2023-10-05 16:56:50 +02:00
|
|
|
-------------------------------------------------------------------
|
2023-10-16 12:06:07 +02:00
|
|
|
Mon Oct 16 09:28:06 UTC 2023 - Adam Majer <adam.majer@suse.de> - 20.8.1
|
|
|
|
|
|
|
|
|
|
- Security fixes relase 20.8.1
|
|
|
|
|
* (CVE-2023-44487, bsc#1216190): nghttp2 Security Release
|
|
|
|
|
* (CVE-2023-45143, bsc#1216205): undici Security Release
|
|
|
|
|
* (CVE-2023-39332, bsc#1216271): Path traversal through path stored in Uint8Array
|
|
|
|
|
* (CVE-2023-39331, bsc#1216270): Permission model improperly protects against path traversal
|
|
|
|
|
* (CVE-2023-38552, bsc#1216272): Integrity checks according to policies can be circumvented
|
|
|
|
|
* (CVE-2023-39333, bsc#1216273): Code injection via WebAssembly export names
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2023-10-05 16:56:50 +02:00
|
|
|
Thu Oct 5 13:45:41 UTC 2023 - Adam Majer <adam.majer@suse.de> - 20.8.0
|
|
|
|
|
|
|
|
|
|
- Update to 20.8.0:
|
|
|
|
|
* Stream performance improvements
|
|
|
|
|
* Rework of memory management in vm APIs with the importModuleDynamically
|
|
|
|
|
option
|
|
|
|
|
* test_runner:
|
|
|
|
|
+ accept testOnly in run
|
|
|
|
|
+ add junit reporter
|
|
|
|
|
|
|
|
|
|
- fix_ci_tests.patch: refreshed
|
|
|
|
|
|
2023-09-08 12:48:07 +02:00
|
|
|
-------------------------------------------------------------------
|
2023-09-19 17:37:59 +02:00
|
|
|
Tue Sep 19 14:40:13 UTC 2023 - Adam Majer <adam.majer@suse.de> - 20.7.0
|
|
|
|
|
|
|
|
|
|
- Update to 20.7.0:
|
|
|
|
|
* src: support multiple --env-file declarations
|
|
|
|
|
* deps: upgrade npm to 10.1.0
|
|
|
|
|
* doc: move and rename loaders section
|
|
|
|
|
* lib: add api to detect whether source-maps are enabled
|
|
|
|
|
* src,permission: add multiple allow-fs-* flags
|
|
|
|
|
* test_runner: expose location of tests
|
|
|
|
|
|
|
|
|
|
- z13.patch: upstreamed
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 18 10:08:42 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
|
|
|
|
|
|
- Update to 20.6.1:
|
|
|
|
|
* f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: removed, upstreamed
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2023-09-08 12:48:07 +02:00
|
|
|
Fri Sep 8 10:46:20 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
|
|
|
|
|
|
- f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: fixes issues with
|
|
|
|
|
Angular and other software that tries to load ECM modules in
|
|
|
|
|
somewhat circular fashion ending up with multiple executions.
|
|
|
|
|
|
2023-09-05 11:57:08 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 5 09:29:49 UTC 2023 - Adam Majer <adam.majer@suse.de> - 20.6.0
|
|
|
|
|
|
|
|
|
|
- Update to 20.6.0:
|
|
|
|
|
* add support for .env files to configure envrionment variables
|
|
|
|
|
* import.meta.resolve unflagged
|
|
|
|
|
* deps: npm updated to 9.8.1
|
2023-09-05 13:21:21 +02:00
|
|
|
- nodejs.keyring: updated to include current upstream releasers
|
2023-09-05 11:57:08 +02:00
|
|
|
|
2023-08-25 16:46:06 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 25 14:34:21 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
|
|
|
|
|
|
- Temporarily bundle ICU for SLE15 SP6 (jsc#PED-4819)
|
|
|
|
|
|
2023-08-10 16:02:38 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 10 13:51:20 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 20.5.1:
|
|
|
|
|
* (CVE-2023-32002, bsc#1214150): Policies can be bypassed
|
|
|
|
|
via Module._load (High)
|
|
|
|
|
* (CVE-2023-32558, bsc#1214155): process.binding() can bypass
|
|
|
|
|
the permission model through path traversal (High)
|
|
|
|
|
* (CVE-2023-32004, bsc#1214152): Permission model can be bypassed
|
|
|
|
|
by specifying a path traversal sequence in a Buffer (High)
|
|
|
|
|
* (CVE-2023-32006, bsc#1214156): Policies can be bypassed
|
|
|
|
|
by module.constructor.createRequire (Medium)
|
|
|
|
|
* (CVE-2023-32559, bsc#1214154): Policies can be bypassed
