Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

nodejs12-12.21.0-4.13.2 RPM for x86_64

From OpenSuSE Leap 15.3 for x86_64

Name: nodejs12 Distribution: SUSE Linux Enterprise 15
Version: 12.21.0 Vendor: SUSE LLC <>
Release: 4.13.2 Build date: Thu Feb 25 11:56:20 2021
Group: Development/Languages/NodeJS Build host: goat12
Size: 29463713 Source RPM: nodejs12-12.21.0-4.13.2.src.rpm
Summary: Evented I/O for V8 JavaScript
Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js
uses an event-driven, non-blocking I/O model. Node.js has a package ecosystem
provided by npm.






* Tue Feb 23 2021
  - New upstream LTS version 12.21.0:
    * CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service
      by resource exhaustion (bsc#1182619)
    * CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620)
    * CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate
* Wed Feb 17 2021
  - New upstream LTS version 12.20.2:
    * deps: upgrade npm to 6.14.11
  - relax OpenSSL cipher suite policies for unit tests
* Mon Jan 04 2021
  - New upstream LTS version 12.20.1:
    * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS
      implementation. When writing to a TLS enabled socket,
      node::StreamBase::Write calls node::TLSWrap::DoWrite with
      a freshly allocated WriteWrap object as first argument.
      If the DoWrite method does not return an error, this object is
      passed back to the caller as part of a StreamWriteResult structure.
      This may be exploited to corrupt memory leading to a
      Denial of Service or potentially other exploits (bsc#1180553)
    * CVE-2020-8287: HTTP Request Smuggling allow two copies of a
      header field in a http request. For example, two Transfer-Encoding
      header fields. In this case Node.js identifies the first header
      field and ignores the second. This can lead to HTTP Request
      Smuggling (
    * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference
      (High) This is a vulnerability in OpenSSL which may be exploited
      through Node.js. (bsc#1179491)
  - versioned.patch, nodejs-libpath.patch: refreshed
* Mon Nov 30 2020
  - openssl_binary_detection.patch: fixes unit tests on SLE12
* Thu Nov 26 2020
  - New upstream LTS version 12.20.0:
    * deps:
      + update llhttp '2.1.2' -> '2.1.3'
      + update uv '1.39.0' -> '1.40.0'
      + update uvwasi '0.0.10' -> '0.0.11'
    * fs: add .ref() and .unref() methods to watcher classes
    * http: added scheduling option to http agent
    * module:
      + exports pattern support
      + named exports for CJS via static analysis
    * n-api: add more property defaults (gh#35214)
* Mon Nov 23 2020
  - Update Requires: so -devel requires npm
  - Rely on rpmbuild to define necessary python dependencies
* Thu Nov 19 2020
  - New upstream LTS version 12.19.1:
    * deps: Denial of Service through DNS request (High).
    A Node.js application that allows an attacker to trigger a DNS
    request for a host of their choice could trigger a Denial of Service
    by getting the application to resolve a DNS record with
    a larger number of responses (bsc#1178882, CVE-2020-8277)
* Fri Nov 13 2020
  - python3.patch: allows building of node with python3 toolchain
* Fri Oct 09 2020
  - fix_ci_tests.patch: add support to SUSE's ECDH backport errors
    in SLE's openssl
* Wed Oct 07 2020
  - New upstream LTS version 12.19.0:
    * crypto: add randomInt function
    * deps:
      + upgrade to libuv 1.39.0
      + deps: upgrade npm to 6.14.7
