Overview

File mozjs115.changes of Package mozjs115

-------------------------------------------------------------------
Thu Apr 10 19:49:45 UTC 2025 - Michael Gorse <mgorse@suse.com>

- Add libtheora-avoid-negative-shift.patch: avoid negative shift in
  huffdec.c (bsc#1234837 CVE-2024-56431).

-------------------------------------------------------------------
Thu Dec 11 13:12:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>

- Add mozjs115-CVE-2024-11498.patch:
  Backporting bf4781a2 from upstream, Check height limit in modular
  trees. Also rewrite the implementation to use iterative checking
  instead of recursive checking of tree property values, to ensure
  stack usage is low. Before, it was possible for
  appropriately-crafted files to use a significant amount of stack.
  (CVE-2024-11498, bsc#1233786)

-------------------------------------------------------------------
Thu Dec 09 11:28:05 UTC 2024 - Cliff Zhao <qzhao@suse.com>

- Add mozjs115-CVE-2024-11403.patch:
  Backporting 9cc451b9 from upstream, Port the Huffman lookup table
  size fix from brunsli.
  (CVE-2024-11403, bsc#1233766)

-------------------------------------------------------------------
Thu Dec 05 15:06:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>

- Add mozjs115-CVE-2024-50602.patch:
  Backporting 51c70190 from upstream,
  * lib: Make XML_StopParser refuse to stop/suspend an unstarted parser.
  * lib: Be explicit about XML_PARSING in XML_StopParser.
  (CVE-2024-50602, bsc#1232599, bsc#1232602)

-------------------------------------------------------------------
Wed Nov 20 16:47:26 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>

- Fix build against icu 76.1: link the correct libraries (icu-uc
  instead of icu-i18n).

-------------------------------------------------------------------
Mon Oct 21 05:40:36 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>

- Update to version 115.15.0:
  + Various security fixes and other quality improvements.
- This is the last version from Mozilla, please port to newer
  versions: At minimum version 128.

-------------------------------------------------------------------
Mon Sep 30 17:35:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>

- Add mozjs115-CVE-2024-45492.patch:
  Backporting 9bf0f2c1 from libexpat upstream, Detect integer
  overflow in function nextScaffoldPart.
  (CVE-2024-45492, bsc#1230038)

-------------------------------------------------------------------
Mon Sep 30 17:25:22 UTC 2024 - Cliff Zhao <qzhao@suse.com>

- Add mozjs115-CVE-2024-45491.patch:
  Backporting 8e439a99 from libexpat upstream, Detect integer
  overflow in dtdCopy.
  (CVE-2024-45491, bsc#1230037)

-------------------------------------------------------------------
Mon Sep 30 17:15:45 UTC 2024 - Cliff Zhao <qzhao@suse.com>

- Add mozjs115-CVE-2024-45490-part01-5c1a3164.patch:
  Backporting 5c1a3164 from libexpat upstream, Reject negative len
  for XML_ParseBuffer.
  CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat
  sources; c12f039b for libexpat tests; 2db23301 for libexpat docs;
  Because mozjs only embeds libexpat sources, so unnecessary to
  port prart02 and part03.
  (CVE-2024-45490, bsc#1230036)

-------------------------------------------------------------------
Thu Apr  4 13:56:30 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

- Properly tag patches.

-------------------------------------------------------------------
Thu Dec  7 09:45:46 UTC 2023 - Yifan Jiang <yfjiang@suse.com>

- mozjs115 requires gcc >= 8.1, icu >= 73.1. Specify them in spec.

-------------------------------------------------------------------
Wed Dec  6 08:51:59 UTC 2023 - Yifan Jiang <yfjiang@suse.com>

- Update icu data file name in spec to build in big endian machine.

-------------------------------------------------------------------
Tue Nov 28 12:02:22 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>

- Use %patch -p N instead of deprecated %patchN.

-------------------------------------------------------------------
Thu Nov  9 08:37:08 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>

- Update to version 115.4.0:
  + Various security fixes and other quality improvements.
  + CVE-2023-5721: Queued up rendering could have allowed websites
    to clickjack
  + CVE-2023-5732: Address bar spoofing via bidirectional
    characters
  + CVE-2023-5724: Large WebGL draw could have led to a crash
  + CVE-2023-5725: WebExtensions could open arbitrary URLs
  + CVE-2023-5726: Full screen notification obscured by file open
    dialog on macOS
  + CVE-2023-5727: Download Protections were bypassed by .msix,
    .msixbundle, .appx, and .appxbundle files on Windows
  + CVE-2023-5728: Improper object tracking during GC in the
    JavaScript engine could have led to a crash
  + CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox
    ESR 115.4, and Thunderbird 115.4.1

-------------------------------------------------------------------
Sun Oct  1 11:40:37 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>

- Update to version 115.3.1:
  + Security fix: CVE-2023-5217: Heap buffer overflow in libvpx.
- Changes from version 115.3.0:
  + Various security fixes and other quality improvements.
  + CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1
  + CVE-2023-5169: Out-of-bounds write in PathOps
  + CVE-2023-5171: Use-after-free in Ion Compiler
  + CVE-2023-5174: Double-free in process spawning on Windows
  + CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox
    ESR 115.3, and Thunderbird 115.3

-------------------------------------------------------------------
Mon Sep 25 14:52:38 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>

- Update to version 115.2.1:
  + Security fix: CVE-2023-4863: Heap buffer overflow in libwebp.

-------------------------------------------------------------------
Tue Sep  5 09:40:20 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>

- Update to version 115.2.0:
  + Various security fixes and other quality improvements.
  + CVE-2023-4573: Memory corruption in IPC CanvasTranslator
  + CVE-2023-4574: Memory corruption in IPC
    ColorPickerShownCallback
  + CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
  + CVE-2023-4576: Integer Overflow in
    RecordedSourceSurfaceCreation
  + CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics
  + CVE-2023-4051: Full screen notification obscured by file open
    dialog
  + CVE-2023-4578: Error reporting methods in SpiderMonkey could
    have triggered an Out of Memory Exception
  + CVE-2023-4053: Full screen notification obscured by external
    program
  + CVE-2023-4580: Push notifications saved to disk unencrypted
  + CVE-2023-4581: XLL file extensions were downloadable without
    warnings
  + CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv
  + CVE-2023-4583: Browsing Context potentially not cleared when
    closing Private Window
  + CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox
    ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and
    Thunderbird 115.2
  + CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox
    ESR 115.2, and Thunderbird 115.2

-------------------------------------------------------------------
Fri Aug 11 11:24:28 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>

- Initial packaging for openSUSE, based on mozjs102.
openSUSE Build Service is sponsored by
Places