diff --git a/CVE-2024-21538.patch b/CVE-2024-21538.patch new file mode 100644 index 0000000..2e1b0de --- /dev/null +++ b/CVE-2024-21538.patch @@ -0,0 +1,46 @@ +Applied following patches, + +From 5ff3a07d9add449021d806e45c4168203aa833ff Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andr=C3=A9=20Cruz?= +Date: Wed, 6 Nov 2024 22:02:49 +0000 +Subject: [PATCH] fix: disable regexp backtracking (#160) + +--- + lib/util/escape.js | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + + +From 640d391fde65388548601d95abedccc12943374f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andr=C3=A9=20Cruz?= +Date: Thu, 7 Nov 2024 12:50:38 +0000 +Subject: [PATCH] fix: fix escaping bug introduced by backtracking + +--- + lib/util/escape.js | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + + +Index: node-v18.20.5/deps/npm/node_modules/cross-spawn/lib/util/escape.js +=================================================================== +--- node-v18.20.5.orig/deps/npm/node_modules/cross-spawn/lib/util/escape.js ++++ node-v18.20.5/deps/npm/node_modules/cross-spawn/lib/util/escape.js +@@ -15,15 +15,17 @@ function escapeArgument(arg, doubleEscap + arg = `${arg}`; + + // Algorithm below is based on https://qntm.org/cmd ++ // It's slightly altered to disable JS backtracking to avoid hanging on specially crafted input ++ // Please see https://github.com/moxystudio/node-cross-spawn/pull/160 for more information + + // Sequence of backslashes followed by a double quote: + // double up all the backslashes and escape the double quote +- arg = arg.replace(/(\\*)"/g, '$1$1\\"'); ++ arg = arg.replace(/(?=(\\+?)?)\1"/g, '$1$1\\"'); + + // Sequence of backslashes followed by the end of the string + // (which will become a double quote later): + // double up all the backslashes +- arg = arg.replace(/(\\*)$/, '$1$1'); ++ arg = arg.replace(/(?=(\\+?)?)\1$/, '$1$1'); + + // All other backslashes occur literally + diff --git a/SHASUMS256.txt b/SHASUMS256.txt index 5196a6f..845590b 100644 --- a/SHASUMS256.txt +++ b/SHASUMS256.txt @@ -1,41 +1,41 @@ -1bbf7e632ea55eabf920e8e27bb3e73ca4923eca78a300e5767635e9b2c0c603 node-v22.11.0-aix-ppc64.tar.gz -de6cd4db461b6dc3b3eab31a36b58e30d8af074183bcb13ceca6fd162a579ba6 node-v22.11.0-arm64.msi -2e89afe6f4e3aa6c7e21c560d8a0453d84807e97850bbb819b998531a22bdfde node-v22.11.0-darwin-arm64.tar.gz -c379a90c6aa605b74042a233ddcda4247b347ba5732007d280e44422cc8f9ecb node-v22.11.0-darwin-arm64.tar.xz -668d30b9512137b5f5baeef6c1bb4c46efff9a761ba990a034fb6b28b9da2465 node-v22.11.0-darwin-x64.tar.gz -ab28d1784625d151e3f608a9412a009118f376118ed842ae643f8c2efdfb0af6 node-v22.11.0-darwin-x64.tar.xz -0d42dc3b3377f49e495976dc0e4f5c3a7ffb1d714050d2f247afdbbc0898dae5 node-v22.11.0-headers.tar.gz -7eddf759cd3d1a0113c1a0ac7c080e5c0e458bca34a064c62dc8ce613ff5efdd node-v22.11.0-headers.tar.xz -27453f7a0dd6b9e6738f1f6ea6a09b102ec7aa484de1e39d6a1c3608ad47aa6a node-v22.11.0-linux-arm64.tar.gz -6031d04b98f59ff0f7cb98566f65b115ecd893d3b7870821171708cdbaf7ae6e node-v22.11.0-linux-arm64.tar.xz -f85ced095b17e2535859fd2a5641370c3fca12dd72147f93d2696e2909fe1e9d node-v22.11.0-linux-armv7l.tar.gz -9de0fdcfb1cccbe03f72f939e4e6f03867aef3da8223f90606cd93757704dae0 node-v22.11.0-linux-armv7l.tar.xz -0532965a717d3996302a111703c007dac2763e01795730d488dadbc2fcfac2fa node-v22.11.0-linux-ppc64le.tar.gz -d1d49d7d611b104b6d616e18ac439479d8296aa20e3741432de0e85f4735a81e node-v22.11.0-linux-ppc64le.tar.xz -64f691400ffe3a84be930e0cb03607d0b95bef122a679f7893d8e2972e90c521 node-v22.11.0-linux-s390x.tar.gz -f474ed77d6b13d66d07589aee1c2b9175be4c1b165483e608ac1674643064a99 