File nodejs4.changes of Package nodejs4.4157
-------------------------------------------------------------------
Fri Feb 3 12:30:12 UTC 2017 - adam.majer@suse.de
- New upstream LTS release 4.7.3
* deps: upgrade openssl sources to 1.0.2k
(CVE-2017-3731, CVE-2017-3732, CVE-2016-7055,
bnc#1022085, bnc#1022086, bnc#1009528)
- No changes in LTS version 4.7.2
- Adjusted 8334.diff to be inline with accepted changes
- Merge nodejs4.changes from SLE and devel project
-------------------------------------------------------------------
Fri Jan 6 08:25:14 UTC 2017 - qantas94heavy@gmail.com
- Add basic check that Node.js loads successfully to spec file
-------------------------------------------------------------------
Wed Jan 4 02:59:22 UTC 2017 - qantas94heavy@gmail.com
- New upstream LTS release 4.7.1
* build: shared library support is now working for AIX builds
* repl: passing options to the repl will no longer overwrite
defaults
* timers: recanceling a cancelled timers will no longer throw
-------------------------------------------------------------------
Fri Dec 9 04:00:08 UTC 2016 - qantas94heavy@gmail.com
- New upstream LTS version 4.7.0
* build: introduce the configure --shared option for embedders
* debugger: make listen address configurable in debugger server
* dgram: generalized send queue to handle close, fixing a
potential throw when dgram socket is closed in the
listening event handler
* http: introduce the 451 status code "Unavailable For
Legal Reasons"
* gtest: the test reporter now outputs tap comments as yamlish
* tls: introduce secureContext for tls.connect (useful for
caching client certificates, key, and CA certificates)
* tls: fix memory leak when writing data to TLSWrap instance
during handshake
* src: node no longer aborts when c-ares initialization fails
- Modify 8334.diff:
* ported and updated system CA store for the new node crypto code
- Refresh nodejs-libpath.patch
-------------------------------------------------------------------
Thu Dec 1 02:48:44 UTC 2016 - qantas94heavy@gmail.com
- New upstream LTS version 4.6.2
* build:
+ It is now possible to build the documentation from the release tarball.
* buffer:
+ Buffer.alloc() will no longer incorrectly return a zero filled buffer
when an encoding is passed.
* deps:
+ Upgrade npm in LTS to 2.15.11.
* repl:
+ Enable tab completion for global properties.
* url:
+ url.format() will now encode all "#" in search.
-------------------------------------------------------------------
Wed Nov 23 09:00:40 UTC 2016 - adam.majer@suse.de
- Add missing conflicts to base package. It's not possible to have
concurrent nodejs installations.
-------------------------------------------------------------------
Fri Nov 18 11:59:06 UTC 2016 - adam.majer@suse.de
- Package unification across various branches of NodeJS. Package
for 4.x, 6.x and current (7.x) branches of NodeJS are now
handled via GitHub repository.
- remove support-arm64-build.patch: no longer required
- remove nodejs-libpath64.patch: obsolete
-------------------------------------------------------------------
Tue Nov 8 14:03:01 UTC 2016 - adam.majer@suse.de
- npm4 should provide versioned nodejs-npm and npm allowing
nodejs-packaging to continue to function properly in Leap 42.2
(bnc #1009011)
-------------------------------------------------------------------
Wed Oct 19 08:16:38 UTC 2016 - qantas94heavy@gmail.com
- New upstream LTS version 4.6.1
* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180
more information at https://c-ares.haxx.se/adv_20160929.html
(bnc #1007728)
-------------------------------------------------------------------
Tue Oct 4 14:25:04 UTC 2016 - adam.majer@suse.de
- npm4 now provides nodejs-npm to ease upgrades for Leap
-------------------------------------------------------------------
Thu Sep 29 08:52:25 UTC 2016 - adam.majer@suse.de
- enable usage of system certificate store on SLE11SP4 by
requiring openssl1 (boo#1000036)
- nodejs-libpath.patch:
* adapt patch from main nodejs project so it builds on SLE11
- New upstream LTS version 4.6.0
* openssl update (not applicable for SLE12SP2, Leap 42.2 and later)
+ upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178,
CVE-2016-6306, CVE-2016-7052)
+ remove support for dynamic 3rd party engine modules
* http: Properly validate for allowable characters in input
user data. This introduces a new case where throw may occur
