Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package nodejs-electron for openSUSE:Factory
checked in at 2023-12-02 17:13:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nodejs-electron (Old)
and /work/SRC/openSUSE:Factory/.nodejs-electron.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs-electron"
Sat Dec 2 17:13:09 2023 rev:92 rq:1130366 version:27.1.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/nodejs-electron/nodejs-electron.changes
2023-11-24 23:34:33.734924248 +0100
+++
/work/SRC/openSUSE:Factory/.nodejs-electron.new.25432/nodejs-electron.changes
2023-12-02 17:13:36.434302732 +0100
@@ -1,0 +2,11 @@
+Sat Dec 2 00:25:12 UTC 2023 - Bruno Pitrus <brunopit...@hotmail.com>
+
+- New upstream release 27.1.3
+ * Chromium 118.0.5993.159
+ * Fix integer overflow in Skia (CVE-2023-6345)
+ * Fix use after free in WebAudio (CVE-2023-6346)
+ * Fix use after free in Mojo (CVE-2023-6347)
+ * [Leap and Fedora only] Fix use after free in avif (CVE-2023-6350
bsc#1217614)
+- Hide more private symbols in trap-handler (v8-hide-private-symbols.patch)
+
+-------------------------------------------------------------------
Old:
----
electron-27.1.2.tar.zst
New:
----
electron-27.1.3.tar.zst
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nodejs-electron.spec ++++++
--- /var/tmp/diff_new_pack.pbZvtr/_old 2023-12-02 17:13:42.622529507 +0100
+++ /var/tmp/diff_new_pack.pbZvtr/_new 2023-12-02 17:13:42.622529507 +0100
@@ -240,7 +240,7 @@
Name: nodejs-electron
-Version: 27.1.2
+Version: 27.1.3
Release: 0
Summary: Build cross platform desktop apps with JavaScript, HTML, and
CSS
License: AFL-2.0 AND Apache-2.0 AND blessing AND BSD-2-Clause AND
BSD-3-Clause AND BSD-Protection AND BSD-Source-Code AND bzip2-1.0.6 AND IJG AND
ISC AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND MIT AND MIT-CMU AND
MIT-open-group AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) AND
MPL-2.0 AND OpenSSL AND SGI-B-2.0 AND SUSE-Public-Domain AND X11
++++++ create_tarball.sh ++++++
--- /var/tmp/diff_new_pack.pbZvtr/_old 2023-12-02 17:13:42.762534638 +0100
+++ /var/tmp/diff_new_pack.pbZvtr/_new 2023-12-02 17:13:42.766534784 +0100
@@ -260,7 +260,6 @@
third_party/omnibox_proto #integral part of chrome
third_party/one_euro_filter #not in any distro
third_party/openscreen #Integral part of chrome, needed even if you're
building without.
- third_party/openscreen/src/third_party/mozilla #derived code, not vendored
dependency
third_party/openscreen/src/third_party/tinycbor #not in any distro
third_party/ots #not available as a shared library. Fedora has the cli
version as opentype-sanitizer
#we don't build pdf support, removing it from tarball to save space
++++++ v8-hide-private-symbols.patch ++++++
--- /var/tmp/diff_new_pack.pbZvtr/_old 2023-12-02 17:13:42.982542700 +0100
+++ /var/tmp/diff_new_pack.pbZvtr/_new 2023-12-02 17:13:42.986542846 +0100
@@ -23,3 +23,22 @@
#define V8_EXPORT_PRIVATE
#define V8_EXPORT_ENUM
+
+This should also be hidden, see https://github.com/electron/electron/pull/40624
+--- src/v8/src/trap-handler/trap-handler.h.orig 2023-11-22
21:11:42.771625500 +0100
++++ src/v8/src/trap-handler/trap-handler.h 2023-11-30 20:57:23.411956500
+0100
+@@ -54,11 +54,11 @@ namespace trap_handler {
+ #if defined(BUILDING_V8_SHARED) && defined(V8_OS_WIN)
+ #define TH_EXPORT_PRIVATE __declspec(dllexport)
+ #elif defined(BUILDING_V8_SHARED)
+-#define TH_EXPORT_PRIVATE __attribute__((visibility("default")))
++#define TH_EXPORT_PRIVATE __attribute__((visibility("hidden")))
+ #elif defined(USING_V8_SHARED) && defined(V8_OS_WIN)
+ #define TH_EXPORT_PRIVATE __declspec(dllimport)
+ #else
+-#define TH_EXPORT_PRIVATE
++#define TH_EXPORT_PRIVATE __attribute__((visibility("hidden")))
+ #endif
+
+ #define TH_CHECK(condition) \
+