node-v22.11.0-linux-s390x.tar.xz -4f862bab52039835efbe613b532238b6e4dde98d139a34e6923193e073438b13 node-v22.11.0-linux-x64.tar.gz -83bf07dd343002a26211cf1fcd46a9d9534219aad42ee02847816940bf610a72 node-v22.11.0-linux-x64.tar.xz -8d658eda7699d580ccc268ca8a40ced5aeecef5bb4d19c4187e92eebac5d68ec node-v22.11.0.pkg -24e5130fa7bc1eaab218a0c9cb05e03168fa381bb9e3babddc6a11f655799222 node-v22.11.0.tar.gz -bbf0297761d53aefda9d7855c57c7d2c272b83a7b5bad4fea9cb29006d8e1d35 node-v22.11.0.tar.xz -55b491f3d73fdacf8cf43a2199e824abadda2c43a94780310baa526dc1d679e2 node-v22.11.0-win-arm64.7z -b9ff5a6b6ffb68a0ffec82cc5664ed48247dabbd25ee6d129facd2f65a8ca80d node-v22.11.0-win-arm64.zip -d2a4fadb1f5e4abc634b6ac16c44cae7c73ffc3dbfe8b92b011d85f2df90f6c1 node-v22.11.0-win-x64.7z -905373a059aecaf7f48c1ce10ffbd5334457ca00f678747f19db5ea7d256c236 node-v22.11.0-win-x64.zip -ca0a274f1edc90005b1dc7ec22ec55dad1acc21320bc0be853065d69db2a5152 node-v22.11.0-win-x86.7z -700e0b1bcaca8b1a04c929ce29b0f07e099b4a34a7facab74fda71764d16f71c node-v22.11.0-win-x86.zip -9eea480bd30c98ae11a97cb89a9278235cbbbd03c171ee5e5198bd86b7965b4b node-v22.11.0-x64.msi -ab19f02c4b0d9f578928b67d2a652496aa31729a8cc9771ffc9cc6d3b8afe7e3 node-v22.11.0-x86.msi -b4e5e2821aeb518c0c55f02d4fcd9182c57f97bcce50341998333dba38e34ea4 win-arm64/node.exe -ad65afe5b192644fec9d599c77f0e38a8421d0d7ad2389679882a288c8df444b win-arm64/node.lib -0861cf0f1ff6135a21eb26279fc6a6f7dc9d9c0ac926a17553f387c32945eea5 win-arm64/node_pdb.7z -f35c2d1a967080b0a1e288b891cb9300a04d0b90042bac8c965c9ebcfc3749bf win-arm64/node_pdb.zip -7447c4ece014aa41fb2ff866c993c708e5a8213a00913cc2ac5049ea3ffc230d win-x64/node.exe -3581a06b68c4584d146372113eaa8c4d102127222e5041195ba38f185eef419c win-x64/node.lib -171d80aeedbe43bd70b3539de6f845a359d8dd97a684df2cbb4f49d8946f4991 win-x64/node_pdb.7z -7c3fa0149b17d9ff4b5af2f3e19e768b6ab684a9dd8dcf35ea204a90d3f56903 win-x64/node_pdb.zip -e54a4559dafd56562a45b50000831d28ee2f7f1ac4ff98b38165871f31f64ab8 win-x86/node.exe -45399070d1d247cf223d12e80d3e638635af24d2f7a4714bc8e38a6a918f162a win-x86/node.lib -a78040dbb0e7296eebe90c235091ee46a8a01587a226bf4e5a01f5b399e153d7 win-x86/node_pdb.7z -9fb300178536e8243ad55207ee85990731e77299c9e670cec0b54e10dc971713 win-x86/node_pdb.zip +b4cb7707b22218154cdcf8cbc9bbb5c941dab09961a544cc7aba6ab50da99926 node-v22.12.0-aix-ppc64.tar.gz +587e4f0fc2c27106e4e758a29db5726b337e660483dd554ea1610a4246fbf71b node-v22.12.0-arm64.msi +293dcc6c2408da21562d135b0412525e381bb6fe150d688edb58fe850d0f3e13 node-v22.12.0-darwin-arm64.tar.gz +0047be0cfda922eb73876f9ef41de361c36b7654c884d13d9b783b0efd1db9aa node-v22.12.0-darwin-arm64.tar.xz +52bc25dd026db7247c3c00439afdb83e95087248267f02d6c1a7250d1f896173 node-v22.12.0-darwin-x64.tar.gz +d68ef0c4c19b3b3b88c0e7408668d0a539607c136a14668e079feed0c6ec8bec node-v22.12.0-darwin-x64.tar.xz +c0760383af3c23637f46959a53113490fefb84cb388ac71a08d28761527e7b1b node-v22.12.0-headers.tar.gz +3cde28bb5820cf0f7593c7817c7a9ab1f15016dd85a6e5c240bbdf2a9c59130d node-v22.12.0-headers.tar.xz +9e7905fdee722f9650a03ae644b51c4c6effd3b98ac93c588700072ab35c9ddb node-v22.12.0-linux-arm64.tar.gz +8cfd5a8b9afae5a2e0bd86b0148ca31d2589c0ea669c2d0b11c132e35d90ed68 node-v22.12.0-linux-arm64.tar.xz +f6f3dc6493befa7844e2f65024f857dc8fbbc0d86089b09f6e73d5eb7e2ce9ad node-v22.12.0-linux-armv7l.tar.gz +afedb2695faacb22805adde9534f2a360f2b39cab622ebdfe5e7383a2b58ebb9 node-v22.12.0-linux-armv7l.tar.xz +a01148778eb1e9c56413e6a69cfe8d4563524c914dc3f9c667948a0d7a1a151a node-v22.12.0-linux-ppc64le.tar.gz +199a606ba1ee86cce6d6b369c71f9d00873d2836a6662592afc3b6a5923e2004 