Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: nodejs20-devel | Distribution: openSUSE Tumbleweed |
Version: 20.15.1 | Vendor: openSUSE |
Release: 1.1 | Build date: Fri Jul 12 15:21:02 2024 |
Group: Development/Languages/NodeJS | Build host: reproducible |
Size: 1231480 | Source RPM: nodejs20-20.15.1-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://nodejs.org | |
Summary: Development headers for NodeJS 20.x |
This package provides development headers for Node.js needed for creation of binary modules.
MIT
* Fri Jul 12 2024 Adam Majer <adam.majer@suse.de> - Update to 20.15.1: * Bypass incomplete fix of CVE-2024-27980 (bsc#1227560, CVE-2024-36138) * Bypass network import restriction via data URL (bsc#1227554, CVE-2024-22020) * fs.lstat bypasses permission model (bsc#1227562, CVE-2024-22018) * fs.fchown/fchmod bypasses permission model (bsc#1227561, CVE-2024-36137) * Permission model improperly processes UNC paths (bsc#1227563, CVE-2024-37372) - Changes in 20.15.0: * test_runner: support test plans * inspector: introduce the --inspect-wait flag * zlib: expose zlib.crc32() * cli: allow running wasm in limited vmem with --disable-wasm-trap-handler - Changes in 20.14.0 * src,permission: throw async errors on async APIs * test_runner: support forced exit - fix_ci_tests.patch, npm_search_paths.patch: refreshed - skip_no_console.patch: dropped, upstreamed * Tue May 28 2024 Adam Majer <adam.majer@suse.de> - Update to 20.13.1: * buffer: improve base64 and base64url performance * crypto: deprecate implicitly shortened GCM tags * events,doc: mark CustomEvent as stable * fs: add stacktrace to fs/promises * report: add --report-exclude-network option * src: add uv_get_available_memory to report and process * stream: support typed arrays * util: support array of formats in util.styleText * v8: implement v8.queryObjects() for memory leak regression testing * watch: mark as stable - versioned.patch: refreshed - cares_sle12_capabilities.patch: SLES12 compatibility * Tue Apr 09 2024 Adam Majer <adam.majer@suse.de> - Update to 20.12.1: * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) (bsc#1222244) * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation- (Medium) (bsc#1222384) * updated dependencies: + llhttp version 9.2.1 + undici version 5.28.4 (bsc#1222530, bsc#1222603, CVE-2024-30260, CVE-2024-30261) - node-gyp-addon-gypi.patch: adapted for new unit test layouts - fix_ci_tests.patch: add benchmark fix * Tue Apr 02 2024 Adam Majer <adam.majer@suse.de> - Update to 20.12.0: * crypto: implement crypto.hash() * util: add loading and parsing environment variables * new connection attempt events: connectionAttempt, connectionAttemptFailed, connectionAttemptTimeout * sea: support embedding assets * support configurable snapshot through --build-snapshot-config flag * util.styleText(format, text): This function returns a formatted text considering the format passed. * vm: support using the default loader to handle dynamic import() - c-ares-fixes.patch: removed, upstreamed - nodejs-libpath.patch, versioned.patch: refreshed * Fri Feb 16 2024 Adam Majer <adam.majer@suse.de> - Update to 20.11.1: (security updates) * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High) * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High) * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High) * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) * undici version 5.28.3 (CVE-2024-24758, bsc#1220017) * libuv version 1.48.0 (CVE-2024-24806, bsc#1220053) * Mon Feb 12 2024 Adam Majer <adam.majer@suse.de> - update to 20.11.0: * esm: add import.meta.dirname and import.meta.filename * fs: add c++ fast path for writeFileSync utf8 * module: remove useCustomLoadersIfPresent flag * module: bootstrap module loaders in shadow realm * src: add --disable-warning option * src: create per isolate proxy env template * src: make process binding data weak * stream: use Array for Readable buffer * stream: optimize creation * test_runner: adds built in lcov reporter * test_runner: add Date to the supported mock APIs * test_runner, cli: add --test-timeout flag - c-ares-fixes.patch, fix_ci_tests.patch: refreshed * Mon Jan 29 2024 Adam Majer <adam.majer@suse.de> - fix_ci_tests.patch: disable test_crypto_fips for openssl 3.x, to be fixed soon (bsc#1219152) * Mon Jan 08 2024 Adam Majer <adam.majer@suse.de> - c-ares-fixes.patch: add additional backports for unit test fixes * Tue Jan 02 2024 Adam Majer <adam.majer@suse.de> - c-ares-fixes.patch: fixes unit tests for new c-ares * Thu Nov 23 2023 Adam Majer <adam.majer@suse.de> - 20.10.0 - Update to 20.10.0: * --experimental-default-type flag to flip module defaults * The new flag --experimental-detect-module can be used to automatically run ES modules when their syntax can be detected. * Added flush option in file system functions for fs.writeFile functions * Added experimental WebSocket client * vm: fix V8 compilation cache support for vm.Script. This fixes performance regression since v16.x when support for importModuleDynamically was added to vm.Script For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.10.0 - nodejs20-zlib-1.3.patch: upstreamed, removed - fix_ci_tests.patch, node-gyp-addon-gypi.patch: refreshed * Thu Nov 09 2023 Adam Majer <adam.majer@suse.de> - Update to 20.9.0: * No changes, just LTS transition * Fri Oct 27 2023 Adam Majer <adam.majer@suse.de> - fix_ci_tests.patch: adapt for openssl 3.1.4 * Tue Oct 24 2023 Dominique Leuenberger <dimstar@opensuse.org> - Add nodejs20-zlib-1.3.patch: Support zlib version with only major.minor versions, like zlib 1.3. * Mon Oct 16 2023 Adam Majer <adam.majer@suse.de> - 20.8.1 - Security fixes relase 20.8.1 * (CVE-2023-44487, bsc#1216190): nghttp2 Security Release * (CVE-2023-45143, bsc#1216205): undici Security Release * (CVE-2023-39332, bsc#1216271): Path traversal through path stored in Uint8Array * (CVE-2023-39331, bsc#1216270): Permission model improperly protects against path traversal * (CVE-2023-38552, bsc#1216272): Integrity checks according to policies can be circumvented * (CVE-2023-39333, bsc#1216273): Code injection via WebAssembly export names - fix_ci_tests.patch: refreshed * Thu Oct 05 2023 Adam Majer <adam.majer@suse.de> - 20.8.0 - Update to 20.8.0: * Stream performance improvements * Rework of memory management in vm APIs with the importModuleDynamically option * test_runner: + accept testOnly in run + add junit reporter - fix_ci_tests.patch: refreshed * Tue Sep 19 2023 Adam Majer <adam.majer@suse.de> - 20.7.0 - Update to 20.7.0: * src: support multiple --env-file declarations * deps: upgrade npm to 10.1.0 * doc: move and rename loaders section * lib: add api to detect whether source-maps are enabled * src,permission: add multiple allow-fs-* flags * test_runner: expose location of tests - z13.patch: upstreamed * Mon Sep 18 2023 Adam Majer <adam.majer@suse.de> - Update to 20.6.1: * f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: removed, upstreamed * Fri Sep 08 2023 Adam Majer <adam.majer@suse.de> - f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: fixes issues with Angular and other software that tries to load ECM modules in somewhat circular fashion ending up with multiple executions. * Tue Sep 05 2023 Adam Majer <adam.majer@suse.de> - 20.6.0 - Update to 20.6.0: * add support for .env files to configure envrionment variables * import.meta.resolve unflagged * deps: npm updated to 9.8.1 - nodejs.keyring: updated to include current upstream releasers * Fri Aug 25 2023 Adam Majer <adam.majer@suse.de> - Temporarily bundle ICU for SLE15 SP6 (jsc#PED-4819) * Thu Aug 10 2023 Adam Majer <adam.majer@suse.de> - Update to version 20.5.1: * (CVE-2023-32002, bsc#1214150): Policies can be bypassed via Module._load (High) * (CVE-2023-32558, bsc#1214155): process.binding() can bypass the permission model through path traversal (High) * (CVE-2023-32004, bsc#1214152): Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High) * (CVE-2023-32006, bsc#1214156): Policies can be bypassed by module.constructor.createRequire (Medium) * (CVE-2023-32559, bsc#1214154): Policies can be bypassed via process.binding (Medium) * (CVE-2023-32005, bsc#1214153): fs.statfs can bypass the permission model (Low) * (CVE-2023-32003, bsc#1214151): fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low) - Changes in 20.5.0: * events: allow safely adding listener to abortSignal * fs: add a fast-path for readFileSync utf-8 * test_runner: add shards support - Changes in 20.4.0: * tls: add ALPNCallback server option for dynamic ALPN negotiation * adds support for ECMAScript Explicit Resource Management * adds Mock Timer support to test module For details see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.5.1 versioned.patch: refreshed * Wed Jun 21 2023 Adam Majer <adam.majer@suse.de> - Update to version 20.3.1 (security fixes only). The following CVEs are fixed in this release: * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass Experimental Policy Mechanism (High) * (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in Experimental Permission Model (High) * (CVE-2023-30587, bsc#1212576): Bypass of Experimental Permission Model via Node.js Inspector (High) * (CVE-2023-30582, bsc#1212577): Inadequate Permission Model Allows Unauthorized File Watching (Medium) * (CVE-2023-30583, bsc#1212578): Bypass of Experimental Permission Model via fs.openAsBlob() (Medium) * (CVE-2023-30585, bsc#1212579): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * (CVE-2023-30586, bsc#1212580): Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium) * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid Public Key information in x509 certificates (Medium) * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via Empty headers separated by CR (Medium) * (CVE-2023-30590, bsc#1212583): DiffieHellman does not generate keys after setting a private key (Medium) * Thu Jun 15 2023 Adam Majer <adam.majer@suse.de> - Update to version 20.3.0: * deps: upgrade to libuv 1.45.0, including significant performance improvements to file system operations on Linux * module: change default resolver to not throw on unknown scheme * stream: deprecate asIndexedPairs - versioned.patch, fix_ci_tests.patch: refreshed - openssl3_1-adapt_tests.patch: upstreamed and removed For details see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.3.0 * Mon May 22 2023 Adam Majer <adam.majer@suse.de> - Fix build on SLE12SP5 * Fri May 19 2023 Adam Majer <adam.majer@suse.de> - Update to version 20.2.0: * http: prevent writing to the body when not allowed by HTTP spec * sea: add option to disable the experimental SEA warning * test_runner: add skip, todo, and only shorthands to test * url: add value argument to URLSearchParams has and delete methods For details see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.2.0 * Mon May 15 2023 Adam Majer <adam.majer@suse.de> - fix_ci_tests.patch: increase default timeout on unit tests to 20min from 2min. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) * Fri May 12 2023 Adam Majer <adam.majer@suse.de> - z13.patch: fixes illegal instruction error on z13 and older s390 * Wed May 10 2023 Otto Hollmann <otto.hollmann@suse.com> - Adapt tests for OpenSSL 3.1 [bsc#1209430] * Add openssl3_1-adapt_tests.patch * Thu May 04 2023 Adam Majer <adam.majer@suse.de> - 20.1.0 - Update to version 20.1.0 assert: deprecate CallTracker dns: expose getDefaultResultOrder doc: add KhafraDev to collaborators fs: add recursive option to readdir and opendir fs: add support for mode flag to specify the copy behavior of the cp methods http: add highWaterMark option http.createServer stream: preserve object mode in compose test_runner: add testNamePatterns to run API test_runner: execute before hook on test test_runner: support combining coverage reports wasi: make returnOnExit true by default * Wed Apr 19 2023 Adam Majer <adam.majer@suse.de> - 20.0.0 - Package new version 20.0.0 For overview of changes and details since 19.x and earlier see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.0.0 - imported the following patches from prior patches: + cares_public_headers.patch + fix_ci_tests.patch + flaky_test_rerun.patch + legacy_python.patch + linker_lto_jobs.patch + manual_configure.patch + node-gyp-addon-gypi.patch + node-gyp-config.patch + nodejs-libpath.patch + npm_search_paths.patch + openssl_binary_detection.patch + qemu_timeouts_arches.patch + skip_no_console.patch + sle12_python3_compat.patch + test-skip-y2038-on-32bit-time_t.patch + versioned.patch
/usr/include/node20 /usr/include/node20/common.gypi /usr/include/node20/config.gypi /usr/include/node20/cppgc /usr/include/node20/cppgc/allocation.h /usr/include/node20/cppgc/common.h /usr/include/node20/cppgc/cross-thread-persistent.h /usr/include/node20/cppgc/custom-space.h /usr/include/node20/cppgc/default-platform.h /usr/include/node20/cppgc/ephemeron-pair.h /usr/include/node20/cppgc/explicit-management.h /usr/include/node20/cppgc/garbage-collected.h /usr/include/node20/cppgc/heap-consistency.h /usr/include/node20/cppgc/heap-handle.h /usr/include/node20/cppgc/heap-state.h /usr/include/node20/cppgc/heap-statistics.h /usr/include/node20/cppgc/heap.h /usr/include/node20/cppgc/internal /usr/include/node20/cppgc/internal/api-constants.h /usr/include/node20/cppgc/internal/atomic-entry-flag.h /usr/include/node20/cppgc/internal/base-page-handle.h /usr/include/node20/cppgc/internal/caged-heap-local-data.h /usr/include/node20/cppgc/internal/caged-heap.h /usr/include/node20/cppgc/internal/compiler-specific.h /usr/include/node20/cppgc/internal/finalizer-trait.h /usr/include/node20/cppgc/internal/gc-info.h /usr/include/node20/cppgc/internal/logging.h /usr/include/node20/cppgc/internal/member-storage.h /usr/include/node20/cppgc/internal/name-trait.h /usr/include/node20/cppgc/internal/persistent-node.h /usr/include/node20/cppgc/internal/pointer-policies.h /usr/include/node20/cppgc/internal/write-barrier.h /usr/include/node20/cppgc/liveness-broker.h /usr/include/node20/cppgc/macros.h /usr/include/node20/cppgc/member.h /usr/include/node20/cppgc/name-provider.h /usr/include/node20/cppgc/object-size-trait.h /usr/include/node20/cppgc/persistent.h /usr/include/node20/cppgc/platform.h /usr/include/node20/cppgc/prefinalizer.h /usr/include/node20/cppgc/process-heap-statistics.h /usr/include/node20/cppgc/sentinel-pointer.h /usr/include/node20/cppgc/source-location.h /usr/include/node20/cppgc/testing.h /usr/include/node20/cppgc/trace-trait.h /usr/include/node20/cppgc/type-traits.h /usr/include/node20/cppgc/visitor.h /usr/include/node20/js_native_api.h /usr/include/node20/js_native_api_types.h /usr/include/node20/libplatform /usr/include/node20/libplatform/libplatform-export.h /usr/include/node20/libplatform/libplatform.h /usr/include/node20/libplatform/v8-tracing.h /usr/include/node20/node.h /usr/include/node20/node_api.h /usr/include/node20/node_api_types.h /usr/include/node20/node_buffer.h /usr/include/node20/node_object_wrap.h /usr/include/node20/node_version.h /usr/include/node20/uv /usr/include/node20/uv.h /usr/include/node20/uv/aix.h /usr/include/node20/uv/bsd.h /usr/include/node20/uv/darwin.h /usr/include/node20/uv/errno.h /usr/include/node20/uv/linux.h /usr/include/node20/uv/os390.h /usr/include/node20/uv/posix.h /usr/include/node20/uv/sunos.h /usr/include/node20/uv/threadpool.h /usr/include/node20/uv/tree.h /usr/include/node20/uv/unix.h /usr/include/node20/uv/version.h /usr/include/node20/uv/win.h /usr/include/node20/v8-array-buffer.h /usr/include/node20/v8-callbacks.h /usr/include/node20/v8-container.h /usr/include/node20/v8-context.h /usr/include/node20/v8-cppgc.h /usr/include/node20/v8-data.h /usr/include/node20/v8-date.h /usr/include/node20/v8-debug.h /usr/include/node20/v8-embedder-heap.h /usr/include/node20/v8-embedder-state-scope.h /usr/include/node20/v8-exception.h /usr/include/node20/v8-extension.h /usr/include/node20/v8-external.h /usr/include/node20/v8-forward.h /usr/include/node20/v8-function-callback.h /usr/include/node20/v8-function.h /usr/include/node20/v8-initialization.h /usr/include/node20/v8-internal.h /usr/include/node20/v8-isolate.h /usr/include/node20/v8-json.h /usr/include/node20/v8-local-handle.h /usr/include/node20/v8-locker.h /usr/include/node20/v8-maybe.h /usr/include/node20/v8-memory-span.h /usr/include/node20/v8-message.h /usr/include/node20/v8-microtask-queue.h /usr/include/node20/v8-microtask.h /usr/include/node20/v8-object.h /usr/include/node20/v8-persistent-handle.h /usr/include/node20/v8-platform.h /usr/include/node20/v8-primitive-object.h /usr/include/node20/v8-primitive.h /usr/include/node20/v8-profiler.h /usr/include/node20/v8-promise.h /usr/include/node20/v8-proxy.h /usr/include/node20/v8-regexp.h /usr/include/node20/v8-script.h /usr/include/node20/v8-snapshot.h /usr/include/node20/v8-statistics.h /usr/include/node20/v8-template.h /usr/include/node20/v8-traced-handle.h /usr/include/node20/v8-typed-array.h /usr/include/node20/v8-unwinder.h /usr/include/node20/v8-value-serializer.h /usr/include/node20/v8-value.h /usr/include/node20/v8-version.h /usr/include/node20/v8-wasm.h /usr/include/node20/v8-weak-callback-info.h /usr/include/node20/v8.h /usr/include/node20/v8config.h
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 18 00:12:25 2024