Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:chajain
nodejs6
nodejs6.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nodejs6.changes of Package nodejs6
------------------------------------------------------------------- Mon Aug 20 08:44:21 UTC 2018 - adam.majer@suse.de - New upstream LTS release 6.14.4: * buffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115, bsc#1105019) * deps: Upgrade to OpenSSL 1.0.2p, fixing: + Client DoS due to large DH parameter (CVE-2018-0732, bsc#1097158) + ECDSA key extraction via local side-channel ------------------------------------------------------------------- Sun Jul 29 10:47:39 UTC 2018 - jengelh@inai.de - Ensure neutrality of description. - Use %make_install. ------------------------------------------------------------------- Fri Jun 15 12:03:47 UTC 2018 - adam.majer@suse.de - Recommend same major version npm package (bsc#1097748) ------------------------------------------------------------------- Thu Jun 14 09:20:15 UTC 2018 - adam.majer@suse.de - New upstream LTS release 6.14.3: * buffer: Fixes Denial of Service vulnerability where calling Buffer.fill() could hang (CVE-2018-7167, bsc#1097375) ------------------------------------------------------------------- Thu May 24 14:17:25 UTC 2018 - adam.majer@suse.de - env_shebang.patch: use absolute paths in executable shebang lines - versioned.patch: updated to move shebang modifications to above patch. ------------------------------------------------------------------- Fri May 11 12:36:46 UTC 2018 - adam.majer@suse.de - New upstream LTS release 6.14.2: * n-api: n-api has been backported to v6.x. - icu_61_namespacefix.patch: Fix building with ICU61.1 (bsc#1091764) - versioned.patch: rebased ------------------------------------------------------------------- Thu Apr 5 07:18:42 UTC 2018 - adam.majer@suse.de - Install license with %license, not %doc (bsc#1082318) ------------------------------------------------------------------- Wed Apr 4 13:29:24 UTC 2018 - adam.majer@suse.de - Fix some node-gyp permissions ------------------------------------------------------------------- Tue Apr 3 11:02:56 UTC 2018 - adam.majer@suse.de - New upstream LTS release 6.14.1: * Security fixes: + Fix for inspector DNS rebinding vulnerability (bsc#1087463, CVE-2018-7160) + Fix for 'path' module regular expression denial of service (bsc#1087459, CVE-2018-7158) + Reject spaces in HTTP Content-Length header values (bsc#1087453, CVE-2018-7159) * Upgrade to OpenSSL 1.0.2o * deps: upgrade http-parser to v2.8.0 ------------------------------------------------------------------- Thu Mar 22 10:52:48 UTC 2018 - adam.majer@suse.de - New upstream LTS release 6.13.1: * http,tls: better support for IPv6 addresses * console: added console.count() and console.clear() * crypto: + expose ECDH class + added cypto.randomFill() and crypto.randomFillSync() + warn on invalid authentication tag length * deps: upgrade libuv to 1.16.1 * dgram: added socket.setMulticastInterface() * http: add agent.keepSocketAlive and agent.reuseSocket as to allow overridable keep-alive behavior of Agent * lib: return this from net.Socket.end() * module: add builtinModules api that provides list of all builtin modules in Node * net: return this from getConnections() * promises: more robust stringification for unhandled rejections * repl: improve require() autocompletion * src: + add openssl-system-ca-path configure option + add --use-bundled-ca --use-openssl-ca check + add process.ppid * tls: accept lookup option for tls.connect() * tools,build: a new macOS installer! * url: WHATWG URL api support * util: add %i and %f formatting specifiers - remove any old manpage files in %pre from before update-alternatives were used to manage symlinks to these manpages. ------------------------------------------------------------------- Tue Feb 13 08:40:52 UTC 2018 - adam.majer@suse.de - Add Recommends and BuildRequire on python2 for npm. node-gyp requires this old version of python for now. This is only needed for binary modules. ------------------------------------------------------------------- Tue Jan 30 18:10:06 CET 2018 - ro@suse.de - even on recent codestreams there is no binutils gold on s390 only on s390x ------------------------------------------------------------------- Tue Jan 9 10:54:48 UTC 2018 - adam.majer@suse.de - New upstream LTS release 6.12.3: * v8: profiler-related fixes * mostly documentation and test related changes - nodejs-sle11-python26-check_output.patch: refreshed ------------------------------------------------------------------- Fri