Revisions of nodejs10
buildservice-autocommit
accepted
request 870526
from
Factory Maintainer (factory-maintainer)
(revision 147)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 146)
- New upstream LTS version 10.23.3: * crypto: fix crash when calling digest after piping * deps: reland npm upgrade to 6.14.11 * test: add test that verifies crypto stream pipeline - versioned.patch: refreshed
Adam Majer (adamm)
committed
(revision 145)
- New upstream LTS version 10.23.2: * deps: upgrade npm to 6.14.11 - versioned.patch: refreshed - New upstream LTS version 10.23.1: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. (bsc#1179491) - versioned.patch: refreshed
buildservice-autocommit
accepted
request 860411
from
Adam Majer (adamm)
(revision 144)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 143)
- New upstream LTS version 10.23.1: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. (bsc#1179491) - versioned.patch: refreshed
buildservice-autocommit
accepted
request 858072
from
Adam Majer (adamm)
(revision 142)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 141)
- Add icu68.patch: fix build with ICU 68
buildservice-autocommit
accepted
request 855765
from
Factory Maintainer (factory-maintainer)
(revision 140)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 139)
- openssl_binary_detection.patch: fixes unit tests on SLE12
buildservice-autocommit
accepted
request 850271
from
Adam Majer (adamm)
(revision 138)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 137)
- Update Requires: so -devel requires npm - Rely on rpmbuild to define necessary python dependencies
buildservice-autocommit
accepted
request 844833
from
Adam Majer (adamm)
(revision 136)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 135)
- New upstream LTS version 10.23.0: * deps: upgrade npm to 6.14.8 * n-api: + create N-API version 7 + expose napi_build_version variable - versioned.patch: refreshed
buildservice-autocommit
accepted
request 842083
from
Factory Maintainer (factory-maintainer)
(revision 134)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 133)
- fix_ci_tests.patch: add support to SUSE's ECDH backport errors in SLE's openssl
buildservice-autocommit
accepted
request 838331
from
Adam Majer (adamm)
(revision 132)
baserev update by copy to link target
Adam Majer (adamm)
committed
(revision 131)
version fix.... - New upstream LTS version 10.22.0:
Adam Majer (adamm)
committed
(revision 130)
fix version number - New upstream LTS version 10.22.1: - fix_ci_tests.patch: re-add missing debug symbol removal before running unit tests
Adam Majer (adamm)
committed
(revision 129)
(bsc#1176589, CVE-2020-8252)
Adam Majer (adamm)
committed
(revision 128)
Displaying revisions 41 - 60 of 187