diff --git a/SOURCES/0001-fix-redirect-help.patch b/SOURCES/0001-fix-redirect-help.patch new file mode 100644 index 0000000..b0a9e67 --- /dev/null +++ b/SOURCES/0001-fix-redirect-help.patch @@ -0,0 +1,32 @@ +From cccb59dd0029243d816cd1a07ffa1f4b3ed25313 Mon Sep 17 00:00:00 2001 +From: Remy Sharp +Date: Wed, 6 Jan 2021 10:38:53 +0000 +Subject: [PATCH] fix: redirect help + +Fixes: #1807 + +Allows for nodemon --help > help.txt + +Signed-off-by: rpm-build +--- + lib/nodemon.js | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/nodemon.js b/lib/nodemon.js +index b3badea..ce649cb 100644 +--- a/lib/nodemon.js ++++ b/lib/nodemon.js +@@ -39,7 +39,9 @@ function nodemon(settings) { + } + + if (settings.help) { +- process.stdout._handle.setBlocking(true); // nodejs/node#6456 ++ if (process.stdout.isTTY) { ++ process.stdout._handle.setBlocking(true); // nodejs/node#6456 ++ } + console.log(help(settings.help)); + if (!config.required) { + process.exit(0); +-- +2.31.1 + diff --git a/SOURCES/0002-Fix-ReDoS-for-data-URLs.patch b/SOURCES/0002-Fix-ReDoS-for-data-URLs.patch new file mode 100644 index 0000000..83004a4 --- /dev/null +++ b/SOURCES/0002-Fix-ReDoS-for-data-URLs.patch @@ -0,0 +1,29 @@ +From f3fa3bb4248f851be3cb6adc1beaf68711848ff3 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 2 Jul 2021 16:30:14 +0200 +Subject: [PATCH] Fix ReDoS for data URLs + +Backported from +https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103 + +Signed-off-by: rpm-build +--- + node_modules/got/node_modules/normalize-url/index.js | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/node_modules/got/node_modules/normalize-url/index.js b/node_modules/got/node_modules/normalize-url/index.js +index 4eea255..2ab7f57 100644 +--- a/node_modules/got/node_modules/normalize-url/index.js ++++ b/node_modules/got/node_modules/normalize-url/index.js +@@ -11,7 +11,7 @@ const testParameter = (name, filters) => { + }; + + const normalizeDataURL = (urlString, {stripHash}) => { +- const parts = urlString.match(/^data:(.*?),(.*?)(?:#(.*))?$/); ++ const parts = urlString.match(/^data:([^,]*?),([^#]*?)(?:#(.*))?$/); + + if (!parts) { + throw new Error(`Invalid URL: ${urlString}`); +-- +2.31.1 + diff --git a/SPECS/nodejs-nodemon.spec b/SPECS/nodejs-nodemon.spec index afa6a6f..9852458 100644 --- a/SPECS/nodejs-nodemon.spec +++ b/SPECS/nodejs-nodemon.spec @@ -9,12 +9,15 @@ Name: %{?scl_prefix}nodejs-%{npm_name} Version: 2.0.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Simple monitor script for use during development of a node.js app License: MIT URL: https://github.com/remy/nodemon Source0: %{npm_name}-v%{version}-bundled.tar.gz +Patch0: 0001-fix-redirect-help.patch +Patch1: 0002-Fix-ReDoS-for-data-URLs.patch + BuildRequires: %{?scl_prefix}nodejs-devel BuildRequires: %{?scl_prefix}npm @@ -50,7 +53,7 @@ replacement wrapper for node, think of it as replacing the word "node" on the command line when you run your script. %prep -%setup -q -n %{npm_name}-%{version} +%autosetup -n %{npm_name}-%{version} -p1 %build @@ -80,8 +83,13 @@ npm run test %{_bindir}/nodemon %changelog +* Fri Jul 02 2021 Jan Staněk - 2.0.3-2 +- Allow --help option text to be redirected to file +- Backport CVE-2021-33502 fix + * Fri Jan 29 2021 Jan Staněk - 2.0.3-1 - Update to version 2.0.3 +- Resolves: CVE-2019-10746 CVE-2019-10747 * Thu Aug 15 2019 Zuzana Svetlikova - 1.19.1-1 - Update, build for rh-nodejs12