      + deps: upgrade to libuv 1.38.1
    * doc: deprecate process.umask() with no arguments
    * module:
      + package "imports" field
      + module: deprecate module.parent
    * n-api: create N-API version 7
    * zlib: switch to lazy init for zlib streams
  - fix_ci_tests.patch: refreshed
  - versioned.patch: refreshed
* Wed Sep 23 2020
  - New upstream LTS version 12.18.4:
    * deps:
      + update llhttp to 2.1.2 (bsc#1176605, CVE-2020-8201)
      + fs.realpath.native may cause buffer overflow
      (bsc#1176589, CVE-2020-8252)
  - fix_ci_tests.patch: re-add missing debug symbol removal before
    running unit tests
* Mon Aug 10 2020
  - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation
    on Aarch64 with gcc10 (bsc#1172686)
* Mon Aug 03 2020
  - New upstream LTS version 12.18.3:
    * upgrade npm to 6.14.6 (claudiahdz) #34246
      Fixes information leak through log files (bsc#1173937, CVE-2020-15095)
    * update node-inspect to v2.0.0 (Jan Krems) #33447
    * uvwasi: cherry-pick 9e75217 (Colin Ihrig) #33521
  - fix_ci_tests.patch: refreshed
  - versioned.patch: refreshed
* Tue Jul 28 2020
  - avoid rpmbuild warnings on if/else/endif constructs
* Thu Jul 02 2020
  - New upstream LTS version 12.18.2:
    * deps: V8: backport fb26d0bb1835 (Matheus Marchini) #33573
      + Fixes memory leak in PrototypeUsers::Add
    * src: use symbol to store AsyncWrap resource (Anna Henningsen) #31745
      + Fixes reported memory leak (bsc#1173653)
* Thu Jun 18 2020
  - New upstream LTS version 12.18.1:
    + deps:
    * V8: cherry-pick 548f6c81d424 (Dominykas Blyžė) #33484
    * update to uvwasi 0.0.9 (Colin Ihrig) #33445
    * upgrade to libuv 1.38.0 (Colin Ihrig) #33446
    * upgrade npm to 6.14.5 (Ruy Adorno) #33239
  - skip_no_console.patch: refreshed and mostly upstreamed
  - versioned.patch: refreshed
* Tue Jun 09 2020
  - Add Require for nodejs12 when intalling npm12. (bsc#1172728)
* Thu Jun 04 2020
  - New upstream LTS version 12.18.0:
    * napi: fix various types of memory corruption in napi_get_value_string_*()
      (CVE-2020-8174, bsc#1172443)
    * http2: fix HTTP/2 Large Settings Frame DoS
      (CVE-2020-11080, bsc#1172442)
    * TLS session reuse can lead to host certificate verification bypass
      (CVE-2020-8172, bsc#1172441)
  - use system ICU on SLE-15
* Wed May 27 2020
  - Update to LTS release 12.17.0:
    * async-hooks: introduce async-storage API
    * cli: Added a --trace-sigint CLI flag that will print the current
    execution stack on SIGINT #29207.
    * crypto: Various crypto APIs now support Diffie-Hellman secrets
    * dns: Added the dns.ALL flag, that can be passed to dns.lookup()
      with dns.V4MAPPED to return resolved IPv6 addresses as well as
      IPv4 mapped IPv6 addresses #32183.
    * events: It is now possible to monitor 'error' events on an EventEmitter
      without consuming the emitted error by installing a listener
      using the symbol EventEmitter.errorMonitor
    * http,https: The default value of server.headersTimeout for
      http and https servers was increased from 40000 to 60000ms
    * process: It is now possible to monitor 'uncaughtException'
      events without overriding the default behavior
    * repl:
      + Added REPL substring-based search
      + Added preview
      + Added reverse-i-search
    * module: Added a new experimental API to interact with
      Source Map V3 data #31132.
    * worker: Added support for passing a transferList along
      with workerData to the Worker constructor #32278.
    For further information, please see
  - icu-v67.patch: upstreamed
  - skip_no_console.patch, versioned.patch: refreshed
* Wed May 13 2020
  - Add icu-v67.patch to fix build with icu v67
* Mon May 04 2020
  - Reduce Requires to Recommends on nodejs12-devel when installing npm12
* Tue Apr 28 2020
  - Update to LTS release 12.16.3:
    * deps:
      + Updated OpenSSL to 1.1.1g
      + Updated c-ares to 1.16.0
      + Updated experimental uvwasi to 0.0.6
    * ESM (experimental): Additional warnings are no longer printed
      for modules that use conditional exports or package name self resolution
  - fix_ci_tests.patch: refreshed
* Mon Apr 27 2020
  - Update to LTS release 12.16.2:
    * deps:
      + upgrade npm to 6.13.6 (bsc#1166916, CVE-2020-7598)
      + update openssl to 1.1.1e
  - openssl_rand_regression.patch, wasi_compile_flags.patch: upstreamed
  - versioned.patch, fix_ci_tests.patch: refreshed
  - linker_lto_jobs.patch: serialize linker during build
* Mon Mar 02 2020
  - openssl_rand_regression.patch: Add getrandom syscall definition
    for all Linux platforms. This fixes a runtime error in SLE-12
* Wed Feb 19 2020
  - Update to LTS release 12.16.1:
    * Reverted regressions from 12.16.0
      + accidental unflagging of self resolving modules - it now requires
    - -experimental-modules flag to enable.
      + process cleanup changes introduced WASM-Related assertion
      + use of largepages runtime option introduced linking failure
      + async_hooks was causing an exception when handling errors
      + enumerable Read-Only property on EventEmitter breaks @types/extend
      + exceptions in the HTTP parser were not emitting as an uncaughtException
* Wed Feb 12 2020
  - Update to LTS release 12.16.0:
    * assert: add experimental assert.match() and assert.doesNotMatch()
      methods. These allow matching vs. provided regular expressions.
    * child_process, cluster: now support serialization option to
      allow for custom serialization mechanism for IPC.
    * cli: add --trace-edit and --trance-uncaught flags
    * crypto:
      + added support for 'ieee-p1363' signature type for DSA and ECDSA
      in addition to DER
      + Added Hash.prototype.copy making it possibly to clone internal
      state of Hash object. This allows digest computation between
    * deps:
      + libuv was updated to 1.34.0
      + V8 was updated to - for official changes, see
    * events:
      + add EventEmitter.on to async iterate over events
      + allow monitoring error events via EventEmitter.errorMonitor
      + add experimental method to captureRejections for async handlers
    * perf_hooks: now considered stable API
    * wasi: Add new core module for WebAssebly System Interface as
      an experimental feature.
  - wasi_compile_flags.patch: fix header inclusions in uvwasi dependency
* Fri Feb 07 2020
  - Update to LTS release 12.15.0:
    * fixes a remotely triggerable assertion on a TLS server via a
      crafted certificate string (CVE-2019-15604, bsc#1163104)
    * fixes an HTTP request smuggling vulnerability via malformed
      Transfer-Encoding header (CVE-2019-15605, bsc#1163102)
    * trim HTTP header values of optional white space
      (CVE-2019-15606, bsc#1163103)
    * enabled stricter HTTP header parsing by default.
  - fix_ci_tests.patch: refreshed
* Thu Jan 09 2020
  - Update to LTS release 12.14.1:
    * crypto: fix key requirements in asymmetric cipher
    * deps:
      + update llhttp to 2.0.1
      + update nghttp2 to 1.40.0
    * v8: mark serdes API as stable
  - nodejs-libpath.patch: refreshed
* Tue Jan 07 2020
  - Really disable LTO when required (nodejs < 12)
* Thu Dec 19 2019
  - Update to LTS release 12.14.0:
    * deps: update npm to 6.13.4 fixing an arbitrary path overwrite
      and access via "bin" field (bsc#1159352, CVE-2019-16777,
      CVE-2019-16776, CVE-2019-16775)
  - refreshed: fix_ci_tests.patch versioned.patch
* Tue Nov 19 2019
  - Update to LTS release 12.13.1:
    * improved experimental support for building Node.js with Python3
    * ICU time zone data is updated to version 2019c - fixing TZ
      offset for Brazil
    * deps:
      + upgrade to libuv 1.33.1
      + upgrade npm to 6.12.1
* Tue Nov 05 2019
  - skip_no_console.patch: skip tests with dumb console
  - versioned.patch: fix symlinks
* Mon Oct 21 2019
  - Update to LTS release 12.13.0 (jsc#SLE-8947):
    * deps: update npm to 6.12.0
    * doc:
      + fix --enable-source-maps flag in v12.12.0 changelog
      + set module version 72 to node 12
      + fix tls version values
    * fs: do not emit 'finish' before 'open' on write empty file
  - versioned.patch: refreshed
* Mon Oct 14 2019
  - Update to 12.12.0:
    * depreciations: Add documentation-only deprecation for
    * esm: Using JSON modules is experimental again
    * fs: Introduce opendir() and fs.Dir to iterate through directories
    * process: Add source-map support to stack traces by using
    - -enable-source-maps
    * tls:
      + Honor pauseOnConnect option
      + Add option for private keys for OpenSSL engines
  - fix_build_with_openssl_1.1.1d.patch: upstreamed
* Mon Oct 14 2019
  - Update to 12.11.1:
    * build: fixed building
    * deps: Updated small-icu data to support "unit" style in the
      Intl.NumberFormat API
  - Remove unsupported 32-bit architectures
  - fix_ci_tests.patch: correct build with SUSE backport of KDF
    patches to OpenSSL 1.1.1d
* Thu Sep 26 2019
  - Update to 12.11.0:
    * crypto: Add oaepLabel option
    * deps: updated V8 to
      + More efficient memory handling
      + Stack trace serialization got faster
      + The Intl.NumberFormat - API gained new functionality
      +  more information:
    * events: Add support for EventTarget in once
    * fs: Expose memory file mapping flag UV_FS_O_FILEMAP
    * inspector: New API - Session.connectToMainThread
    * process: Initial SourceMap support via env.NODE_V8_COVERAGE
    * stream: Make _write() optional when _writev() is implemented
    * tls: Add option to override signature algorithms
    * util: Add encodeInto to TextEncoder
    * worker: The worker_thread module is now stable
  - versioned.patch: refreshed
* Wed Sep 18 2019
  - Fix build with OpenSSL 1.1.1d (bsc#1149792)
    * add fix_build_with_openssl_1.1.1d.patch
* Fri Sep 06 2019
  - Update to 12.10.0:
    * deps:
      + update npm to 6.10.3
    * fs:
      + Add recursive option to rmdir()
      + Allow passing true to emitClose option
      + Add *timeNs properties to BigInt Stats objects
    * net:
      + Allow reading data into a static buffer
  - versioned.patch: refreshed
* Mon Aug 26 2019
  - Update to 12.9.0:
    * crypto: Added an oaepHash option to asymmetric encryption which
      allows users to specify a hash function when using OAEP padding
    * deps: Updated V8 to 7.6.303.29
      + Improves the performance of various APIs such as JSON.parse
      and methods called on frozen arrays.
      + Adds the Promise.allSettled method.
      + Improves support of BigInt in Intl methods.
      + For more information:
    * fs: Added fs.writev, fs.writevSync and filehandle.writev
      (promise version) methods.
    * http: Added three properties to OutgoingMessage.prototype:
      writableObjectMode, writableLength and writableHighWaterMark
    * stream:
      + Added an new property 'readableEnded' to readable streams.
      + Added an new property 'writableEnded' to writable streams.
  - fix_ci_tests.patch: refreshed
* Fri Aug 16 2019
  - Update to 12.8.1:
    Security update regarding HTTP/2 Denial of Service vulnerabilities
    For details see,
    (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,
    bsc#1146091, bsc#1146099, bsc#1146094, bsc#1146095,
    CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518,
    bsc#1146100, bsc#1146090, bsc#1146097, bsc#1146093)
* Fri Aug 16 2019
  - Minimum ICU version is 64. Use in-tree ICU copy for older
* Mon Aug 12 2019
  - dont_return_garbage.patch: dropped and turn off unnecessary
    errors about it during compilation
* Fri Aug 09 2019
  - Update to 12.8.0:
    * crypto:
      + The outputLength option is added to crypto.createHash
      + The maxmem range is increased from 32 to 53 bits
    * n-api: Added APIs for per-instance state management
    * report: Network interfaces get included in the report
    * src: v8.getHeapCodeStatistics() is now exported
* Wed Jul 24 2019
  - Update to 12.7.0:
    * deps:
      + Updated nghttp2 to 1.39.1
      + Updated npm to 6.10.0 (bsc#1140290, CVE-2019-13173)
    * esm: Implemented experimental "pkg-exports" proposal.
