NodeJS 4.x LTS
Evented I/O for V8 JavaScript
This version no longer supported
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout devel:languages:nodejs/nodejs4 && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| 8334.diff | 0000001717 1.68 KB | |
| CVE-2018-12115.patch | 0000002782 2.72 KB | |
| CVE-2018-12116.patch | 0000011242 11 KB | |
| CVE-2018-12120.patch | 0000010800 10.5 KB | |
| CVE-2018-12121.patch | 0000007290 7.12 KB | |
| CVE-2018-12122.patch | 0000010132 9.89 KB | |
| CVE-2018-12123.patch | 0000002663 2.6 KB | |
| SHASUMS256.txt | 0000003576 3.49 KB | |
| SHASUMS256.txt.sig | 0000000310 310 Bytes | |
| bash_output_helper.bash | 0000000306 306 Bytes | |
| env_shebang.patch | 0000014489 14.1 KB | |
| fix_ci_ssl_tests.patch | 0000000728 728 Bytes | |
| fix_ci_tests.patch | 0000004398 4.29 KB | |
| flaky_test_rerun.patch | 0000000733 733 Bytes | |
| http-keep-alive.patch | 0000020555 20.1 KB | |
| icu_61_namespacefix.patch | 0000002712 2.65 KB | |
| max_header_size.patch | 0000023123 22.6 KB | |
| node-gyp-addon-gypi.patch | 0000003100 3.03 KB | |
| node-v4.9.1.tar.xz | 0013250164 12.6 MB | |
| nodejs-libpath.patch | 0000002887 2.82 KB | |
| nodejs-sle11-python26-check_output.patch | 0000001317 1.29 KB | |
| nodejs.keyring | 0000033618 32.8 KB | |
| nodejs4.changes | 0000022735 22.2 KB | |
| nodejs4.spec | 0000019298 18.8 KB | |
| npm_search_paths.patch | 0000002262 2.21 KB | |
| openssl_1_0_2p.patch | 0003851005 3.67 MB | |
| openssl_1_0_2q.patch | 0000115774 113 KB | |
| openssl_1_0_2r.patch | 0000116561 114 KB | |
| test-ca-bumps.patch | 0000140889 138 KB | |
| versioned.patch | 0000013990 13.7 KB |
Revision 105 (latest revision is 110)
Adam Majer (adamm)
committed
(revision 105)
Backport security fixes from NodeJS 6.x:
* deps: upgrade OpenSSL source to 1.0.2r. Under certain
circumstances, a TLS server can be forced to respond differently
to a client if a zero-byte record is received with an
invalid padding compared to a zero-byte record with an
invalid MAC. This can be used as the basis of a padding
oracle attack to decrypt data.
(openssl_1_0_2q.patch - CVE-2019-1559, bsc#1127080)
* http: (http-keep-alive.patch)
+ Backport server.keepAliveTimeout to prevent keep-alive
HTTP and HTTPS connections remaining open and inactive for
an extended period of time, leading to a potential
Denial of Service (DoS).
(CVE-2019-5739, bsc#1127533)
+ Further prevention of "Slowloris" attacks on HTTP and HTTPS
connections by consistently applying the receive timeout set
by server.headersTimeout to connections in keep-alive mode.
(CVE-2019-5737, bsc#1127532)
- nodejs.keyring: update keyring to today's list as per
https://github.com/nodejs/node
Comments 0