[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1033019: marked as done (unblock: mozjs102/102.9.0-1)

Your message dated Thu, 23 Mar 2023 17:50:30 +0100
with message-id <85f3595d-3eae-1e35-a7cf-a09d5fc7ada3@debian.org>
and subject line Re: Bug#1033019: unblock: mozjs102/102.9.0-1
has caused the Debian Bug report #1033019,
regarding unblock: mozjs102/102.9.0-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1033019: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033019
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Control: affects -1 + src:mozjs102
X-Debbugs-Cc: mozjs102@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package mozjs102

[ Reason ]
The new mozjs102 stable point release includes a security fix, CVE-2023-25751

[ Impact ]
mozjs102 is only used by gjs which in turn is used by GNOME Shell and
several GNOME apps written in JavaScript.

[ Tests ]
The build tests have passed successfully and the gjs autopkgtests
triggered by this upload have passed too. (mozjs102 itself
does not have autopkgtests yet).

I also completed the manual test cases from
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
on Debian Testing.

[ Risks ]

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
mozjs102 is the SpiderMonkey JavaScript engine from the current
Firefox ESR stable branch. There are monthly releases until August.

https://wiki.mozilla.org/Release_Management/Calendar

I am unaware of anyone using Firefox vulnerabilities to attack GNOME
Shell, but I think it's good to be prudent and apply available
security updates. I don't think the Debian Security Team has done
security uploads for mozjs*, in part because Mozilla's lifecycle is so
short that it's difficult for an upstream supported mozjs to be in a
Debian stable release.

For more info about the commits, see the Github mirror:
https://github.com/mozilla/gecko-dev/commits/esr102/js

unblock mozjs102/102.9.0-1

Thank you,
Jeremy Bicha

diff -Nru mozjs102-102.8.0/config/milestone.txt mozjs102-102.9.0/config/milestone.txt
--- mozjs102-102.8.0/config/milestone.txt	2023-02-15 10:26:31.000000000 +0000
+++ mozjs102-102.9.0/config/milestone.txt	2023-03-13 14:54:55.000000000 +0000
@@ -10,4 +10,4 @@
 # hardcoded milestones in the tree from these two files.
 #--------------------------------------------------------
 
-102.8.0
+102.9.0
diff -Nru mozjs102-102.8.0/debian/changelog mozjs102-102.9.0/debian/changelog
--- mozjs102-102.8.0/debian/changelog	2023-02-15 13:57:21.000000000 +0000
+++ mozjs102-102.9.0/debian/changelog	2023-03-13 15:03:53.000000000 +0000
@@ -1,3 +1,15 @@
+mozjs102 (102.9.0-1) unstable; urgency=high
+
+  [ Jeremy Bicha ]
+  * New upstream release
+    - CVE-2023-25751: Incorrect code generation during JIT compilation
+
+  [ John Paul Adrian Glaubitz ]
+  * Disable large-arraybuffers/base.js on all big-endian targets
+    (Closes: #1020700)
+
+ -- Jeremy Bicha <jbicha@ubuntu.com>  Mon, 13 Mar 2023 11:03:53 -0400
+
 mozjs102 (102.8.0-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru mozjs102-102.8.0/debian/rules mozjs102-102.9.0/debian/rules
--- mozjs102-102.8.0/debian/rules	2023-02-15 13:57:21.000000000 +0000
+++ mozjs102-102.9.0/debian/rules	2023-03-13 15:03:53.000000000 +0000
@@ -75,7 +75,7 @@
 endif
 
