Accepting request 1058990 from GNOME:Next

- Update to version 102.7.0: + Various stability, functionality, and security fixes. + CVE-2022-46871: libusrsctp library out of date. + CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux. + CVE-2023-23599: Malicious command could be hidden in devtools output on Windows. + CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation. + CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers. + CVE-2022-46877: Fullscreen notification bypass. + CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive. + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7. OBS-URL: https://build.opensuse.org/request/show/1058990 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=13
2023-01-19 08:53:02 +00:00 · 2023-01-19 08:53:02 +00:00 · 307cf13d8b
commit 307cf13d8b
parent 12f5359628
6 changed files with 41 additions and 21 deletions
--- a/firefox-102.6.0esr.source.tar.xz
+++ b/firefox-102.6.0esr.source.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:d23154a4d876d76122161e7be2659de6e88985802d9e5125baf1d133f37f0ffe
 size 478856656
--- a/firefox-102.6.0esr.source.tar.xz.asc
+++ b/firefox-102.6.0esr.source.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmOOemgACgkQ6+QekPbx
 L21gcxAAlpXMM66LLLAQMmDR7vED8xgz9RZmEjUj4kAn1yETyYtNMks/70ZZMKy2
 oFXIfQbA5WXt740CT6kE6bn0SshRbtEjEUJS2HpA+wVAAtVkKfkKZkSpRPtPeVbX
 nYZNtCWSMgna+cRB8yVzCJ1Rkml9lIeB374Ten7PoAQZ9YBx8BuYdnVYlSEdl38c
 Vyf3Y94sDMDqW8EdGe5ccPanodgrlAerQz4Z4VjLsF2tFkC5mwmm7U0KTsyve8hJ
 seEb2BNJZi+lkbjlyiMWsU4YLb3RFyDf6w5eJpOaCLYdYeaabO/Tw5T7MdDFRZtL
 GN0RYYkmJ/uOPlHAQyRL17Y1omyl08wEh+DNj2Ataw3yJWH2Ih64uYkwZ53lAe7Y
 /ayKtd+Ifj1l5OBaD96Z+eGWYCunF6/J6kCX4+uGhGUrCfSRRVxYirosPHsESAjf
 Gkljlp7ZdahsEhHyw26hSRxoTbYTUudANLZQAnhaKfOwtfcu43JAGKdNT6hddAlk
 +esg7Xlt3FgTR0xPAPOxFohxKWUQ+xbx1D2CODxX40NKvoyTh+wy28dFv+k+w00l
 F5rswPr8a3BAk7ijYtA1OZRMONIgHnNy0vi8wcJRrHzLqRlKuWSjMlBKSPKkQ82F
 KIq5xgkR0ZPkxb/R/mtSGPmVtqIYbdv9wnB0sTsUpl04scWFrto=
 =1V2Y
 -----END PGP SIGNATURE-----
--- a/firefox-102.7.0esr.source.tar.xz
+++ b/firefox-102.7.0esr.source.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:a7a4603417fcb42ec37f2cff9034280ce2ec772c0a5fc500fada4286ba3114aa
 size 479538092
--- a/firefox-102.7.0esr.source.tar.xz.asc
+++ b/firefox-102.7.0esr.source.tar.xz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmO8UKIACgkQ6+QekPbx
 L201FQ//cZMs3qPzS5YG9AJz9w/Zp3o6sG/JxaBcWT0nUqai+z35LPB9pMnKIrd1
 gjQz36h2MVYH159dtnsggN+IObVoSVr0Eg3+D4qT8BSCYugWYbhDpi9y19bUZDzv
 lW84s6xpcBynEXELxOpGYNvWRrcPFAZ8LaoimQzy2iLLTF2buXP05/uzTYgyHWbh
 mmrKakr7Xw0x4m9c8wln0OjB9hmO6eJ2tvKrZmSv0c2SOO1hmslCfKoFw8POjNfS
 JBtjEmjn2usHrLQHL7l/arbw0m4VCwFjdTwxe3iFZV4okuRLHcnqN4L/HqM1vkEC
 AQXbZYt7gYK4oxXGlFjIWH517gM3812sjwplgC7s/75SMbRLiDKKdGhNb42h8xzf
 ZxQJGzQpfCbraRi8MM7tTthAge04h2hVcWqM2tCOjstXffgrWzcM6CMMiMMfwnM3
 YpmBtamzXGQnOdNLE3SUW2Ho/xPgyp2w3JoqJMNcUik2mBLyQzxbB4t37G6wGbiQ
 4v0be0t7yz07TkdEPYaqIPlvenoWuyxZWxvoVeaTBJsyQcIPG1BB7t7XmEll4mLi
 DzfVndy/jezegg7htJQrCcdCdzL2S3OxTVVfiTWv+08Ihf9bW96jX6zcR1AvVBfP
 NHdLk8lz5p9NzcT69awGKaIDV/4sEzHgWcOclMLptc9bkeaAlOk=
 =ec8Q
 -----END PGP SIGNATURE-----
--- a/mozjs102.changes
+++ b/mozjs102.changes
@ -1,3 +1,23 @@
 -------------------------------------------------------------------
 Tue Jan 17 13:35:58 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
 - Update to version 102.7.0:
  + Various stability, functionality, and security fixes.
  + CVE-2022-46871: libusrsctp library out of date.
  + CVE-2023-23598: Arbitrary file read from GTK drag and drop on
    Linux.
  + CVE-2023-23599: Malicious command could be hidden in devtools
    output on Windows.
  + CVE-2023-23601: URL being dragged from cross-origin iframe into
    same tab triggers navigation.
  + CVE-2023-23602: Content Security Policy wasn't being correctly
    applied to WebSockets in WebWorkers.
  + CVE-2022-46877: Fullscreen notification bypass.
  + CVE-2023-23603: Calls to <code>console.log</code> allowed
    bypasing Content Security Policy via format directive.
  + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and
    Firefox ESR 102.7.
 -------------------------------------------------------------------
 Wed Dec 14 10:31:25 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
--- a/mozjs102.spec
+++ b/mozjs102.spec
@ -1,7 +1,7 @@
 #
 # spec file
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -39,7 +39,7 @@ BuildArch:      i686
 %global big_endian 1
 %endif
 Name:           mozjs%{major}
-Version:        102.6.0
+Version:        102.7.0
 Release:        1%{?dist}
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0