SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for nodejs4-devel-4.8.6-119.1.x86_64.rpm :

* Thu Nov 16 2017 adam.majerAATTsuse.de- Update nodejs.keyring based on current Release Team as found on https://github.com/nodejs/node#release-team
* Mon Nov 13 2017 adam.majerAATTsuse.de- Fix permissions of node-gyp. This should be executable to allow building of binary node modules.
* Mon Nov 13 2017 adam.majerAATTsuse.de- New upstream maintenance release 4.8.6:
* crypto: upgrade openssl sources to 1.0.2m [OpenSSL Security Advisory (bsc#1066242, bsc#1056058) CVE-2017-3735 CVE-2017-3736]
* deps: add support for more modern versions of INTL- 0f3e69db.patch: removed, upstreamed- icu59.patch: removed, upstreamed
* Wed Oct 25 2017 qantas94heavyAATTgmail.com- New upstream maintenance release 4.8.5:
* zlib: (CVE-2017-14919: only affects TW) In zlib v1.2.9, a change was made that causes an exception to be thrown when a raw deflate stream is initialized with windowBits set to 8. Node.js will now gracefully set windowBits to 9 (replicating the legacy behavior) to avoid a DOS vector.
* Thu Oct 19 2017 adam.majerAATTsuse.de- Replace {{node_version_major}} with RPM define %node_version_number for simpler spec file review.- Make sure npm program remains executable
* Wed Aug 02 2017 adam.majerAATTsuse.de- Fix update-alternative handling in %postun - don\'t remove links on upgrades.
* Wed Jul 12 2017 adam.majerAATTsuse.de- New LTS upstream version 4.8.4
* v8: disable V8 snapshots. The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (bnc#1048299, CVE-2017-11499).
* http: fixes http.get with numeric authorization options that created/used uninitialized buffers as the authentication string
* The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (CVE-2017-1000381, bnc#1044946)
* Fri Jul 07 2017 adam.majerAATTsuse.de- Depend on nodejs-common that is then used to pick correctly versioned node or npm binary. This is required since 3rd party modules use `/usr/bin/env node` which breaks if multiple versions of NodeJS are installed at the same time and non-default version is used (for example, to compile a native module)
* Thu Jul 06 2017 adam.majerAATTsuse.de- npm_search_paths.patch: Since concurrent installations are now possible, node manual pages are moved once again back under npm searcheable locations only.- versioned.patch: All files are now under versioned directoies and names. node and npm symlinks are now managed by update-alternatives- node-gyp-addon-gypi.patch: Reference versioned directories only
* Tue Jun 13 2017 adam.majerAATTsuse.de- Fix typo in node-gyp-addon-gypi.patch patch
* Tue May 30 2017 adam.majerAATTsuse.de- 0f3e69db.patch, icu59.patch: GCC 7 compilation fixes for v8 backported and add missing ICU59 headers (bnc#1041283)
* Tue May 23 2017 adam.majerAATTsuse.de- New upstream LTS release 4.8.3
* v8: trigger OOM crash if memory allocation fails
* src: fix base64 decoding in rare edgecase
* tls: + fix segfault on destroy after partial read + keep track of stream that is closed + TLSSocket emits \'error\' on handshake failure- nodejs-libpath.patch: updated
* Wed Apr 05 2017 qantas94heavyAATTgmail.com- New upstream maintenance release 4.8.2
* crypto: fix memory leak if certificate is revoked (#12089)- Changes not applicable to openSUSE in 4.8.2:
* deps: upgrade zlib to 1.2.11 (#10980)- Changes in LTS release 4.8.1
* buffer: The performance of .toJSON() is now up to 2859% faster on average.
* IPC: Batched writes have been enabled for process IPC on platforms that support Unix Domain Sockets. Performance gains may be up to 40% for some workloads.
* http: Control characters are now always rejected when using http.request().
* node: Heap statistics now support values larger than 4GB.- Modify 8334.diff:
* Bring patch in line with upstream changes (#8334)
* Sun Feb 26 2017 qantas94heavyAATTgmail.com- New upstream LTS release 4.8.0
* child_process: add shell option to spawn()
* crypto: add ALPN Support
* crypto: allow adding extra certs to well-known CAs
* deps/v8: expose statistics about heap spaces
* fs: add the fs.mkdtemp() function
* process: add process.memoryUsage().external
* process: add process.cpuUsage()- Modify 8334.diff:
* Remove merged reference counting code (#9409)
* Fri Feb 03 2017 adam.majerAATTsuse.de- New upstream LTS release 4.7.3
* deps: upgrade openssl sources to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bnc#1022085, bnc#1022086, bnc#1009528)- No changes in LTS version 4.7.2- Adjusted 8334.diff to be inline with accepted changes- Merge nodejs4.changes from SLE and devel project
* Fri Jan 06 2017 qantas94heavyAATTgmail.com- Add basic check that Node.js loads successfully to spec file
* Wed Jan 04 2017 qantas94heavyAATTgmail.com- New upstream LTS release 4.7.1
* build: shared library support is now working for AIX builds
* repl: passing options to the repl will no longer overwrite defaults
* timers: recanceling a cancelled timers will no longer throw
* Fri Dec 09 2016 qantas94heavyAATTgmail.com- New upstream LTS version 4.7.0
* build: introduce the configure --shared option for embedders
* debugger: make listen address configurable in debugger server
* dgram: generalized send queue to handle close, fixing a potential throw when dgram socket is closed in the listening event handler
* http: introduce the 451 status code \"Unavailable For Legal Reasons\"
* gtest: the test reporter now outputs tap comments as yamlish
* tls: introduce secureContext for tls.connect (useful for caching client certificates, key, and CA certificates)
* tls: fix memory leak when writing data to TLSWrap instance during handshake
* src: node no longer aborts when c-ares initialization fails- Modify 8334.diff:
* ported and updated system CA store for the new node crypto code- Refresh nodejs-libpath.patch
* Thu Dec 01 2016 qantas94heavyAATTgmail.com- New upstream LTS version 4.6.2
* build: + It is now possible to build the documentation from the release tarball.
