Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
nodejs16.31118
nodejs16.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nodejs16.changes of Package nodejs16.31118
------------------------------------------------------------------- Tue Oct 17 11:52:34 UTC 2023 - Adam Majer <adam.majer@suse.de> - CVE-2023-38552.patch: Integrity checks according to policies can be circumvented (CVE-2023-38552, bsc#1216272) - CVE-2023-39333.patch, wasm-fixture.tar.gz: Code injection via WebAssembly export names (CVE-2023-39333, bsc#1216273) - CVE-2023-44487.patch: nghttp2 Security Release (CVE-2023-44487, bsc#1216190) - CVE-2023-45143.patch: undici Security Release (CVE-2023-45143, bsc#1216205) - nodejs.keyring: include new releaser keys ------------------------------------------------------------------- Thu Aug 10 14:33:17 UTC 2023 - Adam Majer <adam.majer@suse.de> - Update to LTS version 16.20.2 (security fixes). The following CVE were fixed: * (CVE-2023-32002, bsc#1214150): Policies can be bypassed via Module._load (High) * (CVE-2023-32006, bsc#1214156): Policies can be bypassed by module.constructor.createRequire (Medium) * (CVE-2023-32559, bsc#1214154): Policies can be bypassed via process.binding (Medium) ------------------------------------------------------------------- Wed Jun 21 11:24:39 UTC 2023 - Adam Majer <adam.majer@suse.de> - Update to version 16.20.1 (security fixes only). The following CVEs are fixed in this release: * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass Experimental Policy Mechanism (High) * (CVE-2023-30585, bsc#1212579): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid Public Key information in x509 certificates (Medium) * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via Empty headers separated by CR (Medium) * (CVE-2023-30590, bsc#1212583): DiffieHellman does not generate keys after setting a private key (Medium) * deps: update c-ares to 1.19.1: c-ares security issues fixed: + CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service (bsc#1211604) + CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs (bsc#1211605) + CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) + CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - fix_ci_tests.patch: increase default timeout on unit tests to 20min from 2min. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) ------------------------------------------------------------------- Wed Apr 12 09:12:32 UTC 2023 - Adam Majer <adam.majer@suse.de> - 16.20.0 - Update to LTS version 16.20.0 * deps: + update undici to 5.20.0 + update c-ares to 1.19.0 + upgrade npm to 8.19.4 (bsc#1208744, CVE-2022-25881) - legacy_python.patch, versioned.patch: refreshed ------------------------------------------------------------------- Wed Feb 22 13:42:36 UTC 2023 - Adam Majer <adam.majer@suse.de> - Update to LTS version 16.19.1: * fixes permissions policies can be bypassed via process.mainModule (bsc#1208481, CVE-2023-23918) * fixes insecure loading of ICU data through ICU_DATA environment variable (bsc#1208487, CVE-2023-23920) * fixes OpenSSL error handling issues in nodejs crypto library (bsc#1208483, CVE-2023-23919) * updates undici to v5.19.1 + Fetch API in Node.js did not protect against CRLF injection in host headers + Regular Expression Denial of Service in Headers in Node.js fetch API (bsc#1208413, bsc#1208485, CVE-2023-24807, CVE-2023-23936) ------------------------------------------------------------------- Sat Dec 31 20:54:09 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to LTS version 16.19.0: * dgram: add dgram send queue info * cli: add --watch - systemtap.patch: upstreamed, removed - versioned.patch: refreshed ------------------------------------------------------------------- Fri Dec 23 11:31:12 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org> - Update _constraints: * Less RAM for aarch64 and 32-bit arm * Use 'asimdrdm' cpu flag to use aarch64 workers where tests are more stable ------------------------------------------------------------------- Tue Nov 29 16:34:55 UTC 2022 - Adam Majer <adam.majer@suse.de> - sle12_python3_compat.patch: only apply for older SLE12 codestreams where Python 3.6 is not available. Still worlaround for bsc#1205568 ------------------------------------------------------------------- Wed Nov 23 16:51:08 UTC 2022 - Adam Majer <adam.majer@suse.de> - Workaround bug on SLE12SP5 during source unpack (bsc#1205568) ------------------------------------------------------------------- Mon Nov 7 09:04:49 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to LTS versino 16.18.1: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) - Replace node-gyp for SLE12 with python 3.4 compatible gyp ------------------------------------------------------------------- Thu Oct 13 08:29:08 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to LTS version 16.18.0: * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() * deps: npm updated to 8.19.2 - nodejs-libpath.patch, fix_ci_tests.patch, versioned.patch: refreshed - undici_5.8.1.patch, undici_5.8.2.patch: upstreamed and removed - systemtap.patch: upstream regression ------------------------------------------------------------------- Mon Sep 26 14:20:03 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to Nodejs 16.17.1: * deps: llhttp updated to 6.0.9 + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215, bsc#1201327) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832) * crypto: fix weak randomness in WebCrypto keygen (CVE-2022-35255, bsc#1203831) ------------------------------------------------------------------- Sat Sep 17 10:35:31 UTC 2022 - Bruno Pitrus <brunopitrus@hotmail.com> - Skip test-fs-utimes-y2K38.js on armv6hl as well as armv7hl. ------------------------------------------------------------------- Thu Aug 25 14:10:41 UTC 2022 - Adam Majer <adam.majer@suse.de> - undici_5.8.1.patch, undici_5.8.2.patch: update undici to 5.8.2 (bsc#1202382, CVE-2022-35949, bsc#1202383, CVE-2022-35948) ------------------------------------------------------------------- Tue Aug 16 14:53:04 UTC 2022 - Adam Majer <adam.majer@suse.de> - enable crypto-policies for SLE15 SP4+ and TW (bsc#1200303) - Update to LTS version 16.17.0: * deps: upgrade npm to 8.15.0 * Improved interoperability of the Web Crypto API * Updated Undici to 5.8.0 (bsc#1201710, CVE-2022-31150) For full list of changes, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.17.0 - nodejs-libpath.patch, versioned.patch: refreshed patches ------------------------------------------------------------------- Mon Jul 11 12:07:16 UTC 2022 - Adam Majer <adam.majer@suse.de> - Update to LTS version 16.16.0: * http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) * src: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) ------------------------------------------------------------------- Thu Jun 23 13:42:03 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de> - Update to LTS version 16.15.1 * upgrade npm to 8.11.0 (bsc#1200517, CVE-2022-29244) - Update to LTS version 16.15.0 * Add experimental support to the fetch API. This adds the `--experimental-fetch` flag that installs the fetch, Request, Response, Headers, and FormData globals. * Broken x32 support is removed * crypto: Add KeyObject.prototype.equals method * esm: support https remotely and http locally under flag * module: unflag esm jso - rebased: nodejs-libpath.patch, npm_search_paths.patch, versioned.patch ------------------------------------------------------------------- Wed Apr 13 12:55:22 UTC 2022 - Adam Majer <adam.majer@suse.de> - update to LTS release 16.14.2: * deps: upgrade openssl sources to OpenSSL_1_1_1n - fix_ci_tests.patch: refreshed ------------------------------------------------------------------- Wed Mar 16 11:01:02 UTC 2022 - Adam Majer <adam.majer@suse.de> - update to LTS release 16.14.1: * deps: upgrade npm to 8.5.0 * http2: fix memory leak on nghttp2 hd threshold - 42342.patch: upstreamed, dropped - versioned.patch: refreshed ------------------------------------------------------------------- Tue Mar 15 13:29:20 UTC 2022 - Adam Majer <adam.majer@suse.de> - 42342.patch: fix expired certificates in unit tests ------------------------------------------------------------------- Thu Feb 17 12:31:36 UTC 2022 - Adam Majer <adam.majer@suse.de> - update to LTS release 16.14.0: * deps: upgrade npm to 8.1.4 * child_process: add support for URL to cp.fork * fs: accept URL as argument for fs.rm and