node-v22.12.0-linux-ppc64le.tar.xz +63dd2e20cb50e2145c06f8f55b5682753691965b20fa08797a969a15b751ac8e node-v22.12.0-linux-s390x.tar.gz +9b517f8006eb4b451d40c461cbe64f93c6455566dbe2613387ab02412bc06d35 node-v22.12.0-linux-s390x.tar.xz +e05a4d65232ae2b27b3d77da2e368522fb46b923335b8e0d5f77624c32484044 node-v22.12.0-linux-x64.tar.gz +22982235e1b71fa8850f82edd09cdae7e3f32df1764a9ec298c72d25ef2c164f node-v22.12.0-linux-x64.tar.xz +94068d6877faa376f0b00aa775b490d59ea9accc8dbc5616efaff400f670fee1 node-v22.12.0.pkg +3157e7c002b6e964bdbefb331ec38db1e2dceb064ab11c038275155461b22ce3 node-v22.12.0.tar.gz +fe1bc4be004dc12721ea2cb671b08a21de01c6976960ef8a1248798589679e16 node-v22.12.0.tar.xz +9c8e8fc0e409dc0cf32f159f9ccf11e95f1be5bb26e1a9b34f40bb9a6da3f0e2 node-v22.12.0-win-arm64.7z +17401720af48976e3f67c41e8968a135fb49ca1f88103a92e0e8c70605763854 node-v22.12.0-win-arm64.zip +922285593360adbe1fcd16d4e0049a13552dcad085fa53768c21c8d17089a134 node-v22.12.0-win-x64.7z +2b8f2256382f97ad51e29ff71f702961af466c4616393f767455501e6aece9b8 node-v22.12.0-win-x64.zip +6fa5480413f3bacc170f94e7aa332e5e8d8c3f9a03f05f802c6cbf6b1a265eef node-v22.12.0-win-x86.7z +b52129972529f22f1c8a726655842ca1fc13e0b4c37cd4d397270ba772032d43 node-v22.12.0-win-x86.zip +5fa43604523be95f8e73c4c98337a5c2bf02450a6525ad25ec2926e464e6bcef node-v22.12.0-x64.msi +97fd52500c6947d5886c616ce37c93d40f5b0b811a1f87f89783c25e0de345e3 node-v22.12.0-x86.msi +cfd2e0d9a708cf37acfecfd11ff237bb141893dc057080b4edb23af6a45d3f55 win-arm64/node.exe +423502a56ef7f7dd087df41b518f53104ce321ef2ab3031fe4ca22b965382d86 win-arm64/node.lib +739c03416daf8d2f2efc0bf48a8c2e53e0c14438b8a5889cc2995c5012ae7824 win-arm64/node_pdb.7z +70f9745e3380cf452d3a8fd156d5ed7ead92a30fdead78ea703afe5331f77e35 win-arm64/node_pdb.zip +b3b117a08ee61efee09e6fd523ab33c0c018da1b570bde08e4fd914dc1170ed6 win-x64/node.exe +7980a34112c38a9b269226bcd3a9148bf101411d794750f18dc15c5026b92b30 win-x64/node.lib +e9fc26cea58f8e1520a5a930c7fc40ac99f22c8470f5617d3e3f09dcd1feb7ef win-x64/node_pdb.7z +6a9417c99259f5d15a3c11dbe7a011a1484532b33bb84e5e8f8e3c733af74064 win-x64/node_pdb.zip +ab2390e667e9abfa16b97a27adf84cd9f08a4788816db54f56bc25893f76e9d1 win-x86/node.exe +289e832c5ff6ebb6be1644bf06d7078638447947cc6e314122e7f17b30ba268a win-x86/node.lib +525560e7fe53036a1caaf63ec3d4e508ea59079111c0f18b4de2bbf1069537ff win-x86/node_pdb.7z +82150928ab3f6bc3f50b4cc540b987b3c41ea7f3f93f790e4acf58553572faea win-x86/node_pdb.zip diff --git a/SHASUMS256.txt.sig b/SHASUMS256.txt.sig index f3533ab..dc4b074 100644 Binary files a/SHASUMS256.txt.sig and b/SHASUMS256.txt.sig differ diff --git a/fix_ci_tests.patch b/fix_ci_tests.patch index 4adbca7..c9bd3ce 100644 --- a/fix_ci_tests.patch +++ b/fix_ci_tests.patch @@ -2,23 +2,10 @@ Author: Adam Majer Date: Dec 20 09:18:49 UTC 2017 Summary: Fix CI unit tests framework for OBS building -Index: node-v22.10.0/test/parallel/test-node-output-v8-warning.mjs +Index: node-v22.12.0/test/parallel/test-module-loading-globalpaths.js =================================================================== ---- node-v22.10.0.orig/test/parallel/test-node-output-v8-warning.mjs -+++ node-v22.10.0/test/parallel/test-node-output-v8-warning.mjs -@@ -15,7 +15,7 @@ describe('v8 output', { concurrency: !pr - .replaceAll('*test*', '*') - .replaceAll(/.*?