í«îÛnodejs20-devel-20.18.2-150600.3.9.1Žè<�>,èêì‚@‰g’Ap¯ž9Û|‚ÏùÿRckZ…Tö¼èEqôÓ× ít»?ä‡Aˆ«½L#[PÂCìg·ð±ÌžÕšIËåèºÌxQXÆß;!ÓÛJÃÉ{3ç ¬˜šóÎ7¶/KÒ9X}¥|MÐöP‡j8Å 9D2ëð2ÅhM4§$4™ºÑÝ¬w¿QŸSå4BZ(¥»É,4uEš{ÎÌ|•àt‰²Ò0Z"2¬6‹ÿ¦E¥<¸õœ ž¸à0_™Xµ¨¡<¢´ô!Ø¢s›¦œG¥¶¦¾¯äÈ-NgñCrõC•Æ9²:@ý!Ä¢+LÛ¯h$"¼¯®(>Ãþ™t]0»ùåñ|]Ó¾+”ßÎŒöò~>ÿÿÿÀŽè;wü?wìdèéêì &í Jî¨ï¬ñ¸ò¼óÕöö÷úø ü-ý@þFP|@| 8| 0| |%\| %Ø|'È|*4|, ,È|.¸.ì//v(/¢8/¬ 90, :2’ FeàGeô|Hgä|IiÔ|XjPYj\\j|]l€|^sVbsñctšdueu"fu%lu'uu<�|vw,zwŒ“wœÆw äw¦åwèCnodejs20-devel20.18.2150600.3.9.1Development headers for NodeJS 20.xThis package provides development headers for Node.js needed for creation of binary modules.g’Ah01-ch4dÎÎSUSE Linux Enterprise 15SUSE LLC MIThttps://www.suse.com/Development/Languages/NodeJShttps://nodejs.orglinuxx86_64al¿.qƒ;B –¶$ *o.õ HŽÊqãÀ €û `¦ ôT!\L\ \A[òk5þ<�€ñ§ LÙ“;a}¶y$d+A5(#CdPöOi+VõFÁáÎ™Ly'‚òEÑ< š@†ÙWÂ)šïNœ~?vú(îœ¼óåL;ëtÞÿ$Í]rJÈ¥x n™¡á®çcpVä5•ª/e AŠ(]5Í §¿~uAí¤¤Aí¤¤¤¤¤¤¤¤¤¤¤¤¤Aí¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤Aí¤¤¤¤¤¤¤¤¤Aí¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’g’d9f2271b8ef3b69827b67c379a8b0e3d20781c5253ad4281c01cbde3f37a5b78666c190ed084713c21703906d16b42860b1f1fa8889654108235a649735fd712bb3c6bdba714de127d89bb1576c601d69ef6accb5080bce98566f68093bb5ace3c64e8f6eb258720401ec5079869c2148213f72f6d4d4df6df89d546b07a2c1a35cb3964217662a99e9c3cefaf75127a049fb50160cd6292cb1f09039df8c936e07586be071fa0bc194efd585b0c9e483bb332049ee12693de27801879b9c868b83af2ba4c121f24895b01eaf2d08f10b28efd2d3fe046c52a97f7a2fd5a735dbee39f129b2597a9c34a579829fe720f3d71f5cf737918530aab81ead99b1e7f17772b2437ac8463b95dd331c2e7be371f3bb89c933c7cff0bfc09a254d941069e6684f6d11904d1ab201514fbceadaf305431904b6a373b836c3c5a4de7cd9012d8f696a9f983d6a3a89d08e1777bf984483dc5b0816c328d295a80921ff21129e12945e9bc2b6382e97d1527b19d858e54c75149a09107c29bffa53f3c8ad99e4ac38fc7e351a3138c3c99e5ea6a09e61e6ddd8b02b4fc2e48100199e9dadc744fc9a47261fa62c86a07cf1d50cd6ab78caed42c1977dbad9abd3f6f0545382afd83536f15879b859f9f12ca341aff9c462aa541769d0744025daefd92f5a9fcb31086660aa7e306cd3df08488524d57bfadbe542b3ae79f6da0f1f36cc732270e86353643206f2a15023f7c8b9d0d6f16393f8407b48b006fba1e45068ff9d3701ae9493a9e7abdb6003cb2cf582e7fc4fda326d8df78cc08464f0b55a40fd646a79ddfa0882b61d357cb9786ba09fb8f4d93b47222fe72418b7d9872ff115de61ca0a1e7b2d309a8ff9fffe99bb20c819e6f1cb85247f41e8eb1dc641410c4e4b980874119f3dbaa9f4875d6f64f5b23299f876ba7024b34953217216ca8249dc1add987c14d9f94d342828d3341192656557a5603eb3259bde07e808b80ca26e81d2a6ff3aafbd5d568ced4616c0ca10dae50cd324bb5546b3c7cca522363a56e9d9feebb29d49b247590a47d5d62c5b55cfb177535e372e5888509d20027b17078ec8d2ae513dda8ef83bd16afd1e488348f055a87e37ecb41d07cb361c60c805cd15541fe98a5489ea311ba011fd16f7a2812600a54efe4f77ad4f0b220a648a3d6c0b448ebe8c6be3137d59319a6182ac83aab90caf8bdf59079fe8e387f1dbe91157a65cbee581bab2da0fc3f0e1d706e4bf75730c0ab85a998a6a325444565b9c2f4dae373cc25b69e72ca411cffe87e7a4a985c4f8e5b310144dd4390c573e7a792598e1f7d4d000ba345d0d3d627cf98c6f9f4094ef106084ccba26d991809558ee3932ff97cfaa5d30adc33f1a92a1840c5c542cc95193939688010a7dea8c2bdcc9ac2ca32bb57d21033baf8fd15dade948707b2a300e85cec15f31cdf3986f92bad4997fcfed4de53693fb1174a391fec33f757c5dac48444b595c4cb82e4923f67cf207382b518751667be55ee86086b6b8eedaf5baa1b35df51f3610a53d6d2ab65ffe8dbf5560976c4802eac8f4f3197688ba9e93e06590111aa34584ca33a9217610635ca4a901c64f4bdc3e2e9d18951fb3dab6be61ca166ad493a02e382acb093bfd56425ac177504aedcc650ac4dd37f7de38ce56b97831f0ab6b7b7932fcf045b15ca66289eaf9a3218850a6672b7253e59846d44582e8da25f30f36c87595769f9302a9e8cb1de0e6a503ed9b455c8aaff444d76377f9b18393c5623ee003c3dbedf07f0efcc58f27a0d803fa9b1cc9e72889d23d7e6d067eb779d41fc790854dcb2d8e8f58af3a7595979000c8929c83bde86e175eb9d73493d3f902545a55cbf4e6239043f12cd97ec4570ef9f92e1a683e6bff0188137ca3d171b68b9117faf6f6f25afc291c9fe633b07b6d79ffbf501c56d35a5119fb3784382f918e069a33e699c71303e1a9b3159568befe304bbee292a89393f07881fcba3ed097a5989fba1746f1c2cf611f19ba4dcb17071da8a661e0410c31e227f81e2981363c4d543f4832ac3df785343ec64cee621742ff8a0344e9c163e7e549f6e973a6ad951056c2dae71e2eb8d1673cc5889e34ec40e43d01052cb8e8f6025955c2c03b24273b0a7ae29213b20ce548014c8d4081aaeaee9e1e0e8de8f199e3df4f6beb9ea7b2ad8ad183f4631c51b1beb5cf018734b2877411d61d361cf46409024f9221b14412010b33001c5b0d056f51c1b8a1d5e876855531cac9162bd3ee9cce7b98d4b9ae91d78bc2b817a72ebb1cdfa6bfbf92b0d8d5d854088d5725fec9775510e0aeeeb790a41ad083c49bb721d950b86e6bd6135c2bb163618ab4c6d2ce8f8ade7e28eaca3b5889b3a0acb51bd28052ab6549cc16090af77c11039e6982761b71ad555f08cceb9bf800791048d4311bd839e99ff2e4e80a9fa2daf3078adb8a8dfbf79cc6d0e6c84e22b3eeb344a0a0b88a7a3742005cb0797d4dd47c5d9a7501b40e19aac29b51495f5ef0abde6c9221b1f4cbed77e4cf6c06f1224e681cbe607eff04713ca0c1e1f4a102e6a6565ee3f02aa963533ff4b16f72a204a8c760896a857c54d0ac50570f1793e3bef1f2ae8b35f222b6dd3ce67cfbb735b14b1662f065fc23570d6969acf463b39d946b7590d8c53cdd62b9686b8b0e7b2230c9b5459b2ec1053be878c40b8b12e25dc5d3a0f57adce0ed0821c8466a87a0a4c9e0df9ea7e4a4b24d099c7d7ed196f72a13f669d98388ae32ce2c4390b82c3529539d2a476c44f590e960ed30a79f72b807ecd02e9d7218b34e6e89b7b412891b7e2aa8b3a561c5ce9714c1f4def6c8a8593a6a629d4b4ef48dc3c3ab32d75e0a85bcb80e084d42b32aae40d67fc1d882b93298a09ae41099af710289155be012df45c2fce04da6a02e813278b4558935e6459387b3ff9923e5132683ba64d2018a3958a7f5d971df4b074ea65891fac2d99e5aebb8cb6349ad786ea4025b335ee3ef8364e7805049fee3cab0d46db6ef6cdd8b2a1056680ae56c59df0ad43f75a20b1b993bdc05c6ddca87b656c5b20da1956801ecaf7b54f81ffc6d25b24cf1e419d03850a1b57c5362ec8eb35a3c29083d9b6b4b8860ffe5632dcc689cfbc56aaab0f90ed45ee96140f670837bd990d1c85fe77b4346315d5d6cef9510844f8e908be204f044bf1d6710363479193d878ea48fb3934ce17bfee865c2d23f461744b217a051b03b4489c40e57960d223a18b12b3e2b62f14e6ab28a477b4c9f446996c2d2d1917ce1b7e5f689bb36290097b57947fb30ccc86d5175a0b0fd5ffd997c7e190281e4275c942593cbde7faf8005ba4c68b87c1e94d2e4548aa6ec8968e622b2a4791b1494d0dc0c0795f1ceb0ed2fd36597d1c76bee2403dcef8083bb64e65f2dea351eda931c8aa167cf2710c98912cb74df5410390c81919cdd9b77ae5bcbd8479202d506e1236fe8f6eb6d96986745bff0ee9103d73ae4110c0d3cc5d0c0d483d5229302e7e39c5bbc966221e12b951623717be873571c0924c827ec2a538b782b7e298c81a248473fd8d5a7897d06e06871d5c422