nodejs11

nodejs/nodejs11

SHA256

Fork 0

Commit Graph

Author	SHA256	Message	Date
Adam Majer	7bb3bdd1f2	- New upstream release 11.3.0: * deps: Upgrade to OpenSSL 1.1.0j, fixing + Timing vulnerability in DSA signature generation (bsc#1113652, CVE-2018-0734) + Timing vulnerability in ECDSA signature generation (bsc#1113651, CVE-2018-0735) * http: + Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. (bsc#1117626, CVE-2018-12121) + A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (bsc#1117627, CVE-2018-12122) * url: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (bsc#1117629, CVE-2018-12123) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs11?expand=0&rev=5	2018-12-06 16:03:44 +00:00
Adam Majer	e67c0a1eb7	- New upstream release 11.2.0: * deps: A new experimental HTTP parser (llhttp) is now supported. * timers: Fixed an issue that could cause setTimeout to stop working as expected. - flaky_test_rerun.patch: Rerun failing tests in case of flakiness - fix_ci_tests.patch: refreshed OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs11?expand=0&rev=4	2018-11-26 15:49:35 +00:00

Author

SHA256

Message

Date

Adam Majer

7bb3bdd1f2

- New upstream release 11.3.0:

* deps: Upgrade to OpenSSL 1.1.0j, fixing
    + Timing vulnerability in DSA signature generation
      (bsc#1113652, CVE-2018-0734)
    + Timing vulnerability in ECDSA signature generation
      (bsc#1113651, CVE-2018-0735)
  * http:
    + Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (bsc#1117626, CVE-2018-12121)
    + A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely
      received within this period, the socket is destroyed on
      the next received chunk. In conjunction
      with server.setTimeout(), this aids in protecting against
      excessive resource retention and possible Denial of Service.
      (bsc#1117627, CVE-2018-12122)
  * url: Fix a bug that would allow a hostname being spoofed when
    parsing URLs with url.parse() with the 'javascript:' protocol.
    (bsc#1117629, CVE-2018-12123)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs11?expand=0&rev=5

2018-12-06 16:03:44 +00:00

Adam Majer

e67c0a1eb7

- New upstream release 11.2.0:

* deps: A new experimental HTTP parser (llhttp) is now supported.
  * timers: Fixed an issue that could cause setTimeout to stop
    working as expected.
- flaky_test_rerun.patch: Rerun failing tests in case of flakiness
- fix_ci_tests.patch: refreshed

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs11?expand=0&rev=4

2018-11-26 15:49:35 +00:00

2 Commits