nodejs10

SHA256

Author	SHA256	Message	Date
Adam Majer	d9c3644924	- CVE-2023-44487.patch: nghttp2 Security Release (CVE-2023-44487, bsc#1216190) - nodejs.keyring: include new releaser keys - newicu_test_fixup.patch: workaround whitespaces funnies in some icu versions OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=187	2023-10-25 11:18:21 +00:00
Adam Majer	c1015aaffd	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=186	2023-04-13 14:32:17 +00:00
Adam Majer	9c44ecaad1	- CVE-2022-25881.patch: http-cache-semantics(npm): Don't use regex to trim whitespace (bsc#1208744, CVE-2022-25881) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=185	2023-04-13 14:29:56 +00:00
Adam Majer	7b3a79261f	- CVE-2023-23920.patch: fixes insecure loading of ICU data through ICU_DATA environment variable (bsc#1208487, CVE-2023-23920) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=184	2023-02-22 11:33:32 +00:00
Adam Majer	e01a8ff785	- CVE-2022-43548.patch: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=183	2022-11-07 10:06:31 +00:00
Adam Majer	11443c2973	- CVE-2022-35256.patch: update llhttp to 2.1.6 + fixes CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + fixes incorrect parsing of header fields (CVE-2022-35256, bsc#1203832) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=182	2022-09-29 12:47:30 +00:00
Adam Majer	f6e7348e9b	CVE-2022-32214, CVE-2022-32215, bsc#1191602, CVE-2021-22960, bsc#1191601, CVE-2021-22959) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=181	2022-08-09 11:57:25 +00:00
Adam Majer	cc718baf73	- CVE-2021-22930.patch: backports http2 fixes (bsc#1188917, bsc#1189368, CVE-2021-22930, CVE-2021-22940) - CVE-2022-32213.patch: backport llhttp http parser fixes (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) - CVE-2022-32212.patch: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=180	2022-07-19 11:52:36 +00:00
Adam Majer	97a9329d36	- CVE-2021-22940.patch: merged with CVE-2021-22930.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=179	2022-07-18 15:45:57 +00:00
Adam Majer	ef2b06e403	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=178	2022-07-18 12:24:56 +00:00
Adam Majer	b7d70500b8	- CVE-2021-44906.patch: fix prototype pollution in npm dependency (bsc#1198247, CVE-2021-44906) - CVE-2021-44907.patch: fix insuficient sanitation in npm dependency (bsc#1197283, CVE-2021-44907) - CVE-2022-0235.patch: fix passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819, CVE-2022-0235) * CVE-2021-32803 - node-tar: Insufficient symlink protection OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=177	2022-04-21 15:54:23 +00:00
Adam Majer	166897fe0a	(bsc#1194514, CVE-2022-21824) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=176	2022-02-15 16:54:25 +00:00
Adam Majer	84df5ed6ac	- CVE-2022-21824.patch: fix prototype pollution via console.table OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=175	2022-02-15 16:51:44 +00:00
Adam Majer	2a1c926780	* CVE-2021-3918 - json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (bsc#1192696) - CVE-2021-3807.patch: node-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (bsc#1192154, CVE-2021-3807) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=174	2022-02-15 13:34:42 +00:00
Adam Majer	013ffaea96	- npm-v6.14.16.tar.gz: update to npm 6.14.16 fixing * CVE-2021-23343 - ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153) * CVE-2021-23343 - node-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (bsc#1191963) * CVE-2021-32804 - node-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (bsc#1191962) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=173	2022-02-15 13:06:09 +00:00
Adam Majer	ad2d70f251	- CVE-2022-21824.patch: fix prototype pollution via console.table OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=172	2022-02-15 12:05:47 +00:00
Adam Majer	84c464ac24	- fix_ci_tests.patch: updated for z15 zlib compression OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=171	2022-01-13 21:08:33 +00:00
Adam Majer	ce54bd25e1	- CVE-2021-22939.patch: Incomplete validation of rejectUnauthorized parameter (bsc#1189369, CVE-2021-22939) (bsc#1188881, bsc#1189370, CVE-2021-3672, CVE-2021-22931) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=170	2022-01-13 20:17:57 +00:00