Dec 22 14:28:07 UTC 2017 - adam.majer@suse.de - Enable CI tests in %check target + fix_ci_tests.patch: - DNS queries in buildroots are failing with EAI_AGAIN - disable test-module-loading-globalpaths.js - we have hardcoded global paths + versioned.patch: call versioned node binary for tests ------------------------------------------------------------------- Thu Dec 14 09:45:50 UTC 2017 - adam.majer@suse.de - Dropped 8334.diff - no longer needed ------------------------------------------------------------------- Sat Dec 9 03:22:01 UTC 2017 - qantas94heavy@gmail.com - New upstream LTS release 6.12.2: * deps/openssl: updated to 1.0.2n (only applies to SLE 12 SP1 and lower) (bsc#1072322) [ CVE-2017-3738 CVE-2017-15896 ] - Changes in 6.12.1: * build: fix npm install with --shared [ gh#nodejs/node#16438 ] * build: building on systems with default Python 3 is now supported [ gh#nodejs/node#16058 ] * src: v8 options can be specified with either '_' or '-' in NODE_OPTIONS [ gh#nodejs/node#14093 ] - Remove unnecessary curl BuildRequires - Enable gold linker on s390x (TW and SLE/Leap 15) - Build with bundled ICU if system ICU not available (only applies to SLE 11) ------------------------------------------------------------------- Wed Nov 29 01:41:56 UTC 2017 - qantas94heavy@gmail.com - Change BuildRequires from openssl-devel to libopenssl-1_0_0-devel due to Tumbleweed/Leap 15 change to OpenSSL 1.1.0 as default ------------------------------------------------------------------- Thu Nov 16 13:16:25 UTC 2017 - adam.majer@suse.de - Update nodejs.keyring based on current Release Team as found on https://github.com/nodejs/node#release-team ------------------------------------------------------------------- Mon Nov 13 14:29:47 UTC 2017 - adam.majer@suse.de - Fix permissions of node-gyp. This should be executable to allow building of binary node modules. ------------------------------------------------------------------- Mon Nov 13 10:08:04 UTC 2017 - adam.majer@suse.de - New upstream LTS release 6.12.0: * assert: assert.fail() can now take one or two arguments * crypto: add sign/verify support for RSASSA-PSS * deps: + upgrade openssl sources to 1.0.2m [OpenSSL Security Advisory (bsc#1066242, bsc#1056058) CVE-2017-3735 CVE-2017-3736] + upgrade libuv to 1.15.0 * fs: Add support for fs.write/fs.writeSync(fd, buffer, cb) and fs.write/fs.writeSync(fd, buffer, offset, cb) as documented * inspector: enable --inspect-brk * process: add --redirect-warnings command line argument * src: + allow CLI args in env with NODE_OPTIONS + --abort-on-uncaught-exception in NODE_OPTIONS + allow --tls-cipher-list in NODE_OPTIONS + use SafeGetenv() for NODE_REDIRECT_WARNINGS * test: remove common.fail() - 0f3e69db.patch, icu59.patch: removed empty patches - nodejs-libpath.patch: refreshed ------------------------------------------------------------------- Wed Oct 25 05:19:03 UTC 2017 - qantas94heavy@gmail.com - New upstream LTS release 6.11.5: * zlib: (CVE-2017-14919: only affects TW) In zlib v1.2.9, a change was made that causes an exception to be thrown when a raw deflate stream is initialized with windowBits set to 8. Node.js will now gracefully set windowBits to 9 (replicating the legacy behavior) to avoid a DOS vector. ------------------------------------------------------------------- Thu Oct 19 08:07:05 UTC 2017 - adam.majer@suse.de - Replace {{node_version_major}} with RPM define %node_version_number for simpler spec file review. - Make sure npm program remains executable ------------------------------------------------------------------- Wed Oct 4 16:38:26 UTC 2017 - adam.majer@suse.de - New upstream LTS release 6.11.4: * net: support passing undefined to listen() to match behavior in v4.x and v8.x ------------------------------------------------------------------- Mon Sep 11 13:58:26 UTC 2017 - qantas94heavy@gmail.com - New upstream LTS release 6.11.3: * deps: Snapshots are turned back on!!! (#14385) * path: win32 volume-relative paths are working again! (#14440) * tools: v6.x can now build with ICU 59 (#12078) - Drop icu59.patch: merged upstream. - Refresh versioned.patch ------------------------------------------------------------------- Thu Aug 17 08:57:20 UTC 2017 - qantas94heavy@gmail.com - New upstream LTS release 6.11.2 * configure: add mips64el to valid_arch (#13620) * crypto: updated root certificates based on NSS 3.30 (#13279, #12402) * deps: upgrade OpenSSL to version 1.0.2.l (#12913) * http: + parse errors are now reported when NODE_DEBUG=http (#13206) + Agent constructor can now be invoked