Revisions of nodejs21
buildservice-autocommit
accepted
request 1166607
from
Adam Majer (adamm)
(revision 28)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 27)
* Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash (High) (bsc#1222244, CVE-2024-27983) * HTTP Request Smuggling via Content Length Obfuscation (Medium) (bsc#1222384, CVE-2024-27982) + undici version 6.11.1 (bsc#1222530, bsc#1222603, CVE-2024-30260, CVE-2024-30261)
Adam Majer (adamm)
committed
(revision 26)
- Update to 21.7.2: * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) (bsc#1222244) * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation- (Medium) (bsc#1222384) * updated dependencies: + llhttp version 9.2.1 + undici version 6.11.1 (bsc#1222530, CVE-2024-30260) - node-gyp-addon-gypi.patch: adapted for new unit test layouts
Adam Majer (adamm)
committed
(revision 25)
- node-gyp-addon-gypi.patch: refreshed
Adam Majer (adamm)
committed
(revision 24)
Adam Majer (adamm)
committed
(revision 23)
Adam Majer (adamm)
committed
(revision 22)
Adam Majer (adamm)
committed
(revision 21)
- Update to 21.7.1 * revert "test_runner: do not invoke after hook when test is empty" * lib: return directly if udp socket close before lookup - Changes in 21.7.0 * util.styleText(format, text): This function returns a formatted text considering the format passed. * support for multi-line values for .env file * sea: support embedding assets * vm: support using the default loader to handle dynamic import() * crypto: implement crypto.hash() * http2: add h2 compat support for appendHeader - versioned.patch, nodejs-libpath.patch: refreshed - c-ares-fixes.patch: upstreamed, removed - Add libalternative config for corepack
buildservice-autocommit
accepted
request 1147153
from
Adam Majer (adamm)
(revision 20)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 19)
- Update to 21.6.2: (security updates) * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High) * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High) * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High) * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) * undici version 5.28.3 (CVE-2024-24758, bsc#1220017) * libuv version 1.48.0
buildservice-autocommit
accepted
request 1146410
from
Adam Majer (adamm)
(revision 18)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 17)
Adam Majer (adamm)
committed
(revision 16)
- Update to 21.6.1: * Revert "stream: fix cloned webstreams not being unref'd" - Changes in 21.6.0: * New connection attempt events * --allow-addons to enable addon usage when using the Permission Model. * Support configurable snapshot through --build-snapshot-config flag - fix_ci_tests.patch: refreshed
buildservice-autocommit
accepted
request 1137596
from
Adam Majer (adamm)
(revision 15)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 14)
- Update to 21.5.0: * module: merge config with package_json_reader * src: move package resolver to c++ * doc: + deprecate hash constructor + deprecate dirent.path - linker_lto_jobs.patch: refreshed
buildservice-autocommit
accepted
request 1136239
from
Adam Majer (adamm)
(revision 13)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 12)
- c-ares-fixes.patch: fixes unit tests for new c-ares
buildservice-autocommit
accepted
request 1133448
from
Adam Majer (adamm)
(revision 11)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 10)
Adam Majer (adamm)
committed
(revision 9)
- Update to 21.4.0: * fs: introduce dirent.parentPath * fs: use default w flag for writeFileSync with utf8 encoding - Changes in 21.3.0: * New --disable-warning flag * Fast fs.writeFileSync with UTF-8 Strings For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V21.md#21.4.0 - fix_ci_tests.patch: added workaround for missing deps
Displaying revisions 1 - 20 of 28