Adam Majer	6d1d300242	- test_ssl_cert_fixups.patch: fixup SSL certificates in unit tests - cares_172.patch: update c-ares to 1.17.2. (bsc#1188881, CVE-2021-3672) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=169	2022-01-13 20:09:01 +00:00
Adam Majer	2fb35405af	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=168	2021-08-09 12:56:54 +00:00
Adam Majer	b47ba3f6cc	- z15-test-skip.patch: skip problematic test on s390x OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=167	2021-08-09 12:56:43 +00:00
Adam Majer	94a049977c	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=166	2021-08-04 16:38:25 +00:00
Adam Majer	fd99e5a392	- CVE-2021-22930.patch: http2: fixes use after free on close in stream canceling (bsc#1188917, CVE-2021-22930) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=165	2021-08-04 16:38:06 +00:00
Adam Majer	7c8c76a6cf	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=164	2021-07-22 13:35:54 +00:00
Adam Majer	f8a9c947c2	Keyring update OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=14	2018-06-22 14:30:57 +00:00
Adam Majer	42a1d10084	- New upstream release 10.5.0: * crypto: Support for crypto.scrypt() has been added * fs: + APIs that take mode as arguments no longer throw on values larger than 0o777 + BigInt support has been added to fs.stat and fs.watchFile + Fix crashes in closed event watchers. * worker_threads: multi-threading has been added behind the --experimental-worker flag in the worker_threads module. This feature is experimental and may receive breaking changes at any time. - npm_search_paths.patch: Fix typo causing npm to not work OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=13	2018-06-22 13:46:46 +00:00
Adam Majer	c6f0ed16c0	- Recommend same major version npm package (bsc#1097748) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=12	2018-06-15 12:16:38 +00:00
Adam Majer	5c2902ea39	* Fixes memory exhaustion DoS: Fixes a bug that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream (CVE-2018-7164, bsc#1097537) + Unbundled nghttp2 to fix Denial of Service vulnerability (CVE-2018-1000168, bsc#1097401) (CVE-2018-7162, bsc#1097538) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=11	2018-06-14 13:54:45 +00:00
Adam Majer	68f9c117f6	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=10	2018-06-13 16:52:09 +00:00
Adam Majer	f0701de170	- New upstream release 10.4.1: * Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. * http2: + Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup (CVE-2018-7161, bsc#1097404) + Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0 (CVE-2018-1000168, bsc#1097401) * tls: Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving (CVE-2018-7162) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=9	2018-06-13 16:32:01 +00:00
Adam Majer	716ae17f10	- New upstream release 10.4.0: * deps: update V8 to 6.7.288.43 * stream: ensure Stream.pipeline re-throws errors without callback - Changes in version 10.3.0: * deps: upgrade npm to 6.1.0 * fs: fix reads with pos > 4GB * net: new option to allow IPC servers to be readable and writable by all users * stream: fix removeAllListeners() for Stream.Readable to work as expected when no arguments are passed npm_search_paths.patch: no longer override explicitly prefixed etc/ versioned.patch, env_shebang.patch: refreshed OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=8	2018-06-11 14:45:00 +00:00
Adam Majer	18403124a9	- New upstream release 10.2.0: * addons: Fixed a memory leak for users of AsyncResource and N-API. * assert: The error parameter of assert.throws() can now be an object containing regular expressions. * crypto: The authTagLength option has been made more flexible. * esm: Builtin modules now provide named exports in ES6 modules. * http: Handling of close and aborted events has been made more consistent. * module: add --preserve-symlinks-main * timers: timeout.refresh() has been added to the public API. - fix_ci_tests.patch: refreshed - versioned.patch: refreshed OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=7	2018-05-24 14:51:25 +00:00
Adam Majer	3d5311786b	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=6	2018-05-24 14:27:54 +00:00
