Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
nodejs14.17752
nodejs14.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nodejs14.changes of Package nodejs14.17752
------------------------------------------------------------------- Mon Jan 4 19:27:41 UTC 2021 - Adam Majer <adam.majer@suse.de> - New upstream LTS version 14.15.4: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) ------------------------------------------------------------------- Mon Dec 21 12:37:16 UTC 2020 - Adam Majer <adam.majer@suse.de> - New upstream LTS version 14.15.3: * deps: + upgrade npm to 6.14.9 + update acorn to v8.0.4 * http2: check write not scheduled in scope destructor * stream: fix regression on duplex end - versioned.patch, sle12_python3_compat.patch: refreshed ------------------------------------------------------------------- Mon Nov 30 19:44:30 UTC 2020 - Adam Majer <adam.majer@suse.de> - openssl_binary_detection.patch: fixes unit tests on SLE12 ------------------------------------------------------------------- Mon Nov 23 16:06:15 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update Requires: so -devel requires npm - Rely on rpmbuild to define necessary python dependencies ------------------------------------------------------------------- Thu Nov 19 11:42:09 UTC 2020 - Adam Majer <adam.majer@suse.de> - New upstream LTS version 14.15.1: * deps: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses (bsc#1178882, CVE-2020-8277) ------------------------------------------------------------------- Thu Oct 29 10:12:54 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to LTS version 14.15.0: (jsc#SLE-15774) * no major changes * test: reverts marking test-webcrypto-encrypt-decrypt-aes flaky ------------------------------------------------------------------- Tue Oct 20 14:23:42 UTC 2020 - Adam Majer <adam.majer@suse.de> - Use SLE OpenSSL version with 12-SP4+, and not just 12-SP5+ - Bump mininum ICU version to 65 ------------------------------------------------------------------- Fri Oct 16 11:54:33 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to version 14.14.0: * fs: add rm method * http: allow passing array of key/val into writeHead * src: expose v8::Isolate setup callbacks - sle12_python3_compat.patch: refreshed ------------------------------------------------------------------- Thu Oct 8 15:12:05 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to version 14.13.1: * fs: rmdir recursive is no longer considered experimental - fix_ci_tests.patch: add support to SUSE's ECDH backport errors in SLE's openssl ------------------------------------------------------------------- Tue Oct 6 11:30:37 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to version 14.13.0: * deps: upgrade to libuv 1.40.0 #35333 * module: named exports for CJS via static analysis #35249 * module: exports pattern support #34718 * src: allow N-API addon in AddLinkedBinding() ------------------------------------------------------------------- Thu Sep 24 19:04:31 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to version 14.12.0: * n-api: + create N-API version 7 + add more property defaults - Changes since version 14.9.0 * deps: + update llhttp to 2.1.2 (bsc#1176605, CVE-2020-8201) + http: add requestTimeout. Fixes Denial of Service by resource exhaustion due to unfinished HTTP/1.1 requests (bsc#1176604, CVE-2020-8251) + buffer: also alias BigUInt methods + crypto: add randomInt function + perf_hooks: add idleTime and event loop util + stream: simpler and faster Readable async iterator + stream: save error in state ------------------------------------------------------------------- Wed Sep 2 10:44:47 UTC 2020 - Adam Majer <adam.majer@suse.de> - old_icu.patch: re-add support for ICU 65 from SLE15 SP2 - fix_ci_tests.patch: move debug symbol strip for testing to the Makefile ------------------------------------------------------------------- Fri Aug 28 10:39:52 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to version 14.9.0: * build: set --v8-enable-object-print by default (Mary Marchini) #34705 * deps: + upgrade to libuv 1.39.0 (cjihrig) #34915 + upgrade npm to 6.14.8 (Ruy Adorno) #34834 + V8: cherry-pick e06ace6b5cdb (Anna Henningsen) #34673 * n-api: handle weak no-finalizer refs correctly (Gabriel Schulhof) #34839 * tools: add debug entitlements for macOS 10.15+ (Gabriele Greco) #34378 - Changes in version 14.8.0: * async_hooks: add AsyncResource.bind utility (James M Snell) #34574 * deps: update to uvwasi 0.0.10 (Colin Ihrig) #34623 * module: unflag Top-Level Await (Myles Borins) #34558 * n-api: support type-tagging objects (Gabriel Schulhof) #28237 * n-api,src: provide asynchronous cleanup hooks (Anna Henningsen) #34572 - versioned.patch: refreshed - linker_lto_jobs.patch: refreshed ------------------------------------------------------------------- Mon Aug 10 16:38:15 UTC 2020 - Adam Majer <adam.majer@suse.de> - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686) ------------------------------------------------------------------- Mon Aug 3 12:20:57 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to version 14.7.0: * deps: upgrade npm to 6.14.7 * dgram: add IPv6 scope id suffix to received udp6 dgrams * src: + allow preventing SetPromiseRejectCallback #34387 + allow setting a dir for all diagnostic output #33584 * worker: make MessagePort inherit from EventTarget #34057 * zlib: switch to lazy init for zlib streams (Andrey Pechkurov) #34048 ------------------------------------------------------------------- Tue Jul 28 07:13:57 UTC 2020 - Dirk Mueller <dmueller@suse.com> - avoid rpmbuild warnings on if/else/endif constructs ------------------------------------------------------------------- Wed Jul 22 12:52:50 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to version 14.6.0: * deps: + upgrade to libuv 1.38.1 + upgrade npm to 6.14.6 fixing information leak through log files (bsc#1173937, CVE-2020-15095) + update V8 to 8.4.371.19 * module: + doc only deprecation of module.parent + package "imports" field * src: allow embedders to disable esm loader * tls: make 'createSecureContext' honor more options * vm: add run-after-evaluate microtask mode * worker: add option to track unmanaged file descriptors - versioned.patch - refreshed ------------------------------------------------------------------- Thu Jul 2 20:51:30 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to version 14.5.0: * deps: V8 engine is updated to version 8.3. For details, see https://v8.dev/blog/v8-release-83 * events: experimental implementation of EventTarget For details, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V14.md#14.5.0 - sle12_python3_compat.patch: refreshed - fix_ci_tests.patch: refreshed ------------------------------------------------------------------- Tue Jun 9 11:45:55 UTC 2020 - Adam Majer <adam.majer@suse.de> - Add Require for nodejs14 when intalling npm14. (bsc#1172728) ------------------------------------------------------------------- Thu Jun 4 12:03:49 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to version 14.4.0: * napi: fix various types of memory corruption in napi_get_value_string_*() (CVE-2020-8174, bsc#1172443) * http2: fix HTTP/2 Large Settings Frame DoS (CVE-2020-11080, bsc#1172442) * TLS session reuse can lead to host certificate verification bypass (CVE-2020-8172, bsc#1172441) ------------------------------------------------------------------- Fri May 29 10:46:58 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to version 14.3.0: * repl: previews improvements with autocompletion * it's now possible to use the await keyword outside of async functions, with the --experimental-top-level-await flag - Changes in version 14.2.0: * console: Support for console constructor groupIndentation options - skip_no_console.patch: refreshed - versioned.patch, fix_ci_tests.patch: refreshed ------------------------------------------------------------------- Thu Apr 30 11:22:45 UTC 2020 - Adam Majer <adam.majer@suse.de> - Update to version 14.1.0: * deps: upgrade openssl sources to 1.1.1g (SLE-12 only) * http: doc deprecate abort and improve docs * module: do not warn when accessing __esModule of unfinished exports * n-api: detect deadlocks in thread-safe function * src: deprecate embedder APIs with replacements * stream: + don't emit end after close + don't wait for close on legacy streams + pipeline should only destroy un-finished streams * vm: add importModuleDynamically option to compileFunction skip_no_console.patch: add more unit tests that fail on dumb terminals ------------------------------------------------------------------- Mon Apr 27 13:35:05 UTC 2020 - Adam Majer <adam.majer@suse.de> - Initial version 14.0.0 Deprecations * crypto: move pbkdf2 without digest to EOL * fs: deprecate closing FileHandle on garbage collection * http: move OutboundMessage.prototype.flush to EOL * lib: move GLOBAL and root aliases to EOL * os: move tmpDir() to EOL * src: remove deprecated wasm type check * stream: move _writableState.buffer to EOL * doc: deprecate process.mainModule * doc: deprecate process.umask() with no arguments For a detailed list of changes, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V14.md#14.0.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor