File nodejs6.changes of Package nodejs6.8480

Overview Repositories Revisions Requests Users Attributes Meta

File nodejs6.changes of Package nodejs6.8480

-------------------------------------------------------------------
Mon Aug 20 08:44:21 UTC 2018 - adam.majer@suse.de

- New upstream LTS release 6.14.4:
  * buffer: Fix out-of-bounds (OOB) write in Buffer.write() for
    UCS-2 encoding (CVE-2018-12115, bsc#1105019)
  * deps: Upgrade to OpenSSL 1.0.2p, fixing:
    + Client DoS due to large DH parameter
      (CVE-2018-0732, bsc#1097158)
    + ECDSA key extraction via local side-channel

-------------------------------------------------------------------
Sun Jul 29 10:47:39 UTC 2018 - jengelh@inai.de

- Ensure neutrality of description.
- Use %make_install.

-------------------------------------------------------------------
Fri Jun 15 12:03:47 UTC 2018 - adam.majer@suse.de

- Recommend same major version npm package (bsc#1097748)

-------------------------------------------------------------------
Thu Jun 14 09:20:15 UTC 2018 - adam.majer@suse.de

- New upstream LTS release 6.14.3:
  * buffer: Fixes Denial of Service vulnerability where calling
    Buffer.fill() could hang (CVE-2018-7167, bsc#1097375)

-------------------------------------------------------------------
Thu May 24 14:17:25 UTC 2018 - adam.majer@suse.de

- env_shebang.patch: use absolute paths in executable shebang lines
- versioned.patch: updated to move shebang modifications to above
  patch.

-------------------------------------------------------------------
Fri May 11 12:36:46 UTC 2018 - adam.majer@suse.de

- New upstream LTS release 6.14.2:
  * n-api: n-api has been backported to v6.x.
- icu_61_namespacefix.patch: Fix building with ICU61.1 (bsc#1091764)
- versioned.patch: rebased

-------------------------------------------------------------------
Thu Apr  5 07:18:42 UTC 2018 - adam.majer@suse.de

- Install license with %license, not %doc (bsc#1082318)

-------------------------------------------------------------------
Wed Apr  4 13:29:24 UTC 2018 - adam.majer@suse.de

- Fix some node-gyp permissions

-------------------------------------------------------------------
Tue Apr  3 11:02:56 UTC 2018 - adam.majer@suse.de

- New upstream LTS release 6.14.1:
  * Security fixes:
    + Fix for inspector DNS rebinding vulnerability
      (bsc#1087463, CVE-2018-7160)
    + Fix for 'path' module regular expression denial of service
      (bsc#1087459, CVE-2018-7158)
    + Reject spaces in HTTP Content-Length header values
      (bsc#1087453, CVE-2018-7159)
  * Upgrade to OpenSSL 1.0.2o
  * deps: upgrade http-parser to v2.8.0

-------------------------------------------------------------------
Thu Mar 22 10:52:48 UTC 2018 - adam.majer@suse.de

- New upstream LTS release 6.13.1:
  * http,tls: better support for IPv6 addresses
  * console: added console.count() and console.clear()
  * crypto:
    + expose ECDH class
    + added cypto.randomFill() and crypto.randomFillSync()
    + warn on invalid authentication tag length
  * deps: upgrade libuv to 1.16.1
  * dgram: added socket.setMulticastInterface()
  * http: add agent.keepSocketAlive and agent.reuseSocket as to
    allow overridable keep-alive behavior of Agent
  * lib: return this from net.Socket.end()
  * module: add builtinModules api that provides list of all
    builtin modules in Node
  * net: return this from getConnections()
  * promises: more robust stringification for unhandled rejections
  * repl: improve require() autocompletion
  * src:
    + add openssl-system-ca-path configure option
    + add --use-bundled-ca --use-openssl-ca check
    + add process.ppid
  * tls: accept lookup option for tls.connect()
  * tools,build: a new macOS installer!
  * url: WHATWG URL api support
  * util: add %i and %f formatting specifiers
- remove any old manpage files in %pre from before update-alternatives
  were used to manage symlinks to these manpages.

