nodejs/nodejs12
SHA256
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 741598cf65 - openssl31.patch: fix unit tests with OpenSSL 3.1 (bsc#1232756) main Adam Majer 2024-11-04 14:52:19 +00:00
  • bed3e7b93f - openssl31.patch: fix unit tests with OpenSSL 3.1 Adam Majer 2024-10-29 13:18:09 +00:00
  • bd1d4759a8 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=157 Adam Majer 2024-04-15 13:13:28 +00:00
  • 2b29a4c561 - CVE-2024-27983.patch - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) (bsc#1222244, CVE-2024-27983) - CVE-2024-27982.patch - HTTP Request Smuggling via Content Length Obfuscation- (Medium) (bsc#1222384, CVE-2024-27982) - updated dependencies: + llhttp version 6.1.1 Adam Majer 2024-04-15 13:03:04 +00:00
  • 51490c9232 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=155 Adam Majer 2024-02-23 15:13:17 +00:00
  • f20e11f09b * CVE-2023-46809.patch: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) (CVE-2023-46809, bsc#1219997) * CVE-2024-22019.patch: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) (CVE-2024-22019, bsc#1219993) * CVE-2024-22025.patch: fix Denial of Service by resource exhaustion in fetch() brotli decoding (CVE-2024-22025, bsc#1220014) * CVE-2024-24806.patch: fix improper domain lookup that potentially leads to SSRF attacks (CVE-2024-24806, bsc#1220053) Adam Majer 2024-02-22 15:58:25 +00:00
  • d2acbf2b97 - CVE-2023-38552.patch: Integrity checks according to policies can be circumvented (CVE-2023-38552, bsc#1216272) - CVE-2023-44487.patch: nghttp2 Security Release (CVE-2023-44487, bsc#1216190) - nodejs.keyring: include new releaser keys - newicu_test_fixup.patch: workaround whitespaces funnies in some icu versions Adam Majer 2023-10-25 08:54:39 +00:00
  • 0080bbbfe8 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=152 Adam Majer 2023-10-25 08:52:17 +00:00
  • 73a2fc673d OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=151 Adam Majer 2023-10-25 07:46:34 +00:00
  • e18377574e - CVE-2023-30581.patch: fixes mainModule.__proto__ Bypass Experimental Policy Mechanism (CVE-2023-30581, bsc#1212574) - CVE-2023-30589.patch: HTTP Request Smuggling via empty headers separated by CR (CVE-2023-30589, bsc#1212582) - CVE-2023-30590.patch: DiffieHellman does not generate keys after setting a private key (CVE-2023-30590, bsc#1212583) - CVE-2023-23918.patch: fixes permissions policies can be bypassed via process.mainModule (bsc#1208481, CVE-2023-23918) - CVE-2023-32002.patch: + fixes policies can be bypassed via Module._load + fixes policies can be bypassed by module.constructor.createRequire (CVE-2023-32002, CVE-2023-32006, bsc#1214150, bsc#1214156) - CVE-2023-32559.patch: Policies can be bypassed via process.binding (CVE-2023-32559, bsc#1214154) Adam Majer 2023-08-18 12:10:04 +00:00
  • dca2d48cb7 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=149 Adam Majer 2023-04-13 14:32:28 +00:00
  • 8d6d4ca339 - CVE-2022-25881.patch: http-cache-semantics(npm): Don't use regex to trim whitespace (bsc#1208744, CVE-2022-25881) Adam Majer 2023-04-13 14:30:15 +00:00
  • 841029cb76 - CVE-2023-23920.patch: fixes insecure loading of ICU data through ICU_DATA environment variable (bsc#1208487, CVE-2023-23920) Adam Majer 2023-02-22 13:35:42 +00:00
  • 66964dfb96 - CVE-2022-43548.patch: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) Adam Majer 2022-11-07 10:04:36 +00:00
  • 499a268b35 - CVE-2022-35256.patch: update llhttp to 2.1.6 + fixes CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + fixes incorrect parsing of header fields (CVE-2022-35256, bsc#1203832) Adam Majer 2022-09-29 11:34:57 +00:00
  • 02f9c2fbd8 - openssl_update.patch: deps: update openssl to 1.1.1q affecting SLE-12 codestream only (bsc#1201099, CVE-2022-2097) Adam Majer 2022-07-12 10:26:46 +00:00
  • 0a810216e9 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=143 Adam Majer 2022-07-12 08:53:36 +00:00
  • de1f40a044 - CVE-2022-32213.patch: http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) - CVE-2022-32212.patch: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) Adam Majer 2022-07-11 16:10:06 +00:00
  • f4459ed4e2 - CVE-2021-44906.patch: fix prototype pollution in npm dependency (bsc#1198247, CVE-2021-44906) - CVE-2021-44907.patch: fix insuficient sanitation in npm dependency (bsc#1197283, CVE-2021-44907) - CVE-2022-0235.patch: fix passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819, CVE-2022-0235) Adam Majer 2022-04-22 12:09:13 +00:00
  • 20d804c0a0 - update to 12.22.12 * node-api: avoid SecondPassCallback crash + fix shutdown crashes + make reference weak parameter an indirect link to references + fix crash in finalization + stop ref gc during environment teardown + force env shutdown deferring behavior * src: fix finalization crash Adam Majer 2022-04-14 13:46:36 +00:00
