Overview Repositories Revisions Requests Users Attributes Meta

Revisions of nodejs20

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1166624 from Adam Majer's avatar Adam Majer (adamm) (revision 23) 
- Update to 20.12.1:
  * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
    leads to HTTP/2 server crash- (High) (bsc#1222244)
  * CVE-2024-27982 - HTTP Request Smuggling via Content Length
    Obfuscation- (Medium) (bsc#1222384)
  * updated dependencies:
    + llhttp version 9.2.1
    + undici version 5.28.4 (bsc#1222530, bsc#1222603, 
      CVE-2024-30260, CVE-2024-30261)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts
- fix_ci_tests.patch: add benchmark fix

- Update to 20.12.0:
  * crypto: implement crypto.hash()
  * util: add loading and parsing environment variables
  * new connection attempt events: connectionAttempt,
    connectionAttemptFailed, connectionAttemptTimeout
  * sea: support embedding assets
  * support configurable snapshot through --build-snapshot-config flag
  * util.styleText(format, text): This function returns a formatted
    text considering the format passed.
  * vm: support using the default loader to handle dynamic import()
- c-ares-fixes.patch: removed, upstreamed
- nodejs-libpath.patch, versioned.patch: refreshed

  * libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1147152 from Adam Majer's avatar Adam Majer (adamm) (revision 22) 
- Update to 20.11.1: (security updates)
  * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High)
  * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High)
  * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High)
  * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
  * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
  * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
  * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  * undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
  * libuv version 1.48.0 (CVE-2024-24806, bsc#1219724)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1146411 from Adam Majer's avatar Adam Majer (adamm) (revision 21) 
- update to 20.11.0:
  * esm: add import.meta.dirname and import.meta.filename
  * fs: add c++ fast path for writeFileSync utf8
  * module: remove useCustomLoadersIfPresent flag
  * module: bootstrap module loaders in shadow realm
  * src: add --disable-warning option
  * src: create per isolate proxy env template
  * src: make process binding data weak
  * stream: use Array for Readable buffer
  * stream: optimize creation
  * test_runner: adds built in lcov reporter
  * test_runner: add Date to the supported mock APIs
  * test_runner, cli: add --test-timeout flag
- c-ares-fixes.patch, fix_ci_tests.patch: refreshed
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1142218 from Adam Majer's avatar Adam Majer (adamm) (revision 20) 
- fix_ci_tests.patch: disable test_crypto_fips for openssl 3.x,
  to be fixed soon (bsc#1219152)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1137592 from Adam Majer's avatar Adam Majer (adamm) (revision 19) 
- c-ares-fixes.patch: add additional backports for unit test fixes
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1136241 from Adam Majer's avatar Adam Majer (adamm) (revision 18) 
- c-ares-fixes.patch: fixes unit tests for new c-ares
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1133875 from Adam Majer's avatar Adam Majer (adamm) (revision 17) 
- Update to 20.10.0:
  * --experimental-default-type flag to flip module defaults
  * The new flag --experimental-detect-module can be used to
  automatically run ES modules when their syntax can be detected.
  * Added flush option in file system functions for fs.writeFile functions
  * Added experimental WebSocket client
  * vm: fix V8 compilation cache support for vm.Script. This fixes
  performance regression since v16.x when support for
  importModuleDynamically was added to vm.Script
For details, see
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.10.0
- nodejs20-zlib-1.3.patch: upstreamed, removed
- fix_ci_tests.patch, node-gyp-addon-gypi.patch: refreshed

- Update to 20.9.0:
  * No changes, just LTS transition
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1120765 from Adam Majer's avatar Adam Majer (adamm) (revision 16) 
- fix_ci_tests.patch: adapt for openssl 3.1.4
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1120018 from Adam Majer's avatar Adam Majer (adamm) (revision 15) 
--------------------------------------------------------------------
- Add nodejs20-zlib-1.3.patch: Support zlib version with only
  major.minor versions, like zlib 1.3.
------------------------------------------------------------------
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1118025 from Adam Majer's avatar Adam Majer (adamm) (revision 14) 
- Security fixes relase 20.8.1
  * (CVE-2023-44487, bsc#1216190): nghttp2 Security Release
  * (CVE-2023-45143, bsc#1216205): undici Security Release
  * (CVE-2023-39332, bsc#1216271): Path traversal through path stored in Uint8Array
  * (CVE-2023-39331, bsc#1216270): Permission model improperly protects against path traversal
  * (CVE-2023-38552, bsc#1216272): Integrity checks according to policies can be circumvented
  * (CVE-2023-39333, bsc#1216273): Code injection via WebAssembly export names
- fix_ci_tests.patch: refreshed
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1116076 from Adam Majer's avatar Adam Majer (adamm) (revision 13) 
- Update to 20.8.0:
  * Stream performance improvements
  * Rework of memory management in vm APIs with the importModuleDynamically
    option
  * test_runner:
    + accept testOnly in run
    + add junit reporter
- fix_ci_tests.patch: refreshed
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1112341 from Adam Majer's avatar Adam Majer (adamm) (revision 12) 
- Update to 20.7.0:
  * src: support multiple --env-file declarations
  * deps: upgrade npm to 10.1.0
  * doc: move and rename loaders section
  * lib: add api to detect whether source-maps are enabled
  * src,permission: add multiple allow-fs-* flags
  * test_runner: expose location of tests
- z13.patch: upstreamed

