Hello community, here is the log from the commit of package nodejs for openSUSE:Factory checked in at 2016-02-23 16:57:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nodejs (Old) and /work/SRC/openSUSE:Factory/.nodejs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs" Changes: -------- --- /work/SRC/openSUSE:Factory/nodejs/nodejs.changes 2016-01-22 01:10:38.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.nodejs.new/nodejs.changes 2016-02-23 16:59:21.000000000 +0100 @@ -1,0 +2,28 @@ +Fri Feb 19 16:32:39 UTC 2016 - i...@marguerite.su + +- update version 5.6.0 + * http: fix defects in HTTP header parsing for requests and + responses that can allow request smuggling (CVE-2016-2086) + (boo#966077) or response splitting (CVE-2016-2216 boo#966076) + HTTP header parsing now aligns more closely with the HTTP spec + including restricting the acceptable characters. + * http-parser: upgrade from 2.6.0 to 2.6.1 + * npm: upgrade npm from 3.3.12 to 3.6.0 + * openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against + the Logjam attack, TLS clients now reject Diffie-Hellman + handshakes with parameters shorter than 1024-bits, up from + the previous limit of 768-bits. +- changes in version 5.5.0 + * events: make sure console functions exist + * fs: add autoClose option to fs.createWriteStream + * http: improves expect header handling + * node: allow preload modules with -i + * v8,src: expose statistics about heap spaces + (v8.getHeapSpaceStatistics()) + * Minor performance improvements: + + lib: Use arrow functions instead of bind where possible + + module: cache stat() results more aggressively + + querystring: improve parse() performance +- merge patch: nodejs-libpath.patch and nodejs-lib64path.patch + +------------------------------------------------------------------- Old: ---- node-v5.4.1.tar.xz nodejs-lib64path.patch New: ---- node-v5.6.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nodejs.spec ++++++ --- /var/tmp/diff_new_pack.MZzHUl/_old 2016-02-23 16:59:22.000000000 +0100 +++ /var/tmp/diff_new_pack.MZzHUl/_new 2016-02-23 16:59:22.000000000 +0100 @@ -16,8 +16,9 @@ # +%define npm_version 3.6.0 Name: nodejs -Version: 5.4.1 +Version: 5.6.0 Release: 0 Summary: Evented I/O for V8 JavaScript License: MIT @@ -25,7 +26,6 @@ Url: http://www.nodejs.org Source: http://nodejs.org/dist/v%{version}/node-v%{version}.tar.xz Patch: support-arm64-build.patch -Patch1: nodejs-lib64path.patch Patch2: nodejs-libpath.patch # PATCH-FIX-UPSTREAM use custom addon.gypi by default instead of # downloading node source @@ -51,7 +51,7 @@ BuildRequires: python BuildRequires: xz BuildRequires: zlib-devel -Recommends: npm(npm) = %{version} +Recommends: npm(npm) = %{npm_version} #we need ABI virtual provides where SONAMEs aren't enough/not present so deps #break when binary compatibility is broken @@ -85,7 +85,7 @@ Requires: %{name}-devel = %{version} Provides: nodejs-npm = %{version} Obsoletes: nodejs-npm < 5.3.1 -Provides: npm(npm) = 3.3.12 +Provides: npm(npm) = %{npm_version} Conflicts: otherproviders(npm(npm)) %description -n npm @@ -105,11 +105,7 @@ %prep %setup -q -n node-v%{version} %patch -p1 -%if %{_lib} == "lib64" -%patch1 -p1 -%else %patch2 -p1 -%endif %patch3 -p1 # add check_output to configure script (not part of python # 2.6 in SLES11) @@ -216,6 +212,8 @@ find %{buildroot}%{_libdir}/node_modules/npm -name "LICENSE" -exec chmod -x {} + # browser.js is useless for npm cli find %{buildroot}%{_libdir}/node_modules/npm -name "browser.js" -delete +# .orig +find %{buildroot}%{_libdir}/node_modules/npm/node_modules/node-gyp/lib/ -name "configure.js.orig" -delete %files %defattr(-, root, root) ++++++ node-v5.4.1.tar.xz -> node-v5.6.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/nodejs/node-v5.4.1.tar.xz /work/SRC/openSUSE:Factory/.nodejs.new/node-v5.6.0.tar.xz differ: char 26, line 1 ++++++ nodejs-libpath.patch ++++++ --- /var/tmp/diff_new_pack.MZzHUl/_old 2016-02-23 16:59:22.000000000 +0100 +++ /var/tmp/diff_new_pack.MZzHUl/_new 2016-02-23 16:59:22.000000000 +0100 @@ -1,13 +1,59 @@ -Index: node-v4.0.0/lib/module.js +Index: node-v5.6.0/lib/module.js =================================================================== ---- node-v4.0.0.orig/lib/module.js -+++ node-v4.0.0/lib/module.js -@@ -486,7 +486,7 @@ Module._initPaths = function() { - var homeDir = process.env.HOME; +--- node-v5.6.0.orig/lib/module.js ++++ node-v5.6.0/lib/module.js +@@ -459,7 +459,13 @@ Module._initPaths = function() { + homeDir = process.env.HOME; } - var paths = [path.resolve(process.execPath, '..', '..', 'lib', 'node')]; -+ var paths = ["/usr/lib/node"]; ++ if fs.exists('/usr/lib64', fs.F_OK, function(err) { ++ if (!err) { ++ var paths = ['/usr/lib/node','/usr/lib64/node']; ++ } else { ++ var paths = ['/usr/lib/node']; ++ } ++ }; if (homeDir) { paths.unshift(path.resolve(homeDir, '.node_libraries')); +Index: node-v5.6.0/tools/install.py +=================================================================== +--- node-v5.6.0.orig/tools/install.py ++++ node-v5.6.0/tools/install.py +@@ -87,7 +87,10 @@ def update_shebang(path, shebang): + open(path, 'w').write(s) + + def npm_files(action): +- target_path = 'lib/node_modules/npm/' ++ if os.path.isdir('/usr/lib64'): ++ target_path = 'lib64/node_modules/npm/' ++ else: ++ target_path = 'lib/node_modules/npm/' + + # don't install npm if the target path is a symlink, it probably means + # that a dev version of npm is installed there +@@ -105,7 +108,10 @@ def npm_files(action): + if action == uninstall: + action([link_path], 'bin/npm') + elif action == install: +- try_symlink('../lib/node_modules/npm/bin/npm-cli.js', link_path) ++ if os.path.isdir('/usr/lib64'): ++ try_symlink('../lib64/node_modules/npm/bin/npm-cli.js',link_path) ++ else: ++ try_symlink('../lib/node_modules/npm/bin/npm-cli.js', link_path) + if os.environ.get('PORTABLE'): + # This crazy hack is necessary to make the shebang execute the copy + # of node relative to the same directory as the npm script. The precompiled +@@ -134,7 +140,10 @@ def files(action): + action(['out/Release/node' + exeext], 'bin/node' + exeext) + + if 'true' == variables.get('node_use_dtrace'): +- action(['out/Release/node.d'], 'lib/dtrace/node.d') ++ if 'true' == os.path.isdir('/usr/lib64/'): ++ action(['out/Release/node.d'], 'lib64/dtrace/node.d') ++ else: ++ action(['out/Release/node.d'], 'lib/dtrace/node.d') + + # behave similarly for systemtap + action(['src/node.stp'], 'share/systemtap/tapset/')