Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

nodejs14-14.19.1-150200.15.31.1 RPM for s390x

From OpenSuSE Leap 15.4 for s390x

Name: nodejs14 Distribution: SUSE Linux Enterprise 15
Version: 14.19.1 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150200.15.31.1 Build date: Wed Apr 27 10:10:18 2022
Group: Development/Languages/NodeJS Build host: s390zl32
Size: 32510837 Source RPM: nodejs14-14.19.1-150200.15.31.1.src.rpm
Packager: https://www.suse.com/
Url: https://nodejs.org
Summary: Evented I/O for V8 JavaScript
Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js
uses an event-driven, non-blocking I/O model. Node.js has a package ecosystem
provided by npm.

Provides

Requires

License

MIT

Changelog

* Wed Apr 20 2022 adam.majer@suse.de
  Update to 14.19.1:
    * deps: upgrade openssl sources to 1.1.1n (bsc#1196877,  CVE-2022-0778)
      Infinite loop in BN_mod_sqrt() reachable when parsing certificates
      More details at https://www.openssl.org/news/secadv/20220315.txt
  - CVE-2021-44906.patch: fix prototype pollution in npm dependency
    (bsc#1198247, CVE-2021-44906)
  - CVE-2021-44907.patch: fix insuficient sanitation in npm dependency
    (bsc#1197283, CVE-2021-44907)
  - CVE-2022-0235.patch: fix passing of cookie data and sensitive headers
    to different hostnames in node-fetch-npm (bsc#1194819, CVE-2022-0235)
* Wed Feb 16 2022 adam.majer@suse.de
  - update to 14.19.0:
    * crypto: make FIPS related options always available
    * deps: deps: upgrade npm to 6.14.16
      + CVE-2021-23343 - ReDoS via splitDeviceRe, splitTailRe and
      splitPathRe (bsc#1192153)
      + CVE-2021-32803 - node-tar: Insufficient symlink protection
      allowing arbitrary file creation and overwrite (bsc#1191963)
      + CVE-2021-32804 - node-tar: Insufficient absolute path sanitization
      allowing arbitrary file creation and overwrite (bsc#1191962)
      + CVE-2021-3918 - json-schema is vulnerable to Improperly
      Controlled Modification of Object Prototype Attributes (bsc#1192696)
    * module: support pattern trailers
    * src: make napi_create_reference accept symbol
  - CVE-2021-3807.patch: node-ansi-regex: Regular expression
    denial of service (ReDoS) matching ANSI escape codes
    (bsc#1192154, CVE-2021-3807)
  - versioned.patch, nodejs-libpath.patch: refreshed
* Wed Jan 12 2022 adam.majer@suse.de
  - z15-test-skip.patch: dropped, no longer required
  - fix_ci_tests.patch: update tests for z15
* Tue Jan 11 2022 adam.majer@suse.de
  - update to 14.18.3:
    Security update fixing the following issues:
    * Improper handling of URI Subject Alternative Names (Medium)
    (CVE-2021-44531, bsc#1194511)
    * Certificate Verification Bypass via String Injection (Medium)
    (CVE-2021-44532, bsc#1194512)
    * Incorrect handling of certificate subject and issuer fields (Medium)
    (CVE-2021-44533, bsc#1194513)
    * Prototype pollution via console.table properties (Low)
    (CVE-2022-21824, bsc#1194514)
* Thu Dec 16 2021 adam.majer@suse.de
  - update to 14.18.2:
    * lib: fix regular expression to detect `/` and `\`
    * worker: avoid potential deadlock on NearHeapLimit
  - sle12_python3_compat.patch: refreshed
* Thu Nov 25 2021 guillaume.gardet@opensuse.org
  - Fix CXXFLAGS in Tumbleweed - boo#1192824
* Tue Nov 09 2021 adam.majer@suse.de
  - update to 14.18.1:
    * deps: update llhttp to 2.1.4
    - HTTP Request Smuggling due to spaced in headers
      (bsc#1191601, CVE-2021-22959)
    - HTTP Request Smuggling when parsing the body
      (bsc#1191602, CVE-2021-22960)
  - changes in 14.18.0:
    * buffer:
      + introduce Blob
      + add base64url encoding option
    * child_process:
      + allow options.cwd receive a URL
      + add timeout to spawn and fork
      + allow promisified exec to be cancel
      + add 'overlapped' stdio flag
    * dns: add "tries" option to Resolve options
    * fs:
      + allow empty string for temp directory prefix
      + allow no-params fsPromises fileHandle read
      + add support for async iterators to fsPromises.writeFile
    * http2: add support for sensitive headers
    * process: add 'worker' event
    * tls: allow reading data into a static buffer
    * worker: add setEnvironmentData/getEnvironmentData
  - changes in 14.17.6:
    * deps: upgrade npm to 6.14.15 which fixes a number of
      security issues
      (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712,
      bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134,
      bsc#1190053, CVE-2021-39135)
  - test-skip-y2038-on-32bit-time_t.patch: fix test failure when
    64-bit time_t is used on 32-bit arches
  - refreshed patches: versioned.patch, flaky_test_rerun.patch
  - PR39011.patch: upstreamed
* Thu Aug 12 2021 adam.majer@suse.de
  - update to 14.17.5:
    * CVE-2021-3672/CVE-2021-22931: Improper handling of untypical
      characters in domain names (bsc#1189370, bsc#1188881)
    * CVE-2021-22940: Use after free on close http2 on stream canceling
      (bsc#1189368)
    * CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter
      (bsc#1189369)
  - cares_public_headers.patch: don't use private headers
* Mon Aug 09 2021 adam.majer@suse.de
  - z15-test-skip.patch: skip problematic test on s390x
* Mon Aug 02 2021 adam.majer@suse.de
  - update to 14.17.4:
    http2: fixes use after free on close http2 on stream canceling
    (bsc#1188917, CVE-2021-22930)
  - old_icu.patch: merged, removed
  - versioned.patch: updated
  - node_modules.tar.xz: refreshed
  - PR39011.patch: use localhost instead of remote for unit test
* Fri Jul 02 2021 adam.majer@suse.de
  - update to 14.17.2:
    deps: libuv upgrade - Out of bounds read (Medium)
    (bsc#1187973, CVE-2021-22918)
  - old_icu.patch: update with upstream's patch from
    https://github.com/nodejs/node/pull/39068
  - specfile cleanup
* Thu Jun 17 2021 adam.majer@suse.de
  - update to 14.17.1:
    * deps: update ICU to 69.1
    * errors: align source-map stacks with spec
  - Fix-build-with-icu-69.patch: upstreamed
* Fri Jun 04 2021 dmueller@suse.com
  - update to 14.17.0:
    * Experimental support for AbortController and AbortSignal
    * Diagnostics channel (experimental module)
    * UUID support in the crypto module
    * update ICU to 68.1
    * upgrade to libuv 1.41.0
    * deps: npm update to 6.14.13
      ssri Regular Expression Denial of Service and hosted-git-info
      Regular Expression Denial of Service
      (bsc#1187976, bsc#1187977, CVE-2021-27290, CVE-2021-23362)
  - add Fix-build-with-icu-69.patch: fix build with icu 69
* Mon May 31 2021 adam.majer@suse.de
  - Use libalternatives instead of update-alternatives
* Wed Apr 07 2021 adam.majer@suse.de
  - New upstream LTS version 14.16.1:
    * CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
      This is a vulnerability in the y18n npm module which may be
      exploited by prototype pollution. You can read more about it in
      https://github.com/advisories/GHSA-c4w7-xm78-47vh
      (bsc#1184450)
    * deps: upgrade npm to 6.14.12
  - versioned.patch: refreshed
* Tue Feb 23 2021 adam.majer@suse.de
  - New upstream LTS version 14.16.0:
    * CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service
      by resource exhaustion (bsc#1182619)
    * CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620)
* Wed Feb 17 2021 adam.majer@suse.de
  - New upstream LTS version 14.15.5:
    * deps:
      + upgrade npm to 6.14.11
      + V8: backport dfcf1e86fac0 #37245
      Note: Node.js is not believed to be vulnerable to CVE-2021-21148
    * stream,zlib: do not use _stream_* anymore
  - relax OpenSSL cipher suite policies for unit tests
* Mon Jan 04 2021 adam.majer@suse.de
  - New upstream LTS version 14.15.4:
    * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS
      implementation. When writing to a TLS enabled socket,
      node::StreamBase::Write calls node::TLSWrap::DoWrite with
      a freshly allocated WriteWrap object as first argument.
      If the DoWrite method does not return an error, this object is
      passed back to the caller as part of a StreamWriteResult structure.
      This may be exploited to corrupt memory leading to a
      Denial of Service or potentially other exploits (bsc#1180553)
    * CVE-2020-8287: HTTP Request Smuggling allow two copies of a
      header field in a http request. For example, two Transfer-Encoding
      header fields. In this case Node.js identifies the first header
      field and ignores the second. This can lead to HTTP Request
      Smuggling (https://cwe.mitre.org/data/definitions/444.html).