 # See: https://bugzilla.mozilla.org/show_bug.cgi?id=1755540
-ifneq (,$(findstring $(DEB_BUILD_ARCH),s390x))
+ifneq (,$(findstring $(DEB_BUILD_ARCH),powerpc ppc64 sparc64 s390x))
 	EXCLUDED_TESTS += large-arraybuffers/basic.js
 endif
 
diff -Nru mozjs102-102.8.0/js/src/devtools/automation/autospider.py mozjs102-102.9.0/js/src/devtools/automation/autospider.py
--- mozjs102-102.8.0/js/src/devtools/automation/autospider.py	2023-02-15 10:26:31.000000000 +0000
+++ mozjs102-102.9.0/js/src/devtools/automation/autospider.py	2023-03-13 14:54:55.000000000 +0000
@@ -8,15 +8,12 @@
 import json
 import logging
 import multiprocessing
-import re
 import os
 import platform
-import posixpath
 import shlex
 import shutil
 import subprocess
 import sys
-
 from collections import Counter, namedtuple
 from logging import info
 from os import environ as env
@@ -52,9 +49,6 @@
 # paths. So for direct subprocess.* invocation, use normal paths from
 # DIR, but when running under the shell, use POSIX style paths.
 DIR = directories(os.path, os.getcwd())
-PDIR = directories(
-    posixpath, os.environ["PWD"], fixup=lambda s: re.sub(r"^(\w):", r"/\1", s)
-)
 
 AUTOMATION = env.get("AUTOMATION", False)
 
@@ -95,8 +89,8 @@
     "--objdir",
     type=str,
     metavar="DIR",
-    # The real default must be set later so that OBJDIR and POBJDIR can be
-    # platform-dependent strings.
+    # The real default must be set later so that OBJDIR can be
+    # relative to the srcdir.
     default=env.get("OBJDIR"),
     help="object directory",
 )
@@ -185,8 +179,6 @@
 OBJDIR = args.objdir or os.path.join(DIR.source, "obj-spider")
 OBJDIR = os.path.abspath(OBJDIR)
 OUTDIR = os.path.join(OBJDIR, "out")
-POBJDIR = args.objdir or posixpath.join(PDIR.source, "obj-spider")
-POBJDIR = posixpath.abspath(POBJDIR)
 MAKE = env.get("MAKE", "make")
 PYTHON = sys.executable
 
@@ -466,7 +458,7 @@
 
 env["MOZCONFIG"] = mozconfig
 
-mach = posixpath.join(PDIR.source, "mach")
+mach = os.path.join(DIR.source, "mach")
 
 if not args.nobuild:
     # Do the build
diff -Nru mozjs102-102.8.0/js/src/jit/CacheIR.cpp mozjs102-102.9.0/js/src/jit/CacheIR.cpp
--- mozjs102-102.8.0/js/src/jit/CacheIR.cpp	2023-02-15 10:26:32.000000000 +0000
+++ mozjs102-102.9.0/js/src/jit/CacheIR.cpp	2023-03-13 14:54:55.000000000 +0000
@@ -969,6 +969,10 @@
     return false;
   }
 
+  if (obj->is<NativeObject>() && obj->as<NativeObject>().numFixedSlots() == 0) {
+    return false;
+  }
+
   // Tell the analysis the |DOMInstanceClassHasProtoAtDepth| hook can't GC.
   JS::AutoSuppressGCAnalysis nogc;
 
diff -Nru mozjs102-102.8.0/js/src/jit/CodeGenerator.cpp mozjs102-102.9.0/js/src/jit/CodeGenerator.cpp
--- mozjs102-102.8.0/js/src/jit/CodeGenerator.cpp	2023-02-15 10:26:32.000000000 +0000
+++ mozjs102-102.9.0/js/src/jit/CodeGenerator.cpp	2023-03-13 14:54:55.000000000 +0000
@@ -357,6 +357,7 @@
   // when returning from the call.  Failures are handled with exceptions based
   // on the return value of the C functions.  To guard the outcome of the
   // returned value, use another LIR instruction.
+  ensureOsiSpace();
   uint32_t callOffset = masm.callJit(code);
   markSafepointAt(callOffset, ins);
 
@@ -5120,6 +5121,7 @@
       native = jitInfo->ignoresReturnValueMethod;
     }
   }
+  ensureOsiSpace();
   masm.callWithABI(DynamicFunction<JSNative>(native), MoveOp::GENERAL,
                    CheckUnsafeCallWithABI::DontCheckHasExitFrame);
 
