[ubuntu/kinetic-proposed] nodejs 16.13.2+really14.19.1~dfsg-6ubuntu1 (Accepted)
Gianfranco Costamagna
locutusofborg at debian.org
Fri Apr 29 13:09:29 UTC 2022
nodejs (16.13.2+really14.19.1~dfsg-6ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Ubuntu is switching to openssl v3, however nodejs v12 must remain on
openssl v1.1.1 abi. Thus switch from using shared system openssl to
the vendored one.
- debian/patches/test-lowerseclevel.patch: lower SECLEVEL in the
openssl.cnf used for testing
- Cherry-pick upstream 7232c2a1604d241ce0455d919ba9b0b8e9959f81
to fix a build failure with new glibc
nodejs (16.13.2+really14.19.1~dfsg-6) unstable; urgency=medium
[ Jérémy Lal ]
* Remove postinst support for nodejs 6
[ Yadd ]
* Indicate that this breaks libnode72 < 12.22.10~dfsg
and libnode83 < 16.13.2+really14.19.1~dfsg (Closes: #1007248)
nodejs (16.13.2+really14.19.1~dfsg-5) unstable; urgency=medium
[ Yadd ]
* Fix @types/node install (Closes: #1008110)
nodejs (16.13.2+really14.19.1~dfsg-4) unstable; urgency=medium
* Allow test-debugger-preserve-breaks to fail
nodejs (16.13.2+really14.19.1~dfsg-3) unstable; urgency=medium
* Test timeouts: try to stay under the radar
nodejs (16.13.2+really14.19.1~dfsg-2) unstable; urgency=medium
* Upload to unstable
nodejs (16.13.2+really14.19.1~dfsg-1) experimental; urgency=medium
* New upstream version 16.13.2+really14.19.1~dfsg
* control: Break only libnode72 << 12.22.10~, since it can be
co-installed with libnode83. Only Replace it.
Likewise, if version Break: libnode64 << 10.24.1~.
* README.source: no need to rebuild arch-independent packages
* Drop dh_nodejs, totally useless now
* salsa-ci:
+ use debian.yml script
+ disable i386 build
+ disable build checks - autopkgtest runs the same ones
+ disable dbgsym generation to reduce artifacts size
* Let tests using unprivileged port fail. Closes: #994613.
* watch: uversionmangle with really version
* Skip parallel/test-child-process-stdio-overlapped
It depends on a binary that is not part of the build targets
* Namespace custom profile pkg.nodejs.nobuiltin
* copyright:
+ add license for node-acorn component
+ update c-ares paths
+ removed paths in deps/v8/benchmarks/
* Install @types/node only *.d.ts
* Lintian overrides:
+ update expressions
+ v8 uses a heavily modified zlib, allow embedding.
nodejs (16.13.2+really14.19.0~dfsg-2) experimental; urgency=medium
[ Yadd ]
* Update standards version to 4.6.0, no changes needed.
* Make node_modules links (Closes: #1005089)
nodejs (16.13.2+really14.19.0~dfsg-1) experimental; urgency=medium
* New upstream version 14.19.0~dfsg
Workaround the version currently in experimental
* Depends icu >= 67, c-ares >= 1.18.1, libuv1 >= 1.42.0
* Patches:
+ stop using private cares header
+ drop ppc64 patch, hopefully fixed now
+ replace tools/doc patch by copy in debian/doc-generator
+ mark test-debugger-heap-profiler as flaky
+ regroup and rename patches files
+ test helper not skipping for 32-bit mipsel
+ upstream fix test-datetime-change-notify
+ drop fix_daylight_dublin, applied upstream
+ skip corepack tests
* doc-generator:
+ rebase changes on latest upstream doc/tools
+ update, port to js-yaml 4 and marked 4
+ tighten dependency on js-yaml for esm support
* source overrides: update expressions
* Update README.source with info on two-stage build
* Bootstrap nodejs: (wip)
+ add nobuiltin profile, installs files in
/usr/share/nodejs/node when selected,
otherwise just install empty files
+ node-acorn=8.5.0 component for stage 1 builds,
update gbp.conf
+ control: more nocheck, nobuiltin flags
+ instructions in README.source
+ node-highlight.js is Build-Depends-Indep
+ doc-generator depends on external acorn
+ flag !nocheck and !nodoc build-deps
* rules:
+ fix check target for auto_test
+ acorn is needed both for arch and indep targets
+ fix nodejs.install dest dirs
+ configure with verbose
+ do not install corepack
* Drop nodepath, it assumes modules to be installed
* copyright:
+ fix lint-md path
+ highlight.pack.js no longer in tarball
+ update deps/cares paths
+ dfsg-exclude corepack - missing source
+ various paths fixes
[ Bastien Roucariès ]
* Bug fix: "nodejs FTCBFS: uses build architecture build tools such as
gcc or pkg-config", thanks to Helmut Grohne (Closes: #996195).
* Document gyp target/host in debian/rules
[ Helmut Grohne ]
* Add native build dependencies for cross compiling. (Closes: #996416)
nodejs (14.17.4~dfsg-1) experimental; urgency=medium
[ Helmut Grohne ]
* Add native build dependencies for cross compiling. (Closes: #996416)
[ Jérémy Lal ]
* New upstream version 14.17.4~dfsg
* Enable powerpc arch. Closes: #991638
[ Bastien Roucariès ]
* Team upload
* MA: allowed. Thanks Helmut.
* B-D sse2-support. Closes: #994720
* BD: python3:native
* Fix FTCBFS by using crosscompile option
* Document gyp target/host in debian/rules
nodejs (14.17.0~dfsg-2) experimental; urgency=medium
* Install missing headers. Closes: #990282
nodejs (14.17.0~dfsg-1) experimental; urgency=medium
* Switch to branches -14.x
* New upstream version 14.17.0~dfsg
nodejs (14.16.1~dfsg-1) experimental; urgency=medium
[ James Addison ]
* THP ELF assembly: Add .note.GNU-stack section (Closes: #980272)
[ Jérémy Lal ]
* New upstream version 14.16.1~dfsg
* Add Breaks: node-babel-runtime (<< 7). Closes:#987301
nodejs (14.16.0~dfsg-1) experimental; urgency=medium
[ Jérémy Lal ]
* New upstream version 14.16.0~dfsg
Fixed vulnerabilities:
+ CVE-2021-22883: HTTP2 'unknownProtocol' cause DoS
by resource exhaustion
+ CVE-2021-22884: localhost6 DNS rebinding in --inspect
* Refresh make-doc patch
* Patch to always use pure javascript cjs lexer
* copyright: cjs-module-lexer is expat
* copyright: exclude cjs-module-lexer unbuildable files
* copyright: fix some copyright years
* copyright: shjs is no longer used
* lintian-overrides: false positive for a unicode regexp
[ Xavier Guimard ]
* Embed @types/node 14
* Provides node-types-node (Closes: #979698)
* Use secure copyright file specification URI.
* Set upstream metadata fields: Security-Contact.
* Bump debhelper compatibility level to 13
* Declare compliance with policy 4.5.1
* Use secure URI in Homepage field.
* Add "Rules-Requires-Root: no"
* Modernize debian/watch
* Add ctype=nodejs to component(s)
* Update d/copyright urls
nodejs (14.13.0~dfsg-1) experimental; urgency=medium
* New upstream version 14.13.0~dfsg
nodejs (14.12.0~dfsg-1) experimental; urgency=medium
* New upstream version 14.12.0~dfsg
nodejs (14.11.0~dfsg-2) experimental; urgency=medium
* Rewrite changelog with the CVE
nodejs (14.11.0~dfsg-1) experimental; urgency=medium
* New upstream version 14.11.0~dfsg
Vulnerabilities fixed
+ CVE-2020-8251
Denial of Service by resource exhaustion CWE-400 due to
unfinished HTTP/1.1 requests (Critical)
+ CVE-2020-8252
fs.realpath.native on may cause buffer overflow (Medium)
* Refresh patches
nodejs (14.9.0~dfsg-1) experimental; urgency=medium
* New upstream version 14.9.0~dfsg
* Drop python3 patch, applied upstream
* Update make-doc patch to ignore false type-match errors
nodejs (14.8.0~dfsg-1) experimental; urgency=medium
* New upstream version 14.8.0~dfsg
nodejs (14.7.0~dfsg-1) experimental; urgency=medium
* New upstream version 14.7.0~dfsg (Closes: #968139).
* Two tests won't pass on IPv6-only hosts
* There was no such thing as libnode64-dev, remove it
* libnode83 breaks libnode64, libnode72 Closes: #966008
* nodejs-doc: depends node-highlight.js instead of libjs
* python3 support (Closes: #967032):
+ tests/control: depends python3, python3-distutils
+ python3 patch: use env.PYTHON in two tests
+ export PYTHON = python3 for Makefile
* tests/control: drop cdbs, now useless
* Update make-doc.patch to deal with new syntax in esm.md
* Refresh patches:
+ drop mips-fix
+ drop revert-extra-ca
nodejs (14.4.0~dfsg-2) experimental; urgency=medium
* Just completely disable ADDRCONFIG flag
* Multiarch hinter: remove Multi-Arch: same on libnode-dev
* Patch to fix ppc64 build
nodejs (14.4.0~dfsg-1) experimental; urgency=medium
* New upstream version 14.4.0~dfsg
* Bump libnode ABI to 83
* Build-Depends python3-distutils
* Fix make-doc.patch to allow no description
* Fix make-doc.patch for stricter example heading match
* copyright: add zlib copy
* rules: JOBS=1 on 32-bit architectures only
Date: Fri, 29 Apr 2022 15:06:50 +0200
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at alioth-lists.debian.net>
https://launchpad.net/ubuntu/+source/nodejs/16.13.2+really14.19.1~dfsg-6ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 29 Apr 2022 15:06:50 +0200
Source: nodejs
Architecture: source
Version: 16.13.2+really14.19.1~dfsg-6ubuntu1
Distribution: kinetic
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at alioth-lists.debian.net>
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Closes: 966008 967032 968139 979698 980272 987301 990282 991638 994613 994720 996195 996416 1005089 1007248 1008110
Changes:
nodejs (16.13.2+really14.19.1~dfsg-6ubuntu1) kinetic; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- Ubuntu is switching to openssl v3, however nodejs v12 must remain on
openssl v1.1.1 abi. Thus switch from using shared system openssl to
the vendored one.
- debian/patches/test-lowerseclevel.patch: lower SECLEVEL in the
openssl.cnf used for testing
- Cherry-pick upstream 7232c2a1604d241ce0455d919ba9b0b8e9959f81
to fix a build failure with new glibc
.
nodejs (16.13.2+really14.19.1~dfsg-6) unstable; urgency=medium
.
[ Jérémy Lal ]
* Remove postinst support for nodejs 6
.
[ Yadd ]
* Indicate that this breaks libnode72 < 12.22.10~dfsg
and libnode83 < 16.13.2+really14.19.1~dfsg (Closes: #1007248)
.
nodejs (16.13.2+really14.19.1~dfsg-5) unstable; urgency=medium
.
[ Yadd ]
* Fix @types/node install (Closes: #1008110)
.
nodejs (16.13.2+really14.19.1~dfsg-4) unstable; urgency=medium
.
* Allow test-debugger-preserve-breaks to fail
.
nodejs (16.13.2+really14.19.1~dfsg-3) unstable; urgency=medium
.
* Test timeouts: try to stay under the radar
.
nodejs (16.13.2+really14.19.1~dfsg-2) unstable; urgency=medium
.
* Upload to unstable
.
nodejs (16.13.2+really14.19.1~dfsg-1) experimental; urgency=medium
.
* New upstream version 16.13.2+really14.19.1~dfsg
* control: Break only libnode72 << 12.22.10~, since it can be
co-installed with libnode83. Only Replace it.
Likewise, if version Break: libnode64 << 10.24.1~.
* README.source: no need to rebuild arch-independent packages
* Drop dh_nodejs, totally useless now
* salsa-ci:
+ use debian.yml script
+ disable i386 build
+ disable build checks - autopkgtest runs the same ones
+ disable dbgsym generation to reduce artifacts size
* Let tests using unprivileged port fail. Closes: #994613.
* watch: uversionmangle with really version
* Skip parallel/test-child-process-stdio-overlapped
It depends on a binary that is not part of the build targets
* Namespace custom profile pkg.nodejs.nobuiltin
* copyright:
+ add license for node-acorn component
+ update c-ares paths
+ removed paths in deps/v8/benchmarks/
* Install @types/node only *.d.ts
* Lintian overrides:
+ update expressions
+ v8 uses a heavily modified zlib, allow embedding.
.
nodejs (16.13.2+really14.19.0~dfsg-2) experimental; urgency=medium
.
[ Yadd ]
* Update standards version to 4.6.0, no changes needed.
* Make node_modules links (Closes: #1005089)
.
nodejs (16.13.2+really14.19.0~dfsg-1) experimental; urgency=medium
.
* New upstream version 14.19.0~dfsg
Workaround the version currently in experimental
* Depends icu >= 67, c-ares >= 1.18.1, libuv1 >= 1.42.0
* Patches:
+ stop using private cares header
+ drop ppc64 patch, hopefully fixed now
+ replace tools/doc patch by copy in debian/doc-generator
+ mark test-debugger-heap-profiler as flaky
+ regroup and rename patches files
+ test helper not skipping for 32-bit mipsel
+ upstream fix test-datetime-change-notify
+ drop fix_daylight_dublin, applied upstream
+ skip corepack tests
* doc-generator:
+ rebase changes on latest upstream doc/tools
+ update, port to js-yaml 4 and marked 4
+ tighten dependency on js-yaml for esm support
* source overrides: update expressions
* Update README.source with info on two-stage build
* Bootstrap nodejs: (wip)
+ add nobuiltin profile, installs files in
/usr/share/nodejs/node when selected,
otherwise just install empty files
+ node-acorn=8.5.0 component for stage 1 builds,
update gbp.conf
+ control: more nocheck, nobuiltin flags
+ instructions in README.source
+ node-highlight.js is Build-Depends-Indep
+ doc-generator depends on external acorn
+ flag !nocheck and !nodoc build-deps
* rules:
+ fix check target for auto_test
+ acorn is needed both for arch and indep targets
+ fix nodejs.install dest dirs
+ configure with verbose
+ do not install corepack
* Drop nodepath, it assumes modules to be installed
* copyright:
+ fix lint-md path
+ highlight.pack.js no longer in tarball
+ update deps/cares paths
+ dfsg-exclude corepack - missing source
+ various paths fixes
.
[ Bastien Roucariès ]
* Bug fix: "nodejs FTCBFS: uses build architecture build tools such as
gcc or pkg-config", thanks to Helmut Grohne (Closes: #996195).
* Document gyp target/host in debian/rules
.
[ Helmut Grohne ]
* Add native build dependencies for cross compiling. (Closes: #996416)
.
nodejs (14.17.4~dfsg-1) experimental; urgency=medium
.
[ Helmut Grohne ]
* Add native build dependencies for cross compiling. (Closes: #996416)
.
[ Jérémy Lal ]
* New upstream version 14.17.4~dfsg
* Enable powerpc arch. Closes: #991638
.
[ Bastien Roucariès ]
* Team upload
* MA: allowed. Thanks Helmut.
* B-D sse2-support. Closes: #994720
* BD: python3:native
* Fix FTCBFS by using crosscompile option
* Document gyp target/host in debian/rules
.
nodejs (14.17.0~dfsg-2) experimental; urgency=medium
.
* Install missing headers. Closes: #990282
.
nodejs (14.17.0~dfsg-1) experimental; urgency=medium
.
* Switch to branches -14.x
* New upstream version 14.17.0~dfsg
.
nodejs (14.16.1~dfsg-1) experimental; urgency=medium
.
[ James Addison ]
* THP ELF assembly: Add .note.GNU-stack section (Closes: #980272)
.
[ Jérémy Lal ]
* New upstream version 14.16.1~dfsg
* Add Breaks: node-babel-runtime (<< 7). Closes:#987301
.
nodejs (14.16.0~dfsg-1) experimental; urgency=medium
.
[ Jérémy Lal ]
* New upstream version 14.16.0~dfsg
Fixed vulnerabilities:
+ CVE-2021-22883: HTTP2 'unknownProtocol' cause DoS
by resource exhaustion
+ CVE-2021-22884: localhost6 DNS rebinding in --inspect
* Refresh make-doc patch
* Patch to always use pure javascript cjs lexer
* copyright: cjs-module-lexer is expat
* copyright: exclude cjs-module-lexer unbuildable files
* copyright: fix some copyright years
* copyright: shjs is no longer used
* lintian-overrides: false positive for a unicode regexp
.
[ Xavier Guimard ]
* Embed @types/node 14
* Provides node-types-node (Closes: #979698)
* Use secure copyright file specification URI.
* Set upstream metadata fields: Security-Contact.
* Bump debhelper compatibility level to 13
* Declare compliance with policy 4.5.1
* Use secure URI in Homepage field.
* Add "Rules-Requires-Root: no"
* Modernize debian/watch
* Add ctype=nodejs to component(s)
* Update d/copyright urls
.
nodejs (14.13.0~dfsg-1) experimental; urgency=medium
.
* New upstream version 14.13.0~dfsg
.
nodejs (14.12.0~dfsg-1) experimental; urgency=medium
.
* New upstream version 14.12.0~dfsg
.
nodejs (14.11.0~dfsg-2) experimental; urgency=medium
.
* Rewrite changelog with the CVE
.
nodejs (14.11.0~dfsg-1) experimental; urgency=medium
.
* New upstream version 14.11.0~dfsg
Vulnerabilities fixed
+ CVE-2020-8251
Denial of Service by resource exhaustion CWE-400 due to
unfinished HTTP/1.1 requests (Critical)
+ CVE-2020-8252
fs.realpath.native on may cause buffer overflow (Medium)
* Refresh patches
.
nodejs (14.9.0~dfsg-1) experimental; urgency=medium
.
* New upstream version 14.9.0~dfsg
* Drop python3 patch, applied upstream
* Update make-doc patch to ignore false type-match errors
.
nodejs (14.8.0~dfsg-1) experimental; urgency=medium
.
* New upstream version 14.8.0~dfsg
.
nodejs (14.7.0~dfsg-1) experimental; urgency=medium
.
* New upstream version 14.7.0~dfsg (Closes: #968139).
* Two tests won't pass on IPv6-only hosts
* There was no such thing as libnode64-dev, remove it
* libnode83 breaks libnode64, libnode72 Closes: #966008
* nodejs-doc: depends node-highlight.js instead of libjs
* python3 support (Closes: #967032):
+ tests/control: depends python3, python3-distutils
+ python3 patch: use env.PYTHON in two tests
+ export PYTHON = python3 for Makefile
* tests/control: drop cdbs, now useless
* Update make-doc.patch to deal with new syntax in esm.md
* Refresh patches:
+ drop mips-fix
+ drop revert-extra-ca
.
nodejs (14.4.0~dfsg-2) experimental; urgency=medium
.
* Just completely disable ADDRCONFIG flag
* Multiarch hinter: remove Multi-Arch: same on libnode-dev
* Patch to fix ppc64 build
.
nodejs (14.4.0~dfsg-1) experimental; urgency=medium
.
* New upstream version 14.4.0~dfsg
* Bump libnode ABI to 83
* Build-Depends python3-distutils
* Fix make-doc.patch to allow no description
* Fix make-doc.patch for stricter example heading match
* copyright: add zlib copy
* rules: JOBS=1 on 32-bit architectures only
Checksums-Sha1:
1a1773a480622de45427f3ca01440c1cd10d7605 4295 nodejs_16.13.2+really14.19.1~dfsg-6ubuntu1.dsc
1562de95f380e5b89f80bcb54331a6d63b0abe84 897488 nodejs_16.13.2+really14.19.1~dfsg.orig-node-acorn.tar.xz
160042add815f217588b0d2f3bb79f247281b6c7 91124 nodejs_16.13.2+really14.19.1~dfsg.orig-types-node.tar.xz
6c7126d937b42d56b3f16b594aac309283476e76 19612068 nodejs_16.13.2+really14.19.1~dfsg.orig.tar.xz
4e98cd15e4ef370ff2ac98c6277c46974e7c389b 158096 nodejs_16.13.2+really14.19.1~dfsg-6ubuntu1.debian.tar.xz
cce759861c1472aaa4c007feebfc5c0cc947837e 16392 nodejs_16.13.2+really14.19.1~dfsg-6ubuntu1_source.buildinfo
Checksums-Sha256:
4d4f4f7a00c3107d1f126d32f7ad35067691002870e385dfd3c816771b925e36 4295 nodejs_16.13.2+really14.19.1~dfsg-6ubuntu1.dsc
7ed9981927513a2ccac17874999905dcd05d844aa7c2c8d9d32ad2ff85322376 897488 nodejs_16.13.2+really14.19.1~dfsg.orig-node-acorn.tar.xz
b83dc9b7436a4d979e6865096526f1553292df6990bfcb54a132d695d0637eff 91124 nodejs_16.13.2+really14.19.1~dfsg.orig-types-node.tar.xz
e678dde678c70fe41abaf009216dfcee8b2a9703126a8c4d7e3b1d61fb96ef4e 19612068 nodejs_16.13.2+really14.19.1~dfsg.orig.tar.xz
655a262a49adcc78eab2eb0bdc77fd9ab1a5cd62fb331a71fa7a5ffa5097b621 158096 nodejs_16.13.2+really14.19.1~dfsg-6ubuntu1.debian.tar.xz
195d53f17339b39b798df04ed31269dab6a645b7fef96278bcabe55834d2dd07 16392 nodejs_16.13.2+really14.19.1~dfsg-6ubuntu1_source.buildinfo
Files:
7dcf09a43013e54e8f69700d3f3e298d 4295 javascript optional nodejs_16.13.2+really14.19.1~dfsg-6ubuntu1.dsc
4a6332f8a9839cf1ca1bb5bfa4b9f6e5 897488 javascript optional nodejs_16.13.2+really14.19.1~dfsg.orig-node-acorn.tar.xz
eb2ac15d4923164bcf797c2454ac7886 91124 javascript optional nodejs_16.13.2+really14.19.1~dfsg.orig-types-node.tar.xz
e97f7a3f0cf4905b2e1a2f8d0dc8f3a5 19612068 javascript optional nodejs_16.13.2+really14.19.1~dfsg.orig.tar.xz
054bb0dee7f46887aa419a6958e0da33 158096 javascript optional nodejs_16.13.2+really14.19.1~dfsg-6ubuntu1.debian.tar.xz
5d25ca5e7cdb82e529a5cf1de367b222 16392 javascript optional nodejs_16.13.2+really14.19.1~dfsg-6ubuntu1_source.buildinfo
More information about the kinetic-changes
mailing list