Skip to content
Snippets Groups Projects
  1. Jun 28, 2022
  2. Aug 23, 2021
  3. Aug 19, 2021
  4. Jul 27, 2021
  5. May 05, 2021
  6. Apr 08, 2021
  7. Mar 23, 2021
  8. Mar 11, 2021
  9. Mar 06, 2021
  10. Feb 23, 2021
    • Jérémy Lal's avatar
      Import Debian changes 12.21.0~dfsg-1 · b8e54bba
      Jérémy Lal authored
      nodejs (12.21.0~dfsg-1) unstable; urgency=high
      .
        * New upstream version 12.21.0~dfsg
          Fixed vulnerabilities:
          + CVE-2021-22883: HTTP2 'unknownProtocol' cause DoS
            by resource exhaustion
          + CVE-2021-22884: localhost6 DNS rebinding in --inspect
  11. Feb 14, 2021
    • Jérémy Lal's avatar
      Import Debian changes 12.20.2~dfsg-2 · 591f524a
      Jérémy Lal authored
      nodejs (12.20.2~dfsg-2) unstable; urgency=medium
      
        * Source-only upload. Closes: #982787 
      
      nodejs (12.20.2~dfsg-1) unstable; urgency=medium
      
        * New upstream version 12.20.2~dfsg
      
        [ lintian-brush ]
        * Trim trailing whitespace.
        * Use secure copyright file specification URI.
        * Use secure URI in Homepage field.
        * Set upstream metadata fields: Security-Contact.
      
        [ Xavier Guimard ]
        * Bump debhelper compatibility level to 13
        * Declare compliance with policy 4.5.1
        * Add "Rules-Requires-Root: no"
        * Modernize debian/watch
        * Add ctype=nodejs to component(s)
        * Update d/copyright urls
      
      nodejs (12.20.1~dfsg-3) unstable; urgency=medium
      
        * Team upload
        * Provide node-types-node (Closes: #979698)
      
      nodejs (12.20.1~dfsg-2) unstable; urgency=medium
      
        * Team upload
        * Indicate that it breaks node-typescript-types < 20210110~
          (Closes: #979693)
      
      nodejs (12.20.1~dfsg-1) unstable; urgency=medium
      
        * New upstream version 12.20.1~dfsg. Closes: #979364.
          Fixed vulnerabilities:
          + CVE-2020-8265: use-after-free in TLSWrap (High)
          + CVE-2020-8287: HTTP Request Smuggling (Low)
        * Patch to always use pure javascript cjs lexer instead
          of wasm files that can't be generated with currently
          available packages.
        * copyright: cjs-module-lexer is expat
        * copyright: exclude cjs-module-lexer unbuildable files
        * copyright: fix some copyright years
        * lintian-overrides: false positive for a unicode regexp
        * copyright: shjs is no longer used
      
      nodejs (12.19.0~dfsg-1) unstable; urgency=medium
      
        * New upstream version 12.19.0~dfsg (Closes: #968681)
        * Refresh patches
      
      nodejs (12.18.4~dfsg-1) unstable; urgency=high
      
        * New upstream version 12.18.4~dfsg
          Vulnerabilities fixed:
          + CVE-2020-8201
            HTTP Request Smuggling due to CR-to-Hyphen conversion (High)
          + CVE-2020-8252
            fs.realpath.native on may cause buffer overflow (Medium)
      
      nodejs (12.18.3~dfsg-4) unstable; urgency=medium
      
        * python3 patch: use env.PYTHON in two tests
          Closes: #967032 for good.
      
      nodejs (12.18.3~dfsg-3) unstable; urgency=medium
      
        * export PYTHON = python3 for Makefile
      
      nodejs (12.18.3~dfsg-2) unstable; urgency=medium
      
        * tests/control: depends python3, python3-distutils, drop cdbs
          Thanks Moritz Mühlenhoff for noticing that.
      
      nodejs (12.18.3~dfsg-1) unstable; urgency=medium
      
        * New upstream version 12.18.3~dfsg
        * B-D python3, python3-distutils
          patch configure to use python3 (Closes: #967032)
        * nodejs-doc: depends libjs-highlight.js
        * copyright: dfsg-exclude highlight.pack.js,
          replace sh_javascript.min.js
        * source/lintian-overrides: drop sh_javascript.min.js override
        * Drop patch that restores unminified sh_javascript.min.js
        * Update make-doc.patch to deal with new syntax in esm.md
      
      nodejs (12.18.2~dfsg-1) unstable; urgency=medium
      
        * New upstream version 12.18.2~dfsg
        * Drop Breaks: libnode64-dev, package does not exist
        * Drop libnode-dev Depends: nodejs, useless
        * libnode72 breaks libnode64. Closes: #966008
      
      nodejs (12.18.1~dfsg-1) unstable; urgency=medium
      
        * New upstream version 12.18.1~dfsg
        * Update gbp.conf for *-12.x branches
        * Just completely disable ADDRCONFIG flag,
          but skip the two failing tests anyway
        * Multiarch hinter: remove Multi-Arch: same on libnode-dev
        * Patch to fix ppc64 build
        * rules: JOBS=1 on 32-bit only
        * libnode-dev depends nodejs: let addons test all right ?
      
      nodejs (12.18.0~dfsg-3) unstable; urgency=medium
      
        * mipsel does not support a feature leading to test failures
        * Two tests won't pass on IPv6-only hosts
      
      nodejs (12.18.0~dfsg-2) unstable; urgency=medium
      
        * Do not use dns.ADDRCONFIG for localhost
      
      nodejs (12.18.0~dfsg-1) experimental; urgency=medium
      
        * New upstream version 12.18.0~dfsg. Closes: #962145.
        * Security fixes:
          + CVE-2020-11080
          + CVE-2020-8172
          + CVE-2020-8174
        * Build-Depends nghttp2 >= 1.41.0
      
      nodejs (12.17.0~dfsg-4) experimental; urgency=medium
      
        * Fix openssl.cnf path in libnode-dev.install
      
      nodejs (12.17.0~dfsg-3) experimental; urgency=medium
      
        * nodejs-doc: remove placeholder in long desc,
          libnode__ABI is libnode72
        * install missing files:
          + libnode: node.stp systemtap config
          + nodejs: gdbinit, lldb_commands.py
        * move files in better paths (backward-compatibly):
          + usr/include/openssl.cnf to usr/share/doc/nodejs
          + usr/include/v8 links to usr/include/node
        * mips patches:
          + reduce reserved memory for mksnapshot to avoid oom
          + test-cli-node-options skips --jitless
      
      nodejs (12.17.0~dfsg-2) experimental; urgency=medium
      
        * Build with -g1 on 32-bit, else -g
        * Use dh --max-parallel=1 on 32-bit
        * Backport v8 commit to fix mips snapshots
        * Install devel files in /usr/include/node,
          keep the old locations for backward compatibility.
        * Use new alioth-lists email for maintainer
        * nodejs-doc: add misc:Depends
        * Standards-Version 4.5.0, no change required
      
      nodejs (12.17.0~dfsg-1) experimental; urgency=medium
      
        * New upstream version 12.17.0~dfsg
        * Ignore dh_dwz failures
        * Depends sse2-support on i386. Closes: #961621
        * copyright: deps/zlib/doc is no longer bundled
        * Drop icu 67 patch
        * On 32bit archs, save memory with -g1 and --max-parallel=1
      
      nodejs (12.16.3~dfsg-2) experimental; urgency=medium
      
        * Revert upstream commit, fix test-tls-root-certificates failure
      
      nodejs (12.16.3~dfsg-1) experimental; urgency=medium
      
        * New upstream version 12.16.3~dfsg
        * dh_dwz: set a lower low-mem-die-limit
      
      nodejs (12.16.2~dfsg-2) experimental; urgency=medium
      
        * Fix arch all build: skip tests, make install
      
      nodejs (12.16.2~dfsg-1) experimental; urgency=medium
      
        [ Xavier Guimard ]
        * Add upstream/metadata
        * Disable test-release-npm test
        * Switch to dh, Bump debhelper compatibility level to 12
        * New upstream version 12.16.1~dfsg
        * Refresh patches
      
        [ Olivier Tilloy ]
        * Fix building architecture-independent doc package
          (Closes: #952629)
      
        [ Jérémy Lal ]
        * Revert "Override any source-is-missing - workaround pattern issues"
        * Simplify and tighten lintian overrides
        * make-doc: drop tools/doc/node_modules target
        * Exclude brotli from deps, use system-installed one
        * Remove brotli from copyright
        * watch xz
        * New upstream version 12.16.2~dfsg
      
      nodejs (12.13.1~dfsg-1) experimental; urgency=medium
      
        * New upstream version 12.13.1~dfsg
        * gsplit-dwarf for all mips variants
        * Standards-Version 4.4.1
        * Non-trivial refresh of make-doc patch
        * Remove uv 1.30 compatibility patch
        * Depends libuv1-dev >= 1.33
        * Override source-is-missing to work around pattern matching issues
        * Comment kfreebsd patch in series to keep lintian quiet
      