when configuring HTTP responses, users should already
be adopting try/catch here. (CVE-2016-5325, bnc#985201)
* tls: properly validate wildcard certificates
(CVE-2016-7099, bnc#1001652)
* buffer: Zero-fill excess bytes in new Buffer objects created
with Buffer.concat()
-------------------------------------------------------------------
Fri Aug 26 10:37:38 UTC 2016 - adam.majer@suse.de
- New upstream LTS version 4.5.0 (bnc#997405)
* buffer:
+ backport new buffer constructor APIs to v4.x
+ backport --zero-fill-buffers cli option
+ ignore negative allocation lengths
* build
+ add Intel Vtune profiling support
* repl
+ copying tabs shouldn't trigger completion
* src
+ add node::FreeEnvironment public API
* test
+ run v8 tests from node tree
* V8
+ Add post mortem data to improve object inspection and
function's context variables inspection
* upgrade libuv to 1.9.1
* upgrade npm to 2.15.9
- 8334.diff
* use system CA store instead of one provided by Node
- Refresh patches
-------------------------------------------------------------------
Wed Aug 10 08:08:38 UTC 2016 - adam.majer@suse.de
- use system OpenSSL with Leap 42.2 and SLE12:SP2
- simplify source code integrity check
+ use GPG service instead of explicit BR
+ add empty checksum so GPG service is run - it's not detached signature
like it thinks it is.
-------------------------------------------------------------------
Mon Jul 4 08:02:22 UTC 2016 - adam.majer@suse.de
- rename patches to have a .patch suffix, for consistancy
- npm_search_paths.patch:
Change defaultPrefix to /usr/local if it is detected to be
/usr. This is in attempt to prevent globally installed npm-managed
packages from installing into the zypper managed prefix.
- refreshed patches support-arm64-build.patch
- use upstream .xz instead of .gz tarball
-------------------------------------------------------------------
Fri Jul 1 13:35:35 UTC 2016 - adam.majer@suse.de
- New upstream version 4.4.7
* debugger:
+ All properties of an array (aside from length) can now be printed
in the repl
* Upgrade npm to 2.15.8 (Rebecca Turner)
* Fix for a bug that became more prevalent with the stream changes
that landed in v4.4.5. (Anna Henningsen). 'reset awaitDrain after manual
.resume()'
* V8:
+ Fix for a bug in crankshaft that was causing crashes on arm64
(Myles Borins)
+ Add missing classes to postmortem info such as JSMap and JSSet
(evan.lucas)
- Add upstream release keyring
- Verify upstream sources during %prep
-------------------------------------------------------------------
Mon Jun 27 10:36:14 UTC 2016 - adam.majer@suse.de
- Use build flags to enable/disable gdb usage instead of
configure script. Easier to find and change in future.
- Fix paths, and have to fix lots of paths because they
are all more or less hardcoded relative paths.
- Renumber patches allowing upstream patches to be inserted
before our own.
-------------------------------------------------------------------
Fri Jun 24 15:55:35 UTC 2016 - adam.majer@suse.de
- New upstream version 4.4.6
+ fix buffer overflow vulnerability discovered in v8
(CVE-2016-1669)
-------------------------------------------------------------------
Thu Jun 16 15:06:11 UTC 2016 - adam.majer@suse.de
- Change detection of library paths from runtime to compile time.
nodejs-libpath.patch, nodejs-libpath64.patch
-------------------------------------------------------------------
Wed Jun 15 12:03:10 UTC 2016 - adam.majer@suse.de
- This package is in response to FATE#320396 and ECO#317945
and references bnc#958943
It's to be part of Web and Scripting Module
- Use build conditional for intree_openssl
- Fix permissions of some supplies javascript files - they are
not executables
- General cleanup of the package
-------------------------------------------------------------------
Wed Jun 15 11:18:13 UTC 2016 - adam.majer@suse.de
- Tighten dependencies so we don't end up with mixed versions
installed.
-------------------------------------------------------------------
Tue Jun 14 16:53:01 UTC 2016 - adam.majer@suse.de
- Dedup manpages
- Conflict with other providers of NodeJS packages. This is
important if we want to provide NodeJS v6.x branch along with
v4.x branch
-------------------------------------------------------------------
Mon Jun 6 08:44:43 UTC 2016 - adam.majer@suse.de
- 'New' package of 4.x LTS branch of NodeJS, based on v6.2.1
from Tumbleweed
- Fix search paths to actually look where modules are installed