* buffer: + Buffer.alloc() will no longer incorrectly return a zero filled buffer when an encoding is passed.
* deps: + Upgrade npm in LTS to 2.15.11.
* repl: + Enable tab completion for global properties.
* url: + url.format() will now encode all \"#\" in search.
* Wed Nov 23 2016 adam.majerAATTsuse.de- Add missing conflicts to base package. It\'s not possible to have concurrent nodejs installations.
* Fri Nov 18 2016 adam.majerAATTsuse.de- Package unification across various branches of NodeJS. Package for 4.x, 6.x and current (7.x) branches of NodeJS are now handled via GitHub repository.- remove support-arm64-build.patch: no longer required- remove nodejs-libpath64.patch: obsolete
* Tue Nov 08 2016 adam.majerAATTsuse.de- npm4 should provide versioned nodejs-npm and npm allowing nodejs-packaging to continue to function properly in Leap 42.2 (bnc #1009011)
* Wed Oct 19 2016 qantas94heavyAATTgmail.com- New upstream LTS version 4.6.1
* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180 more information at https://c-ares.haxx.se/adv_20160929.html (bnc #1007728)
* Tue Oct 04 2016 adam.majerAATTsuse.de- npm4 now provides nodejs-npm to ease upgrades for Leap
* Thu Sep 29 2016 adam.majerAATTsuse.de- enable usage of system certificate store on SLE11SP4 by requiring openssl1 (boo#1000036)- nodejs-libpath.patch:
* adapt patch from main nodejs project so it builds on SLE11- New upstream LTS version 4.6.0
* openssl update (not applicable for SLE12SP2, Leap 42.2 and later) + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules
* http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bnc#985201)
* tls: properly validate wildcard certificates (CVE-2016-7099, bnc#1001652)
* buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat()
* Fri Aug 26 2016 adam.majerAATTsuse.de- New upstream LTS version 4.5.0 (bnc#997405)
* buffer: + backport new buffer constructor APIs to v4.x + backport --zero-fill-buffers cli option + ignore negative allocation lengths
* build + add Intel Vtune profiling support
* repl + copying tabs shouldn\'t trigger completion
* src + add node::FreeEnvironment public API
* test + run v8 tests from node tree
* V8 + Add post mortem data to improve object inspection and function\'s context variables inspection
* upgrade libuv to 1.9.1
* upgrade npm to 2.15.9- 8334.diff
* use system CA store instead of one provided by Node- Refresh patches
* Wed Aug 10 2016 adam.majerAATTsuse.de- use system OpenSSL with Leap 42.2 and SLE12:SP2- simplify source code integrity check + use GPG service instead of explicit BR + add empty checksum so GPG service is run - it\'s not detached signature like it thinks it is.
* Mon Jul 04 2016 adam.majerAATTsuse.de- rename patches to have a .patch suffix, for consistancy- npm_search_paths.patch: Change defaultPrefix to /usr/local if it is detected to be /usr. This is in attempt to prevent globally installed npm-managed packages from installing into the zypper managed prefix.- refreshed patches support-arm64-build.patch- use upstream .xz instead of .gz tarball
* Fri Jul 01 2016 adam.majerAATTsuse.de- New upstream version 4.4.7
* debugger: + All properties of an array (aside from length) can now be printed in the repl
* Upgrade npm to 2.15.8 (Rebecca Turner)
* Fix for a bug that became more prevalent with the stream changes that landed in v4.4.5. (Anna Henningsen). \'reset awaitDrain after manual .resume()\'
* V8: + Fix for a bug in crankshaft that was causing crashes on arm64 (Myles Borins) + Add missing classes to postmortem info such as JSMap and JSSet (evan.lucas)- Add upstream release keyring- Verify upstream sources during %prep
* Mon Jun 27 2016 adam.majerAATTsuse.de- Use build flags to enable/disable gdb usage instead of configure script. Easier to find and change in future.- Fix paths, and have to fix lots of paths because they are all more or less hardcoded relative paths.- Renumber patches allowing upstream patches to be inserted before our own.
* Fri Jun 24 2016 adam.majerAATTsuse.de- New upstream version 4.4.6 + fix buffer overflow vulnerability discovered in v8 (CVE-2016-1669)
* Thu Jun 16 2016 adam.majerAATTsuse.de- Change detection of library paths from runtime to compile time. nodejs-libpath.patch, nodejs-libpath64.patch
* Wed Jun 15 2016 adam.majerAATTsuse.de- This package is in response to FATE#320396 and ECO#317945 and references bnc#958943 It\'s to be part of Web and Scripting Module- Use build conditional for intree_openssl- Fix permissions of some supplies javascript files - they are not executables- General cleanup of the package
* Wed Jun 15 2016 adam.majerAATTsuse.de- Tighten dependencies so we don\'t end up with mixed versions installed.
* Tue Jun 14 2016 adam.majerAATTsuse.de- Dedup manpages- Conflict with other providers of NodeJS packages. This is important if we want to provide NodeJS v6.x branch along with v4.x branch
* Mon Jun 06 2016 adam.majerAATTsuse.de- \'New\' package of 4.x LTS branch of NodeJS, based on v6.2.1 from Tumbleweed- Fix search paths to actually look where modules are installed
  
ICM