nodejs/nodejs4
SHA256
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44 Commits 1 Branch 0 Tags
main
Commit Graph

29 Commits

Author SHA256 Message Date
Adam Majer
98b49ec96f Syncing ARM fixes 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=110
 2020-01-07 17:00:37 +00:00
Adam Majer
2d083583c0 - CVE-2019-13173.patch: fix potential file overwrite via hardlink 
in fstream.DirWriter() function (bsc#1140290, CVE-2019-13173)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=108
 2019-07-29 09:14:52 +00:00
Adam Majer
8eeb6a8320 Fix typo in patch name 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=107
 2019-03-04 11:50:22 +00:00
Adam Majer
a3999ac2a7 Backport security fixes from NodeJS 6.x: 
* deps: upgrade OpenSSL source to 1.0.2r. Under certain
    circumstances, a TLS server can be forced to respond differently
    to a client if a zero-byte record is received with an
    invalid padding compared to a zero-byte record with an
    invalid MAC. This can be used as the basis of a padding
    oracle attack to decrypt data.
    (openssl_1_0_2q.patch - CVE-2019-1559, bsc#1127080)
  * http: (http-keep-alive.patch)
    + Backport server.keepAliveTimeout to prevent keep-alive
      HTTP and HTTPS connections remaining open and inactive for
      an extended period of time, leading to a potential
      Denial of Service (DoS).
      (CVE-2019-5739, bsc#1127533)
    + Further prevention of "Slowloris" attacks on HTTP and HTTPS
      connections by consistently applying the receive timeout set
      by server.headersTimeout to connections in keep-alive mode.
      (CVE-2019-5737, bsc#1127532)

- nodejs.keyring: update keyring to today's list as per
  https://github.com/nodejs/node

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=105
 2019-03-01 15:42:35 +00:00
Adam Majer
a52fd358ee - env_shebang.patch: dropped in favour of programmatic update 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=104
 2019-01-10 14:20:46 +00:00
Adam Majer
3ae33731c9 * deps: upgrade OpenSSL sources to 1.0.2q 
(openssl_1_0_2q.patch - CVE-2018-0734, bsc#1113652,
                            CVE-2018-5407, bsc#1113534)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=102
 2019-01-09 14:37:24 +00:00
Adam Majer
57718cd79b * cli: add --max-http-header-size flag (max_header_size.patch) 
+ add maxHeaderSize property (max_header_size.patch)
      (CVE-2018-12121.patch - CVE-2018-12121, bsc#1117626)
    + A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely
      received within this period, the socket is destroyed on
      the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against
      excessive resource retention and possible Denial of Service.
      (CVE-2018-12122.patch - CVE-2018-12122, bsc#1117627)
      (CVE-2018-12116.patch - CVE-2018-12116, bsc#1117630)
    (CVE-2018-12123.patch - CVE-2018-12123, bnc#1117629)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=101
 2019-01-09 14:07:18 +00:00
Adam Majer
e0342a286e + Headers received by HTTP servers must not exceed 8192 bytes 
in total to prevent possible Denial of Service attacks.
      CVE-2018-12121.patch - (CVE-2018-12121, bsc#1117626)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=100
 2019-01-09 11:22:02 +00:00
Adam Majer
3f386ef218 Backport security fixes from NodeJS 6.x: 
* debugger: prevent the debugger from listening on 0.0.0.0.
    It now defaults to 127.0.0.1.
    CVE-2018-12120.patch - (CVE-2018-12120, bsc#1117625)
  * http:
    + Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters
      outside of the range \u0021 - \u00ff will now be rejected
      with a TypeError. This behavior can be reverted if necessary
      by supplying the --security-revert=CVE-2018-12116 command
      line argument (this is not recommended).
      CVE-2018-12116.patch - (CVE-2018-12116, bsc#1117630)
  * util: Fix a bug that would allow a hostname being spoofed when
    parsing URLs with url.parse() with the 'javascript:' protocol.
    CVE-2018-12123.patch - (CVE-2018-12123, bnc#1117629)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=99
 2019-01-08 16:04:58 +00:00
Adam Majer
a84d0c769f - flaky_test_rerun.patch: Rerun failing tests in case of flakiness 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=98
 2018-11-26 15:38:06 +00:00
Adam Majer
360fb6e8ed - fix_ci_tests.patch: skip parallel/test-tick-processor on arm. 
Unreliable test in shared environment.
- enable unit tests build failures