-------------------------------------------------------------------
Tue Feb 13 08:40:52 UTC 2018 - adam.majer@suse.de

- Add Recommends and BuildRequire on python2 for npm. node-gyp
  requires this old version of python for now. This is only needed
  for binary modules.

-------------------------------------------------------------------
Tue Jan 30 18:10:06 CET 2018 - ro@suse.de

- even on recent codestreams there is no binutils gold on s390
  only on s390x

-------------------------------------------------------------------
Tue Jan  9 10:54:48 UTC 2018 - adam.majer@suse.de

- New upstream LTS release 6.12.3:
  * v8: profiler-related fixes
  * mostly documentation and test related changes
- nodejs-sle11-python26-check_output.patch: refreshed

-------------------------------------------------------------------
Fri Dec 22 14:28:07 UTC 2017 - adam.majer@suse.de

- Enable CI tests in %check target
  + fix_ci_tests.patch:
    - DNS queries in buildroots are failing with EAI_AGAIN
    - disable test-module-loading-globalpaths.js - we have
      hardcoded global paths
  + versioned.patch: call versioned node binary for tests

-------------------------------------------------------------------
Thu Dec 14 09:45:50 UTC 2017 - adam.majer@suse.de

- Dropped 8334.diff - no longer needed

-------------------------------------------------------------------
Sat Dec  9 03:22:01 UTC 2017 - qantas94heavy@gmail.com

- New upstream LTS release 6.12.2:
  * deps/openssl: updated to 1.0.2n (only applies to SLE 12 SP1
    and lower) (bsc#1072322)
    [ CVE-2017-3738 CVE-2017-15896 ]

- Changes in 6.12.1:
  * build: fix npm install with --shared
    [ gh#nodejs/node#16438 ]
  * build: building on systems with default Python 3 is now
    supported
    [ gh#nodejs/node#16058 ]
  * src: v8 options can be specified with either '_' or '-' in
    NODE_OPTIONS
    [ gh#nodejs/node#14093 ]

- Remove unnecessary curl BuildRequires
- Enable gold linker on s390x (TW and SLE/Leap 15)
- Build with bundled ICU if system ICU not available (only applies
  to SLE 11)

-------------------------------------------------------------------
Wed Nov 29 01:41:56 UTC 2017 - qantas94heavy@gmail.com

- Change BuildRequires from openssl-devel to libopenssl-1_0_0-devel
  due to Tumbleweed/Leap 15 change to OpenSSL 1.1.0 as default

-------------------------------------------------------------------
Thu Nov 16 13:16:25 UTC 2017 - adam.majer@suse.de

- Update nodejs.keyring based on current Release Team as found on
  https://github.com/nodejs/node#release-team

-------------------------------------------------------------------
Mon Nov 13 14:29:47 UTC 2017 - adam.majer@suse.de

- Fix permissions of node-gyp. This should be executable to allow
  building of binary node modules.

-------------------------------------------------------------------
Mon Nov 13 10:08:04 UTC 2017 - adam.majer@suse.de

- New upstream LTS release 6.12.0:
  * assert: assert.fail() can now take one or two arguments
  * crypto: add sign/verify support for RSASSA-PSS
  * deps:
    + upgrade openssl sources to 1.0.2m
      [OpenSSL Security Advisory (bsc#1066242, bsc#1056058)
       CVE-2017-3735 CVE-2017-3736]
    + upgrade libuv to 1.15.0
  * fs: Add support for fs.write/fs.writeSync(fd, buffer, cb) and
    fs.write/fs.writeSync(fd, buffer, offset, cb) as documented
  * inspector: enable --inspect-brk
  * process: add --redirect-warnings command line argument
  * src:
    + allow CLI args in env with NODE_OPTIONS
    + --abort-on-uncaught-exception in NODE_OPTIONS
    + allow --tls-cipher-list in NODE_OPTIONS
    + use SafeGetenv() for NODE_REDIRECT_WARNINGS
  * test: remove common.fail()
- 0f3e69db.patch, icu59.patch: removed empty patches
- nodejs-libpath.patch: refreshed

