adamm/nodejs20
SHA256
1
0
Fork 0
Code Pull Requests Activity
86bbf8af98
nodejs20/nodejs20.changes
Adam Majer 86bbf8af98 - Update to version 20.3.1 (security fixes only). The following 
CVEs are fixed in this release:
  * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass
    Experimental Policy Mechanism (High)
  * (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in
    Experimental Permission Model (High)
  * (CVE-2023-30587, bsc#1212576): Bypass of Experimental
    Permission Model via Node.js Inspector (High)
  * (CVE-2023-30582, bsc#1212577): Inadequate Permission Model
    Allows Unauthorized File Watching (Medium)
  * (CVE-2023-30583, bsc#1212578): Bypass of Experimental
    Permission Model via fs.openAsBlob() (Medium)
  * (CVE-2023-30585, bsc#1212579): Privilege escalation via
    Malicious Registry Key manipulation during Node.js
    installer repair process (Medium)
  * (CVE-2023-30586, bsc#1212580): Bypass of Experimental
    Permission Model via Arbitrary OpenSSL Engines (Medium)
  * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid
    Public Key information in x509 certificates (Medium)
  * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via
    Empty headers separated by CR (Medium)
  * (CVE-2023-30590, bsc#1212583): DiffieHellman does not
    generate keys after setting a private key (Medium)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs20?expand=0&rev=22
2023-06-21 12:07:38 +00:00

120 lines
4.8 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Wed Jun 21 11:24:39 UTC 2023 - Adam Majer <adam.majer@suse.de>
- Update to version 20.3.1 (security fixes only). The following
CVEs are fixed in this release:
* (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass
Experimental Policy Mechanism (High)
* (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in
Experimental Permission Model (High)
* (CVE-2023-30587, bsc#1212576): Bypass of Experimental
Permission Model via Node.js Inspector (High)
* (CVE-2023-30582, bsc#1212577): Inadequate Permission Model
Allows Unauthorized File Watching (Medium)
* (CVE-2023-30583, bsc#1212578): Bypass of Experimental
Permission Model via fs.openAsBlob() (Medium)
* (CVE-2023-30585, bsc#1212579): Privilege escalation via
Malicious Registry Key manipulation during Node.js
installer repair process (Medium)
* (CVE-2023-30586, bsc#1212580): Bypass of Experimental
Permission Model via Arbitrary OpenSSL Engines (Medium)
* (CVE-2023-30588, bsc#1212581): Process interuption due to invalid
Public Key information in x509 certificates (Medium)
* (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via
Empty headers separated by CR (Medium)
* (CVE-2023-30590, bsc#1212583): DiffieHellman does not
generate keys after setting a private key (Medium)
-------------------------------------------------------------------
Thu Jun 15 11:25:18 UTC 2023 - Adam Majer <adam.majer@suse.de>
- Update to version 20.3.0:
* deps: upgrade to libuv 1.45.0, including significant performance
improvements to file system operations on Linux
* module: change default resolver to not throw on unknown scheme
* stream: deprecate asIndexedPairs
- versioned.patch, fix_ci_tests.patch: refreshed
- openssl3_1-adapt_tests.patch: upstreamed and removed
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.3.0
-------------------------------------------------------------------
Mon May 22 14:45:27 UTC 2023 - Adam Majer <adam.majer@suse.de>
- Fix build on SLE12SP5
-------------------------------------------------------------------
Fri May 19 12:17:15 UTC 2023 - Adam Majer <adam.majer@suse.de>
- Update to version 20.2.0:
* http: prevent writing to the body when not allowed by HTTP spec
* sea: add option to disable the experimental SEA warning
* test_runner: add skip, todo, and only shorthands to test
* url: add value argument to URLSearchParams has and delete methods
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.2.0
-------------------------------------------------------------------
Mon May 15 14:03:24 UTC 2023 - Adam Majer <adam.majer@suse.de>
- fix_ci_tests.patch: increase default timeout on unit tests
to 20min from 2min. This seems to have lead to build failures
on some platforms, like s390x in Factory. (bsc#1211407)
-------------------------------------------------------------------
Fri May 12 07:52:30 UTC 2023 - Adam Majer <adam.majer@suse.de>
- z13.patch: fixes illegal instruction error on z13 and older s390
-------------------------------------------------------------------
Thu May 10 13:09:58 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Adapt tests for OpenSSL 3.1 [bsc#1209430]
* Add openssl3_1-adapt_tests.patch
-------------------------------------------------------------------
Thu May 4 13:26:26 UTC 2023 - Adam Majer <adam.majer@suse.de> - 20.1.0
- Update to version 20.1.0
assert: deprecate CallTracker
dns: expose getDefaultResultOrder
doc: add KhafraDev to collaborators
fs: add recursive option to readdir and opendir
fs: add support for mode flag to specify the copy behavior
of the cp methods
http: add highWaterMark option http.createServer
stream: preserve object mode in compose
test_runner: add testNamePatterns to run API
test_runner: execute before hook on test
test_runner: support combining coverage reports
wasi: make returnOnExit true by default
-------------------------------------------------------------------
Wed Apr 19 13:16:54 UTC 2023 - Adam Majer <adam.majer@suse.de> - 20.0.0
- Package new version 20.0.0
For overview of changes and details since 19.x and earlier see
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.0.0
- imported the following patches from prior patches:
+ cares_public_headers.patch
+ fix_ci_tests.patch
+ flaky_test_rerun.patch
+ legacy_python.patch
+ linker_lto_jobs.patch
+ manual_configure.patch
+ node-gyp-addon-gypi.patch
+ node-gyp-config.patch
+ nodejs-libpath.patch
+ npm_search_paths.patch
+ openssl_binary_detection.patch
+ qemu_timeouts_arches.patch
+ skip_no_console.patch
+ sle12_python3_compat.patch
+ test-skip-y2038-on-32bit-time_t.patch
+ versioned.patch
View Git Blame Copy Permalink