Hello community,
here is the log from the commit of package nodejs for openSUSE:Factory checked
in at 2015-10-19 22:52:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nodejs (Old)
and /work/SRC/openSUSE:Factory/.nodejs.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs"
Changes:
--------
--- /work/SRC/openSUSE:Factory/nodejs/nodejs.changes 2015-09-17
09:18:47.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.nodejs.new/nodejs.changes 2015-10-20
00:06:46.000000000 +0200
@@ -1,0 +2,95 @@
+Sat Oct 17 17:43:19 UTC 2015 - i...@marguerite.su
+
+- fixed boo#948602/CVE-2015-7384:
+ * nodejs: HTTP Denial of Service Vulnerability
+- drop nodejs-no-fips.patch, upstreamed
+- update to 4.2.1
+ * Includes fixes for two regressions
+ + Assertion error in WeakCallback
+ + Undefined timeout regression
+- changes in 4.2.0
+ * icu: Updated to version 56 with significant performance
+ improvements
+ * node:
+ + Added new -c (or --check) command line argument for checking
+ script syntax without executing the code
+ + Added process.versions.icu to hold the current ICU library
+ version
+ + Added process.release.lts to hold the current LTS codename
+ when the binary is from an active LTS release line
+ * npm: Upgraded to npm 2.14.7 from 2.14.4
+- changes in 4.1.2
+ * http:
+ + Fix out-of-order 'finish' event bug in pipelining that can
+ abort execution, fixes DoS vulnerability CVE-2015-7384
+ + Account for pending response data instead of just the data
+ on the current request to decide whether pause the socket
+ or not
+ + libuv: Upgraded from v1.7.4 to v1.7.5
+ + Improved AIX support
+ * v8:
+ + Upgraded from v4.5.103.33 to v4.5.103.35
+ + Backported f782159 from v8's upstream to help speed up Promise
+ introspection
+ + Backported c281c15 from v8's upstream to add JSTypedArray
+ length in post-mortem metadata
+- changes in 4.1.1
+ * buffer: Fixed a bug introduced in v4.1.0 where allocating a new
+ zero-length buffer can result in the next allocation of a
+ TypedArray in JavaScript not being zero-filled. In certain
+ circumstances this could result in data leakage via reuse of
+ memory space in TypedArrays, breaking the normally safe assumption
+ that TypedArrays should be always zero-filled.
+ * http: Guard against response-splitting of HTTP trailing headers
+ added via response.addTrailers() by removing new-line ([\r\n])
+ characters from values. Note that standard header values are
+ already stripped of new-line characters. The expected security
+ impact is low because trailing headers are rarely used.
+ * npm:
+ + Upgrade to npm 2.14.4 from 2.14.3
+ + Upgrades graceful-fs on multiple dependencies to no longer
+ rely on monkey-patching fs
+ + Fix npm link for pre-release / RC builds of Node
+ * v8:
+ + Update post-mortem metadata to allow post-mortem debugging
+ tools to find and inspect:
+ + JavaScript objects that use dictionary properties ScopeInfo
+ and thus closures
+- changes in 4.1.0
+ * buffer:
+ + Buffers are now created in JavaScript, rather than C++.
+ This increases the speed of buffer creation
+ + Buffer#slice() now uses Uint8Array#subarray() internally,
+ increasing slice() performance
+ * fs:
+ + fs.utimes() now properly converts numeric strings, NaN,
+ and Infinity
+ + fs.WriteStream now implements _writev, allowing for
+ super-fast bulk writes
+ * http: Fixed an issue with certain write() sizes causing errors
+ when using http.request()
+ * npm: Upgrade to version 2.14.3
+ * src: V8 cpu profiling no longer erroneously shows idle time
+ * timers: #ref() and #unref() now return the timer they belong to
+ * v8: Lateral upgrade to 4.5.103.33 from 4.5.103.30, contains minor
+ fixes. This fixes a previously known bug where some computed
+ object shorthand properties did not work correctly.
+
+-------------------------------------------------------------------
+Fri Oct 2 13:14:03 UTC 2015 - devel...@develop7.info
+
+- replace node-no-fips.patch with upstream fix
+
+-------------------------------------------------------------------
+Fri Oct 2 02:47:28 UTC 2015 - i...@marguerite.su
+
+- fix build by using internal openssl for openSUSE <= 1320
+ which didn't provide openssl 1.0.2
+- install missing addon-rpm.gypi (boo#948045)
+
+-------------------------------------------------------------------
+Tue Sep 29 04:46:20 UTC 2015 - meiss...@suse.com
+
+- Do not force enable FIPS mode. bsc#947747
+
+-------------------------------------------------------------------
Old:
----
node-v4.0.0.tar.xz
New:
----
node-v4.2.1.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nodejs.spec ++++++
--- /var/tmp/diff_new_pack.5nclu9/_old 2015-10-20 00:06:47.000000000 +0200
+++ /var/tmp/diff_new_pack.5nclu9/_new 2015-10-20 00:06:47.000000000 +0200
@@ -17,7 +17,7 @@
Name: nodejs
-Version: 4.0.0
+Version: 4.2.1
Release: 0
Summary: Evented I/O for V8 JavaScript
License: MIT
@@ -85,9 +85,9 @@
Summary: Package manager for Node.js (Bundled)
Group: Development/Languages/NodeJS
Requires: %{name} = %{version}
-Provides: npm = 2.11.4
-Obsoletes: npm < 2.11.4
-Provides: npm(npm) = 2.11.4
+Provides: npm = 2.14.7
+Obsoletes: npm < 2.14.7
+Provides: npm(npm) = 2.14.7
Conflicts: otherproviders(npm(npm))
%description npm
@@ -106,9 +106,13 @@
# We only delete the source and header files, because
# the remaining build scripts are still used.
###for dir in v8 openssl zlib; do
+%if 0%{?suse_version} > 1320
for dir in openssl zlib; do
find deps/$dir -name *.[ch] -delete
done
+%else
+find deps/zlib -name *.[ch] -delete
+%endif
%build
# percent-configure pulls in something that confuses node's configure
@@ -117,7 +121,9 @@
export CXXFLAGS="%{optflags}"
./configure \
--prefix=%{_prefix} \
+%if 0%{?suse_version} > 1320
--shared-openssl \
+%endif
--shared-zlib \
%ifarch aarch64
--dest-cpu=arm64 \
@@ -149,7 +155,10 @@
#node-gyp needs common.gypi too
mkdir -p %{buildroot}%{_datadir}/node
-cp -p common.gypi %{buildroot}%{_datadir}/node
+install -m 644 common.gypi %{buildroot}%{_datadir}/node
+
+# install addon-rpm.gypi
+install -m 644 addon-rpm.gypi %{buildroot}%{_datadir}/node
# Documentation
install -d %{buildroot}%{_docdir}/%{name}
++++++ node-v4.0.0.tar.xz -> node-v4.2.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/nodejs/node-v4.0.0.tar.xz
/work/SRC/openSUSE:Factory/.nodejs.new/node-v4.2.1.tar.xz differ: char 26, line
1
++++++ support-arm64-build.patch ++++++
--- /var/tmp/diff_new_pack.5nclu9/_old 2015-10-20 00:06:47.000000000 +0200
+++ /var/tmp/diff_new_pack.5nclu9/_new 2015-10-20 00:06:47.000000000 +0200
@@ -1,8 +1,8 @@
-Index: node-v4.0.0/Makefile
+Index: node-v4.2.1/Makefile
===================================================================
---- node-v4.0.0.orig/Makefile
-+++ node-v4.0.0/Makefile
-@@ -270,6 +270,9 @@ else
+--- node-v4.2.1.orig/Makefile
++++ node-v4.2.1/Makefile
+@@ -272,6 +272,9 @@ else
ifeq ($(DESTCPU),arm)
ARCH=arm
else
@@ -12,7 +12,7 @@
ifeq ($(DESTCPU),ppc64)
ARCH=ppc64
else
-@@ -280,6 +283,7 @@ ARCH=x86
+@@ -282,6 +285,7 @@ ARCH=x86
endif
endif
endif
@@ -20,15 +20,15 @@
endif
# enforce "x86" over "ia32" as the generally accepted way of referring to
32-bit intel
-Index: node-v4.0.0/configure
+Index: node-v4.2.1/configure
===================================================================
---- node-v4.0.0.orig/configure
-+++ node-v4.0.0/configure
-@@ -560,6 +560,7 @@ def host_arch_cc():
+--- node-v4.2.1.orig/configure
++++ node-v4.2.1/configure
+@@ -580,6 +580,7 @@ def host_arch_cc():
'__aarch64__' : 'arm64',
'__arm__' : 'arm',
'__i386__' : 'ia32',
+ '__aarch64__' : 'arm64',
+ '__MIPSEL__' : 'mipsel',
'__mips__' : 'mips',
'__PPC64__' : 'ppc64',
- '__PPC__' : 'ppc',