-------------------------------------------------------------------
Wed Oct 25 05:19:03 UTC 2017 - qantas94heavy@gmail.com

- New upstream LTS release 6.11.5:
  * zlib: (CVE-2017-14919: only affects TW) In zlib v1.2.9, a
    change was made that causes an exception to be thrown when a
    raw deflate stream is initialized with windowBits set to 8.
    Node.js will now gracefully set windowBits to 9 (replicating
    the legacy behavior) to avoid a DOS vector.

-------------------------------------------------------------------
Thu Oct 19 08:07:05 UTC 2017 - adam.majer@suse.de

- Replace {{node_version_major}} with RPM define %node_version_number
  for simpler spec file review.
- Make sure npm program remains executable

-------------------------------------------------------------------
Wed Oct  4 16:38:26 UTC 2017 - adam.majer@suse.de

- New upstream LTS release 6.11.4:
  * net: support passing undefined to listen() to match behavior in
  v4.x and v8.x

-------------------------------------------------------------------
Mon Sep 11 13:58:26 UTC 2017 - qantas94heavy@gmail.com

- New upstream LTS release 6.11.3:
  * deps: Snapshots are turned back on!!! (#14385)
  * path: win32 volume-relative paths are working again! (#14440)
  * tools: v6.x can now build with ICU 59 (#12078)
- Drop icu59.patch: merged upstream.
- Refresh versioned.patch

-------------------------------------------------------------------
Thu Aug 17 08:57:20 UTC 2017 - qantas94heavy@gmail.com

- New upstream LTS release 6.11.2
  * configure: add mips64el to valid_arch (#13620)
  * crypto: updated root certificates based on NSS 3.30
    (#13279, #12402)
  * deps: upgrade OpenSSL to version 1.0.2.l (#12913)
  * http:
    + parse errors are now reported when NODE_DEBUG=http (#13206)
    + Agent constructor can now be invoked without new (#12927)
  * zlib: node will now throw an Error when zlib rejects the value
    of windowBits, instead of crashing (#13098)
- Drop 0f3e69db.patch: fixed upstream

-------------------------------------------------------------------
Wed Aug  2 15:16:57 UTC 2017 - adam.majer@suse.de

- Fix update-alternative handling in %postun - don't remove
  links on upgrades.

-------------------------------------------------------------------
Wed Jul 12 08:24:32 UTC 2017 - adam.majer@suse.de

- New upstream LTS release 6.11.1
  * v8: disable V8 snapshots. The hashseed embedded in the snapshot
    is currently the same for all runs of the binary. This opens
    node up to collision attacks which could result in a Denial
    of Service. We have temporarily disabled snapshots until a more
    robust solution is found. (bnc#1048299, CVE-2017-11499)
  * The c-ares function ares_parse_naptr_reply(), which is used for
    parsing NAPTR responses, could be triggered to read memory
    outside of the given input buffer if the passed in DNS response
    packet was crafted in a particular way.
    (CVE-2017-1000381, bnc#1044946)

-------------------------------------------------------------------
Fri Jul  7 14:05:05 UTC 2017 - adam.majer@suse.de

- Depend on nodejs-common that is then used to pick correctly
  versioned node or npm binary. This is required since 3rd party
  modules use `/usr/bin/env node` which breaks if multiple versions
  of NodeJS are installed at the same time and non-default version
  is used (for example, to compile a native module)
 
-------------------------------------------------------------------
Thu Jul  6 12:08:26 UTC 2017 - adam.majer@suse.de

- npm_search_paths.patch: Since concurrent installations are now
  possible, node manual pages are moved once again back under npm
  searcheable locations only.
- versioned.patch: All files are now under versioned directoies
  and names. node and npm symlinks are now managed by
  update-alternatives
- node-gyp-addon-gypi.patch: Reference versioned directories only

