| 2022-10-17 21:31:54 |
Jeremy Bícha |
bug |
|
|
added bug |
| 2022-10-17 21:32:48 |
Jeremy Bícha |
summary |
Update gjs to 1.74 using mozjs102 102.3 |
[jammy] Update gjs to 1.74 using mozjs102 102.3 |
|
| 2022-10-17 21:33:00 |
Jeremy Bícha |
bug task added |
|
mozjs102 (Ubuntu) |
|
| 2022-10-17 21:36:02 |
Jeremy Bícha |
description |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Prerequisite
------------
We need to get mozjs102 on the i386 whitelist for Ubuntu 22.04 LTS |
|
| 2022-10-18 12:47:54 |
Jeremy Bícha |
description |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Prerequisite
------------
We need to get mozjs102 on the i386 whitelist for Ubuntu 22.04 LTS |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Prerequisite
------------
We need to get mozjs102 on the i386 whitelist for Ubuntu 22.04 LTS
Security Sponsoring
-------------------
sudo apt install git-buildpackage
gbp clone https://salsa.debian.org/gnome-team/gjs
cd gjs
git checkout ubuntu/jammy
gbp buildpackage --git-builder="debuild -S -nc"
mkdir -p tarballs; cd tarballs
pull-lp-source mozjs102 kinetic
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while. |
|
| 2022-10-18 12:58:59 |
Jeremy Bícha |
description |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Prerequisite
------------
We need to get mozjs102 on the i386 whitelist for Ubuntu 22.04 LTS
Security Sponsoring
-------------------
sudo apt install git-buildpackage
gbp clone https://salsa.debian.org/gnome-team/gjs
cd gjs
git checkout ubuntu/jammy
gbp buildpackage --git-builder="debuild -S -nc"
mkdir -p tarballs; cd tarballs
pull-lp-source mozjs102 kinetic
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while. |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/
for Firefox ESR releases since Ubuntu's 91.10
and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE issued) mentioned at
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Prerequisite
------------
We need to get mozjs102 on the i386 whitelist for Ubuntu 22.04 LTS
Security Sponsoring
-------------------
sudo apt install git-buildpackage
gbp clone https://salsa.debian.org/gnome-team/gjs
cd gjs
git checkout ubuntu/jammy
gbp buildpackage --git-builder="debuild -S -nc"
mkdir -p tarballs; cd tarballs
pull-lp-source mozjs102 kinetic
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
Initial Testing Done
--------------------
I built the packages in my PPA.
Only issue is that mozjs102 was not built for i386 but it's needed.
I installed the packages on Ubuntu 22.04 LTS and successfully completed the Test Case. |
|
| 2022-10-18 17:32:22 |
Jeremy Bícha |
description |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/
for Firefox ESR releases since Ubuntu's 91.10
and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE issued) mentioned at
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Prerequisite
------------
We need to get mozjs102 on the i386 whitelist for Ubuntu 22.04 LTS
Security Sponsoring
-------------------
sudo apt install git-buildpackage
gbp clone https://salsa.debian.org/gnome-team/gjs
cd gjs
git checkout ubuntu/jammy
gbp buildpackage --git-builder="debuild -S -nc"
mkdir -p tarballs; cd tarballs
pull-lp-source mozjs102 kinetic
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
Initial Testing Done
--------------------
I built the packages in my PPA.
Only issue is that mozjs102 was not built for i386 but it's needed.
I installed the packages on Ubuntu 22.04 LTS and successfully completed the Test Case. |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Updating mozjs in stable Ubuntu releases was recommended when Ubuntu first switched back to GNOME, but this is the first time it's been done.
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/
for Firefox ESR releases since Ubuntu's 91.10
and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE issued) mentioned at
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Prerequisite
------------
We need to get mozjs102 on the i386 whitelist for Ubuntu 22.04 LTS
Security Sponsoring
-------------------
sudo apt install git-buildpackage
gbp clone https://salsa.debian.org/gnome-team/gjs
cd gjs
git checkout ubuntu/jammy
gbp buildpackage --git-builder="debuild -S -nc"
mkdir -p tarballs; cd tarballs
pull-lp-source mozjs102 kinetic
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
Initial Testing Done
--------------------
I built the packages in my PPA.
Only issue is that mozjs102 was not built for i386 but it's needed.
I installed the packages on Ubuntu 22.04 LTS and successfully completed the Test Case. |
|
| 2022-10-18 17:50:03 |
Jeremy Bícha |
description |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Updating mozjs in stable Ubuntu releases was recommended when Ubuntu first switched back to GNOME, but this is the first time it's been done.
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/
for Firefox ESR releases since Ubuntu's 91.10
and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE issued) mentioned at
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Prerequisite
------------
We need to get mozjs102 on the i386 whitelist for Ubuntu 22.04 LTS
Security Sponsoring
-------------------
sudo apt install git-buildpackage
gbp clone https://salsa.debian.org/gnome-team/gjs
cd gjs
git checkout ubuntu/jammy
gbp buildpackage --git-builder="debuild -S -nc"
mkdir -p tarballs; cd tarballs
pull-lp-source mozjs102 kinetic
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
Initial Testing Done
--------------------
I built the packages in my PPA.
Only issue is that mozjs102 was not built for i386 but it's needed.
I installed the packages on Ubuntu 22.04 LTS and successfully completed the Test Case. |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Updating mozjs in stable Ubuntu releases was recommended when Ubuntu first switched back to GNOME, but this is the first time it's been done.
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/
for Firefox ESR releases since Ubuntu's 91.10
and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE issued) mentioned at
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Security Sponsoring
-------------------
sudo apt install git-buildpackage
gbp clone https://salsa.debian.org/gnome-team/gjs
cd gjs
git checkout ubuntu/jammy
gbp buildpackage --git-builder="debuild -S -nc"
mkdir -p tarballs; cd tarballs
pull-lp-source mozjs102 kinetic
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
Initial Testing Done
--------------------
I built the packages in my PPA.
I installed the packages on Ubuntu 22.04 LTS and successfully completed the Test Case. |
|
| 2022-10-18 17:50:43 |
Jeremy Bícha |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
| 2022-10-18 17:50:45 |
Jeremy Bícha |
mozjs102 (Ubuntu): status |
New |
Confirmed |
|
| 2022-10-18 17:50:48 |
Jeremy Bícha |
gjs (Ubuntu): status |
New |
Confirmed |
|
| 2022-12-05 15:12:34 |
Jeremy Bícha |
description |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Updating mozjs in stable Ubuntu releases was recommended when Ubuntu first switched back to GNOME, but this is the first time it's been done.
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/
for Firefox ESR releases since Ubuntu's 91.10
and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE issued) mentioned at
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Security Sponsoring
-------------------
sudo apt install git-buildpackage
gbp clone https://salsa.debian.org/gnome-team/gjs
cd gjs
git checkout ubuntu/jammy
gbp buildpackage --git-builder="debuild -S -nc"
mkdir -p tarballs; cd tarballs
pull-lp-source mozjs102 kinetic
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
Initial Testing Done
--------------------
I built the packages in my PPA.
I installed the packages on Ubuntu 22.04 LTS and successfully completed the Test Case. |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Updating mozjs in stable Ubuntu releases was recommended when Ubuntu first switched back to GNOME, but this is the first time it's been done.
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/
for Firefox ESR releases since Ubuntu's 91.10
and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE issued) mentioned at
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Security Sponsoring
-------------------
sudo apt install git-buildpackage
gbp clone https://salsa.debian.org/gnome-team/gjs
cd gjs
git checkout ubuntu/jammy
gbp buildpackage --git-builder="debuild -S -nc"
mkdir ../tarballs; cd ../tarballs
pull-lp-source mozjs102 kinetic
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
Initial Testing Done
--------------------
I built the packages in my PPA.
I installed the packages on Ubuntu 22.04 LTS and successfully completed the Test Case. |
|
| 2022-12-05 21:25:08 |
Simon Déziel |
bug |
|
|
added subscriber Simon Déziel |
| 2022-12-12 14:13:10 |
Marc Deslauriers |
cve linked |
|
2022-42928 |
|
| 2022-12-12 14:13:10 |
Marc Deslauriers |
cve linked |
|
2022-45406 |
|
| 2022-12-12 14:13:10 |
Marc Deslauriers |
cve linked |
|
2022-45409 |
|
| 2023-01-14 00:01:40 |
Steve Langasek |
mozjs102 (Ubuntu Jammy): status |
New |
Fix Committed |
|
| 2023-01-14 00:01:41 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2023-01-14 00:01:43 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
| 2023-01-14 00:01:47 |
Steve Langasek |
tags |
jammy upgrade-software-version |
jammy upgrade-software-version verification-needed verification-needed-jammy |
|
| 2023-01-14 00:20:32 |
Steve Langasek |
gjs (Ubuntu Jammy): status |
New |
Fix Committed |
|
| 2023-01-14 00:56:13 |
Steve Langasek |
mozjs102 (Ubuntu Kinetic): status |
New |
Fix Committed |
|
| 2023-01-14 00:56:19 |
Steve Langasek |
tags |
jammy upgrade-software-version verification-needed verification-needed-jammy |
jammy upgrade-software-version verification-needed verification-needed-jammy verification-needed-kinetic |
|
| 2023-01-14 01:06:04 |
Jeremy Bícha |
mozjs102 (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2023-01-14 01:06:06 |
Jeremy Bícha |
gjs (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2023-01-23 15:28:56 |
Jeremy Bícha |
tags |
jammy upgrade-software-version verification-needed verification-needed-jammy verification-needed-kinetic |
jammy upgrade-software-version verification-done verification-done-jammy verification-done-kinetic |
|
| 2023-01-24 02:32:44 |
Daniel van Vugt |
tags |
jammy upgrade-software-version verification-done verification-done-jammy verification-done-kinetic |
jammy upgrade-software-version verification-done-kinetic verification-needed verification-needed-jammy |
|
| 2023-01-24 02:35:18 |
Daniel van Vugt |
bug |
|
|
added subscriber Daniel van Vugt |
| 2023-04-13 12:59:38 |
Andreas Hasenack |
tags |
jammy upgrade-software-version verification-done-kinetic verification-needed verification-needed-jammy |
block-proposed-jammy jammy upgrade-software-version verification-done-kinetic verification-needed verification-needed-jammy |
|
| 2023-04-13 13:00:00 |
Andreas Hasenack |
tags |
block-proposed-jammy jammy upgrade-software-version verification-done-kinetic verification-needed verification-needed-jammy |
block-proposed-jammy block-proposed-kinetic jammy upgrade-software-version verification-done-kinetic verification-needed verification-needed-jammy |
|
| 2023-04-13 14:11:45 |
Jeremy Bícha |
tags |
block-proposed-jammy block-proposed-kinetic jammy upgrade-software-version verification-done-kinetic verification-needed verification-needed-jammy |
block-proposed-jammy jammy upgrade-software-version verification-done-kinetic verification-needed verification-needed-jammy |
|
| 2023-04-24 06:41:54 |
Roman Shipovskij |
bug |
|
|
added subscriber Roman Shipovskij |
| 2023-05-03 16:57:48 |
Steve Langasek |
tags |
block-proposed-jammy jammy upgrade-software-version verification-done-kinetic verification-needed verification-needed-jammy |
block-proposed-jammy jammy upgrade-software-version verification-done-kinetic verification-needed |
|
| 2023-05-03 16:57:52 |
Steve Langasek |
gjs (Ubuntu Jammy): status |
Fix Committed |
Confirmed |
|
| 2023-05-03 16:57:54 |
Steve Langasek |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2023-05-03 16:57:55 |
Steve Langasek |
removed subscriber SRU Verification |
|
|
|
| 2023-05-03 16:57:56 |
Steve Langasek |
tags |
block-proposed-jammy jammy upgrade-software-version verification-done-kinetic verification-needed |
block-proposed-jammy jammy upgrade-software-version verification-done-kinetic |
|
| 2023-05-27 00:03:08 |
Steve Langasek |
gjs (Ubuntu Jammy): status |
Confirmed |
Incomplete |
|
| 2023-05-30 15:13:38 |
Jeremy Bícha |
bug task deleted |
mozjs102 (Ubuntu) |
|
|
| 2023-05-30 15:13:42 |
Jeremy Bícha |
bug task deleted |
mozjs102 (Ubuntu Jammy) |
|
|
| 2023-05-30 15:13:47 |
Jeremy Bícha |
bug task deleted |
mozjs102 (Ubuntu Kinetic) |
|
|
| 2023-05-30 15:13:58 |
Jeremy Bícha |
summary |
[jammy] Update gjs to 1.74 using mozjs102 102.3 |
[jammy] Update gjs to 1.74 using mozjs102 |
|
| 2023-05-30 15:15:15 |
Jeremy Bícha |
description |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Updating mozjs in stable Ubuntu releases was recommended when Ubuntu first switched back to GNOME, but this is the first time it's been done.
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/
for Firefox ESR releases since Ubuntu's 91.10
and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE issued) mentioned at
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Security Sponsoring
-------------------
sudo apt install git-buildpackage
gbp clone https://salsa.debian.org/gnome-team/gjs
cd gjs
git checkout ubuntu/jammy
gbp buildpackage --git-builder="debuild -S -nc"
mkdir ../tarballs; cd ../tarballs
pull-lp-source mozjs102 kinetic
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
Initial Testing Done
--------------------
I built the packages in my PPA.
I installed the packages on Ubuntu 22.04 LTS and successfully completed the Test Case. |
Impact
------
GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 ESR series for security updates for the next year.
This requires updating gjs from 1.72 to 1.74 from GNOME 43, as packaged in Ubuntu 22.10.
This will be done as a Security Update.
Updating mozjs in stable Ubuntu releases was recommended when Ubuntu first switched back to GNOME, but this is the first time it's been done.
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/
for Firefox ESR releases since Ubuntu's 91.10
and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE issued) mentioned at
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
Uploaded Packages
-----------------
We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being careful to publish it in main, not universe.
And we'll update gjs.
No other packages need to be updated for this change.
mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are generally not possible), but nothing else in Ubuntu uses it.
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Security Sponsoring
-------------------
sudo apt install git-buildpackage
gbp clone https://salsa.debian.org/gnome-team/gjs
cd gjs
git checkout ubuntu/jammy
gbp buildpackage --git-builder="debuild -S -nc"
Initial Testing Done
--------------------
I built the packages in my PPA.
I installed the packages on Ubuntu 22.04 LTS and successfully completed the Test Case. |
|
| 2023-06-09 14:11:54 |
Jeremy Bícha |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
| 2023-07-04 12:53:16 |
Marco Trevisan (Treviño) |
tags |
block-proposed-jammy jammy upgrade-software-version verification-done-kinetic |
jammy upgrade-software-version verification-done-kinetic |
|
