OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=110
575 lines
23 KiB
Plaintext
575 lines
23 KiB
Plaintext
-------------------------------------------------------------------
|
|
Tue Jan 7 13:12:10 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Really disable LTO when required (nodejs < 12)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 29 09:01:42 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
|
|
|
- CVE-2019-13173.patch: fix potential file overwrite via hardlink
|
|
in fstream.DirWriter() function (bsc#1140290, CVE-2019-13173)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 1 13:53:57 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
|
|
|
Backport security fixes from NodeJS 6.x:
|
|
* deps: upgrade OpenSSL source to 1.0.2r. Under certain
|
|
circumstances, a TLS server can be forced to respond differently
|
|
to a client if a zero-byte record is received with an
|
|
invalid padding compared to a zero-byte record with an
|
|
invalid MAC. This can be used as the basis of a padding
|
|
oracle attack to decrypt data.
|
|
(openssl_1_0_2r.patch - CVE-2019-1559, bsc#1127080)
|
|
* http: (http-keep-alive.patch)
|
|
+ Backport server.keepAliveTimeout to prevent keep-alive
|
|
HTTP and HTTPS connections remaining open and inactive for
|
|
an extended period of time, leading to a potential
|
|
Denial of Service (DoS).
|
|
(CVE-2019-5739, bsc#1127533)
|
|
+ Further prevention of "Slowloris" attacks on HTTP and HTTPS
|
|
connections by consistently applying the receive timeout set
|
|
by server.headersTimeout to connections in keep-alive mode.
|
|
(CVE-2019-5737, bsc#1127532)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 1 12:40:17 UTC 2019 - adam.majer@suse.de
|
|
|
|
- nodejs.keyring: update keyring to today's list as per
|
|
https://github.com/nodejs/node
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 9 14:19:07 UTC 2019 - adam.majer@suse.de
|
|
|
|
Backport security fixes from NodeJS 6.x:
|
|
* debugger: prevent the debugger from listening on 0.0.0.0.
|
|
It now defaults to 127.0.0.1.
|
|
CVE-2018-12120.patch - (CVE-2018-12120, bsc#1117625)
|
|
* cli: add --max-http-header-size flag (max_header_size.patch)
|
|
* deps: upgrade OpenSSL sources to 1.0.2q
|
|
(openssl_1_0_2q.patch - CVE-2018-0734, bsc#1113652,
|
|
CVE-2018-5407, bsc#1113534)
|
|
* http:
|
|
+ add maxHeaderSize property (max_header_size.patch)
|
|
+ Headers received by HTTP servers must not exceed 8192 bytes
|
|
in total to prevent possible Denial of Service attacks.
|
|
(CVE-2018-12121.patch - CVE-2018-12121, bsc#1117626)
|
|
+ A timeout of 40 seconds now applies to servers receiving
|
|
HTTP headers. This value can be adjusted with
|
|
server.headersTimeout. Where headers are not completely
|
|
received within this period, the socket is destroyed on
|
|
the next received chunk. In conjunction with
|
|
server.setTimeout(), this aids in protecting against
|
|
excessive resource retention and possible Denial of Service.
|
|
(CVE-2018-12122.patch - CVE-2018-12122, bsc#1117627)
|
|
+ Two-byte characters are now strictly disallowed for the path
|
|
option in HTTP client requests. Paths containing characters
|
|
outside of the range \u0021 - \u00ff will now be rejected
|
|
with a TypeError. This behavior can be reverted if necessary
|
|
by supplying the --security-revert=CVE-2018-12116 command
|
|
line argument (this is not recommended).
|
|
(CVE-2018-12116.patch - CVE-2018-12116, bsc#1117630)
|
|
* util: Fix a bug that would allow a hostname being spoofed when
|
|
parsing URLs with url.parse() with the 'javascript:' protocol.
|
|
(CVE-2018-12123.patch - CVE-2018-12123, bnc#1117629)
|
|
|
|
- env_shebang.patch: dropped in favour of programmatic update
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 26 14:06:57 UTC 2018 - adam.majer@suse.de
|
|
|
|
- flaky_test_rerun.patch: Rerun failing tests in case of flakiness
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 5 12:12:20 UTC 2018 - adam.majer@suse.de
|
|
|
|
- fix_ci_tests.patch: skip parallel/test-tick-processor on arm.
|
|
Unreliable test in shared environment.
|
|
- enable unit tests build failures
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 1 13:35:32 UTC 2018 - adam.majer@suse.de
|
|
|
|
- test-ca-bumps.patch: update certificates used in unit tests
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 23 13:44:19 UTC 2018 - adam.majer@suse.de
|
|
|
|
- CVE-2018-12115.patch: buffer: avoid overrun on UCS-2 string write
|
|
(CVE-2018-12115, bsc#1105019)
|
|
- openssl_1_0_2p.patch: deps: Upgrade to OpenSSL 1.0.2p, fixing:
|
|
* Client DoS due to large DH parameter (CVE-2018-0732, bsc#1097158)
|
|
* ECDSA key extraction via local side-channel
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jul 29 10:47:39 UTC 2018 - jengelh@inai.de
|
|
|
|
- Ensure neutrality of description.
|
|
- Use %make_install.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 15 12:03:47 UTC 2018 - adam.majer@suse.de
|
|
|
|
- Recommend same major version npm package (bsc#1097748)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 24 14:17:25 UTC 2018 - adam.majer@suse.de
|
|
|
|
- env_shebang.patch: use absolute paths in executable shebang lines
|
|
- versioned.patch: updated to move shebang modifications to above
|
|
patch.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 11 12:36:51 UTC 2018 - adam.majer@suse.de
|
|
|
|
- icu_61_namespacefix.patch: Fix building with ICU61.1 (bsc#1091764)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 5 07:18:42 UTC 2018 - adam.majer@suse.de
|
|
|
|
- Install license with %license, not %doc (bsc#1082318)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 4 13:29:24 UTC 2018 - adam.majer@suse.de
|
|
|
|
- Fix some node-gyp permissions
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 3 11:03:14 UTC 2018 - adam.majer@suse.de
|
|
|
|
- New upstream maintenance 4.9.1:
|
|
* Security fixes:
|
|
+ Fix for 'path' module regular expression denial of service
|
|
(bsc#1087459, CVE-2018-7158)
|
|
+ Reject spaces in HTTP Content-Length header values
|
|
(bsc#1087453, CVE-2018-7159)
|
|
* Upgrade to OpenSSL 1.0.2o
|
|
* deps: reject interior blanks in Content-Length
|
|
* deps: upgrade http-parser to v2.8.0
|
|
- fix_ci_tests.patch: refreshed
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 22 13:17:38 UTC 2018 - adam.majer@suse.de
|
|
|
|
- remove any old manpage files in %pre from before update-alternatives
|
|
were used to manage symlinks to these manpages.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 13 08:40:52 UTC 2018 - adam.majer@suse.de
|
|
|
|
- Add Recommends and BuildRequire on python2 for npm. node-gyp
|
|
requires this old version of python for now. This is only needed
|
|
for binary modules.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 30 18:10:06 CET 2018 - ro@suse.de
|
|
|
|
- even on recent codestreams there is no binutils gold on s390
|
|
only on s390x
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 21 12:53:36 UTC 2017 - adam.majer@suse.de
|
|
|
|
- Enable CI tests in %check target
|
|
+ fix_ci_ssl_tests.patch: Disable testing of obsolete curves
|
|
which are not enabled OpenSUSE's OpenSSL library
|
|
+ fix_ci_tests.patch:
|
|
- DNS queries in buildroots are failing with EAI_AGAIN
|
|
- disable test-module-loading-globalpaths.js - we have
|
|
hardcoded global paths
|
|
+ versioned.patch: call versioned node binary for tests
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Dec 9 03:22:01 UTC 2017 - qantas94heavy@gmail.com
|
|
|
|
- New upstream maintenance release 4.8.7:
|
|
* deps/openssl: updated to 1.0.2n (only applies to SLE 12 SP1
|
|
and lower) (bsc#1072322)
|
|
[ CVE-2017-3738 CVE-2017-15896 ]
|
|
- Remove unnecessary curl BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 29 01:41:56 UTC 2017 - qantas94heavy@gmail.com
|
|
|
|
- Change BuildRequires from openssl-devel to libopenssl-1_0_0-devel
|
|
due to Tumbleweed/Leap 15 change to OpenSSL 1.1.0 as default
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 16 13:16:25 UTC 2017 - adam.majer@suse.de
|
|
|
|
- Update nodejs.keyring based on current Release Team as found on
|
|
https://github.com/nodejs/node#release-team
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 13 14:29:47 UTC 2017 - adam.majer@suse.de
|
|
|
|
- Fix permissions of node-gyp. This should be executable to allow
|
|
building of binary node modules.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 13 10:12:07 UTC 2017 - adam.majer@suse.de
|
|
|
|
- New upstream maintenance release 4.8.6:
|
|
* crypto: upgrade openssl sources to 1.0.2m
|
|
[OpenSSL Security Advisory (bsc#1066242, bsc#1056058)
|
|
CVE-2017-3735 CVE-2017-3736]
|
|
* deps: add support for more modern versions of INTL
|
|
- 0f3e69db.patch: removed, upstreamed
|
|
- icu59.patch: removed, upstreamed
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 25 07:02:20 UTC 2017 - qantas94heavy@gmail.com
|
|
|
|
- New upstream maintenance release 4.8.5:
|
|
* zlib: (CVE-2017-14919: only affects TW) In zlib v1.2.9, a
|
|
change was made that causes an exception to be thrown when a
|
|
raw deflate stream is initialized with windowBits set to 8.
|
|
Node.js will now gracefully set windowBits to 9 (replicating
|
|
the legacy behavior) to avoid a DOS vector.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 19 08:07:05 UTC 2017 - adam.majer@suse.de
|
|
|
|
- Replace {{node_version_major}} with RPM define %node_version_number
|
|
for simpler spec file review.
|
|
- Make sure npm program remains executable
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 2 15:16:57 UTC 2017 - adam.majer@suse.de
|
|
|
|
- Fix update-alternative handling in %postun - don't remove
|
|
links on upgrades.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 12 08:17:53 UTC 2017 - adam.majer@suse.de
|
|
|
|
- New LTS upstream version 4.8.4
|
|
* v8: disable V8 snapshots. The hashseed embedded in the snapshot
|
|
is currently the same for all runs of the binary. This opens
|
|
node up to collision attacks which could result in a Denial
|
|
of Service. We have temporarily disabled snapshots until a more
|
|
robust solution is found (bnc#1048299, CVE-2017-11499).
|
|
* http: fixes http.get with numeric authorization options that
|
|
created/used uninitialized buffers as the authentication string
|
|
* The c-ares function ares_parse_naptr_reply(), which is used for
|
|
parsing NAPTR responses, could be triggered to read memory
|
|
outside of the given input buffer if the passed in DNS response
|
|
packet was crafted in a particular way.
|
|
(CVE-2017-1000381, bnc#1044946)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 7 14:05:05 UTC 2017 - adam.majer@suse.de
|
|
|
|
- Depend on nodejs-common that is then used to pick correctly
|
|
versioned node or npm binary. This is required since 3rd party
|
|
modules use `/usr/bin/env node` which breaks if multiple versions
|
|
of NodeJS are installed at the same time and non-default version
|
|
is used (for example, to compile a native module)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 6 12:08:26 UTC 2017 - adam.majer@suse.de
|
|
|
|
- npm_search_paths.patch: Since concurrent installations are now
|
|
possible, node manual pages are moved once again back under npm
|
|
searcheable locations only.
