mozjs115-115.4.0-slfo.1.2.1 RPM for x86_64

From OpenSuSE Leap 16.0 for x86_64

SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of
JavaScript. It is intended to be embedded in other applications
that provide host environments for JavaScript.

Provides

• mozjs115
• mozjs115(x86-64)

Requires

• ld-linux-x86-64.so.2()(64bit)
• ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.18)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.25)(64bit)
• libc.so.6(GLIBC_2.28)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.2)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.32)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.38)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libgcc_s.so.1()(64bit)
• libgcc_s.so.1(GCC_3.0)(64bit)
• libgcc_s.so.1(GCC_3.3)(64bit)
• libgcc_s.so.1(GCC_4.2.0)(64bit)
• libicui18n.so.73()(64bit)
• libicuuc.so.73()(64bit)
• libm.so.6()(64bit)
• libm.so.6(GLIBC_2.2.5)(64bit)
• libm.so.6(GLIBC_2.29)(64bit)
• libreadline.so.8()(64bit)
• libstdc++.so.6()(64bit)
• libstdc++.so.6(CXXABI_1.3)(64bit)
• libstdc++.so.6(GLIBCXX_3.4)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.11)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.14)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.15)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.18)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.20)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.21)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.32)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.9)(64bit)
• libz.so.1()(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1

License

MPL-2.0

Changelog

* Mon Sep 30 2024 qzhao@suse.com
  - Add mozjs115-CVE-2024-45492.patch:
    Backporting 9bf0f2c1 from libexpat upstream, Detect integer
    overflow in function nextScaffoldPart.
    (CVE-2024-45492, bsc#1230038)
* Mon Sep 30 2024 qzhao@suse.com
  - Add mozjs115-CVE-2024-45491.patch:
    Backporting 8e439a99 from libexpat upstream, Detect integer
    overflow in dtdCopy.
    (CVE-2024-45491, bsc#1230037)
* Mon Sep 30 2024 qzhao@suse.com
  - Add mozjs115-CVE-2024-45490-part01-5c1a3164.patch:
    Backporting 5c1a3164 from libexpat upstream, Reject negative len
    for XML_ParseBuffer.
    CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat
    sources; c12f039b for libexpat tests; 2db23301 for libexpat docs;
    Because mozjs only embeds libexpat sources, so unnecessary to
    port prart02 and part03.
    (CVE-2024-45490, bsc#1230036)
* Thu Apr 04 2024 dimstar@opensuse.org
  - Properly tag patches.
* Thu Dec 07 2023 yfjiang@suse.com
  - mozjs115 requires gcc >= 8.1, icu >= 73.1. Specify them in spec.
* Wed Dec 06 2023 yfjiang@suse.com
  - Update icu data file name in spec to build in big endian machine.
* Tue Nov 28 2023 dimstar@opensuse.org
  - Use %patch -p N instead of deprecated %patchN.
* Thu Nov 09 2023 bjorn.lie@gmail.com
  - Update to version 115.4.0:
    + Various security fixes and other quality improvements.
    + CVE-2023-5721: Queued up rendering could have allowed websites
      to clickjack
    + CVE-2023-5732: Address bar spoofing via bidirectional
      characters
    + CVE-2023-5724: Large WebGL draw could have led to a crash
    + CVE-2023-5725: WebExtensions could open arbitrary URLs
    + CVE-2023-5726: Full screen notification obscured by file open
      dialog on macOS
    + CVE-2023-5727: Download Protections were bypassed by .msix,
      .msixbundle, .appx, and .appxbundle files on Windows
    + CVE-2023-5728: Improper object tracking during GC in the
      JavaScript engine could have led to a crash
    + CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox
      ESR 115.4, and Thunderbird 115.4.1
* Sun Oct 01 2023 bjorn.lie@gmail.com
  - Update to version 115.3.1:
    + Security fix: CVE-2023-5217: Heap buffer overflow in libvpx.
  - Changes from version 115.3.0:
    + Various security fixes and other quality improvements.
    + CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1
    + CVE-2023-5169: Out-of-bounds write in PathOps
    + CVE-2023-5171: Use-after-free in Ion Compiler
    + CVE-2023-5174: Double-free in process spawning on Windows
    + CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox
      ESR 115.3, and Thunderbird 115.3
* Mon Sep 25 2023 bjorn.lie@gmail.com
  - Update to version 115.2.1:
    + Security fix: CVE-2023-4863: Heap buffer overflow in libwebp.
* Tue Sep 05 2023 bjorn.lie@gmail.com
  - Update to version 115.2.0:
    + Various security fixes and other quality improvements.
    + CVE-2023-4573: Memory corruption in IPC CanvasTranslator
    + CVE-2023-4574: Memory corruption in IPC
      ColorPickerShownCallback
    + CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
    + CVE-2023-4576: Integer Overflow in
      RecordedSourceSurfaceCreation
    + CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics
    + CVE-2023-4051: Full screen notification obscured by file open
      dialog
    + CVE-2023-4578: Error reporting methods in SpiderMonkey could
      have triggered an Out of Memory Exception
    + CVE-2023-4053: Full screen notification obscured by external
      program
    + CVE-2023-4580: Push notifications saved to disk unencrypted
    + CVE-2023-4581: XLL file extensions were downloadable without
      warnings
    + CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv
    + CVE-2023-4583: Browsing Context potentially not cleared when
      closing Private Window
    + CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox
      ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and
      Thunderbird 115.2
    + CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox
      ESR 115.2, and Thunderbird 115.2
* Fri Aug 11 2023 bjorn.lie@gmail.com
  - Initial packaging for openSUSE, based on mozjs102.

Files

/usr/bin/js115
/usr/share/doc/packages/mozjs115
/usr/share/doc/packages/mozjs115/README.html

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 12 00:02:43 2024