fs.rmSync * lib: + make AbortSignal cloneable/transferable + add AbortSignal.timeout + add reason to AbortSignal + add unsubscribe method to non-active DC channels * process: add getActiveResourcesInfo() * src: + add x509.fingerprint512 to crypto module + add flags for controlling process behavior * stream: + add map and filter methods to readable + deprecate thenable support * timers: add experimental scheduler api * util: + add numericSeparator to util.inspect + always visualize cause property in errors during inspection + pass through the inspect function to custom inspect functions npm_search_paths.patch, versioned.patch: refreshed ------------------------------------------------------------------- Fri Jan 28 16:09:53 UTC 2022 - Adam Majer <adam.majer@suse.de> - Add buildtime version check to determine if we need patched openssl Requires: or already in upstream. (bsc#1192489) ------------------------------------------------------------------- Tue Jan 18 08:29:18 UTC 2022 - Adam Majer <adam.majer@suse.de> - rsa-pss-revert.patch: dropped, since openssl updated with needed functionality ------------------------------------------------------------------- Tue Jan 11 18:48:04 UTC 2022 - Adam Majer <adam.majer@suse.de> - update to 16.13.2: Security update fixing the following issues: * Improper handling of URI Subject Alternative Names (Medium) (CVE-2021-44531, bsc#1194511) * Certificate Verification Bypass via String Injection (Medium) (CVE-2021-44532, bsc#1194512) * Incorrect handling of certificate subject and issuer fields (Medium) (CVE-2021-44533, bsc#1194513) * Prototype pollution via console.table properties (Low) (CVE-2022-21824, bsc#1194514) ------------------------------------------------------------------- Wed Jan 5 20:50:19 UTC 2022 - Adam Majer <adam.majer@suse.de> - fix_ci_tests.patch: fix tests on s390x ------------------------------------------------------------------- Tue Jan 4 12:17:19 UTC 2022 - Adam Majer <adam.majer@suse.de> - rsa-pss-revert.patch: temporarily revert functionality requiring newer openssl ------------------------------------------------------------------- Tue Dec 7 16:42:18 UTC 2021 - Adam Majer <adam.majer@suse.de> - Update to 16.13.1: * deps: upgrade npm to 8.1.2 * lib: fix regular expression to detect `/` and `\` - 40670.patch: upstreamed - fix_ci_tests.patch: refreshed ------------------------------------------------------------------- Thu Nov 25 12:21:25 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org> - Fix CXXFLAGS in Tumbleweed - boo#1192824 ------------------------------------------------------------------- Tue Nov 9 10:43:16 UTC 2021 - Adam Majer <adam.majer@suse.de> - BR python 3.6+ ------------------------------------------------------------------- Sat Nov 6 14:13:02 UTC 2021 - Adam Majer <adam.majer@suse.de> - Update to 16.13.0: * Experimental ESM Loader Hooks API https://github.com/nodejs/node/pull/37468 * deps: upgrade npm to 8.1.0 (npm team) * vm: add support for import assertions in dynamic imports - Changes in 16.11.1: * deps: update llhttp to 6.0.4 - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960) - Changes in 16.11.0: * deps: update nghttp2 to v1.45.1 - Changes in 16.10.0: * crypto: add rsa-pss keygen parameters * fs: make open and close stream override optional when unused * http: limit requests per connection The maximum number of requests a socket can handle before closing keep alive connection can be set with server.maxRequestsPerSocket. * src: add --no-global-search-paths cli option * stream: add signal support to pipeline generators - Changes in 16.9.0: * Added support for corepack * crypto: add RSA-PSS params to asymmetricKeyDetails * module: support pattern trailers * stream: add stream.compose - Changes in 16.8.0: * doc: deprecate type coercion for dns.lookup options * stream: add stream.Duplex.from utility and isDisturbed helper * util: expose toUSVString - Changes in 16.7.0: * fs: experimental: add recursive cp method - refreshed: fix_ci_tests.patch, flaky_test_rerun.patch, nodejs-libpath.patch, sle12_python3_compat.patch, versioned.patch, node_modules.tar.xz ------------------------------------------------------------------- Tue Nov 2 14:40:41 