      nodejs (12.13.0~dfsg-1) experimental; urgency=medium
      
        * New upstream version 12.13.0~dfsg
        * Link to atomic using a patch, LDFLAGS is not enough
        * Need libuv1-dev >= 1.32.0
        * Do not run parallel jobs at all (consumes too much memory,
          and may make some tests fail).
        * Use shared libhttp-parser (>= 2.9.2) again
        * copyright: update paths
        * Standards-Version 4.4.1
        * Ignore source-is-missing for long lines
      
      nodejs (12.10.0~dfsg-2) experimental; urgency=medium
      
        * test: test-npm-version fails because npm not bundled
        * ppc64 not supported: https://github.com/nodejs/node/issues/29534
      
      nodejs (12.10.0~dfsg-1) experimental; urgency=medium
      
        * New upstream version 12.10.0~dfsg
        * Tighten b-d pkg-js-tools (Closes: #934240)
        * Use nodepath to setup links to acorn properly
        * README: match current modules search paths (Closes:#939001)
        * copyright:
          + add rimraf paragraph
          + couple new files in v8
        * Revert upstream commit to stay compatible with uv 1.30
      
      nodejs (12.8.0~dfsg-2) experimental; urgency=medium
      
        * Fix js-yaml install path using nodepath (Closes: #934228)
        * Update make-doc.patch to avoid fetching remote changelog
      
      nodejs (12.8.0~dfsg-1) experimental; urgency=medium
      
        * New upstream version 12.8.0~dfsg (Closes: #934207)
        * Fix make-doc.patch (Closes: #933840)
      
      nodejs (12.7.0~dfsg-1) experimental; urgency=medium
      
        * New upstream version 12.7.0~dfsg (Closes: #932991)
        * Use shared libuv >= 1.30.1
        * libnode-dev depends libuv1-dev (Closes: #905415)
        * Build-Depends node-debbundle-acorn >= 6.1.0~
        * Build-Depends libnghttp2-dev >= 1.39.1
        * Tighten dependency on icu >= 64.0~
        * rules: set nghttp2 lib name - upstream assumes lib prefix
        * Upstream patch to fix linking against libnode
        * Build with snapshot https://github.com/nodejs/node/issues/28675
      
      nodejs (12.2.0~dfsg-1) experimental; urgency=medium
      
        * New upstream version 12.2.0~dfsg
      
      nodejs (12.1.0~dfsg-1) experimental; urgency=medium
      
        * New upstream version 12.1.0~dfsg
        * Unapply all openssl 1.1.1 support patches
        * Unapply silencing of buffer deprecations warnings
        * Build using embedded uv until libuv1 1.28 is available
        * Build using node-acorn >= 6, node-acorn-walk
        * Update copyright file
        * dfsg-exclude tools/lint-md.js, dependencies to rebuild it
          are not available at the moment.
  12. Jan 10, 2021
  13. Jan 05, 2021
    • Jérémy Lal's avatar
      Import Debian changes 10.23.1~dfsg-1~deb10u1 · 3d03d11e
      Jérémy Lal authored
      nodejs (10.23.1~dfsg-1~deb10u1) buster-security; urgency=medium
      
        * New upstream version 10.23.1~dfsg. Closes: #979364.
          Fixed vulnerabilities:
          + CVE-2020-8265: use-after-free in TLSWrap (High)
          + CVE-2020-8287: HTTP Request Smuggling (Low)
      
      nodejs (10.22.1~dfsg-1~deb10u1) buster-security; urgency=medium
      
        * New upstream version 10.22.1~dfsg
          Vulnerabilities fixed:
          + CVE-2020-8252
            fs.realpath.native on may cause buffer overflow (Medium)
  14. Aug 04, 2020
  15. Jul 01, 2020
  16. Jun 04, 2020
  17. Apr 30, 2020
  18. Apr 20, 2020
    • Jérémy Lal's avatar
      Import Debian changes 10.19.0~dfsg1-1 · 87eadf9e
      Jérémy Lal authored
      nodejs (10.19.0~dfsg1-1) buster-security; urgency=medium
      
        * New upstream version 10.19.0~dfsg1
        * Delete applied ssl 1.1.1 compatibility patches
        * Revert upstream changes to stay compatible with stable libuv1:
          + uv_os_uname is not available
          + test-dgram-address uv returns EINVAL, not EBADF
        * Never run tests in parallel to avoid memory exhaustion
        * Use embedded nghttp2 as upstream rely that much on having
          an updated version of it.
        * Avoid two tests to cause a FTBFS (Closes #919588)
        * Patch for compatibility with libuv1 from stable
        * uv in stable expects EINVAL, not EBADF
        * Link to atomic using a patch, LDFLAGS is not enough
        * Exclude brotli from deps, use system-installed one
          + B-D brotli
          + use upstream patch
  19. Mar 30, 2020
  20. Oct 10, 2019
Loading