nodejs/nodejs11
SHA256
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
nodejs11/nodejs11.changes

268 lines
10 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Mon Jul 29 09:00:19 UTC 2019 - Adam Majer <adam.majer@suse.de>
- CVE-2019-13173.patch: fix potential file overwrite via hardlink
in fstream.DirWriter() function (bsc#1140290, CVE-2019-13173)
-------------------------------------------------------------------
Fri May 3 12:32:00 UTC 2019 - Adam Majer <adam.majer@suse.de>
- New upstream release 11.15.0:
* tls:
+ add --tls-min-v1.2 CLI switch
+ supported shared openssl 1.1.0
+ revert default max toTLSv1.2
+ revert change to invalid protocol error type
+ support TLSv1.3
+ add code for ERR_TLS_INVALID_PROTOCOL_METHOD
- Changes in release 11.14.0:
* child_process: doc deprecate ChildProcess._channel
* deps: update bundled nghttp2 to 1.37.0
* dns:
+ make dns.promises enumerable
+ remove dns.promises experimental warning
* fs: remove experimental warning for fs.promises
* stream: make Symbol.asyncIterator support stable
* worker: use copy of process.env
-------------------------------------------------------------------
Sun Apr 7 18:16:21 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Add _constraints file to avoid OOM errors
-------------------------------------------------------------------
Fri Apr 5 12:59:05 UTC 2019 - Adam Majer <adam.majer@suse.de>
- New upstream release 11.13.0:
* crypto: Allow deriving public from private keys
* events: Added a once function to use EventEmitter with promises
* tty:
+ Added a hasColors method to WriteStream
+ Added NO_COLOR and FORCE_COLOR support
* v8: Added v8.getHeapSnapshot and v8.writeHeapSnapshot to
generate snapshots in the format used by tools such as Chrome
* worker: Added worker.moveMessagePortToContext
* C++ API:
+ AddPromiseHook is now deprecated.
+ Added a Stop API to shut down Node.js while it is running
- Changes in release 11.12.0:
* bootstrap: Add experimental --frozen-intrinsics flag
* deps: Upgrade openssl to 1.1.1b
* process: Make process[Symbol.toStringTag] writable again
* repl: Add util.inspect.replDefaults to customize the writer
* report: Rename triggerReport() to writeReport()
- fix_ci_tests.patch: add another exception for our OpenSSL library
- versioned.patch: refresh
-------------------------------------------------------------------
Thu Mar 7 16:14:11 UTC 2019 - Adam Majer <adam.majer@suse.de>
- New upstream release 11.11.0:
* n-api: Implement date object
* util: Add compact depth mode for util.inspect()
* worker:
+ Improve integration with native addons
+ MessagePort.prototype.onmessage takes arguments closer to
the Web specification now
-------------------------------------------------------------------
Thu Feb 28 13:23:03 UTC 2019 - Adam Majer <adam.majer@suse.de>
- New upstream release 11.10.1:
* http: Further prevention of "Slowloris" attacks on HTTP and HTTPS
connections by consistently applying the receive timeout set by
server.headersTimeout to connections in keep-alive mode.
(CVE-2019-5737, bsc#1127532)
-------------------------------------------------------------------
Fri Feb 15 13:00:06 UTC 2019 - adam.majer@suse.de
- New upstream release 11.10.0:
* child_process: close pipe ends that are re-piped
* crypto:
+ don't crash X509ToObject on error
+ fix public key encoding name in comment
* deps: npm updated to 6.7.0
* http:
+ improve performance for incoming headers
+ makes response.writeHead return the response
+ make timeout event work with agent timeout
* http2: makes response.writeHead return the response
* perf_hooks: implement histogram based api
* process:
+ normalize process.argv before user code execution
+ expose process.features.inspector
* repl: add repl.setupHistory for programmatic repl
* tls: introduce client 'session' event
- fix_ci_tests.patch: remove part of parallel/test-dns
- versioned.patch: refreshed
-------------------------------------------------------------------
Fri Feb 1 12:40:17 UTC 2019 - adam.majer@suse.de
- nodejs.keyring: update keyring to today's list as per
https://github.com/nodejs/node
-------------------------------------------------------------------
Fri Feb 1 11:42:30 UTC 2019 - adam.majer@suse.de
- New upstream release 11.9.0:
* internal changes to ship OpenSSL 1.1.1, which has already been
used on all openSUSE platforms.
- test-brotli.patch: removed, upstreamed
-------------------------------------------------------------------
Mon Jan 28 14:18:16 UTC 2019 - adam.majer@suse.de
- New upstream releases 11.8.0:
* events: For unhandled error events with an argument that is not
an Error object, the resulting exeption will have more information
about the argument.
* child_process: When the maxBuffer option is passed, stdout and
stderr will be truncated rather than unavailable in case of an error.
* policy: Experimental support for module integrity checks through
a manifest file is implemented now.
* n-api: The napi_threadsafe_function feature is now stable.
* report: An experimental diagnostic API for capturing process state
is available as process.report and through command line flags.
* tls: tls.connect() takes a timeout option analogous to
the net.connect() one.
