mozjs102/mozjs102.changes

-------------------------------------------------------------------
Wed Dec 14 10:31:25 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>

- Update to version 102.6.0:
  + Various stability, functionality, and security fixes.
  + CVE-2022-46880: Use-after-free in WebGL.
  + CVE-2022-46872: Arbitrary file read from a compromised content
    process.
  + CVE-2022-46881: Memory corruption in WebGL.
  + CVE-2022-46874: Drag and Dropped Filenames could have been
    truncated to malicious extensions.
  + CVE-2022-46875: Download Protections were bypassed by .atloc
    and .ftploc files on Mac OS.
  + CVE-2022-46882: Use-after-free in WebGL.
  + CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and
    Firefox ESR 102.6.

-------------------------------------------------------------------
Fri Nov 18 18:04:53 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>

- Update to version 102.5.0:
  + Various stability, functionality, and security fixes.
  + CVE-2022-45403: Service Workers might have learned size of
    cross-origin media files.
  + CVE-2022-45404: Fullscreen notification bypass.
  + CVE-2022-45405: Use-after-free in InputStream implementation.
  + CVE-2022-45406: Use-after-free of a JavaScript Realm.
  + CVE-2022-45408: Fullscreen notification bypass via windowName.
  + CVE-2022-45409: Use-after-free in Garbage Collection.
  + CVE-2022-45410: ServiceWorker-intercepted requests bypassed
    SameSite cookie policy.
  + CVE-2022-45411: Cross-Site Tracing was possible via
    non-standard override headers.
  + CVE-2022-45412: Symlinks may resolve to partially uninitialized
    buffers.
  + CVE-2022-45416: Keystroke Side-Channel Leakage.
  + CVE-2022-45418: Custom mouse cursor could have been drawn over
    browser UI.
  + CVE-2022-45420: Iframe contents could be rendered outside the
    iframe.
  + CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and
    Firefox ESR 102.5.

-------------------------------------------------------------------
Tue Oct 18 14:14:17 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>

- Update to version 102.4.0:
  + Various stability, functionality, and security fixes.
  + CVE-2022-42927: Same-origin policy violation could have leaked
    cross-origin URLs.
  + CVE-2022-42928: Memory Corruption in JS Engine.
  + CVE-2022-42929: Denial of Service via window.print.
  + CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and
    Firefox ESR 102.4.

-------------------------------------------------------------------
Tue Sep 27 14:13:15 UTC 2022 - Fabian Vogt <fvogt@suse.com>

- Adjust name of ICU data file to fix build on big-endian platforms

-------------------------------------------------------------------
Tue Sep 20 07:41:19 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>

- Update to version 102.3.0:
  + Various stability, functionality, and security fixes.
  + CVE-2022-3266: Out of bounds read when decoding H264.
  + CVE-2022-40959: Bypassing FeaturePolicy restrictions on
    transient pages.
  + CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in
    threads.
  + CVE-2022-40958: Bypassing Secure Context restriction for
    cookies with __Host and __Secure prefix.
  + CVE-2022-40956: Content-Security-Policy base-uri bypass.
  + CVE-2022-40957: Incoherent instruction cache when building WASM
    on ARM64.
  + CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and
    Firefox ESR 102.3.

-------------------------------------------------------------------
Fri Aug 26 18:08:37 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>

- Initial packaging for openSUSE.
Accepting request 1042892 from GNOME:Next New upstream release OBS-URL: https://build.opensuse.org/request/show/1042892 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=11 2022-12-14 18:12:23 +01:00			`-------------------------------------------------------------------`
			`Wed Dec 14 10:31:25 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>`

			`- Update to version 102.6.0:`
			`+ Various stability, functionality, and security fixes.`
			`+ CVE-2022-46880: Use-after-free in WebGL.`
			`+ CVE-2022-46872: Arbitrary file read from a compromised content`
			`process.`
			`+ CVE-2022-46881: Memory corruption in WebGL.`
			`+ CVE-2022-46874: Drag and Dropped Filenames could have been`
			`truncated to malicious extensions.`
			`+ CVE-2022-46875: Download Protections were bypassed by .atloc`
			`and .ftploc files on Mac OS.`
			`+ CVE-2022-46882: Use-after-free in WebGL.`
			`+ CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and`
			`Firefox ESR 102.6.`

