Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nodejs16 for openSUSE:Factory checked in at 2022-09-29 18:12:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nodejs16 (Old) and /work/SRC/openSUSE:Factory/.nodejs16.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs16" Thu Sep 29 18:12:52 2022 rev:24 rq:1006690 version:16.17.1 Changes: -------- --- /work/SRC/openSUSE:Factory/nodejs16/nodejs16.changes 2022-08-26 09:08:01.097367839 +0200 +++ /work/SRC/openSUSE:Factory/.nodejs16.new.2275/nodejs16.changes 2022-09-29 18:13:08.731230450 +0200 @@ -1,0 +2,17 @@ +Mon Sep 26 14:20:03 UTC 2022 - Adam Majer <[email protected]> + +- Update to Nodejs 16.17.1: + * deps: llhttp updated to 6.0.9 + + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + + Incorrect Parsing of Multi-line Transfer-Encoding + (CVE-2022-32215, bsc#1201327) + + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832) + * crypto: fix weak randomness in WebCrypto keygen + (CVE-2022-35255, bsc#1203831) + +------------------------------------------------------------------- +Sat Sep 17 10:35:31 UTC 2022 - Bruno Pitrus <[email protected]> + +- Skip test-fs-utimes-y2K38.js on armv6hl as well as armv7hl. + +------------------------------------------------------------------- @@ -11 +28 @@ -- Update to LTS version 16.16.0: +- Update to LTS version 16.17.0: Old: ---- node-v16.17.0.tar.xz New: ---- node-v16.17.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nodejs16.spec ++++++ --- /var/tmp/diff_new_pack.AmsHfw/_old 2022-09-29 18:13:09.471231895 +0200 +++ /var/tmp/diff_new_pack.AmsHfw/_new 2022-09-29 18:13:09.479231910 +0200 @@ -21,7 +21,7 @@ %endif Name: nodejs16 -Version: 16.17.0 +Version: 16.17.1 Release: 0 # Double DWZ memory limits @@ -157,7 +157,6 @@ Patch301: undici_5.8.1.patch Patch302: undici_5.8.2.patch - BuildRequires: fdupes BuildRequires: pkg-config BuildRequires: procps @@ -356,14 +355,14 @@ BuildRequires: pkgconfig(libbrotlidec) %endif -Provides: bundled(llhttp) = 6.0.7 +Provides: bundled(llhttp) = 6.0.9 Provides: bundled(ngtcp2) = 0.1.0-DEV Provides: bundled(node-acorn) = 8.7.0 Provides: bundled(node-acorn-walk) = 8.2.0 Provides: bundled(node-cjs-module-lexer) = 1.2.2 Provides: bundled(node-corepack) = 0.12.1 -Provides: bundled(node-undici) = 5.8.0 +Provides: bundled(node-undici) = 5.8.2 %description Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js @@ -877,22 +876,36 @@ # Tarball doesn't have eslint package distributed, so disable some tests find test -name \*-eslint-\* -print -delete # No documentation is generated, don't bother checking it -rm -f test/doctool/test-make-doc.js +# rm test/doctool/test-make-doc.js # DNS lookup doesn't work in build root -rm -f test/parallel/test-dns-cancel-reverse-lookup.js \ +rm test/parallel/test-dns-cancel-reverse-lookup.js \ test/parallel/test-dns-resolveany.js # multicast test fail since no socket? -rm -f test/parallel/test-dgram-membership.js +rm test/parallel/test-dgram-membership.js + +%if %{node_version_number} >= 18 +# OBS broken /etc/hosts -- https://github.com/openSUSE/open-build-service/issues/13104 +rm test/parallel/test-net-socket-connect-without-cb.js test/parallel/test-tcp-wrap-listen.js +%endif + %if 0%{?fedora_version} # test/parallel/test-crypto-certificate.js requires OPENSSL_ENABLE_MD5_VERIFY=1 # as SPKAC required MD5 for verification # https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/0006-Disable-signature-verification-with-totally-unsafe-h.patch export OPENSSL_ENABLE_MD5_VERIFY=1 +# test failures # error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake # failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40 -rm -f test/parallel/test-tls-no-sslv3.js +rm test/parallel/test-tls-no-sslv3.js +%if %{node_version_number} >= 18 +rm -r test/addons/openssl-providers +rm test/parallel/test-crypto-fips.js %endif + +%endif +# fedora + # Run CI tests %if 0%{with valgrind_tests} # valgrind may have false positives, so do not fail on these by default @@ -959,9 +972,11 @@ %files devel %defattr(-, root, root) %{_includedir}/node%{node_version_number} +%if %{node_version_number} < 18 %dir %{_datadir}/systemtap %dir %{_datadir}/systemtap/tapset %{_datadir}/systemtap/tapset/node%{node_version_number}.stp +%endif %files docs %defattr(-,root,root) ++++++ SHASUMS256.txt ++++++ --- /var/tmp/diff_new_pack.AmsHfw/_old 2022-09-29 18:13:09.535232020 +0200 +++ /var/tmp/diff_new_pack.AmsHfw/_new 2022-09-29 18:13:09.539232028 +0200 @@ -1,35 +1,35 @@ -19d8bd771213d4f55b4aa5f661212f4bc5aeb4bd53928eb922af3a5538df75c7 node-v16.17.0-aix-ppc64.tar.gz -96eefac1e168ec1bf39c5ae1e7b2760522624adfbe2e0c92875cd33ef9a07792 node-v16.17.0-darwin-arm64.tar.gz -a3f73e1b63b1c624a5f057ffe989ac60839122c09ce1028ec84e77b8e2322e8a node-v16.17.0-darwin-arm64.tar.xz -b85eaa537f9d60a68c704e23839db65b5a75f14b37d6855c5d4e31a6bcef26c6 node-v16.17.0-darwin-x64.tar.gz -0e9b7240b90694f384547280dc4704c9f49ff3201709bf74fd2711766533497c node-v16.17.0-darwin-x64.tar.xz -70c73723492a27d2c448df39082845045a3fd346d2f7ea1aa42e4e55daceb6b2 node-v16.17.0-headers.tar.gz -d315efae866c859c8b9269e849bff31914247fff01a78285030369b0cf8ce910 node-v16.17.0-headers.tar.xz -0e83e93bd3658f4ae516b5f1f174190bd87aaae3d691eb91a8945eed04dc8491 node-v16.17.0-linux-arm64.tar.gz -a43100595e7960b9e8364bff5641e0956a9929feee2759e70cbb396a1d827b7c node-v16.17.0-linux-arm64.tar.xz -916f0bb4f44dbef5b13ddb0fccd178871e1a3d1198cd4ad4a19464f69ef79198 node-v16.17.0-linux-armv7l.tar.gz -1dcbca56c0c44c3f3482176f73150b8ad15c71936724f8ca44328d6e51c790b3 node-v16.17.0-linux-armv7l.tar.xz -28f81b1b57eb4e050e67d1b095f274d5748c48eb1ac90064af80282606d79c2f node-v16.17.0-linux-ppc64le.tar.gz -372b847f0d8d27a96e7d06054882d9bef18be2a0b2e90ae9662c20f063b5223a node-v16.17.0-linux-ppc64le.tar.xz -3f67a969d4b42874b55ed881df8816e1dd6d0b96f6e7f175b63823110b671447 node-v16.17.0-linux-s390x.tar.gz -982b36beda88cd10cfe5ca3ef832fe6a3e3b605c39de0a04420cdeab31a39420 node-v16.17.0-linux-s390x.tar.xz -4827808e50b8ee42b4dadf056835287dac267b9cff56cea56e70843bf8cecb79 node-v16.17.0-linux-x64.tar.gz -f0867d7a17a4d0df7dbb7df9ac3f9126c2b58f75450647146749ef296b31b49b node-v16.17.0-linux-x64.tar.xz -3b9f8b71ce66808ec530581bd59c2c1c2bf74ac2bc64249850fb84023614aac3 node-v16.17.0.pkg -2a2e6262739741f98ab81648a50891861dbf66f12413b93f1a97b4c71570611e node-v16.17.0.tar.gz -1d28c285685e446985921bc963565ca9c0c5f4fda9755e489c06808ea9795645 node-v16.17.0.tar.xz -cec3fe26869f28c5e54fda6d97a4ed5a53a68f28cd9b17e78961cb723177235c node-v16.17.0-win-x64.7z -c1a3be05342166cb9304d01da7ff8b23df6d4b16f9c98ae33b9b4fff79d8d0e2 node-v16.17.0-win-x64.zip -3b4ac1a62b3bc58d057b13ae237646ebfd609475766668611728aad0c3679af5 node-v16.17.0-win-x86.7z -ece8820f33e6a513bc035fc4be905aa8fcf4976ee6d1633c5d4ec2cafcfd9c64 node-v16.17.0-win-x86.zip -ff2ffaf555e11311b3381e85d660d870dfc28dbb78ae9fb7b472250b5b0dff4f node-v16.17.0-x64.msi -4e8f5bb4a76aa7fb164b20362fa51b27f3113c7225f18123929df2d9b5eaa1aa node-v16.17.0-x86.msi -66ea3b0d70938870e751ba3738407ea932ff6787b1adb0929d14668b9abd3677 win-x64/node.exe +dfb37570ef34ac04f34c26d0ec558df60a9665df5961c01c1657c0ca495f2f01 node-v16.17.1-aix-ppc64.tar.gz +f9f02f7872e2e8ee54320fce13deb9d56904f32bb0615b6e21aa3371d8899150 node-v16.17.1-darwin-arm64.tar.gz +09a45f60bfb9dfbea4f69044dc733ef983945acd92ca89ccccac267f3d71bd44 node-v16.17.1-darwin-arm64.tar.xz +3db26761ad8493b894d42260d7e65094b7af9bc473588739e61bc1c32d6ff955 node-v16.17.1-darwin-x64.tar.gz +8e7089956fa01cf7d0045945c0863d282dc6818fb0476237c1396497e29a4254 node-v16.17.1-darwin-x64.tar.xz +35ccb95caf02cda3bd680da4350a8ae5d666a7a9eae3afe5c2a1b3ef29aef108 node-v16.17.1-headers.tar.gz +554c8d1b4b16e0f4c073b9df7c49c893716a3a533f25ac646f23619f5ccee7df node-v16.17.1-headers.tar.xz +adc7032888d4e672a4aac886baede8c04fccdd1a2e7ab4bcf325e3f336f44a3d node-v16.17.1-linux-arm64.tar.gz +3dfb8fd8f6b97df69cdc56524abc906c50ef1d0bf091188616802e6c7c731389 node-v16.17.1-linux-arm64.tar.xz +aeab05e35f1d2824ecfb88ca321f1408b44d292b2775f2890972c828e00216d0 node-v16.17.1-linux-armv7l.tar.gz +a035ceefb5e16f5fce98c8ddfdf721b96eec20542c72fb8781bcbb6ef20c5550 node-v16.17.1-linux-armv7l.tar.xz +1f48de7bed99e973c4c50f1b7fc99fc9af5144d093fd6d2b50a1e43b5818bf05 node-v16.17.1-linux-ppc64le.tar.gz +70305934661f89fca64053b85317a75f233d5e3fdb2caa6546a19262a519cf20 node-v16.17.1-linux-ppc64le.tar.xz +029dad48018bda07b481213816549b632059fc673c30fdc7a353e04619128344 node-v16.17.1-linux-s390x.tar.gz +1a47f604944c6aff37cb7483503155671cdb34bda9bfb8962007bc440fa04d77 node-v16.17.1-linux-s390x.tar.xz +da5658693243b3ecf6a4cba6751a71df1eb9e9703ca93b42a9404aed85f58ad0 node-v16.17.1-linux-x64.tar.gz +06ba2eb34aa385967f5f58c87a44753f83212f6cccea892b33f80a2e7fda8384 node-v16.17.1-linux-x64.tar.xz +12d10476ea7483298364c810c037b9316d1a73dc8c81cfeff7d794aecadde498 node-v16.17.1.pkg +e423985f6019b2026f9a191adb56a96ae83ecd56cdf839cf94aa980168b7a90f node-v16.17.1.tar.gz +6721feb4152d56d2c6b358ce397abd5a7f1daf09ee2e25c5021b9b4d3f86a330 node-v16.17.1.tar.xz +9777e8c4b2864c5b54a0e4e9400f14887db68560a09b94b4113b560a64d1e680 node-v16.17.1-win-x64.7z +ed290151efb417262b9808a70738d4ab79e9d53653a6a9f4b8dd97912e279dce node-v16.17.1-win-x64.zip +0f8101648d5c9e49e89fee541da9e574f899716c32b7c51a732b1766b9fc4526 node-v16.17.1-win-x86.7z +189b5e8b23226403e7b07a46614de19b444d369e694901e3668e2f549799cbcd node-v16.17.1-win-x86.zip +1bdff65fb7642425c0d6826084d63c4be43520316f0ea0b46e6a51999a0ed7fc node-v16.17.1-x64.msi +b737eb23a2c67c253b9364b5284123faf5220d567615bebd4ec4b81070e4d177 node-v16.17.1-x86.msi +f518a70dcab7c3fac5b2e1ef100b4f628edfb160f4fafa9a94ef222da8a6e9ab win-x64/node.exe 2f459a64647db493da63c790ce368ad54f59f086d9f22f59c5018680420197b3 win-x64/node.lib -13192a9f004cb1ee8fe96dd2e2adbd3366434556e2348a16ea359acb84235ca4 win-x64/node_pdb.7z -24d853b3b7926724f513cebda842a3e36ba431371b038fdfa179a77a58ca8dcc win-x64/node_pdb.zip -6e2ab243c7895f4bf76da4e30970c8284cbaf12951d5447596e57dd7d4935313 win-x86/node.exe +23215ce7d1e9de9777c3407239e7cf18d29d60f757b772219421ab361ac67c74 win-x64/node_pdb.7z +8e32ec12028fd3e3147435be79a858ed9c870aaafa1fcb291362307ef3c47547 win-x64/node_pdb.zip +2393aff88be19dbe0205cbde4ff0c1d89911b15de5c99c80f6e5e29604eecd12 win-x86/node.exe 5018c3d42f3fbacbd06cb943b3f2696c8e67ca9bdf6864d0e263d6d6911dffd2 win-x86/node.lib -32574b4ffa0c89b7b30ea4c79cbcb3d9d403764980c3d0c43d62611f010856c3 win-x86/node_pdb.7z -c6613e784d97e2831d1cf69cc6cfa341deb11d766afed819adc42d9535def060 win-x86/node_pdb.zip +05a4db56444a60ee70b0d2642d7f2d82a33339894d2d73bd07b1a41d6c869e04 win-x86/node_pdb.7z +8f86eacb7f13a1bf6738cb0819d7854a2abca40fc2e9e1f91421e44ba52cad7e win-x86/node_pdb.zip ++++++ SHASUMS256.txt.sig ++++++ Binary files /var/tmp/diff_new_pack.AmsHfw/_old and /var/tmp/diff_new_pack.AmsHfw/_new differ ++++++ node-v16.17.0.tar.xz -> node-v16.17.1.tar.xz ++++++ /work/SRC/openSUSE:Factory/nodejs16/node-v16.17.0.tar.xz /work/SRC/openSUSE:Factory/.nodejs16.new.2275/node-v16.17.1.tar.xz differ: char 27, line 1 ++++++ nodejs.keyring ++++++ Binary files /var/tmp/diff_new_pack.AmsHfw/_old and /var/tmp/diff_new_pack.AmsHfw/_new differ ++++++ test-skip-y2038-on-32bit-time_t.patch ++++++ --- /var/tmp/diff_new_pack.AmsHfw/_old 2022-09-29 18:13:09.659232263 +0200 +++ /var/tmp/diff_new_pack.AmsHfw/_new 2022-09-29 18:13:09.663232270 +0200 @@ -2,7 +2,7 @@ This test fails if coreutils' touch was built with 64-bit time_t, while nodejs was built with 32-bit time_t. This is currently the case -on i586, ppc and armv7l. Skip the failing last command on those +on i586, ppc and arm. Skip the failing last command on those platforms. The failure was seen since coreutils-9.0. @@ -16,7 +16,7 @@ =================================================================== --- node-v16.6.2.orig/test/parallel/test-fs-utimes-y2K38.js +++ node-v16.6.2/test/parallel/test-fs-utimes-y2K38.js -@@ -20,6 +20,23 @@ if (!common.isWindows) { +@@ -20,6 +20,26 @@ if (!common.isWindows) { common.skip('File system appears to lack Y2K38 support (touch failed)'); } @@ -32,6 +32,9 @@ + if (unameResult.stdout.trim() === 'ppc') { + common.skip('SUSE: test skipped on platforms with 32-bit time_t'); + } ++ if (unameResult.stdout.trim() === 'armv6l') { ++ common.skip('SUSE: test skipped on platforms with 32-bit time_t'); ++ } + if (unameResult.stdout.trim() === 'armv7l') { + common.skip('SUSE: test skipped on platforms with 32-bit time_t'); + }
