——————————————————————————–
Fedora Update Notification
FEDORA-2015-2310
2015-02-20 04:51:18
——————————————————————————–
Name : v8
Product : Fedora 20
Version : 3.14.5.10
Release : 17.fc20
URL : http://code.google.com/p/v8
Summary : JavaScript Engine
Description :
V8 is Google’s open source JavaScript engine. V8 is written in C++ and is used
in Google Chrome, the open source browser from Google. V8 implements ECMAScript
as specified in ECMA-262, 3rd edition.
——————————————————————————–
Update Information:
# nodejs
* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)
* timers: don’t close interval timers when unrefd (Julien Gilli)
* timers: don’t mutate unref list while iterating it (Julien Gilli)
* child_process: check execFile args is an array (Sam Roberts)
* child_process: check fork args is an array (Sam Roberts)
* crypto: update root certificates (Ben Noordhuis)
* domains: fix issues with abort on uncaught (Julien Gilli)
* timers: Avoid linear scan in _unrefActive. (Julien Gilli)
* timers: fix unref() memory leak (Trevor Norris)
* debugger: fix when using “use strict” (Julien Gilli)
# libuv
* linux: fix epoll_pwait() regression with < 2.6.19 (Ben Noordhuis)
* linux: fix epoll_pwait() sigmask size calculation (Ben Noordhuis)
* linux: fix sigmask size arg in epoll_pwait() call (Ben Noordhuis)
* linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge Deller)
* doc: update project links (Ben Noordhuis)
* unix: add flag for blocking SIGPROF during poll (Ben Noordhuis)
* unix, windows: add uv_loop_configure() function (Ben Noordhuis)
# v8
* Fix debugger and strict mode regression (Julien Gilli)
* don’t busy loop in cpu profiler thread (Ben Noordhuis)
* add api for aborting on uncaught exception (Julien Gilli)
——————————————————————————–
ChangeLog:
* Thu Feb 19 2015 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:3.14.5.10-17
– backports for nodejs 0.10.36
* Mon Jan 26 2015 David Tardon <dtardon@redhat.com> – 1:3.14.5.10-16
– rebuild for ICU 54.1
* Tue Dec 2 2014 Tom Callaway <spot@fedoraproject.org> – 1:3.14.5.10-15
– use system valgrind header (bz1141483)
* Wed Sep 17 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:3.14.5.10-14
– backport bugfix that eliminates unused-local-typedefs warning
– backport security fix: Fix Hydrogen bounds check elimination (CVE-2013-6668; RHBZ#1086120)
– backport fix to segfault caused by the above patch
* Tue Aug 26 2014 David Tardon <dtardon@redhat.com> – 1:3.14.5.10-13
– rebuild for ICU 53.1
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1:3.14.5.10-12
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Thu Jul 31 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:3.14.5.10-11
– backport security fix for memory corruption and stack overflow (RHBZ#1125464)
https://groups.google.com/d/msg/nodejs/-siJEObdp10/2xcqqmTHiEMJ
– backport bug fix for x64 MathMinMax for negative untagged int32 arguments.
https://github.com/joyent/node/commit/3530fa9cd09f8db8101c4649cab03bcdf760c434
* Thu Jun 19 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:3.14.5.10-10
– fix corner case in integer comparisons (v8 bug#2416; nodejs bug#7528)
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1:3.14.5.10-9
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat May 3 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:3.14.5.10-8
– use clock_gettime() instead of gettimeofday(), which increases V8 performance
dramatically on virtual machines
* Tue Mar 18 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:3.14.5.10-7
– backport fix for unsigned integer arithmetic (RHBZ#1077136; CVE-2014-1704)
* Mon Feb 24 2014 Tomas Hrcka <thrcka@redhat.com> – 1:3.14.5.10-6
– Backport fix for incorrect handling of popular pages (RHBZ#1059070; CVE-2013-6640)
* Fri Feb 14 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:3.14.5.10-5
– rebuild for icu-52
* Mon Jan 27 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:3.14.5.10-4
– backport fix for enumeration for objects with lots of properties
* Fri Dec 13 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:3.14.5.10-3
– backport fix for out-of-bounds read DoS (RHBZ#1039889; CVE-2013-6640)
——————————————————————————–
References:
[ 1 ] Bug #1194651 – CVE-2015-0278 libuv: incorrect revocation order while relinquishing privileges
https://bugzilla.redhat.com/show_bug.cgi?id=1194651
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update v8’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2015-2310
2015-02-20 04:51:18
——————————————————————————–
Name : nodejs
Product : Fedora 20
Version : 0.10.36
Release : 3.fc20
URL : http://nodejs.org/
Summary : JavaScript runtime
Description :
Node.js is a platform built on Chrome’s JavaScript runtime
for easily building fast, scalable network applications.