    * http:
      + Added response.writableFinished
      + Exposed headers, rawHeaders and other fields on an
      http.ClientRequest "information" event
    * inspector: Added inspector.waitForDebugger()
    * policy: Added --policy-integrity=sri CLI option to mitigate
      policy tampering
    * readline,tty: Exposed stream API
    * src: Use cgroups to get memory limits.
  - Changes in version 12.6.0:
    * child_process: The promisified versions of child_process.exec
      and child_process.execFile now both return a Promise which
      has the child instance attached to their child property
    * deps: Updated libuv to 1.30.1
    * process: A new method, process.resourceUsage() was added
    * stream: Added a writableFinished property to writable streams.
    * worker: Fixed an issue that prevented worker threads to listen
      for data on stdin
  - Changes in version 12.5.0:
    * build: Improve startup time by enabling V8 snapshots by default
    * deps: Updated V8 to
    * inspector: The --inspect-publish-uid flag was added to specify
      ways of the inspector web socket url exposure
    * n-api: Accessors on napi_define_* are now ECMAScript-compliant
    * report: The cpu info got added to the report output
    * src: Restore the original state of the stdio file descriptors
      on exit to prevent leaving stdio in raw or non-blocking mode
    * worker: worker.terminate() now returns a promise
  - refreshed patches: dont_return_garbage.patch, fix_ci_tests.patch,
    nodejs-libpath.patch, versioned.patch
* Tue Jun 11 2019
  - Update to 12.4.0:
    * esm: JSON module support is always enabled under
    - -experimental-modules. The --experimental-json-modules flag
      has been removed
    * http, http2: A new flag has been added for overriding
      the default HTTP server socket timeout (which is two minutes).
      Pass --http-server-default-timeout=milliseconds or
    - -http-server-default-timeout=0 to respectively change or
      disable the timeout. Starting with Node.js 13.0.0,
      the timeout will be disabled by default
    * inspector: Added an experimental --heap-prof flag to start
      the V8 heap profiler on startup and write the heap
      profile to disk before exit
    * stream: The readable.unshift() method now correctly converts
      strings to buffers. Additionally, a new optional argument is
      accepted to specify the string's encoding, such as 'utf8' or 'ascii'
    * v8: The object returned by v8.getHeapStatistics() has two
      new properties: number_of_native_contexts and number_of_detached_contexts
  - nodejs-libpath.patch: install npx into proper directory
  - versioned.patch, fix_ci_tests.patch: refreshed
* Wed May 29 2019
  - Update to 12.3.1:
    * deps:
      + Fix handling of +0/-0 when constant field tracking is enabled
      + Fix os.freemem() and os.totalmem correctness
  - changes in 12.3.0:
    * esm: Added the --experimental-wasm-modules flag to support
      WebAssembly modules
    * process: Log errors using util.inspect in case of fatal exceptions
    * repl: Add process.on('uncaughtException') support
    * stream: Implemented Readable.from async iterator utility
    * tls:
      + Expose built-in root certificates
      + Support net.Server options
      + Expose keylog event on TLSSocket
    * worker: Added the ability to unshift messages from the MessagePort
  - changes in 12.2.0:
    * deps: Updated llhttp to 1.1.3. This fixes a bug that made
      Node.js' HTTP parser refuse any request URL that contained
      the "|" (vertical bar) character
    * tls: Added an enableTrace() method to TLSSocket and an enableTrace
      option to tls.createServer(). When enabled, TSL packet trace
      information is written to stderr. This can be used to debug
      TLS connection problems
    * cli:
      + Added --trace-tls enables tracing of TLS connections
      + Added --cpu-prof-interval
    * module:
      + Added the createRequire() method. The existing
      createRequireFromPath() method is now deprecated
      + Throw on require('./path.mjs')
    * repl:
      + The REPL now supports multi-line statements using BigInt literals
  - enable LTO
  - fix_ci_tests.patch: refreshed
* Fri May 03 2019
  - Update to 12.1.0:
    * intl: Update ICU to 64.2.