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=94
 2018-10-05 12:18:36 +00:00
Adam Majer
421e392db5 - test-ca-bumps.patch: update certificates used in unit tests 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=93
 2018-10-01 13:40:18 +00:00
Adam Majer
b4fc86cf7f * Client DoS due to large DH parameter (CVE-2018-0732, bsc#1097158) 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=89
 2018-08-23 13:50:43 +00:00
Adam Majer
78e90cf35f - openssl_1_0_2p.patch: deps: Upgrade to OpenSSL 1.0.2p, fixing: 
* Client DoS due to large DH parameter (CVE-2018-0732)
  * ECDSA key extraction via local side-channel

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=88
 2018-08-23 13:47:54 +00:00
Adam Majer
642428b270 - CVE-2018-12115.patch: buffer: avoid overrun on UCS-2 string write 
(CVE-2018-12115, bsc#1105019)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=87
 2018-08-20 10:25:03 +00:00
Adam Majer
c76f170bd4 - Ensure neutrality of description. 
- Use %make_install.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=86
 2018-08-13 11:25:20 +00:00
Adam Majer
0ee9ab9b67 - Recommend same major version npm package (bsc#1097748) 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=85
 2018-06-15 12:16:39 +00:00
Adam Majer
20a26881e8 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=83 2018-05-24 14:27:58 +00:00
Adam Majer
32740dfc53 - icu_61_namespacefix.patch: Fix building with ICU61.1 (bsc#1091764) 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=81
 2018-05-16 11:22:28 +00:00
Adam Majer
04e3f5cc9f Use %license to install license 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=79
 2018-04-05 07:23:57 +00:00
Adam Majer
6bea4de185 fix node-gyp permissions 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=78
 2018-04-04 13:31:19 +00:00
Adam Majer
8c8ed57248 security updates mostly, 
+ Fix for inspector DNS rebinding vulnerability
  (bsc#1087463, CVE-2018-7160)
+ Fix for 'path' module regular expression
  denial of service (bsc#1087459, CVE-2018-7158)
+ Reject spaces in HTTP Content-Length header
  values (bsc#1087453, CVE-2018-7159)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=77
 2018-04-03 11:21:08 +00:00
Adam Majer
d77a04dbdb - remove any old manpage files in %pre from before update-alternatives 
were used to manage symlinks to these manpages.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=74
 2018-03-22 13:26:54 +00:00
Adam Majer
72b14ddf6d Fix changelog 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=73
 2018-02-13 08:49:56 +00:00
Adam Majer
43f467e072 - Add Recommends and BuildRequire on python2 for npm. node-gyp 
requires this old version of python for now. This is only needed
  for binary modules.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=72
 2018-02-13 08:45:48 +00:00
Adam Majer
d7f7992326 - Use gcc7 on Leap 42.3 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=71
 2018-02-07 14:08:37 +00:00
Adam Majer
4edb15da9f - even on recent codestreams there is no binutils gold on s390 
only on s390x

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=70
 2018-01-31 08:59:54 +00:00
Adam Majer
dd4e7eb08e OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=69 2018-01-29 12:56:22 +00:00
Joachim Gleissner
a85db52787 Accepting request 424018 from home:adamm 
NodeJS 4.x LTS

OBS-URL: https://build.opensuse.org/request/show/424018
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=1
 2016-09-06 10:52:46 +00:00