NodeJS 16.x
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md
LTS release codestream
-
4
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout devel:languages:nodejs/nodejs16 && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| SHASUMS256.txt | 0000003153 3.08 KB | |
| SHASUMS256.txt.sig | 0000000438 438 Bytes | |
| _constraints | 0000000603 603 Bytes | |
| bash_output_helper.bash | 0000000306 306 Bytes | |
| cares_public_headers.patch | 0000000343 343 Bytes | |
| fix_ci_tests.patch | 0000004061 3.97 KB | |
| flaky_test_rerun.patch | 0000000670 670 Bytes | |
| legacy_python.patch | 0000000705 705 Bytes | |
| linker_lto_jobs.patch | 0000001927 1.88 KB | |
| manual_configure.patch | 0000000760 760 Bytes | |
| node-gyp-addon-gypi.patch | 0000003135 3.06 KB | |
| node-gyp_7.1.2.tar.xz | 0000331224 323 KB | |
| node-v16.20.1.tar.xz | 0035556440 33.9 MB | |
| node_modules.tar.xz | 0000949308 927 KB | |
| nodejs-libpath.patch | 0000002020 1.97 KB | |
| nodejs.keyring | 0000055415 54.1 KB | |
| nodejs16.changes | 0000016987 16.6 KB | |
| nodejs16.spec | 0000037436 36.6 KB | |
| npm_search_paths.patch | 0000001180 1.15 KB | |
| openssl_binary_detection.patch | 0000001621 1.58 KB | |
| rsa-pss-revert.patch | 0000019489 19 KB | |
| skip_no_console.patch | 0000000973 973 Bytes | |
| sle12_python3_compat.patch | 0000001624 1.59 KB | |
| test-skip-y2038-on-32bit-time_t.patch | 0000001844 1.8 KB | |
| update_npm_tarball.sh | 0000000292 292 Bytes | |
| versioned.patch | 0000017970 17.5 KB |
Revision 96 (latest revision is 102)
Adam Majer (adamm)
committed
(revision 96)
- Update to version 16.20.1 (security fixes only). The following
CVEs are fixed in this release:
* (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass
Experimental Policy Mechanism (High)
* (CVE-2023-30585, bsc#1212579): Privilege escalation via
Malicious Registry Key manipulation during Node.js
installer repair process (Medium)
* (CVE-2023-30588, bsc#1212581): Process interuption due to invalid
Public Key information in x509 certificates (Medium)
* (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via
Empty headers separated by CR (Medium)
* (CVE-2023-30590, bsc#1212583): DiffieHellman does not
generate keys after setting a private key (Medium)
* deps: update c-ares to 1.19.1: c-ares security issues fixed:
+ CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
(bsc#1211604)
+ CVE-2023-31147 Moderate. Insufficient randomness in generation
of DNS query IDs (bsc#1211605)
+ CVE-2023-31130. Moderate. Buffer Underwrite in
ares_inet_net_pton() (bsc#1211606)
+ CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
during cross compilation (bsc#1211607)
- fix_ci_tests.patch: increase default timeout on unit tests
to 20min from 2min. This seems to have lead to build failures
on some platforms, like s390x in Factory. (bsc#1211407)
Comments 9
Last update breaks build of Leap. Can someone please fix it?
They use an OpenSSL function not available on Leap. I've submitted a request to add this function to our OpenSSL but this may take a few days or weeks.
Bug 1192489 - openssl: backport RSA_get0_pss_params() to 1.1.1d
In the meantime, one workaround is to revert the change that added usage of this one function. Is this sufficient for now?
I have fixed it for me with add rsa-pss-revert.patch again.
Sounds good. I will activate that patch for Leap on next version update. Should be in a day or two.
The best would be to use the revert patch as it makes it possible to build on more distributions not just the ones which get a backport.
40670.patch should be deleted. This blocks Factory submission.
Last changes from nodejs16 breaks building Leap packages. Where is the unresolved package openssl-has-RSA_get0_pss_params? Can someone fix build errror for Leap, please?
Please remove fedora build, it breaks dependency resolution
Fixed by project config