* worker:
+ process.umask() is available as a read-only function inside
Worker threads
+ An execArgv option that supports a subset of Node.js command
line options is now supported.
- Changes in version 11.7.0:
* compression / zlib: Added brotli support
* console: Added inspectOptions option
* crypto: Always accept private keys as public keys
* deps: Upgrade npm to v6.5.0
* fs: Use internalBinding('fs') internally instead of
process.binding('fs')
* http(s): Support overriding http(s).globalAgent
* util: Inspect ArrayBuffers contents closely
* worker: Expose workers and remove --experimental-worker flag
- test-brotli.patch: fixes assumption about compression
- versioned.patch: refreshed
- nodejs-libpath.patch: refreshed
-------------------------------------------------------------------
Thu Jan 10 15:57:15 UTC 2019 - adam.majer@suse.de
- versioned.patch: set correct node version in environment
(bsc#1121188)
-------------------------------------------------------------------
Mon Jan 7 13:31:31 UTC 2019 - adam.majer@suse.de
- New upstream releases 11.6.0:
* cli: add --max-http-header-size flag
* crypto:
+ always accept certificates as public keys
+ add key object API
* deps:
+ upgrade to libuv 1.24.1
+ upgrade npm to 6.5.0
* http: add maxHeaderSize property
- Changes in version 11.5.0:
* tls: support "BEGIN TRUSTED CERTIFICATE" for ca:
* util: add inspection getter option
- Changes in version 11.4.0:
* console,util:
+ console functions now handle symbols as defined in the spec.
+ The inspection depth default is now back at 2.
* dgram,net: Added ipv6Only option for net and dgram
* http: Chosing between the http parser is now possible per
runtime flag.
* readline: The readline module now supports async iterators.
* repl: The multiline history feature is removed.
* tls:
+ Added min/max protocol version options.
+ The X.509 public key info now includes the RSA bit size and
the elliptic curve.
* url: pathToFileURL() now supports LF, CR and TAB.
- fix_ci_tests.patch: refreshed
- versioned.patch: refreshed
- skip_test_on_lowmem.patch: skip test on low-memory build machine
- env_shebang.patch: dropped in favour of programmatic update
-------------------------------------------------------------------
Thu Dec 6 12:57:45 UTC 2018 - adam.majer@suse.de
- New upstream release 11.3.0:
* deps: Upgrade to OpenSSL 1.1.0j, fixing
+ Timing vulnerability in DSA signature generation
(bsc#1113652, CVE-2018-0734)
+ Timing vulnerability in ECDSA signature generation
(bsc#1113651, CVE-2018-0735)
* http:
+ Headers received by HTTP servers must not exceed 8192 bytes
in total to prevent possible Denial of Service attacks.
(bsc#1117626, CVE-2018-12121)
+ A timeout of 40 seconds now applies to servers receiving
HTTP headers. This value can be adjusted with
server.headersTimeout. Where headers are not completely
received within this period, the socket is destroyed on
the next received chunk. In conjunction
with server.setTimeout(), this aids in protecting against
excessive resource retention and possible Denial of Service.
(bsc#1117627, CVE-2018-12122)
* url: Fix a bug that would allow a hostname being spoofed when
parsing URLs with url.parse() with the 'javascript:' protocol.
(bsc#1117629, CVE-2018-12123)
-------------------------------------------------------------------
Mon Nov 26 14:06:57 UTC 2018 - adam.majer@suse.de
- New upstream release 11.2.0:
* deps: A new experimental HTTP parser (llhttp) is now supported.
* timers: Fixed an issue that could cause setTimeout to stop
working as expected.
- flaky_test_rerun.patch: Rerun failing tests in case of flakiness
- fix_ci_tests.patch: refreshed
-------------------------------------------------------------------
Thu Nov 8 13:03:23 UTC 2018 - adam.majer@suse.de
- New upstream release 11.1.0:
* repl: Top-level for-await-of is now supported in the REPL.
* timers: Fixed an issue that could cause timers to enter
an infinite loop.
- openssl_fix.patch: removed, upstreamed
- fix_ci_tests.patch: refreshed
-------------------------------------------------------------------
Thu Oct 25 14:24:02 UTC 2018 - adam.majer@suse.de
- Initial release of NodeJS 11.0.0
- Notable changes since NodeJS 10.12.0:
* Use of process.binding() has been deprecated.
* An experimental implementation of queueMicrotask() is added.
* child_process: The default value of the windowsHide option
has been changed to true.
* deps: V8 has been updated to 7.0.
* fs:
+ fs.read() method now requires a callback
+ The previously deprecated fs.SyncWriteStream utility has
been removed
* http: The http, https, and tls modules now use the WHATWG URL
parser by default.
* timers: nextTick queue will be run after each immediate and timer.
* util:
+ WHATWG TextEncoder and TextDecoder are now globals.
+ util.inspect() output size is limited to 128 MB by default.
+ A runtime warning will be emitted when NODE_DEBUG is set for
either http or http2.
Reference in New Issue View Git Blame Copy Permalink