Node.js uses an event-driven, non-blocking I/O model that
makes it lightweight and efficient, perfect for data-intensive
real-time applications that run across distributed devices.
——————————————————————————–
Update Information:
# nodejs
* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)
* timers: don’t close interval timers when unrefd (Julien Gilli)
* timers: don’t mutate unref list while iterating it (Julien Gilli)
* child_process: check execFile args is an array (Sam Roberts)
* child_process: check fork args is an array (Sam Roberts)
* crypto: update root certificates (Ben Noordhuis)
* domains: fix issues with abort on uncaught (Julien Gilli)
* timers: Avoid linear scan in _unrefActive. (Julien Gilli)
* timers: fix unref() memory leak (Trevor Norris)
* debugger: fix when using “use strict” (Julien Gilli)
# libuv
* linux: fix epoll_pwait() regression with < 2.6.19 (Ben Noordhuis)
* linux: fix epoll_pwait() sigmask size calculation (Ben Noordhuis)
* linux: fix sigmask size arg in epoll_pwait() call (Ben Noordhuis)
* linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge Deller)
* doc: update project links (Ben Noordhuis)
* unix: add flag for blocking SIGPROF during poll (Ben Noordhuis)
* unix, windows: add uv_loop_configure() function (Ben Noordhuis)
# v8
* Fix debugger and strict mode regression (Julien Gilli)
* don’t busy loop in cpu profiler thread (Ben Noordhuis)
* add api for aborting on uncaught exception (Julien Gilli)
——————————————————————————–
ChangeLog:
* Tue Feb 24 2015 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.36-3
– bump v8 requires (RHBZ#1195457)
* Thu Feb 19 2015 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.36-1
– new upstream release 0.10.36
http://blog.nodejs.org/2015/01/26/node-v0-10-36-stable/
– Please note that several upstream releases were skipped due to regressions
reported in the upstream bug tracker. Please also review the 0.10.34 and
0.10.35 changelogs available at the above URL for a list of all changes.
* Wed Nov 19 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.33-1
– new upstream release 0.10.33
http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
– This release disables SSLv3 to secure Node.js services against the POODLE
attack. (CVE-2014-3566; RHBZ#1152789) For more information or to learn how
to re-enable SSLv3 in order to support legacy clients, please see the upstream
release announcement linked above.
* Tue Oct 21 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.32-2
– add Provides nodejs-punycode (RHBZ#1151811)
* Thu Sep 18 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.32-1
– new upstream release 0.10.32
http://blog.nodejs.org/2014/08/19/node-v0-10-31-stable/
http://blog.nodejs.org/2014/09/16/node-v0-10-32-stable/
* Fri Aug 1 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.30-1
– new upstream release 0.10.30
http://blog.nodejs.org/2014/07/31/node-v0-10-30-stable/
* Thu Jun 19 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.29-1
– new upstream release 0.10.29
http://blog.nodejs.org/2014/06/16/node-v0-10-29-stable/
– The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot
be done in a stable distribution release. This build of nodejs will behave as
if NODE_INVALID_UTF8 was set. For more information on the implications, see:
http://blog.nodejs.org/2014/06/16/openssl-and-breaking-utf-8-change/
* Sat May 3 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.28-1
– new upstream release 0.10.28
There is no dfference between 0.10.27 and 0.10.28 for Fedora, as the only
thing updated was npm, which is shipped seperately. The latest was only
packaged to avoid confusion. Please see the v0.10.27 changelog for relevant
changes in this update:
http://blog.nodejs.org/2014/05/01/node-v0-10-27-stable/
* Thu Feb 20 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.26-1
– new upstream release 0.10.26
http://blog.nodejs.org/2014/02/18/node-v0-10-26-stable/
* Fri Feb 14 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.25-2
– rebuild for icu-53 (via v8)
* Mon Jan 27 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.25-1
– new upstream release 0.10.25
http://blog.nodejs.org/2014/01/23/node-v0-10-25-stable/
* Thu Dec 19 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.24-1
– new upstream release 0.10.24
http://blog.nodejs.org/2013/12/19/node-v0-10-24-stable/
– upstream install script installs the headers now
* Thu Dec 12 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.23-1
– new upstream release 0.10.23
http://blog.nodejs.org/2013/12/11/node-v0-10-23-stable/
* Tue Nov 12 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> – 0.10.22-1
– new upstream release 0.10.22
http://blog.nodejs.org/2013/11/12/node-v0-10-22-stable/
——————————————————————————–
References:
[ 1 ] Bug #1194651 – CVE-2015-0278 libuv: incorrect revocation order while relinquishing privileges
https://bugzilla.redhat.com/show_bug.cgi?id=1194651
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update nodejs’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2015-2310
2015-02-20 04:51:18
——————————————————————————–
Name : libuv
Product : Fedora 20
Version : 0.10.34
Release : 1.fc20
URL : http://libuv.org/
Summary : Platform layer for node.js
Description :
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on
Windows and libev on Unix systems. We intend to eventually contain all platform
differences in this library.
——————————————————————————–
Update Information:
# nodejs
* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)
* timers: don’t close interval timers when unrefd (Julien Gilli)
* timers: don’t mutate unref list while iterating it (Julien Gilli)
* child_process: check execFile args is an array (Sam Roberts)
* child_process: check fork args is an array (Sam Roberts)
* crypto: update root certificates (Ben Noordhuis)
* domains: fix issues with abort on uncaught (Julien Gilli)
* timers: Avoid linear scan in _unrefActive. (Julien Gilli)
* timers: fix unref() memory leak (Trevor Norris)
* debugger: fix when using “use strict” (Julien Gilli)
# libuv
* linux: fix epoll_pwait() regression with < 2.6.19 (Ben Noordhuis)
* linux: fix epoll_pwait() sigmask size calculation (Ben Noordhuis)
* linux: fix sigmask size arg in epoll_pwait() call (Ben Noordhuis)
* linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge Deller)
* doc: update project links (Ben Noordhuis)
* unix: add flag for blocking SIGPROF during poll (Ben Noordhuis)
* unix, windows: add uv_loop_configure() function (Ben Noordhuis)
# v8
* Fix debugger and strict mode regression (Julien Gilli)
* don’t busy loop in cpu profiler thread (Ben Noordhuis)
* add api for aborting on uncaught exception (Julien Gilli)
——————————————————————————–
ChangeLog:
* Tue Feb 24 2015 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.34-1
– new upstream release 0.10.34
https://github.com/joyent/libuv/blob/v0.10.34/ChangeLog
– resolves incorrect revocation while reliquishing privileges security
vulnerability (CVE-2015-0278, RHBZ#1194651)
* Thu Feb 19 2015 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.33-2
– add missing %{_?isa} to devel requires of main package
– fix some issues with the pkgconfig file and Group reported by Michael Schwendt
* Thu Feb 19 2015 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.33-1
– new upstream release 0.10.33
https://github.com/joyent/libuv/blob/v0.10.33/ChangeLog
– update URL to point to the new libuv.org
* Wed Nov 19 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.29-1
– new upstream release 0.10.29
https://github.com/joyent/libuv/blob/v0.10.29/ChangeLog
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1:0.10.28-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Aug 1 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.28-1
– new upstream release 0.10.28
https://github.com/joyent/libuv/blob/v0.10.28/ChangeLog
* Thu Jul 3 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.27-3
– build static library for rust (RHBZ#1115975)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1:0.10.27-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May 2 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.27-1
– new upstream release 0.10.27
https://github.com/joyent/libuv/blob/v0.10.27/ChangeLog
* Thu Feb 20 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.25-1
– new upstream release 0.10.25
https://github.com/joyent/libuv/blob/v0.10.25/ChangeLog
* Mon Jan 27 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.23-1
– new upstream release 0.10.23
https://github.com/joyent/libuv/blob/v0.10.23/ChangeLog
* Thu Dec 19 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.21-1
– new upstream release 0.10.21
https://github.com/joyent/libuv/blob/v0.10.21/ChangeLog
* Thu Dec 12 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.20-1
– new upstream release 0.10.20
https://github.com/joyent/libuv/blob/v0.10.20/ChangeLog
* Tue Nov 12 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> – 1:0.10.19-1
– new upstream release 0.10.19
https://github.com/joyent/libuv/blob/v0.10.19/ChangeLog
——————————————————————————–
References:
[ 1 ] Bug #1194651 – CVE-2015-0278 libuv: incorrect revocation order while relinquishing privileges
https://bugzilla.redhat.com/show_bug.cgi?id=1194651
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update libuv’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce