[SECURITY] Fedora 21 Update: libuv-0.10.34-1.fc21

updates at fedoraproject.org updates at fedoraproject.org
Sat Feb 28 10:22:12 UTC 2015

Fedora Update Notification
2015-02-20 04:51:27

Name        : libuv
Product     : Fedora 21
Version     : 0.10.34
Release     : 1.fc21
URL         : http://libuv.org/
Summary     : Platform layer for node.js
Description :
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on
Windows and libev on Unix systems. We intend to eventually contain all platform
differences in this library.

Update Information:

# nodejs

* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)

* timers: don't close interval timers when unrefd (Julien Gilli)

* timers: don't mutate unref list while iterating it (Julien Gilli)

* child_process: check execFile args is an array (Sam Roberts)

* child_process: check fork args is an array (Sam Roberts)

* crypto: update root certificates (Ben Noordhuis)

* domains: fix issues with abort on uncaught (Julien Gilli)

* timers: Avoid linear scan in _unrefActive. (Julien Gilli)

* timers: fix unref() memory leak (Trevor Norris)

* debugger: fix when using "use strict" (Julien Gilli)

# libuv

* linux: fix epoll_pwait() regression with < 2.6.19 (Ben Noordhuis)

* linux: fix epoll_pwait() sigmask size calculation (Ben Noordhuis)

* linux: fix sigmask size arg in epoll_pwait() call (Ben Noordhuis)

* linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge Deller)

* doc: update project links (Ben Noordhuis)

* unix: add flag for blocking SIGPROF during poll (Ben Noordhuis)

* unix, windows: add uv_loop_configure() function (Ben Noordhuis)

# v8

* Fix debugger and strict mode regression (Julien Gilli)

* don't busy loop in cpu profiler thread (Ben Noordhuis)

* add api for aborting on uncaught exception (Julien Gilli)

* Tue Feb 24 2015 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:0.10.34-1
- new upstream release 0.10.34
- resolves incorrect revocation while reliquishing privileges security
  vulnerability (CVE-2015-0278, RHBZ#1194651)
* Thu Feb 19 2015 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:0.10.33-2
- add missing %{_?isa} to devel requires of main package
- fix some issues with the pkgconfig file and Group reported by Michael Schwendt
* Thu Feb 19 2015 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:0.10.33-1
- new upstream release 0.10.33
- update URL to point to the new libuv.org
* Wed Nov 19 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:0.10.29-1
- new upstream release 0.10.29

  [ 1 ] Bug #1194651 - CVE-2015-0278 libuv: incorrect revocation order while relinquishing privileges

This update can be installed with the "yum" update program.  Use
su -c 'yum update libuv' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list