From: Raspbian automatic forward porter <root@raspbian.org>
Date: Sat, 6 Jan 2024 00:14:42 +0000 (+0000)
Subject: Merge version 18.13.0+dfsg1-1+rpi1 and 18.19.0+dfsg-6~deb12u1 to produce 18.19.0... 
X-Git-Tag: archive/raspbian/18.19.0+dfsg-6_deb12u1+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ffd1f3c315de936ad1a734baebb4f81cfcaac59c;p=nodejs.git

Merge version 18.13.0+dfsg1-1+rpi1 and 18.19.0+dfsg-6~deb12u1 to produce 18.19.0+dfsg-6~deb12u1+rpi1
---

ffd1f3c315de936ad1a734baebb4f81cfcaac59c
diff --cc debian/changelog
index 49f417469,a2e1bae6f..2d7195d9b
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,11 -1,106 +1,115 @@@
- nodejs (18.13.0+dfsg1-1+rpi1) bookworm-staging; urgency=medium
++nodejs (18.19.0+dfsg-6~deb12u1+rpi1) bookworm-staging; urgency=medium
 +
 +  [changes brought forward from 18.10.0+dfsg-6+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Tue, 15 Nov 2022 03:51:54 +0000]
 +  * Set --with-arm-version=6 on raspbian.
 +  * Use armv6k CFLAGS on raspbian.
 +  * Disable testsuite.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Tue, 17 Jan 2023 00:44:29 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Sat, 06 Jan 2024 00:14:42 +0000
++
+ nodejs (18.19.0+dfsg-6~deb12u1) bookworm-security; urgency=medium
+ 
+   * Upstream update.
+   * CVE-2023-23918: Permissions policies can be bypassed via
+     process.mainModule. Closes #1031834.
+   * CVE-2023-23919: OpenSSL error handling issues in nodejs crypto
+     library. Closes: #1031834.
+   * CVE-2023-23920: Insecure loading of ICU data through ICU_DATA
+     environment variable. Closes: #1031834.
+   * CVE-2023-30590: DiffieHellman do not generate keys after setting a
+     private key. Closes: #1039990.
+   * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR.
+     Closes: #1039990.
+   * CVE-2023-30588: Process interuption due to invalid Public Key information
+     in x509 certificates. Closes: #1039990.
+   * CVE-2023-32559: Permissions policies can be bypassed via process.binding.
+     Closes: #1050739.
+   * CVE-2023-30581: mainModule.proto bypass experimental policy mechanism.
+     Closes: #1039990.
+   * CVE-2023-32002: Permissions policies can be bypassed via Module._load.
+     Closes: #1050739.
+   * CVE-2023-32006: Permissions policies can impersonate other modules in
+     using module.constructor.createRequire(). Closes: #1050739.
+   * CVE-2023-38552: Integrity checks according to policies can be
+     circumvented. Closes: #1054892.
+   * CVE-2023-39333: Code injection via WebAssembly export names.
+     Closes: #1054892.
+ 
+  -- Jérémy Lal <kapouer@melix.org>  Wed, 20 Dec 2023 18:07:36 +0100
+ 
+ nodejs (18.19.0+dfsg-6) unstable; urgency=medium
+ 
+   * patch: remove useless and badly done icu_74 patch
+ 
+  -- Jérémy Lal <kapouer@melix.org>  Sun, 03 Dec 2023 22:41:14 +0100
+ 
+ nodejs (18.19.0+dfsg-5) unstable; urgency=medium
+ 
+   * patch: disable openssl test that depends on error message format
+ 
+  -- Jérémy Lal <kapouer@melix.org>  Sun, 03 Dec 2023 22:41:00 +0100
+ 
+ nodejs (18.19.0+dfsg-4) unstable; urgency=medium
+ 
+   * patch:
+     + remove a failed attempt for test dns-resolveany-bad-ancount
+       skip it, it uselessly hangs.
+     + disable some icu test to allow transition to 74
+     + fix test-crypto-dh.js to pass with openssl 3.0.11, 3.1.4
+     + riscv64: some tests have been fixed, but new ones fail
+ 
+  -- Jérémy Lal <kapouer@melix.org>  Sun, 03 Dec 2023 15:00:35 +0100
+ 
+ nodejs (18.19.0+dfsg-3) unstable; urgency=medium
+ 
+   * patch: drop fixed openssl test patch
+   * patch: allow bad-ancount test to fail
+ 
+  -- Jérémy Lal <kapouer@melix.org>  Sat, 02 Dec 2023 02:12:25 +0100
+ 
+ nodejs (18.19.0+dfsg-2) unstable; urgency=medium
+ 
+   * patch: fix test_dns_resolveany_bad_ancount_timeout.patch
+ 
+  -- Jérémy Lal <kapouer@melix.org>  Fri, 01 Dec 2023 19:07:23 +0100
+ 
+ nodejs (18.19.0+dfsg-1) experimental; urgency=medium
+ 
+   [ Jérémy Lal ]
+   * New upstream version 18.19.0+dfsg
+     + tests pass with openssl 3.1, closes: #1055416
+     + tests pass with libc-ares >= 1.23.0, closes: #1054690
+   * Harmonize stack size patch for arm64. Closes: 1030284
+   * Install dir usr/lib/<tripler>/nodejs. Fix #1035463
+   * No longer force gcc 11 for sid
+   * Fix Vcs fields to point to the right branch
+   * builtins: set correct version in builtins headers
+   * dfsg-exclude for non-preferred form for modification:
+     + deps/ada
+     + deps/minimatch
+     + test/fixtures/postject-copy
+   * component: ./ada
+   * copyright:
+     + add missing authors to histogram
+     + drop unnecessary snapshot.blob exclusion
+     + licenses for ada
+     + deps/cares now using Expat
+     + document some new files
+   * patches:
+     + test-process-versions must use system versions
+     + drop the test using postject
+     + build using ada component instead of deps/ada
+     + minimatch is actually not needed for build
+     + fix test-runner-output, forwarded
+     + mark parallel/test-debugger-preserve-breaks as flaky,
+       it is failing in sbuild for now
+     + fix test-dns-resolveany-bad-ancount to work with c-ares,
+       also to not hang the testsuite in sbuild
+ 
+   [ Yadd ]
+   * Declare compliance with policy 4.6.2
+ 
+  -- Jérémy Lal <kapouer@melix.org>  Fri, 01 Dec 2023 01:23:44 +0100
  
  nodejs (18.13.0+dfsg1-1) unstable; urgency=medium