nodejs8-devel-8.17.0-150200.10.22.1<>, 8bp}p9|;/](\?!,)Ju/a_V :՝.YXlC/jgVs:-nFȳN^b5n-Aw)*ޱdzsT~1G)>ԭ g<1/ IR>Grߺ@hTϑ=H3I'SAJ7vmvDb!'HF;h]ɱdMy1A \2G<&ܵsyu2Z' h/̫*fw{\հΎϢ7*Rhe^>;T?Dd & I 1DJT-- b- - p-  -  --a-Bh-Ph(8 9:FTGp-H$-I-XY\H-]-^ bcMdeflu-vz@Cnodejs8-devel8.17.0150200.10.22.1Development headers for NodeJS 8.xThis package provides development headers for Node.js needed for creation of binary modules.bp}ibs-power9-13 SUSE Linux Enterprise 15SUSE LLC MIThttps://www.suse.com/Development/Languages/NodeJShttps://nodejs.orglinuxppc64le\s@\w@\T4\3?@\ @[@[R@[@[z@[]@[#@[!@[@[WZ@ZZZľ@ZlZZ@Zz@Zp^@ZTZ nodejs8, the new current and eventually LTS upstream branch. Note that the LTS lifespan for 8.x will end on December 31st, 2019 unless extended at a later date. - New upstream version 8.0.0. Notable changes * Async Hooks - now in core * Buffer + Using the --pending-deprecation flag will cause Node.js to emit a deprecation warning when using new Buffer(num) or Buffer(num). + new Buffer(num) and Buffer(num) will zero-fill new Buffer + Many Buffer methods now accept Uint8Array as input * Child Process + Argument and kill signal validations have been improved + Child Process methods accept Uint8Array as input * Console + Error events emitted when using console methods are now supressed. * Dependencies + The npm client has been updated to 5.0.0 + V8 has been updated to 5.8 with forward ABI stability to 6.0 * Domains + Native Promise instances are now Domain aware * Errors + We have started assigning static error codes to errors generated by Node.js. This has been done through multiple commits and is still a work in progress. * File System + The utility class fs.SyncWriteStream has been deprecated + The deprecated fs.read() string interface has been removed * HTTP + Improved support for userland implemented Agents + Outgoing Cookie headers are concatenated into a single string + The httpResponse.writeHeader() method has been deprecated + New methods for accessing HTTP headers have been added to OutgoingMessage * lib + All deprecation messages have been assigned static identifiers + The legacy linkedlist module has been removed * N-API + Experimental support for the new N-API API has been added * Process + Process warning output can be redirected to a file using the - -redirect-warnings command-line argument + Process warnings may now include additional detail * REPL + REPL magic mode has been deprecated * src + NODE_MODULE_VERSION has been updated to 57 + Add --pending-deprecation command-line argument and NODE_PENDING_DEPRECATION environment variable + The --debug command-line argument has been deprecated. Note that using --debug will enable the new Inspector-based debug protocol as the legacy Debugger protocol previously used by Node.js has been removed. + Throw when the -c and -e command-line arguments are used at the same time + Throw when the --use-bundled-ca and --use-openssl-ca command-line arguments are used at the same time. * Stream + Stream now supports destroy() and _destroy() APIs + Stream now supports the _final() API * TLS + The rejectUnauthorized option now defaults to true + The tls.createSecurePair() API now emits runtime deprecation + A runtime deprecation will now be emitted when dhparam is less than 2048 bits * URL + The WHATWG URL implementation is now a fully-supported API * Util + Symbol keys are now displayed by default when using util.inspect() + toJSON errors will be thrown when formatting %j + Convert inspect.styles and inspect.colors to prototype-less objects + The new util.promisify() API has been added * Zlib + Support Uint8Array in Zlib convenience methods + Zlib errors now use RangeError and TypeError consistently - node-gyp-addon-gypi.patch: refresh - placeholders from other NodeJS version: 0f3e69db.patch, icu59.patch.- 0f3e69db.patch: placeholder for GCC 7 compilation fixes, already upstreamed.- New upstream version 7.10.0 * crypto: add randomFill and randomFillSync * meta: Added new collaborators * process: fix crash when Promise rejection is a Symbol * url: make WHATWG URL more spec compliant * v8: + fix stack overflow in recursive method + fix build errors with g++ 7 - New upstream version 7.9.0 * util: console is now closer to what is supported in all major browsers- New upstream release 7.8.0 * buffer: do not segfault on out-of-range index (#11927) * crypto: fix memory leak if certificate is revoked (#12089) * deps/npm: upgrade npm to 4.2.0 (#11389) * deps/V8: fix async await desugaring in V8 (#12004) * readline: add option to stop duplicates in history (#2982)- New upstream release 7.7.4 * deps: upgraded internal node-inspect version to 1.10.6, containing several fixes * inspector: use proper WebSockets URLs when bound to 0.0.0.0 * tls: fixed a segfault when the handle was destroyed after a partial read - Changes in release 7.7.3 * net: Socket.prototype.connect now once again functions without a callback * url: URL.prototype.origin now properly specified an opaque return of 'null' for file:// URLs - Changes in release 7.7.2 * tty: add ref() so process.stdin.ref() etc. work * util: fix inspecting symbol key in string - Rebased nodejs-libpath.patch for minor changes in new version- New upstream release 7.7.1 * Fixes bug that prevented all native modules from building - Changes in release 7.7.0 * child_process: spawnSync() exit code now is null when the child is killed via signal * crypto: adding support for OPENSSL_CONF again * doc: items in the API documentation may now have changelogs * http: new functions to access the headers for an outgoing HTTP message * lib: deprecate node --debug at runtime * src: adding support for trace-event tracing * tls: new tls.TLSSocket() supports sec ctx options * url: adding URL.prototype.toJSON support- New upstream release 7.6.0 * crypto: remove expired certs from CNNIC whitelist * deps: update V8 to 5.5 * deps: upgrade libuv to 1.11.0 * deps: add node-inspect 1.10.4 * deps: upgrade zlib to 1.2.11 * fs: allow WHATWG URL objects as paths * inspector: add --inspect-brk * lib: build "node inspect" into node * src: support UTF-8 in compiled-in JS source file * url: extend url.format to support WHATWG URL- New upstream release 7.5.0 * crypto: crypto store source selection available at runtime. Default is to use system CA store managed by OpenSSL library. * deps: + upgrade npm to 4.1.2 + upgrade bunbled OpenSSL to 1.0.2k. * doc: add basic documentation for WHATWG URL API * process: add NODE_NO_WARNINGS environment variable * url: allow use of URL with http.request and https.request - removed 10657.patch - upstreamed - 8334.diff is now an empty patch, upstreamed.- New upstream release 7.4.0 * buffer: improve performance of Buffer allocation by ~11% * buffer: improve performance of Buffer.from() by ~50% * deps/npm: upgrade to v4.0.5 * events: improve performance of EventEmitter.once() by ~27% * fs: allow passing Uint8Array to fs methods where Buffers are supported * http: improve performance of http server by ~7% - New patch 10657.patch * Fixes build error caused by attempt to use bundled zlib - Refresh 8334.diff- Add basic check that Node.js loads successfully to spec file- New upstream release 7.3.0 * buffer: buffer.fill() now works properly for the UCS2 encoding on Big-Endian machines. * cluster: disconnect() now returns a reference to the disconnected worker. * http: Remove stale timeout listeners in order to prevent a memory leak when using keep alive. * tls: Allow obvious key/passphrase combinations. * url: + Including base argument in URL.originFor() to meet specification compliance. + Improve URLSearchParams to meet specification compliance. - 8334.diff: refreshed.- New upstream release 7.2.1 * buffer: reverted the runtime deprecation of calling Buffer() without new * buffer: fixed buffer.transcode() for single-byte character encodings to UCS2 * deps/npm: upgrade npm to 3.10.10 * deps/V8: fixed a significant instanceof performance regression * promise: --trace-warnings now produces useful stacktraces for Promise warnings * repl: fixed a bug preventing correct parsing of generator functions- Update to upstream release 7.2.0 * crypto: The Decipher methods setAuthTag() and setAAD now return this. * dns: Implemented {ttl: true} for resolve4() and resolve6() * libuv: Upgrade to v1.10.1 * process: Added a new external property to the data returned by memoryUsage() * tls: Fixed a memory leak when writes were queued on TLS connection that was destroyed during handshake. * V8 (dep): Upgrade to v5.4.500.43 * v8: The data returned by getHeapStatistics() now includes three new fields: malloced_memory, peak_malloced_memory, and does_zap_garbage. * for complete changelog, see https://nodejs.org/en/blog/release/v7.2.0/ - 8334.diff: ported and updated system CA store for the new node crypto code.- Add missing conflicts to base package. It's not possible to have concurrent nodejs installations.- Package unification across various branches of NodeJS. Package for 4.x, 6.x and current (7.x) branches of NodeJS are now handled via GitHub repository. - New upstream release 7.1.0 - branch as new nodejs7 package. * buffer: + Passing invalid input to Buffer.byteLength will now throw an error + Calling Buffer without new is now deprecated and will emit a process warning + Passing a negative number to allocUnsafe will now throw an error + add buffer.transcode to transcode a buffer's content from one encoding to another primarily using ICU * child process: + The fork and execFile methods now have stronger argument validation + add public API for IPC channel * cluster: + The worker.suicide method is deprecated and will emit a process * deps: + V8 has been updated to 5.4.500.36 + NODE_MODULE_VERSION has been updated to 51 * File System: + A process warning is emitted if a callback is not passed to async file system methods * Promises: + Unhandled Promise rejections have been deprecated and will emit a process warning * The punycode module has been deprecated * add NODE_PRESERVE_SYMLINKS environment variable that has the same effect as the --preserve-symlinks flag * url: An Experimental WHATWG URL Parser has been introduced- New upstream release 6.9.1 * streams: + Fix a regression introduced in v6.8.0 in readable stream that caused unpipe to remove the wrong stream.- new upstream release 6.9.0 * crypto: (N/A: not compiled with FIPS support on openSUSE/SLE) + Don't automatically attempt to load an OpenSSL configuration file, from the OPENSSL_CONF environment variable or from the default location for the current platform. Always triggering a configuration file load attempt may allow an attacker to load compromised OpenSSL configuration into a Node.js process if they are able to place a file in a default location. * node: + Introduce the `process.release.lts` property, set to "Boron". This value is "Argon" for v4 LTS releases and undefined for all other releases. * V8: + CVE-2016-5172/bsc#998743: Backport fix for an arbitrary memory read. The parser in V8 mishandled scopes, potentially allowing an attacker to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. This vulnerability would require an attacker to be able to execute arbitrary JavaScript code in a Node.js process. * v8_inspector: + Generate a UUID for each execution of the inspector. This provides additional security to prevent unauthorized clients from connecting to the Node.js process via the v8_inspector port when running with --inspect. Since the debugging protocol allows extensive access to the internals of a running process, and the execution of arbitrary code, it is important to limit connections to authorized tools only. - refresh patches- Fix incorrect SHASUMS256.txt.asc file that prevented package update being accepted into Factory- enable usage of system certificate store on SLE11SP4 by requiring openssl1 (boo#1000036) - new upstream version 6.7.0 * openssl update (not applicable for SLE12SP2, Leap 42.2 and later) + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules * http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bnc#985201) * tls: properly validate wildcard certificates (CVE-2016-7099, bnc#1001652) * v8: Fix regression where a regex on a frozen object was broken * buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat() * src: Fix regression where passing an empty password and/or salt to crypto.pbkdf2() would cause a fatal error- new upstream version 6.6.0 * crypto: Added crypto.timingSafeEqual() * events: Made the "max event listeners" memory leak warning more accessible * promises: Unhandled rejections now emit a process warning after the first tick * repl: Added auto alignment for .editor mode * util: Some functionality has been added to util.inspect() + Returning this from a custom inspect function now works + Added support for Symbol-based custom inspection methods- new upstream version 6.5.0 * buffer: Fix regression introduced in v6.4.0 that prevented .write() at buffer end * deps: update V8 to 5.1.281.75 * inspector: + fix inspector hang while disconnecting + add support for uncaught exception * repl: Fix saving editor mode text in .save * Revert "repl,util: insert carriage returns in output"- 8334.diff - https://github.com/nodejs/node/pull/8334 * use system CA store instead of one provided by Node- new upstream version 6.4.0 * child_process, cluster: Forked child processes and cluster workers now support stdio configuration. * child_process: argv[0] can now be set to arbitrary values in spawned processes. * fs: fs.ReadStream now exposes the number of bytes it has read * repl: The REPL now supports editor mode. * util: inspect() can now be configured globally using util.inspect.defaultOptions- Use distutils.sysconfig to get build parameters fixing compilation on SLE11SP4- new upstream version 6.3.1 * buffer: Improve performance of Buffer.from(str, 'hex') and Buffer#write(str, 'hex') * buffer: Fix creating from zero-length ArrayBuffer * Backport V8 instanceof bugfix and update to V8 5.0.71.xx * repl: Fix issue with function redeclaration. * util: Fix inspecting of boxed symbols. - 7569.diff - removed, upstreamed - SHASUM256.txt - added empty file so that gpg check is run on the SHASUM256.txt.asc, which is not a detached signature- obsolete remove gpg-offline / %gpg_verify- Use OpenSSL supplied with Leap 42.2 and SLE12 SP2 instead of bundled version.- new upstream version 6.3.0 * buffer: Added buffer.swap64() to compliment swap16() & swap32() * crypto: Root certificates have been updated. * debugger: The server address is now configurable via - -debug=
: * npm: Upgraded npm to v3.10.3 * readline: Added the `prompt` option to the readline constructor. * repl / vm: `sigint`/`ctrl+c` will now break out of infinite loops without stopping the Node.js instance. * added support for v8_inspector (node --inspect) - since we can, build NodeJS shared library. - refreshed patches: * support-arm64-build.patch * nodejs-libpath.patch * npm_search_paths.patch - 7569.diff: * Add upstream PR: #7569 to fix build failure with shared OpenSSL and v8_inspector enabled- Fix Group tag.- new upstream version 6.2.2 * http: + req.read(0) could cause incoming connections to stall and time out under certain conditions. (Fedor Indutny) + When freeing the socket to be reused in keep-alive Agent wait for both prefinish and end events. Otherwise the next request may be written before the previous one has finished sending the body, leading to a parser errors. (Fedor Indutny) * npm: upgrade npm to 3.9.5 (Kat Marchán) - use build_cond to to manage configure parameters, instead of having duplicate suse_version ifs - fix permission issues with some installed files - move fdups to end of install section to make sure we don't end up with dangling symlinks - rpm cannot handle more than one level of parenthesis, hence Conflict: otherproviders(npm), not otherproviders(npm(npm)) as the second version has no desired effect - we should no longer need to explicitly set ARCH values - configure should deal with this properly - verify upstream tarball integrity cryptographically - patch changes: * nodejs-libpath.patch split into two, nodejs-libpath.patch that applies on default and nodejs-libpath64.patch that applies on top for 64-bit arches * support-arm64-build.patch refreshed * npm_search_paths.patch: + search for manpages in paths were we installed them + install modules into /usr/local prefix + search for config files under /etc/nodejs- Search for node modules under /usr/lib{,64}/node_modules and not a non-owned path of /usr/lib{,64}/node- uppdate version 6.2.1 * buffer: Ignore negative lengths in calls to Buffer() and Buffer.allocUnsafe(). * npm: Upgrade npm to 3.9.3 * V8: Upgrade to V8 5.0.71.52. - update to version 6.2.0 * buffer: fix lastIndexOf and indexOf in various edge cases * src,module: add --preserve-symlinks command line flag * util: adhere to noDeprecation set at runtime - refresh support-arm64-build.patch * `configure` bits incorporated upstream - refresh addon-rpm.gypi- update version 6.1.0 * assert: deep{Strict}Equal() now works correctly with circular references. * debugger: Arrays are now formatted correctly in the debugger repl. * deps: Upgrade OpenSSL sources to 1.0.2h. * net: Introduced a Socket#connecting property. Previously this information was only available as the undocumented, internal _connecting property. * process: Introduced process.cpuUsage(). * stream: Writable#setDefaultEncoding() now returns this. * util: Two new additions to util.inspect(): + Added a maxArrayLength option to truncate the formatting of Arrays. This is set to 100 by default. + Added a showProxy option for formatting proxy intercepting handlers. Inspecting proxies is non-trivial and as such this is off by default.- update version 5.9.1 * buffer: Now properly throws RangeErrors on out-of-bounds writes This effects write{Float|Double} when the noAssert option is not used. * timers: Returned timeout objects now have a Timeout constructor name. Performance of Immediate processing is now ~20-40% faster * vm: Fixed a contextify regression introduced in v5.9.0- update version 5.7.0 + buffer: * You can now supply an encoding argument when filling a Buffer Buffer#fill(string[, start[, end]][, encoding]), supplying an existing Buffer will also work with Buffer#fill(buffer[, start[, end]]). See the API documentation for details on how this works. * Buffer#indexOf() no longer requires a byteOffset argument if you also wish to specify an encoding: Buffer#indexOf(val[, byteOffset][, encoding]). + child_process: * spawn() and spawnSync() now support a 'shell' option to allow for optional execution of the given command inside a shell. If set to true, cmd.exe will be used on Windows and /bin/sh elsewhere. A path to a custom shell can also be passed to override these defaults. On Windows, this option allows .bat. and .cmd files to be executed with spawn() and spawnSync(). + http_parser: * Update to http-parser 2.6.2 to fix an unintentionally strict limitation of allowable header characters + dgram: * socket.send() now supports accepts an array of Buffers or Strings as the first argument. See the API docs for details on how this works. + http: * Fix a bug where handling headers will mistakenly trigger an 'upgrade' event where the server is just advertising its protocols. This bug can prevent HTTP clients from communicating with HTTP/2 enabled servers. + net: * Added a listening Boolean property to net and http servers to indicate whether the server is listening for connections. + node: * The C++ node::MakeCallback() API is now reentrant and calling it from inside another MakeCallback() call no longer causes the nextTick queue or Promises microtask queue to be processed out of order. + tls: * Add a new tlsSocket.getProtocol() method to get the negotiated TLS protocol version of the current connection. + vm: * Introduce new 'produceCachedData' and 'cachedData' options to new vm.Script() to interact with V8's code cache. When a new vm.Script object is created with the 'produceCachedData' set to true a Buffer with V8's code cache data will be produced and stored in cachedData property of the returned object. This data in turn may be supplied back to another vm.Script() object with a 'cachedData' option if the supplied source is the same. Successfully executing a script from cached data can speed up instantiation time. See the API docs for details. + performance: Improvements in: * process.nextTick() * path module * querystring module * streams module when processing small chunks - rework nodejs-libpath.patch- update version 5.6.0 * http: fix defects in HTTP header parsing for requests and responses that can allow request smuggling (CVE-2016-2086) (boo#966077) or response splitting (CVE-2016-2216 boo#966076) HTTP header parsing now aligns more closely with the HTTP spec including restricting the acceptable characters. * http-parser: upgrade from 2.6.0 to 2.6.1 * npm: upgrade npm from 3.3.12 to 3.6.0 * openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits. - changes in version 5.5.0 * events: make sure console functions exist * fs: add autoClose option to fs.createWriteStream * http: improves expect header handling * node: allow preload modules with -i * v8,src: expose statistics about heap spaces (v8.getHeapSpaceStatistics()) * Minor performance improvements: + lib: Use arrow functions instead of bind where possible + module: cache stat() results more aggressively + querystring: improve parse() performance - merge patch: nodejs-libpath.patch and nodejs-lib64path.patch- update version 5.4.1 * Minor performance improvements: + module: move unnecessary work for early return * Various bug fixes * Various doc fixes * Various test improvements - fix boo#962297: online update breaks nodejs-npm dependency- update version 5.4.0 * http: + A new status code was added: 451 - "Unavailable For Legal Reasons" + Idle sockets that have been kept alive now handle errors * minor performance improvements: + assert: deepEqual is now speedier when comparing TypedArrays + lib: Use arrow functions instead of bind where possible + node: Improved accessor perf of process.env + node: Improved performance of process.hrtime() + node: Improved GetActiveHandles performance + util: Use faster iteration in util.format() - fix boo#961254: * common.gypi should install at /usr/share/node, which is now in /usr/lib64/node_modules/npm/node_modules/node-gyp * node-gyp requires nodejs-devel which contains v8.h and others so npm sub-package should require nodejs-devel- fix boo#955142: SLES11 compliance of build process * usage of g++ 4.8 needs to be specified on SLES11 * python 2.6 does not include the check_output method used in the configure script. We need to patch it into the script - add patch: nodejs-sle11-python26-check_output.patch - adjust packaging method for nodejs-doc * %{_docdir} will be recreated anyway when *.md is added through %doc macro, so we can't install doc/api in %install section on sle11 - adjust packaging method for nodejs_sitelib * "install -d" won't work on sle11 for %{_libexecdir}, replace with "mkdir -p"- update version 5.3.0 * buffer: Buffer.prototype.includes() has been added to keep parity with TypedArrays * domains: Fix handling of uncaught exceptions * https: Added support for disabling session caching * repl: Allow third party modules to be imported using require() * deps: Upgrade libuv to 1.8.0 - as npm was dropped from factory/d:l:nodejs, we rename nodejs-npm to npm because there's only one npm package existing (there's another one in 13.2 only, but we can upgrade it smoothly through newer version we provide - fix boo#948045 again: Nodejs 4.0 rpm does not install addon-rpm.gypi * I copied codes from old specfile, which installed nodejs modules into /usr/share/node, while I splitted that directory into devel package. so common.gypi and addon-rpm.gypi were not in npm package at all! - nodejs >= 5.2.0 needs binutils-gold to build (github issue #4212)- update to 4.2.3 * http: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector * openssl: Upgrade to 1.0.2e, containing fixes for: + CVE-2015-3193 (boo#957814) "BN_mod_exp may produce incorrect results on x86_64", an attack is considered feasible against a Node.js TLS server using DHE key exchange + CVE-2015-3194 (boo#957815) "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted * v8: Backport fixes for a bug in JSON.stringify() that can result in out-of-bounds reads for arrays.- update to 4.2.2 * buffer: fix value check for writeUInt{B,L}E * buffer: don't CHECK on zero-sized realloc * deps: backport 010897c from V8 upstream * deps: backport 8d6a228 from the v8's upstream * fs: reduced duplicate code in fs.write() * http: fix stalled pipeline bug * lib: fix cluster handle leak * lib: avoid REPL exit on completion error * repl: handle comments properly * repl: limit persistent history correctly on load * src: fix race condition in debug signal on exit * src: fix exception message encoding on Windows * stream: avoid unnecessary concat of a single buffer * Timers: reuse timer in setTimeout().unref() * tls: TLSSocket options default isServer false- fixed boo#948602/CVE-2015-7384: * nodejs: HTTP Denial of Service Vulnerability - drop nodejs-no-fips.patch, upstreamed - update to 4.2.1 * Includes fixes for two regressions + Assertion error in WeakCallback + Undefined timeout regression - changes in 4.2.0 * icu: Updated to version 56 with significant performance improvements * node: + Added new -c (or --check) command line argument for checking script syntax without executing the code + Added process.versions.icu to hold the current ICU library version + Added process.release.lts to hold the current LTS codename when the binary is from an active LTS release line * npm: Upgraded to npm 2.14.7 from 2.14.4 - changes in 4.1.2 * http: + Fix out-of-order 'finish' event bug in pipelining that can abort execution, fixes DoS vulnerability CVE-2015-7384 + Account for pending response data instead of just the data on the current request to decide whether pause the socket or not + libuv: Upgraded from v1.7.4 to v1.7.5 + Improved AIX support * v8: + Upgraded from v4.5.103.33 to v4.5.103.35 + Backported f782159 from v8's upstream to help speed up Promise introspection + Backported c281c15 from v8's upstream to add JSTypedArray length in post-mortem metadata - changes in 4.1.1 * buffer: Fixed a bug introduced in v4.1.0 where allocating a new zero-length buffer can result in the next allocation of a TypedArray in JavaScript not being zero-filled. In certain circumstances this could result in data leakage via reuse of memory space in TypedArrays, breaking the normally safe assumption that TypedArrays should be always zero-filled. * http: Guard against response-splitting of HTTP trailing headers added via response.addTrailers() by removing new-line ([\r\n]) characters from values. Note that standard header values are already stripped of new-line characters. The expected security impact is low because trailing headers are rarely used. * npm: + Upgrade to npm 2.14.4 from 2.14.3 + Upgrades graceful-fs on multiple dependencies to no longer rely on monkey-patching fs + Fix npm link for pre-release / RC builds of Node * v8: + Update post-mortem metadata to allow post-mortem debugging tools to find and inspect: + JavaScript objects that use dictionary properties ScopeInfo and thus closures - changes in 4.1.0 * buffer: + Buffers are now created in JavaScript, rather than C++. This increases the speed of buffer creation + Buffer#slice() now uses Uint8Array#subarray() internally, increasing slice() performance * fs: + fs.utimes() now properly converts numeric strings, NaN, and Infinity + fs.WriteStream now implements _writev, allowing for super-fast bulk writes * http: Fixed an issue with certain write() sizes causing errors when using http.request() * npm: Upgrade to version 2.14.3 * src: V8 cpu profiling no longer erroneously shows idle time * timers: #ref() and #unref() now return the timer they belong to * v8: Lateral upgrade to 4.5.103.33 from 4.5.103.30, contains minor fixes. This fixes a previously known bug where some computed object shorthand properties did not work correctly.- replace node-no-fips.patch with upstream fix- fix build by using internal openssl for openSUSE <= 1320 which didn't provide openssl 1.0.2 - install missing addon-rpm.gypi (boo#948045)- Do not force enable FIPS mode. bsc#947747- update to 4.0.0 * child_process: ChildProcess.prototype.send() and process.send() operate asynchronously across all platforms so an optional callback parameter has been introduced that will be invoked once the message has been sent. * node: Rename "io.js" code to "Node.js". * node-gyp: This release bundles an updated version of node-gyp that works with all versions of Node.js and io.js including nightly and release candidate builds. From io.js v3 and Node.js v4 onward, it will only download a headers tarball when building addons rather than the entire source. * npm: Upgrade to version 2.14.2 from 2.13.3, includes a security update. * timers: Improved timer performance from porting the 0.12 implementation, plus minor fixes. * util: The util.is*() functions have been deprecated, beginning with deprecation warnings in the documentation for this release, users are encouraged to seek more robust alternatives in the npm registry. * v8: Upgrade to version 4.5.103.30 from 4.4.63.30 + Implement new TypedArray prototype methods: copyWithin(), every(), fill(), filter(), find(), findIndex(), forEach(), indexOf(), join(), lastIndexOf(), map(), reduce(), reduceRight(), reverse(), slice(), some(), sort(). + Implement new TypedArray.from() and TypedArray.of() functions. + Implement arrow functions - drop nodejs-openssl-missing-api.patch: it's for 0.9.8. - ppc/ppc64(le) is natively supported since nodejs 3.0.0. so drop nodejs-v0.12.7-release-ppc.patch.bz2 - drop node-gcc5.patch, upstream fixed - add nodejs-lib64path.patch, adjust libdir - add nodejs-libpath.patch, adjust libdir - add node-gyp-addon-gypi.patch * use custom addon.gypi by default instead of downloading node source - add node_modules clean up codes- update version 0.12.7 * openssl: upgrade to 1.0.1p * npm: upgrade to 2.11.3 * v8: cherry-pick JitCodeEvent patch from upstream - changes in 0.12.6 * v8: fix out-of-band write in utf8 decoder * fix boo#937414: CVE-2015-5380: nodejs: out of band write- build with bundled npm- update version 0.12.5 * openssl: upgrade to 1.0.1o * npm: upgrade to 2.11.2 * uv: upgrade to 1.6.1 * V8: avoid deadlock when profiling is active * install: fix source path for openssl headers * install: make sure opensslconf.h is overwritten * timers: fix timeout when added in timer's callback - add patch: node-gcc5.patch * fix gcc 5 version detection- update version 0.12.4 * npm: upgrade to 2.10.1 * V8: revert v8 Array.prototype.values() removal * win: bring back xp/2k3 support - previous changes from 0.12.1 to 0.12.3 see ChangeLog- enable aarch64 - add support-arm64-build.patch- enable s390x- update version 0.12.0 * npm: upgrade to 2.5.1 * mdb_v8: update for v0.12 - drop nodejs-v0.10.32-release-ppc.patch.bz2 - add nodejs-v0.12.0-release-ppc.patch.bz2 - add README.SUSE.PowerPC to explain how to generate ppc patch- Add three arches to ExclusiveArch: ppc ppc64 ppc64le - Add nodejs-v0.10.32-release-ppc.patch.bz2 for them (required as PowerPC support not yet upstream) (the patch header details how it is created) - do not configure --with-gdb for those architecturesibs-power9-13 1651561597  !"#$%&'()*+,-8.17.08.17.0-150200.10.22.18.17.0-150200.10.22.1node8common.gypiconfig.gypilibplatformlibplatform-export.hlibplatform.hv8-tracing.hnode.hnode_api.hnode_api_types.hnode_buffer.hnode_object_wrap.hnode_version.huvuv.haix.handroid-ifaddrs.hbsd.hdarwin.herrno.hlinux.hos390.hposix.hstdint-msvc2008.hsunos.hthreadpool.htree.hunix.hversion.hwin.hv8-debug.hv8-inspector-protocol.hv8-inspector.hv8-platform.hv8-profiler.hv8-testing.hv8-util.hv8-value-serializer-version.hv8-version-string.hv8-version.hv8.hv8config.hsystemtaptapsetnode8.stp/usr/include//usr/include/node8//usr/include/node8/libplatform//usr/include/node8/uv//usr/share//usr/share/systemtap//usr/share/systemtap/tapset/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:24011/SUSE_SLE-15-SP2_Update/3c90a14706695bb6d3c8c263c942d49a-nodejs8.SUSE_SLE-15-SP2_Updatedrpmxz5ppc64le-suse-linuxdirectoryASCII textC source, ASCII textC++ source, ASCII text&8+p[jutf-804979c0cb0e8bf468b8449120f42f0ae1c4d6d4886649ca2fdcc805b72d0f384?P7zXZ !t/]"k%{Y_,x-Z̓Pdz>i wwRvh'޹UvJ6Y-ΔZD uɃsQ;i?6_T\[D'c cWUqdLJ \}=TV5mk#6A,NJ:#KcR).,b6HQqHoKG!sv5v57=iR&JLU/5xK0MD)+9<2ɻj8^ ;M"چ 䇦k cWP+')h֧QaL W_^7]SO[/ΐPs<{T F]`UOn F{™NlWG[ Ap 8.T'}Yhp j,Dp=WL)gވAXG`::gTgrp$ǯR _X7bk2f1><@HB ̘"Vp#yn?jkrP21aJQ(&T#*ft(k=! fƵƍ>_*4J6J.fϔ`kLGι`j CTgSug,gapZvF&LzlCeJVG'{FGtf#o}`+=x{Бfi .^ gZ>6'̵l%v =[e/ukStT`o=!#kP?9MzV_]wa*v6Ӏ5\2+R;Dv ^-1(Huz)lk`KG~%|Ϡj0wPWV$}f1ʗ8D~ {v3-tTzP`}d̝ ~pVԯ +`T YZ