-------------------------------------------------------------------
Tue Jun 13 09:13:23 UTC 2017 - adam.majer@suse.de

- New upstream LTS release 6.11.0
  * added support for building mips64el
  * cluster:
    + disconnect() now returns a reference to the disconnected
      worker.
  * crypto:
    + ability to select cert store at runtime
    + Use system CAs instead of using bundled ones
      (obsoletes 8334.diff)
    + The Decipher methods setAuthTag() and setAAD now return this
    + adding support for OPENSSL_CONF again
    + make LazyTransform compabile with Streams1
  * deps:
    + upgrade libuv to 1.11.0
  * dns:
    + Implemented {ttl: true} for resolve4() and resolve6().
  * process:
    + add NODE_NO_WARNINGS environment variable
  * readline:
    + add option to stop duplicates in history
  * src:
    + support "--" after "-e" as end-of-options
  * tls:
    + new tls.TLSSocket() supports sec ctx options
    + Allow obvious key/passphrase combinations.
- Fix typo in node-gyp-addon-gypi.patch patch
- Refresh icu59.patch

-------------------------------------------------------------------
Tue May 30 12:45:42 UTC 2017 - adam.majer@suse.de

- 0f3e69db.patch, icu59.patch: backported GCC 7 compilation fixes
  for v8 backported and add missing ICU59 includes (bnc#1041282)

-------------------------------------------------------------------
Tue May 23 09:52:00 UTC 2017 - adam.majer@suse.de

- New upstream LTS release 6.10.3
  * b8:
    + Trigger OOM crash on memory allcation errors
    + Don't treat catch scopes as possibly-shadowing for sloppy eval
  * lib: fix event race condition with -e
  * src: fix base64 decoding in rare edgecase
  * tls:
    + fix segfault on destroy after partial read
    + keep track of stream that is closed
    + fix macro to check NPN feature
- nodejs-libpath.patch: updated

-------------------------------------------------------------------
Wed Apr  5 01:30:39 UTC 2017 - qantas94heavy@gmail.com

- New upstream LTS release 6.10.2
  * crypto: fix memory leak if certificate is revoked (#12089)
  * deps: backport V8 fixes for spread syntax regression
    causing segfaults (#12037)
    
- Changes not applicable to openSUSE in 6.10.2:
  * deps: upgrade zlib to 1.2.11 (#10980)
  * repl: revert commit that broke REPL display on Windows (#12123)
  
- Changes in LTS release 6.10.1
  * performance: The performance of several APIs has been improved.
    + Buffer.compare() is up to 35% faster on average.
    + buffer.toJSON() is up to 2859% faster on average.
    + fs.*statSync() functions are now up to 9% faster on average.
    + os.loadavg is up to 151% faster.
    + process.memoryUsage() is up to 34% faster.
    + querystring.unescape() for Buffers is 15% faster on average.
    + querystring.stringify() is up to 7.8% faster on average.
    + querystring.parse() is up to 21% faster on average.
  * IPC: Batched writes have been enabled for process IPC on
    platforms that support Unix Domain Sockets. Performance gains
    may be up to 40% for some workloads.
  * child_process: spawnSync now returns a null status when child
    is terminated by a signal. This fixes the behavior to act like
    spawn() does.
  * http: Control characters are now always rejected when using
    http.request(). Debug messages have been added for cases when
    headers contain invalid values.
  * node: Heap statistics now support values larger than 4GB.
  * timers: Timer callbacks now always maintain order when
    interacting with domain error handling.

