From 63f434923cb40033bce1a719647595e9580f2d0a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sep 27 2022 10:24:07 +0000 Subject: import nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9 --- diff --git a/.gitignore b/.gitignore index f881379..751ebb7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/icu4c-69_1-src.tgz -SOURCES/node-v14.18.2-stripped.tar.gz +SOURCES/icu4c-70_1-src.tgz +SOURCES/node-v14.20.0-stripped.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 6dbf0a6..d868ff8 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,2 +1,2 @@ -620a71c84428758376baa0fb81a581c3daa866ce SOURCES/icu4c-69_1-src.tgz -bba4efed29ee2e3e9078b955890d9b68f6750f6a SOURCES/node-v14.18.2-stripped.tar.gz +f7c1363edee6be7de8b624ffbb801892b3417d4e SOURCES/icu4c-70_1-src.tgz +66dc4b75e2e416d064f12be3450fc7953d72b21b SOURCES/node-v14.20.0-stripped.tar.gz diff --git a/SOURCES/0001-deps-ansi-regex-fix-potential-ReDoS.patch b/SOURCES/0001-deps-ansi-regex-fix-potential-ReDoS.patch index b23946b..3287b6c 100644 --- a/SOURCES/0001-deps-ansi-regex-fix-potential-ReDoS.patch +++ b/SOURCES/0001-deps-ansi-regex-fix-potential-ReDoS.patch @@ -1,4 +1,4 @@ -From e040864f2797b9c705bac5862581d5f190510e04 Mon Sep 17 00:00:00 2001 +From e12dad58e7c749d65d51e2dd49dece4102ddfa18 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Thu, 9 Dec 2021 15:48:46 +0100 Subject: [PATCH] deps(ansi-regex): fix potential ReDoS @@ -10,25 +10,10 @@ This is the upstream fix [1] applied to all applicable bundled deps. Fixes: CVE-2021-3807 Signed-off-by: rpm-build --- - deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js | 2 +- .../node_modules/string-width/node_modules/ansi-regex/index.js | 2 +- - .../npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js | 2 +- deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) + 2 files changed, 2 insertions(+), 2 deletions(-) -diff --git a/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js b/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js -index c254480..9e37ec3 100644 ---- a/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js -+++ b/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js -@@ -6,7 +6,7 @@ module.exports = options => { - }, options); - - const pattern = [ -- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', -+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', - '(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))' - ].join('|'); - diff --git a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js index c4aaecf..7d32201 100644 --- a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js @@ -42,19 +27,6 @@ index c4aaecf..7d32201 100644 '(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))' ].join('|'); -diff --git a/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js b/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js -index c254480..9e37ec3 100644 ---- a/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js -+++ b/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js -@@ -6,7 +6,7 @@ module.exports = options => { - }, options); - - const pattern = [ -- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', -+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', - '(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))' - ].join('|'); - diff --git a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js index c254480..9e37ec3 100644 --- a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js @@ -69,6 +41,6 @@ index c254480..9e37ec3 100644 ].join('|'); -- -2.33.1 +2.36.1 diff --git a/SOURCES/0002-deps-json-schema-protect-against-prototype-pollution.patch b/SOURCES/0002-deps-json-schema-protect-against-prototype-pollution.patch deleted file mode 100644 index 2f0a58b..0000000 --- a/SOURCES/0002-deps-json-schema-protect-against-prototype-pollution.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 25661e4fc0e7c6a3d47bc189f886af76b1ecafa1 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 9 Dec 2021 13:01:08 +0100 -Subject: [PATCH] deps(json-schema): protect against prototype pollution - -Amalgamation of the following upstream patches: -https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 -https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a -https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa - -Fixes: CVE-2021-3918 -Signed-off-by: rpm-build ---- - .../node_modules/json-schema/lib/validate.js | 4 +-- - .../node_modules/json-schema/test/tests.js | 28 ++++++++++++++++++- - 2 files changed, 29 insertions(+), 3 deletions(-) - -diff --git a/deps/npm/node_modules/json-schema/lib/validate.js b/deps/npm/node_modules/json-schema/lib/validate.js -index 4b61088..d05ee86 100644 ---- a/deps/npm/node_modules/json-schema/lib/validate.js -+++ b/deps/npm/node_modules/json-schema/lib/validate.js -@@ -209,8 +209,8 @@ var validate = exports._validate = function(/*Any*/instance,/*Object*/schema,/*O - } - - for(var i in objTypeDef){ -- if(objTypeDef.hasOwnProperty(i)){ -- var value = instance[i]; -+ if(objTypeDef.hasOwnProperty(i) && i != '__proto__' && i != 'constructor'){ -+ var value = instance.hasOwnProperty(i) ? instance[i] : undefined; - // skip _not_ specified properties - if (value === undefined && options.existingOnly) continue; - var propDef = objTypeDef[i]; -diff --git a/deps/npm/node_modules/json-schema/test/tests.js b/deps/npm/node_modules/json-schema/test/tests.js -index 40eeda5..70f515a 100644 ---- a/deps/npm/node_modules/json-schema/test/tests.js -+++ b/deps/npm/node_modules/json-schema/test/tests.js -@@ -91,5 +91,31 @@ var suite = vows.describe('JSON Schema').addBatch({ - - 'Json-Ref self-validates': assertSelfValidates('json-ref'), - 'Json-Ref/Hyper': assertValidates('json-ref', 'hyper-schema'), -- 'Json-Ref/Core': assertValidates('json-ref', 'schema') -+ 'Json-Ref/Core': assertValidates('json-ref', 'schema'), -+ prototypePollution: function() { -+ console.log('testing') -+ const instance = JSON.parse(` -+ { -+ "$schema":{ -+ "type": "object", -+ "properties":{ -+ "__proto__": { -+ "type": "object", -+ -+ "properties":{ -+ "polluted": { -+ "type": "string", -+ "default": "polluted" -+ } -+ } -+ } -+ }, -+ "__proto__": {} -+ } -+ }`); -+ -+ const a = {}; -+ validate(instance); -+ assert.equal(a.polluted, undefined); -+ } - }).export(module); --- -2.33.1 - - diff --git a/SOURCES/0004-always-available-fips-options.patch b/SOURCES/0004-always-available-fips-options.patch deleted file mode 100644 index 26d4853..0000000 --- a/SOURCES/0004-always-available-fips-options.patch +++ /dev/null @@ -1,624 +0,0 @@ -From 7c7f5159fcc71d915dfcc5f97ab18d5f8912f1b5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?V=C3=ADt=20Ondruch?= -Date: Tue, 25 Aug 2020 14:04:54 +0200 -Subject: [PATCH] crypto: make FIPS related options always awailable -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There is no reason to hide FIPS functionality behind build flags. -OpenSSL always provide the information about FIPS availability via -`FIPS_mode()` function. - -This makes the user experience more consistent, because the OpenSSL -library is always queried and the `crypto.getFips()` always returns -OpenSSL settings. - -Fixes #34903 - -PR-URL: https://github.com/nodejs/node/pull/36341 -Reviewed-By: Anna Henningsen -Reviewed-By: Michael Dawson -Reviewed-By: Daniel Bevenius -Signed-off-by: Jan Staněk -Signed-off-by: rpm-build ---- - doc/api/cli.md | 8 +-- - lib/crypto.js | 22 ++---- - node.gypi | 3 - - src/node.cc | 6 +- - src/node_config.cc | 2 - - src/node_crypto.cc | 45 +++++++----- - src/node_options.cc | 2 - - src/node_options.h | 2 - - test/parallel/test-cli-node-print-help.js | 7 +- - test/parallel/test-crypto-fips.js | 71 +++++++++---------- - ...rocess-env-allowed-flags-are-documented.js | 11 +-- - 11 files changed, 74 insertions(+), 105 deletions(-) - -diff --git a/doc/api/cli.md b/doc/api/cli.md -index a8ef339..c41bd49 100644 ---- a/doc/api/cli.md -+++ b/doc/api/cli.md -@@ -182,8 +182,8 @@ code from strings throw an exception instead. This does not affect the Node.js - added: v6.0.0 - --> - --Enable FIPS-compliant crypto at startup. (Requires Node.js to be built with --`./configure --openssl-fips`.) -+Enable FIPS-compliant crypto at startup. (Requires Node.js to be built -+against FIPS-compatible OpenSSL.) - - ### `--enable-source-maps` - - - Load an OpenSSL configuration file on startup. Among other uses, this can be --used to enable FIPS-compliant crypto if Node.js is built with --`./configure --openssl-fips`. -+used to enable FIPS-compliant crypto if Node.js is built -+against FIPS-enabled OpenSSL. - - ### `--pending-deprecation` -