nodejs4-devel-4.9.1-23.1<>,^M\\\/=„yDyB-J7F"H=R@%"Y+Pusؕ B/Q)Ҭ٭/ E$3^ ENg5C ufV(eºHi1s(.Y3B̓zy69aK#-IFӵ rhy!5 L~xUKL@CHte#I[? FR$D12 0=_Q'+^MyØ.pIPƹvX' k}>9V<?V,d  L  '' ' D' ' g' ',''  ' l   ( %8 ,89 8:h8FN4GNH'HN'IO'XOYO\O']Pl'^R2bRcSUdSeSfSlSuT'vTwT'xU'zVCnodejs4-devel4.9.123.1Files needed for development of NodeJS platformsThis package provides development headers for Node.js.\\\build72 >{openSUSE Leap 42.3openSUSEMIThttp://bugs.opensuse.orgDevelopment/Languages/NodeJShttps://nodejs.orglinuxx86_64=P*4 H  ir q0ΙOi $>1y% Ok K!-< AA큤A큤AA큤\Z.Zf,Zf)Zf)Zf)\W"\Z.Zf,Zf)Zf7Zf7Zf7Zf7Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,Zf,\Z,\Z,\W 8e0f779bae06b6e8b0830ac7ab1d31dcb1d23a9f1cd747b9d7fe1555a5521daefe38bed5222d90c90c80f3edb58913a7ff968e28e1f8abdf4e2dd9ef6856622a3953c24e54e69810f3b5ddb88c3e956953c2a992ae6914abcaf14d53d79fbce29bb070b54d9d6029e5853cf333b4a378cc03a78906d96b7c703047e2609aa93913c435282896d0c68ccf61a130c9afbbba973bfeffc6c99874ca25d470afbf8e849e288dce7835122ba5500e723ddaeda9ab45445060caf5a2bf487e2462c1ff0830cc914c023d3cb6f0e064284eb9f442e5594ccee5f8f073e7931141d6e07e17540917dcf906f64c963b408c3e7d2decf4210994292b9df9aa3996d189541e8f9b647c10bf6779f4f57cce5b586499e19cece96a45a53f28862f6669b74cf35f2da296c677645327a59c388f44ba9ba9c63da0614d480dbf129bfaa5cb0ad42ef9590794131b84b7be010b69e461e95521f38c04d85805897d75103d60937ab222baaceb09d1bcfcb4166e5cde8a1789eacb3fee151156d49c48982b965cdcbd3fbd47b8d6523a4ba59de8971c8c1f3dec7e63e178c8c9e32f447a5bec713cdd879afbfa3cb76726ac51c19765418d909c81780271f3f02bdbd70154d804bb91e00710b2280e87aeb8c1c6c661205e1151e7e66bb5b20b697a52498cb84457c8ec10d945ede32572096128e2d7fca7d50ef9ff49fbaae8f037217db95801203fe0f80f5002dbd278a3ac4c884e001e323084bbc47f499bc3d295cf91733f11ea53fb6c79c71d589ee4d6fa135c9aderootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnodejs4-4.9.1-23.1.src.rpmnodejs-develnodejs4-develnodejs4-devel(x86-64)   nodejs4rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)4.9.13.0.4-14.0-14.4.6-14.11.2\y\T4\5@[@[R@[ @[~[]@[#@[@ZZZľ@ZlZZ@Zp^@Z;@Z+@Z@Z }Z @Z @Y|YYYf@Y_wY^&@Y?Y-^Y$$@X@X@XpXoXlXJX@X5X.@X!@X`@WW@W/@W@WzOWv[@Wq@Wm WbWaC@WaC@W_WUeAdam Majer adam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.dejengelh@inai.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.dero@suse.deadam.majer@suse.deqantas94heavy@gmail.comqantas94heavy@gmail.comadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deqantas94heavy@gmail.comadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deqantas94heavy@gmail.comqantas94heavy@gmail.comadam.majer@suse.deqantas94heavy@gmail.comqantas94heavy@gmail.comqantas94heavy@gmail.comqantas94heavy@gmail.comadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deqantas94heavy@gmail.comadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deadam.majer@suse.deBackport security fixes from NodeJS 6.x: * deps: upgrade OpenSSL source to 1.0.2r. Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data. (openssl_1_0_2r.patch - CVE-2019-1559, bsc#1127080) * http: (http-keep-alive.patch) + Backport server.keepAliveTimeout to prevent keep-alive HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential Denial of Service (DoS). (CVE-2019-5739, bsc#1127533) + Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode. (CVE-2019-5737, bsc#1127532)- nodejs.keyring: update keyring to today's list as per https://github.com/nodejs/nodeBackport security fixes from NodeJS 6.x: * debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. CVE-2018-12120.patch - (CVE-2018-12120, bsc#1117625) * cli: add --max-http-header-size flag (max_header_size.patch) * deps: upgrade OpenSSL sources to 1.0.2q (openssl_1_0_2q.patch - CVE-2018-0734, bsc#1113652, CVE-2018-5407, bsc#1113534) * http: + add maxHeaderSize property (max_header_size.patch) + Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. (CVE-2018-12121.patch - CVE-2018-12121, bsc#1117626) + A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122.patch - CVE-2018-12122, bsc#1117627) + Two-byte characters are now strictly disallowed for the path option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended). (CVE-2018-12116.patch - CVE-2018-12116, bsc#1117630) * util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123.patch - CVE-2018-12123, bnc#1117629) - env_shebang.patch: dropped in favour of programmatic update- flaky_test_rerun.patch: Rerun failing tests in case of flakiness- fix_ci_tests.patch: skip parallel/test-tick-processor on arm. Unreliable test in shared environment. - enable unit tests build failures- test-ca-bumps.patch: update certificates used in unit tests- CVE-2018-12115.patch: buffer: avoid overrun on UCS-2 string write (CVE-2018-12115, bsc#1105019) - openssl_1_0_2p.patch: deps: Upgrade to OpenSSL 1.0.2p, fixing: * Client DoS due to large DH parameter (CVE-2018-0732, bsc#1097158) * ECDSA key extraction via local side-channel- Ensure neutrality of description. - Use %make_install.- Recommend same major version npm package (bsc#1097748)- env_shebang.patch: use absolute paths in executable shebang lines - versioned.patch: updated to move shebang modifications to above patch.- icu_61_namespacefix.patch: Fix building with ICU61.1 (bsc#1091764)- Install license with %license, not %doc (bsc#1082318)- Fix some node-gyp permissions- New upstream maintenance 4.9.1: * Security fixes: + Fix for 'path' module regular expression denial of service (bsc#1087459, CVE-2018-7158) + Reject spaces in HTTP Content-Length header values (bsc#1087453, CVE-2018-7159) * Upgrade to OpenSSL 1.0.2o * deps: reject interior blanks in Content-Length * deps: upgrade http-parser to v2.8.0 - fix_ci_tests.patch: refreshed- remove any old manpage files in %pre from before update-alternatives were used to manage symlinks to these manpages.- Add Recommends and BuildRequire on python2 for npm. node-gyp requires this old version of python for now. This is only needed for binary modules.- even on recent codestreams there is no binutils gold on s390 only on s390x- Enable CI tests in %check target + fix_ci_ssl_tests.patch: Disable testing of obsolete curves which are not enabled OpenSUSE's OpenSSL library + fix_ci_tests.patch: - DNS queries in buildroots are failing with EAI_AGAIN - disable test-module-loading-globalpaths.js - we have hardcoded global paths + versioned.patch: call versioned node binary for tests- New upstream maintenance release 4.8.7: * deps/openssl: updated to 1.0.2n (only applies to SLE 12 SP1 and lower) (bsc#1072322) [ CVE-2017-3738 CVE-2017-15896 ] - Remove unnecessary curl BuildRequires- Change BuildRequires from openssl-devel to libopenssl-1_0_0-devel due to Tumbleweed/Leap 15 change to OpenSSL 1.1.0 as default- Update nodejs.keyring based on current Release Team as found on https://github.com/nodejs/node#release-team- Fix permissions of node-gyp. This should be executable to allow building of binary node modules.- New upstream maintenance release 4.8.6: * crypto: upgrade openssl sources to 1.0.2m [OpenSSL Security Advisory (bsc#1066242, bsc#1056058) CVE-2017-3735 CVE-2017-3736] * deps: add support for more modern versions of INTL - 0f3e69db.patch: removed, upstreamed - icu59.patch: removed, upstreamed- New upstream maintenance release 4.8.5: * zlib: (CVE-2017-14919: only affects TW) In zlib v1.2.9, a change was made that causes an exception to be thrown when a raw deflate stream is initialized with windowBits set to 8. Node.js will now gracefully set windowBits to 9 (replicating the legacy behavior) to avoid a DOS vector.- Replace {{node_version_major}} with RPM define %node_version_number for simpler spec file review. - Make sure npm program remains executable- Fix update-alternative handling in %postun - don't remove links on upgrades.- New LTS upstream version 4.8.4 * v8: disable V8 snapshots. The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (bnc#1048299, CVE-2017-11499). * http: fixes http.get with numeric authorization options that created/used uninitialized buffers as the authentication string * The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (CVE-2017-1000381, bnc#1044946)- Depend on nodejs-common that is then used to pick correctly versioned node or npm binary. This is required since 3rd party modules use `/usr/bin/env node` which breaks if multiple versions of NodeJS are installed at the same time and non-default version is used (for example, to compile a native module)- npm_search_paths.patch: Since concurrent installations are now possible, node manual pages are moved once again back under npm searcheable locations only. - versioned.patch: All files are now under versioned directoies and names. node and npm symlinks are now managed by update-alternatives - node-gyp-addon-gypi.patch: Reference versioned directories only- Fix typo in node-gyp-addon-gypi.patch patch- 0f3e69db.patch, icu59.patch: GCC 7 compilation fixes for v8 backported and add missing ICU59 headers (bnc#1041283)- New upstream LTS release 4.8.3 * v8: trigger OOM crash if memory allocation fails * src: fix base64 decoding in rare edgecase * tls: + fix segfault on destroy after partial read + keep track of stream that is closed + TLSSocket emits 'error' on handshake failure - nodejs-libpath.patch: updated- New upstream maintenance release 4.8.2 * crypto: fix memory leak if certificate is revoked (#12089) - Changes not applicable to openSUSE in 4.8.2: * deps: upgrade zlib to 1.2.11 (#10980) - Changes in LTS release 4.8.1 * buffer: The performance of .toJSON() is now up to 2859% faster on average. * IPC: Batched writes have been enabled for process IPC on platforms that support Unix Domain Sockets. Performance gains may be up to 40% for some workloads. * http: Control characters are now always rejected when using http.request(). * node: Heap statistics now support values larger than 4GB. - Modify 8334.diff: * Bring patch in line with upstream changes (#8334)- New upstream LTS release 4.8.0 * child_process: add shell option to spawn() * crypto: add ALPN Support * crypto: allow adding extra certs to well-known CAs * deps/v8: expose statistics about heap spaces * fs: add the fs.mkdtemp() function * process: add process.memoryUsage().external * process: add process.cpuUsage() - Modify 8334.diff: * Remove merged reference counting code (#9409)- New upstream LTS release 4.7.3 * deps: upgrade openssl sources to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bnc#1022085, bnc#1022086, bnc#1009528) - No changes in LTS version 4.7.2 - Adjusted 8334.diff to be inline with accepted changes - Merge nodejs4.changes from SLE and devel project- Add basic check that Node.js loads successfully to spec file- New upstream LTS release 4.7.1 * build: shared library support is now working for AIX builds * repl: passing options to the repl will no longer overwrite defaults * timers: recanceling a cancelled timers will no longer throw- New upstream LTS version 4.7.0 * build: introduce the configure --shared option for embedders * debugger: make listen address configurable in debugger server * dgram: generalized send queue to handle close, fixing a potential throw when dgram socket is closed in the listening event handler * http: introduce the 451 status code "Unavailable For Legal Reasons" * gtest: the test reporter now outputs tap comments as yamlish * tls: introduce secureContext for tls.connect (useful for caching client certificates, key, and CA certificates) * tls: fix memory leak when writing data to TLSWrap instance during handshake * src: node no longer aborts when c-ares initialization fails - Modify 8334.diff: * ported and updated system CA store for the new node crypto code - Refresh nodejs-libpath.patch- New upstream LTS version 4.6.2 * build: + It is now possible to build the documentation from the release tarball. * buffer: + Buffer.alloc() will no longer incorrectly return a zero filled buffer when an encoding is passed. * deps: + Upgrade npm in LTS to 2.15.11. * repl: + Enable tab completion for global properties. * url: + url.format() will now encode all "#" in search.- Add missing conflicts to base package. It's not possible to have concurrent nodejs installations.- Package unification across various branches of NodeJS. Package for 4.x, 6.x and current (7.x) branches of NodeJS are now handled via GitHub repository. - remove support-arm64-build.patch: no longer required - remove nodejs-libpath64.patch: obsolete- npm4 should provide versioned nodejs-npm and npm allowing nodejs-packaging to continue to function properly in Leap 42.2 (bnc #1009011)- New upstream LTS version 4.6.1 * c-ares: fix for single-byte buffer overwrite, CVE-2016-5180 more information at https://c-ares.haxx.se/adv_20160929.html (bnc #1007728)- npm4 now provides nodejs-npm to ease upgrades for Leap- enable usage of system certificate store on SLE11SP4 by requiring openssl1 (boo#1000036) - nodejs-libpath.patch: * adapt patch from main nodejs project so it builds on SLE11 - New upstream LTS version 4.6.0 * openssl update (not applicable for SLE12SP2, Leap 42.2 and later) + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules * http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bnc#985201) * tls: properly validate wildcard certificates (CVE-2016-7099, bnc#1001652) * buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat()- New upstream LTS version 4.5.0 (bnc#997405) * buffer: + backport new buffer constructor APIs to v4.x + backport --zero-fill-buffers cli option + ignore negative allocation lengths * build + add Intel Vtune profiling support * repl + copying tabs shouldn't trigger completion * src + add node::FreeEnvironment public API * test + run v8 tests from node tree * V8 + Add post mortem data to improve object inspection and function's context variables inspection * upgrade libuv to 1.9.1 * upgrade npm to 2.15.9 - 8334.diff * use system CA store instead of one provided by Node - Refresh patches- use system OpenSSL with Leap 42.2 and SLE12:SP2 - simplify source code integrity check + use GPG service instead of explicit BR + add empty checksum so GPG service is run - it's not detached signature like it thinks it is.- rename patches to have a .patch suffix, for consistancy - npm_search_paths.patch: Change defaultPrefix to /usr/local if it is detected to be /usr. This is in attempt to prevent globally installed npm-managed packages from installing into the zypper managed prefix. - refreshed patches support-arm64-build.patch - use upstream .xz instead of .gz tarball- New upstream version 4.4.7 * debugger: + All properties of an array (aside from length) can now be printed in the repl * Upgrade npm to 2.15.8 (Rebecca Turner) * Fix for a bug that became more prevalent with the stream changes that landed in v4.4.5. (Anna Henningsen). 'reset awaitDrain after manual .resume()' * V8: + Fix for a bug in crankshaft that was causing crashes on arm64 (Myles Borins) + Add missing classes to postmortem info such as JSMap and JSSet (evan.lucas) - Add upstream release keyring - Verify upstream sources during %prep- Use build flags to enable/disable gdb usage instead of configure script. Easier to find and change in future. - Fix paths, and have to fix lots of paths because they are all more or less hardcoded relative paths. - Renumber patches allowing upstream patches to be inserted before our own.- New upstream version 4.4.6 + fix buffer overflow vulnerability discovered in v8 (CVE-2016-1669)- Change detection of library paths from runtime to compile time. nodejs-libpath.patch, nodejs-libpath64.patch- This package is in response to FATE#320396 and ECO#317945 and references bnc#958943 It's to be part of Web and Scripting Module - Use build conditional for intree_openssl - Fix permissions of some supplies javascript files - they are not executables - General cleanup of the package- Tighten dependencies so we don't end up with mixed versions installed.- Dedup manpages - Conflict with other providers of NodeJS packages. This is important if we want to provide NodeJS v6.x branch along with v4.x branch- 'New' package of 4.x LTS branch of NodeJS, based on v6.2.1 from Tumbleweed - Fix search paths to actually look where modules are installedbuild72 1553095772  !"#$%&'4.9.14.9.1-23.14.9.1-23.1node4android-ifaddrs.hares.hares_version.hcommon.gypiconfig.gypilibplatformlibplatform.hnameser.hnode.hnode_buffer.hnode_object_wrap.hnode_version.hpthread-barrier.hpthread-fixes.hstdint-msvc2008.htree.huv-aix.huv-bsd.huv-darwin.huv-errno.huv-linux.huv-sunos.huv-threadpool.huv-unix.huv-version.huv-win.huv.hv8-debug.hv8-platform.hv8-profiler.hv8-testing.hv8-util.hv8-version.hv8.hv8config.hsystemtaptapsetnode4.stp/usr/include//usr/include/node4//usr/include/node4/libplatform//usr/share//usr/share/systemtap//usr/share/systemtap/tapset/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:9852/openSUSE_Leap_42.3_Update/f3920bc9583a469242b2e5fcc43100e3-nodejs4.openSUSE_Leap_42.3_Updatedrpmlzma5x86_64-suse-linuxdirectoryC source, ASCII textASCII textC++ source, ASCII textB仉Rd3?p]"k%n_,yx-Z̏f0)cCJz@E5a4dX[Oe kQĭv?%؞L?=g˷i ttЇAEV-HȨ\}VE>uQȨq(Ncx7m?ܼ{lܪx$Lr +4imkdhR,+i SL Ztˈ%mblEUdQxE$1\xg][#$H$;Nd:LW0y5z'>ϋ@&XpAx} l8 h *߂yyrѹ slR} ox9'Az >6M+L`{`b'::0>qU3L] OAx1> A#%17y'RL7)V+d铅jKlؘMⱻnpcfa_!iTe- .3Az'":yN=chb:ʠvt#d&GJ@t燋WC)  ٪~v1n>͜-.b9,^6]ԁZXMjl>}S'e.rJYhru<ˤt|)aF M5GqG׸蹄0.l!qEJn|`r