forked from pool/nodejs21
Adam Majer
a71f18ab65
* fixes bsc#1222665, CVE-2024-27980 - windows only bug OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs21?expand=0&rev=29
164 lines
6.2 KiB
Plaintext
164 lines
6.2 KiB
Plaintext
-------------------------------------------------------------------
|
|
Tue May 28 11:25:35 UTC 2024 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to 21.7.3:
|
|
* fixes bsc#1222665, CVE-2024-27980 - windows only bug
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 9 14:13:21 UTC 2024 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to 21.7.2:
|
|
* Assertion failed in node::http2::Http2Session::~Http2Session()
|
|
leads to HTTP/2 server crash (High) (bsc#1222244, CVE-2024-27983)
|
|
* HTTP Request Smuggling via Content Length Obfuscation
|
|
(Medium) (bsc#1222384, CVE-2024-27982)
|
|
* updated dependencies:
|
|
+ llhttp version 9.2.1
|
|
+ undici version 6.11.1 (bsc#1222530, bsc#1222603,
|
|
CVE-2024-30260, CVE-2024-30261)
|
|
|
|
- node-gyp-addon-gypi.patch: adapted for new unit test layouts
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 2 13:54:32 UTC 2024 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to 21.7.1
|
|
* revert "test_runner: do not invoke after hook when test is empty"
|
|
* lib: return directly if udp socket close before lookup
|
|
|
|
- Changes in 21.7.0
|
|
* util.styleText(format, text): This function returns a
|
|
formatted text considering the format passed.
|
|
* support for multi-line values for .env file
|
|
* sea: support embedding assets
|
|
* vm: support using the default loader to handle dynamic import()
|
|
* crypto: implement crypto.hash()
|
|
* http2: add h2 compat support for appendHeader
|
|
|
|
- versioned.patch, nodejs-libpath.patch: refreshed
|
|
- c-ares-fixes.patch: upstreamed, removed
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 16 15:37:23 UTC 2024 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to 21.6.2: (security updates)
|
|
* (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High)
|
|
* (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
|
|
* (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High)
|
|
* (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High)
|
|
* (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
|
|
* (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
|
|
* (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
|
|
* (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
|
|
* undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
|
|
* libuv version 1.48.0
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 12 14:51:32 UTC 2024 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to 21.6.1:
|
|
* Revert "stream: fix cloned webstreams not being unref'd"
|
|
|
|
- Changes in 21.6.0:
|
|
* New connection attempt events
|
|
* --allow-addons to enable addon usage when using the Permission Model.
|
|
* Support configurable snapshot through --build-snapshot-config flag
|
|
|
|
- fix_ci_tests.patch: refreshed
|
|
-------------------------------------------------------------------
|
|
Sat Jan 27 10:09:34 UTC 2024 - xtex <xtexchooser@duck.com>
|
|
|
|
- Add libalternative config for corepack
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 8 15:02:53 UTC 2024 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to 21.5.0:
|
|
* module: merge config with package_json_reader
|
|
* src: move package resolver to c++
|
|
* doc:
|
|
+ deprecate hash constructor
|
|
+ deprecate dirent.path
|
|
|
|
- linker_lto_jobs.patch: refreshed
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 2 14:25:03 UTC 2024 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- c-ares-fixes.patch: fixes unit tests for new c-ares
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 11 07:31:07 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to 21.4.0:
|
|
* fs: introduce dirent.parentPath
|
|
* fs: use default w flag for writeFileSync with utf8 encoding
|
|
|
|
- Changes in 21.3.0:
|
|
* New --disable-warning flag
|
|
* Fast fs.writeFileSync with UTF-8 Strings
|
|
|
|
For details, see
|
|
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V21.md#21.4.0
|
|
|
|
- fix_ci_tests.patch: added workaround for missing deps
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 23 10:44:16 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- node-gyp-addon-gypi.patch: fix misapplied patch (bsc#1217424)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 15 15:18:00 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Update to 21.2.0
|
|
* esm: add import.meta.dirname and import.meta.filename
|
|
* fs: add stacktrace to fs/promises
|
|
* lib:
|
|
+ add --no-experimental-global-navigator CLI flag
|
|
+ add navigator.language & navigator.languages
|
|
+ add navigator.platform
|
|
* stream:
|
|
+ add support for deflate-raw format to webstreams compression
|
|
+ use Array for Readable buffer
|
|
+ optimize creation
|
|
* test_runner:
|
|
+ adds built in lcov reporter
|
|
+ test_runner: add Date to the supported mock APIs
|
|
+ test_runner, cli: add --test-timeout flag
|
|
|
|
For details see
|
|
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V21.md#21.2.0
|
|
|
|
- nodejs20-zlib-1.3.patch: upstreamed, dropped
|
|
- node-gyp-addon-gypi.patch: rebased
|
|
- fix_ci_tests.patch: partially upstreamed
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 7 09:18:37 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- Package new version 21.1.0
|
|
For overview of changes and details since 20.x and earlier see
|
|
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V21.md#21.0.0
|
|
|
|
- imported the following patches from prior patches:
|
|
+ cares_public_headers.patch
|
|
+ fix_ci_tests.patch
|
|
+ flaky_test_rerun.patch
|
|
+ gcc13.patch
|
|
+ legacy_python.patch
|
|
+ linker_lto_jobs.patch
|
|
+ manual_configure.patch
|
|
+ node-gyp-addon-gypi.patch
|
|
+ node-gyp-config.patch
|
|
+ nodejs20-zlib-1.3.patch
|
|
+ nodejs-libpath.patch
|
|
+ npm_search_paths.patch
|
|
+ openssl_binary_detection.patch
|
|
+ qemu_timeouts_arches.patch
|
|
+ skip_no_console.patch
|
|
+ sle12_python3_compat.patch
|
|
+ test-skip-y2038-on-32bit-time_t.patch
|
|
+ versioned.patch
|
|
|