Fedora 20 Update: v8-3.14.5.10-9.fc20

updates at fedoraproject.org updates at fedoraproject.org
Mon Jun 30 10:29:40 UTC 2014


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-7527
2014-06-19 22:09:42
--------------------------------------------------------------------------------

Name        : v8
Product     : Fedora 20
Version     : 3.14.5.10
Release     : 9.fc20
URL         : http://code.google.com/p/v8
Summary     : JavaScript Engine
Description :
V8 is Google's open source JavaScript engine. V8 is written in C++ and is used
in Google Chrome, the open source browser from Google. V8 implements ECMAScript
as specified in ECMA-262, 3rd edition.

--------------------------------------------------------------------------------
Update Information:

2014.06.05, Version 0.10.29 (Stable)

* child_process: do not set args before throwing (Greg Sabia Tucker)

* child_process: spawn() does not throw TypeError (Greg Sabia Tucker)

* constants: export O_NONBLOCK (Fedor Indutny)

* crypto: improve memory usage (Alexis Campailla)

* fs: close file if fstat() fails in readFile() (cjihrig)

* lib: name EventEmitter prototype methods (Ben Noordhuis)

* tls: fix performance issue (Alexis Campailla)

The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot be done in a stable distribution release.  This build of nodejs will behave as if NODE_INVALID_UTF8 was set.  For more information on the implications, see: http://blog.nodejs.org/2014/06/16/openssl-and-breaking-utf-8-change/

Additionally, a minor bug in v8 has been fixed that caused certain integer comparisons to return true when they should have returned false.

Please note that there is no OpenSSL security fixes as part of this update as there were upstream; nodejs in Fedora uses the system OpenSSL library and thus receives security updates as soon as the "openssl" packages on your system are updated.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 19 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-9
- fix corner case in integer comparisons (v8 bug#2416; nodejs bug#7528)
* Sat May  3 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-8
- use clock_gettime() instead of gettimeofday(), which increases V8 performance
  dramatically on virtual machines
* Tue Mar 18 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-7
- backport fix for unsigned integer arithmetic (RHBZ#1077136; CVE-2014-1704)
* Mon Feb 24 2014 Tomas Hrcka <thrcka at redhat.com> - 1:3.14.5.10-6
- Backport fix for incorrect handling of popular pages (RHBZ#1059070; CVE-2013-6640)
* Fri Feb 14 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-5
- rebuild for icu-52
* Mon Jan 27 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-4
- backport fix for enumeration for objects with lots of properties
* Fri Dec 13 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-3
- backport fix for out-of-bounds read DoS (RHBZ#1039889; CVE-2013-6640)
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update v8' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list