adamm/nodejs18
1
0
Fork 0
forked from pool/nodejs18
Code Issues Pull Requests Packages Projects Releases Wiki Activity

+ CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325)

Browse Source 
(CVE-2022-32215, bsc#1201327)
    + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832)
    (CVE-2022-35255, bsc#1203831)

- Skip test-fs-utimes-y2K38.js on armv6hl as well as armv7hl.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs18?expand=0&rev=17
This commit is contained in:
Adam Majer 2022-09-28 12:09:30 +00:00 committed by Git OBS Bridge
parent 0ef259aa25
commit c900d3b684
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nodejs18.changes
View File

@ -3,12 +3,17 @@ Mon Sep 26 13:13:39 UTC 2022 - Adam Majer <adam.majer@suse.de>
- Update to Nodejs 18.9.1: - Update to Nodejs 18.9.1:
* deps: llhttp updated to 6.0.10 * deps: llhttp updated to 6.0.10
+ CVE-2022-32213 bypass via obs-fold mechanic + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325)
+ Incorrect Parsing of Multi-line Transfer-Encoding + Incorrect Parsing of Multi-line Transfer-Encoding
(CVE-2022-32215) (CVE-2022-32215, bsc#1201327)
+ Incorrect Parsing of Header Fields (CVE-35256) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832)
* crypto: fix weak randomness in WebCrypto keygen * crypto: fix weak randomness in WebCrypto keygen
(CVE-2022-35255) (CVE-2022-35255, bsc#1203831)
-------------------------------------------------------------------
Sat Sep 17 10:35:31 UTC 2022 - Bruno Pitrus <brunopitrus@hotmail.com>
- Skip test-fs-utimes-y2K38.js on armv6hl as well as armv7hl.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Sep 15 15:00:25 UTC 2022 - Adam Majer <adam.majer@suse.de> Thu Sep 15 15:00:25 UTC 2022 - Adam Majer <adam.majer@suse.de>

7
test-skip-y2038-on-32bit-time_t.patch
View File

@ -2,7 +2,7 @@ Skip 'test/parallel/test-fs-utimes-y2K38.js' on some platforms.
This test fails if coreutils' touch was built with 64-bit time_t, This test fails if coreutils' touch was built with 64-bit time_t,
while nodejs was built with 32-bit time_t. This is currently the case while nodejs was built with 32-bit time_t. This is currently the case
on i586, ppc and armv7l. Skip the failing last command on those on i586, ppc and arm. Skip the failing last command on those
platforms. platforms.
The failure was seen since coreutils-9.0. The failure was seen since coreutils-9.0.
@ -16,7 +16,7 @@ Index: node-v16.6.2/test/parallel/test-fs-utimes-y2K38.js
=================================================================== ===================================================================
--- node-v16.6.2.orig/test/parallel/test-fs-utimes-y2K38.js --- node-v16.6.2.orig/test/parallel/test-fs-utimes-y2K38.js
+++ node-v16.6.2/test/parallel/test-fs-utimes-y2K38.js +++ node-v16.6.2/test/parallel/test-fs-utimes-y2K38.js
@@ -20,6 +20,23 @@ if (!common.isWindows) { @@ -20,6 +20,26 @@ if (!common.isWindows) {
common.skip('File system appears to lack Y2K38 support (touch failed)'); common.skip('File system appears to lack Y2K38 support (touch failed)');
} }
@ -32,6 +32,9 @@ Index: node-v16.6.2/test/parallel/test-fs-utimes-y2K38.js
+ if (unameResult.stdout.trim() === 'ppc') { + if (unameResult.stdout.trim() === 'ppc') {
+ common.skip('SUSE: test skipped on platforms with 32-bit time_t'); + common.skip('SUSE: test skipped on platforms with 32-bit time_t');
+ } + }
+ if (unameResult.stdout.trim() === 'armv6l') {
+ common.skip('SUSE: test skipped on platforms with 32-bit time_t');
+ }
+ if (unameResult.stdout.trim() === 'armv7l') { + if (unameResult.stdout.trim() === 'armv7l') {
+ common.skip('SUSE: test skipped on platforms with 32-bit time_t'); + common.skip('SUSE: test skipped on platforms with 32-bit time_t');
+ } + }