\*fixtures\*v8\*/g, '(node:*) V8: *') // Replace entire path before fixtures/v8 - .replaceAll('*fixtures*v8*', '*') -- .replaceAll('node --', '* --'); -+ .replace(/node\d+ --/, '* --'); - } - const common = snapshot - .transform(snapshot.replaceWindowsLineEndings, snapshot.replaceWindowsPaths, replaceNodeVersion); -Index: node-v22.10.0/test/parallel/test-module-loading-globalpaths.js -=================================================================== ---- node-v22.10.0.orig/test/parallel/test-module-loading-globalpaths.js -+++ node-v22.10.0/test/parallel/test-module-loading-globalpaths.js +--- node-v22.12.0.orig/test/parallel/test-module-loading-globalpaths.js ++++ node-v22.12.0/test/parallel/test-module-loading-globalpaths.js @@ -11,6 +11,9 @@ const { addLibraryPath } = require('../c addLibraryPath(process.env); @@ -29,10 +16,10 @@ Index: node-v22.10.0/test/parallel/test-module-loading-globalpaths.js if (process.argv[2] === 'child') { console.log(require(pkgName).string); } else { -Index: node-v22.10.0/test/parallel/test-tls-passphrase.js +Index: node-v22.12.0/test/parallel/test-tls-passphrase.js =================================================================== ---- node-v22.10.0.orig/test/parallel/test-tls-passphrase.js -+++ node-v22.10.0/test/parallel/test-tls-passphrase.js +--- node-v22.12.0.orig/test/parallel/test-tls-passphrase.js ++++ node-v22.12.0/test/parallel/test-tls-passphrase.js @@ -223,7 +223,7 @@ server.listen(0, common.mustCall(functio }, onSecureConnect()); })).unref(); @@ -42,10 +29,10 @@ Index: node-v22.10.0/test/parallel/test-tls-passphrase.js // Missing passphrase assert.throws(function() { -Index: node-v22.10.0/test/parallel/test-repl-envvars.js +Index: node-v22.12.0/test/parallel/test-repl-envvars.js =================================================================== ---- node-v22.10.0.orig/test/parallel/test-repl-envvars.js -+++ node-v22.10.0/test/parallel/test-repl-envvars.js +--- node-v22.12.0.orig/test/parallel/test-repl-envvars.js ++++ node-v22.12.0/test/parallel/test-repl-envvars.js @@ -2,7 +2,9 @@ // Flags: --expose-internals @@ -57,11 +44,11 @@ Index: node-v22.10.0/test/parallel/test-repl-envvars.js const stream = require('stream'); const { describe, test } = require('node:test'); const REPL = require('internal/repl'); -Index: node-v22.10.0/Makefile +Index: node-v22.12.0/Makefile =================================================================== ---- node-v22.10.0.orig/Makefile -+++ node-v22.10.0/Makefile -@@ -399,7 +399,6 @@ ADDONS_HEADERS_PREREQS := tools/install. +--- node-v22.12.0.orig/Makefile ++++ node-v22.12.0/Makefile +@@ -397,7 +397,6 @@ ADDONS_HEADERS_PREREQS := tools/install. $(wildcard deps/uv/include/*/*.h) \ $(wildcard deps/v8/include/*.h) \ $(wildcard deps/v8/include/*/*.h) \ @@ -69,7 +56,7 @@ Index: node-v22.10.0/Makefile src/node.h src/node_api.h src/js_native_api.h src/js_native_api_types.h \ src/node_api_types.h src/node_buffer.h src/node_object_wrap.h \ src/node_version.h -@@ -572,6 +571,7 @@ test-ci-js: | clear-stalled ## Build and +@@ -570,6 +569,7 @@ test-ci-js: | clear-stalled ## Build and # Related CI jobs: most CI tests, excluding node-test-commit-arm-fanned test-ci: LOGLEVEL := info ## Build and test everything (CI). test-ci: | clear-stalled bench-addons-build build-addons build-js-native-api-tests build-node-api-tests doc-only @@ -77,7 +64,7 @@ Index: node-v22.10.0/Makefile out/Release/cctest --gtest_output=xml:out/junit/cctest.xml $(PYTHON) tools/test.py $(PARALLEL_ARGS) -p tap --logfile test.tap \ --mode=$(BUILDTYPE_LOWER) --flaky-tests=$(FLAKY_TESTS) \ -@@ -752,7 +752,8 @@ apidocs_json = $(addprefix out/,$(apidoc +@@ -750,7 +750,8 @@ apidocs_json = $(addprefix out/,$(apidoc apiassets = $(subst api_assets,api/assets,$(addprefix out/,$(wildcard doc/api_assets/*))) tools/doc/node_modules: tools/doc/package.json @@ -87,10 +74,10 @@ Index: node-v22.10.0/Makefile echo "Skipping tools/doc/node_modules (no crypto)"; \ else \ cd tools/doc && $(call available-node,$(run-npm-ci)) \ -Index: node-v22.10.0/tools/test.py +Index: node-v22.12.0/tools/test.py =================================================================== ---- node-v22.10.0.orig/tools/test.py -+++ node-v22.10.0/tools/test.py +--- node-v22.12.0.orig/tools/test.py ++++ node-v22.12.0/tools/test.py @@ -1386,7 +1386,7 @@ def BuildOptions(): result.add_option("-s", "--suite", help="A test suite", default=[], action="append") @@ -100,10 +87,10 @@ Index: node-v22.10.0/tools/test.py result.add_option("--arch", help='The architecture to run tests for', default='none') result.add_option("--snapshot", help="Run the tests with snapshot turned on", -Index: node-v22.10.0/test/parallel/test-crypto-dh.js +Index: node-v22.12.0/test/parallel/test-crypto-dh.js =================================================================== ---- node-v22.10.0.orig/test/parallel/test-crypto-dh.js -+++ node-v22.10.0/test/parallel/test-crypto-dh.js +--- node-v22.12.0.orig/test/parallel/test-crypto-dh.js ++++ node-v22.12.0/test/parallel/test-crypto-dh.js @@ -93,7 +93,7 @@ const crypto = require('crypto'); dh3.computeSecret(''); }, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ? @@ -113,10 +100,10 @@ Index: node-v22.10.0/test/parallel/test-crypto-dh.js } } -Index: node-v22.10.0/test/parallel/test-dns.js +Index: node-v22.12.0/test/parallel/test-dns.js =================================================================== ---- node-v22.10.0.orig/test/parallel/test-dns.js -+++ node-v22.10.0/test/parallel/test-dns.js +--- node-v22.12.0.orig/test/parallel/test-dns.js ++++ node-v22.12.0/test/parallel/test-dns.js @@ -403,7 +403,7 @@ assert.throws(() => { const server = dgram.createSocket('udp4'); diff --git a/icu76.1.patch b/icu76.1.patch deleted file mode 100644 index 8ec79d3..0000000 --- a/icu76.1.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: node-v22.11.0/configure.py -=================================================================== ---- node-v22.11.0.orig/configure.py -+++ node-v22.11.0/configure.py -@@ -1876,7 +1876,7 @@ def configure_intl(o): - elif with_intl == 'system-icu': - # ICU from pkg-config. - o['variables']['v8_enable_i18n_support'] = 1 -- pkgicu = pkg_config('icu-i18n') -+ pkgicu = pkg_config('icu-i18n icu-uc') - if not pkgicu[0]: - error('''Could not load pkg-config data for "icu-i18n". - See above errors or the README.md.''') diff --git a/linker_lto_jobs.patch b/linker_lto_jobs.patch index 6bcb4ae..22ceffe 100644 --- a/linker_lto_jobs.patch +++ b/linker_lto_jobs.patch @@ -3,11 +3,11 @@ is run serially over these binaries instead of in parallel. OBS workers run out of memory as each executable seems to require upward of 5G RAM -Index: node-v22.10.0/node.gyp +Index: node-v22.12.0/node.gyp =================================================================== ---- node-v22.10.0.orig/node.gyp -+++ node-v22.10.0/node.gyp -@@ -1193,6 +1193,7 @@ +--- node-v22.12.0.orig/node.gyp ++++ node-v22.12.0/node.gyp +@@ -1186,6 +1186,7 @@ 'deps/simdutf/simdutf.gyp:simdutf', 'deps/ada/ada.gyp:ada', 'deps/nbytes/nbytes.gyp:nbytes', @@ -15,8 +15,8 @@ Index: node-v22.10.0/node.gyp ], 'includes': [ -@@ -1273,6 +1274,7 @@ - 'deps/sqlite/sqlite.gyp:sqlite', +@@ -1264,6 +1265,7 @@ + 'deps/histogram/histogram.gyp:histogram', 'deps/ada/ada.gyp:ada', 'deps/nbytes/nbytes.gyp:nbytes', + 'cctest' diff --git a/node-v22.11.0.tar.xz b/node-v22.11.0.tar.xz deleted file mode 100644 index 93767f0..0000000 --- a/node-v22.11.