Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
nodejs18
nodejs18.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nodejs18.changes of Package nodejs18
------------------------------------------------------------------- Tue Apr 9 14:46:41 UTC 2024 - Adam Majer <adam.majer@suse.de> - Update to 18.20.1: * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) (bsc#1222244) * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation- (Medium) (bsc#1222384) * updated dependencies: + llhttp version 9.2.1 + undici version 5.28.4 (bsc#1222530, bsc#1222603, CVE-2024-30260, CVE-2024-30261) - cares_sle12_capabilities.patch: no get_random() on sle12 ------------------------------------------------------------------- Tue Apr 2 15:00:28 UTC 2024 - Adam Majer <adam.majer@suse.de> - Update to 18.20.0: * Added support for import attributes * vm: fix V8 compilation cache support for vm.Script - versioned.patch: refreshed ------------------------------------------------------------------- Fri Feb 16 16:08:22 UTC 2024 - Adam Majer <adam.majer@suse.de> - Update to 18.19.1: (security updates) * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High) * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) * undici version 5.28.3 (CVE-2024-24758, bsc#1220017) * libuv version 1.48.0 (CVE-2024-24806, bsc#1220053) ------------------------------------------------------------------- Tue Dec 19 12:23:09 UTC 2023 - Adam Majer <adam.majer@suse.de> - sle12-node-gyp-addon-gypi.patch: added variant of node-gyp-addon-gypi.patch for SLE12 compatibility. node-gyp-addon-gypi.patch is for SLE15+ ------------------------------------------------------------------- Mon Dec 18 10:03:02 UTC 2023 - Adam Majer <adam.majer@suse.de> - 18.19.0 - Update to LTS version 18.19.0 * deps: npm updates to 10.x * esm: + Leverage loaders when resolving subsequent loaders + import.meta.resolve unflagged + --experimental-default-type flag to flip module defaults For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md - node-gyp-addon-gypi.patch, fix_ci_tests.patch, versioned.patch: refreshed ------------------------------------------------------------------- Mon Oct 16 10:09:43 UTC 2023 - Adam Majer <adam.majer@suse.de> - 18.18.2 - Security update to version 18.18.2 * (CVE-2023-44487, bsc#1216190): nghttp2 Security Release * (CVE-2023-45143, bsc#1216205): undici Security Release * (CVE-2023-38552, bsc#1216272): Integrity checks according to policies can be circumvented * (CVE-2023-39333, bsc#1216273): Code injection via WebAssembly export names ------------------------------------------------------------------- Wed Oct 11 08:54:20 UTC 2023 - Adam Majer <adam.majer@suse.de> - 18.18.1 - Update to LTS version 18.18.1 * deps: libuv update in 18.18.0 broke webpack's thread-loader. This update should fix this. ------------------------------------------------------------------- Tue Sep 19 14:05:45 UTC 2023 - Adam Majer <adam.majer@suse.de> - Update to LTS version 18.18.0 * build: sync libuv header change * deps: add missing thread-common.c in uv.gyp * deps: upgrade to libuv 1.46.0 * doc: add atlowChemi to collaborators * esm: add `--import` flag * events: allow safely adding listener to abortSignal * fs, stream: initial `Symbol.dispose` and `Symbol.asyncDispose` support * net: add autoSelectFamily global getter and setter * url: add value argument to has and delete methods - versioned.patch: refreshed ------------------------------------------------------------------- Thu Aug 10 14:08:36 UTC 2023 - Adam Majer <adam.majer@suse.de> - Update to LTS version 18.17.1 (security fixes). The following CVE were fixed: * (CVE-2023-32002, bsc#1214150): Policies can be bypassed via Module._load (High) * (CVE-2023-32006, bsc#1214156): Policies can be bypassed by module.constructor.createRequire (Medium) * (CVE-2023-32559, bsc#1214154): Policies can be bypassed via process.binding (Medium) - Changes included in LTS version 18.17.0: * dns: expose getDefaultResultOrder * events: add getMaxListeners method * fs: + add support for mode flag to specify the copy behavior + add recursive option to readdir and opendir + add support for mode flag to specify the copy behavior + implement byob mode for readableWebStream() * http: + prevent writing to the body when not allowed by HTTP spec + remove internal error in assignSocket + add highWaterMark opt in http.createServer * lib: + add webstreams to Duplex.from() + implement AbortSignal.any() * module: + change default resolver to not throw on unknown scheme * node-api: + define version 9 + deprecate napi_module_register * stream: + preserve object mode in compose + add setter & getter for default highWaterMark * test_runner: + add shorthands to `test` + support combining coverage reports + execute before hook on test + expose reporter for use in run api * tools: update LICENSE and license-builder.sh * url: implement URL.canParse * wasi: no longer require flag to enable wasi - npm_search_paths.patch,fix_ci_tests.patch,versioned.patch: refreshed ------------------------------------------------------------------- Wed Jun 21 11:24:39 UTC 2023 - Adam Majer <adam.majer@suse.de> - Update to version 18.16.1 (security fixes only). The following CVEs are fixed in this release: * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass Experimental Policy Mechanism (High) * (CVE-2023-30585, bsc#1212579): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid Public Key information in x509 certificates (Medium) * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via Empty headers separated by CR (Medium) * (CVE-2023-30590, bsc#1212583): DiffieHellman does not generate keys after setting a private key (Medium) * c-ares security issues: + CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service (bsc#1211604) + CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs (bsc#1211605) + CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) + CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - fix_ci_tests.patch: increase default timeout on unit tests to 20min from 2min. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) ------------------------------------------------------------------- Thu Apr 13 13:49:59 UTC 2023 - Adam Majer <adam.majer@suse.de> - Update to NodeJS 18.16.0 LTS version * Add initial support for single executable applications * Replace url parser with Ada * buffer: add Buffer.copyBytesFrom - refreshed patches: versioned.patch linker_lto_jobs.patch ------------------------------------------------------------------- Mon Mar 13 16:43:33 UTC 2023 - Adam Majer <adam.majer@suse.de> - relax Requires to Suggests for alts on TW ------------------------------------------------------------------- Wed Mar 8 13:01:06 UTC 2023 - Adam Majer <adam.majer@suse.de> - 18.15.0 - Update to NodeJS 18.15.0 LTS version: * test_runner: + add initial code coverate support + add reporters * fs: add statfs() * buffer: add isAscii() - s390.patch, sysctl.patch: upstreamed and removed ------------------------------------------------------------------- Thu Feb 23 10:41:38 UTC 2023 - Adam Majer <adam.majer@suse.de> - node-gyp_7.1.2.tar.xz: added dependencies so they don't conflict with npm dependencies. ------------------------------------------------------------------- Wed Feb 22 13:59:45 UTC 2023 - Adam Majer <adam.majer@suse.de> - Update to NodeJS 18.14.2 LTS: * deps: upgrade npm to 9.5.0 (bsc#1208744, CVE-2022-25881) * deps: update undici to 5.20.0 - Changes in version 18.14.1: * fixes permissions policies can be bypassed via process.mainModule (bsc#1208481, CVE-2023-23918) * fixes insecure loading of ICU data through ICU_DATA environment variable (bsc#1208487, CVE-2023-23920) * fixes OpenSSL error handling issues in nodejs crypto library (bsc#1208483, CVE-2023-23919) * updates undici to v5.19.1 + Fetch API in Node.js did not protect against CRLF injection in host headers + Regular Expression Denial of Service in Headers in Node.js fetch API (bsc#1208413, bsc#1208485, CVE-2023-24807, CVE-2023-23936) - versioned.patch: refreshed - sysctl.patch: unit test fixes ------------------------------------------------------------------- Fri Feb 3 11:43:02 UTC 2023 - Adam Majer <adam.majer@suse.de> - Update to NodeJS 18.14.0 LTS: * deps: + update npm to 9.2.0 * http: + join authorization headers + improved timeout defaults handling * stream: + implement finished() for ReadableStream and WritableStream - refreshed patches: linker_lto_jobs.patch, npm_search_paths.patch, versioned.patch ------------------------------------------------------------------- Wed Feb 1 07:58:26 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org> - Do not use pkg_vcmp to decide BuildDependencies: this works based on 'installed packages' which is not interpreted correctly by the scheduler. Rather switch to boolean dependencies. ------------------------------------------------------------------ Wed Jan 25 12:01:18 UTC 2023 - Adam Majer <adam.majer@suse.de> - Again use openssl-3, if available. - _constraints: reset aarch64 memory requirements back to original otherwise some unit tests can fail - s390.patch: fix unit test on s390 with patched zlib ------------------------------------------------------------------- Mon Jan 16 14:57:58 UTC 2023 - Adam Majer <adam.majer@suse.de> - Update to NodejJS 18.13.0 LTS: * build: disable v8 snapshot compression by default * crypto: update root certificates * deps: update ICU to 72.1 * doc: + add doc-only deprecation for headers/trailers setters + add Rafael to the tsc + deprecate use of invalid ports in url.parse + deprecate url.parse() * lib: drop fetch experimental warning * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options * src: + add uvwasi version + add initial shadow realm support * test_runner: + add t.after() hook + don't use a symbol for runHook() * tls: + add "ca" property to certificate object * util: + add fast path for utf8 encoding + improve textdecoder decode performance + add MIME utilities - new_python3.patch, icu721_fixes.patch: upstreamed, removed ------------------------------------------------------------------- Fri Dec 23 11:31:12 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org> - Update _constraints: * Less RAM for aarch64 and 32-bit arm * Use 'asimdrdm' cpu flag to use aarch64 workers where tests are more stable ------------------------------------------------------------------- Thu Nov 10 08:18:42 UTC 2022 - Adam Majer <adam.majer@suse.de> - icu721_fixes.patch: fixes compatibility with ICU 72.1 (bsc#1205236) ------------------------------------------------------------------- Mon Nov 7 14:00:54 UTC 2022 - Adam Majer <adam.majer@suse.de> - Fix migration to openssl-3 (bsc#1205042) ------------------------------------------------------------------- Mon Nov 7 09:05:07 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to NodeJS 18.12.1 LTS: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) ------------------------------------------------------------------- Fri Oct 28 10:31:50 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to