| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: nodejs20 | Distribution: openSUSE Tumbleweed |
| Version: 20.15.1 | Vendor: openSUSE |
| Release: 1.1 | Build date: Fri Jul 12 15:21:02 2024 |
| Group: Development/Languages/NodeJS | Build host: reproducible |
| Size: 39161592 | Source RPM: nodejs20-20.15.1-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://nodejs.org | |
| Summary: Evented I/O for V8 JavaScript | |
Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js uses an event-driven, non-blocking I/O model. Node.js has a package ecosystem provided by npm.
MIT
* Fri Jul 12 2024 Adam Majer <adam.majer@suse.de>
- Update to 20.15.1:
* Bypass incomplete fix of CVE-2024-27980 (bsc#1227560, CVE-2024-36138)
* Bypass network import restriction via data URL (bsc#1227554, CVE-2024-22020)
* fs.lstat bypasses permission model (bsc#1227562, CVE-2024-22018)
* fs.fchown/fchmod bypasses permission model (bsc#1227561, CVE-2024-36137)
* Permission model improperly processes UNC paths (bsc#1227563, CVE-2024-37372)
- Changes in 20.15.0:
* test_runner: support test plans
* inspector: introduce the --inspect-wait flag
* zlib: expose zlib.crc32()
* cli: allow running wasm in limited vmem with --disable-wasm-trap-handler
- Changes in 20.14.0
* src,permission: throw async errors on async APIs
* test_runner: support forced exit
- fix_ci_tests.patch, npm_search_paths.patch: refreshed
- skip_no_console.patch: dropped, upstreamed
* Tue May 28 2024 Adam Majer <adam.majer@suse.de>
- Update to 20.13.1:
* buffer: improve base64 and base64url performance
* crypto: deprecate implicitly shortened GCM tags
* events,doc: mark CustomEvent as stable
* fs: add stacktrace to fs/promises
* report: add --report-exclude-network option
* src: add uv_get_available_memory to report and process
* stream: support typed arrays
* util: support array of formats in util.styleText
* v8: implement v8.queryObjects() for memory leak regression testing
* watch: mark as stable
- versioned.patch: refreshed
- cares_sle12_capabilities.patch: SLES12 compatibility
* Tue Apr 09 2024 Adam Majer <adam.majer@suse.de>
- Update to 20.12.1:
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
leads to HTTP/2 server crash- (High) (bsc#1222244)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length
Obfuscation- (Medium) (bsc#1222384)
* updated dependencies:
+ llhttp version 9.2.1
+ undici version 5.28.4 (bsc#1222530, bsc#1222603,
CVE-2024-30260, CVE-2024-30261)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts
- fix_ci_tests.patch: add benchmark fix
* Tue Apr 02 2024 Adam Majer <adam.majer@suse.de>
- Update to 20.12.0:
* crypto: implement crypto.hash()
* util: add loading and parsing environment variables
* new connection attempt events: connectionAttempt,
connectionAttemptFailed, connectionAttemptTimeout
* sea: support embedding assets
* support configurable snapshot through --build-snapshot-config flag
* util.styleText(format, text): This function returns a formatted
text considering the format passed.
* vm: support using the default loader to handle dynamic import()
- c-ares-fixes.patch: removed, upstreamed
- nodejs-libpath.patch, versioned.patch: refreshed
* Fri Feb 16 2024 Adam Majer <adam.majer@suse.de>
- Update to 20.11.1: (security updates)
* (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High)
* (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High)
* (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High)
* (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
* libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)
* Mon Feb 12 2024 Adam Majer <adam.majer@suse.de>
- update to 20.11.0:
* esm: add import.meta.dirname and import.meta.filename
* fs: add c++ fast path for writeFileSync utf8
* module: remove useCustomLoadersIfPresent flag
* module: bootstrap module loaders in shadow realm
* src: add --disable-warning option
* src: create per isolate proxy env template
* src: make process binding data weak
* stream: use Array for Readable buffer
* stream: optimize creation
* test_runner: adds built in lcov reporter
* test_runner: add Date to the supported mock APIs
* test_runner, cli: add --test-timeout flag
- c-ares-fixes.patch, fix_ci_tests.patch: refreshed
* Mon Jan 29 2024 Adam Majer <adam.majer@suse.de>
- fix_ci_tests.patch: disable test_crypto_fips for openssl 3.x,
to be fixed soon (bsc#1219152)
* Mon Jan 08 2024 Adam Majer <adam.majer@suse.de>
- c-ares-fixes.patch: add additional backports for unit test fixes
* Tue Jan 02 2024 Adam Majer <adam.majer@suse.de>
- c-ares-fixes.patch: fixes unit tests for new c-ares
* Thu Nov 23 2023 Adam Majer <adam.majer@suse.de> - 20.10.0
- Update to 20.10.0:
* --experimental-default-type flag to flip module defaults
* The new flag --experimental-detect-module can be used to
automatically run ES modules when their syntax can be detected.
* Added flush option in file system functions for fs.writeFile functions
* Added experimental WebSocket client
* vm: fix V8 compilation cache support for vm.Script. This fixes
performance regression since v16.x when support for
importModuleDynamically was added to vm.Script
For details, see
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.10.0
- nodejs20-zlib-1.3.patch: upstreamed, removed
- fix_ci_tests.patch, node-gyp-addon-gypi.patch: refreshed
* Thu Nov 09 2023 Adam Majer <adam.majer@suse.de>
- Update to 20.9.0:
* No changes, just LTS transition
* Fri Oct 27 2023 Adam Majer <adam.majer@suse.de>
- fix_ci_tests.patch: adapt for openssl 3.1.4
* Tue Oct 24 2023 Dominique Leuenberger <dimstar@opensuse.org>
- Add nodejs20-zlib-1.3.patch: Support zlib version with only
major.minor versions, like zlib 1.3.
* Mon Oct 16 2023 Adam Majer <adam.majer@suse.de> - 20.8.1
- Security fixes relase 20.8.1
* (CVE-2023-44487, bsc#1216190): nghttp2 Security Release
* (CVE-2023-45143, bsc#1216205): undici Security Release
* (CVE-2023-39332, bsc#1216271): Path traversal through path stored in Uint8Array
* (CVE-2023-39331, bsc#1216270): Permission model improperly protects against path traversal
* (CVE-2023-38552, bsc#1216272): Integrity checks according to policies can be circumvented
* (CVE-2023-39333, bsc#1216273): Code injection via WebAssembly export names
- fix_ci_tests.patch: refreshed
* Thu Oct 05 2023 Adam Majer <adam.majer@suse.de> - 20.8.0
- Update to 20.8.0:
* Stream performance improvements
* Rework of memory management in vm APIs with the importModuleDynamically
option
* test_runner:
+ accept testOnly in run
+ add junit reporter
- fix_ci_tests.patch: refreshed
* Tue Sep 19 2023 Adam Majer <adam.majer@suse.de> - 20.7.0
- Update to 20.7.0:
* src: support multiple --env-file declarations
* deps: upgrade npm to 10.1.0
* doc: move and rename loaders section
* lib: add api to detect whether source-maps are enabled
* src,permission: add multiple allow-fs-* flags
* test_runner: expose location of tests
- z13.patch: upstreamed
* Mon Sep 18 2023 Adam Majer <adam.majer@suse.de>
- Update to 20.6.1:
* f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: removed, upstreamed
* Fri Sep 08 2023 Adam Majer <adam.majer@suse.de>
- f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: fixes issues with
Angular and other software that tries to load ECM modules in
somewhat circular fashion ending up with multiple executions.
* Tue Sep 05 2023 Adam Majer <adam.majer@suse.de> - 20.6.0
- Update to 20.6.0:
* add support for .env files to configure envrionment variables
* import.meta.resolve unflagged
* deps: npm updated to 9.8.1
- nodejs.keyring: updated to include current upstream releasers
* Fri Aug 25 2023 Adam Majer <adam.majer@suse.de>
- Temporarily bundle ICU for SLE15 SP6 (jsc#PED-4819)
* Thu Aug 10 2023 Adam Majer <adam.majer@suse.de>
- Update to version 20.5.1:
* (CVE-2023-32002, bsc#1214150): Policies can be bypassed
via Module._load (High)
* (CVE-2023-32558, bsc#1214155): process.binding() can bypass
the permission model through path traversal (High)
* (CVE-2023-32004, bsc#1214152): Permission model can be bypassed
by specifying a path traversal sequence in a Buffer (High)
* (CVE-2023-32006, bsc#1214156): Policies can be bypassed
by module.constructor.createRequire (Medium)
* (CVE-2023-32559, bsc#1214154): Policies can be bypassed
via process.binding (Medium)
* (CVE-2023-32005, bsc#1214153): fs.statfs can bypass
the permission model (Low)
* (CVE-2023-32003, bsc#1214151): fs.mkdtemp() and fs.mkdtempSync()
can bypass the permission model (Low)
- Changes in 20.5.0:
* events: allow safely adding listener to abortSignal
* fs: add a fast-path for readFileSync utf-8
* test_runner: add shards support
- Changes in 20.4.0:
* tls: add ALPNCallback server option for dynamic ALPN negotiation
* adds support for ECMAScript Explicit Resource Management
* adds Mock Timer support to test module
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.5.1
versioned.patch: refreshed
* Wed Jun 21 2023 Adam Majer <adam.majer@suse.de>
- Update to version 20.3.1 (security fixes only). The following
CVEs are fixed in this release:
* (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass
Experimental Policy Mechanism (High)
* (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in
Experimental Permission Model (High)