      (bsc#1180554)
* Mon Dec 21 2020 adam.majer@suse.de
  - New upstream LTS version 14.15.3:
    * deps:
      + upgrade npm to 6.14.9
      + update acorn to v8.0.4
    * http2: check write not scheduled in scope destructor
    * stream: fix regression on duplex end
  - versioned.patch, sle12_python3_compat.patch: refreshed
* Mon Nov 30 2020 adam.majer@suse.de
  - openssl_binary_detection.patch: fixes unit tests on SLE12
* Mon Nov 23 2020 adam.majer@suse.de
  - Update Requires: so -devel requires npm
  - Rely on rpmbuild to define necessary python dependencies
* Thu Nov 19 2020 adam.majer@suse.de
  - New upstream LTS version 14.15.1:
    * deps: Denial of Service through DNS request (High).
    A Node.js application that allows an attacker to trigger a DNS
    request for a host of their choice could trigger a Denial of Service
    by getting the application to resolve a DNS record with
    a larger number of responses (bsc#1178882, CVE-2020-8277)
* Thu Oct 29 2020 adam.majer@suse.de
  - Update to LTS version 14.15.0: (jsc#SLE-15774)
    * no major changes
    * test: reverts marking test-webcrypto-encrypt-decrypt-aes flaky
* Tue Oct 20 2020 adam.majer@suse.de
  - Use SLE OpenSSL version with 12-SP4+, and not just 12-SP5+
  - Bump mininum ICU version to 65
* Fri Oct 16 2020 adam.majer@suse.de
  - Update to version 14.14.0:
    * fs: add rm method
    * http: allow passing array of key/val into writeHead
    * src: expose v8::Isolate setup callbacks
  - sle12_python3_compat.patch: refreshed
* Thu Oct 08 2020 adam.majer@suse.de
  - Update to version 14.13.1:
    * fs: rmdir recursive is no longer considered experimental
  - fix_ci_tests.patch: add support to SUSE's ECDH backport errors
    in SLE's openssl
* Tue Oct 06 2020 adam.majer@suse.de
  - Update to version 14.13.0:
    * deps: upgrade to libuv 1.40.0 #35333
    * module: named exports for CJS via static analysis #35249
    * module: exports pattern support #34718
    * src: allow N-API addon in AddLinkedBinding()
* Thu Sep 24 2020 adam.majer@suse.de
  - Update to version 14.12.0:
    * n-api:
      + create N-API version 7
      + add more property defaults
  - Changes since version 14.9.0
    * deps:
      + update llhttp to 2.1.2 (bsc#1176605, CVE-2020-8201)
      + http: add requestTimeout. Fixes Denial of Service by
      resource exhaustion due to unfinished HTTP/1.1 requests
      (bsc#1176604, CVE-2020-8251)
      + buffer: also alias BigUInt methods
      + crypto: add randomInt function
      + perf_hooks: add idleTime and event loop util
      + stream: simpler and faster Readable async iterator
      + stream: save error in state
* Wed Sep 02 2020 adam.majer@suse.de
  - old_icu.patch: re-add support for ICU 65 from SLE15 SP2
  - fix_ci_tests.patch: move debug symbol strip for testing to the Makefile
* Fri Aug 28 2020 adam.majer@suse.de
  - Update to version 14.9.0:
    * build: set --v8-enable-object-print by default (Mary Marchini) #34705
    * deps:
      + upgrade to libuv 1.39.0 (cjihrig) #34915
      + upgrade npm to 6.14.8 (Ruy Adorno) #34834
      + V8: cherry-pick e06ace6b5cdb (Anna Henningsen) #34673
    * n-api: handle weak no-finalizer refs correctly (Gabriel Schulhof) #34839
    * tools: add debug entitlements for macOS 10.15+ (Gabriele Greco) #34378
  - Changes in version 14.8.0:
    * async_hooks: add AsyncResource.bind utility (James M Snell) #34574
    * deps: update to uvwasi 0.0.10 (Colin Ihrig) #34623
    * module: unflag Top-Level Await (Myles Borins) #34558
    * n-api: support type-tagging objects (Gabriel Schulhof) #28237
    * n-api,src: provide asynchronous cleanup hooks (Anna Henningsen) #34572
  - versioned.patch: refreshed
  - linker_lto_jobs.patch: refreshed
* Mon Aug 10 2020 adam.majer@suse.de
  - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation
    on Aarch64 with gcc10 (bsc#1172686)
* Mon Aug 03 2020 adam.majer@suse.de
  - Update to version 14.7.0:
    * deps: upgrade npm to 6.14.7
    * dgram: add IPv6 scope id suffix to received udp6 dgrams
    * src:
      + allow preventing SetPromiseRejectCallback #34387
      + allow setting a dir for all diagnostic output #33584
    * worker: make MessagePort inherit from EventTarget #34057