  • 48daf22540 - update to 12.22.11 * deps: upgrade openssl sources to 1.1.1n (bsc#1196877, CVE-2022-0778) Infinite loop in BN_mod_sqrt() reachable when parsing certificates More details at https://www.openssl.org/news/secadv/20220315.txt + CVE-2021-32803 - node-tar: Insufficient symlink protection Adam Majer 2022-03-18 15:03:09 +00:00
  • 9f6873743e - update to 12.22.10 * Upgrade npm to 6.14.16 + CVE-2021-23343 - ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153) + CVE-2021-23343 - node-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (bsc#1191963) + CVE-2021-32804 - node-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (bsc#1191962) + CVE-2021-3918 - json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (bsc#1192696) * Updated ICU time zone data - CVE-2021-3807.patch: node-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (bsc#1192154, CVE-2021-3807) - versioned.patch: refreshed - z15-test-skip.patch: dropped - fix_ci_tests.patch: fix tests on z15 Adam Majer 2022-02-16 14:35:41 +00:00
  • 1d1764349d - update to 12.22.9: Security update fixing the following issues: * Improper handling of URI Subject Alternative Names (Medium) (CVE-2021-44531, bsc#1194511) * Certificate Verification Bypass via String Injection (Medium) (CVE-2021-44532, bsc#1194512) * Incorrect handling of certificate subject and issuer fields (Medium) (CVE-2021-44533, bsc#1194513) * Prototype pollution via console.table properties (Low) (CVE-2022-21824, bsc#1194514) Adam Majer 2022-01-11 18:58:25 +00:00
  • 316cb765ae - update to 12.22.8: * src: fix crash in AfterGetAddrInfo * deps: update c-ares to 1.18.1 Adam Majer 2022-01-07 21:09:11 +00:00
  • cca3b8326b - update to 12.22.7: * deps: update llhttp to 2.1.4 - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960) - changes in 12.22.6: * deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135) - versioned.patch: refreshed Adam Majer 2021-11-26 12:46:11 +00:00
  • 164a5fb0d0 - cares_public_headers.patch: don't use private headers Adam Majer 2021-08-12 18:41:53 +00:00
  • 521d8347ad - update to 12.22.5: * CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (bsc#1189370, bsc#1188881) * CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) * CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - Fix-build-with-icu-69.patch: dropped, not for factory Adam Majer 2021-08-12 13:49:33 +00:00
  • d7b4b4edf5 - z15-test-skip.patch: skip problematic test on s390x Adam Majer 2021-08-09 12:57:03 +00:00
  • 806fab5a08 - update to 12.22.4: http2: fixes use after free on close http2 on stream canceling (bsc#1188917, CVE-2021-22930) deps: upgrade npm to 6.14.14 - versioned.patch: refreshed Adam Majer 2021-08-04 16:37:41 +00:00
  • ea7b7e2bab - update to 12.22.2: * deps: libuv upgrade - Out of bounds read (Medium) (bsc#1187973, CVE-2021-22918) * deps: npm update to 6.14.13 fixing ssri Regular Expression Denial of Service and hosted-git-info Regular Expression Denial of Service (bsc#1187976, bsc#1187977, CVE-2021-27290, CVE-2021-23362) - specfile cleanup Adam Majer 2021-07-06 08:54:43 +00:00
  • 53d0dbf5b6 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=129 Adam Majer 2021-07-01 16:16:15 +00:00
  • c41e5b372d OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=128 Adam Majer 2021-07-01 15:47:44 +00:00
  • eade7b5830 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=127 Adam Majer 2021-06-11 07:39:40 +00:00
  • ab009689cc - Fix-build-with-icu-69.patch: fix building with ICU 69 Adam Majer 2021-06-10 14:21:47 +00:00
  • 2553bce965 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=125 Adam Majer 2021-06-01 13:45:54 +00:00
  • d6ab6de034 - Use libalternatives instead of update-alternatives Adam Majer 2021-05-31 16:35:18 +00:00
  • 32c06a7245 - New upstream LTS version 12.22.1: * CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High). (bsc#1183851) * CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High) (bsc#1183852) * CVE-2020-7774: npm - Update y18n to fix Prototype-Pollution (bsc#1184450) - Changes in LTS version 12.22.0: * node-api: define version 8 * http: runtime deprecate legacy HTTP parser * v8: implement v8.stopCoverage() and v8.takeCoverage() * worker: add eventLoopUtilization() - versioned.patch: refreshed Adam Majer 2021-04-07 15:43:46 +00:00
  • 1dda06304d - New upstream LTS version 12.21.0: * CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) * CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) * CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate (bsc#1182333) Adam Majer 2021-02-23 17:30:54 +00:00
  • eb6043ea53 - New upstream LTS version 12.20.2: * deps: upgrade npm to 6.14.11 - relax OpenSSL cipher suite policies for unit tests Adam Majer 2021-02-17 17:49:45 +00:00
  • 61ac6c96d4 No longer in Factory Adam Majer 2021-02-09 15:12:32 +00:00
  • b1807e0ee1 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=12 Adam Majer 2019-06-12 12:24:04 +00:00
  • 344ad15b2d OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=11 Adam Majer 2019-06-11 13:30:12 +00:00
  • 178bf0b14c - Update to 12.4.0: * esm: JSON module support is always enabled under --experimental-modules. The --experimental-json-modules flag has been removed * http, http2: A new flag has been added for overriding the default HTTP server socket timeout (which is two minutes). Pass --http-server-default-timeout=milliseconds or --http-server-default-timeout=0 to respectively change or disable the timeout. Starting with Node.js 13.0.0, the timeout will be disabled by default * inspector: Added an experimental --heap-prof flag to start the V8 heap profiler on startup and write the heap profile to disk before exit * stream: The readable.unshift() method now correctly converts strings to buffers. Additionally, a new optional argument is accepted to specify the string's encoding, such as 'utf8' or 'ascii' * v8: The object returned by v8.getHeapStatistics() has two new properties: number_of_native_contexts and number_of_detached_contexts - nodejs-libpath.patch: install npx into proper directory - versioned.patch, fix_ci_tests.patch: refreshed Adam Majer 2019-06-11 13:11:16 +00:00
  • ba414ad69a OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=9 Adam Majer 2019-06-04 15:20:01 +00:00
  • e681ecb250 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=8 Adam Majer 2019-06-04 09:38:12 +00:00
  • 0567cb4293 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=7 Adam Majer 2019-06-04 08:24:02 +00:00
  • b5fc1b0412 Fix tests when LTO is enabled Adam Majer 2019-06-03 15:43:53 +00:00
  • b2affa77b3 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=5 Adam Majer 2019-05-31 15:18:49 +00:00
  • 8cca21ea36 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=4 Adam Majer 2019-05-31 08:31:34 +00:00
  • c60bb16435 - Update to 12.3.1: * deps: + Fix handling of +0/-0 when constant field tracking is enabled + Fix os.freemem() and os.totalmem correctness - changes in 12.3.0: * esm: Added the --experimental-wasm-modules flag to support WebAssembly modules * process: Log errors using util.inspect in case of fatal exceptions * repl: Add process.on('uncaughtException') support * stream: Implemented Readable.from async iterator utility * tls: + Expose built-in root certificates + Support net.Server options + Expose keylog event on TLSSocket * worker: Added the ability to unshift messages from the MessagePort - changes in 12.2.0: * deps: Updated llhttp to 1.1.3. This fixes a bug that made Node.js' HTTP parser refuse any request URL that contained the "|" (vertical bar) character * tls: Added an enableTrace() method to TLSSocket and an enableTrace option to tls.createServer(). When enabled, TSL packet trace information is written to stderr. This can be used to debug TLS connection problems * cli: + Added --trace-tls enables tracing of TLS connections + Added --cpu-prof-interval * module: + Added the createRequire() method. The existing createRequireFromPath() method is now deprecated + Throw on require('./path.mjs') Adam Majer 2019-05-29 15:54:37 +00:00
  • c8d87da2c9 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=2 Adam Majer 2019-05-10 13:06:24 +00:00
  • 188d1d7f60 - Update to 12.1.0: * intl: Update ICU to 64.2. * c++ API: Added an overload EmitAsyncDestroy that can be used during garbage collection - Notable changes in 12.0.0: * assert: + validate required arguments + adjust loose assertions * async_hooks: + remove deprecated emitBefore and emitAfter + remove promise object from resource * bootstrap: make Buffer and process non-enumerable * buffer: + use stricter range checks + harden SlowBuffer creation + harden validation of buffer allocation size + do proper error propagation in addon methods * child_process: + remove options.customFds + harden fork arguments validation + use non-infinite maxBuffer defaults * console: don't use ANSI escape codes when TERM=dumb * crypto: + remove legacy native handles + decode missing passphrase errors + remove Cipher.setAuthTag() and Decipher.getAuthTag() + remove deprecated crypto._toBuf() + set DEFAULT_ENCODING property to non-enumerable * deps: + update V8 to 7.4.288.13 Adam Majer 2019-05-10 13:00:29 +00:00