-------------------------------------------------------------------
Sun Feb 26 03:01:09 UTC 2017 - qantas94heavy@gmail.com

- New upstream LTS release 6.10.0
 * crypto: allow adding extra certs to well-known CAs
 * deps: upgrade INTL ICU to version 58
 * fs: cache non-symlinks in realpathSync
 * process: add process.memoryUsage().external
 * repl: allow autocompletion for scoped packages
 * src: add wrapper for process.emitWarning()
- Modify 8334.diff:
  * Remove merged reference counting code (#9409)
  * Bring patch in line with upstream changes (#8334)

-------------------------------------------------------------------
Fri Feb  3 12:21:10 UTC 2017 - adam.majer@suse.de

- New upstream LTS release 6.9.5
  * deps: upgrade openssl sources to 1.0.2k
    (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055,
     bnc#1022085, bnc#1022086, bnc#1009528)
- No changes in LTS release 6.9.4
- Adjusted 8334.diff to be inline with accepted changes

-------------------------------------------------------------------
Fri Jan  6 08:25:14 UTC 2017 - qantas94heavy@gmail.com

- Add basic check that Node.js loads successfully to spec file

-------------------------------------------------------------------
Wed Jan  4 02:56:09 UTC 2017 - qantas94heavy@gmail.com

- New upstream LTS release 6.9.3
  * build: shared library support is now working for AIX builds
  * deps/npm: upgrade npm to 3.10.10
  * deps/V8: destructuring of arrow function arguments via computed
             property no longer throws
  * inspector: /json/version returns object, not an object wrapped
               in an array
  * module: using --debug-brk and --eval together now works
            as expected
  * process: improve performance of nextTick up to 20%
  * repl: the division operator will no longer be accidentally
          parsed as regex
  * repl: improved support for generator functions
  * timers: recanceling a cancelled timers will no longer throw

-------------------------------------------------------------------
Fri Dec  9 04:22:27 UTC 2016 - qantas94heavy@gmail.com

- New upstream LTS version 6.9.2
  * buffer: coerce slice parameters consistently
  * deps/npm: upgrade npm to 3.10.9
  * deps/V8: Various fixes to destructuring edge cases
    + cherry-pick 3c39bac from V8 upstream
    + cherry pick 7166503 from upstream v8
  * gtest: the test reporter now outputs tap comments as yamlish
  * inspector: inspector now prompts user to use 127.0.0.1 rather
               than localhost
  * tls: fix memory leak when writing data to TLSWrap instance
         during handshake
- Modify 8334.diff:
  * ported and updated system CA store for the new node crypto code

-------------------------------------------------------------------
Wed Nov 23 09:00:40 UTC 2016 - adam.majer@suse.de

- Add missing conflicts to base package. It's not possible to have
  concurrent nodejs installations.

-------------------------------------------------------------------
Fri Nov 18 11:59:06 UTC 2016 - adam.majer@suse.de

- Package unification across various branches of NodeJS. Package
  for 4.x, 6.x and current (7.x) branches of NodeJS are now
  handled via GitHub repository.
- NodeJS 6.x LTS package, based on NodeJS 4.x LTS layout. All
  NodeJS packages are interchangeable. (FATE #321373)

-------------------------------------------------------------------
Mon Nov  7 13:15:21 UTC 2016 - adam.majer@suse.de

- Add versioned dependencies for unbundling of c-ares and icu
  libraries
- SLE12 can have unbundled libicu

-------------------------------------------------------------------
Wed Nov  2 04:13:20 UTC 2016 - qantas94heavy@gmail.com

- Fork package devel:languages:nodejs/nodejs
- Remove support-arm64-build.patch (not necessary for aarch64 build)
- Use system library versions of c-ares and ICU where supported
- Remove /usr/{lib,lib64}/node_modules from global module paths
  * This is deprecated behaviour that was caused by an incorrect patch
    in devel:languages:nodejs/nodejs almost 6 months ago (boo#985350)
- Modify nodejs-libpath.patch
  * Move /usr/lib64/node_modules to %{_libexecpath} as npm isn't
    architecture dependent (only npm itself is stored there)
- Remove nodejs-libpath64.patch
- Use separate .sig file instead of .asc file for source verification
- Use exec instead of xargs to remove files in install script

Places

File nodejs6.changes of Package nodejs6.8480

Places