a06b2d7e75ddfad696f93ee25030abc2e1132f5a9b668d9ad2783655342544e49ad5323e04aefd112facbf5f6630d2f3050fbee1da4bcd0234042362502bc29d2e5fa652b3ca50aeff60bbacbb045a3e9e4ca10b3bb59fd156ca9805102d8620205847630c8b09345b8514f8b56b11065b4053f53f4deeed26dedb59aaa7d563a14fb67784e5e2364ab9606fcf6313a99888db506b0933a8a58227781edb1e5d3468333759aec8dda2905d21cbe1f6bde9d9c8e5695410b61bd9579d84ac44f28d9c6a39a37320b04cce1e8126e42edc5d566a1dd847a95e49f827cbc397f5ba1aee509b946b77d4c0bafe1e700a4b23966c5582d2848229e609cea54294e752df755b4a6fb5341e6add2ecd60750333ed3e1f7745d1fc37ac22ac74ebac312a5901478e398ef1d3a29f0ef56accb6d6736d47e0dbb4cdc470e49b6b5f6a5ed60a1cd220102aa3f911dd4ea7dc9a85a6c5bca7b2919e327a3f67133e57b85f46482e312ec1400ba00cf831fe4fe4556872d270b000a72e92f204c9f94400a75169b3e6b544137fd3fd6a367e833334596ddbf0ca236af998bcfd748938691c99e1f22cf52c75240b27c52972b7097bbf42906409f959915026e027a58407c551aad21d3f08710bc8734fe67caa1888bc970ffde94725ec2eed97d7dbff52838ddff338ce3454c2c2b1f59afbf2bf368d045e092a77054c1e055cf06808240053f30672c424716db7d87cd15029a1dbd1cf2a2f9a3b3dc3b0189531f52753d836d119e3dbfad0a138d4ef95a8ce2dce5719c08323646f2ebdf5d26d1182410dc81852a87d70eb505a057f95f83288d4b3f25d866c0a33875b1069b79005a3d18e422ad8ee362f4f838635c53eedbee1337f25fd50191396ad9c187b42f7ee96ec20ad4d9ac91a9a1eed3efc227a831736bba362f9c2b22ba63b75786ee59a20a51887d8eb18f0412dc3083d84ff9ef7be8526d0b0c7c0823c82145c3472a8617f7209cc225f3b83da48058feeb1f611f2cc40d8f432775911a9076b3f6b2b093a43f864693be944514612e9ecff70aed0b88cc5979d1a9a13abc802421cacf3078e30032ff53dd5d462317ea21760cd1b10abd7591dbcbd455087b09662735d457e46fbb137689019d9a086be1b80cda7157e9d6aa1c176f67def1cbbfdab39e82e3dca9da3c0146dd20fad17c4175478cf697c2f93de5ab050bcce26d772f3ef8e35539a8d374d5429aa8c9dafe9359ab1643baa47f65f503b1863902fe8e24b4268748a572166e01961b56d9f98218be86c8d2bfe2ece8de0f827949b0fbb0cf778860cbc1ced68ae68fc533b77a513caa711529baa9f5eaa14dd1aa782de0931bd8e90a1a9f14b4ee349c43d1208420d0265ab1436ef877fe00c0157369acd591baf0f7c9f70a86dc012327cba70bfac124c1d13b444a7af86a5ed7e0cdfb3738ba252999de6522cad6b52ee461ba3c3522812ff50737806c91c8a871bf552d07e3c99dc0de2ccac5c2d1a07c4dc2160b4df7161b60ebd3794c83ae2753c22d061e5acadee4ceceeb8cb19360febb02ee26e9024f50888b450cadbe60af288019700ee0ee591ba2c7db80f73866680353bdfe2bf99bcac28824961b318737e94490f27eba7dfdb12a5fae07374e3a00f9a6b8d54f07c6feb2147ad1b24f5583eb57b834c92d2c17b16945037800d72ee56824e401fc7ff3414d24207fb94f61ea6c8cd5bed49bf2fab599d23d543b159f61f06e8a66700b6712307425d4858ffbeef3700a25321dac822088317d8072a94fea8e48bf5arootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnodejs20-20.18.2-150600.3.9.1.src.rpmÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿnodejs-develnodejs20-develnodejs20-devel(x86-64) nodejs20npm20rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)20.18.220.18.23.0.4-14.6.0-14.0-15.2-14.14.3gÝÀgPD@f‘ÀfUÇ@f-Àfó@eÏN@eÊ@e·“@e›ãÀe“úÀe_>ÀeLÉÀe;¦@e7±Àe-%Àe¥@e @e;ÀdûÀd÷@dè—ÀdÔÑ@d’æ@dŠý@dkY@dgdÀdbÀd^*@d[‡@dSž@d?×Àadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.dedimstar@opensuse.orgadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deotto.hollmann@suse.comadam.majer@suse.deadam.majer@suse.de- Update to 20.18.2: * src,loader,permission: throw on InternalWorker use when permission model is enabled (bsc#1236251, CVE-2025-23083) * src: fix HTTP2 mem leak on premature close and ERR_PROTO (bsc#1236250, CVE-2025-23085) * deps: Use of Insufficiently Random Values in undici fetch() (bsc#1236258, CVE-2025-22150)- Update to 20.18.1 * Experimental Network Inspection Support in Node.js * Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext * New option for vm.createContext() to create a context with a freezable globalThis * buffer: optimize createFromString - Changes in 20.17.0: * module: support require()ing synchronous ESM graphs * path: add matchesGlob method * stream: expose DuplexPair API - Changes in 20.16.0: * process: add process.getBuiltinModule(id) * inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth * buffer: add .bytes() method to Blob - CVE-2024-21538.patch: fixes regular expression denial of service (bsc#1233856, CVE-2024-21538) - linker_lto_jobs.patch: refreshed - fix_ci_tests.patch: fix dns test vs. older c-ares - nodejs.keyring: sync keys with upstream- Update to 20.15.1: * Bypass incomplete fix of CVE-2024-27980 (bsc#1227560, CVE-2024-36138) * Bypass network import restriction via data URL (bsc#1227554, CVE-2024-22020) * fs.lstat bypasses permission model (bsc#1227562, CVE-2024-22018) * fs.fchown/fchmod bypasses permission model (bsc#1227561, CVE-2024-36137) * Permission model improperly processes UNC paths (bsc#1227563, CVE-2024-37372) - Changes in 20.15.0: * test_runner: support test plans * inspector: introduce the --inspect-wait flag * zlib: expose zlib.crc32() * cli: allow running wasm in limited vmem with --disable-wasm-trap-handler - Changes in 20.14.0 * src,permission: throw async errors on async APIs * test_runner: support forced exit - fix_ci_tests.patch, npm_search_paths.patch: refreshed - skip_no_console.patch: dropped, upstreamed- Update to 20.13.1: * buffer: improve base64 and base64url performance * crypto: deprecate implicitly shortened GCM tags * events,doc: mark CustomEvent as stable * fs: add stacktrace to fs/promises * report: add --report-exclude-network option * src: add uv_get_available_memory to report and process * stream: support typed arrays * util: support array of formats in util.styleText * v8: implement v8.queryObjects() for memory leak regression testing * watch: mark as stable - versioned.patch: refreshed - cares_sle12_capabilities.patch: SLES12 compatibility- Update to 20.12.1: * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) (bsc#1222244) * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation- (Medium) (bsc#1222384) * updated dependencies: + llhttp version 9.2.1 + undici version 5.28.4 (bsc#1222530, bsc#1222603, CVE-2024-30260, CVE-2024-30261) - node-gyp-addon-gypi.patch: adapted for new unit test layouts - fix_ci_tests.patch: add benchmark fix- Update to 20.12.0: * crypto: implement crypto.hash() * util: add loading and parsing environment variables * new connection attempt events: connectionAttempt, connectionAttemptFailed, connectionAttemptTimeout * sea: support embedding assets * support configurable snapshot through --build-snapshot-config flag * util.styleText(format, text): This function returns a formatted text considering the format passed. * vm: support using the default loader to handle dynamic import() - c-ares-fixes.patch: removed, upstreamed - nodejs-libpath.patch, versioned.patch: refreshed- Update to 20.11.1: (security updates) * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High) * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High) * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High) * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) * undici version 5.28.3 (CVE-2024-24758, bsc#1220017) * libuv version 1.48.0 (CVE-2024-24806, bsc#1220053)- update to 20.11.0: * esm: add import.meta.dirname and import.meta.filename * fs: add c++ fast path for writeFileSync utf8 * module: remove useCustomLoadersIfPresent flag * module: bootstrap module loaders in shadow realm * src: add --disable-warning option * src: create per isolate proxy env template * src: make process binding data weak * stream: use Array for Readable buffer * stream: optimize creation * test_runner: adds built in lcov reporter * test_runner: add Date to the supported mock APIs * test_runner, cli: add --test-timeout flag - c-ares-fixes.patch, fix_ci_tests.patch: refreshed- fix_ci_tests.patch: disable test_crypto_fips for openssl 3.x, to be fixed soon (bsc#1219152)- c-ares-fixes.patch: add additional backports for unit test fixes- c-ares-fixes.patch: fixes unit tests for new c-ares- Update to 20.10.0: * --experimental-default-type flag to flip module defaults * The new flag --experimental-detect-module can be used to automatically run ES modules when their syntax can be detected. * Added flush option in file system functions for fs.writeFile functions * Added experimental WebSocket client * vm: fix V8 compilation cache support for vm.Script. This fixes performance regression since v16.x when support for importModuleDynamically was added to vm.Script For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.10.0 - nodejs20-zlib-1.3.patch: upstreamed, removed - fix_ci_tests.patch, node-gyp-addon-gypi.patch: refreshed- Update to 20.9.0: * No changes, just LTS transition- fix_ci_tests.patch: adapt for openssl 3.1.4- Add nodejs20-zlib-1.3.patch: Support zlib version with only major.minor versions, like zlib 1.3.- Security fixes relase 20.8.1 * (CVE-2023-44487, bsc#1216190): nghttp2 Security Release * (CVE-2023-45143, bsc#1216205): undici Security Release * (CVE-2023-39332, bsc#1216271): Path traversal through path stored in Uint8Array * (CVE-2023-39331, bsc#1216270): Permission model improperly protects against path traversal * (CVE-2023-38552, bsc#1216272): Integrity checks according to policies can be circumvented * (CVE-2023-39333, bsc#1216273): Code injection via WebAssembly export names - fix_ci_tests.patch: refreshed- Update to 20.8.0: * Stream performance improvements * Rework of memory management in vm APIs with the importModuleDynamically option * test_runner: + accept testOnly in run + add junit reporter - fix_ci_tests.patch: refreshed- Update to 20.7.0: * src: support multiple --env-file declarations * deps: upgrade npm to 10.1.0 * doc: move and rename loaders section * lib: add api to detect whether source-maps are enabled * src,permission: add multiple allow-fs-* flags * test_runner: expose location of tests - z13.patch: upstreamed- Update to 20.6.1: * f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: removed, upstreamed- f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: fixes issues with Angular and other software that tries to load ECM modules in somewhat circular fashion ending up with multiple executions.- Update to 20.6.0: * add support for .env files to configure envrionment variables * import.meta.resolve unflagged * deps: npm updated to 9.8.1 - nodejs.keyring: updated to include current upstream releasers- Temporarily bundle ICU for SLE15 SP6 (jsc#PED-4819)- Update to version 20.5.1: * (CVE-2023-32002, bsc#1214150): Policies can be bypassed via Module._load (High) * (CVE-2023-32558, bsc#1214155): process.binding() can bypass the permission model through path traversal (High) * (CVE-2023-32004, bsc#1214152): Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High) * (CVE-2023-32006, bsc#1214156): Policies can be bypassed by module.constructor.createRequire (Medium) * (CVE-2023-32559, bsc#1214154): Policies can be bypassed via process.binding (Medium) * (CVE-2023-32005, bsc#1214153): fs.statfs can bypass the permission model (Low) * (CVE-2023-32003, bsc#1214151): fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low) - Changes in 20.5.0: * events: allow safely adding listener to abortSignal * fs: add a fast-path for readFileSync utf-8 * test_runner: add shards support - Changes in 20.4.0: * tls: add ALPNCallback server option for dynamic ALPN negotiation * adds support for ECMAScript Explicit Resource Management * adds Mock Timer support to test module For details see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.5.1 versioned.patch: refreshed- Update to version 20.3.1 (security fixes only). The following CVEs are fixed in this release: * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass Experimental Policy Mechanism (High) * (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in Experimental Permission Model (High) * (CVE-2023-30587, bsc#1212576): Bypass of Experimental Permission Model via Node.js Inspector (High) * (CVE-2023-30582, bsc#1212577): Inadequate Permission Model Allows Unauthorized File Watching (Medium) * (CVE-2023-30583, bsc#1212578): Bypass of Experimental Permission Model via fs.openAsBlob() (Medium) * (CVE-2023-30585, bsc#1212579): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * (CVE-2023-30586, bsc#1212580): Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium) * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid Public Key information in x509 certificates (Medium) * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via Empty headers separated by CR (Medium) * (CVE-2023-30590, bsc#1212583): DiffieHellman does not generate keys after setting a private key (Medium)- Update to version 20.3.0: * deps: upgrade to libuv 1.45.0, including significant performance improvements to file system operations on Linux * module: change default resolver to not throw on unknown scheme * stream: deprecate asIndexedPairs - versioned.patch, fix_ci_tests.patch: refreshed - openssl3_1-adapt_tests.patch: upstreamed and removed For details see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.3.0- Fix build on SLE12SP5- Update to version 20.2.0: * http: prevent writing to the body when not allowed by HTTP spec * sea: add option to disable the experimental SEA warning * test_runner: add skip, todo, and only shorthands to test * url: add value argument to URLSearchParams has and delete methods For details see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.2.0- fix_ci_tests.patch: increase default timeout on unit tests to 20min from 2min. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407)- z13.patch: fixes illegal instruction error on z13 and older s390- Adapt tests for OpenSSL 3.1 [bsc#1209430] * Add openssl3_1-adapt_tests.patch- Update to version 20.1.0 assert: deprecate CallTracker dns: expose getDefaultResultOrder doc: add KhafraDev to collaborators fs: add recursive option to readdir and opendir fs: add support for mode flag to specify the copy behavior of the cp methods http: add highWaterMark option http.createServer stream: preserve object mode in compose test_runner: add testNamePatterns to run API test_runner: execute before hook on test test_runner: support combining coverage reports wasi: make returnOnExit true by default- Package new version 20.0.0 For overview of changes and details since 19.x and earlier see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.0.0 - imported the following patches from prior patches: + cares_public_headers.patch + fix_ci_tests.patch + flaky_test_rerun.patch + legacy_python.patch + linker_lto_jobs.patch + manual_configure.patch + node-gyp-addon-gypi.patch + node-gyp-config.patch + nodejs-libpath.patch + npm_search_paths.patch + openssl_binary_detection.patch + qemu_timeouts_arches.patch + skip_no_console.patch + sle12_python3_compat.patch + test-skip-y2038-on-32bit-time_t.patch + versioned.patchh01-ch4d 1737629249 !"#$%&'()*+,-./0123456789:;<�=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|20.18.220.18.2-150600.3.9.120.18.2-150600.3.9.1node20common.gypiconfig.gypicppgcallocation.hcommon.hcross-thread-persistent.hcustom-space.hdefault-platform.hephemeron-pair.hexplicit-management.hgarbage-collected.hheap-consistency.hheap-handle.hheap-state.hheap-statistics.hheap.hinternalapi-constants.hatomic-entry-flag.hbase-page-handle.hcaged-heap-local-data.hcaged-heap.hcompiler-specific.hfinalizer-trait.hgc-info.hlogging.hmember-storage.hname-trait.hpersistent-node.hpointer-policies.hwrite-barrier.hliveness-broker.hmacros.hmember.hname-provider.hobject-size-trait.hpersistent.hplatform.hprefinalizer.hprocess-heap-statistics.hsentinel-pointer.hsource-location.htesting.htrace-trait.htype-traits.hvisitor.hjs_native_api.hjs_native_api_types.hlibplatformlibplatform-export.hlibplatform.hv8-tracing.hnode.hnode_api.hnode_api_types.hnode_buffer.hnode_object_wrap.hnode_version.huvuv.haix.hbsd.hdarwin.herrno.hlinux.hos390.hposix.hsunos.hthreadpool.htree.hunix.hversion.hwin.hv8-array-buffer.hv8-callbacks.hv8-container.hv8-context.hv8-cppgc.hv8-data.hv8-date.hv8-debug.hv8-embedder-heap.hv8-embedder-state-scope.hv8-exception.hv8-extension.hv8-external.hv8-forward.hv8-function-callback.hv8-function.hv8-initialization.hv8-internal.hv8-isolate.hv8-json.hv8-local-handle.hv8-locker.hv8-maybe.hv8-memory-span.hv8-message.hv8-microtask-queue.hv8-microtask.hv8-object.hv8-persistent-handle.hv8-platform.hv8-primitive-object.hv8-primitive.hv8-profiler.hv8-promise.hv8-proxy.hv8-regexp.hv8-script.hv8-snapshot.hv8-statistics.hv8-template.hv8-traced-handle.hv8-typed-array.hv8-unwinder.hv8-value-serializer.hv8-value.hv8-version.hv8-wasm.hv8-weak-callback-info.hv8.hv8config.h/usr/include//usr/include/node20//usr/include/node20/cppgc//usr/include/node20/cppgc/internal//usr/include/node20/libplatform//usr/include/node20/uv/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:37163/SUSE_SLE-15-SP6_Update/1518963054bbffc12800ec7022ce8cb8-nodejs20.SUSE_SLE-15-SP6_Updatedrpmxz5x86_64-suse-linuxdirectoryASCII textC++ source, ASCII textC source, ASCII textC++ source, UTF-8 Unicode textzµ|™'—.†âìfà8utf-806bc2b1e155dfdd0fdf585eab8fcd13c4aafd04d7a4f6094d052e1a63df534e7?ÿÿüPý7zXZ áû¡!t/å£àÜ)]"ÌkÀ%¥¥KÖbka^²×S¸„ÎÒBÞFélÂþF†å)ÉK[É*Á½ÿâQ9Œž4VA+t†Uªœ oGô¤'µHÞ±÷Aà:._õFÏzh`:6‰G€ µïØž‹î‰ Z¼‡$îÒÚy/€jPNíŒ1^æ‡»…Þï—ÅFæ@I>§ ã=` ™øÈÓšÿSåª‘B¡Ðd`äªfþZ•PÄãîük´Ü6HPÀµÆ‰¦¾D,Ì¹lfä)+3Ö·˜ÂÞóâïuë^é:”dfêWJÖ( ÖÒ¬45Ñ–˜ýúåÔ'ý ¤÷º>Ÿ–± CÈ™ÍŠòˆ¦bB5¶s—Üž?«¬´8,b{v»¯a²ˆ}±Ì[ã&µg4JÁl("LDôˆ´†Å #lÉ,õRØƒuÐUgÎC8¸·m;—ÎUH½ROœ*šì×“´ÁSa'…ëõcWÂ—ºZ-y[…3—åë {Go~yöz9¤âIYXsp’ÒâÀ?Q Ò@Ö'MW'¡Nð±eE±¸{†Ö3 mtÔ_SœŒ¼ÉB¡0Õ J6àç<5 ,ë<ÙÑ±§Z`s7³œX¿³+©v&Eu iK;½¾˜éâ=Ú€(Þ¢JÅ›ý}öíÑ™ÿÞ¦RèŸ'ût¹^»î´½ª•y?ŠåUù©9\9À~Ñœ"ìä‘8dM‚RåØ–þ«Âµ#£«¢i ôK‘þ>¶EŒX×ó4mbë÷ßIÉ7ßâúÉÒn-ªlœ†}Å©é{>ÆÓMœ—nÿýƒ¼ÿ7îÏþ'ÐÇñ2·VåF#v1‚(:¡‡6Ò£ã4ówDRñO‘·•(åTjï¦åÔR•™¢+ºRY%H x$Õ&ãg*·AsxG‹ºL¼’H_¸`Ô‚R/²¯*ïz „¿ÈLwwSÛD2¬9*ÏEW+ìCt±Þ]žušÊ6|¼Á3„“¥!P=uÚ4eó™E^U«U«_„¯6îÏ± ÔÍ8Xà™£ÿ|‡sÁ•é;áôÉRUø¥{cèœÌhÍ!¨°–ìíbufJ]ÕÎÅîä¥¯ÉB¹&Öý½>“L#VûžbF\;’÷C r5În¬Å)Eš1‚xˆjçXì1…¥ƒMšì€QùmòÃì m[×y&»®çýaË¥&eú¤†ò@‡+ŽFDEB%íÕyù±ÇèD(?•kÍRÈX—gpê-Ó0$N Õ…evÖ·(¶ø_ i¿Ý1(ßõ,8h©B1a˜]jñ™ŠN ¥·4jŽ Ÿ˜sæt,É„?¡£\¦¹ÿ»ÏŠíµ¸â,I¡úŒÚæâˆ•TCb¨iú¤!§öwýq@v^+Ü«ÏøNjKêW–$UÓ“þnp²™TÁ¤>þ&SÀl<¡hÒywöˆ€ø¶ào¤‘(×?é}¢MÀÔºæ³¥q[ÖuFQ½Ø%$4K¹5}»4<F˜üêÿ…é¶=ÓdùÒdgG#‰.[Ïd+XŽI!Ñãf5Wù9Ÿ•òÞ3Bw×dwä&€)'ñÎhÆˆáê …n&øld€ê_Í>Î'îŸæ§+/+…3q\¢s5G‚ WE'ïçËž ?¢0BßhÔa¼ßV¬PÆ›¬D®ÈØHƒ@Åƒ«!#s;å8—BV •PÁ—+•nH´«Ë÷–§ó&‹)qzFD,4ìsMïÑ¹ž„p¾º®)ß~kÒì?,±‹ÌI 3"ý0Æíè(ß³¥V¥šä´•\ŒÃÈ±õJW€—?,mæö ª*xÍØÁÊŸI«ÝÊfoÉ¬SçÛ³¯ÕæXeÃ Äc¹¥þêë8C¹Ö,<Ìdß^ùÙ`”æwT¢?aP{M?õäUvBR)¸Z_Âî ØLü’ò{/PHH^B× rxÝçëHc¦áO¹ 'iüÍJ¶ôÌD²AzG³¥Il—v¦Çoƒù‘gž†’Ù°úlµ×ªÔÙæ‚€Ç©T¥›ê³îvŸu ÇY%bR³¥+€«Ò LîàR"áîlŽætve-]TêÙ*¯XÑ ÝÝ)*§K¶éß YZ