[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1052283: marked as done (bookworm-pu: package mozjs102/102.15.1-1~deb12u1)

Your message dated Sat, 07 Oct 2023 09:59:42 +0000
with message-id <E1qp462-00A4Hf-M0@coccia.debian.org>
and subject line Released with 12.2
has caused the Debian Bug report #1052283,
regarding bookworm-pu: package mozjs102/102.15.1-1~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1052283: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052283
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Control: affects -1 + src:mozjs102
X-Debbugs-Cc: mozjs102@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: bookworm

[ Reason ]
mozjs is the SpiderMonkey JavaScript engine from Firefox (ESR).
Firefox 102 ESR receives monthly security updates until its end of
life September 26. In this case, the final expected 102 ESR release
was September 19.

The Debian Security Team does not handle security updates for mozjs;
they go through the normal stable update process.

[ Impact ]
mozjs powers gjs which is used by GNOME Shell and some GNOME apps.
Outside Debian proper, Linux Mint Debian Edition probably also has
their cjs package using Debian's mozjs102 package, where cjs is a
light fork of gjs for the Cinnamon desktop.

If this upload isn't accepted, known security bugs would be unfixed,
although it is unclear their impact on the Desktop outside of the web
browser context.

[ Tests ]
mozjs does have its own automated test suite and most of the tests are
run and would fail the build if they fail.

Additionally, I have successfully completed the test cases at
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
after first successfully building for amd64 in my bookworm chroot.

[ Risks ]
I have helped do these mozjs security updates for Ubuntu 22.04 LTS and
newer. Mozilla is only including security fixes, not feature updates
or changes in this update.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
debian/upstream/signing-key.asc was updated so that uscan would
correctly import the new version because the old key has expired since
the last mozjs102 update for Bookworm. The keys are rotated every 2
years.

https://blog.mozilla.org/security/2023/05/11/updated-gpg-key-for-signing-firefox-releases/

debian/gbp.conf was updated to point to the Bookworm branch for the
Debian packaging.

Compared to Debian Unstable, the changelog entries were compressed
into a single paragraph. There were no other debian/ changes.

[ Other info ]
A git log of changes can be found at
https://github.com/mozilla/gecko-dev/commits/esr102/js for changes
since the beginning of May. (Mozilla actually uses mercurial instead
of git but this mirror is helpful).

https://whattrainisitnow.com/calendar/ < click at the bottom of the
page to toggle past release dates

https://www.mozilla.org/security/advisories/

Thank you,
Jeremy Bícha

Attachment: mozjs102-102.15.debdiff
Description: Binary data


--- End Message ---
--- Begin Message --- 
Version: 12.2

The upload requested in this bug has been released as part of 12.2.

--- End Message ---
Reply to: