Hello community, here is the log from the commit of package nodejs6 for openSUSE:Factory checked in at 2019-01-11 14:05:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nodejs6 (Old) and /work/SRC/openSUSE:Factory/.nodejs6.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs6" Fri Jan 11 14:05:40 2019 rev:29 rq:664387 version:6.16.0 Changes: -------- --- /work/SRC/openSUSE:Factory/nodejs6/nodejs6.changes 2018-10-23 20:41:43.580448543 +0200 +++ /work/SRC/openSUSE:Factory/.nodejs6.new.28833/nodejs6.changes 2019-01-11 14:06:39.991728964 +0100 @@ -1,0 +2,47 @@ +Mon Jan 7 16:06:53 UTC 2019 - adam.ma...@suse.de + +- Update upstream LTS release 6.16.0: + * cli: add --max-http-header-size flag + * http: add maxHeaderSize property + +- Changes in LTS release 6.15.0: + * debugger: prevent the debugger from listening on 0.0.0.0. + It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625) + * deps: Upgrade to OpenSSL 1.0.2q, fixing + CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534) + * http: + + Headers received by HTTP servers must not exceed 8192 bytes + in total to prevent possible Denial of Service attacks. + (CVE-2018-12121, bsc#1117626) + + A timeout of 40 seconds now applies to servers receiving + HTTP headers. This value can be adjusted with + server.headersTimeout. Where headers are not completely + received within this period, the socket is destroyed on + the next received chunk. In conjunction with + server.setTimeout(), this aids in protecting against + excessive resource retention and possible Denial of Service. + (CVE-2018-12122, bsc#1117627) + + Two-byte characters are now strictly disallowed for the path + option in HTTP client requests. Paths containing characters + outside of the range \u0021 - \u00ff will now be rejected + with a TypeError. This behavior can be reverted if necessary + by supplying the --security-revert=CVE-2018-12116 command + line argument (this is not recommended). + (CVE-2018-12116, bsc#1117630) + * util: Fix a bug that would allow a hostname being spoofed when + parsing URLs with url.parse() with the 'javascript:' protocol. + (CVE-2018-12123, bsc#1117629) + +- skip_test_on_lowmem.patch: skip test on low-memory build machine + +------------------------------------------------------------------- +Mon Nov 26 14:06:57 UTC 2018 - adam.ma...@suse.de + +- flaky_test_rerun.patch: Rerun failing tests in case of flakiness + +------------------------------------------------------------------- +Mon Nov 12 12:26:46 UTC 2018 - adam.ma...@suse.de + +- env_shebang.patch: dropped in favour of programmatic update + +------------------------------------------------------------------- Old: ---- env_shebang.patch node-v6.14.4.tar.xz New: ---- flaky_test_rerun.patch node-v6.16.0.tar.xz skip_test_on_lowmem.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nodejs6.spec ++++++ --- /var/tmp/diff_new_pack.I24g5r/_old 2019-01-11 14:06:40.783728167 +0100 +++ /var/tmp/diff_new_pack.I24g5r/_new 2019-01-11 14:06:40.783728167 +0100 @@ -1,7 +1,7 @@ # # spec file for package nodejs6 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ ########################################################### Name: nodejs6 -Version: 6.14.4 +Version: 6.16.0 Release: 0 %define node_version_number 6 @@ -128,12 +128,13 @@ # PATCH-FIX-OPENSUSE -- install user global npm packages to /usr/local # instead of /usr Patch104: npm_search_paths.patch +Patch105: skip_test_on_lowmem.patch + +Patch120: flaky_test_rerun.patch # Use versioned binaries and paths Patch200: versioned.patch -Patch201: env_shebang.patch - %if 0%{with binutils_gold} BuildRequires: binutils-gold %endif @@ -315,13 +316,19 @@ %patch103 -p1 %endif %patch104 -p1 +%patch105 -p1 +%patch120 -p1 %patch200 -p1 -%patch201 -p1 # abnormalities from patching find -name configure.js.orig -delete %build +# normalize shebang +find -name \*.py -perm -1 -type f -exec sed -i '1 s,^#!\s\?/usr/bin/env python$,#!/usr/bin/python,' {} + +find deps/npm -type f -exec sed -i '1 s,^#!\s\?/usr/bin/env node$,#!/usr/bin/node%{node_version_number},' {} + +find deps/npm -type f -exec sed -i '1 s,^#!\s\?/usr/bin/env \(bash\|sh\)\?$,#!/bin/bash,' {} + + . %{SOURCE20} # Make sure nothing gets included from bundled deps: # We only delete the source and header files, because @@ -420,7 +427,7 @@ # clean # hidden files and directories -find %{buildroot}%{_libdir}/node_modules/npm%{node_version_number} -name ".*" -print0 | xargs -r0 -0 rm -rf -- +find %{buildroot}%{_libdir}/node_modules/npm%{node_version_number} -name ".*" -exec rm -Rf -- {} + # windows stuff find %{buildroot}%{_libdir}/node_modules/npm%{node_version_number} -name "*.bat" -delete find %{buildroot}%{_libdir}/node_modules/npm%{node_version_number} -name "*.cmd" -delete @@ -430,13 +437,11 @@ find %{buildroot}%{_libdir}/node_modules/npm%{node_version_number}/node_modules -name "*.sh" -delete rm -rf %{buildroot}%{_libdir}/node_modules/npm%{node_version_number}/node_modules/node-gyp/src # remove examples/tests/benchmark stuff -find %{buildroot}%{_libdir}/node_modules/npm%{node_version_number}/node_modules -name "example*" -print0 | xargs -0 rm -rf -- -find %{buildroot}%{_libdir}/node_modules/npm%{node_version_number}/NODE_MODULES -name "test*" -print0 | xargs -0 rm -rf -- +find %{buildroot}%{_libdir}/node_modules/npm%{node_version_number}/node_modules -name "example*" -exec rm -Rf -- {} + find %{buildroot}%{_libdir}/node_modules/npm%{node_version_number}/node_modules -name "*_test.*" -delete -find %{buildroot}%{_libdir}/node_modules/npm%{node_version_number}/node_modules -type d -name "benchmark" -print0 | xargs -0 rm -rf -- +find %{buildroot}%{_libdir}/node_modules/npm%{node_version_number}/node_modules -type d -name "benchmark" -exec rm -Rf -- {} + # fix permissions -find %{buildroot}%{_libdir}/node_modules -type f -exec chmod 0644 {} + chmod 0755 %{buildroot}%{_libdir}/node_modules/npm%{node_version_number}/bin/np*-cli.js chmod 0755 %{buildroot}%{_libdir}/node_modules/npm%{node_version_number}/bin/node-gyp-bin/node-gyp chmod 0755 %{buildroot}%{_libdir}/node_modules/npm%{node_version_number}/node_modules/node-gyp/bin/node-gyp.js ++++++ SHASUMS256.txt ++++++ --- /var/tmp/diff_new_pack.I24g5r/_old 2019-01-11 14:06:40.819728131 +0100 +++ /var/tmp/diff_new_pack.I24g5r/_new 2019-01-11 14:06:40.819728131 +0100 @@ -1,42 +1,42 @@ -91ba62cef4f8d2d3f4d4764a7116ba1eae963a4e8847290ac599dfc459ab1058 node-v6.14.4-aix-ppc64.tar.gz -799c10d67b42962ce62673d92a8352a3a2f69fc0aa3723fa0cb62522d0af0687 node-v6.14.4-darwin-x64.tar.gz -2a20a4fda9fa197e9c4b82d3eed7714e58cf002cd39effbb4886232e6615ca94 node-v6.14.4-darwin-x64.tar.xz -f6baca4f7dfad1de06f4389e67bf599b90d7daf4fdd180d29d10abd6ec56559e node-v6.14.4-headers.tar.gz -bf248b14f3c0bf178a41f524edef6f95003369231ae28539f4bf4529a67c6428 node-v6.14.4-headers.tar.xz -08d5af19fb0abe879ee9a62a1243cb027acbedae1b4fa5498a6183cc458773ee node-v6.14.4-linux-arm64.tar.gz -fa1a78ae8e384c1b76bde41060e806c412ecd9b4c0775c5c7ec53ebf9a70998b node-v6.14.4-linux-arm64.tar.xz -63a5b6b2da949f2c45c2b2615e17c757c86080470da425477adc6291252aaf8c node-v6.14.4-linux-armv6l.tar.gz -771a2a6124dc55ea019e3af92f84090694e25cfb4e4bee10a0b9c27802f6adb9 node-v6.14.4-linux-armv6l.tar.xz -88f5ec52dbbf547a52af66b7df5fbb6206e43a307a410805eeba08bc13c45a2d node-v6.14.4-linux-armv7l.tar.gz -21f2e3c729417de1b7394217404ffb99dc3af194680970ba02b2eb065b0eb5d4 node-v6.14.4-linux-armv7l.tar.xz -2d15a78a2b47dba29890be40bc1397807a8c1176a33ce8d8c73db20036430652 node-v6.14.4-linux-ppc64le.tar.gz -097656c05ed29d43c5fc629269137ed9a5b64a6e07f5f9f4d870ca03eec9802e node-v6.14.4-linux-ppc64le.tar.xz -00d988391f8083f1da3b699734d2fb6e3fca0c91d5404ab402cd14ca4ba22af4 node-v6.14.4-linux-ppc64.tar.gz -8d07a9f3d788f6dd1c64749f0a0a7b9e9af733fb729e5d7668862e4be5511cf1 node-v6.14.4-linux-ppc64.tar.xz -1f129a089acd6efa01a99dd068478482314151d95d53168e4ef1c7b20c1fa4bc node-v6.14.4-linux-s390x.tar.gz -bb8dd6a71d308ecec753251ea1b830008f3b1126b49de4cd22806b6d6edd77f9 node-v6.14.4-linux-s390x.tar.xz -1b80ddc7847e85ae31c5eb515ee76230fed1e2e70303a7db9891404a830128ba node-v6.14.4-linux-x64.tar.gz -66d052fe10f90e3b05fdda3117f26bc24da10d436eecf6e298c317f437647aab node-v6.14.4-linux-x64.tar.xz -d394ea61a51ba3c070838f8696a38f9e47be55af6978e7a074addb742ba0cddc node-v6.14.4-linux-x86.tar.gz -ba508f7cad8fab34ef3d72c64b32e06dc7c65a911e14eaf985beeae90975bb06 node-v6.14.4-linux-x86.tar.xz -487c425a78f5f82a3c480007664b6a670af22d7ee719bd7e5a25c8c6950d2400 node-v6.14.4.pkg -d01a474d78b08fe69a6d0c86742f77ebf98c106ce5e469e2f34ecdcb3556f49a node-v6.14.4-sunos-x64.tar.gz -e87024933e826d3b2c3b392a9c36324b977071ba6791c2093b35ba10eeee4d7a node-v6.14.4-sunos-x64.tar.xz -f51c0fea195a25bf442a2beb27b62a56e3bc765390354bcd5643178ee8566037 node-v6.14.4-sunos-x86.tar.gz -67dc68a5ac1f870f76e27e726895fa2c0fee93e01af7ac04eee4cd133f8fbb6c node-v6.14.4-sunos-x86.tar.xz -10aff5317908af04107e9ae26a07a84ee11a213657701df05c189afa4586cf37 node-v6.14.4.tar.gz -9a4bfc99787f8bdb07d5ae8b1f00ec3757e7b09c99d11f0e8a5e9a16a134ec0f node-v6.14.4.tar.xz -4f5b078447bc5d293e3b2a418f14cd843cad408740d646358200a21d01b1f59c node-v6.14.4-win-x64.7z -6f9dc686dac27e13f142626018d7bf23257356b40a7eabbf5c1843acc1ab80f9 node-v6.14.4-win-x64.zip -b9595f7822cf55d1fd2db70ec6cde91a29960a86fdf25b365b479c03b63882c5 node-v6.14.4-win-x86.7z -cba294e7660099d10b76b239e716995a75e15fbebaf5467ac75ca9b506435927 node-v6.14.4-win-x86.zip -70ab33aa352fa5d9c9c0b12070404e688d03b15d28cfa55ec719f2c4fd095001 node-v6.14.4-x64.msi -260472d50d282574bb8b01378c5c8509613ae77b54d2d22a78fb92bd71634291 node-v6.14.4-x86.msi -fd8a5ec2e4d6f67895aeb9ee07af4c562331d19e4e2e644f974f347ede72453c win-x64/node.exe -98173b6cb0848827a630a981eb6ae352c2494a3970bcbf0466382dbfddc2f159 win-x64/node.lib -e53037a68e15a73be916845b687696bb73f448f9842458ac41cedf44a682bfb3 win-x64/node_pdb.7z -f77a8848ec7868f0c963b5a74170f0e64e205f1e2c27ab2be309a014f2a75da3 win-x64/node_pdb.zip -7f93a13e70c79fa27c841daf7fe8ebdc3ddf34b3f17ceba66d5ffc9d1594ea89 win-x86/node.exe -dcef85f280ee81fdc1f469a20354124eb2ff83c5877f40a9b89c09471f53abd4 win-x86/node.lib -80062110f0cbbe94f934c709e3256471b73c71411908cfc986b7e125dca66831 win-x86/node_pdb.7z -d7a22eeb96adbf2da748fb323ce9e989b74936159014f86c714e077f3f4e658d win-x86/node_pdb.zip +2defd3ab3f4628cade7d4b415be013fa0ad8e6ec4ee7da556affc3209b6eb0a4 node-v6.16.0-aix-ppc64.tar.gz +12167a8d26f323191b79e37cc9ab042b929ddd5bec4210aa9bd0dbf2c6a3bc5d node-v6.16.0-darwin-x64.tar.gz +9767fe05ffd33ce42070c56cb61a12c73a6d886ba32fbbbbedb2ca90e0bba525 node-v6.16.0-darwin-x64.tar.xz +f799b143375a0f9d70dac394da0ffd201657c911fe16a0341ff0687af2ce5cdc node-v6.16.0-headers.tar.gz +f5449926ce150c386090542b3e9ee369b19bc6148ab2f552e9fcb1024f14391e node-v6.16.0-headers.tar.xz +6b94c3c0e807f5350f4e973cece77f373d637f7d7c3c24f90e583407beee916a node-v6.16.0-linux-arm64.tar.gz +10507ebca2f736064dd325854f5b2e1f60f24b2e6a78fadcd7933d8edb978b70 node-v6.16.0-linux-arm64.tar.xz +260547033a9710a5d09807ae2e06c6b9f73636b814c156aac0b7e8c9ed3bfd98 node-v6.16.0-linux-armv6l.tar.gz +ef123b5ce4a4214774adc46d33f8aa5d3ac5cab8679e417b44531ae14b310304 node-v6.16.0-linux-armv6l.tar.xz +a70487b82e4a50ea0a8e10b5b6f922d52a870b15a5e34a8102d93e0765ea8ee1 node-v6.16.0-linux-armv7l.tar.gz +fe3b6d712c1b762ed35782c2f4fc4977711b61435998b89850dad309e38eb0bb node-v6.16.0-linux-armv7l.tar.xz +1c6c30d8d795f8d888526ae97e3dfd0a332fdbf2e703f1696679879fda8a1c62 node-v6.16.0-linux-ppc64le.tar.gz +30085079ee1c039e04bf6533023fe62191ee46d19ddc999f5593324177d12fa4 node-v6.16.0-linux-ppc64le.tar.xz +6f2a3f7713a05ec726af209d5bfe7945c5be6d99a2e2f4a561301c36f5998db8 node-v6.16.0-linux-ppc64.tar.gz +5fb8ef8cd31b15c03101c6e4d04e11accf1ae1b34aeae9007d1cb6a7a51a27d2 node-v6.16.0-linux-ppc64.tar.xz +58d90689ca1d41843532ef098b91e1860530f8a4c131f498b46facecce492c5f node-v6.16.0-linux-s390x.tar.gz +5edd1552bf369bc7eb9643b479d12a25e04a605b8176add2ead7e99802014b43 node-v6.16.0-linux-s390x.tar.xz +7f26cd9a2845df23773755a428d61b74fd80d48a991e964d12e85ae90ced81a0 node-v6.16.0-linux-x64.tar.gz +56c701b19777ffd122832ead132bf0590c9b6280a5cabe19e7642441167f7262 node-v6.16.0-linux-x64.tar.xz +93e47d1bc0dcbe98288247302c65708104d882cc61fe7d0ce2d68a78cdd555db node-v6.16.0-linux-x86.tar.gz +d35a33dcf043d7b30228d423e3a295be7aa9d4fb07f647acf2442cd53d9edcb1 node-v6.16.0-linux-x86.tar.xz +af45957ea17e5358eaa361476648817a4d68e7ae7d1e8f7f0b097cf02f389757 node-v6.16.0.pkg +80bc70012bce0a95284ac09045edb937f3c2da61d7d76f952cb4ccd280b81b44 node-v6.16.0-sunos-x64.tar.gz +6141555dd7bb1fd2d4df7d91121b9c4750d027c2ef9f64d6ea65ebad83866acf node-v6.16.0-sunos-x64.tar.xz +4fc09dfcd0cf5b18db3c829de9703968c9b3e5b806fe51d05ee59aa1f105527f node-v6.16.0-sunos-x86.tar.gz +4b2e2b827d0e1c044d436cdd231829aa0dc333fdfb386bd9b74295fdc5d75556 node-v6.16.0-sunos-x86.tar.xz +5432c6cba59bfef5794951193e93dbbd1707960b6c722925afcdb4517f4dc742 node-v6.16.0.tar.gz +0d0882a9da1ccc217518d3d1a60dd238da9f52bed0c7daac42b8dc3d83bd7546 node-v6.16.0.tar.xz +7e5c93340e966a16bd4659bd827867d3116611b55e9c194c00a7a578830f917e node-v6.16.0-win-x64.7z +03807861d364e0a2b09f475aa073022b49b277a51bd79cd255cf3c37611354e7 node-v6.16.0-win-x64.zip +734dd3b3baba0f142904c79b757abc841eb6d8ff5b0109ce8caa4aeffed2d1ea node-v6.16.0-win-x86.7z +885d6316b4852472cfb04a4fb7dad9f5ae0f08e3b3fd3f554c893b0b871e9f0b node-v6.16.0-win-x86.zip +cd58a0467828c34a59aa0ab8d10099cf928cb30adcf313bda8ec08939e91e56a node-v6.16.0-x64.msi +5e2424b372a40db42775e747a98e11979bc0dfc7bd3d1d87a49f9e19f087bf93 node-v6.16.0-x86.msi +e7532234c07e6a0d90842fbe530daad29e3000a4282514948846b3cb905d3e53 win-x64/node.exe +7524268fe5d2756a31efb62851f4fc7863ace64c3e08245bcd93d24612be9274 win-x64/node.lib +43b3fabc7c5f70412660aae27cf3928b2bc09a46c0b467e8f216135bb32bbd93 win-x64/node_pdb.7z +cf08f786f1d2276e3d11114bf9686f9c1e115f6d9f00db44510bd5f3969f5695 win-x64/node_pdb.zip +75d6d30a32afd0a6304441ac74e1099b31c0e5d8435f389b9c956afbd64b2be2 win-x86/node.exe +e42ded01468ee7d3cc68fb77c13430a08ed7502dfc90c1edda65c82ea3cd913e win-x86/node.lib +eea89a8e40707628135e6f7473da3f38109d02aad21798c2c820916833c6675a win-x86/node_pdb.7z +485817339eb96dd33ea7b2a5547942e4108a4c5b3f8821e700013bc289976407 win-x86/node_pdb.zip ++++++ SHASUMS256.txt.sig ++++++ Binary files /var/tmp/diff_new_pack.I24g5r/_old and /var/tmp/diff_new_pack.I24g5r/_new differ ++++++ flaky_test_rerun.patch ++++++ Index: node-v4.9.1/tools/test.py =================================================================== --- node-v4.9.1.orig/tools/test.py +++ node-v4.9.1/tools/test.py @@ -480,10 +480,16 @@ class TestCase(object): def RunCommand(self, command, env): full_command = self.context.processor(command) - output = Execute(full_command, + reruns = 0 + while(reruns < 5): + reruns += 1 + output = Execute(full_command, self.context, self.context.GetTimeout(self.mode), env) + if output.exit_code == 0: + break; + print("FLAKY rerun: ", command) self.Cleanup() return TestOutput(self, full_command, ++++++ node-v6.14.4.tar.xz -> node-v6.16.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/nodejs6/node-v6.14.4.tar.xz /work/SRC/openSUSE:Factory/.nodejs6.new.28833/node-v6.16.0.tar.xz differ: char 26, line 1 ++++++ skip_test_on_lowmem.patch ++++++ Index: node-git.96a986d675/test/sequential/test-buffer-creation-regression.js =================================================================== --- node-git.96a986d675.orig/test/sequential/test-buffer-creation-regression.js +++ node-git.96a986d675/test/sequential/test-buffer-creation-regression.js @@ -2,6 +2,7 @@ const common = require('../common'); const assert = require('assert'); +const os = require('os'); function test(arrayBuffer, offset, length) { const uint8Array = new Uint8Array(arrayBuffer, offset, length); @@ -25,6 +26,10 @@ const offset = 4294967296; /* 1 << 32 */ const size = offset + length; let arrayBuffer; +if (os.totalmem()/(1<<30) < 7) { + common.skip('Skipping test on low-memory build machine'); +} + try { arrayBuffer = new ArrayBuffer(size); } catch (e) {