dgit.raspbian.org Git - nodejs.git/log

build doc using marked and js-yaml

Forwarded: not-needed
Reviewed-By: Xavier Guimard <yadd@debian.org>
Last-Update: 2021-03-03

While waiting for unified/remarked/rehyped modules to be available in debian

Gbp-Pq: Topic build
Gbp-Pq: Name doc.patch

do not build cctest, build broken on debian

Last-Update: 2017-12-18
Forwarded: not yet !

Gbp-Pq: Topic build
Gbp-Pq: Name cctest_disable.patch

add acorn, walk to shared builtins

Last-Update: 2022-09-28
Forwarded: https://github.com/nodejs/node/pull/44376

Gbp-Pq: Topic build
Gbp-Pq: Name more_shareable_builtins.patch

debian openssl in testing or sid (3.0.11, 3.1.4) does not seem to have that different behavior

Last-Update: 2023-11-03

Gbp-Pq: Topic build
Gbp-Pq: Name openssl_3011_without_new_error_message.patch

[PATCH] Add a CipherString for nodejs

If the default security level is overwritten at build time of openssl
then it is needed to lower it again for nodejs in order to pass the
testsuite because it is using smoil keys.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Gbp-Pq: Topic build
Gbp-Pq: Name openssl_config_explicit_lower.patch

nodejs (18.19.0+dfsg-6~deb12u1) bookworm-security; urgency=medium

  * Upstream update.
  * CVE-2023-23918: Permissions policies can be bypassed via
    process.mainModule. Closes #1031834.
  * CVE-2023-23919: OpenSSL error handling issues in nodejs crypto
    library. Closes: #1031834.
  * CVE-2023-23920: Insecure loading of ICU data through ICU_DATA
    environment variable. Closes: #1031834.
  * CVE-2023-30590: DiffieHellman do not generate keys after setting a
    private key. Closes: #1039990.
  * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR.
Closes: #1039990.
  * CVE-2023-30588: Process interuption due to invalid Public Key information
    in x509 certificates. Closes: #1039990.
  * CVE-2023-32559: Permissions policies can be bypassed via process.binding.
Closes: #1050739.
  * CVE-2023-30581: mainModule.proto bypass experimental policy mechanism.
Closes: #1039990.
  * CVE-2023-32002: Permissions policies can be bypassed via Module._load.
Closes: #1050739.
  * CVE-2023-32006: Permissions policies can impersonate other modules in
    using module.constructor.createRequire(). Closes: #1050739.
  * CVE-2023-38552: Integrity checks according to policies can be
    circumvented. Closes: #1054892.
  * CVE-2023-39333: Code injection via WebAssembly export names.
Closes: #1054892.
[dgit import unpatched nodejs 18.19.0+dfsg-6~deb12u1]

Import nodejs_18.19.0+dfsg-6~deb12u1.debian.tar.xz

[dgit import tarball nodejs 18.19.0+dfsg-6~deb12u1 nodejs_18.19.0+dfsg-6~deb12u1.debian.tar.xz]

Import nodejs_18.19.0+dfsg.orig.tar.xz

[dgit import orig nodejs_18.19.0+dfsg.orig.tar.xz]

Import nodejs_18.19.0+dfsg.orig-ada.tar.xz

[dgit import orig nodejs_18.19.0+dfsg.orig-ada.tar.xz]

Import nodejs_18.19.0+dfsg.orig-types-node.tar.xz

[dgit import orig nodejs_18.19.0+dfsg.orig-types-node.tar.xz]