|
|
|
|
|
via process.binding (Medium)
|
|
|
|
|
* (CVE-2023-32005, bsc#1214153): fs.statfs can bypass
|
|
|
|
|
the permission model (Low)
|
|
|
|
|
* (CVE-2023-32003, bsc#1214151): fs.mkdtemp() and fs.mkdtempSync()
|
|
|
|
|
can bypass the permission model (Low)
|
|
|
|
|
- Changes in 20.5.0:
|
|
|
|
|
* events: allow safely adding listener to abortSignal
|
|
|
|
|
* fs: add a fast-path for readFileSync utf-8
|
|
|
|
|
* test_runner: add shards support
|
|
|
|
|
- Changes in 20.4.0:
|
|
|
|
|
* tls: add ALPNCallback server option for dynamic ALPN negotiation
|
|
|
|
|
* adds support for ECMAScript Explicit Resource Management
|
|
|
|
|
* adds Mock Timer support to test module
|
|
|
|
|
|
|
|
|
|
For details see,
|
2023-08-10 16:03:48 +02:00
|
|
|
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.5.1
|
|
|
|
|
|
|
|
|
|
versioned.patch: refreshed
|
2023-08-10 16:02:38 +02:00
|
|
|
|
- Update to version 20.3.1 (security fixes only). The following
CVEs are fixed in this release:
* (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass
Experimental Policy Mechanism (High)
* (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in
Experimental Permission Model (High)
* (CVE-2023-30587, bsc#1212576): Bypass of Experimental
Permission Model via Node.js Inspector (High)
* (CVE-2023-30582, bsc#1212577): Inadequate Permission Model
Allows Unauthorized File Watching (Medium)
* (CVE-2023-30583, bsc#1212578): Bypass of Experimental
Permission Model via fs.openAsBlob() (Medium)
* (CVE-2023-30585, bsc#1212579): Privilege escalation via
Malicious Registry Key manipulation during Node.js
installer repair process (Medium)
* (CVE-2023-30586, bsc#1212580): Bypass of Experimental
Permission Model via Arbitrary OpenSSL Engines (Medium)
* (CVE-2023-30588, bsc#1212581): Process interuption due to invalid
Public Key information in x509 certificates (Medium)
* (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via
Empty headers separated by CR (Medium)
* (CVE-2023-30590, bsc#1212583): DiffieHellman does not
generate keys after setting a private key (Medium)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs20?expand=0&rev=22
2023-06-21 14:07:38 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 21 11:24:39 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 20.3.1 (security fixes only). The following
|
|
|
|
|
CVEs are fixed in this release:
|
|
|
|
|
* (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass
|
|
|
|
|
Experimental Policy Mechanism (High)
|
|
|
|
|
* (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in
|
|
|
|
|
Experimental Permission Model (High)
|
|
|
|
|
* (CVE-2023-30587, bsc#1212576): Bypass of Experimental
|
|
|
|
|
Permission Model via Node.js Inspector (High)
|
|
|
|
|
* (CVE-2023-30582, bsc#1212577): Inadequate Permission Model
|
|
|
|
|
Allows Unauthorized File Watching (Medium)
|
|
|
|
|
* (CVE-2023-30583, bsc#1212578): Bypass of Experimental
|
|
|
|
|
Permission Model via fs.openAsBlob() (Medium)
|
|
|
|
|
* (CVE-2023-30585, bsc#1212579): Privilege escalation via
|
|
|
|
|
Malicious Registry Key manipulation during Node.js
|
|
|
|
|
installer repair process (Medium)
|
|
|
|
|
* (CVE-2023-30586, bsc#1212580): Bypass of Experimental
|
|
|
|
|
Permission Model via Arbitrary OpenSSL Engines (Medium)
|
|
|
|
|
* (CVE-2023-30588, bsc#1212581): Process interuption due to invalid
|
|
|
|
|
Public Key information in x509 certificates (Medium)
|
|
|
|
|
* (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via
|
|
|
|
|
Empty headers separated by CR (Medium)
|
|
|
|
|
* (CVE-2023-30590, bsc#1212583): DiffieHellman does not
|
|
|
|
|
generate keys after setting a private key (Medium)
|
|
|
|
|
|
2023-06-15 13:44:48 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 15 11:25:18 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 20.3.0:
|
|
|
|
|
* deps: upgrade to libuv 1.45.0, including significant performance