* (CVE-2023-30587, bsc#1212576): Bypass of Experimental
Permission Model via Node.js Inspector (High)
* (CVE-2023-30582, bsc#1212577): Inadequate Permission Model
Allows Unauthorized File Watching (Medium)
* (CVE-2023-30583, bsc#1212578): Bypass of Experimental
Permission Model via fs.openAsBlob() (Medium)
* (CVE-2023-30585, bsc#1212579): Privilege escalation via
Malicious Registry Key manipulation during Node.js
installer repair process (Medium)
* (CVE-2023-30586, bsc#1212580): Bypass of Experimental
Permission Model via Arbitrary OpenSSL Engines (Medium)
* (CVE-2023-30588, bsc#1212581): Process interuption due to invalid
Public Key information in x509 certificates (Medium)
* (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via
Empty headers separated by CR (Medium)
* (CVE-2023-30590, bsc#1212583): DiffieHellman does not
generate keys after setting a private key (Medium)
* Thu Jun 15 2023 Adam Majer <adam.majer@suse.de>
- Update to version 20.3.0:
* deps: upgrade to libuv 1.45.0, including significant performance
improvements to file system operations on Linux
* module: change default resolver to not throw on unknown scheme
* stream: deprecate asIndexedPairs
- versioned.patch, fix_ci_tests.patch: refreshed
- openssl3_1-adapt_tests.patch: upstreamed and removed
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.3.0
* Mon May 22 2023 Adam Majer <adam.majer@suse.de>
- Fix build on SLE12SP5
* Fri May 19 2023 Adam Majer <adam.majer@suse.de>
- Update to version 20.2.0:
* http: prevent writing to the body when not allowed by HTTP spec
* sea: add option to disable the experimental SEA warning
* test_runner: add skip, todo, and only shorthands to test
* url: add value argument to URLSearchParams has and delete methods
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.2.0
* Mon May 15 2023 Adam Majer <adam.majer@suse.de>
- fix_ci_tests.patch: increase default timeout on unit tests
to 20min from 2min. This seems to have lead to build failures
on some platforms, like s390x in Factory. (bsc#1211407)
* Fri May 12 2023 Adam Majer <adam.majer@suse.de>
- z13.patch: fixes illegal instruction error on z13 and older s390
* Wed May 10 2023 Otto Hollmann <otto.hollmann@suse.com>
- Adapt tests for OpenSSL 3.1 [bsc#1209430]
* Add openssl3_1-adapt_tests.patch
* Thu May 04 2023 Adam Majer <adam.majer@suse.de> - 20.1.0
- Update to version 20.1.0
assert: deprecate CallTracker
dns: expose getDefaultResultOrder
doc: add KhafraDev to collaborators
fs: add recursive option to readdir and opendir
fs: add support for mode flag to specify the copy behavior
of the cp methods
http: add highWaterMark option http.createServer
stream: preserve object mode in compose
test_runner: add testNamePatterns to run API
test_runner: execute before hook on test
test_runner: support combining coverage reports
wasi: make returnOnExit true by default
* Wed Apr 19 2023 Adam Majer <adam.majer@suse.de> - 20.0.0
- Package new version 20.0.0
For overview of changes and details since 19.x and earlier see
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.0.0
- imported the following patches from prior patches:
+ cares_public_headers.patch
+ fix_ci_tests.patch
+ flaky_test_rerun.patch
+ legacy_python.patch
+ linker_lto_jobs.patch
+ manual_configure.patch
+ node-gyp-addon-gypi.patch
+ node-gyp-config.patch
+ nodejs-libpath.patch
+ npm_search_paths.patch
+ openssl_binary_detection.patch
+ qemu_timeouts_arches.patch
+ skip_no_console.patch
+ sle12_python3_compat.patch
+ test-skip-y2038-on-32bit-time_t.patch
+ versioned.patch
/usr/bin/node20 /usr/lib/node_modules /usr/share/doc/packages/nodejs20 /usr/share/doc/packages/nodejs20/BUILDING.md /usr/share/doc/packages/nodejs20/CHANGELOG.md /usr/share/doc/packages/nodejs20/CHANGELOG_V20.md /usr/share/doc/packages/nodejs20/CODE_OF_CONDUCT.md /usr/share/doc/packages/nodejs20/CONTRIBUTING.md /usr/share/doc/packages/nodejs20/GOVERNANCE.md /usr/share/doc/packages/nodejs20/README.md /usr/share/doc/packages/nodejs20/SECURITY.md /usr/share/doc/packages/nodejs20/gdbinit /usr/share/doc/packages/nodejs20/glossary.md /usr/share/doc/packages/nodejs20/onboarding.md /usr/share/libalternatives /usr/share/libalternatives/node /usr/share/libalternatives/node/20.conf /usr/share/licenses/nodejs20 /usr/share/licenses/nodejs20/LICENSE /usr/share/man/man1/node20.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Nov 5 01:05:46 2024