Adam Majer
9f6873743e
* Upgrade npm to 6.14.16
+ CVE-2021-23343 - ReDoS via splitDeviceRe, splitTailRe and
splitPathRe (bsc#1192153)
+ CVE-2021-23343 - node-tar: Insufficient symlink protection
allowing arbitrary file creation and overwrite (bsc#1191963)
+ CVE-2021-32804 - node-tar: Insufficient absolute path sanitization
allowing arbitrary file creation and overwrite (bsc#1191962)
+ CVE-2021-3918 - json-schema is vulnerable to Improperly
Controlled Modification of Object Prototype Attributes (bsc#1192696)
* Updated ICU time zone data
- CVE-2021-3807.patch: node-ansi-regex: Regular expression
denial of service (ReDoS) matching ANSI escape codes
(bsc#1192154, CVE-2021-3807)
- versioned.patch: refreshed
- z15-test-skip.patch: dropped
- fix_ci_tests.patch: fix tests on z15
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=138
62 lines
3.0 KiB
Diff
62 lines
3.0 KiB
Diff
From 93abb8f6d51195532e4a4270e9139f6caa0022a7 Mon Sep 17 00:00:00 2001
|
|
From: Yeting Li <liyt@ios.ac.cn>
|
|
Date: Thu, 9 Sep 2021 20:02:00 +0800
|
|
Subject: [PATCH] Fix potential ReDoS
|
|
|
|
---
|
|
index.js | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
Index: node-v10.24.1/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js
|
|
===================================================================
|
|
--- node-v10.24.1.orig/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js
|
|
+++ node-v10.24.1/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js
|
|
@@ -6,7 +6,7 @@ module.exports = options => {
|
|
}, options);
|
|
|
|
const pattern = [
|
|
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
|
|
].join('|');
|
|
|
|
Index: node-v10.24.1/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
|
|
===================================================================
|
|
--- node-v10.24.1.orig/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
|
|
+++ node-v10.24.1/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
|
|
@@ -2,7 +2,7 @@
|
|
|
|
module.exports = () => {
|
|
const pattern = [
|
|
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\\u0007)',
|
|
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))'
|
|
].join('|');
|
|
|
|
Index: node-v10.24.1/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
|
|
===================================================================
|
|
--- node-v10.24.1.orig/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
|
|
+++ node-v10.24.1/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
|
|
@@ -6,7 +6,7 @@ module.exports = options => {
|
|
}, options);
|
|
|
|
const pattern = [
|
|
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
|
|
].join('|');
|
|
|
|
Index: node-v10.24.1/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
|
|
===================================================================
|
|
--- node-v10.24.1.orig/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
|
|
+++ node-v10.24.1/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
|
|
@@ -6,7 +6,7 @@ module.exports = options => {
|
|
}, options);
|
|
|
|
const pattern = [
|
|
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
|
|
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
|
|
].join('|');
|
|
|