Accepting request 1058990 from GNOME:Next

- Update to version 102.7.0: + Various stability, functionality, and security fixes. + CVE-2022-46871: libusrsctp library out of date. + CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux. + CVE-2023-23599: Malicious command could be hidden in devtools output on Windows. + CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation. + CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers. + CVE-2022-46877: Fullscreen notification bypass. + CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive. + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7. OBS-URL: https://build.opensuse.org/request/show/1058990 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=13
2023-01-19 08:53:02 +00:00 · 2023-01-19 08:53:02 +00:00 · 307cf13d8b
commit 307cf13d8b
parent 12f5359628
6 changed files with 41 additions and 21 deletions
--- a/firefox-102.6.0esr.source.tar.xz
+++ b/firefox-102.6.0esr.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d23154a4d876d76122161e7be2659de6e88985802d9e5125baf1d133f37f0ffe
-size 478856656
--- a/firefox-102.6.0esr.source.tar.xz.asc
+++ b/firefox-102.6.0esr.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmOOemgACgkQ6+QekPbx
-L21gcxAAlpXMM66LLLAQMmDR7vED8xgz9RZmEjUj4kAn1yETyYtNMks/70ZZMKy2
-oFXIfQbA5WXt740CT6kE6bn0SshRbtEjEUJS2HpA+wVAAtVkKfkKZkSpRPtPeVbX
-nYZNtCWSMgna+cRB8yVzCJ1Rkml9lIeB374Ten7PoAQZ9YBx8BuYdnVYlSEdl38c
-Vyf3Y94sDMDqW8EdGe5ccPanodgrlAerQz4Z4VjLsF2tFkC5mwmm7U0KTsyve8hJ
-seEb2BNJZi+lkbjlyiMWsU4YLb3RFyDf6w5eJpOaCLYdYeaabO/Tw5T7MdDFRZtL
-GN0RYYkmJ/uOPlHAQyRL17Y1omyl08wEh+DNj2Ataw3yJWH2Ih64uYkwZ53lAe7Y
-/ayKtd+Ifj1l5OBaD96Z+eGWYCunF6/J6kCX4+uGhGUrCfSRRVxYirosPHsESAjf
-Gkljlp7ZdahsEhHyw26hSRxoTbYTUudANLZQAnhaKfOwtfcu43JAGKdNT6hddAlk
-+esg7Xlt3FgTR0xPAPOxFohxKWUQ+xbx1D2CODxX40NKvoyTh+wy28dFv+k+w00l
-F5rswPr8a3BAk7ijYtA1OZRMONIgHnNy0vi8wcJRrHzLqRlKuWSjMlBKSPKkQ82F
-KIq5xgkR0ZPkxb/R/mtSGPmVtqIYbdv9wnB0sTsUpl04scWFrto=
-=1V2Y
-----END PGP SIGNATURE-----
--- a/firefox-102.7.0esr.source.tar.xz
+++ b/firefox-102.7.0esr.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a7a4603417fcb42ec37f2cff9034280ce2ec772c0a5fc500fada4286ba3114aa
+size 479538092
--- a/firefox-102.7.0esr.source.tar.xz.asc
+++ b/firefox-102.7.0esr.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmO8UKIACgkQ6+QekPbx
+L201FQ//cZMs3qPzS5YG9AJz9w/Zp3o6sG/JxaBcWT0nUqai+z35LPB9pMnKIrd1
+gjQz36h2MVYH159dtnsggN+IObVoSVr0Eg3+D4qT8BSCYugWYbhDpi9y19bUZDzv
+lW84s6xpcBynEXELxOpGYNvWRrcPFAZ8LaoimQzy2iLLTF2buXP05/uzTYgyHWbh
+mmrKakr7Xw0x4m9c8wln0OjB9hmO6eJ2tvKrZmSv0c2SOO1hmslCfKoFw8POjNfS
+JBtjEmjn2usHrLQHL7l/arbw0m4VCwFjdTwxe3iFZV4okuRLHcnqN4L/HqM1vkEC
+AQXbZYt7gYK4oxXGlFjIWH517gM3812sjwplgC7s/75SMbRLiDKKdGhNb42h8xzf
+ZxQJGzQpfCbraRi8MM7tTthAge04h2hVcWqM2tCOjstXffgrWzcM6CMMiMMfwnM3
+YpmBtamzXGQnOdNLE3SUW2Ho/xPgyp2w3JoqJMNcUik2mBLyQzxbB4t37G6wGbiQ
+4v0be0t7yz07TkdEPYaqIPlvenoWuyxZWxvoVeaTBJsyQcIPG1BB7t7XmEll4mLi
+DzfVndy/jezegg7htJQrCcdCdzL2S3OxTVVfiTWv+08Ihf9bW96jX6zcR1AvVBfP
+NHdLk8lz5p9NzcT69awGKaIDV/4sEzHgWcOclMLptc9bkeaAlOk=
+=ec8Q
+-----END PGP SIGNATURE-----
--- a/mozjs102.changes
+++ b/mozjs102.changes
@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Tue Jan 17 13:35:58 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 102.7.0:
+  + Various stability, functionality, and security fixes.
+  + CVE-2022-46871: libusrsctp library out of date.
+  + CVE-2023-23598: Arbitrary file read from GTK drag and drop on
+    Linux.
+  + CVE-2023-23599: Malicious command could be hidden in devtools
+    output on Windows.
+  + CVE-2023-23601: URL being dragged from cross-origin iframe into
+    same tab triggers navigation.
+  + CVE-2023-23602: Content Security Policy wasn't being correctly
+    applied to WebSockets in WebWorkers.
+  + CVE-2022-46877: Fullscreen notification bypass.
+  + CVE-2023-23603: Calls to <code>console.log</code> allowed
+    bypasing Content Security Policy via format directive.
+  + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and
+    Firefox ESR 102.7.
+
 -------------------------------------------------------------------
 Wed Dec 14 10:31:25 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>

--- a/mozjs102.spec
+++ b/mozjs102.spec
@ -1,7 +1,7 @@
 #
 # spec file
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -39,7 +39,7 @@ BuildArch:      i686
 %global big_endian 1
 %endif
 Name:           mozjs%{major}
-Version:        102.6.0
+Version:        102.7.0
 Release:        1%{?dist}
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0