Adam Majer	fb7be50b1c	- manual_configure.patch: configure nghttp2 correctly - icu_small_grouping.patch: prevents undefined behaviour possibility OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=5	2018-05-23 12:32:27 +00:00
Adam Majer	c060914f95	- use gcc7 for SLE12 - versioned.patch: set node version in environment to 10 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=4	2018-05-23 11:33:33 +00:00
Adam Majer	911d8c2f05	- versioned.patch: rebased OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=3	2018-05-17 08:10:32 +00:00
Adam Majer	94d20bd6e3	- OpenSSL 1.1.0+ is required. OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=2	2018-05-16 11:38:06 +00:00
Adam Majer	20a701d2db	- New upstream release 10.1.0: * console: make console.table() use colored inspect * fs: move fs/promises to fs.promises * http: added aborted property to request * n-api: initialize a module via a special symbol * src: add public API to expose the main V8 Platform - Changes in version 10.0.0: * Assert: + Calling assert.fail() with more than one argument is deprecated. + Calling assert.ok() with no arguments will now throw. + Calling assert.ifError() will now throw with any argument other than undefined or null. Previously the method would throw with any truthy value. * Async_hooks: + Older experimental async_hooks APIs have been removed. * Buffer: + Uses of new Buffer() and Buffer() outside of the node_modules directory will now emit a runtime deprecation warning. + Buffer.isEncoding() now returns undefined for falsy values, including an empty string. + Buffer.fill() will throw if an attempt is made to fill with an empty Buffer. * Child Process: Undefined properties of env are ignored. * console: console.table() method has been added. * crypto: + The crypto.createCipher() and crypto.createDecipher() methods have been deprecated. Please use crypto.createCipheriv() and crypto.createDecipheriv() instead. + The decipher.finaltol() method has been deprecated. + The crypto.DEFAULT_ENCODING property has been deprecated. + The ECDH.convertKey() method has been added. + The crypto.fips property has been deprecated. * deps: + V8 has been updated to 6.6 + npm upgraded to 5.8.0 * EventEmitter: + The EventEmitter.prototype.off() method has been added as an alias for EventEmitter.prototype.removeListener(). * File System: + The fs/promises API provides experimental promisified versions of the fs functions. + Invalid path errors are now thrown synchronously. + fs.readFile() method now partitions reads to avoid thread pool exhaustion. * http: + Processing of HTTP Status codes 100, 102-199 has been improved. + Multi-byte characters in URL paths are now forbidden. * N-API: The n-api is no longer experimental. * net: The 'close' event will be emitted after 'end'. * perf_hooks: + The PerformanceObserver class is now an AsyncResource and can be monitored using async_hooks. + Trace events are now emitted for performance events. + The performance API has been simplified. + Performance milestone marks will be emitted as trace events. * process: + Using non-string values for process.env is deprecated. + The process.assert() method is deprecated. * repl: + REPL now experimentally supports top-level await when using the --experimental-repl-await flag. + The previously deprecated "magic mode" has been removed. + The previously deprecated NODE_REPL_HISTORY_FILE environment variable has been removed. + Proxy objects are shown as Proxy objects when inspected. * streams: + The 'readable' event is now always deferred with nextTick. + A new pipeline() method has been provided for building end-to-data stream pipelines. + support for async for-await has been added to stream.Readable * timers: The enroll() and unenroll() methods have been deprecated * tls: + The tls.convertNPNProtocols() method has been deprecated. + Support for NPN (next protocol negotiation) has been dropped. + The ecdhCurve default is now 'auto'. * Trace Events: + A new trace_events top-level module allows trace event categories to be enabled/disabled at runtime. * URL: The WHATWG URL API is now a global. * Util: + util.types.is[…] type checks have been added. + Support for bigint formatting has been added to util.inspect(). OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=1	2018-05-11 14:21:06 +00:00

38 Commits