Group :: Development/Tools
RPM: node
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
29 julho 2023 Vitaly Lipatov <lav at altlinux.ru> 18.17.0-alt1
- new version 18.17.0 (with rpmrb script)
- set npm >= 9.6.7
- CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
- CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
- CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
- CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
- new LTS version 18.15.0
- build with OpenSSL 3, ngtcp2, nghttp3
- set npm >= 9.5.0, libuv >= 1.44.2, libicu >= 7.2, libnghttp2 >= 1.51.0
- new version 16.19.1 (with rpmrb script)
- CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA environment variable (Low)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
- set openssl >= 1.1.1s
- set npm >= 8.19.3
- new version 16.18.1 (with rpmrb script)
- CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium)
- new version 16.18.0 (with rpmrb script)
- set npm >= 8.19.2
- new version 16.17.1 (with rpmrb script)
- set npm >= 8.15.0
- CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
- CVE-2022-32213: bypass via obs-fold mechanic (Medium)
- CVE-2022-35255: Weak randomness in WebCrypto keygen
- CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
- new version 16.16.0 (with rpmrb script)
- set openssl >= 1.1.1q
- set npm >= 8.11.0
- new version 16.15.0 (with rpmrb script)
- set npm >= 8.5.5
- build with system brotli
- add corepack package, but build without
- new version 16.14.2 (with rpmrb script)
- set openssl >= 1.1.1n
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)
- new version 16.14.1 (with rpmrb script)
- set npm >= 8.5.0
- new version 16.13.2 (with rpmrb script)
- set npm >= 8.3.1
- set libuv >= 1.43.0
- CVE-2021-44531: Improper handling of URI Subject Alternative Names (Medium)
- CVE-2021-44532: Certificate Verification Bypass via String Injection (Medium)
- CVE-2021-44533: Incorrect handling of certificate subject and issuer fields (Medium)
- CVE-2022-21824: Prototype pollution via console.table properties (Low)
- new LTS version 16.13.1 (with rpmrb script)
- new version 14.18.2 (with rpmrb script)
- CVE-2021-22959: HTTP Request Smuggling due to spaced in headers
- CVE-2021-22960: HTTP Request Smuggling when parsing the body
- python 3.10 support
- set c-ares >= 1.18.1
- use rpm-macros-features to check icu version
- new version 14.18.0 (with rpmrb script)
- disable LTO on armh
- set libuv >= 1.42.0
- new version 14.17.6 (with rpmrb script)
- set npm >= 6.14.15
- set openssl >= 1.1.1l
- CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712, CVE-2021-37713, CVE-2021-39134, CVE-2021-39135
- new version 14.17.5 (with rpmrb script)
- set c-ares >= 1.17.2
- CVE-2021-3672, CVE-2021-22931: Improper handling of untypical characters in domain names
- CVE-2021-22930: Use after free on close http2 on stream canceling
- CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter
- new version 14.17.4 (with rpmrb script)
- CVE-2021-22930: Use after free on close http2 on stream canceling (High)
- set npm >= 6.14.14
- restore minimum ICU version to 65
- new version 14.17.2 (with rpmrb script)
- CVE-2021-22918: Out of bounds read (set libuv >= 1.41.0-alt3)
- new version 14.17.1 (with rpmrb script)
- new version 14.17.0 (with rpmrb script)
- set libuv >= 1.41.0
- new version 14.16.1 (with rpmrb script)
- set openssl >= 1.1.1k
- set npm >= 6.14.12
- new version 14.16.0 (with rpmrb script)
- CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
- CVE-2021-22884: DNS rebinding in --inspect
- new version 14.15.4 (with rpmrb script)
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
- CVE-2020-8265: use-after-free in TLSWrap (High)
- CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)
- new version 14.15.1 (with rpmrb script)
- set c-ares >= 1.16.1-alt2
- CVE-2020-8277: Denial of Service through DNS request (High)
- new version 14.15.0 (with rpmrb script)
- 2020-10-27, Version 14.15.0 'Fermium' (LTS), @richardlau
This release marks the transition of Node.js 14.x into Long Term Support (LTS)
- new version 14.14.0 (with rpmrb script)
- new version 14.13.1 (with rpmrb script)
- internal update llhttp to 2.1.3
- new version 14.13.0 (with rpmrb script)
- set libuv >= 1.40.0
- set c-ares >= 1.16.1
- set libicu >= 6.7 (missed since 14.6.0), use packaged icu only on Sisyphus
- new version 14.11.0 (with rpmrb script)
- CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical)
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High)
- new version 14.9.0 (with rpmrb script)
- libuv >= 1.39.0
- npm >= 6.14.8
- new version 14.7.0 (with rpmrb script)
- npm >= 6.14.7
- new version 14.6.0 (with rpmrb script)
- libuv >= 1.38.1
- npm >= 6.14.6
- new version 14.4.0 (with rpmrb script)
- set libicu >= 6.5
- set libnghttp2 >= 1.41.0
- CVE-2020-8172, CVE-2020-11080, CVE-2020-8174
- new version 14.3.0 (with rpmrb script)
- npm >= 6.14.5
- new version 14.2.0 (with rpmrb script)
- set node ABI to 14
- libuv >= 1.37.0
- new version 13.12.0 (with rpmrb script)
- npm >= 6.14.4
- libuv >= 1.35.0
- new version 13.11.0
- new version 13.10.1
- set node ABI to 13
- use direct /usr/lib/node_modules instead of detected prefix/lib/node
- drop profile with broken obsoleted NODE_PATH
- add /usr/lib/node symlink to /usr/lib/node_modules
- new version 13.9.0 (security fixes)
- set libicu >= 5.6
- new version 13.8.0 (with rpmrb script)
- CVE-2019-15606, CVE-2019-15605, CVE-2019-15604
- make node-devel as arch
- drop tarball with node include headers (see ALT bug 36349)
- add fixes for ix86 build
- new version 13.6.0 (with rpmrb script)
- libuv >= 1.34.0
- switch to python3
- new version 12.14.1 (with rpmrb script)
- build without system http-parser (use bundled llhttp 2.0.1)
- added (+) tarball for node include headers to devel package
- new version 10.18.0 (with rpmrb script)
- npm >= 6.13.4 (security fix)
- new version 10.17.0 (with rpmrb script)
- npm >= 6.11.3
- new version 10.16.3 (with rpmrb script)
- libnghttp2 >= 1.39.2
- CVE-2019-9511, CVE-2019-9511, CVE-2019-9513, CVE-2019-9514
- CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518
- new version 10.16.0 (with rpmrb script)
- 2019-05-28, Version 10.16.0 'Dubnium' (LTS), @BethGriggs
- use npm 6.9, ICU >= 6.4, libuv >= 1.28.0
- new version 10.15.3 (with rpmrb script)
- 2018-03-05, Version 10.15.3 'Dubnium' (LTS), @BethGriggs
- CVE-2019-5737
- fix rpm's cflags using, add -latomic on mipsel
- use external gyp
- new version 10.15.0 (with rpmrb script)
- 2018-12-26, Version 10.15.0 'Dubnium' (LTS), @MylesBorins
- rebuild with http-parser 2.9.0
- new version 10.14.2 (with rpmrb script)
- 2018-12-11, Version 10.14.2 'Dubnium' (LTS), @MylesBorins prepared by @codebytere
- new version 10.14.1 (with rpmrb script)
- disable internal doc
- 2018-11-27, Version 10.14.0 'Dubnium' (LTS), @rvagg
- CVE-2018-12121, CVE-2018-12122, CVE-2018-12123
- new version 10.13.0 (with rpmrb script)
- 2018-10-30, Version 10.13.0 'Dubnium' (LTS), @MylesBorins
- new version 8.12.0 (with rpmrb script)
- 2018-09-11, Version 8.12.0 'Carbon' (LTS)
- new version 8.11.4 (with rpmrb script)
- 2018-08-15, Version 8.11.4 'Carbon' (LTS), @rvagg
- CVE-2018-0732, CVE-2018-12115
- build with external libnghttp2
- fix build with ICU >= 61 (add -DU_USING_ICU_NAMESPACE=1)
- new version (8.11.3) with rpmgs script
- 2018-06-12, Version 8.11.3 'Carbon' (LTS), @evanlucas
- CVE-2018-7167, CVE-2018-7161, CVE-2018-1000168
- new version (8.11.2) with rpmgs script
- 2018-05-15, Version 8.11.2 'Carbon' (LTS)
- new version 6.14.2 (with rpmrb script)
- 2018-04-30 Node.js v6.14.2 'Boron' (LTS) Release
- new version 6.13.0
- 2018-02-13, Version 6.13.0 'Boron' (LTS)
- fixed CVE-2017-15896, CVE-2017-3738
- new version 6.11.4 (with rpmrb script)
- 2017-10-03, Version 6.11.4 'Boron' (LTS)
- new version 6.11.1 (with rpmrb script)
- 2017-07-11 v6.11.1 'Boron' (LTS) Release
- new version 6.10.3 (with rpmrb script)
- 2017-05-02, Version 6.10.3 'Boron' (LTS)
- new version 6.10.2 (with rpmrb script)
- 2017-04-04, Version 6.10.2 'Boron' (LTS), @MylesBorins
- new version 6.10.0 (with rpmrb script)
- 2017-02-21 Node.js v6.10.0 'Boron' (LTS) Release
- new version 6.9.3 (with rpmrb script)
- 2017-01-03, Version 6.9.3 'Boron' (LTS)
- build without npm subpackage
- new version 6.9.2 (with rpmrb script)
- 2016-12-06 Node.js v6.9.2 'Boron' (LTS) Release
- new version 6.9.1 (with rpmrb script)
- 2016-10-19 Node.js v6.9.1 'Boron' (LTS) Release
- new version 6.7.0 (with rpmrb script)
- new version 6.5.0 (with rpmrb script)
- build 2016-08-15 Node.js v6.4.0 (Current) Release
- build 2016-07-21 Node.js v6.3.1 (Current) Release
- build with system libicu, libhttp_parser, c-ares
- cleanup spec
- build 2016-07-06 Node.js v6.3.0 Release
- build 2016-05-24 Version 4.4.5 'Argon' (LTS)
- build 2016-04-12, Version 4.4.3 'Argon' (LTS)
- drop gnuplot and convert reqs from npm
- disable python reqs for npm package
- build with system libuv-devel 1.8.0
- fix include packing
- 2016-01-21 Node.js v4.2.6 "Argon" (LTS) Release (ALT bug #30191)
- build with system openssl 1.0.2
- split doc subpackage
- build 4.2.2 LTS version
- build with static v8 4.5 and static openssl 1.0.2
- new version
- npm 1.3.8
- new version
- new version
- npm 1.3.8
- libv8 requires
- nodejs(engine) should be = %version
- added explicit abi autorequires for binary packages
- fix for i386 i486 i586 i686 i786 i886 i986 pentium2 pentium3 pentium4 k6 athlon athlon_xp compilation w/o -fPIC
- explicit linkage with libv8
- new version
- npm 1.3.5
- 0.10.13
- npm 1.3.2
- added node-devel (ALT #29182)
- 0.10.12
- npm 1.2.32
- Provides: nodejs(engine) by viy@
- 0.10.8
- npm 1.2.23
- 0.10.5
- 0.10.4
- npm 1.2.18
- 0.10.3
- npm 1.2.17
- Build with shared libuv
- 0.10.2
- npm 1.2.15
- 0.8.19
- nmp 1.2.10
- Fix spec
+ non-strict dependency on node
+ added -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto on build
- 0.8.18
- npm 1.2.2
- v0.8.14
- npm v1.1.65
- v0.8.3
- 0.8.0
- Fix BuildRequires
- Added rpm-build-node subpackage
- Provides nodejs node.js
- Separate package devel
- Conflicts with node.js
- Declare NODE_PATH
- npm is noarch package
- v0.6.19
- Separate npm package
- v0.6.17
- v0.6.15
- v0.6.10
- v0.6.9
- v0.6.4
- v0.6.3
- Rebuild with Python-2.7
- v0.4.11
- initial