nodejs/nodejs15
SHA256
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
nodejs15/nodejs15.changes

268 lines
10 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Mon May 31 16:27:44 UTC 2021 - Adam Majer <adam.majer@suse.de>
- Use libalternatives instead of update-alternatives
-------------------------------------------------------------------
Tue May 4 12:43:50 UTC 2021 - Adam Majer <adam.majer@suse.de>
- icu69.patch: fixes build issues with ICU69 (bsc#1185400)
-------------------------------------------------------------------
Wed Apr 7 12:22:39 UTC 2021 - Adam Majer <adam.majer@suse.de>
- New upstream version 15.14.0:
* fs: add support for async iterators to fsPromises.writeFile
* net:
+ allow net.BlockList to use net.SocketAddress objects
+ add SocketAddress class
+ make net.BlockList cloneable
* net,tls: add abort signal support to connect
* readline: add AbortSignal support to interface
- Changes in version 15.13.0:
* buffer: implement btoa and atob
* deps: upgrade npm to 7.7.6
This update adds workspaces support to npm run and npm exec
* doc: add legacy status to stability index
* http: add http.ClientRequest.getRawHeaderNames()
- refreshed patches: fix_ci_tests.patch, npm_bundle_to_provides.js,
npm_search_paths.patch
-------------------------------------------------------------------
Tue Mar 30 11:07:07 UTC 2021 - Adam Majer <adam.majer@suse.de>
- New upstream version 15.12.0:
* crypto:
+ add optional callback to crypto.sign and crypto.verify
+ support JWK objects in create*Key
* deps:
+ update to cjs-module-lexer@1.1.0
* fs: improve fsPromises writeFile and writeFile performance
* lib: implement AbortSignal.abort()
* node-api: define version 8
* worker: add setEnvironmentData/getEnvironmentData
- fix_ci_tests.patch npm_search_paths.patch: refreshed
-------------------------------------------------------------------
Wed Mar 3 12:30:43 UTC 2021 - Adam Majer <adam.majer@suse.de>
- New upstream version 15.11.0:
* crypto: make FIPS related options always awailable
(note: don't forget to install the appropriate FIPS patterns
as otherwise openssl will refuse)
* errors: remove experimental from --enable-source-maps
- nodejs-libpath.patch, versioned.patch: refreshed
-------------------------------------------------------------------
Tue Feb 23 14:41:30 UTC 2021 - Adam Majer <adam.majer@suse.de>
- New upstream version 15.10.0:
* CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service
by resource exhaustion (bsc#1182619)
* CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620)
- Changes in 15.9.0:
* crypto: add keyObject.export() 'jwk' format option
* deps: upgrade to libuv 1.41.0
* doc: refactor fs docs structure
* fs:
+ add fsPromises.watch()
+ use a default callback for fs.close()
+ add AbortSignal support to watch
* perf_hooks: introduce createHistogram
* stream: improve Readable.from error handling
* timers: introduce setInterval async iterator
* tls: add ability to get cert/peer cert as X509Certificate object
-------------------------------------------------------------------
Wed Feb 17 17:33:25 UTC 2021 - Adam Majer <adam.majer@suse.de>
- relax OpenSSL cipher suite policies for unit tests
-------------------------------------------------------------------
Fri Feb 5 14:56:36 UTC 2021 - Adam Majer <adam.majer@suse.de>
- New upstream version 15.8.0:
* crypto:
+ add generatePrime/checkPrime
+ experimental (Ed/X)25519/(Ed/X)448 support
* deps: upgrade npm to 7.5.0
This update adds a new npm diff command.
* dgram: support AbortSignal in createSocket
* esm: deprecate legacy main lookup for modules
* readline:
+ add history event and option to set initial history
+ add support for the AbortController to the question method
- versioned.patch: refreshed
-------------------------------------------------------------------
Tue Feb 2 12:45:15 UTC 2021 - Adam Majer <adam.majer@suse.de>
- New upstream version 15.7.0:
* buffer:
+ introduce Blob
+ add base64url encoding option
* fs:
+ allow position parameter to be a BigInt in read and
readSync (raisinten)
* http:
+ attach request as res.req
+ expose urlToHttpOptions utility
-------------------------------------------------------------------
Thu Jan 21 16:40:06 UTC 2021 - Adam Majer <adam.majer@suse.de>
- New upstream version 15.6.0:
* child_process:
+ add 'overlapped' stdio flag
+ support AbortSignal in fork
* crypto:
+ implement basic secure heap support
+ fixup bug in keygen error handling
+ introduce X509Certificate API
+ implement randomuuid
* http: set lifo as the default scheduling strategy in Agent
* net: support abortSignal in server.listen
* process: add direct access to rss without iterating pages
* v8: fix native serdes constructors
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V15.md#15.6.0
- versioned.patch: refreshed
-------------------------------------------------------------------
Mon Jan 4 19:29:12 UTC 2021 - Adam Majer <adam.majer@suse.de>
- New upstream version 15.5.1:
* CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS
implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with
a freshly allocated WriteWrap object as first argument.