    * zlib: switch to lazy init for zlib streams (Andrey Pechkurov) #34048
* Tue Jul 28 2020 dmueller@suse.com
  - avoid rpmbuild warnings on if/else/endif constructs
* Wed Jul 22 2020 adam.majer@suse.de
  - Update to version 14.6.0:
    * deps:
      + upgrade to libuv 1.38.1
      + upgrade npm to 6.14.6 fixing information leak through
      log files (bsc#1173937, CVE-2020-15095)
      + update V8 to 8.4.371.19
    * module:
      + doc only deprecation of module.parent
      + package "imports" field
    * src: allow embedders to disable esm loader
    * tls: make 'createSecureContext' honor more options
    * vm: add run-after-evaluate microtask mode
    * worker: add option to track unmanaged file descriptors
  - versioned.patch - refreshed
* Thu Jul 02 2020 adam.majer@suse.de
  - Update to version 14.5.0:
    * deps: V8 engine is updated to version 8.3. For details, see
      https://v8.dev/blog/v8-release-83
    * events: experimental implementation of EventTarget
    For details, see
    https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V14.md#14.5.0
  - sle12_python3_compat.patch: refreshed
  - fix_ci_tests.patch: refreshed
* Tue Jun 09 2020 adam.majer@suse.de
  - Add Require for nodejs14 when intalling npm14. (bsc#1172728)
* Thu Jun 04 2020 adam.majer@suse.de
  - Update to version 14.4.0:
    * napi: fix various types of memory corruption in napi_get_value_string_*()
      (CVE-2020-8174, bsc#1172443)
    * http2: fix HTTP/2 Large Settings Frame DoS
      (CVE-2020-11080, bsc#1172442)
    * TLS session reuse can lead to host certificate verification bypass
      (CVE-2020-8172, bsc#1172441)
* Fri May 29 2020 adam.majer@suse.de
  - Update to version 14.3.0:
    * repl: previews improvements with autocompletion
    * it's now possible to use the await keyword outside of async functions,
      with the --experimental-top-level-await flag
  - Changes in version 14.2.0:
    * console: Support for console constructor groupIndentation options
  - skip_no_console.patch: refreshed
  - versioned.patch, fix_ci_tests.patch: refreshed
* Thu Apr 30 2020 adam.majer@suse.de
  - Update to version 14.1.0:
    * deps: upgrade openssl sources to 1.1.1g (SLE-12 only)
    * http: doc deprecate abort and improve docs
    * module: do not warn when accessing __esModule of unfinished exports
    * n-api: detect deadlocks in thread-safe function
    * src: deprecate embedder APIs with replacements
    * stream:
      + don't emit end after close
      + don't wait for close on legacy streams
      + pipeline should only destroy un-finished streams
    * vm: add importModuleDynamically option to compileFunction
    skip_no_console.patch: add more unit tests that fail on dumb terminals
* Mon Apr 27 2020 adam.majer@suse.de
  - Initial version 14.0.0
    Deprecations
    * crypto: move pbkdf2 without digest to EOL
    * fs: deprecate closing FileHandle on garbage collection
    * http: move OutboundMessage.prototype.flush to EOL
    * lib: move GLOBAL and root aliases to EOL
    * os: move tmpDir() to EOL
    * src: remove deprecated wasm type check
    * stream: move _writableState.buffer to EOL
    * doc: deprecate process.mainModule
    * doc: deprecate process.umask() with no arguments
    For a detailed list of changes, see
    https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V14.md#14.0.0

Files

/etc/alternatives/node-default
/etc/alternatives/node.1.gz
/usr/bin/node-default
/usr/bin/node14
/usr/lib64/node_modules
/usr/share/doc/packages/nodejs14
/usr/share/doc/packages/nodejs14/AUTHORS
/usr/share/doc/packages/nodejs14/BUILDING.md
/usr/share/doc/packages/nodejs14/CHANGELOG.md
/usr/share/doc/packages/nodejs14/CODE_OF_CONDUCT.md
/usr/share/doc/packages/nodejs14/CONTRIBUTING.md
/usr/share/doc/packages/nodejs14/GOVERNANCE.md
/usr/share/doc/packages/nodejs14/README.md
/usr/share/doc/packages/nodejs14/SECURITY.md
/usr/share/doc/packages/nodejs14/gdbinit
/usr/share/doc/packages/nodejs14/glossary.md
/usr/share/doc/packages/nodejs14/onboarding.md
/usr/share/libalternatives
/usr/share/libalternatives/node
/usr/share/libalternatives/node/14.conf
/usr/share/licenses/nodejs14
/usr/share/licenses/nodejs14/LICENSE
/usr/share/man/man1/node.1.gz
/usr/share/man/man1/node14.1.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 9 17:16:51 2024