@@ -5281,6 +5283,7 @@
   masm.passABIArg(argObj);
   masm.passABIArg(argPrivate);
   masm.passABIArg(argArgs);
+  ensureOsiSpace();
   masm.callWithABI(DynamicFunction<JSJitMethodOp>(target->jitInfo()->method),
                    MoveOp::GENERAL,
                    CheckUnsafeCallWithABI::DontCheckHasExitFrame);
@@ -5436,6 +5439,7 @@
 
   // Finally call the function in objreg.
   masm.bind(&makeCall);
+  ensureOsiSpace();
   uint32_t callOffset = masm.callJit(objreg);
   markSafepointAt(callOffset, call);
 
@@ -5522,6 +5526,7 @@
   masm.Push(Imm32(descriptor));
 
   // Finally call the function in objreg.
+  ensureOsiSpace();
   uint32_t callOffset = masm.callJit(objreg);
   markSafepointAt(callOffset, call);
 
@@ -6058,6 +6063,7 @@
 
     // Finally call the function in objreg, as assigned by one of the paths
     // above.
+    ensureOsiSpace();
     uint32_t callOffset = masm.callJit(objreg);
     markSafepointAt(callOffset, apply);
 
@@ -14822,6 +14828,7 @@
   masm.passABIArg(ObjectReg);
   masm.passABIArg(PrivateReg);
   masm.passABIArg(ValueReg);
+  ensureOsiSpace();
   masm.callWithABI(DynamicFunction<JSJitGetterOp>(ins->mir()->fun()),
                    MoveOp::GENERAL,
                    CheckUnsafeCallWithABI::DontCheckHasExitFrame);
@@ -14942,6 +14949,7 @@
   masm.passABIArg(ObjectReg);
   masm.passABIArg(PrivateReg);
   masm.passABIArg(ValueReg);
+  ensureOsiSpace();
   masm.callWithABI(DynamicFunction<JSJitSetterOp>(ins->mir()->fun()),
                    MoveOp::GENERAL,
                    CheckUnsafeCallWithABI::DontCheckHasExitFrame);
@@ -17063,6 +17071,7 @@
   Register scratch = ToRegister(lir->temp());
 
   uint32_t callOffset;
+  ensureOsiSpace();
   GenerateDirectCallFromJit(masm, funcExport, instObj->instance(), stackArgs,
                             scratch, &callOffset);
 
diff -Nru mozjs102-102.8.0/js/src/jit/shared/CodeGenerator-shared.cpp mozjs102-102.9.0/js/src/jit/shared/CodeGenerator-shared.cpp
--- mozjs102-102.8.0/js/src/jit/shared/CodeGenerator-shared.cpp	2023-02-15 10:26:32.000000000 +0000
+++ mozjs102-102.9.0/js/src/jit/shared/CodeGenerator-shared.cpp	2023-03-13 14:54:55.000000000 +0000
@@ -858,7 +858,6 @@
   }
   MOZ_ASSERT_IF(!masm.oom(), masm.currentOffset() - lastOsiPointOffset_ >=
                                  Assembler::PatchWrite_NearCallSize());
-  lastOsiPointOffset_ = masm.currentOffset();
 }
 
 uint32_t CodeGeneratorShared::markOsiPoint(LOsiPoint* ins) {
@@ -868,6 +867,7 @@
   uint32_t offset = masm.currentOffset();
   SnapshotOffset so = ins->snapshot()->snapshotOffset();
   masm.propagateOOM(osiIndices_.append(OsiIndex(offset, so)));
+  lastOsiPointOffset_ = offset;
 
   return offset;
 }

--- End Message ---
--- Begin Message --- 
Hi,

On 15-03-2023 20:46, Jeremy Bícha wrote:

Please unblock package mozjs102


hint added.

Paul

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---
Reply to: