SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for npm6-6.14.4-100.1.x86_64.rpm :
Mon Aug 20 14:00:00 2018 adam.majerAATTsuse.de
- New upstream LTS release 6.14.4:

* buffer: Fix out-of-bounds (OOB) write in Buffer.write() for
UCS-2 encoding (CVE-2018-12115, bsc#1105019)

* deps: Upgrade to OpenSSL 1.0.2p, fixing:
+ Client DoS due to large DH parameter
(CVE-2018-0732, bsc#1097158)
+ ECDSA key extraction via local side-channel

Sun Jul 29 14:00:00 2018 jengelhAATTinai.de
- Ensure neutrality of description.
- Use %make_install.

Fri Jun 15 14:00:00 2018 adam.majerAATTsuse.de
- Recommend same major version npm package (bsc#1097748)

Thu Jun 14 14:00:00 2018 adam.majerAATTsuse.de
- New upstream LTS release 6.14.3:

* buffer: Fixes Denial of Service vulnerability where calling
Buffer.fill() could hang (CVE-2018-7167, bsc#1097375)

Thu May 24 14:00:00 2018 adam.majerAATTsuse.de
- env_shebang.patch: use absolute paths in executable shebang lines
- versioned.patch: updated to move shebang modifications to above
patch.

Fri May 11 14:00:00 2018 adam.majerAATTsuse.de
- New upstream LTS release 6.14.2:

* n-api: n-api has been backported to v6.x.
- icu_61_namespacefix.patch: Fix building with ICU61.1 (bsc#1091764)
- versioned.patch: rebased

Thu Apr 5 14:00:00 2018 adam.majerAATTsuse.de
- Install license with %license, not %doc (bsc#1082318)

Wed Apr 4 14:00:00 2018 adam.majerAATTsuse.de
- Fix some node-gyp permissions

Tue Apr 3 14:00:00 2018 adam.majerAATTsuse.de
- New upstream LTS release 6.14.1:

* Security fixes:
+ Fix for inspector DNS rebinding vulnerability
(bsc#1087463, CVE-2018-7160)
+ Fix for \'path\' module regular expression denial of service
(bsc#1087459, CVE-2018-7158)
+ Reject spaces in HTTP Content-Length header values
(bsc#1087453, CVE-2018-7159)

* Upgrade to OpenSSL 1.0.2o

* deps: upgrade http-parser to v2.8.0

Thu Mar 22 13:00:00 2018 adam.majerAATTsuse.de
- New upstream LTS release 6.13.1:

* http,tls: better support for IPv6 addresses

* console: added console.count() and console.clear()

* crypto:
+ expose ECDH class
+ added cypto.randomFill() and crypto.randomFillSync()
+ warn on invalid authentication tag length

* deps: upgrade libuv to 1.16.1

* dgram: added socket.setMulticastInterface()

* http: add agent.keepSocketAlive and agent.reuseSocket as to
allow overridable keep-alive behavior of Agent

* lib: return this from net.Socket.end()

* module: add builtinModules api that provides list of all
builtin modules in Node

* net: return this from getConnections()

* promises: more robust stringification for unhandled rejections

* repl: improve require() autocompletion

* src:
+ add openssl-system-ca-path configure option
+ add --use-bundled-ca --use-openssl-ca check
+ add process.ppid

* tls: accept lookup option for tls.connect()

* tools,build: a new macOS installer!

* url: WHATWG URL api support

* util: add %i and %f formatting specifiers
- remove any old manpage files in %pre from before update-alternatives
were used to manage symlinks to these manpages.

Tue Feb 13 13:00:00 2018 adam.majerAATTsuse.de
- Add Recommends and BuildRequire on python2 for npm. node-gyp
requires this old version of python for now. This is only needed
for binary modules.

Tue Jan 30 13:00:00 2018 roAATTsuse.de
- even on recent codestreams there is no binutils gold on s390
only on s390x

Tue Jan 9 13:00:00 2018 adam.majerAATTsuse.de
- New upstream LTS release 6.12.3:

* v8: profiler-related fixes

* mostly documentation and test related changes
- nodejs-sle11-python26-check_output.patch: refreshed

Fri Dec 22 13:00:00 2017 adam.majerAATTsuse.de
- Enable CI tests in %check target
+ fix_ci_tests.patch:
- DNS queries in buildroots are failing with EAI_AGAIN
- disable test-module-loading-globalpaths.js - we have
hardcoded global paths
+ versioned.patch: call versioned node binary for tests

Thu Dec 14 13:00:00 2017 adam.majerAATTsuse.de
- Dropped 8334.diff - no longer needed

Sat Dec 9 13:00:00 2017 qantas94heavyAATTgmail.com
- New upstream LTS release 6.12.2:

* deps/openssl: updated to 1.0.2n (only applies to SLE 12 SP1
and lower) (bsc#1072322)
[ CVE-2017-3738 CVE-2017-15896 ]
- Changes in 6.12.1:

* build: fix npm install with --shared
[ gh#nodejs/node#16438 ]

* build: building on systems with default Python 3 is now
supported
[ gh#nodejs/node#16058 ]

* src: v8 options can be specified with either \'_\' or \'-\' in
NODE_OPTIONS
[ gh#nodejs/node#14093 ]
- Remove unnecessary curl BuildRequires
- Enable gold linker on s390x (TW and SLE/Leap 15)
- Build with bundled ICU if system ICU not available (only applies
to SLE 11)

Wed Nov 29 13:00:00 2017 qantas94heavyAATTgmail.com
- Change BuildRequires from openssl-devel to libopenssl-1_0_0-devel
due to Tumbleweed/Leap 15 change to OpenSSL 1.1.0 as default

Thu Nov 16 13:00:00 2017 adam.majerAATTsuse.de
- Update nodejs.keyring based on current Release Team as found on
https://github.com/nodejs/node#release-team

Mon Nov 13 13:00:00 2017 adam.majerAATTsuse.de
- Fix permissions of node-gyp. This should be executable to allow
building of binary node modules.

Mon Nov 13 13:00:00 2017 adam.majerAATTsuse.de
- New upstream LTS release 6.12.0:

* assert: assert.fail() can now take one or two arguments

* crypto: add sign/verify support for RSASSA-PSS

* deps:
+ upgrade openssl sources to 1.0.2m
[OpenSSL Security Advisory (bsc#1066242, bsc#1056058)
CVE-2017-3735 CVE-2017-3736]
+ upgrade libuv to 1.15.0

* fs: Add support for fs.write/fs.writeSync(fd, buffer, cb) and
fs.write/fs.writeSync(fd, buffer, offset, cb) as documented

* inspector: enable --inspect-brk

* process: add --redirect-warnings command line argument

* src:
+ allow CLI args in env with NODE_OPTIONS
+ --abort-on-uncaught-exception in NODE_OPTIONS
+ allow --tls-cipher-list in NODE_OPTIONS
+ use SafeGetenv() for NODE_REDIRECT_WARNINGS

* test: remove common.fail()
- 0f3e69db.patch, icu59.patch: removed empty patches
- nodejs-libpath.patch: refreshed

Wed Oct 25 14:00:00 2017 qantas94heavyAATTgmail.com
- New upstream LTS release 6.11.5:

* zlib: (CVE-2017-14919: only affects TW) In zlib v1.2.9, a
change was made that causes an exception to be thrown when a
raw deflate stream is initialized with windowBits set to 8.
Node.js will now gracefully set windowBits to 9 (replicating
the legacy behavior) to avoid a DOS vector.

Thu Oct 19 14:00:00 2017 adam.majerAATTsuse.de
- Replace {{node_version_major}} with RPM define %node_version_number
for simpler spec file review.
- Make sure npm program remains executable

Wed Oct 4 14:00:00 2017 adam.majerAATTsuse.de
- New upstream LTS release 6.11.4:

* net: support passing undefined to listen() to match behavior in
v4.x and v8.x

Mon Sep 11 14:00:00 2017 qantas94heavyAATTgmail.com
- New upstream LTS release 6.11.3:

* deps: Snapshots are turned back on!!! (#14385)

* path: win32 volume-relative paths are working again! (#14440)

* tools: v6.x can now build with ICU 59 (#12078)
- Drop icu59.patch: merged upstream.
- Refresh versioned.patch

Thu Aug 17 14:00:00 2017 qantas94heavyAATTgmail.com
- New upstream LTS release 6.11.2

* configure: add mips64el to valid_arch (#13620)

* crypto: updated root certificates based on NSS 3.30
(#13279, #12402)

* deps: upgrade OpenSSL to version 1.0.2.l (#12913)

* http:
+ parse errors are now reported when NODE_DEBUG=http (#13206)
+ Agent constructor can now be invoked without new (#12927)

* zlib: node will now throw an Error when zlib rejects the value
of windowBits, instead of crashing (#13098)
- Drop 0f3e69db.patch: fixed upstream

Wed Aug 2 14:00:00 2017 adam.majerAATTsuse.de
- Fix update-alternative handling in %postun - don\'t remove
links on upgrades.

Wed Jul 12 14:00:00 2017 adam.majerAATTsuse.de
- New upstream LTS release 6.11.1

* v8: disable V8 snapshots. The hashseed embedded in the snapshot
is currently the same for all runs of the binary. This opens
node up to collision attacks which could result in a Denial
of Service. We have temporarily disabled snapshots until a more
robust solution is found. (bnc#1048299, CVE-2017-11499)

* The c-ares function ares_parse_naptr_reply(), which is used for
parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response
packet was crafted in a particular way.
(CVE-2017-1000381, bnc#1044946)

Fri Jul 7 14:00:00 2017 adam.majerAATTsuse.de
- Depend on nodejs-common that is then used to pick correctly
versioned node or npm binary. This is required since 3rd party
modules use `/usr/bin/env node` which breaks if multiple versions
of NodeJS are installed at the same time and non-default version
is used (for example, to compile a native module)

Thu Jul 6 14:00:00 2017 adam.majerAATTsuse.de
- npm_search_paths.patch: Since concurrent installations are now
possible, node manual pages are moved once again back under npm
searcheable locations only.
- versioned.patch: All files are now under versioned directoies
and names. node and npm symlinks are now managed by
update-alternatives
- node-gyp-addon-gypi.patch: Reference versioned directories only

Tue Jun 13 14:00:00 2017 adam.majerAATTsuse.de
- New upstream LTS release 6.11.0

* added support for building mips64el

* cluster:
+ disconnect() now returns a reference to the disconnected
worker.

* crypto:
+ ability to select cert store at runtime
+ Use system CAs instead of using bundled ones
(obsoletes 8334.diff)
+ The Decipher methods setAuthTag() and setAAD now return this
+ adding support for OPENSSL_CONF again
+ make LazyTransform compabile with Streams1

* deps:
+ upgrade libuv to 1.11.0

* dns:
+ Implemented {ttl: true} for resolve4() and resolve6().

* process:
+ add NODE_NO_WARNINGS environment variable

* readline:
+ add option to stop duplicates in history

* src:
+ support \"--\" after \"-e\" as end-of-options

* tls:
+ new tls.TLSSocket() supports sec ctx options
+ Allow obvious key/passphrase combinations.
- Fix typo in node-gyp-addon-gypi.patch patch
- Refresh icu59.patch

Tue May 30 14:00:00 2017 adam.majerAATTsuse.de
- 0f3e69db.patch, icu59.patch: backported GCC 7 compilation fixes
for v8 backported and add missing ICU59 includes (bnc#1041282)

Tue May 23 14:00:00 2017 adam.majerAATTsuse.de
- New upstream LTS release 6.10.3

* b8:
+ Trigger OOM crash on memory allcation errors
+ Don\'t treat catch scopes as possibly-shadowing for sloppy eval

* lib: fix event race condition with -e

* src: fix base64 decoding in rare edgecase

* tls:
+ fix segfault on destroy after partial read
+ keep track of stream that is closed
+ fix macro to check NPN feature
- nodejs-libpath.patch: updated

Wed Apr 5 14:00:00 2017 qantas94heavyAATTgmail.com
- New upstream LTS release 6.10.2

* crypto: fix memory leak if certificate is revoked (#12089)

* deps: backport V8 fixes for spread syntax regression
causing segfaults (#12037)
- Changes not applicable to openSUSE in 6.10.2:

* deps: upgrade zlib to 1.2.11 (#10980)

* repl: revert commit that broke REPL display on Windows (#12123)
- Changes in LTS release 6.10.1

* performance: The performance of several APIs has been improved.
+ Buffer.compare() is up to 35% faster on average.
+ buffer.toJSON() is up to 2859% faster on average.
+ fs.
*statSync() functions are now up to 9% faster on average.
+ os.loadavg is up to 151% faster.
+ process.memoryUsage() is up to 34% faster.
+ querystring.unescape() for Buffers is 15% faster on average.
+ querystring.stringify() is up to 7.8% faster on average.
+ querystring.parse() is up to 21% faster on average.