- Update to 20.6.1:
  * f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: removed, upstreamed
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1109713 from Adam Majer's avatar Adam Majer (adamm) (revision 11) 
- f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: fixes issues with
  Angular and other software that tries to load ECM modules in
  somewhat circular fashion ending up with multiple executions.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1109025 from Adam Majer's avatar Adam Majer (adamm) (revision 10) 
- Update to 20.6.0:
  * add support for .env files to configure envrionment variables
  * import.meta.resolve unflagged
  * deps: npm updated to 9.8.1
- nodejs.keyring: updated to include current upstream releasers
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1105924 from Adam Majer's avatar Adam Majer (adamm) (revision 9) 
- Temporarily bundle ICU for SLE15 SP6 (jsc#PED-4819)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1103349 from Adam Majer's avatar Adam Majer (adamm) (revision 8) 
- Update to version 20.5.1:
  * (CVE-2023-32002, bsc#1214150): Policies can be bypassed
     via Module._load (High)
  * (CVE-2023-32558, bsc#1214155): process.binding() can bypass
     the permission model through path traversal (High)
  * (CVE-2023-32004, bsc#1214152): Permission model can be bypassed
     by specifying a path traversal sequence in a Buffer (High)
  * (CVE-2023-32006, bsc#1214156): Policies can be bypassed
     by module.constructor.createRequire (Medium)
  * (CVE-2023-32559, bsc#1214154): Policies can be bypassed
     via process.binding (Medium)
  * (CVE-2023-32005, bsc#1214153): fs.statfs can bypass
     the permission model (Low)
  * (CVE-2023-32003, bsc#1214151): fs.mkdtemp() and fs.mkdtempSync()
     can bypass the permission model (Low)
- Changes in 20.5.0:
  * events: allow safely adding listener to abortSignal
  * fs: add a fast-path for readFileSync utf-8
  * test_runner: add shards support
- Changes in 20.4.0:
  * tls: add ALPNCallback server option for dynamic ALPN negotiation
  * adds support for ECMAScript Explicit Resource Management
  * adds Mock Timer support to test module
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.5.1
versioned.patch: refreshed
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1094364 from Adam Majer's avatar Adam Majer (adamm) (revision 7) 
- Update to version 20.3.1 (security fixes only). The following
  CVEs are fixed in this release:
  * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass
    Experimental Policy Mechanism (High)
  * (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in
    Experimental Permission Model (High)
  * (CVE-2023-30587, bsc#1212576): Bypass of Experimental
    Permission Model via Node.js Inspector (High)
  * (CVE-2023-30582, bsc#1212577): Inadequate Permission Model
    Allows Unauthorized File Watching (Medium)
  * (CVE-2023-30583, bsc#1212578): Bypass of Experimental
    Permission Model via fs.openAsBlob() (Medium)
  * (CVE-2023-30585, bsc#1212579): Privilege escalation via
    Malicious Registry Key manipulation during Node.js
    installer repair process (Medium)
  * (CVE-2023-30586, bsc#1212580): Bypass of Experimental
    Permission Model via Arbitrary OpenSSL Engines (Medium)
  * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid
    Public Key information in x509 certificates (Medium)
  * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via
    Empty headers separated by CR (Medium)
  * (CVE-2023-30590, bsc#1212583): DiffieHellman does not
    generate keys after setting a private key (Medium)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1093316 from Adam Majer's avatar Adam Majer (adamm) (revision 6) 
- Update to version 20.3.0:
  * deps: upgrade to libuv 1.45.0, including significant performance
    improvements to file system operations on Linux
  * module: change default resolver to not throw on unknown scheme
  * stream: deprecate asIndexedPairs
- versioned.patch, fix_ci_tests.patch: refreshed
- openssl3_1-adapt_tests.patch: upstreamed and removed
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.3.0
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1089598 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 5) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1087954 from Adam Majer's avatar Adam Majer (adamm) (revision 4) 
- Update to version 20.2.0:
  * http: prevent writing to the body when not allowed by HTTP spec
  * sea: add option to disable the experimental SEA warning
  * test_runner: add skip, todo, and only shorthands to test
  * url: add value argument to URLSearchParams has and delete methods
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.2.0
Displaying revisions 1 - 20 of 23
openSUSE Build Service is sponsored by
Places