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org> - Add 40670.patch: test: fix test-datetime-change-notify after daylight change. ------------------------------------------------------------------- Fri Oct 15 19:57:42 UTC 2021 - Bernhard Voelker <mail@bernhard-voelker.de> - test-skip-y2038-on-32bit-time_t.patch: Add patch to skip the test 'test/parallel/test-fs-utimes-y2K38.js' which fails with a FP on platforms with 32-bit time_t. - nodejs16.spec: Reference it. ------------------------------------------------------------------- Thu Aug 12 13:51:48 UTC 2021 - Adam Majer <adam.majer@suse.de> - Update to 16.6.2: * CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (bsc#1189370, bsc#1188881) * CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) * CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) * deps: upgrade npm to 7.20.3 * deps: revert ABI-breaking change from V8 9.2 * module: fix ERR_REQUIRE_ESM error for null frames - cares_public_headers.patch: don't use private headers ------------------------------------------------------------------- Mon Aug 2 13:02:58 UTC 2021 - Adam Majer <adam.majer@suse.de> - Update to 16.6.0: http2: fixes use after free on close http2 on stream canceling (bsc#1188917, CVE-2021-22930) ------------------------------------------------------------------- Thu Jul 22 12:18:32 UTC 2021 - Adam Majer <adam.majer@suse.de> - legacy_python.patch: fix building with python 3.4 in SLE-12 ------------------------------------------------------------------- Wed Jul 21 21:57:54 UTC 2021 - Adam Majer <adam.majer@suse.de> - Update to 16.5.0: * deps: upgrade npm to 7.19.1 * fs: allow empty string for temp directory prefix * Node.js now exposes an experimental implementation of the Web Streams API ------------------------------------------------------------------- Fri Jul 2 15:17:09 UTC 2021 - Adam Majer <adam.majer@suse.de> - Update to 16.4.1: deps: libuv upgrade - Out of bounds read (Medium) (bsc#1187973, CVE-2021-22918) ------------------------------------------------------------------- Thu Jul 1 13:34:05 UTC 2021 - Adam Majer <adam.majer@suse.de> - node-gyp_7.1.2.tar.xz: for SLE-12, use latest node-gyp that is compatible with python 3.4 ------------------------------------------------------------------- Wed Jun 23 12:57:04 UTC 2021 - Adam Majer <adam.majer@suse.de> - Update to 16.4.0: * async_hooks: stabilize part of AsyncLocalStorage * deps: + upgrade npm to 7.18.1 + update V8 to 9.1.269.36 * dns: allow --dns-result-order to change default dns verbatim ------------------------------------------------------------------- Mon Jun 21 05:01:32 UTC 2021 - Andreas Schneider <asn@cryptomilk.org> - Allow building for Fedora in the OBS ------------------------------------------------------------------- Fri Jun 4 20:59:13 UTC 2021 - Dirk Müller <dmueller@suse.com> - update to 16.3.0: * add -C alias for --conditions flag * add workspaces support to npm install commands ------------------------------------------------------------------- Mon May 31 16:27:44 UTC 2021 - Adam Majer <adam.majer@suse.de> - Use libalternatives instead of update-alternatives ------------------------------------------------------------------- Thu May 20 14:56:23 UTC 2021 - Adam Majer <adam.majer@suse.de> - New upstream version 16.2.0: * async_hooks: use new v8::Context PromiseHook API * deps: npm updated to 7.13.0 * lib: support setting process.env.TZ on windows * module: add support for URL to import.meta.resolve * process: add 'worker' event * util: add util.types.isKeyObject and util.types.isCryptoKey ------------------------------------------------------------------- Wed May 5 11:21:13 UTC 2021 - Adam Majer <adam.majer@suse.de> - New upstream version 16.1.0 fs: allow no-params fsPromises fileHandle read ------------------------------------------------------------------- Tue May 4 12:00:35 UTC 2021 - Adam Majer <adam.majer@suse.de> - New upstrean version 16.0.0: For complete list of changes since 15.x, please see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.0.0 ------------------------------------------------------------------- Wed Mar 17 12:05:50 UTC 2021 - Adam Majer <adam.majer@suse.de> - Import staging 16.x
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor