Revisions of nodejs6
Adam Majer (adamm)
committed
(revision 128)
Adam Majer (adamm)
committed
(revision 127)
- Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686)
Adam Majer (adamm)
committed
(revision 126)
- Add Require for nodejs6 when intalling npm6. (bsc#1172728)
Adam Majer (adamm)
committed
(revision 125)
- Add Require for nodejs6 when intalling npm6. - minimist.patch: Fixes a vulnerability in an npm component (CVE-2020-7598, bsc#1166916)
Adam Majer (adamm)
committed
(revision 124)
- minimist.patch: Fixes a vulnerability in an npm component (bsc#1166916)
Adam Majer (adamm)
committed
(revision 123)
- Update to version 14.4.0: * napi: fix various types of memory corruption in napi_get_value_string_*() (CVE-2020-8174, bsc#1172443) * http2: fix HTTP/2 Large Settings Frame DoS (CVE-2020-11080, bsc#1172442) * TLS session reuse can lead to host certificate verification bypass (CVE-2020-8172, bsc#1172441)
Adam Majer (adamm)
committed
(revision 122)
Adam Majer (adamm)
committed
(revision 121)
Adam Majer (adamm)
committed
(revision 120)
- CVE-2019-15604.patch: fixes a remotely triggerable assertion on a TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104) - CVE-2019-15605.patch: fixes an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102) - CVE-2019-15606.patch: trim HTTP header values of optional white space (CVE-2019-15606, bsc#1163103)
Adam Majer (adamm)
committed
(revision 119)
Syncing ARM fixes
Adam Majer (adamm)
committed
(revision 118)
Adam Majer (adamm)
committed
(revision 117)
Fix npm version
Adam Majer (adamm)
committed
(revision 116)
- Add npm.tar.xz - Update npm to 6.13.4 fixing an arbitrary path overwrite and access via "bin" field (bsc#1159352, CVE-2019-16777, CVE-2019-16776, CVE-2019-16775). - CVE-2019-13173.patch - upstreamed - refreshed: node-gyp-addon-gypi.patch, npm_search_paths.patch, versioned.patch
Adam Majer (adamm)
committed
(revision 115)
Adam Majer (adamm)
committed
(revision 114)
- New upstream LTS release 6.17.1: * http: fix error check in Execute() - Add _constraints for ppc64le to avoid build error
Adam Majer (adamm)
committed
(revision 113)
- CVE-2019-13173.patch: fix potential file overwrite via hardlink in fstream.DirWriter() function (bsc#1140290, CVE-2019-13173)
Adam Majer (adamm)
committed
(revision 112)
buildservice-autocommit
accepted
request 681821
from
Adam Majer (adamm)
(revision 111)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 110)
Adam Majer (adamm)
committed
(revision 109)
- New upstream LTS release 6.17.0: * deps: OpenSSL has been upgraded to 1.0.2r. Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data. (CVE-2019-1559, bsc#1127080) * http: + Backport server.keepAliveTimeout to prevent keep-alive HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential Denial of Service (DoS). (CVE-2019-5739, bsc#1127533) + Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode. (CVE-2019-5737, bsc#1127532) - nodejs.keyring: update keyring to today's list as per https://github.com/nodejs/node
Displaying revisions 1 - 20 of 128