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bbf0297761d53aefda9d7855c57c7d2c272b83a7b5bad4fea9cb29006d8e1d35 -size 47006780 diff --git a/node-v22.12.0.tar.xz b/node-v22.12.0.tar.xz new file mode 100644 index 0000000..c65497d --- /dev/null +++ b/node-v22.12.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fe1bc4be004dc12721ea2cb671b08a21de01c6976960ef8a1248798589679e16 +size 47625776 diff --git a/nodejs-libpath.patch b/nodejs-libpath.patch index 7416139..40de55f 100644 --- a/nodejs-libpath.patch +++ b/nodejs-libpath.patch @@ -1,16 +1,16 @@ -Index: node-v20.12.0/tools/install.py +Index: node-v22.12.0/tools/install.py =================================================================== ---- node-v20.12.0.orig/tools/install.py -+++ node-v20.12.0/tools/install.py -@@ -6,6 +6,7 @@ import errno - import os +--- node-v22.12.0.orig/tools/install.py ++++ node-v22.12.0/tools/install.py +@@ -7,6 +7,7 @@ import os + import platform import shutil import sys +from distutils import sysconfig import re - def abspath(*args): -@@ -66,6 +67,10 @@ def try_copy(options, path, dest): + current_system = platform.system() +@@ -72,6 +73,10 @@ def try_copy(options, path, dest): try_unlink(target_path) # prevent ETXTBSY errors return shutil.copy2(source_path, target_path) @@ -21,7 +21,7 @@ Index: node-v20.12.0/tools/install.py def try_remove(options, path, dest): source_path, target_path = mkpaths(options, path, dest) if not options.silent: -@@ -82,7 +87,7 @@ def uninstall(options, paths, dest): +@@ -88,7 +93,7 @@ def uninstall(options, paths, dest): try_remove(options, path, dest) def package_files(options, action, name, bins): @@ -30,7 +30,7 @@ Index: node-v20.12.0/tools/install.py # don't install npm if the target path is a symlink, it probably means # that a dev version of npm is installed there -@@ -103,7 +108,7 @@ def package_files(options, action, name, +@@ -109,7 +114,7 @@ def package_files(options, action, name, if action == uninstall: action(options, [link_path], os.path.join('bin', bin_name)) elif action == install: @@ -39,11 +39,11 @@ Index: node-v20.12.0/tools/install.py else: assert 0 # unhandled action type -Index: node-v20.12.0/lib/internal/modules/cjs/loader.js +Index: node-v22.12.0/lib/internal/modules/cjs/loader.js =================================================================== ---- node-v20.12.0.orig/lib/internal/modules/cjs/loader.js -+++ node-v20.12.0/lib/internal/modules/cjs/loader.js -@@ -1529,7 +1529,7 @@ Module._initPaths = function() { +--- node-v22.12.0.orig/lib/internal/modules/cjs/loader.js ++++ node-v22.12.0/lib/internal/modules/cjs/loader.js +@@ -1798,7 +1798,7 @@ Module._initPaths = function() { path.resolve(process.execPath, '..') : path.resolve(process.execPath, '..', '..'); diff --git a/nodejs.keyring b/nodejs.keyring index dc32334..2d1e055 100644 Binary files a/nodejs.keyring and b/nodejs.keyring differ diff --git a/nodejs22.changes b/nodejs22.changes index 954d588..46bef60 100644 --- a/nodejs22.changes +++ b/nodejs22.changes @@ -3,6 +3,20 @@ Thu Dec 5 13:53:22 UTC 2024 - Adam Majer - add python3-setuptools requirements (needed for python 3.13+) +------------------------------------------------------------------- +Wed Dec 4 16:59:08 UTC 2024 - Adam Majer + +- Update to 22.12.0: + * require(esm) is now enabled by default + * Added resizable ArrayBuffer support in Buffer + +- CVE-2024-21538.patch: fixes regular expression denial of service + (bsc#1233856, CVE-2024-21538) +- icu76.1.patch: upstreamed, dropped +- linker_lto_jobs.patch, nodejs-libpath.patch, fix_ci_tests.patch: refreshed +- nodejs.keyring: updated with upstream releaser list +- old_cares.patch: fix with older c-ares + ------------------------------------------------------------------- Wed Nov 20 10:04:23 UTC 2024 - Adam Majer diff --git a/nodejs22.spec b/nodejs22.spec index 14479d4..98f1430 100644 --- a/nodejs22.spec +++ b/nodejs22.spec @@ -31,7 +31,7 @@ %endif Name: nodejs22 -Version: 22.11.0 +Version: 22.12.0 Release: 0 # Double DWZ memory limits @@ -147,6 +147,7 @@ Patch7: manual_configure.patch Patch13: openssl_binary_detection.patch +Patch82: CVE-2024-21538.patch ## Patches specific to SUSE and openSUSE Patch100: linker_lto_jobs.patch @@ -172,7 +173,7 @@ Patch200: versioned.patch Patch305: qemu_timeouts_arches.patch Patch307: v8-i586.patch Patch309: gcc13.patch -Patch311: icu76.1.patch +Patch311: old_cares.patch BuildRequires: pkg-config BuildRequires: fdupes @@ -312,7 +313,7 @@ BuildRequires: bundled_openssl_should_not_be_required %if ! 0%{with intree_cares} BuildRequires: pkgconfig(libcares) >= 1.17.0 %else -Provides: bundled(libcares2) = 1.33.1 +Provides: bundled(libcares2) = 1.34.3 %endif %if %node_version_number >= 22 @@ -322,13 +323,13 @@ BuildRequires: sqlite3-devel %if ! 0%{with intree_icu} BuildRequires: pkgconfig(icu-i18n) >= 71 %else -Provides: bundled(icu) = 75.1 +Provides: bundled(icu) = 76.1 %endif %if ! 0%{with intree_nghttp2} BuildRequires: libnghttp2-devel >= 1.41.0 %else -Provides: bundled(nghttp2) = 1.63.0 +Provides: bundled(nghttp2) = 1.64.0 %endif %if 0%{with valgrind_tests} @@ -378,7 +379,7 @@ ExclusiveArch: not_buildable %endif Provides: bundled(uvwasi) = 0.0.21 -Provides: bundled(libuv) = 1.48.0 +Provides: bundled(libuv) = 1.49.1 Provides: bundled(v8) = 12.4.254.21 %if %{with intree_brotli} Provides: bundled(brotli) = 1.1.0 @@ -390,18 +391,18 @@ BuildRequires: pkgconfig(libbrotlidec) Provides: bundled(llhttp) = 9.2.1 Provides: bundled(ngtcp2) = 1.3.0 -Provides: bundled(simdutf) = 5.5.0 +Provides: bundled(simdutf) = 5.6.1 Provides: bundled(simdjson) = 3.10.0 # bundled url-ada parser, not ada -Provides: bundled(ada) = 2.9.0 +Provides: bundled(ada) = 2.9.2 -Provides: bundled(node-acorn) = 8.12.1 +Provides: bundled(node-acorn) = 8.14.0 Provides: bundled(node-acorn-walk) = 8.3.4 -Provides: bundled(node-amaro) = 0.1.8 +Provides: bundled(node-amaro) = 0.2.0 Provides: bundled(node-cjs-module-lexer) = 1.4.1 Provides: bundled(node-corepack) = 0.29.4 Provides: bundled(node-minimatch) = 10.0.1 -Provides: bundled(node-undici) = 6.20.0 +Provides: bundled(node-undici) = 6.21.0 %description Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js @@ -691,6 +692,7 @@ popd %if 0%{with valgrind_tests} %endif %patch -P 13 -p1 +%patch -P 82 -p1 %patch -P 100 -p1 %patch -P 101 -p1 %if 0%{?suse_version} >= 1500 || 0%{?suse_version} == 0 @@ -712,7 +714,6 @@ popd %patch -P 309 -p1 %patch -P 311 -p1 - %if %{node_version_number} == 12 # minimist security update - patch50 rm -r deps/npm/node_modules/mkdirp/node_modules/minimist diff --git a/old_cares.patch b/old_cares.patch new file mode 100644 index 0000000..e6f906a --- /dev/null +++ b/old_cares.patch @@ -0,0 +1,155 @@ +temporary revert changes until we can upgrade c-ares in SLE-15:Update + +commit bf68733e7f61bf4ff51a456e27123f44a526aebc +Author: Aviv Keller +Date: Wed Oct 30 10:10:28 2024 -0400 + + dns: stop using deprecated `ares_query` + + PR-URL: https://github.com/nodejs/node/pull/55430 + Refs: https://github.com/nodejs/node/issues/52464 + Reviewed-By: Luigi Pinca + Reviewed-By: Matteo Collina + + +Index: node-v22.12.0/src/cares_wrap.cc +=================================================================== +--- node-v22.12.0.orig/src/cares_wrap.cc ++++ node-v22.12.0/src/cares_wrap.cc +@@ -825,62 +825,62 @@ void ChannelWrap::EnsureServers() { + } + + int AnyTraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_ANY); ++ wrap->AresQuery(name, ns_c_in, ns_t_any); + return ARES_SUCCESS; + } + + int ATraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_A); ++ wrap->AresQuery(name, ns_c_in, ns_t_a); + return ARES_SUCCESS; + } + + int AaaaTraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_AAAA); ++ wrap->AresQuery(name, ns_c_in, ns_t_aaaa); + return ARES_SUCCESS; + } + + int CaaTraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_CAA); ++ wrap->AresQuery(name, ns_c_in, T_CAA); + return ARES_SUCCESS; + } + + int CnameTraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_CNAME); ++ wrap->AresQuery(name, ns_c_in, ns_t_cname); + return ARES_SUCCESS; + } + + int MxTraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_MX); ++ wrap->AresQuery(name, ns_c_in, ns_t_mx); + return ARES_SUCCESS; + } + + int NsTraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_NS); ++ wrap->AresQuery(name, ns_c_in, ns_t_ns); + return ARES_SUCCESS; + } + + int TxtTraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_TXT); ++ wrap->AresQuery(name, ns_c_in, ns_t_txt); + return ARES_SUCCESS; + } + + int SrvTraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_SRV); ++ wrap->AresQuery(name, ns_c_in, ns_t_srv); + return ARES_SUCCESS; + } + + int PtrTraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_PTR); ++ wrap->AresQuery(name, ns_c_in, ns_t_ptr); + return ARES_SUCCESS; + } + + int NaptrTraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_NAPTR); ++ wrap->AresQuery(name, ns_c_in, ns_t_naptr); + return ARES_SUCCESS; + } + + int SoaTraits::Send(QueryWrap* wrap, const char* name) { +- wrap->AresQuery(name, ARES_CLASS_IN, ARES_REC_TYPE_SOA); ++ wrap->AresQuery(name, ns_c_in, ns_t_soa); + return ARES_SUCCESS; + } + +Index: node-v22.12.0/src/cares_wrap.h +=================================================================== +--- node-v22.12.0.orig/src/cares_wrap.h ++++ node-v22.12.0/src/cares_wrap.h +@@ -246,20 +246,18 @@ class QueryWrap final : public AsyncWrap + return Traits::Send(this, name); + } + +- void AresQuery(const char* name, +- ares_dns_class_t dnsclass, +- ares_dns_rec_type_t type) { ++ void AresQuery(const char* name, int dnsclass, int type) { + channel_->EnsureServers(); + TRACE_EVENT_NESTABLE_ASYNC_BEGIN1( + TRACING_CATEGORY_NODE2(dns, native), trace_name_, this, + "name", TRACE_STR_COPY(name)); +- ares_query_dnsrec(channel_->cares_channel(), +- name, +- dnsclass, +- type, +- Callback, +- MakeCallbackPointer(), +- nullptr); ++ ares_query( ++ channel_->cares_channel(), ++ name, ++ dnsclass, ++ type, ++ Callback, ++ MakeCallbackPointer()); + } + + void ParseError(int status) { +@@ -306,20 +304,19 @@ class QueryWrap final : public AsyncWrap + return wrap; + } + +- static void Callback(void* arg, +- ares_status_t status, +- size_t timeouts, +- const ares_dns_record_t* dnsrec) { ++ static void Callback( ++ void* arg, ++ int status, ++ int timeouts, ++ unsigned char* answer_buf, ++ int answer_len) { + QueryWrap* wrap = FromCallbackPointer(arg); + if (wrap == nullptr) return; + + unsigned char* buf_copy = nullptr; +- size_t answer_len = 0; + if (status == ARES_SUCCESS) { +- // No need to explicitly call ares_free_string here, +- // as it is a wrapper around free, which is already +- // invoked when MallocedBuffer is destructed. +- ares_dns_write(dnsrec, &buf_copy, &answer_len); ++ buf_copy = node::Malloc(answer_len); ++ memcpy(buf_copy, answer_buf, answer_len); + } + + wrap->response_data_ = std::make_unique();