without new (#12927) * zlib: node will now throw an Error when zlib rejects the value of windowBits, instead of crashing (#13098) - Drop 0f3e69db.patch: fixed upstream ------------------------------------------------------------------- Wed Aug 2 15:16:57 UTC 2017 - adam.majer@suse.de - Fix update-alternative handling in %postun - don't remove links on upgrades. ------------------------------------------------------------------- Wed Jul 12 08:24:32 UTC 2017 - adam.majer@suse.de - New upstream LTS release 6.11.1 * v8: disable V8 snapshots. The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found. (bnc#1048299, CVE-2017-11499) * The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (CVE-2017-1000381, bnc#1044946) ------------------------------------------------------------------- Fri Jul 7 14:05:05 UTC 2017 - adam.majer@suse.de - Depend on nodejs-common that is then used to pick correctly versioned node or npm binary. This is required since 3rd party modules use `/usr/bin/env node` which breaks if multiple versions of NodeJS are installed at the same time and non-default version is used (for example, to compile a native module) ------------------------------------------------------------------- Thu Jul 6 12:08:26 UTC 2017 - adam.majer@suse.de - npm_search_paths.patch: Since concurrent installations are now possible, node manual pages are moved once again back under npm searcheable locations only. - versioned.patch: All files are now under versioned directoies and names. node and npm symlinks are now managed by update-alternatives - node-gyp-addon-gypi.patch: Reference versioned directories only ------------------------------------------------------------------- Tue Jun 13 09:13:23 UTC 2017 - adam.majer@suse.de - New upstream LTS release 6.11.0 * added support for building mips64el * cluster: + disconnect() now returns a reference to the disconnected worker. * crypto: + ability to select cert store at runtime + Use system CAs instead of using bundled ones (obsoletes 8334.diff) + The Decipher methods setAuthTag() and setAAD now return this + adding support for OPENSSL_CONF again + make LazyTransform compabile with Streams1 * deps: + upgrade libuv to 1.11.0 * dns: + Implemented {ttl: true} for resolve4() and resolve6(). * process: + add NODE_NO_WARNINGS environment variable * readline: + add option to stop duplicates in history * src: + support "--" after "-e" as end-of-options * tls: + new tls.TLSSocket() supports sec ctx options + Allow obvious key/passphrase combinations. - Fix typo in node-gyp-addon-gypi.patch patch - Refresh icu59.patch ------------------------------------------------------------------- Tue May 30 12:45:42 UTC 2017 - adam.majer@suse.de - 0f3e69db.patch, icu59.patch: backported GCC 7 compilation fixes for v8 backported and add missing ICU59 includes (bnc#1041282) ------------------------------------------------------------------- Tue May 23 09:52:00 UTC 2017 - adam.majer@suse.de - New upstream LTS release 6.10.3 * b8: + Trigger OOM crash on memory allcation errors + Don't treat catch scopes as possibly-shadowing for sloppy eval * lib: fix event race condition with -e * src: fix base64 decoding in rare edgecase * tls: + fix segfault on destroy after partial read + keep track of stream that is closed + fix macro to check NPN feature - nodejs-libpath.patch: updated ------------------------------------------------------------------- Wed Apr 5 01:30:39 UTC 2017 - qantas94heavy@gmail.com - New upstream LTS release 6.10.2 * crypto: fix memory leak if certificate is revoked (#12089) * deps: backport V8 fixes for spread syntax regression causing segfaults (#12037) - Changes not applicable to openSUSE in 6.10.2: * deps: upgrade zlib to 1.2.11 (#10980) * repl: revert commit that broke REPL display on Windows (#12123) - Changes in LTS release 6.10.1 * performance: The performance of several APIs has been improved. + Buffer.compare() is up to 35% faster on average. + buffer.toJSON() is up to 2859% faster on average. + fs.