Package Release Info

nodejs8-8.11.4-2.1

Update Info: openSUSE-2018-1435
Available in Package Hub : 12 SP2-SP5

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

nodejs8
nodejs8-devel
nodejs8-docs
npm8

Change Logs

* Thu Aug 23 2018 adam.majer@suse.de
- fix_ci_tests.patch: Fix parallel/test-tls-passphrase.js test to
  continue to function with older versions of OpenSSL library.
* Mon Aug 20 2018 adam.majer@suse.de
- New upstream LTS release 8.11.4:
  * buffer: Fix out-of-bounds (OOB) write in Buffer.write() for
    UCS-2 encoding (CVE-2018-12115, bsc#1105019)
  * deps: Upgrade to OpenSSL 1.0.2p, fixing:
    + Client DoS due to large DH parameter
    (CVE-2018-0732, bsc#1097158)
    + ECDSA key extraction via local side-channel
* Sun Jul 29 2018 jengelh@inai.de
- Ensure neutrality of description.
- Use %make_install.
* Fri Jun 15 2018 adam.majer@suse.de
- Recommend same major version npm package (bsc#1097748)
* Wed Jun 13 2018 adam.majer@suse.de
- New upstream LTS release 8.11.3:
  * buffer: Fixes Denial of Service vulnerability where calling
    Buffer.fill() could hang (CVE-2018-7167, bsc#1097375)
  * http2:
    + Fixes Denial of Service vulnerability by updating the http2
    implementation to not crash under certain circumstances
    during cleanup (CVE-2018-7161, bsc#1097404)
    + Unbundled nghttp2 to fix Denial of Service vulnerability
    (CVE-2018-1000168, bsc#1097401)
* Thu May 24 2018 adam.majer@suse.de
- env_shebang.patch: use absolute paths in executable shebang lines
- versioned.patch: updated to move shebang modifications to above
  patch.
* Wed May 23 2018 adam.majer@suse.de
- use gcc7 for SLE12
- manual_configure.patch: configure nghttp2 correctly
* Wed May 16 2018 adam.majer@suse.de
- New upstream LTS release 8.11.2:
  * deps:
    + update node-inspect to 1.11.3
    + update nghttp2 to 1.29.0
  * http2: Sync with current release stream
  * n-api: Sync with current release stream
- versioned.patch: rebased
* Fri May 11 2018 adam.majer@suse.de
- icu_61_namespacefix.patch: Fix building with ICU61.1 (bsc#1091764)
* Thu Apr 05 2018 adam.majer@suse.de
- Install license with %license, not %doc (bsc#1082318)
* Wed Apr 04 2018 adam.majer@suse.de
- Fix some node-gyp permissions
* Tue Apr 03 2018 adam.majer@suse.de
- New upstream LTS release 8.11.1:
  * Security fixes:
    + Fix for inspector DNS rebinding vulnerability
    (bsc#1087463, CVE-2018-7160)
    + Fix for 'path' module regular expression denial of service
    (bsc#1087459, CVE-2018-7158)
    + Reject spaces in HTTP Content-Length header values
    (bsc#1087453, CVE-2018-7159)
  * deps: upgrade http-parser to v2.8.0
* Thu Mar 22 2018 adam.majer@suse.de
- New upstream LTS release 8.10.0:
  * deps:
    + update V8 to 6.2.414.46
    + revert ABI breaking changes in V8 6.2
    + upgrade libuv to 1.19.1
    + re land npm 5.6.0
  * crypto:
    + Support both OpenSSL 1.1.0 and 1.0.2. This allows us to drop
    openssl11.patch
    + warn on invalid authentication tag length
  * async_hooks:
    + update defaultTriggerAsyncIdScope for perf
    + use typed array stack as fast path
    + use scope for defaultTriggerAsyncId
    + separate missing from default context
    + deprecate undocumented API
  * n-api: add helper for addons to get the event loop
  * cli: add --stack-trace-limit to NODE_OPTIONS
  * console: add support for console.debug
  * module:
    + add builtinModules
    + replace default paths in require.resolve()
  * src: add process.ppid
  * http:
    + support generic Duplex streams
    + add rawPacket in err of clientError event
    + better support for IPv6 addresses
  * tls: unconsume stream on destroy
  * process: improve unhandled rejection message
  * stream: remove usage of *State.highWaterMark
  * trace_events: add executionAsyncId to init events
- remove any old manpage files in %pre from before update-alternatives
  were used to manage symlinks to these manpages.
- versioned.patch: refreshed
* Tue Feb 13 2018 adam.majer@suse.de
- Add Recommends and BuildRequire on python2 for npm. node-gyp
  requires this old version of python for now. This is only needed
  for binary modules.
* Wed Feb 07 2018 adam.majer@suse.de
- Fix specfile typo
- Use gcc7 on Leap 42.3
* Tue Jan 30 2018 ro@suse.de
- even on recent codestreams there is no binutils gold on s390
  only on s390x
* Tue Jan 09 2018 adam.majer@suse.de
- New upstream LTS release 8.9.4:
  * deps: update npm to 5.6.0
  * for complete changeset see
    https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V8.md#8.9.4
- versioned.patch: refreshed
- nodejs-sle11-python26-check_output.patch: refreshed
* Fri Dec 22 2017 adam.majer@suse.de
- Enable CI tests in %check target
  + fix_ci_tests.patch:
  - DNS queries in buildroots are failing with EAI_AGAIN
  - disable test-module-loading-globalpaths.js - we have
    hardcoded global paths
  + versioned.patch: call versioned node binary for tests
  + openssl11.patch: fix OpenSSL 1.1 backport so all SSL tests pass
    instead of crashing in some situations.
- node-gyp-addon-gypi.patch: fix typo allowing unit tests to compile
* Thu Dec 14 2017 adam.majer@suse.de
- openssl11.patch: backport support for OpenSSL 1.1 (bnc#1066953)
- Dropped 8334.diff - no longer needed
* Sat Dec 09 2017 qantas94heavy@gmail.com
- New upstream LTS release 8.9.3:
  * buffer: buffers allocated with an invalid content will now be
    zero filled
    [ CVE-2017-15897, bnc#1072320 ]
  * deps/openssl: updated to 1.0.2n (bsc#1072322)
    [ CVE-2017-3738 CVE-2017-15896 ]
- Changes in 8.9.2:
  * console: avoid adding infinite error listeners
  * http2: improve errors thrown in header validation
- Remove unnecessary curl BuildRequires
- Enable gold linker on s390x (TW and SLE/Leap 15)
- Build with bundled ICU if system ICU not available (only applies
  to SLE 11/12 and Leap 42.x)