Hello community, here is the log from the commit of package nodejs4 for openSUSE:Factory checked in at 2016-09-30 15:34:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nodejs4 (Old) and /work/SRC/openSUSE:Factory/.nodejs4.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs4" Changes: -------- --- /work/SRC/openSUSE:Factory/nodejs4/nodejs4.changes 2016-09-23 11:34:15.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.nodejs4.new/nodejs4.changes 2016-09-30 15:35:10.000000000 +0200 @@ -1,0 +2,21 @@ +Wed Sep 28 08:37:49 UTC 2016 - [email protected] + +- enable usage of system certificate store on SLE11SP4 by + requiring openssl1 (boo#1000036) +- nodejs-libpath.patch: + * adapt patch from main nodejs project so it builds on SLE11 +- New upstream LTS version 4.6.0 + * openssl update (not applicable for SLE12SP2, Leap 42.2 and later) + + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, + CVE-2016-6306, CVE-2016-7052) + + remove support for dynamic 3rd party engine modules + * http: Properly validate for allowable characters in input + user data. This introduces a new case where throw may occur + when configuring HTTP responses, users should already + be adopting try/catch here. (CVE-2016-5325, bnc#985201) + * tls: properly validate wildcard certificates + (CVE-2016-7099, bnc#1001652) + * buffer: Zero-fill excess bytes in new Buffer objects created + with Buffer.concat() + +------------------------------------------------------------------- Old: ---- node-v4.5.0.tar.xz New: ---- node-v4.6.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nodejs4.spec ++++++ --- /var/tmp/diff_new_pack.wZlDxi/_old 2016-09-30 15:35:13.000000000 +0200 +++ /var/tmp/diff_new_pack.wZlDxi/_new 2016-09-30 15:35:13.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package nodejs +# spec file for package nodejs4 # # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # @@ -15,8 +15,9 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: nodejs4 -Version: 4.5.0 +Version: 4.6.0 Release: 0 %define npm_version 2.15.9 %define major_version 4 @@ -95,6 +96,13 @@ #this corresponds to the "engine" requirement in package.json Provides: nodejs(engine) = %{version} +# For SLE11, to be able to use the certificate store we need to have properly +# symlinked certificates. The compatability symlinks are provided by the +# openssl1 library in the Security Module +%if 0%{suse_version} == 1110 +Requires: openssl1 +%endif + #building nodejs makes sense only on v8 archs ExclusiveArch: %{ix86} x86_64 armv7hl aarch64 ppc ppc64 ppc64le BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ SHASUMS256.txt.asc ++++++ --- /var/tmp/diff_new_pack.wZlDxi/_old 2016-09-30 15:35:13.000000000 +0200 +++ /var/tmp/diff_new_pack.wZlDxi/_new 2016-09-30 15:35:13.000000000 +0200 @@ -1,52 +1,52 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -d171f0c859e3895b2430c317001b817866c4de45211ad540c59658ee6a2f689f node-v4.5.0-darwin-x64.tar.gz -61b570d0744bed2725a4d64ab28f641acb1206fee8760035df36f8ee63e54da3 node-v4.5.0-darwin-x64.tar.xz -12ee966eef2abc928f6d7fcf9cfcf2913ef0e59ae07e2dcc20726246ab174fd8 node-v4.5.0-headers.tar.gz -7a83d8e11089c16824dfcd82ca3f5cb9f727545a39f7138d034b67ed95fb922c node-v4.5.0-headers.tar.xz -ecdbb3cb55d0a87aeb10334b47310f1823393abe6273f1ce7c97bcb509051e68 node-v4.5.0-linux-arm64.tar.gz -9034e67629e1912d6dc0632627528565d9e412c6eba410d171f9fd80f700f84f node-v4.5.0-linux-arm64.tar.xz -87c6fb8269475d385a9b923c647890def45079f8e30b55c4737d70558fd36418 node-v4.5.0-linux-armv6l.tar.gz -bc3e33872b009e18f084efb9a595cc12cf8314df125ce80c2e8bde1c2213b5f1 node-v4.5.0-linux-armv6l.tar.xz -99d222ede2f38041c55a64da8e6a669e0128cfb40d40f968cae74d80e52ad566 node-v4.5.0-linux-armv7l.tar.gz -c01482d423b646542ba037cb5ce646cb26518aa2dc9f7728520e7ac1247932b3 node-v4.5.0-linux-armv7l.tar.xz -a517a56b5550567225c6820f99e44fc84ac9953e2fe9db67f3bab7a8d7661e9f node-v4.5.0-linux-ppc64le.tar.gz -e01cb29c51f05dd56e15e0a25918fe4a2ad10cf4b83c4eee89fb0a3598728e50 node-v4.5.0-linux-ppc64le.tar.xz -46bebb806e4e8273e66e02faf5f25145f5351958bda75d9aa49bee9df7ccafec node-v4.5.0-linux-ppc64.tar.gz -f910ffa6ff0dbe32d2e3dea7e73b4f83c37f8a7a0d4078d53f3d3b426e30a8cf node-v4.5.0-linux-ppc64.tar.xz -5678ad94ee35e40fc3a2c545e136a0dc946ac4c039fca5898e1ea51ecf9e7c39 node-v4.5.0-linux-x64.tar.gz -c6ee1f4303353e3605ff70de180431417eb594fe08daf612e692216236750c55 node-v4.5.0-linux-x64.tar.xz -a11ef26fa700eff8ea7acfa491fd362dd362590da2967335d87932e7036a06fd node-v4.5.0-linux-x86.tar.gz -0f5e51d913867eaf71332cd20fd9a98aeb3576b8a22a52e8e1cd97c89cf51feb node-v4.5.0-linux-x86.tar.xz -370b65e6cd27943afc18e517f86c7fc801c0d256cb40ca75b2ff01051223cbb6 node-v4.5.0.pkg -47f0f3c9e33d02a49a6c467d8a12539b0bb3c5bf8e1916bd938eaa956afb47bb node-v4.5.0-sunos-x64.tar.gz -0b83935c6e6decf11c347c1dcaeb1face825a6a103a04117c868239d226de492 node-v4.5.0-sunos-x64.tar.xz -190ff116905ce94291a7122779cbdf493af1ba415432a9a12a32263816b90ccd node-v4.5.0-sunos-x86.tar.gz -2d49973241a67c1a2da747ad469ba43299a84e8e9f7e2d147b08d22084d73c15 node-v4.5.0-sunos-x86.tar.xz -74ced83b8d890d90e2a8b0d54b0d0e9b5e01d6fd6148cec6e9911ff6eaf0cf21 node-v4.5.0.tar.gz -97b99d378c56802444208409568e2e66c46332897f06aead74d1ffbe733bd488 node-v4.5.0.tar.xz -e80a7bf9afb91a422b2955c95a6dd35fec3a7019e5adc21763ed18c9fa6c67a6 node-v4.5.0-win-x64.7z -16aab15b29e79746d1bae708f6a5dbed8ef3c87426a9408f7261163d0cda0f56 node-v4.5.0-win-x64.zip -9d68e8f4c8650b60dfc0955185d867302a9e63b0bd4ee39b8296fc473b033879 node-v4.5.0-win-x86.7z -f79c11ecc0eb6ecb4e95e27744753eaa6db8c255b6c808bc660722c72d45a892 node-v4.5.0-win-x86.zip -367a1872bac36bfd398b89027df80c9c0e604a466185ad4631c167ba1a5d24c8 node-v4.5.0-x64.msi -489e84902243b1adeb7218322bc0e87091c5e758c669e088ac20b4267a8d165d node-v4.5.0-x86.msi -ff1d2bbbc55b15fa3d23dc3d359224674b8d1f20b7f387c1e814099b9801288d win-x64/node.exe -5e54f544fd8ea5cc0a76ccc8b3942e4783de7a174f7cdcd04664a990905395cb win-x64/node.lib -b3c93cfa8155fc58ce86cdd64d28b2254d00b1d46bd3b69cdd965ffa0afa4493 win-x64/node_pdb.7z -973a47686ee5e3c30e986bcc5df5cecdd643d492ef689d33d801e35e912cd869 win-x64/node_pdb.zip -aa0458966999005a5df9d9d74a415022f92ba02ce641bd582cd46e93cd4b8a90 win-x86/node.exe -7e2ff7208dbe2612b55cc5f11be7e17c00b58b410580b3705cb86e7cba09cc97 win-x86/node.lib -a4e089ae072cf15ef247d16a4b7fb8177855e41bc595f395640dbb68d19a6738 win-x86/node_pdb.7z -355ea7df33f95a5d10377276cc7bf4e89b80457f16923b22fb6dad66ea77d3f5 win-x86/node_pdb.zip +525ab42c767525edb7e512c600dedb20d826a6f58e1d6d1b774651a1c782a267 node-v4.6.0-darwin-x64.tar.gz +3c728c25b541fd8b88826568e7867098658df7c45d2389b60877c093a9803bd0 node-v4.6.0-darwin-x64.tar.xz +5eb4b4324d72297066b4b8c91d0b1e7c82cabde9986c986682be66202f37176b node-v4.6.0-headers.tar.gz +862ce573bcfd592ea0c24861c0097bd23ca842d263e03f5dfa1ce08be888f20f node-v4.6.0-headers.tar.xz +bf03e7384b727bc80c0c59cf38ba5704d83faa7f455f40fa62a67c8331dde7d6 node-v4.6.0-linux-arm64.tar.gz +7683e664b648c4ec3f86935f4b4f9fbf56f19d171e1e29d5adf687fc4c392b5b node-v4.6.0-linux-arm64.tar.xz +e7db1c612eb9dd55e3ff246bfa7c35f0b87664e6e2bc7b32891de8cc1e48f5a7 node-v4.6.0-linux-armv6l.tar.gz +766d10a73886bbe1a3abd4b78563a825408cab7e116e590f1bbdc9b88cc3aa09 node-v4.6.0-linux-armv6l.tar.xz +9e46082bef5b521afd483532c8d3715f33d1d4302b7980b904bea3182817275f node-v4.6.0-linux-armv7l.tar.gz +def976771b4a2a4488b87a06c8295ffea55671f7f42df13e3718341d28bf2d40 node-v4.6.0-linux-armv7l.tar.xz +2aa9518ea637cc06877a01c40d4608cf9a7f1588000cf3e550e4ab24c170aee6 node-v4.6.0-linux-ppc64le.tar.gz +b06c39da4fae47e2d204cae183425a3a77849944c5be47c5807f4f08cef51f64 node-v4.6.0-linux-ppc64le.tar.xz +ee77fb6a1dfbe166c9faee25b4f110af25723c64b0abcb9085507b8445fa2e7b node-v4.6.0-linux-ppc64.tar.gz +e35955a846c1082e1681fdcbf488a66e43f56fb0aa7205b86a4aa0ce69dfb1eb node-v4.6.0-linux-ppc64.tar.xz +acf08148cecf245f28126122ac9128ff9909f00938b18d80fc0b92648d1c98a8 node-v4.6.0-linux-x64.tar.gz +a77ceb75a05984153304ad0f09b11d234ca54a67714ba575b52e4298df0343d1 node-v4.6.0-linux-x64.tar.xz +9aab75618de0dca640d747aa25073cbb5a01342dd8aa177df8112e26a39541f4 node-v4.6.0-linux-x86.tar.gz +8994ee2c180a97fc4280bfb390444a4bcb2629290aa8243e7ab6271efab593f4 node-v4.6.0-linux-x86.tar.xz +0359c50c5d7e887c7f17d7ea4f42b1776ac8df263c6471bf8054b5c9f3d42a67 node-v4.6.0.pkg +e9a02da71d0cd6a1874f4a7d227dfcbe6ab9492eba419b5c9a83c8c95065195f node-v4.6.0-sunos-x64.tar.gz +8ea3d2887b4850fb92f75573f30bbb257b7cd11f71cda12becc34868c535acf8 node-v4.6.0-sunos-x64.tar.xz +f8536a25629ef1ad3228b2d712e2fa43bf66980673d3cdf469da37c0407e9633 node-v4.6.0-sunos-x86.tar.gz +5750a8256356f43c6b80854b7c6ce46d6933e64cf5f2efecdf4841e4fe582a28 node-v4.6.0-sunos-x86.tar.xz +0838f12e329edb252e6e6baddca85632bf5ff2ec900e737e88f9bf9b38946b1b node-v4.6.0.tar.gz +42910dbd34e49bfc40580e06753947c30d31101455a38e9f0343a23d67c0c694 node-v4.6.0.tar.xz +0c6509c13cfa9795f08b9bf694383de7e4d93cde14a9e8979a92f21736e19498 node-v4.6.0-win-x64.7z +0782bd50251c2a159fba5b874c56fb4a6680f454cc16892cee8e62d17b7d6f60 node-v4.6.0-win-x64.zip +413f98f2b765fe862ff6971724c3f265dbfe5a2cb865dd1894b4447426542c91 node-v4.6.0-win-x86.7z +13a5dcb90a8397f62c55945b65cb1c7b9d7576af3cbfc8d9cb67f72edcf68201 node-v4.6.0-win-x86.zip +80926b2df6e7efc8adda2e1fcb6328b99fe878d728cf93f39b0c710adc1bcb35 node-v4.6.0-x64.msi +5f91bf57512c1fa96d016c8f6236c689998ed926faa13aaf2170154342ca915a node-v4.6.0-x86.msi +7564472c672e729a724ffe890ba06ec318c9e311684516a25a47b3f1e549504e win-x64/node.exe +24178152fc3a99b9b83a1620897c5624cb7e0ba0544da38e18ca0cde807435d4 win-x64/node.lib +44dbbec125f3c4804ed5d002628c7ddb8e51cd352af0542b9edebcfd718967b5 win-x64/node_pdb.7z +b92e5e5031f19f201ec4568d7761c263af9a20e02b34bdd9e5f7191750aee3fb win-x64/node_pdb.zip +7c9287cec4379082393d85af919a36a3512aa6bfcbf3deba3261a472580041f8 win-x86/node.exe +7d5988939f1567a4d7180010f49ec36b8d3897a8eccb78e461a774d8d2de614e win-x86/node.lib +98f955f69195f12ec429e4cff629c650a6b1dcb43a1c18cef9cf79a11067c88d win-x86/node_pdb.7z +0d0faf3bf0fcf50a943d8202d24d8eb8bb0695ea99498360c1a8a745c7811fd7 win-x86/node_pdb.zip -----BEGIN PGP SIGNATURE----- -iQEcBAEBAgAGBQJXszriAAoJEJM7AfQLXKlGQuEH/Rvw85bg3uDqCTgXxWaxlwLb -Ua/j3UOEJpqG+bdUn3Zvm0RvhyTWDyJkelb5NOdZhbzHd9/F4x8pPO1ZJa3uF7BF -vgBOxcpLIvL4UgpIelZXs/oLBfsD6RVHPIBNCGgeno0ryyEZp7tSrYbVmDO1zr8W -FqMNRN+E07fFbK+bTc9lMQVyclbdb2QHr4s4GmKrMg2i0GRWOndHfr+mQX3pcK9a -dP6dOKguLPAEOThFiPzks/dbMs++Zq/iWUAPXYzRkXZAvF7vVGOBYeAT7z49rlWT -J1qjH0RPlNzfLIHkTyhha9D6EV/4ZuPtDL+1wsXeCkHHWVa631IxhV1OMdFIivU= -=6paR +iQEcBAEBAgAGBQJX6xhwAAoJEMJzeS99g1RdoksH/139ljOj+Vjc0nVNRn5m2KxC +3gldiKMaNBeefV9JOA3tG1fei3KPvO/PRHVCYogQO8IEEpJ5Yer+zQpsLOg/xGDR +nsg9xOBupnSlUAfALilWhkDkBDgcauuiII3tP98GjDaSS+cH6Pctt08l2XTCROYk +YThc0nonmobDGSsHVf4biv+ySMocmpZGU0h10xS2lRVlrxMpEzsxVuCSv52fRDKy +gD0Hf9ZSFi9i1MIxKOIolYpdIVmrS29c6J0LbjW2WcTk21jIOENXEk1uEl71OWHD +plT4hauehu/3a89FcqsOu10MqLStFuEm0T1CXtmn4/Vm2FhJnZfdiCDT1YABD00= +=LyAk -----END PGP SIGNATURE----- ++++++ node-v4.5.0.tar.xz -> node-v4.6.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/nodejs4/node-v4.5.0.tar.xz /work/SRC/openSUSE:Factory/.nodejs4.new/node-v4.6.0.tar.xz differ: char 26, line 1 ++++++ nodejs-libpath.patch ++++++ --- /var/tmp/diff_new_pack.wZlDxi/_old 2016-09-30 15:35:13.000000000 +0200 +++ /var/tmp/diff_new_pack.wZlDxi/_new 2016-09-30 15:35:13.000000000 +0200 @@ -1,7 +1,7 @@ -Index: node-v4.4.5/lib/module.js +Index: node-v4.5.0/lib/module.js =================================================================== ---- node-v4.4.5.orig/lib/module.js -+++ node-v4.4.5/lib/module.js +--- node-v4.5.0.orig/lib/module.js ++++ node-v4.5.0/lib/module.js @@ -453,7 +453,7 @@ Module._initPaths = function() { homeDir = process.env.HOME; } @@ -11,15 +11,15 @@ if (homeDir) { paths.unshift(path.resolve(homeDir, '.node_libraries')); -Index: node-v4.4.5/tools/install.py +Index: node-v4.5.0/tools/install.py =================================================================== ---- node-v4.4.5.orig/tools/install.py -+++ node-v4.4.5/tools/install.py +--- node-v4.5.0.orig/tools/install.py ++++ node-v4.5.0/tools/install.py @@ -6,6 +6,7 @@ import os import re import shutil import sys -+from _sysconfigdata import build_time_vars ++from distutils import sysconfig # set at init time node_prefix = '/usr/local' # PREFIX variable from Makefile @@ -28,7 +28,7 @@ def npm_files(action): - target_path = 'lib/node_modules/npm/' -+ target_path = build_time_vars["LIB"] + '/node_modules/npm/' ++ target_path = sysconfig.get_config_var("LIB") + '/node_modules/npm/' # don't install npm if the target path is a symlink, it probably means # that a dev version of npm is installed there @@ -47,7 +47,7 @@ - else: - shebang = os.path.join(node_prefix or '/', 'bin/node') - update_shebang(link_path, shebang) -+ try_symlink("../" + build_time_vars["LIB"] + '/node_modules/npm/bin/npm-cli.js',link_path) ++ try_symlink("../" + sysconfig.get_config_var("LIB") + '/node_modules/npm/bin/npm-cli.js',link_path) else: assert(0) # unhandled action type @@ -56,7 +56,7 @@ if 'true' == variables.get('node_use_dtrace'): - action(['out/Release/node.d'], 'lib/dtrace/node.d') -+ action(['out/Release/node.d'], build_time_vars["LIB"] + '/dtrace/node.d') ++ action(['out/Release/node.d'], sysconfig.get_config_var("LIB") + '/dtrace/node.d') # behave similarly for systemtap action(['src/node.stp'], 'share/systemtap/tapset/')