*statSync() functions are now up to 9% faster on average. + os.loadavg is up to 151% faster. + process.memoryUsage() is up to 34% faster. + querystring.unescape() for Buffers is 15% faster on average. + querystring.stringify() is up to 7.8% faster on average. + querystring.parse() is up to 21% faster on average. * IPC: Batched writes have been enabled for process IPC on platforms that support Unix Domain Sockets. Performance gains may be up to 40% for some workloads. * child_process: spawnSync now returns a null status when child is terminated by a signal. This fixes the behavior to act like spawn() does. * http: Control characters are now always rejected when using http.request(). Debug messages have been added for cases when headers contain invalid values. * node: Heap statistics now support values larger than 4GB. * timers: Timer callbacks now always maintain order when interacting with domain error handling. ------------------------------------------------------------------- Sun Feb 26 03:01:09 UTC 2017 - qantas94heavy@gmail.com - New upstream LTS release 6.10.0 * crypto: allow adding extra certs to well-known CAs * deps: upgrade INTL ICU to version 58 * fs: cache non-symlinks in realpathSync * process: add process.memoryUsage().external * repl: allow autocompletion for scoped packages * src: add wrapper for process.emitWarning() - Modify 8334.diff: * Remove merged reference counting code (#9409) * Bring patch in line with upstream changes (#8334) ------------------------------------------------------------------- Fri Feb 3 12:21:10 UTC 2017 - adam.majer@suse.de - New upstream LTS release 6.9.5 * deps: upgrade openssl sources to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bnc#1022085, bnc#1022086, bnc#1009528) - No changes in LTS release 6.9.4 - Adjusted 8334.diff to be inline with accepted changes ------------------------------------------------------------------- Fri Jan 6 08:25:14 UTC 2017 - qantas94heavy@gmail.com - Add basic check that Node.js loads successfully to spec file ------------------------------------------------------------------- Wed Jan 4 02:56:09 UTC 2017 - qantas94heavy@gmail.com - New upstream LTS release 6.9.3 * build: shared library support is now working for AIX builds * deps/npm: upgrade npm to 3.10.10 * deps/V8: destructuring of arrow function arguments via computed property no longer throws * inspector: /json/version returns object, not an object wrapped in an array * module: using --debug-brk and --eval together now works as expected * process: improve performance of nextTick up to 20% * repl: the division operator will no longer be accidentally parsed as regex * repl: improved support for generator functions * timers: recanceling a cancelled timers will no longer throw ------------------------------------------------------------------- Fri Dec 9 04:22:27 UTC 2016 - qantas94heavy@gmail.com - New upstream LTS version 6.9.2 * buffer: coerce slice parameters consistently * deps/npm: upgrade npm to 3.10.9 * deps/V8: Various fixes to destructuring edge cases + cherry-pick 3c39bac from V8 upstream + cherry pick 7166503 from upstream v8 * gtest: the test reporter now outputs tap comments as yamlish * inspector: inspector now prompts user to use 127.0.0.1 rather than localhost * tls: fix memory leak when writing data to TLSWrap instance during handshake - Modify 8334.diff: * ported and updated system CA store for the new node crypto code ------------------------------------------------------------------- Wed Nov 23 09:00:40 UTC 2016 - adam.majer@suse.de - Add missing conflicts to base package. It's not possible to have concurrent nodejs installations. ------------------------------------------------------------------- Fri Nov 18 11:59:06 UTC 2016 - adam.majer@suse.de - Package unification across various branches of NodeJS. Package for 4.x, 6.x and current (7.x) branches of NodeJS are now handled via GitHub repository. - NodeJS 6.x LTS package, based on NodeJS 4.x LTS layout. All NodeJS packages are interchangeable. (FATE #321373) ------------------------------------------------------------------- Mon Nov 7 13:15:21 UTC 2016 - adam.majer@suse.de - Add versioned dependencies for unbundling of c-ares and icu libraries - SLE12 can have unbundled libicu ------------------------------------------------------------------- Wed Nov 2 04:13:20 UTC 2016 - qantas94heavy@gmail.com - Fork package devel:languages:nodejs/nodejs - Remove support-arm64-build.patch (not necessary for aarch64 build) - Use system library versions of c-ares and ICU where supported - Remove /usr/{lib,lib64}/node_modules from global module paths * This is deprecated behaviour that was caused by an incorrect patch in devel:languages:nodejs/nodejs almost 6 months ago (boo#985350) - Modify nodejs-libpath.patch * Move /usr/lib64/node_modules to %{_libexecpath} as npm isn't architecture dependent (only npm itself is stored there) - Remove nodejs-libpath64.patch - Use separate .sig file instead of .asc file for source verification - Use exec instead of xargs to remove files in install script
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor