commit nodejs10 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package nodejs10 for openSUSE:Factory 
checked in at 2019-08-07 13:57:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nodejs10 (Old)
 and      /work/SRC/openSUSE:Factory/.nodejs10.new.9556 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "nodejs10"

Wed Aug  7 13:57:58 2019 rev:14 rq:720251 version:10.16.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/nodejs10/nodejs10.changes        2019-06-06 
18:14:41.560732231 +0200
+++ /work/SRC/openSUSE:Factory/.nodejs10.new.9556/nodejs10.changes      
2019-08-07 13:58:02.416855090 +0200
@@ -1,0 +2,14 @@
+Thu Aug  1 15:01:02 UTC 2019 - Adam Majer <adam.ma...@suse.de>
+
+- New upstream LTS version 10.16.1
+  * deps: upgrade openssl sources to 1.1.1c (for SLE-12 based systems)
+  * stream: do not unconditionally call _read() on resume()
+  * worker: fix nullptr deref after MessagePort deser failure
+
+-------------------------------------------------------------------
+Mon Jul 29 09:01:18 UTC 2019 - Adam Majer <adam.ma...@suse.de>
+
+- CVE-2019-13173.patch: fix potential file overwrite via hardlink
+  in fstream.DirWriter() function (bsc#1140290, CVE-2019-13173)
+
+-------------------------------------------------------------------

Old:
----
  node-v10.16.0.tar.xz

New:
----
  CVE-2019-13173.patch
  node-v10.16.1.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nodejs10.spec ++++++
--- /var/tmp/diff_new_pack.IR5ZpH/_old  2019-08-07 13:58:03.096855082 +0200
+++ /var/tmp/diff_new_pack.IR5ZpH/_new  2019-08-07 13:58:03.100855082 +0200
@@ -26,7 +26,7 @@
 ###########################################################
 
 Name:           nodejs10
-Version:        10.16.0
+Version:        10.16.1
 Release:        0
 
 %define node_version_number 10
@@ -123,6 +123,8 @@
 Patch7:         manual_configure.patch
 Patch11:        valgrind_fixes.patch
 
+Patch31:        CVE-2019-13173.patch
+
 ## Patches specific to SUSE and openSUSE
 # PATCH-FIX-OPENSUSE -- set correct path for dtrace if it is built
 Patch101:       nodejs-libpath.patch
@@ -321,6 +323,7 @@
 %if 0%{with valgrind_tests}
 %patch11 -p1
 %endif
+%patch31 -p1
 %patch101 -p1
 %patch102 -p1
 # Add check_output to configure script (not part of Python 2.6 in SLE11).

++++++ CVE-2019-13173.patch ++++++
CVE-2019-13173

Backported from
https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22

>From 6a77d2fa6e1462693cf8e46f930da96ec1b0bb22 Mon Sep 17 00:00:00 2001
From: isaacs <i...@izs.me>
Date: Tue, 14 May 2019 17:37:57 -0700
Subject: [PATCH] Clobber a Link if it's in the way of a File

Fixes https://github.com/npm/node-tar/issues/212
---
 lib/writer.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/writer.js b/lib/writer.js
index 140e449..3f10547 100644
--- a/deps/npm/node_modules/fstream/lib/writer.js
+++ b/deps/npm/node_modules/fstream/lib/writer.js
@@ -147,7 +147,7 @@ Writer.prototype._stat = function (current) {
 
     // if it's a type change, then we need to clobber or error.
     // if it's not a type change, then let the impl take care of it.
-    if (currentType !== self.type) {
+    if (currentType !== self.type || self.type === 'File' && current.nlink > 
1) {
       return rimraf(self._path, function (er) {
         if (er) return self.error(er)
         self._old = null
++++++ SHASUMS256.txt ++++++
--- /var/tmp/diff_new_pack.IR5ZpH/_old  2019-08-07 13:58:03.140855081 +0200
+++ /var/tmp/diff_new_pack.IR5ZpH/_new  2019-08-07 13:58:03.140855081 +0200
@@ -1,36 +1,36 @@
-6aa026be2dcda26c3a5dd6f492bf517431787ba52e7a82db1d0a37c16031b841  
node-v10.16.0-aix-ppc64.tar.gz
-6c009df1b724026d84ae9a838c5b382662e30f6c5563a0995532f2bece39fa9c  
node-v10.16.0-darwin-x64.tar.gz
-122254e525983120ecbd0e7873c6103e9c98517042bf672dcfd96fc91ecaa546  
node-v10.16.0-darwin-x64.tar.xz
-76a14cabfcb8c09519d1ee722950aa64f12202230c504425279c2282cecb0e29  
node-v10.16.0-headers.tar.gz
-f426485f90a0d31753c299a53957ec2261a1db1c78a01181afed7e759bf08592  
node-v10.16.0-headers.tar.xz
-2d84a777318bc95dd2a201ab8d700aea7e20641b3ece0c048399398dc645cbd7  
node-v10.16.0-linux-arm64.tar.gz
-ae2e74ab2f5dbff96bf0b7d8457004bf3538233916f8834740bbe2d5a35442e5  
node-v10.16.0-linux-arm64.tar.xz
-3ae88931bf286fc3b7abe6a914b3af099072116cb9c5dbce5371df8fcf211f78  
node-v10.16.0-linux-armv6l.tar.gz
-6900a09f1547068b17b4844047f7f2f7defedeeef82220225357d90e6ca7a59f  
node-v10.16.0-linux-armv6l.tar.xz
-756f21a07a5a8c6c1037754a332b3adf7b39fb1d49acf0893488cc545a2438cf  
node-v10.16.0-linux-armv7l.tar.gz
-3a3710722a1ce49b4c72c4af3155041cce3c4f632260ec8533be3fc7fd23f92c  
node-v10.16.0-linux-armv7l.tar.xz
-5c2706288ab496535044cfee007404dcbb93b8d915471b183c0fd3955067e2d6  
node-v10.16.0-linux-ppc64le.tar.gz
-b26136556fa79a3b58d0864afb455eb0c581647bd059999c69c42d27ef5afe7a  
node-v10.16.0-linux-ppc64le.tar.xz
-035a23f4cc469d085e664b0ed3c7128def97e9479cdf4c7db60b68e8429ed714  
node-v10.16.0-linux-s390x.tar.gz
-e8202e285a88be9b53bbf50cfae2f08fff2b1ae3597893e4049c9dff3e4b9b14  
node-v10.16.0-linux-s390x.tar.xz
-2e2cddf805112bd0b5769290bf2d1bc4bdd55ee44327e826fa94c459835a9d9a  
node-v10.16.0-linux-x64.tar.gz
-1827f5b99084740234de0c506f4dd2202a696ed60f76059696747c34339b9d48  
node-v10.16.0-linux-x64.tar.xz
-27be4450cf0e3a5ce7db4dbb01cb7524b1d03bc3d53776fa22cc2a339d5028f0  
node-v10.16.0.pkg
-7a5f2c68b428511b322bd3be081ed5532c6fa97c45d3e7f960d4beb7359d344d  
node-v10.16.0-sunos-x64.tar.gz
-7370587b6f19b6df6109b39ec73ac77f233702fdb75b5eb7060a08098c316b08  
node-v10.16.0-sunos-x64.tar.xz
-d00f1ffdb0a7413eaaf3afc393fb652ea713db135dcd3ccf6809370a07395713  
node-v10.16.0.tar.gz
-18e37f891d10ea7fbc8f6410c444c2b1d9cc3cbbb1d35aa9c41f761816956608  
node-v10.16.0.tar.xz
-52e7a86e1e0407567b57ba73868ba27715c2f08b316762adc97145157fa24d71  
node-v10.16.0-win-x64.7z
-aa22cb357f0fb54ccbc06b19b60e37eefea5d7dd9940912675d3ed988bf9a059  
node-v10.16.0-win-x64.zip
-a83febd36596f9bc0d9ebf35da29eb0f8ffed04cc36a6fecad942473120d39d6  
node-v10.16.0-win-x86.7z
-fc558cb69425236916343064852a629b5d86471ce6c739c49dbd4c2e458cce6a  
node-v10.16.0-win-x86.zip
-4d106b32293453f1ed037650c3051db854f853f7cef5a06e659e5c7d978cadb7  
node-v10.16.0-x64.msi
-9f427cc3af7fbc5315bae643d666de878ff22714b356c3b7a1c3e7890b8e8b78  
node-v10.16.0-x86.msi
-12770da33e274cb5407edc0fc9c631dd6e1d8ff60e5b32015304275e5480e06f  
win-x64/node.exe
-d0398d9262c9b7b7ccbfa0eacab3958567bc8706a29cbb3d764803fbb401afcf  
win-x64/node.lib
-401db39ad3c5303c49dc50759a0378c20becbb3dd47366ebe27b7dc67fd86084  
win-x64/node_pdb.7z
-964c32ca421438c1b91f894c9ed2f0c62c8dfda0625983e87269b64669320daf  
win-x64/node_pdb.zip
-8cc341dc3aeb510d5dfbd6595dfd8ca60852e5d0f06a2548cda14faacd7eb043  
win-x86/node.exe
-9ba7fe1d8e98e329407bf197bbf836f8b53d70525bd0b3d937110a2e51096e97  
win-x86/node.lib
-2be25c3d1d1e41223033f5259dd1d6e108eb0fcfac015778169d255cc4e447bf  
win-x86/node_pdb.7z
-af9147e6bc156f5a07147527c5a0910f33d057d873180d6b9d4dfca304977418  
win-x86/node_pdb.zip
+f9afd5285438e2f6b72c5c529a9f28a80f0fcd9cdc003e477d6e95177d89fdc2  
node-v10.16.1-aix-ppc64.tar.gz
+328e61fdacfe2f6f1a049d57e248b3eafc0345747831323a14fe1edf98d9b3bb  
node-v10.16.1-darwin-x64.tar.gz
+c77d44ad057e1eea84b05b02e8392bb8f1c5b6392b006ecf76734e2d19c8e4c0  
node-v10.16.1-darwin-x64.tar.xz
+2589cafd5f11241fbfae3592b1337e97be86e436ad7a1db00d12586506f753ed  
node-v10.16.1-headers.tar.gz
+e93ef520f3e750d8da1d48be3087a83c12671ade0261160bbee8a8c6e309b4af  
node-v10.16.1-headers.tar.xz
+c5f1df1ae559a9e40fc7216f4c82379d4e8ce64a96921ab0bed216c82cf9a1f3  
node-v10.16.1-linux-arm64.tar.gz
+c46ba1a8e9b9c0490ae81f8b2b13d332ed6f5c86d172fa817f749042ab329b93  
node-v10.16.1-linux-arm64.tar.xz
+a783a7d1ba8c994616e3aa3b71f932fdaa35953e6461f1bbe2f48f55bc98cdb5  
node-v10.16.1-linux-armv6l.tar.gz
+de6055a51019b3f4abc7d53dbbacc34134471726de63b170dc7ff6a9eb0f3efd  
node-v10.16.1-linux-armv6l.tar.xz
+7977c13f29827ef9177fe79948c39e2f000fa2ae10aa6c4b4de9f47d756354aa  
node-v10.16.1-linux-armv7l.tar.gz
+ac05af22142d36fdab28c6304c98043341f5cdff715494ef1c2d2a94a3432dd6  
node-v10.16.1-linux-armv7l.tar.xz
+c1df7db6455f6f985c246b6d9acadb75d242ab0eb1ea4b7b8a51b3343c6aae74  
node-v10.16.1-linux-ppc64le.tar.gz
+09c543051096dbca046becde26c0e535a242e20d315f3d80fcb14f1ceb013985  
node-v10.16.1-linux-ppc64le.tar.xz
+388ed445df5a6560b0174fb14491be018b0e80b56a8c392123a8b21b24b533d0  
node-v10.16.1-linux-s390x.tar.gz
+fc8193c8f72ce4ccd6af9cff7d073455dc200ef183964abd50ba63a6a0b69f9e  
node-v10.16.1-linux-s390x.tar.xz
+32db9700d2ba926e774c17e7cd8952499e64e241b095d22e05d3d62ebe4cb6d4  
node-v10.16.1-linux-x64.tar.gz
+127d9b2f485523805208f867fc513842570b29b4d6831773eeb6dd403a22ba9d  
node-v10.16.1-linux-x64.tar.xz
+081cdcb0d43d141411cb308fd4ed7038cb15390a6d649974b8d85acf2c53e139  
node-v10.16.1.pkg
+3b7b2feb98380b082d9774b01081e815d6b459dc4125855d9f2dea9559c3d580  
node-v10.16.1-sunos-x64.tar.gz
+e3c2582645333ba62d81464221d40cdbc811aed793c45c7418f87221f37b0a69  
node-v10.16.1-sunos-x64.tar.xz
+98c92edcfced73b572917d01a53aa9deefec85d8a2fe96c46fe10ee1d0a7763d  
node-v10.16.1.tar.gz
+6268319c8dddfdaa7886ea3f253ac5c2d133a6c682c00786296227e03f322009  
node-v10.16.1.tar.xz
+70b08ba7b488dee2b135b6d5c02ac5ccd6954fd5623da5b3408dec63ce60e6f9  
node-v10.16.1-win-x64.7z
+1ff8b26670e1b935b51f4b795728f29845c31a3c38b3220b4fe71fb139bc5623  
node-v10.16.1-win-x64.zip
+ba46e3bd5be77d5c13ac41efacb211508bef6da6cff894a2d0e99ddee79a244e  
node-v10.16.1-win-x86.7z
+57c2b141c8122d5bfc8ebdaaf5c81b382e3f6fdd3fa7b936a210d8e8e278e4d6  
node-v10.16.1-win-x86.zip
+dc99f8c0be1e8bb1abfaa194113712ba85cc749bd32990f84cdcdd3b619f6a1c  
node-v10.16.1-x64.msi
+63d03dff4c314f0adb08ef22f2c0efb05cd425db6a83ccf6a6a035050db9cc47  
node-v10.16.1-x86.msi
+bd4ce2f0543c2ca31c7a573bda7b816b51b5946e6dc8b7a4e0041b8ab0f758e7  
win-x64/node.exe
+4c0f7168444b6ef0d469c9303d132520c56e6950cbe9616c2f86c08a498e3632  
win-x64/node.lib
+835c121df473bcf58ff85d8f760e174f0dc11913aafa01a544b7dca7817d3794  
win-x64/node_pdb.7z
+b84a1d4bc9b936958074f56802d6f50fa98efc1fbbce42c7288687f2f114a506  
win-x64/node_pdb.zip
+4c69678620cc2ac6f2421a9585a01a7843499fce492e74e17545a46f1f810b2b  
win-x86/node.exe
+831fb788501920391120a99d20f443a1f32b6d6446870efcc35a50cd1e485f2b  
win-x86/node.lib
+91ccb69ae2bb425c2646f22c2476adc02d4ccd51d36f5f598d7ca60f43526f2c  
win-x86/node_pdb.7z
+0f2b9d30a0c5ed61e86da5fd33e2fdd13cf0deed411ee787bfd9e0b522ba47b4  
win-x86/node_pdb.zip

++++++ SHASUMS256.txt.sig ++++++
Binary files /var/tmp/diff_new_pack.IR5ZpH/_old and 
/var/tmp/diff_new_pack.IR5ZpH/_new differ

++++++ node-v10.16.0.tar.xz -> node-v10.16.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/nodejs10/node-v10.16.0.tar.xz 
/work/SRC/openSUSE:Factory/.nodejs10.new.9556/node-v10.16.1.tar.xz differ: char 
27, line 1