Your message dated Sat, 07 Oct 2023 09:59:42 +0000 with message-id <E1qp462-00A4Hf-M0@coccia.debian.org> and subject line Released with 12.2 has caused the Debian Bug report #1052283, regarding bookworm-pu: package mozjs102/102.15.1-1~deb12u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1052283: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052283 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: bookworm-pu: package mozjs102/102.15.1-1~deb12u1
- From: Jeremy Bícha <jeremy.bicha@canonical.com>
- Date: Tue, 19 Sep 2023 15:20:27 -0400
- Message-id: <CAD+GYvym-hvv_ynUOrQypcijP4iLO-Vhg5ZrbXn_HXCSeFykgQ@mail.gmail.com>
Package: release.debian.org Control: affects -1 + src:mozjs102 X-Debbugs-Cc: mozjs102@packages.debian.org User: release.debian.org@packages.debian.org Usertags: pu Tags: bookworm [ Reason ] mozjs is the SpiderMonkey JavaScript engine from Firefox (ESR). Firefox 102 ESR receives monthly security updates until its end of life September 26. In this case, the final expected 102 ESR release was September 19. The Debian Security Team does not handle security updates for mozjs; they go through the normal stable update process. [ Impact ] mozjs powers gjs which is used by GNOME Shell and some GNOME apps. Outside Debian proper, Linux Mint Debian Edition probably also has their cjs package using Debian's mozjs102 package, where cjs is a light fork of gjs for the Cinnamon desktop. If this upload isn't accepted, known security bugs would be unfixed, although it is unclear their impact on the Desktop outside of the web browser context. [ Tests ] mozjs does have its own automated test suite and most of the tests are run and would fail the build if they fail. Additionally, I have successfully completed the test cases at https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs after first successfully building for amd64 in my bookworm chroot. [ Risks ] I have helped do these mozjs security updates for Ubuntu 22.04 LTS and newer. Mozilla is only including security fixes, not feature updates or changes in this update. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] debian/upstream/signing-key.asc was updated so that uscan would correctly import the new version because the old key has expired since the last mozjs102 update for Bookworm. The keys are rotated every 2 years. https://blog.mozilla.org/security/2023/05/11/updated-gpg-key-for-signing-firefox-releases/ debian/gbp.conf was updated to point to the Bookworm branch for the Debian packaging. Compared to Debian Unstable, the changelog entries were compressed into a single paragraph. There were no other debian/ changes. [ Other info ] A git log of changes can be found at https://github.com/mozilla/gecko-dev/commits/esr102/js for changes since the beginning of May. (Mozilla actually uses mercurial instead of git but this mirror is helpful). https://whattrainisitnow.com/calendar/ < click at the bottom of the page to toggle past release dates https://www.mozilla.org/security/advisories/ Thank you, Jeremy BíchaAttachment: mozjs102-102.15.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
- To: 1052283-done@bugs.debian.org
- Subject: Released with 12.2
- From: Jonathan Wiltshire <jmw@coccia.debian.org>
- Date: Sat, 07 Oct 2023 09:59:42 +0000
- Message-id: <E1qp462-00A4Hf-M0@coccia.debian.org>
Version: 12.2 The upload requested in this bug has been released as part of 12.2.
--- End Message ---