Revisions of nodejs20
buildservice-autocommit
accepted
request 1166624
from
Adam Majer (adamm)
(revision 79)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 78)
- fix_ci_tests.patch: add benchmark fix
Adam Majer (adamm)
committed
(revision 77)
+ undici version 5.28.4 (bsc#1222530, bsc#1222603, CVE-2024-30260, CVE-2024-30261)
Adam Majer (adamm)
committed
(revision 76)
Adam Majer (adamm)
committed
(revision 75)
- Update to 20.12.1: * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) (bsc#1222244) * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation- (Medium) (bsc#1222384) * updated dependencies: + llhttp version 9.2.1 + undici version 5.28.4 (bsc#1222530, CVE-2024-30260)
Adam Majer (adamm)
committed
(revision 74)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts
Adam Majer (adamm)
committed
(revision 73)
Adam Majer (adamm)
committed
(revision 72)
Adam Majer (adamm)
committed
(revision 71)
Adam Majer (adamm)
committed
(revision 70)
- Update to 20.12.0: * crypto: implement crypto.hash() * util: add loading and parsing environment variables * new connection attempt events: connectionAttempt, connectionAttemptFailed, connectionAttemptTimeout * sea: support embedding assets * support configurable snapshot through --build-snapshot-config flag * util.styleText(format, text): This function returns a formatted text considering the format passed. * vm: support using the default loader to handle dynamic import() - c-ares-fixes.patch: removed, upstreamed - nodejs-libpath.patch, versioned.patch: refreshed * libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)
buildservice-autocommit
accepted
request 1147152
from
Adam Majer (adamm)
(revision 69)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 68)
- Update to 20.11.1: (security updates) * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High) * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High) * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High) * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) * undici version 5.28.3 (CVE-2024-24758, bsc#1220017) * libuv version 1.48.0 (CVE-2024-24806, bsc#1219724)
buildservice-autocommit
accepted
request 1146411
from
Adam Majer (adamm)
(revision 67)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 66)
- c-ares-fixes.patch, fix_ci_tests.patch: refreshed
Adam Majer (adamm)
committed
(revision 65)
Adam Majer (adamm)
committed
(revision 64)
- update to 20.11.0: * esm: add import.meta.dirname and import.meta.filename * fs: add c++ fast path for writeFileSync utf8 * module: remove useCustomLoadersIfPresent flag * module: bootstrap module loaders in shadow realm * src: add --disable-warning option * src: create per isolate proxy env template * src: make process binding data weak * stream: use Array for Readable buffer * stream: optimize creation * test_runner: adds built in lcov reporter * test_runner: add Date to the supported mock APIs * test_runner, cli: add --test-timeout flag - c-ares-fixes.patch: refreshed
buildservice-autocommit
accepted
request 1142218
from
Adam Majer (adamm)
(revision 63)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 62)
to be fixed soon (bsc#1219152)
Adam Majer (adamm)
committed
(revision 61)
- fix_ci_tests.patch: disable test_crypto_fips for openssl 3.x, to be fixed soon
buildservice-autocommit
accepted
request 1137592
from
Adam Majer (adamm)
(revision 60)
baserev update by copy to link target
Displaying revisions 1 - 20 of 79