|
|
- versioned.patch: All files are now under versioned directoies
|
|
and names. node and npm symlinks are now managed by
|
|
update-alternatives
|
|
- node-gyp-addon-gypi.patch: Reference versioned directories only
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 13 11:34:35 UTC 2017 - adam.majer@suse.de
|
|
|
|
- Fix typo in node-gyp-addon-gypi.patch patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 30 12:45:42 UTC 2017 - adam.majer@suse.de
|
|
|
|
- 0f3e69db.patch, icu59.patch: GCC 7 compilation fixes for v8
|
|
backported and add missing ICU59 headers (bnc#1041283)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 23 09:54:05 UTC 2017 - adam.majer@suse.de
|
|
|
|
- New upstream LTS release 4.8.3
|
|
* v8: trigger OOM crash if memory allocation fails
|
|
* src: fix base64 decoding in rare edgecase
|
|
* tls:
|
|
+ fix segfault on destroy after partial read
|
|
+ keep track of stream that is closed
|
|
+ TLSSocket emits 'error' on handshake failure
|
|
- nodejs-libpath.patch: updated
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 5 01:37:06 UTC 2017 - qantas94heavy@gmail.com
|
|
|
|
- New upstream maintenance release 4.8.2
|
|
* crypto: fix memory leak if certificate is revoked (#12089)
|
|
|
|
- Changes not applicable to openSUSE in 4.8.2:
|
|
* deps: upgrade zlib to 1.2.11 (#10980)
|
|
|
|
- Changes in LTS release 4.8.1
|
|
* buffer: The performance of .toJSON() is now up to 2859% faster
|
|
on average.
|
|
* IPC: Batched writes have been enabled for process IPC on
|
|
platforms that support Unix Domain Sockets. Performance gains
|
|
may be up to 40% for some workloads.
|
|
* http: Control characters are now always rejected when using
|
|
http.request().
|
|
* node: Heap statistics now support values larger than 4GB.
|
|
|
|
- Modify 8334.diff:
|
|
* Bring patch in line with upstream changes (#8334)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Feb 26 03:00:33 UTC 2017 - qantas94heavy@gmail.com
|
|
|
|
- New upstream LTS release 4.8.0
|
|
* child_process: add shell option to spawn()
|
|
* crypto: add ALPN Support
|
|
* crypto: allow adding extra certs to well-known CAs
|
|
* deps/v8: expose statistics about heap spaces
|
|
* fs: add the fs.mkdtemp() function
|
|
* process: add process.memoryUsage().external
|
|
* process: add process.cpuUsage()
|
|
- Modify 8334.diff:
|
|
* Remove merged reference counting code (#9409)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 3 12:30:12 UTC 2017 - adam.majer@suse.de
|
|
|
|
- New upstream LTS release 4.7.3
|
|
* deps: upgrade openssl sources to 1.0.2k
|
|
(CVE-2017-3731, CVE-2017-3732, CVE-2016-7055,
|
|
bnc#1022085, bnc#1022086, bnc#1009528)
|
|
- No changes in LTS version 4.7.2
|
|
- Adjusted 8334.diff to be inline with accepted changes
|
|
- Merge nodejs4.changes from SLE and devel project
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 6 08:25:14 UTC 2017 - qantas94heavy@gmail.com
|
|
|
|
- Add basic check that Node.js loads successfully to spec file
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 4 02:59:22 UTC 2017 - qantas94heavy@gmail.com
|
|
|
|
- New upstream LTS release 4.7.1
|
|
* build: shared library support is now working for AIX builds
|
|
* repl: passing options to the repl will no longer overwrite
|
|
defaults
|
|
* timers: recanceling a cancelled timers will no longer throw
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 9 04:00:08 UTC 2016 - qantas94heavy@gmail.com
|
|
|
|
- New upstream LTS version 4.7.0
|
|
* build: introduce the configure --shared option for embedders
|
|
* debugger: make listen address configurable in debugger server
|
|
* dgram: generalized send queue to handle close, fixing a
|
|
potential throw when dgram socket is closed in the
|
|
listening event handler
|
|
* http: introduce the 451 status code "Unavailable For
|
|
Legal Reasons"
|
|
* gtest: the test reporter now outputs tap comments as yamlish
|
|
* tls: introduce secureContext for tls.connect (useful for
|
|
caching client certificates, key, and CA certificates)
|
|
* tls: fix memory leak when writing data to TLSWrap instance
|
|
during handshake
|
|
* src: node no longer aborts when c-ares initialization fails
|
|
- Modify 8334.diff:
|
|
* ported and updated system CA store for the new node crypto code
|
|
- Refresh nodejs-libpath.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 1 02:48:44 UTC 2016 - qantas94heavy@gmail.com
|
|
|
|
- New upstream LTS version 4.6.2
|
|
* build:
|
|
+ It is now possible to build the documentation from the release tarball.
|
|
* buffer:
|
|
+ Buffer.alloc() will no longer incorrectly return a zero filled buffer
|
|
when an encoding is passed.
|
|
* deps:
|
|
+ Upgrade npm in LTS to 2.15.11.
|
|
* repl:
|
|
+ Enable tab completion for global properties.
|
|
* url:
|
|
+ url.format() will now encode all "#" in search.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 23 09:00:40 UTC 2016 - adam.majer@suse.de
|
|
|
|
- Add missing conflicts to base package. It's not possible to have
|
|
concurrent nodejs installations.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 18 11:59:06 UTC 2016 - adam.majer@suse.de
|
|
|
|
- Package unification across various branches of NodeJS. Package
|
|
for 4.x, 6.x and current (7.x) branches of NodeJS are now
|
|
handled via GitHub repository.
|
|
- remove support-arm64-build.patch: no longer required
|
|
- remove nodejs-libpath64.patch: obsolete
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 8 14:03:01 UTC 2016 - adam.majer@suse.de
|
|
|
|
- npm4 should provide versioned nodejs-npm and npm allowing
|
|
nodejs-packaging to continue to function properly in Leap 42.2
|
|
(bnc #1009011)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 19 08:16:38 UTC 2016 - qantas94heavy@gmail.com
|
|
|
|
- New upstream LTS version 4.6.1
|
|
* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180
|
|
more information at https://c-ares.haxx.se/adv_20160929.html
|
|
(bnc #1007728)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 4 14:25:04 UTC 2016 - adam.majer@suse.de
|
|
|
|
- npm4 now provides nodejs-npm to ease upgrades for Leap
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 29 08:52:25 UTC 2016 - adam.majer@suse.de
|
|
|
|
- enable usage of system certificate store on SLE11SP4 by
|
|
requiring openssl1 (boo#1000036)
|
|
- nodejs-libpath.patch:
|
|
* adapt patch from main nodejs project so it builds on SLE11
|
|
- New upstream LTS version 4.6.0
|
|
* openssl update (not applicable for SLE12SP2, Leap 42.2 and later)
|
|
+ upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178,
|
|
CVE-2016-6306, CVE-2016-7052)
|
|
+ remove support for dynamic 3rd party engine modules
|
|
* http: Properly validate for allowable characters in input
|
|
user data. This introduces a new case where throw may occur
|
|
when configuring HTTP responses, users should already
|
|
be adopting try/catch here. (CVE-2016-5325, bnc#985201)
|
|
* tls: properly validate wildcard certificates
|
|
(CVE-2016-7099, bnc#1001652)
|
|
* buffer: Zero-fill excess bytes in new Buffer objects created
|
|
with Buffer.concat()
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 26 10:37:38 UTC 2016 - adam.majer@suse.de
|
|
|
|
- New upstream LTS version 4.5.0 (bnc#997405)
|
|
* buffer:
|
|
+ backport new buffer constructor APIs to v4.x
|
|
+ backport --zero-fill-buffers cli option
|
|
+ ignore negative allocation lengths
|
|
* build
|
|
+ add Intel Vtune profiling support
|
|
* repl
|
|
+ copying tabs shouldn't trigger completion
|
|
* src
|
|
+ add node::FreeEnvironment public API
|
|
* test
|
|
+ run v8 tests from node tree
|
|
* V8
|
|
+ Add post mortem data to improve object inspection and
|
|
function's context variables inspection
|
|
* upgrade libuv to 1.9.1
|
|
* upgrade npm to 2.15.9
|
|
- 8334.diff
|
|
* use system CA store instead of one provided by Node
|
|
- Refresh patches
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 10 08:08:38 UTC 2016 - adam.majer@suse.de
|
|
|
|
- use system OpenSSL with Leap 42.2 and SLE12:SP2
|
|
- simplify source code integrity check
|
|
+ use GPG service instead of explicit BR
|
|
+ add empty checksum so GPG service is run - it's not detached signature
|
|
like it thinks it is.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 4 08:02:22 UTC 2016 - adam.majer@suse.de
|
|
|
|
- rename patches to have a .patch suffix, for consistancy
|
|
- npm_search_paths.patch:
|
|
Change defaultPrefix to /usr/local if it is detected to be
|
|
/usr. This is in attempt to prevent globally installed npm-managed
|
|
packages from installing into the zypper managed prefix.
