endif
 Name:           mozjs%{major}
-Version:        102.12.0
+Version:        102.14.0
 Release:        1%{?dist}
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0