967d5c2cfe
- New upstream version 15.7.0: * buffer: + introduce Blob + add base64url encoding option * fs: + allow position parameter to be a BigInt in read and readSync (raisinten) * http: + attach request as res.req + expose urlToHttpOptions utility
Adam Majer2021-02-02 12:47:34 +00:00
4b726fa0c6
- New upstream version 15.6.0: * child_process: + add 'overlapped' stdio flag + support AbortSignal in fork * crypto: + implement basic secure heap support + fixup bug in keygen error handling + introduce X509Certificate API + implement randomuuid * http: set lifo as the default scheduling strategy in Agent * net: support abortSignal in server.listen * process: add direct access to rss without iterating pages * v8: fix native serdes constructors https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V15.md#15.6.0 - versioned.patch: refreshed
Adam Majer2021-01-21 16:52:19 +00:00
32d6074bba
- New upstream version 15.5.1: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. (bsc#1179491) - Changes in 15.5.0: * child_process: add signal support to spawn * http: use autoDestroy: true in incoming message * lib: support BigInt in querystring.stringify * stream: support abortsignal in constructor - npm_search_paths.patch, versioned.patch: refreshed - revert_cares_caa_reply_support.patch: dropped, no longer needed
Adam Majer2021-01-05 09:35:21 +00:00
746f559e55
- New upstream version 15.4.0: * child_processes: add AbortSignal support * events: + support signal in EventTarget + graduate Event, EventTarget, AbortController * http: enable call chaining with setHeader() * module: add isPreloading indicator * stream: + support abort signal + add FileHandle support to Read/WriteStream * worker: add experimental BroadcastChannel - nodejs-libpath.patch: refreshed
Adam Majer2020-12-10 18:25:54 +00:00
16037bcd47
- openssl_binary_detection.patch: fixes unit tests on SLE12
Adam Majer2020-12-07 13:11:00 +00:00
f0b522cf6a
- New upstream version 15.3.0: * dns: add a cancel() method to the promise Resolver * events: add max listener warning for EventTarget * http: add support for abortsignal to http.request * http2: allow setting the local window size of a session * lib: add throws option to fs.f/l/statSync * path: add path/posix and path/win32 alias modules * readline: add getPrompt to get the current prompt * src: add loop idle time in diagnostic report * util: add util/types alias module - New upstream version 15.2.1:
Adam Majer2020-12-07 13:09:51 +00:00
9a539cf7cf
- New upstream LTS version 15.2.1: * deps: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses (bsc#1178882, CVE-2020-8277)
Adam Majer2020-11-19 11:45:45 +00:00
a9cb4ecbeb
- Update to 15.2.0: * events: +getEventListeners static * fs: + support abortsignal in writeFile + add support for AbortSignal in readFile * stream: + fix thrown object reference revert_cares_caa_reply_support.patch: refreshed * deps: npm updated to 7.0.8
Adam Majer2020-11-12 19:00:04 +00:00
62a4d83d8d
- Update to 15.1.0: * deps: updated to 7.0.8 * child_process: add ChildProcess 'spawn' event * dns: add setLocalAddress to Resolver * http: report request start and end with diagnostics_channel * http2: add updateSettings to both http2 servers * lib: create diagnostics_channel module * src: add --heapsnapshot-near-heap-limit option * v8: implement v8.stopCoverage() and v8.takeCoverage() * worker: add eventLoopUtilization() - fix_ci_tests.patch, npm_search_paths.patch, versioned.patch refreshed For details see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V15.md#15.1.0Adam Majer2020-11-05 12:05:16 +00:00
Adam Majer