* IPC: Batched writes have been enabled for process IPC on
platforms that support Unix Domain Sockets. Performance gains
may be up to 40% for some workloads.

* child_process: spawnSync now returns a null status when child
is terminated by a signal. This fixes the behavior to act like
spawn() does.

* http: Control characters are now always rejected when using
http.request(). Debug messages have been added for cases when
headers contain invalid values.

* node: Heap statistics now support values larger than 4GB.

* timers: Timer callbacks now always maintain order when
interacting with domain error handling.

Sun Feb 26 13:00:00 2017 qantas94heavyAATTgmail.com
- New upstream LTS release 6.10.0

* crypto: allow adding extra certs to well-known CAs

* deps: upgrade INTL ICU to version 58

* fs: cache non-symlinks in realpathSync

* process: add process.memoryUsage().external

* repl: allow autocompletion for scoped packages

* src: add wrapper for process.emitWarning()
- Modify 8334.diff:

* Remove merged reference counting code (#9409)

* Bring patch in line with upstream changes (#8334)

Fri Feb 3 13:00:00 2017 adam.majerAATTsuse.de
- New upstream LTS release 6.9.5

* deps: upgrade openssl sources to 1.0.2k
(CVE-2017-3731, CVE-2017-3732, CVE-2016-7055,
bnc#1022085, bnc#1022086, bnc#1009528)
- No changes in LTS release 6.9.4
- Adjusted 8334.diff to be inline with accepted changes

Fri Jan 6 13:00:00 2017 qantas94heavyAATTgmail.com
- Add basic check that Node.js loads successfully to spec file

Wed Jan 4 13:00:00 2017 qantas94heavyAATTgmail.com
- New upstream LTS release 6.9.3

* build: shared library support is now working for AIX builds

* deps/npm: upgrade npm to 3.10.10

* deps/V8: destructuring of arrow function arguments via computed
property no longer throws

* inspector: /json/version returns object, not an object wrapped
in an array

* module: using --debug-brk and --eval together now works
as expected

* process: improve performance of nextTick up to 20%

* repl: the division operator will no longer be accidentally
parsed as regex

* repl: improved support for generator functions

* timers: recanceling a cancelled timers will no longer throw

Fri Dec 9 13:00:00 2016 qantas94heavyAATTgmail.com
- New upstream LTS version 6.9.2

* buffer: coerce slice parameters consistently

* deps/npm: upgrade npm to 3.10.9

* deps/V8: Various fixes to destructuring edge cases
+ cherry-pick 3c39bac from V8 upstream
+ cherry pick 7166503 from upstream v8

* gtest: the test reporter now outputs tap comments as yamlish

* inspector: inspector now prompts user to use 127.0.0.1 rather
than localhost

* tls: fix memory leak when writing data to TLSWrap instance
during handshake
- Modify 8334.diff:

* ported and updated system CA store for the new node crypto code

Wed Nov 23 13:00:00 2016 adam.majerAATTsuse.de
- Add missing conflicts to base package. It\'s not possible to have
concurrent nodejs installations.

Fri Nov 18 13:00:00 2016 adam.majerAATTsuse.de
- Package unification across various branches of NodeJS. Package
for 4.x, 6.x and current (7.x) branches of NodeJS are now
handled via GitHub repository.
- NodeJS 6.x LTS package, based on NodeJS 4.x LTS layout. All
NodeJS packages are interchangeable. (FATE #321373)

Mon Nov 7 13:00:00 2016 adam.majerAATTsuse.de
- Add versioned dependencies for unbundling of c-ares and icu
libraries
- SLE12 can have unbundled libicu

Wed Nov 2 13:00:00 2016 qantas94heavyAATTgmail.com
- Fork package devel:languages:nodejs/nodejs
- Remove support-arm64-build.patch (not necessary for aarch64 build)
- Use system library versions of c-ares and ICU where supported
- Remove /usr/{lib,lib64}/node_modules from global module paths

* This is deprecated behaviour that was caused by an incorrect patch
in devel:languages:nodejs/nodejs almost 6 months ago (boo#985350)
- Modify nodejs-libpath.patch

* Move /usr/lib64/node_modules to %{_libexecpath} as npm isn\'t
architecture dependent (only npm itself is stored there)
- Remove nodejs-libpath64.patch
- Use separate .sig file instead of .asc file for source verification
- Use exec instead of xargs to remove files in install script


  
ICM