nodejs16

SHA256

Author	SHA256	Message	Date
Adam Majer	c820e0ef39	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=109	2024-11-04 16:18:55 +00:00
Adam Majer	b470756e75	- CVE-2024-22020.patch: Bypass network import restriction via data URL (bsc#1227554, CVE-2024-22020) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=108	2024-11-04 15:32:04 +00:00
Adam Majer	651524bb7e	- openssl31.patch: fix unit tests with OpenSSL 3.1 (bsc#1232756) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=107	2024-11-04 14:52:58 +00:00
Adam Majer	9bc05b5a11	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=106	2024-10-29 13:15:28 +00:00
Adam Majer	52a49964bb	- openssl31.patch: fix unit tests with OpenSSL 3.1 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=105	2024-10-29 13:15:03 +00:00
Adam Majer	819de27a81	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=104	2024-05-27 12:24:46 +00:00
Adam Majer	6f62c07753	- CVE-2024-30261.patch: update undici to v5.28.4 (bsc#1222530, bsc#1222603, CVE-2024-30260, CVE-2024-30261) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=103	2024-05-27 12:00:52 +00:00
Adam Majer	ebfbc55105	- CVE-2024-27983.patch - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) (bsc#1222244, CVE-2024-27983) - CVE-2024-27982.patch - HTTP Request Smuggling via Content Length Obfuscation- (Medium) (bsc#1222384, CVE-2024-27982) - updated dependencies: + llhttp version 6.1.1 - CVE-2024-22025.patch - test timeout adjustment OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=102	2024-04-11 10:57:54 +00:00
Adam Majer	8d996190a8	* sle12-node-gyp-addon-gypi.patch - GYP patches for SLE12 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=101	2024-02-21 13:47:52 +00:00
Adam Majer	1272fd04b8	* CVE-2023-46809.patch: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) (CVE-2023-46809, bsc#1219997) * CVE-2024-22019.patch: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) (CVE-2024-22019, bsc#1219993) * CVE-2024-22025.patch: fix Denial of Service by resource exhaustion in fetch() brotli decoding (CVE-2024-22025, bsc#1220014) * CVE-2024-24758.patch: ignore proxy-authorization headers (CVE-2024-24758, bsc#1220017) * CVE-2024-24806.patch: fix improper domain lookup that potentially leads to SSRF attacks (CVE-2024-24806, bsc#1220053) - CVE-2023-38552.patch: Integrity checks according to policies can be circumvented (CVE-2023-38552, bsc#1216272) - CVE-2023-39333.patch, wasm-fixture.tar.gz: Code injection via WebAssembly export names (CVE-2023-39333, bsc#1216273) - CVE-2023-45143.patch: undici Security Release (CVE-2023-45143, bsc#1216205) - nodejs.keyring: include new releaser keys OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=100	2024-02-20 16:34:06 +00:00
Adam Majer	00455b1bee	- CVE-2023-38552.patch: Integrity checks according to policies can be circumvented (CVE-2023-38552, bsc#1216272) - CVE-2023-39333.patch: Code injection via WebAssembly export names (CVE-2023-39333, bsc#1216273) - CVE-2023-44487.patch: nghttp2 Security Release (CVE-2023-44487, bsc#1216190) - CVE-2023-45143.patch: undici Security Release (CVE-2023-39333, bsc#1216273) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=99	2023-10-17 12:06:45 +00:00
Adam Majer	740b330d60	- Update to LTS version 16.20.2 (security fixes). The following CVE were fixed: * (CVE-2023-32002, bsc#1214150): Policies can be bypassed via Module._load (High) * (CVE-2023-32006, bsc#1214156): Policies can be bypassed by module.constructor.createRequire (Medium) * (CVE-2023-32559, bsc#1214154): Policies can be bypassed via process.binding (Medium) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=98	2023-08-10 14:37:41 +00:00
Adam Majer	80ec2e25e9	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=97	2023-06-21 13:48:34 +00:00
Adam Majer	1a094d51e7	- Update to version 16.20.1 (security fixes only). The following CVEs are fixed in this release: * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass Experimental Policy Mechanism (High) * (CVE-2023-30585, bsc#1212579): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid Public Key information in x509 certificates (Medium) * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via Empty headers separated by CR (Medium) * (CVE-2023-30590, bsc#1212583): DiffieHellman does not generate keys after setting a private key (Medium) * deps: update c-ares to 1.19.1: c-ares security issues fixed: + CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service (bsc#1211604) + CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs (bsc#1211605) + CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) + CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - fix_ci_tests.patch: increase default timeout on unit tests to 20min from 2min. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=96	2023-06-21 12:37:39 +00:00
Adam Majer	8f4cbfb6a0	- Update to NodeJS 18.16.0 LTS version * Add initial support for single executable applications * Replace url parser with Ada * buffer: add Buffer.copyBytesFrom - refreshed patches: versioned.patch linker_lto_jobs.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=95	2023-04-13 14:08:11 +00:00
Adam Majer	a7b7bf64b6	- Update to LTS version 16.20.0 * deps: + update undici to 5.20.0 + update c-ares to 1.19.0 + upgrade npm to 8.19.4 - legacy_python.patch, versioned.patch: refreshed OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=94	2023-04-13 13:49:22 +00:00
Adam Majer	9f0c761182	* updates undici to v5.19.1 + Fetch API in Node.js did not protect against CRLF injection in host headers + Regular Expression Denial of Service in Headers in Node.js fetch API (bsc#1208413, bsc#1208485, CVE-2023-24807, CVE-2023-23936) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=93	2023-02-22 14:12:46 +00:00
Adam Majer	5c4c5f2f40	- Update to LTS version 16.19.1: * fixes permissions policies can be bypassed via process.mainModule (bsc#1208481, CVE-2023-23918) * fixes insecure loading of ICU data through ICU_DATA environment variable (bsc#1208487, CVE-2023-23920) * fixes OpenSSL error handling issues in nodejs crypto library (bsc#1208483, CVE-2023-23919) * updates undici to v5.19.1 (bsc#1208413, CVE-2023-24807) - versioned.patch: refreshed - Update _constraints: * Less RAM for aarch64 and 32-bit arm * Use 'asimdrdm' cpu flag to use aarch64 workers where tests are more stable OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=92	2023-02-22 13:59:20 +00:00
Adam Majer	3f759d9aeb	- Update to LTS version 16.19.0: * dgram: add dgram send queue info * cli: add --watch - systemtap.patch: upstreamed, removed OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=91	2022-12-31 21:35:35 +00:00
Adam Majer	40c8bce4e8	- sle12_python3_compat.patch: only apply for older SLE12 codestreams where Python 3.6 is not available. Still worlaround for bsc#1205568 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=90	2022-11-29 16:37:59 +00:00
Adam Majer	aeec8a58fa	- Workaround bug on SLE12SP5 during source unpack (bsc#1205568) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=89	2022-11-23 16:53:41 +00:00
Adam Majer	f9f8b9e6e7	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=88	2022-11-10 11:18:57 +00:00
Adam Majer	3806d4b588	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=87	2022-11-10 09:14:33 +00:00
Adam Majer	d8d44c7572	- Replace node-gyp for SLE12 with python 3.4 compatible gyp OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=86	2022-11-10 08:55:10 +00:00
Adam Majer	161cbeba3f	Fix build with python 3.6 in SLE12 SP5 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=85	2022-11-08 11:00:31 +00:00
Adam Majer	26bb4296d2	Fix build on SLES12 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=84	2022-11-08 10:28:26 +00:00
Adam Majer	7e14133156	- Update to LTS versino 16.18.1: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=83	2022-11-07 10:03:42 +00:00
Marcus Rueckert	d2ec1e97a9	removed _link OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=82	2022-10-24 09:45:09 +00:00
Adam Majer	6bc58790ce	remove unused patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=8	2021-05-06 10:17:48 +00:00
Adam Majer	55a38c7571	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=7	2021-05-06 08:50:35 +00:00
Adam Majer	c25d17c8d9	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=6	2021-05-05 16:35:55 +00:00
Adam Majer	4e4fd2d81d	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=5	2021-05-05 11:24:32 +00:00
Adam Majer	701d785fd9	- New upstream version 16.1.0 fs: allow no-params fsPromises fileHandle read OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=4	2021-05-05 11:23:38 +00:00
Adam Majer	4cab73b2bf	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=3	2021-05-05 08:19:06 +00:00
Adam Majer	d6d8c29650	OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=2	2021-05-04 19:55:23 +00:00
Adam Majer	803129316b	- New upstrean version 16.0.0: For complete list of changes since 15.x, please see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.0.0 - Import staging 16.x OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=1	2021-05-04 12:31:34 +00:00

36 Commits