NodeJS 16.x
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md
LTS release codestream
-
4
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout devel:languages:nodejs/nodejs16 && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
SHASUMS256.txt | 0000003153 3.08 KB | |
SHASUMS256.txt.sig | 0000000438 438 Bytes | |
_constraints | 0000000603 603 Bytes | |
bash_output_helper.bash | 0000000306 306 Bytes | |
cares_public_headers.patch | 0000000343 343 Bytes | |
fix_ci_tests.patch | 0000004061 3.97 KB | |
flaky_test_rerun.patch | 0000000670 670 Bytes | |
legacy_python.patch | 0000000705 705 Bytes | |
linker_lto_jobs.patch | 0000001927 1.88 KB | |
manual_configure.patch | 0000000760 760 Bytes | |
node-gyp-addon-gypi.patch | 0000003135 3.06 KB | |
node-gyp_7.1.2.tar.xz | 0000331224 323 KB | |
node-v16.20.1.tar.xz | 0035556440 33.9 MB | |
node_modules.tar.xz | 0000949308 927 KB | |
nodejs-libpath.patch | 0000002020 1.97 KB | |
nodejs.keyring | 0000055415 54.1 KB | |
nodejs16.changes | 0000016987 16.6 KB | |
nodejs16.spec | 0000037436 36.6 KB | |
npm_search_paths.patch | 0000001180 1.15 KB | |
openssl_binary_detection.patch | 0000001621 1.58 KB | |
rsa-pss-revert.patch | 0000019489 19 KB | |
skip_no_console.patch | 0000000973 973 Bytes | |
sle12_python3_compat.patch | 0000001624 1.59 KB | |
test-skip-y2038-on-32bit-time_t.patch | 0000001844 1.8 KB | |
update_npm_tarball.sh | 0000000292 292 Bytes | |
versioned.patch | 0000017970 17.5 KB |
Revision 96 (latest revision is 102)
Adam Majer (adamm)
committed
(revision 96)
- Update to version 16.20.1 (security fixes only). The following CVEs are fixed in this release: * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass Experimental Policy Mechanism (High) * (CVE-2023-30585, bsc#1212579): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid Public Key information in x509 certificates (Medium) * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via Empty headers separated by CR (Medium) * (CVE-2023-30590, bsc#1212583): DiffieHellman does not generate keys after setting a private key (Medium) * deps: update c-ares to 1.19.1: c-ares security issues fixed: + CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service (bsc#1211604) + CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs (bsc#1211605) + CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) + CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - fix_ci_tests.patch: increase default timeout on unit tests to 20min from 2min. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407)
Comments 9
Last update breaks build of Leap. Can someone please fix it?
They use an OpenSSL function not available on Leap. I've submitted a request to add this function to our OpenSSL but this may take a few days or weeks.
Bug 1192489 - openssl: backport RSA_get0_pss_params() to 1.1.1d
In the meantime, one workaround is to revert the change that added usage of this one function. Is this sufficient for now?
I have fixed it for me with add rsa-pss-revert.patch again.
Sounds good. I will activate that patch for Leap on next version update. Should be in a day or two.
The best would be to use the revert patch as it makes it possible to build on more distributions not just the ones which get a backport.
40670.patch should be deleted. This blocks Factory submission.
Last changes from nodejs16 breaks building Leap packages. Where is the unresolved package openssl-has-RSA_get0_pss_params? Can someone fix build errror for Leap, please?
Please remove fedora build, it breaks dependency resolution
Fixed by project config