Accepting request 1036701 from GNOME:Next New stable release OBS-URL: https://build.opensuse.org/request/show/1036701 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=9 2022-11-21 12:43:47 +01:00			`-------------------------------------------------------------------`
			`Fri Nov 18 18:04:53 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>`

			`- Update to version 102.5.0:`
			`+ Various stability, functionality, and security fixes.`
			`+ CVE-2022-45403: Service Workers might have learned size of`
			`cross-origin media files.`
			`+ CVE-2022-45404: Fullscreen notification bypass.`
			`+ CVE-2022-45405: Use-after-free in InputStream implementation.`
			`+ CVE-2022-45406: Use-after-free of a JavaScript Realm.`
			`+ CVE-2022-45408: Fullscreen notification bypass via windowName.`
			`+ CVE-2022-45409: Use-after-free in Garbage Collection.`
			`+ CVE-2022-45410: ServiceWorker-intercepted requests bypassed`
			`SameSite cookie policy.`
			`+ CVE-2022-45411: Cross-Site Tracing was possible via`
			`non-standard override headers.`
			`+ CVE-2022-45412: Symlinks may resolve to partially uninitialized`
			`buffers.`
			`+ CVE-2022-45416: Keystroke Side-Channel Leakage.`
			`+ CVE-2022-45418: Custom mouse cursor could have been drawn over`
			`browser UI.`
			`+ CVE-2022-45420: Iframe contents could be rendered outside the`
			`iframe.`
			`+ CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and`
			`Firefox ESR 102.5.`

Accepting request 1029775 from GNOME:Next New upstream release OBS-URL: https://build.opensuse.org/request/show/1029775 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=7 2022-10-19 13:14:56 +02:00			`-------------------------------------------------------------------`
			`Tue Oct 18 14:14:17 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>`

			`- Update to version 102.4.0:`
			`+ Various stability, functionality, and security fixes.`
			`+ CVE-2022-42927: Same-origin policy violation could have leaked`
			`cross-origin URLs.`
			`+ CVE-2022-42928: Memory Corruption in JS Engine.`
			`+ CVE-2022-42929: Denial of Service via window.print.`
			`+ CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and`
			`Firefox ESR 102.4.`

Accepting request 1006421 from home:favogt:branches:GNOME:Factory - Adjust name of ICU data file to fix build on big-endian platforms OBS-URL: https://build.opensuse.org/request/show/1006421 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=5 2022-09-27 22:19:05 +02:00			`-------------------------------------------------------------------`
			`Tue Sep 27 14:13:15 UTC 2022 - Fabian Vogt <fvogt@suse.com>`

			`- Adjust name of ICU data file to fix build on big-endian platforms`

Accepting request 1004912 from GNOME:Next OBS-URL: https://build.opensuse.org/request/show/1004912 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=3 2022-09-20 21:32:28 +02:00			`-------------------------------------------------------------------`
			`Tue Sep 20 07:41:19 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>`

			`- Update to version 102.3.0:`
			`+ Various stability, functionality, and security fixes.`
Accepting request 1029775 from GNOME:Next New upstream release OBS-URL: https://build.opensuse.org/request/show/1029775 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=7 2022-10-19 13:14:56 +02:00			`+ CVE-2022-3266: Out of bounds read when decoding H264.`
			`+ CVE-2022-40959: Bypassing FeaturePolicy restrictions on`
			`transient pages.`
			`+ CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in`
			`threads.`
			`+ CVE-2022-40958: Bypassing Secure Context restriction for`
			`cookies with __Host and __Secure prefix.`
			`+ CVE-2022-40956: Content-Security-Policy base-uri bypass.`
			`+ CVE-2022-40957: Incoherent instruction cache when building WASM`
			`on ARM64.`
			`+ CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and`
			`Firefox ESR 102.3.`
Accepting request 1004912 from GNOME:Next OBS-URL: https://build.opensuse.org/request/show/1004912 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=3 2022-09-20 21:32:28 +02:00
Accepting request 1002335 from GNOME:Next I guess we keep that with us? as being the only consumer? OBS-URL: https://build.opensuse.org/request/show/1002335 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=1 2022-09-09 19:53:20 +02:00			`-------------------------------------------------------------------`
			`Fri Aug 26 18:08:37 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>`

			`- Initial packaging for openSUSE.`