Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nodejs-electron for openSUSE:Factory checked in at 2023-12-02 17:13:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nodejs-electron (Old) and /work/SRC/openSUSE:Factory/.nodejs-electron.new.25432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs-electron" Sat Dec 2 17:13:09 2023 rev:92 rq:1130366 version:27.1.3 Changes: -------- --- /work/SRC/openSUSE:Factory/nodejs-electron/nodejs-electron.changes 2023-11-24 23:34:33.734924248 +0100 +++ /work/SRC/openSUSE:Factory/.nodejs-electron.new.25432/nodejs-electron.changes 2023-12-02 17:13:36.434302732 +0100 @@ -1,0 +2,11 @@ +Sat Dec 2 00:25:12 UTC 2023 - Bruno Pitrus <brunopit...@hotmail.com> + +- New upstream release 27.1.3 + * Chromium 118.0.5993.159 + * Fix integer overflow in Skia (CVE-2023-6345) + * Fix use after free in WebAudio (CVE-2023-6346) + * Fix use after free in Mojo (CVE-2023-6347) + * [Leap and Fedora only] Fix use after free in avif (CVE-2023-6350 bsc#1217614) +- Hide more private symbols in trap-handler (v8-hide-private-symbols.patch) + +------------------------------------------------------------------- Old: ---- electron-27.1.2.tar.zst New: ---- electron-27.1.3.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nodejs-electron.spec ++++++ --- /var/tmp/diff_new_pack.pbZvtr/_old 2023-12-02 17:13:42.622529507 +0100 +++ /var/tmp/diff_new_pack.pbZvtr/_new 2023-12-02 17:13:42.622529507 +0100 @@ -240,7 +240,7 @@ Name: nodejs-electron -Version: 27.1.2 +Version: 27.1.3 Release: 0 Summary: Build cross platform desktop apps with JavaScript, HTML, and CSS License: AFL-2.0 AND Apache-2.0 AND blessing AND BSD-2-Clause AND BSD-3-Clause AND BSD-Protection AND BSD-Source-Code AND bzip2-1.0.6 AND IJG AND ISC AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND MIT AND MIT-CMU AND MIT-open-group AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) AND MPL-2.0 AND OpenSSL AND SGI-B-2.0 AND SUSE-Public-Domain AND X11 ++++++ create_tarball.sh ++++++ --- /var/tmp/diff_new_pack.pbZvtr/_old 2023-12-02 17:13:42.762534638 +0100 +++ /var/tmp/diff_new_pack.pbZvtr/_new 2023-12-02 17:13:42.766534784 +0100 @@ -260,7 +260,6 @@ third_party/omnibox_proto #integral part of chrome third_party/one_euro_filter #not in any distro third_party/openscreen #Integral part of chrome, needed even if you're building without. - third_party/openscreen/src/third_party/mozilla #derived code, not vendored dependency third_party/openscreen/src/third_party/tinycbor #not in any distro third_party/ots #not available as a shared library. Fedora has the cli version as opentype-sanitizer #we don't build pdf support, removing it from tarball to save space ++++++ v8-hide-private-symbols.patch ++++++ --- /var/tmp/diff_new_pack.pbZvtr/_old 2023-12-02 17:13:42.982542700 +0100 +++ /var/tmp/diff_new_pack.pbZvtr/_new 2023-12-02 17:13:42.986542846 +0100 @@ -23,3 +23,22 @@ #define V8_EXPORT_PRIVATE #define V8_EXPORT_ENUM + +This should also be hidden, see https://github.com/electron/electron/pull/40624 +--- src/v8/src/trap-handler/trap-handler.h.orig 2023-11-22 21:11:42.771625500 +0100 ++++ src/v8/src/trap-handler/trap-handler.h 2023-11-30 20:57:23.411956500 +0100 +@@ -54,11 +54,11 @@ namespace trap_handler { + #if defined(BUILDING_V8_SHARED) && defined(V8_OS_WIN) + #define TH_EXPORT_PRIVATE __declspec(dllexport) + #elif defined(BUILDING_V8_SHARED) +-#define TH_EXPORT_PRIVATE __attribute__((visibility("default"))) ++#define TH_EXPORT_PRIVATE __attribute__((visibility("hidden"))) + #elif defined(USING_V8_SHARED) && defined(V8_OS_WIN) + #define TH_EXPORT_PRIVATE __declspec(dllimport) + #else +-#define TH_EXPORT_PRIVATE ++#define TH_EXPORT_PRIVATE __attribute__((visibility("hidden"))) + #endif + + #define TH_CHECK(condition) \ +