SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for nodejs20-devel-20.3.1-21.6.x86_64.rpm :

* Wed Jun 21 2023 Adam Majer - Update to version 20.3.1 (security fixes only). The following CVEs are fixed in this release:
* (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
* (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in Experimental Permission Model (High)
* (CVE-2023-30587, bsc#1212576): Bypass of Experimental Permission Model via Node.js Inspector (High)
* (CVE-2023-30582, bsc#1212577): Inadequate Permission Model Allows Unauthorized File Watching (Medium)
* (CVE-2023-30583, bsc#1212578): Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
* (CVE-2023-30585, bsc#1212579): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* (CVE-2023-30586, bsc#1212580): Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
* (CVE-2023-30588, bsc#1212581): Process interuption due to invalid Public Key information in x509 certificates (Medium)
* (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via Empty headers separated by CR (Medium)
* (CVE-2023-30590, bsc#1212583): DiffieHellman does not generate keys after setting a private key (Medium)
* Thu Jun 15 2023 Adam Majer - Update to version 20.3.0:
* deps: upgrade to libuv 1.45.0, including significant performance improvements to file system operations on Linux
* module: change default resolver to not throw on unknown scheme
* stream: deprecate asIndexedPairs- versioned.patch, fix_ci_tests.patch: refreshed- openssl3_1-adapt_tests.patch: upstreamed and removed For details see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.3.0
* Mon May 22 2023 Adam Majer - Fix build on SLE12SP5
* Fri May 19 2023 Adam Majer - Update to version 20.2.0:
* http: prevent writing to the body when not allowed by HTTP spec
* sea: add option to disable the experimental SEA warning
* test_runner: add skip, todo, and only shorthands to test
* url: add value argument to URLSearchParams has and delete methods For details see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.2.0
* Mon May 15 2023 Adam Majer - fix_ci_tests.patch: increase default timeout on unit tests to 20min from 2min. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407)
* Fri May 12 2023 Adam Majer - z13.patch: fixes illegal instruction error on z13 and older s390
* Wed May 10 2023 Otto Hollmann - Adapt tests for OpenSSL 3.1 [bsc#1209430]
* Add openssl3_1-adapt_tests.patch
* Thu May 04 2023 Adam Majer - 20.1.0- Update to version 20.1.0 assert: deprecate CallTracker dns: expose getDefaultResultOrder doc: add KhafraDev to collaborators fs: add recursive option to readdir and opendir fs: add support for mode flag to specify the copy behavior of the cp methods http: add highWaterMark option http.createServer stream: preserve object mode in compose test_runner: add testNamePatterns to run API test_runner: execute before hook on test test_runner: support combining coverage reports wasi: make returnOnExit true by default
* Wed Apr 19 2023 Adam Majer - 20.0.0- Package new version 20.0.0 For overview of changes and details since 19.x and earlier see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.0.0- imported the following patches from prior patches: + cares_public_headers.patch + fix_ci_tests.patch + flaky_test_rerun.patch + legacy_python.patch + linker_lto_jobs.patch + manual_configure.patch + node-gyp-addon-gypi.patch + node-gyp-config.patch + nodejs-libpath.patch + npm_search_paths.patch + openssl_binary_detection.patch + qemu_timeouts_arches.patch + skip_no_console.patch + sle12_python3_compat.patch + test-skip-y2038-on-32bit-time_t.patch + versioned.patch
  
ICM