|
|
- refreshed patches support-arm64-build.patch
|
|
- use upstream .xz instead of .gz tarball
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 1 13:35:35 UTC 2016 - adam.majer@suse.de
|
|
|
|
- New upstream version 4.4.7
|
|
* debugger:
|
|
+ All properties of an array (aside from length) can now be printed
|
|
in the repl
|
|
* Upgrade npm to 2.15.8 (Rebecca Turner)
|
|
* Fix for a bug that became more prevalent with the stream changes
|
|
that landed in v4.4.5. (Anna Henningsen). 'reset awaitDrain after manual
|
|
.resume()'
|
|
* V8:
|
|
+ Fix for a bug in crankshaft that was causing crashes on arm64
|
|
(Myles Borins)
|
|
+ Add missing classes to postmortem info such as JSMap and JSSet
|
|
(evan.lucas)
|
|
- Add upstream release keyring
|
|
- Verify upstream sources during %prep
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 27 10:36:14 UTC 2016 - adam.majer@suse.de
|
|
|
|
- Use build flags to enable/disable gdb usage instead of
|
|
configure script. Easier to find and change in future.
|
|
- Fix paths, and have to fix lots of paths because they
|
|
are all more or less hardcoded relative paths.
|
|
- Renumber patches allowing upstream patches to be inserted
|
|
before our own.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 24 15:55:35 UTC 2016 - adam.majer@suse.de
|
|
|
|
- New upstream version 4.4.6
|
|
+ fix buffer overflow vulnerability discovered in v8
|
|
(CVE-2016-1669)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 16 15:06:11 UTC 2016 - adam.majer@suse.de
|
|
|
|
- Change detection of library paths from runtime to compile time.
|
|
nodejs-libpath.patch, nodejs-libpath64.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 15 12:03:10 UTC 2016 - adam.majer@suse.de
|
|
|
|
- This package is in response to FATE#320396 and ECO#317945
|
|
and references bnc#958943
|
|
It's to be part of Web and Scripting Module
|
|
- Use build conditional for intree_openssl
|
|
- Fix permissions of some supplies javascript files - they are
|
|
not executables
|
|
- General cleanup of the package
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 15 11:18:13 UTC 2016 - adam.majer@suse.de
|
|
|
|
- Tighten dependencies so we don't end up with mixed versions
|
|
installed.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 14 16:53:01 UTC 2016 - adam.majer@suse.de
|
|
|
|
- Dedup manpages
|
|
- Conflict with other providers of NodeJS packages. This is
|
|
important if we want to provide NodeJS v6.x branch along with
|
|
v4.x branch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 6 08:44:43 UTC 2016 - adam.majer@suse.de
|
|
|
|
- 'New' package of 4.x LTS branch of NodeJS, based on v6.2.1
|
|
from Tumbleweed
|
|
- Fix search paths to actually look where modules are installed
|
|
|