openSUSE Build Service

Adam Majer (adamm) committed almost 4 years ago (revision 128)

Adam Majer (adamm) committed almost 4 years ago (revision 127)

- Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation
  on Aarch64 with gcc10 (bsc#1172686)

Adam Majer (adamm) committed about 4 years ago (revision 126)

- Add Require for nodejs6 when intalling npm6. (bsc#1172728)

Adam Majer (adamm) committed about 4 years ago (revision 125)

- Add Require for nodejs6 when intalling npm6.
- minimist.patch: Fixes a vulnerability in an npm component
  (CVE-2020-7598, bsc#1166916)

Adam Majer (adamm) committed about 4 years ago (revision 124)

- minimist.patch: Fixes a vulnerability in an npm component (bsc#1166916)

Adam Majer (adamm) committed about 4 years ago (revision 123)

- Update to version 14.4.0:
  * napi: fix various types of memory corruption in napi_get_value_string_*()
    (CVE-2020-8174, bsc#1172443)
  * http2: fix HTTP/2 Large Settings Frame DoS
    (CVE-2020-11080, bsc#1172442)
  * TLS session reuse can lead to host certificate verification bypass
    (CVE-2020-8172, bsc#1172441)

Adam Majer (adamm) committed over 4 years ago (revision 122)

Adam Majer (adamm) committed over 4 years ago (revision 121)

Adam Majer (adamm) committed over 4 years ago (revision 120)

- CVE-2019-15604.patch: fixes a remotely triggerable assertion
  on a TLS server via a crafted certificate string
  (CVE-2019-15604, bsc#1163104)
- CVE-2019-15605.patch: fixes an HTTP request smuggling vulnerability
  via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102)
- CVE-2019-15606.patch: trim HTTP header values of optional
  white space (CVE-2019-15606, bsc#1163103)

Adam Majer (adamm) committed over 4 years ago (revision 119)

Syncing ARM fixes

Adam Majer (adamm) committed over 4 years ago (revision 118)

Adam Majer (adamm) committed over 4 years ago (revision 117)

Fix npm version

Adam Majer (adamm) committed over 4 years ago (revision 116)

- Add npm.tar.xz - Update npm to 6.13.4 fixing an arbitrary path
  overwrite and access via "bin" field (bsc#1159352,
  CVE-2019-16777, CVE-2019-16776, CVE-2019-16775).
- CVE-2019-13173.patch - upstreamed
- refreshed: node-gyp-addon-gypi.patch, npm_search_paths.patch,
  versioned.patch

Adam Majer (adamm) committed over 4 years ago (revision 115)

Adam Majer (adamm) committed over 4 years ago (revision 114)

- New upstream LTS release 6.17.1:
  * http: fix error check in Execute()

- Add _constraints for ppc64le to avoid build error

Adam Majer (adamm) committed almost 5 years ago (revision 113)

- CVE-2019-13173.patch: fix potential file overwrite via hardlink
  in fstream.DirWriter() function (bsc#1140290, CVE-2019-13173)

Adam Majer (adamm) committed about 5 years ago (revision 112)

buildservice-autocommit accepted request 681821 from

Adam Majer (adamm) over 5 years ago (revision 111)

baserev update by copy to link target

Adam Majer (adamm) committed over 5 years ago (revision 110)

Adam Majer (adamm) committed over 5 years ago (revision 109)

- New upstream LTS release 6.17.0:
  * deps: OpenSSL has been upgraded to 1.0.2r. Under certain
    circumstances, a TLS server can be forced to respond differently
    to a client if a zero-byte record is received with an
    invalid padding compared to a zero-byte record with an
    invalid MAC. This can be used as the basis of a padding
    oracle attack to decrypt data.
    (CVE-2019-1559, bsc#1127080)
  * http:
    + Backport server.keepAliveTimeout to prevent keep-alive
      HTTP and HTTPS connections remaining open and inactive for
      an extended period of time, leading to a potential
      Denial of Service (DoS). (CVE-2019-5739, bsc#1127533)
    + Further prevention of "Slowloris" attacks on HTTP and HTTPS
      connections by consistently applying the receive timeout set
      by server.headersTimeout to connections in keep-alive mode.
      (CVE-2019-5737, bsc#1127532)

- nodejs.keyring: update keyring to today's list as per
  https://github.com/nodejs/node

Places

Revisions of nodejs6

Places