Adam Majer
2a1c926780
Controlled Modification of Object Prototype Attributes (bsc#1192696) - CVE-2021-3807.patch: node-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (bsc#1192154, CVE-2021-3807) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs10?expand=0&rev=174
62 lines
3.0 KiB
Diff
62 lines
3.0 KiB
Diff
From 93abb8f6d51195532e4a4270e9139f6caa0022a7 Mon Sep 17 00:00:00 2001
|
|
From: Yeting Li <liyt@ios.ac.cn>
|
|
Date: Thu, 9 Sep 2021 20:02:00 +0800
|
|
Subject: [PATCH] Fix potential ReDoS
|
|
|
|
---
|
|
index.js | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
Index: node-v10.24.1/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js
|
|
===================================================================
|
|
--- node-v10.24.1.orig/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js
|
|
+++ node-v10.24.1/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js
|
|
@@ -6,7 +6,7 @@ module.exports = options => {
|
|
}, options);
|
|
|
|
const pattern = [
|
|
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
|
|
].join('|');
|
|
|
|
Index: node-v10.24.1/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
|
|
===================================================================
|
|
--- node-v10.24.1.orig/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
|
|
+++ node-v10.24.1/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
|
|
@@ -2,7 +2,7 @@
|
|
|
|
module.exports = () => {
|
|
const pattern = [
|
|
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\\u0007)',
|
|
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))'
|
|
].join('|');
|
|
|
|
Index: node-v10.24.1/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
|
|
===================================================================
|
|
--- node-v10.24.1.orig/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
|
|
+++ node-v10.24.1/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
|
|
@@ -6,7 +6,7 @@ module.exports = options => {
|
|
}, options);
|
|
|
|
const pattern = [
|
|
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
|
|
].join('|');
|
|
|
|
Index: node-v10.24.1/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
|
|
===================================================================
|
|
--- node-v10.24.1.orig/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
|
|
+++ node-v10.24.1/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
|
|
@@ -6,7 +6,7 @@ module.exports = options => {
|
|
}, options);
|
|
|
|
const pattern = [
|
|
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
|
|
].join('|');
|
|
|