|
|
|
|
|
improvements to file system operations on Linux
|
|
|
|
|
* module: change default resolver to not throw on unknown scheme
|
|
|
|
|
* stream: deprecate asIndexedPairs
|
|
|
|
|
|
|
|
|
|
- versioned.patch, fix_ci_tests.patch: refreshed
|
|
|
|
|
- openssl3_1-adapt_tests.patch: upstreamed and removed
|
|
|
|
|
|
|
|
|
|
For details see,
|
|
|
|
|
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.3.0
|
|
|
|
|
|
2023-05-22 16:46:32 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 22 14:45:27 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
|
|
|
|
|
|
- Fix build on SLE12SP5
|
|
|
|
|
|
2023-05-19 15:53:28 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri May 19 12:17:15 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 20.2.0:
|
|
|
|
|
* http: prevent writing to the body when not allowed by HTTP spec
|
|
|
|
|
* sea: add option to disable the experimental SEA warning
|
|
|
|
|
* test_runner: add skip, todo, and only shorthands to test
|
|
|
|
|
* url: add value argument to URLSearchParams has and delete methods
|
|
|
|
|
|
|
|
|
|
For details see,
|
|
|
|
|
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.2.0
|
|
|
|
|
|
2023-05-15 16:06:14 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 15 14:03:24 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
|
|
|
|
|
|
- fix_ci_tests.patch: increase default timeout on unit tests
|
|
|
|
|
to 20min from 2min. This seems to have lead to build failures
|
2023-05-15 16:34:43 +02:00
|
|
|
on some platforms, like s390x in Factory. (bsc#1211407)
|
2023-05-15 16:06:14 +02:00
|
|
|
|
2023-05-12 09:59:13 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri May 12 07:52:30 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
|
|
|
|
|
|
- z13.patch: fixes illegal instruction error on z13 and older s390
|
|
|
|
|
|
2023-05-10 13:13:14 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu May 10 13:09:58 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
|
|
|
|
|
|
|
|
|
- Adapt tests for OpenSSL 3.1 [bsc#1209430]
|
|
|
|
|
* Add openssl3_1-adapt_tests.patch
|
|
|
|
|
|
2023-05-04 15:34:39 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu May 4 13:26:26 UTC 2023 - Adam Majer <adam.majer@suse.de> - 20.1.0
|
|
|
|
|
|
|
|
|
|
- Update to version 20.1.0
|
|
|
|
|
assert: deprecate CallTracker
|
|
|
|
|
dns: expose getDefaultResultOrder
|
|
|
|
|
doc: add KhafraDev to collaborators
|
|
|
|
|
fs: add recursive option to readdir and opendir
|
|
|
|
|
fs: add support for mode flag to specify the copy behavior
|
|
|
|
|
of the cp methods
|
|
|
|
|
http: add highWaterMark option http.createServer
|
|
|
|
|
stream: preserve object mode in compose
|
|
|
|
|
test_runner: add testNamePatterns to run API
|
|
|
|
|
test_runner: execute before hook on test
|
|
|
|
|
test_runner: support combining coverage reports
|
|
|
|
|
wasi: make returnOnExit true by default
|
|
|
|
|
|
2023-04-19 15:34:21 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 19 13:16:54 UTC 2023 - Adam Majer <adam.majer@suse.de> - 20.0.0
|
|
|
|
|
|
|
|
|
|
- Package new version 20.0.0
|
|
|
|
|
For overview of changes and details since 19.x and earlier see
|
|
|
|
|
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.0.0
|
|
|
|
|
|
|
|
|
|
- imported the following patches from prior patches:
|
|
|
|
|
+ cares_public_headers.patch
|
|
|
|
|
+ fix_ci_tests.patch
|
|
|
|
|
+ flaky_test_rerun.patch
|
|
|
|
|
+ legacy_python.patch
|
|
|
|
|
+ linker_lto_jobs.patch
|
|
|
|
|
+ manual_configure.patch
|
|
|
|
|
+ node-gyp-addon-gypi.patch
|
|
|
|
|
+ node-gyp-config.patch
|
|
|
|
|
+ nodejs-libpath.patch
|
|
|
|
|
+ npm_search_paths.patch
|
|
|
|
|
+ openssl_binary_detection.patch
|
|
|
|
|
+ qemu_timeouts_arches.patch
|
|
|
|
|
+ skip_no_console.patch
|
|
|
|
|
+ sle12_python3_compat.patch
|
|
|
|
|
+ test-skip-y2038-on-32bit-time_t.patch
|
|
|
|
|
+ versioned.patch
|
|
|
|
|
|