    * c++ API: Added an overload EmitAsyncDestroy that can be used
      during garbage collection
  - Notable changes in 12.0.0:
    * assert:
      + validate required arguments
      + adjust loose assertions
    * async_hooks:
      + remove deprecated emitBefore and emitAfter
      + remove promise object from resource
    * bootstrap: make Buffer and process non-enumerable
    * buffer:
      + use stricter range checks
      + harden SlowBuffer creation
      + harden validation of buffer allocation size
      + do proper error propagation in addon methods
    * child_process:
      + remove options.customFds
      + harden fork arguments validation
      + use non-infinite maxBuffer defaults
    * console: don't use ANSI escape codes when TERM=dumb
    * crypto:
      + remove legacy native handles
      + decode missing passphrase errors
      + remove Cipher.setAuthTag() and Decipher.getAuthTag()
      + remove deprecated crypto._toBuf()
      + set DEFAULT_ENCODING property to non-enumerable
    * deps:
      + update V8 to
      + bump minimum icu version to 63
      + update bundled OpenSSL to 1.1.1b and bump minimum OpenSSL
      requirements to 1.1.1
    * errors: update error name
    * fs:
      + use proper .destroy() implementation for SyncWriteStream
      + improve mode validation
      + harden validation of start option in createWriteStream()
      + make writeFile consistent with readFile wrt fd
    * http:
      + validate timeout in ClientRequest()
      + return HTTP 431 on HPE_HEADER_OVERFLOW error
      + switch default parser to llhttp
      + Runtime-deprecate outgoingMessage._headers and
    * lib:
      + remove Atomics.wake()
      + move DTRACE_* probes out of global scope
      + deprecate _stream_wrap
      + use ES6 class inheritance style
    * module:
      + remove unintended access to deps
      + improve error message for MODULE_NOT_FOUND
      + requireStack property for MODULE_NOT_FOUND
      + make require('.') never resolve outside the current directory
      + throw an error for invalid package.json main entries
      + don't search in require.resolve.paths
    * net:
      + remove Server.listenFD()
      + do not add .host and .port properties to DNS error
      + emit "write after end" errors in the next tick
      + deprecate _setSimultaneousAccepts() undocumented function
    * os:
      + implement os.type() using uv_os_uname()
      + remove os.getNetworkInterfaces()
    * process:
      + make global.process, global.Buffer getters
      + DEP0062 (node --debug) to end-of-life
      + exit on --debug and --debug-brk after option parsing
      + improve --redirect-warnings handling
    * readline: support TERM=dumb
    * repl:
      + add welcome message
      + fix terminal default setting
      + check colors with .getColorDepth()
      + deprecate REPLServer.rli
    * src:
      + update NODE_MODULE_VERSION to 72
      + remove AddPromiseHook()
      + remove icuDataDir from node config
      + clean up MultiIsolatePlatform interface
    * tls:
      + support TLSv1.3
      + return correct version from getCipher()
      + check arg types of renegotiate()
      + emit a warning when servername is an IP address
      + disable TLS v1.0 and v1.1 by default
      + remove unused arg to createSecureContext()
      + deprecate Server.prototype.setOptions()
      + load NODE_EXTRA_CA_CERTS at startup
    * util:
      + remove util.print(), util.puts(), util.debug() and util.error()
      + change inspect compact and breakLength default
      + improve inspect edge cases
      + only the first line of the error message
      + don't set the prototype of callbackified functions
      + rename callbackified function
      + increase function length when using callbackify()
      + prevent tampering with internals in inspect()
      + prevent Proxy traps being triggered by .inspect()
      + prevent leaking internal properties
      + protect against monkeypatched Object prototype for inspect()
      + treat format arguments equally
    * zlib:
      + throw TypeError if callback is missing
      + make “bare” constants un-enumerable
    For detailed changelog, see
* Sun Apr 07 2019
  - Add _constraints file to avoid OOM errors
* Wed Feb 13 2019
  - NodeJS 12.x branch created



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Aug 9 16:10:54 2022