* Thu Aug 23 2018 adam.majer@suse.de
- fix_ci_tests.patch: Fix parallel/test-tls-passphrase.js test to
continue to function with older versions of OpenSSL library.
* Mon Aug 20 2018 adam.majer@suse.de
- New upstream LTS release 8.11.4:
* buffer: Fix out-of-bounds (OOB) write in Buffer.write() for
UCS-2 encoding (CVE-2018-12115, bsc#1105019)
* deps: Upgrade to OpenSSL 1.0.2p, fixing:
+ Client DoS due to large DH parameter
(CVE-2018-0732, bsc#1097158)
+ ECDSA key extraction via local side-channel
* Sun Jul 29 2018 jengelh@inai.de
- Ensure neutrality of description.
- Use %make_install.
* Fri Jun 15 2018 adam.majer@suse.de
- Recommend same major version npm package (bsc#1097748)
* Wed Jun 13 2018 adam.majer@suse.de
- New upstream LTS release 8.11.3:
* buffer: Fixes Denial of Service vulnerability where calling
Buffer.fill() could hang (CVE-2018-7167, bsc#1097375)
* http2:
+ Fixes Denial of Service vulnerability by updating the http2
implementation to not crash under certain circumstances
during cleanup (CVE-2018-7161, bsc#1097404)
+ Unbundled nghttp2 to fix Denial of Service vulnerability
(CVE-2018-1000168, bsc#1097401)
* Thu May 24 2018 adam.majer@suse.de
- env_shebang.patch: use absolute paths in executable shebang lines
- versioned.patch: updated to move shebang modifications to above
patch.
* Wed May 23 2018 adam.majer@suse.de
- use gcc7 for SLE12
- manual_configure.patch: configure nghttp2 correctly
* Wed May 16 2018 adam.majer@suse.de
- New upstream LTS release 8.11.2:
* deps:
+ update node-inspect to 1.11.3
+ update nghttp2 to 1.29.0
* http2: Sync with current release stream
* n-api: Sync with current release stream
- versioned.patch: rebased
* Fri May 11 2018 adam.majer@suse.de
- icu_61_namespacefix.patch: Fix building with ICU61.1 (bsc#1091764)
* Thu Apr 05 2018 adam.majer@suse.de
- Install license with %license, not %doc (bsc#1082318)
* Wed Apr 04 2018 adam.majer@suse.de
- Fix some node-gyp permissions
* Tue Apr 03 2018 adam.majer@suse.de
- New upstream LTS release 8.11.1:
* Security fixes:
+ Fix for inspector DNS rebinding vulnerability
(bsc#1087463, CVE-2018-7160)
+ Fix for 'path' module regular expression denial of service
(bsc#1087459, CVE-2018-7158)
+ Reject spaces in HTTP Content-Length header values
(bsc#1087453, CVE-2018-7159)
* deps: upgrade http-parser to v2.8.0
* Thu Mar 22 2018 adam.majer@suse.de
- New upstream LTS release 8.10.0:
* deps:
+ update V8 to 6.2.414.46
+ revert ABI breaking changes in V8 6.2
+ upgrade libuv to 1.19.1
+ re land npm 5.6.0
* crypto:
+ Support both OpenSSL 1.1.0 and 1.0.2. This allows us to drop
openssl11.patch
+ warn on invalid authentication tag length
* async_hooks:
+ update defaultTriggerAsyncIdScope for perf
+ use typed array stack as fast path
+ use scope for defaultTriggerAsyncId
+ separate missing from default context
+ deprecate undocumented API
* n-api: add helper for addons to get the event loop
* cli: add --stack-trace-limit to NODE_OPTIONS
* console: add support for console.debug
* module:
+ add builtinModules
+ replace default paths in require.resolve()
* src: add process.ppid
* http:
+ support generic Duplex streams
+ add rawPacket in err of clientError event
+ better support for IPv6 addresses
* tls: unconsume stream on destroy
* process: improve unhandled rejection message
* stream: remove usage of *State.highWaterMark
* trace_events: add executionAsyncId to init events
- remove any old manpage files in %pre from before update-alternatives
were used to manage symlinks to these manpages.
- versioned.patch: refreshed
* Tue Feb 13 2018 adam.majer@suse.de
- Add Recommends and BuildRequire on python2 for npm. node-gyp
requires this old version of python for now. This is only needed
for binary modules.
* Wed Feb 07 2018 adam.majer@suse.de
- Fix specfile typo
- Use gcc7 on Leap 42.3
* Tue Jan 30 2018 ro@suse.de
- even on recent codestreams there is no binutils gold on s390
only on s390x
* Tue Jan 09 2018 adam.majer@suse.de
- New upstream LTS release 8.9.4:
* deps: update npm to 5.6.0
* for complete changeset see
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V8.md#8.9.4
- versioned.patch: refreshed
- nodejs-sle11-python26-check_output.patch: refreshed
* Fri Dec 22 2017 adam.majer@suse.de
- Enable CI tests in %check target
+ fix_ci_tests.patch:
- DNS queries in buildroots are failing with EAI_AGAIN
- disable test-module-loading-globalpaths.js - we have
hardcoded global paths
+ versioned.patch: call versioned node binary for tests
+ openssl11.patch: fix OpenSSL 1.1 backport so all SSL tests pass
instead of crashing in some situations.
- node-gyp-addon-gypi.patch: fix typo allowing unit tests to compile
* Thu Dec 14 2017 adam.majer@suse.de
- openssl11.patch: backport support for OpenSSL 1.1 (bnc#1066953)
- Dropped 8334.diff - no longer needed
* Sat Dec 09 2017 qantas94heavy@gmail.com
- New upstream LTS release 8.9.3:
* buffer: buffers allocated with an invalid content will now be
zero filled
[ CVE-2017-15897, bnc#1072320 ]
* deps/openssl: updated to 1.0.2n (bsc#1072322)
[ CVE-2017-3738 CVE-2017-15896 ]
- Changes in 8.9.2:
* console: avoid adding infinite error listeners
* http2: improve errors thrown in header validation
- Remove unnecessary curl BuildRequires
- Enable gold linker on s390x (TW and SLE/Leap 15)
- Build with bundled ICU if system ICU not available (only applies
to SLE 11/12 and Leap 42.x)