If the DoWrite method does not return an error, this object is
passed back to the caller as part of a StreamWriteResult structure.
This may be exploited to corrupt memory leading to a
Denial of Service or potentially other exploits (bsc#1180553)
* CVE-2020-8287: HTTP Request Smuggling allow two copies of a
header field in a http request. For example, two Transfer-Encoding
header fields. In this case Node.js identifies the first header
field and ignores the second. This can lead to HTTP Request
Smuggling (https://cwe.mitre.org/data/definitions/444.html).
(bsc#1180554)
* CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference
(High) This is a vulnerability in OpenSSL which may be exploited
through Node.js. (bsc#1179491)
- Changes in 15.5.0:
* child_process: add signal support to spawn
* http: use autoDestroy: true in incoming message
* lib: support BigInt in querystring.stringify
* stream: support abortsignal in constructor
- npm_search_paths.patch, versioned.patch: refreshed
- revert_cares_caa_reply_support.patch: dropped, no longer needed
-------------------------------------------------------------------
Thu Dec 10 18:20:53 UTC 2020 - Adam Majer <adam.majer@suse.de>
- New upstream version 15.4.0:
* child_processes: add AbortSignal support
* events:
+ support signal in EventTarget
+ graduate Event, EventTarget, AbortController
* http: enable call chaining with setHeader()
* module: add isPreloading indicator
* stream:
+ support abort signal
+ add FileHandle support to Read/WriteStream
* worker: add experimental BroadcastChannel
- nodejs-libpath.patch: refreshed
-------------------------------------------------------------------
Mon Nov 30 19:45:55 UTC 2020 - Adam Majer <adam.majer@suse.de>
- openssl_binary_detection.patch: fixes unit tests on SLE12
-------------------------------------------------------------------
Thu Nov 26 06:02:11 UTC 2020 - Adam Majer <adam.majer@suse.de>
- New upstream version 15.3.0:
* dns: add a cancel() method to the promise Resolver
* events: add max listener warning for EventTarget
* http: add support for abortsignal to http.request
* http2: allow setting the local window size of a session
* lib: add throws option to fs.f/l/statSync
* path: add path/posix and path/win32 alias modules
* readline: add getPrompt to get the current prompt
* src: add loop idle time in diagnostic report
* util: add util/types alias module
-------------------------------------------------------------------
Thu Nov 19 11:41:48 UTC 2020 - Adam Majer <adam.majer@suse.de>
- New upstream version 15.2.1:
* deps: Denial of Service through DNS request (High).
A Node.js application that allows an attacker to trigger a DNS
request for a host of their choice could trigger a Denial of Service
by getting the application to resolve a DNS record with
a larger number of responses (bsc#1178882, CVE-2020-8277)
-------------------------------------------------------------------
Thu Nov 12 18:56:37 UTC 2020 - Adam Majer <adam.majer@suse.de>
- Update to 15.2.0:
* events:
+getEventListeners static
* fs:
+ support abortsignal in writeFile
+ add support for AbortSignal in readFile
* stream:
+ fix thrown object reference
revert_cares_caa_reply_support.patch: refreshed
-------------------------------------------------------------------
Thu Nov 5 10:07:53 UTC 2020 - Adam Majer <adam.majer@suse.de>
- Update to 15.1.0:
* deps: npm updated to 7.0.8
* child_process: add ChildProcess 'spawn' event
* dns: add setLocalAddress to Resolver
* http: report request start and end with diagnostics_channel
* http2: add updateSettings to both http2 servers
* lib: create diagnostics_channel module
* src: add --heapsnapshot-near-heap-limit option
* v8: implement v8.stopCoverage() and v8.takeCoverage()
* worker: add eventLoopUtilization()
- fix_ci_tests.patch, npm_search_paths.patch, versioned.patch refreshed
For details see
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V15.md#15.1.0
-------------------------------------------------------------------
Thu Oct 22 11:43:13 UTC 2020 - Adam Majer <adam.majer@suse.de>
- Update to 15.0.1:
* crypto: fix regression on randomFillSync
This fixes issue https://github.com/nodejs/node/issues/35722.
* deps: upgrade npm to 7.0.3 (Ruy Adorno) #35724
- revert_cares_caa_reply_support.patch: temporarily revert upstream
patch since it requires an updated c-ares
- old_icu.patch: update v8 sources to use old ICU version
-------------------------------------------------------------------
Tue Oct 20 18:33:10 UTC 2020 - Adam Majer <adam.majer@suse.de>
- Initial release 15.0.0. For complete list of changes since 14.x
codestream, see
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V15.md#15.0.0
Reference in New Issue View Git Blame Copy Permalink