NodeJS 18.12.0 LTS: * Running in 'watch' mode using node --watch restarts the process when an imported file is changed. * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * util: add default value option to parsearg ------------------------------------------------------------------- Mon Oct 17 13:02:52 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to NodeJS 18.11.0: * added experimental watch mode -- running in 'watch' mode using node --watch restarts the process when an imported file is changed * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * lib: refactor transferable AbortSignal * src: add detailed embedder process initialization API * util: add default value option to parsearg - legacy_python.patch, versioned.patch: updated ------------------------------------------------------------------- Wed Oct 12 08:14:29 UTC 2022 - Adam Majer <adam.majer@suse.de> - qemu_timeouts_arches.patch: set timeouts on riscv5 to 7x normal ------------------------------------------------------------------- Fri Oct 7 08:05:59 UTC 2022 - Dirk Müller <dmueller@suse.com> - skip more tests for riscv64/qemu emulation ------------------------------------------------------------------- Thu Sep 29 13:58:09 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to NodeJS 18.10.0: * deps: upgrade npm to 8.19.2 * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() - openssl3_fixups.patch: upstreamed and removed ------------------------------------------------------------------- Mon Sep 26 13:13:39 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to Nodejs 18.9.1: * deps: llhttp updated to 6.0.10 + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215, bsc#1201327) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832) * crypto: fix weak randomness in WebCrypto keygen (CVE-2022-35255, bsc#1203831) ------------------------------------------------------------------- Sat Sep 17 10:35:31 UTC 2022 - Bruno Pitrus <brunopitrus@hotmail.com> - Skip test-fs-utimes-y2K38.js on armv6hl as well as armv7hl. ------------------------------------------------------------------- Thu Sep 15 15:00:25 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to Nodejs 18.9.0: * lib - add diagnostics channel for process and worker * os - add machine method * report - expose report public native apis * src - expose environment RequestInterrupt api * vm - include vm context in the embedded snapshot - Changes in 18.8.0: * bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob. See * crypto: + allow zero-length IKM in HKDF and in webcrypto PBKDF2 + allow zero-length secret KeyObject * deps: upgrade npm to 8.18.0 * http: make idle http parser count configurable * net: add local family * src: print source map error source on demand * tls: pass a valid socket on tlsClientError - dns.patch: upstreamed, removed - nodejs-libpath.patch, versioned.patch: refreshed - fix_ci_tests.patch: partially upstreamed - openssl3_fixups.patch: fix unit tests with openssl 1.1.1 - new_python3.patch: enable python 3.11 as valid interpreter ------------------------------------------------------------------- Thu Aug 18 10:41:57 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to Nodejs 18.7.0: * events: add CustomEvent * http: add drop request event for http server * lib: improved diagnostics_channel subscribe/unsubscribe * util: add tokens to parseArgs - enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303) ------------------------------------------------------------------- Sun Jul 31 15:37:05 UTC 2022 - Adam Majer <adam.majer@suse.de> - dns.patch: fix regression https://github.com/nodejs/node/issues/44003 ------------------------------------------------------------------- Sun Jul 24 09:47:19 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to Nodejs 18.6.0: * Experimental ESM Loader Hooks API. For details see, https://nodejs.org/api/esm.html * dns: export error code constants from dns/promises * esm: add chaining to loaders * http: add diagnostics channel for http client * http: add perf_hooks detail for http request and client * module: add isBuiltIn method * net: add drop event for net server * test_runner: expose describe and it * v8: add v8.startupSnapshot utils For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0 ------------------------------------------------------------------- Mon Jul 11 12:00:48 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to Nodejs 18.5.0: * http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) * src: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0 ------------------------------------------------------------------- Tue Jun 28 13:06:23 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to Nodejs 18.4.0. For detailed changes see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0 - refreshed: versioned.patch, linker_lto_jobs.patch, nodejs-libpath.patch ------------------------------------------------------------------- Thu May 19 15:01:09 UTC 2022 - Adam Majer <adam.majer@suse.de> - Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0 Patches carried over from nodejs17: legacy_python.patch node-gyp-addon-gypi.patch openssl_binary_detection.patch test-skip-y2038-on-32bit-time_t.patch cares_public_headers.patch rsa-pss-revert.patch linker_lto_jobs.patch versioned.patch fix_ci_tests.patch manual_configure.patch npm_search_paths.patch skip_no_console.patch flaky_test_rerun.patch nodejs-libpath.patch sle12_python3_compat.patch
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor