nodejs/nodejs8
SHA256
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: nodejs:4e7bcdb27ebf823d59d6755412d525a78ac3e784f6ba49ea5ff920d158289f96
Branches Tags
nodejs:main
...
compare: nodejs:8286770095cf463d7ae9e568a606d7f6ada5a357a8c63b9c92c99dfdcb6fcdd2
Branches Tags
nodejs:main

10 Commits
4e7bcdb27e ... 8286770095

Author SHA256 Message Date
Adam Majer
8286770095 fix typo in changes 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=185
 2022-05-02 11:01:18 +00:00
Adam Majer
c9b44edd37 (bsc#1198247, CVE-2021-44906) 
- CVE-2021-44907.patch: fix insuficient sanitation in npm dependency
  (bsc#1197283, CVE-2021-44907)
- CVE-2022-0235.patch: fix passing of cookie data and sensitive headers
  to different hostnames in node-fetch-npm (bsc#1194819, CVE-2022-0235)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=184
 2022-04-21 14:26:21 +00:00
Adam Majer
5731acaa08 - CVE-2021-44906.patch: fix prototype pollution in npm dependency 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=183
 2022-04-20 12:12:11 +00:00
Adam Majer
819316cde3 - CVE-2021-44906.patch: fix prototype pollution in npm dependecy 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=182
 2022-04-20 11:15:43 +00:00
Adam Majer
847d392aec - fix_ci_tests.patch: fix zlib tests for z15 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=181
 2022-02-16 11:38:17 +00:00
Adam Majer
17a6d023c1 - npm-v6.14.16.tar.gz: update to npm 6.14.16 fixing 
* CVE-2021-23343 - ReDoS via splitDeviceRe, splitTailRe and
    splitPathRe (bsc#1192153)
  * CVE-2021-23343 - node-tar: Insufficient symlink protection
    allowing arbitrary file creation and overwrite (bsc#1191963)
  * CVE-2021-32804 - node-tar: Insufficient absolute path sanitization
    allowing arbitrary file creation and overwrite (bsc#1191962)
  * CVE-2021-3918 - json-schema is vulnerable to Improperly
    Controlled Modification of Object Prototype Attributes (bsc#1192696)
- CVE-2021-3807.patch: node-ansi-regex: Regular expression
  denial of service (ReDoS) matching ANSI escape codes
  (bsc#1192154, CVE-2021-3807)
- test_ssl_cert_fixups.patch: fixup SSL certificates in unit tests

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=180
 2022-02-16 10:39:49 +00:00
Adam Majer
48635dbb89 - CVE-2021-22930.patch: http2: fixes use after free on close 
in stream canceling (bsc#1188917, CVE-2021-22930)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=179
 2021-08-04 16:38:50 +00:00
Adam Majer
7265e7b02f OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=178 2021-07-07 14:24:19 +00:00
Adam Majer
c59587fdbd - CVE-2020-8265.patch: Add a unit test for CVE-2020-8265 to make 
sure we don't have it broken in the future.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=177
 2021-07-07 12:58:16 +00:00
Adam Majer
e96d73bf02 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=176 2021-07-06 15:10:25 +00:00
11 changed files with 2027 additions and 41 deletions
Expand all files Collapse all files

71
CVE-2021-22930.patch Normal file
View File

@@ -0,0 +1,71 @@
From b263f2585ab53f56e0e22b46cf1f8519a8af8a05 Mon Sep 17 00:00:00 2001
From: Akshay K <iit.akshay@gmail.com>
Date: Mon, 26 Jul 2021 08:21:51 -0400
Subject: [PATCH] http2: on receiving rst_stream with cancel code add it to
pending list
PR-URL: https://github.com/nodejs/node/pull/39423
Backport-PR-URL: https://github.com/nodejs/node/pull/39527
Fixes: https://github.com/nodejs/node/issues/38964
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
---
src/node_http2.cc | 17 +++++++++++++++++
src/node_http2.h | 16 ++++++++++++++++
2 files changed, 33 insertions(+)
Index: node-v8.17.0/src/node_http2.cc
===================================================================
--- node-v8.17.0.orig/src/node_http2.cc
+++ node-v8.17.0/src/node_http2.cc
@@ -2299,6 +2299,23 @@ inline int Http2Stream::SubmitPriority(n
inline void Http2Stream::SubmitRstStream(const uint32_t code) {
CHECK(!this->IsDestroyed());
code_ = code;
+
+ // If RST_STREAM frame is received and stream is not writable
+ // because it is busy reading data, don't try force purging it.
+ // Instead add the stream to pending stream list and process
+ // the pending data when it is safe to do so. This is to avoid
+ // double free error due to unwanted behavior of nghttp2.
+ // Ref:https://github.com/nodejs/node/issues/38964
+
+ // Add stream to the pending list if it is received with scope
+ // below in the stack. The pending list may not get processed
+ // if RST_STREAM received is not in scope and added to the list
+ // causing endpoint to hang.
+ if (session_->is_in_scope() && IsReading()) {
+ session_->AddPendingRstStream(id_);
+ return;
+ }
+
// If possible, force a purge of any currently pending data here to make sure
// it is sent before closing the stream. If it returns non-zero then we need
// to wait until the current write finishes and try again to avoid nghttp2
Index: node-v8.17.0/src/node_http2.h
===================================================================
--- node-v8.17.0.orig/src/node_http2.h
+++ node-v8.17.0/src/node_http2.h
@@ -812,6 +812,22 @@ class Http2Session : public AsyncWrap {
return (flags_ & SESSION_STATE_CLOSED) || session_ == nullptr;
}
+
+ // The changes are backported and exposes APIs to check the
+ // status flag of `Http2Session`
+#define IS_FLAG(name, flag) \
+ bool is_##name() const { return flags_ & flag; }
+
+ IS_FLAG(in_scope, SESSION_STATE_HAS_SCOPE)
+ IS_FLAG(write_scheduled, SESSION_STATE_WRITE_SCHEDULED)
+ IS_FLAG(closing, SESSION_STATE_CLOSING)
+ IS_FLAG(sending, SESSION_STATE_SENDING)
+ IS_FLAG(write_in_progress, SESSION_STATE_WRITE_IN_PROGRESS)
+ IS_FLAG(reading_stopped, SESSION_STATE_READING_STOPPED)
+ IS_FLAG(receive_paused, SESSION_STATE_NGHTTP2_RECV_PAUSED)
+
+#undef IS_FLAG
+
// Schedule a write if nghttp2 indicates it wants to write to the socket.
void MaybeScheduleWrite();

61
CVE-2021-3807.patch Normal file
View File

@@ -0,0 +1,61 @@
From 93abb8f6d51195532e4a4270e9139f6caa0022a7 Mon Sep 17 00:00:00 2001
From: Yeting Li <liyt@ios.ac.cn>
Date: Thu, 9 Sep 2021 20:02:00 +0800
Subject: [PATCH] Fix potential ReDoS
---
index.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: node-v10.24.1/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js
===================================================================
--- node-v10.24.1.orig/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js
+++ node-v10.24.1/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js
@@ -6,7 +6,7 @@ module.exports = options => {
}, options);
const pattern = [
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
].join('|');
Index: node-v10.24.1/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
===================================================================
--- node-v10.24.1.orig/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
+++ node-v10.24.1/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
@@ -2,7 +2,7 @@
module.exports = () => {
const pattern = [
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\\u0007)',
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))'
].join('|');
Index: node-v10.24.1/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
===================================================================
--- node-v10.24.1.orig/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
+++ node-v10.24.1/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
@@ -6,7 +6,7 @@ module.exports = options => {
}, options);
const pattern = [
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
].join('|');
Index: node-v10.24.1/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
===================================================================
--- node-v10.24.1.orig/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
+++ node-v10.24.1/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
@@ -6,7 +6,7 @@ module.exports = options => {
}, options);
const pattern = [
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
].join('|');

81
CVE-2021-44906.patch Normal file
View File

@@ -0,0 +1,81 @@
Index: node-v8.17.0/deps/npm/node_modules/minimist/index.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/minimist/index.js
+++ node-v8.17.0/deps/npm/node_modules/minimist/index.js
@@ -70,7 +70,7 @@ module.exports = function (args, opts) {
var o = obj;
for (var i = 0; i < keys.length-1; i++) {
var key = keys[i];
- if (key === '__proto__') return;
+ if (isConstructorOrProto(o, key)) return;
if (o[key] === undefined) o[key] = {};
if (o[key] === Object.prototype || o[key] === Number.prototype
|| o[key] === String.prototype) o[key] = {};
@@ -79,7 +79,7 @@ module.exports = function (args, opts) {
}
var key = keys[keys.length - 1];
- if (key === '__proto__') return;
+ if (isConstructorOrProto(o, key)) return;
if (o === Object.prototype || o === Number.prototype
|| o === String.prototype) o = {};
if (o === Array.prototype) o = [];
@@ -243,3 +243,7 @@ function isNumber (x) {
return /^[-+]?(?:\d+(?:\.\d*)?|\.\d+)(e[-+]?\d+)?$/.test(x);
}
+
+function isConstructorOrProto (obj, key) {
+ return key === 'constructor' && typeof obj[key] === 'function' || key === '__proto__';
+}
Index: node-v8.17.0/deps/npm/node_modules/minimist/package.json
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/minimist/package.json
+++ node-v8.17.0/deps/npm/node_modules/minimist/package.json
@@ -69,5 +69,5 @@
"opera/12"
]
},
- "version": "1.2.5"
+ "version": "1.2.6"
}
Index: node-v8.17.0/deps/npm/node_modules/minimist/readme.markdown
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/minimist/readme.markdown
+++ node-v8.17.0/deps/npm/node_modules/minimist/readme.markdown
@@ -34,7 +34,10 @@ $ node example/parse.js -x 3 -y 4 -n5 -a
Previous versions had a prototype pollution bug that could cause privilege
escalation in some circumstances when handling untrusted user input.
-Please use version 1.2.3 or later: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
+Please use version 1.2.6 or later:
+
+* https://security.snyk.io/vuln/SNYK-JS-MINIMIST-2429795 (version <=1.2.5)
+* https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 (version <=1.2.3)
# methods
Index: node-v8.17.0/deps/npm/node_modules/minimist/test/proto.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/minimist/test/proto.js
+++ node-v8.17.0/deps/npm/node_modules/minimist/test/proto.js
@@ -42,3 +42,19 @@ test('proto pollution (constructor)', fu
t.equal(argv.y, undefined);
t.end();
});
+
+test('proto pollution (constructor function)', function (t) {
+ var argv = parse(['--_.concat.constructor.prototype.y', '123']);
+ function fnToBeTested() {}
+ t.equal(fnToBeTested.y, undefined);
+ t.equal(argv.y, undefined);
+ t.end();
+});
+
+// powered by snyk - https://github.com/backstage/backstage/issues/10343
+test('proto pollution (constructor function) snyk', function (t) {
+ var argv = parse('--_.constructor.constructor.prototype.foo bar'.split(' '));
+ t.equal((function(){}).foo, undefined);
+ t.equal(argv.y, undefined);
+ t.end();
+})

886
CVE-2021-44907.patch Normal file
View File

@@ -0,0 +1,886 @@
Index: node-v8.17.0/deps/npm/node_modules/qs/CHANGELOG.md
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/CHANGELOG.md
+++ node-v8.17.0/deps/npm/node_modules/qs/CHANGELOG.md
@@ -1,3 +1,27 @@
+## **6.5.3**
+- [Fix] `parse`: ignore `__proto__` keys (#428)
+- [Fix]` `utils.merge`: avoid a crash with a null target and a truthy non-array source
+- [Fix] correctly parse nested arrays
+- [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
+- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
+- [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
+- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
+- [Fix] `utils.merge`: avoid a crash with a null target and an array source
+- [Refactor] `utils`: reduce observable [[Get]]s
+- [Refactor] use cached `Array.isArray`
+- [Refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
+- [Refactor] `parse`: only need to reassign the var once
+- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
+- [readme] remove travis badge; add github actions/codecov badges; update URLs
+- [Docs] Clean up license text so its properly detected as BSD-3-Clause
+- [Docs] Clarify the need for "arrayLimit" option
+- [meta] fix README.md (#399)
+- [meta] add FUNDING.yml
+- [actions] backport actions from main
+- [Tests] always use `String(x)` over `x.toString()`
+- [Tests] remove nonexistent tape option
+- [Dev Deps] backport from main
+
## **6.5.2**
- [Fix] use `safer-buffer` instead of `Buffer` constructor
- [Refactor] utils: `module.exports` one thing, instead of mutating `exports` (#230)
Index: node-v8.17.0/deps/npm/node_modules/qs/README.md
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/README.md
+++ node-v8.17.0/deps/npm/node_modules/qs/README.md
@@ -1,12 +1,13 @@
# qs <sup>[![Version Badge][2]][1]</sup>
-[![Build Status][3]][4]
-[![dependency status][5]][6]
-[![dev dependency status][7]][8]
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![dependency status][deps-svg]][deps-url]
+[![dev dependency status][dev-deps-svg]][dev-deps-url]
[![License][license-image]][license-url]
[![Downloads][downloads-image]][downloads-url]
-[![npm badge][11]][1]
+[![npm badge][npm-badge-png]][package-url]
A querystring parsing and stringifying library with some added security.
@@ -182,7 +183,7 @@ assert.deepEqual(withIndexedEmptyString,
```
**qs** will also limit specifying indices in an array to a maximum index of `20`. Any array members with an index of greater than `20` will
-instead be converted to an object with the index as the key:
+instead be converted to an object with the index as the key. This is needed to handle cases when someone sent, for example, `a[999999999]` and it will take significant time to iterate over this huge array.
```javascript
var withMaxIndex = qs.parse('a[100]=b');
@@ -267,6 +268,30 @@ var decoded = qs.parse('x=z', { decoder:
}})
```
+You can encode keys and values using different logic by using the type argument provided to the encoder:
+
+```javascript
+var encoded = qs.stringify({ a: { b: 'c' } }, { encoder: function (str, defaultEncoder, charset, type) {
+ if (type === 'key') {
+ return // Encoded key
+ } else if (type === 'value') {
+ return // Encoded value
+ }
+}})
+```
+
+The type argument is also provided to the decoder:
+
+```javascript
+var decoded = qs.parse('x=z', { decoder: function (str, defaultDecoder, charset, type) {
+ if (type === 'key') {
+ return // Decoded key
+ } else if (type === 'value') {
+ return // Decoded value
+ }
+}})
+```
+
Examples beyond this point will be shown as though the output is not URI encoded for clarity. Please note that the return values in these cases *will* be URI encoded during real usage.
When arrays are stringified, by default they are given explicit indices:
@@ -458,18 +483,28 @@ assert.equal(qs.stringify({ a: 'b c' },
assert.equal(qs.stringify({ a: 'b c' }, { format : 'RFC1738' }), 'a=b+c');
```
-[1]: https://npmjs.org/package/qs
-[2]: http://versionbadg.es/ljharb/qs.svg
-[3]: https://api.travis-ci.org/ljharb/qs.svg
-[4]: https://travis-ci.org/ljharb/qs
-[5]: https://david-dm.org/ljharb/qs.svg
-[6]: https://david-dm.org/ljharb/qs
-[7]: https://david-dm.org/ljharb/qs/dev-status.svg
-[8]: https://david-dm.org/ljharb/qs?type=dev
-[9]: https://ci.testling.com/ljharb/qs.png
-[10]: https://ci.testling.com/ljharb/qs
-[11]: https://nodei.co/npm/qs.png?downloads=true&stars=true
-[license-image]: http://img.shields.io/npm/l/qs.svg
+## Security
+
+Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
+
+## qs for enterprise
+
+Available as part of the Tidelift Subscription
+
+The maintainers of qs and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more.](https://tidelift.com/subscription/pkg/npm-qs?utm_source=npm-qs&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
+
+[package-url]: https://npmjs.org/package/qs
+[npm-version-svg]: https://versionbadg.es/ljharb/qs.svg
+[deps-svg]: https://david-dm.org/ljharb/qs.svg
+[deps-url]: https://david-dm.org/ljharb/qs
+[dev-deps-svg]: https://david-dm.org/ljharb/qs/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/qs#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/qs.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/qs.svg
[license-url]: LICENSE
-[downloads-image]: http://img.shields.io/npm/dm/qs.svg
-[downloads-url]: http://npm-stat.com/charts.html?package=qs
+[downloads-image]: https://img.shields.io/npm/dm/qs.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=qs
+[codecov-image]: https://codecov.io/gh/ljharb/qs/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/qs/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/qs
+[actions-url]: https://github.com/ljharb/qs/actions
Index: node-v8.17.0/deps/npm/node_modules/qs/dist/qs.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/dist/qs.js
+++ node-v8.17.0/deps/npm/node_modules/qs/dist/qs.js
@@ -11,7 +11,7 @@ module.exports = {
return replace.call(value, percentTwenties, '+');
},
RFC3986: function (value) {
- return value;
+ return String(value);
}
},
RFC1738: 'RFC1738',
@@ -87,14 +87,15 @@ var parseObject = function (chain, val,
var obj;
var root = chain[i];
- if (root === '[]') {
- obj = [];
- obj = obj.concat(leaf);
+ if (root === '[]' && options.parseArrays) {
+ obj = [].concat(leaf);
} else {
obj = options.plainObjects ? Object.create(null) : {};
var cleanRoot = root.charAt(0) === '[' && root.charAt(root.length - 1) === ']' ? root.slice(1, -1) : root;
var index = parseInt(cleanRoot, 10);
- if (
+ if (!options.parseArrays && cleanRoot === '') {
+ obj = { 0: leaf };
+ } else if (
!isNaN(index)
&& root !== cleanRoot
&& String(index) === cleanRoot
@@ -103,7 +104,7 @@ var parseObject = function (chain, val,
) {
obj = [];
obj[index] = leaf;
- } else {
+ } else if (cleanRoot !== '__proto__') {
obj[cleanRoot] = leaf;
}
}
@@ -214,17 +215,23 @@ var utils = require('./utils');
var formats = require('./formats');
var arrayPrefixGenerators = {
- brackets: function brackets(prefix) { // eslint-disable-line func-name-matching
+ brackets: function brackets(prefix) {
return prefix + '[]';
},
- indices: function indices(prefix, key) { // eslint-disable-line func-name-matching
+ indices: function indices(prefix, key) {
return prefix + '[' + key + ']';
},
- repeat: function repeat(prefix) { // eslint-disable-line func-name-matching
+ repeat: function repeat(prefix) {
return prefix;
}
};
+var isArray = Array.isArray;
+var push = Array.prototype.push;
+var pushToArray = function (arr, valueOrArray) {
+ push.apply(arr, isArray(valueOrArray) ? valueOrArray : [valueOrArray]);
+};
+
var toISO = Date.prototype.toISOString;
var defaults = {
@@ -232,14 +239,14 @@ var defaults = {
encode: true,
encoder: utils.encode,
encodeValuesOnly: false,
- serializeDate: function serializeDate(date) { // eslint-disable-line func-name-matching
+ serializeDate: function serializeDate(date) {
return toISO.call(date);
},
skipNulls: false,
strictNullHandling: false
};
-var stringify = function stringify( // eslint-disable-line func-name-matching
+var stringify = function stringify(
object,
prefix,
generateArrayPrefix,
@@ -258,7 +265,9 @@ var stringify = function stringify( // e
obj = filter(prefix, obj);
} else if (obj instanceof Date) {
obj = serializeDate(obj);
- } else if (obj === null) {
+ }
+
+ if (obj === null) {
if (strictNullHandling) {
return encoder && !encodeValuesOnly ? encoder(prefix, defaults.encoder) : prefix;
}
@@ -281,7 +290,7 @@ var stringify = function stringify( // e
}
var objKeys;
- if (Array.isArray(filter)) {
+ if (isArray(filter)) {
objKeys = filter;
} else {
var keys = Object.keys(obj);
@@ -295,8 +304,8 @@ var stringify = function stringify( // e
continue;
}
- if (Array.isArray(obj)) {
- values = values.concat(stringify(
+ if (isArray(obj)) {
+ pushToArray(values, stringify(
obj[key],
generateArrayPrefix(prefix, key),
generateArrayPrefix,
@@ -311,7 +320,7 @@ var stringify = function stringify( // e
encodeValuesOnly
));
} else {
- values = values.concat(stringify(
+ pushToArray(values, stringify(
obj[key],
prefix + (allowDots ? '.' + key : '[' + key + ']'),
generateArrayPrefix,
@@ -335,7 +344,7 @@ module.exports = function (object, opts)
var obj = object;
var options = opts ? utils.assign({}, opts) : {};
- if (options.encoder !== null && options.encoder !== undefined && typeof options.encoder !== 'function') {
+ if (options.encoder !== null && typeof options.encoder !== 'undefined' && typeof options.encoder !== 'function') {
throw new TypeError('Encoder has to be a function.');
}
@@ -360,7 +369,7 @@ module.exports = function (object, opts)
if (typeof options.filter === 'function') {
filter = options.filter;
obj = filter('', obj);
- } else if (Array.isArray(options.filter)) {
+ } else if (isArray(options.filter)) {
filter = options.filter;
objKeys = filter;
}
@@ -396,8 +405,7 @@ module.exports = function (object, opts)
if (skipNulls && obj[key] === null) {
continue;
}
-
- keys = keys.concat(stringify(
+ pushToArray(keys, stringify(
obj[key],
key,
generateArrayPrefix,
@@ -475,8 +483,8 @@ var merge = function merge(target, sourc
if (typeof source !== 'object') {
if (Array.isArray(target)) {
target.push(source);
- } else if (typeof target === 'object') {
- if (options.plainObjects || options.allowPrototypes || !has.call(Object.prototype, source)) {
+ } else if (target && typeof target === 'object') {
+ if ((options && (options.plainObjects || options.allowPrototypes)) || !has.call(Object.prototype, source)) {
target[source] = true;
}
} else {
@@ -486,7 +494,7 @@ var merge = function merge(target, sourc
return target;
}
- if (typeof target !== 'object') {
+ if (!target || typeof target !== 'object') {
return [target].concat(source);
}
@@ -498,8 +506,9 @@ var merge = function merge(target, sourc
if (Array.isArray(target) && Array.isArray(source)) {
source.forEach(function (item, i) {
if (has.call(target, i)) {
- if (target[i] && typeof target[i] === 'object') {
- target[i] = merge(target[i], item, options);
+ var targetItem = target[i];
+ if (targetItem && typeof targetItem === 'object' && item && typeof item === 'object') {
+ target[i] = merge(targetItem, item, options);
} else {
target.push(item);
}
@@ -580,6 +589,7 @@ var encode = function encode(str) {
i += 1;
c = 0x10000 + (((c & 0x3FF) << 10) | (string.charCodeAt(i) & 0x3FF));
+ /* eslint operator-linebreak: [2, "before"] */
out += hexTable[0xF0 | (c >> 18)]
+ hexTable[0x80 | ((c >> 12) & 0x3F)]
+ hexTable[0x80 | ((c >> 6) & 0x3F)]
Index: node-v8.17.0/deps/npm/node_modules/qs/lib/formats.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/lib/formats.js
+++ node-v8.17.0/deps/npm/node_modules/qs/lib/formats.js
@@ -10,7 +10,7 @@ module.exports = {
return replace.call(value, percentTwenties, '+');
},
RFC3986: function (value) {
- return value;
+ return String(value);
}
},
RFC1738: 'RFC1738',
Index: node-v8.17.0/deps/npm/node_modules/qs/lib/parse.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/lib/parse.js
+++ node-v8.17.0/deps/npm/node_modules/qs/lib/parse.js
@@ -53,14 +53,15 @@ var parseObject = function (chain, val,
var obj;
var root = chain[i];
- if (root === '[]') {
- obj = [];
- obj = obj.concat(leaf);
+ if (root === '[]' && options.parseArrays) {
+ obj = [].concat(leaf);
} else {
obj = options.plainObjects ? Object.create(null) : {};
var cleanRoot = root.charAt(0) === '[' && root.charAt(root.length - 1) === ']' ? root.slice(1, -1) : root;
var index = parseInt(cleanRoot, 10);
- if (
+ if (!options.parseArrays && cleanRoot === '') {
+ obj = { 0: leaf };
+ } else if (
!isNaN(index)
&& root !== cleanRoot
&& String(index) === cleanRoot
@@ -69,7 +70,7 @@ var parseObject = function (chain, val,
) {
obj = [];
obj[index] = leaf;
- } else {
+ } else if (cleanRoot !== '__proto__') {
obj[cleanRoot] = leaf;
}
}
Index: node-v8.17.0/deps/npm/node_modules/qs/lib/stringify.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/lib/stringify.js
+++ node-v8.17.0/deps/npm/node_modules/qs/lib/stringify.js
@@ -4,17 +4,23 @@ var utils = require('./utils');
var formats = require('./formats');
var arrayPrefixGenerators = {
- brackets: function brackets(prefix) { // eslint-disable-line func-name-matching
+ brackets: function brackets(prefix) {
return prefix + '[]';
},
- indices: function indices(prefix, key) { // eslint-disable-line func-name-matching
+ indices: function indices(prefix, key) {
return prefix + '[' + key + ']';
},
- repeat: function repeat(prefix) { // eslint-disable-line func-name-matching
+ repeat: function repeat(prefix) {
return prefix;
}
};
+var isArray = Array.isArray;
+var push = Array.prototype.push;
+var pushToArray = function (arr, valueOrArray) {
+ push.apply(arr, isArray(valueOrArray) ? valueOrArray : [valueOrArray]);
+};
+
var toISO = Date.prototype.toISOString;
var defaults = {
@@ -22,14 +28,14 @@ var defaults = {
encode: true,
encoder: utils.encode,
encodeValuesOnly: false,
- serializeDate: function serializeDate(date) { // eslint-disable-line func-name-matching
+ serializeDate: function serializeDate(date) {
return toISO.call(date);
},
skipNulls: false,
strictNullHandling: false
};
-var stringify = function stringify( // eslint-disable-line func-name-matching
+var stringify = function stringify(
object,
prefix,
generateArrayPrefix,
@@ -48,7 +54,9 @@ var stringify = function stringify( // e
obj = filter(prefix, obj);
} else if (obj instanceof Date) {
obj = serializeDate(obj);
- } else if (obj === null) {
+ }
+
+ if (obj === null) {
if (strictNullHandling) {
return encoder && !encodeValuesOnly ? encoder(prefix, defaults.encoder) : prefix;
}
@@ -71,7 +79,7 @@ var stringify = function stringify( // e
}
var objKeys;
- if (Array.isArray(filter)) {
+ if (isArray(filter)) {
objKeys = filter;
} else {
var keys = Object.keys(obj);
@@ -85,8 +93,8 @@ var stringify = function stringify( // e
continue;
}
- if (Array.isArray(obj)) {
- values = values.concat(stringify(
+ if (isArray(obj)) {
+ pushToArray(values, stringify(
obj[key],
generateArrayPrefix(prefix, key),
generateArrayPrefix,
@@ -101,7 +109,7 @@ var stringify = function stringify( // e
encodeValuesOnly
));
} else {
- values = values.concat(stringify(
+ pushToArray(values, stringify(
obj[key],
prefix + (allowDots ? '.' + key : '[' + key + ']'),
generateArrayPrefix,
@@ -125,7 +133,7 @@ module.exports = function (object, opts)
var obj = object;
var options = opts ? utils.assign({}, opts) : {};
- if (options.encoder !== null && options.encoder !== undefined && typeof options.encoder !== 'function') {
+ if (options.encoder !== null && typeof options.encoder !== 'undefined' && typeof options.encoder !== 'function') {
throw new TypeError('Encoder has to be a function.');
}
@@ -150,7 +158,7 @@ module.exports = function (object, opts)
if (typeof options.filter === 'function') {
filter = options.filter;
obj = filter('', obj);
- } else if (Array.isArray(options.filter)) {
+ } else if (isArray(options.filter)) {
filter = options.filter;
objKeys = filter;
}
@@ -186,8 +194,7 @@ module.exports = function (object, opts)
if (skipNulls && obj[key] === null) {
continue;
}
-
- keys = keys.concat(stringify(
+ pushToArray(keys, stringify(
obj[key],
key,
generateArrayPrefix,
Index: node-v8.17.0/deps/npm/node_modules/qs/lib/utils.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/lib/utils.js
+++ node-v8.17.0/deps/npm/node_modules/qs/lib/utils.js
@@ -53,8 +53,8 @@ var merge = function merge(target, sourc
if (typeof source !== 'object') {
if (Array.isArray(target)) {
target.push(source);
- } else if (typeof target === 'object') {
- if (options.plainObjects || options.allowPrototypes || !has.call(Object.prototype, source)) {
+ } else if (target && typeof target === 'object') {
+ if ((options && (options.plainObjects || options.allowPrototypes)) || !has.call(Object.prototype, source)) {
target[source] = true;
}
} else {
@@ -64,7 +64,7 @@ var merge = function merge(target, sourc
return target;
}
- if (typeof target !== 'object') {
+ if (!target || typeof target !== 'object') {
return [target].concat(source);
}
@@ -76,8 +76,9 @@ var merge = function merge(target, sourc
if (Array.isArray(target) && Array.isArray(source)) {
source.forEach(function (item, i) {
if (has.call(target, i)) {
- if (target[i] && typeof target[i] === 'object') {
- target[i] = merge(target[i], item, options);
+ var targetItem = target[i];
+ if (targetItem && typeof targetItem === 'object' && item && typeof item === 'object') {
+ target[i] = merge(targetItem, item, options);
} else {
target.push(item);
}
@@ -158,6 +159,7 @@ var encode = function encode(str) {
i += 1;
c = 0x10000 + (((c & 0x3FF) << 10) | (string.charCodeAt(i) & 0x3FF));
+ /* eslint operator-linebreak: [2, "before"] */
out += hexTable[0xF0 | (c >> 18)]
+ hexTable[0x80 | ((c >> 12) & 0x3F)]
+ hexTable[0x80 | ((c >> 6) & 0x3F)]
Index: node-v8.17.0/deps/npm/node_modules/qs/package.json
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/package.json
+++ node-v8.17.0/deps/npm/node_modules/qs/package.json
@@ -76,5 +76,5 @@
"test": "npm run --silent coverage",
"tests-only": "node test"
},
- "version": "6.5.2"
+ "version": "6.5.3"
}
Index: node-v8.17.0/deps/npm/node_modules/qs/test/parse.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/test/parse.js
+++ node-v8.17.0/deps/npm/node_modules/qs/test/parse.js
@@ -237,6 +237,14 @@ test('parse()', function (t) {
st.end();
});
+ t.test('parses jquery-param strings', function (st) {
+ // readable = 'filter[0][]=int1&filter[0][]==&filter[0][]=77&filter[]=and&filter[2][]=int2&filter[2][]==&filter[2][]=8'
+ var encoded = 'filter%5B0%5D%5B%5D=int1&filter%5B0%5D%5B%5D=%3D&filter%5B0%5D%5B%5D=77&filter%5B%5D=and&filter%5B2%5D%5B%5D=int2&filter%5B2%5D%5B%5D=%3D&filter%5B2%5D%5B%5D=8';
+ var expected = { filter: [['int1', '=', '77'], 'and', ['int2', '=', '8']] };
+ st.deepEqual(qs.parse(encoded), expected);
+ st.end();
+ });
+
t.test('continues parsing when no parent is found', function (st) {
st.deepEqual(qs.parse('[]=&a=b'), { 0: '', a: 'b' });
st.deepEqual(qs.parse('[]&a=b', { strictNullHandling: true }), { 0: null, a: 'b' });
@@ -257,7 +265,7 @@ test('parse()', function (t) {
st.end();
});
- t.test('should not throw when a native prototype has an enumerable property', { parallel: false }, function (st) {
+ t.test('should not throw when a native prototype has an enumerable property', function (st) {
Object.prototype.crash = '';
Array.prototype.crash = '';
st.doesNotThrow(qs.parse.bind(null, 'a=b'));
@@ -302,7 +310,14 @@ test('parse()', function (t) {
});
t.test('allows disabling array parsing', function (st) {
- st.deepEqual(qs.parse('a[0]=b&a[1]=c', { parseArrays: false }), { a: { 0: 'b', 1: 'c' } });
+ var indices = qs.parse('a[0]=b&a[1]=c', { parseArrays: false });
+ st.deepEqual(indices, { a: { 0: 'b', 1: 'c' } });
+ st.equal(Array.isArray(indices.a), false, 'parseArrays:false, indices case is not an array');
+
+ var emptyBrackets = qs.parse('a[]=b', { parseArrays: false });
+ st.deepEqual(emptyBrackets, { a: { 0: 'b' } });
+ st.equal(Array.isArray(emptyBrackets.a), false, 'parseArrays:false, empty brackets case is not an array');
+
st.end();
});
@@ -508,13 +523,73 @@ test('parse()', function (t) {
st.deepEqual(
qs.parse('a[b]=c&a=toString', { plainObjects: true }),
- { a: { b: 'c', toString: true } },
+ { __proto__: null, a: { __proto__: null, b: 'c', toString: true } },
'can overwrite prototype with plainObjects true'
);
st.end();
});
+ t.test('dunder proto is ignored', function (st) {
+ var payload = 'categories[__proto__]=login&categories[__proto__]&categories[length]=42';
+ var result = qs.parse(payload, { allowPrototypes: true });
+
+ st.deepEqual(
+ result,
+ {
+ categories: {
+ length: '42'
+ }
+ },
+ 'silent [[Prototype]] payload'
+ );
+
+ var plainResult = qs.parse(payload, { allowPrototypes: true, plainObjects: true });
+
+ st.deepEqual(
+ plainResult,
+ {
+ __proto__: null,
+ categories: {
+ __proto__: null,
+ length: '42'
+ }
+ },
+ 'silent [[Prototype]] payload: plain objects'
+ );
+
+ var query = qs.parse('categories[__proto__]=cats&categories[__proto__]=dogs&categories[some][json]=toInject', { allowPrototypes: true });
+
+ st.notOk(Array.isArray(query.categories), 'is not an array');
+ st.notOk(query.categories instanceof Array, 'is not instanceof an array');
+ st.deepEqual(query.categories, { some: { json: 'toInject' } });
+ st.equal(JSON.stringify(query.categories), '{"some":{"json":"toInject"}}', 'stringifies as a non-array');
+
+ st.deepEqual(
+ qs.parse('foo[__proto__][hidden]=value&foo[bar]=stuffs', { allowPrototypes: true }),
+ {
+ foo: {
+ bar: 'stuffs'
+ }
+ },
+ 'hidden values'
+ );
+
+ st.deepEqual(
+ qs.parse('foo[__proto__][hidden]=value&foo[bar]=stuffs', { allowPrototypes: true, plainObjects: true }),
+ {
+ __proto__: null,
+ foo: {
+ __proto__: null,
+ bar: 'stuffs'
+ }
+ },
+ 'hidden values: plain objects'
+ );
+
+ st.end();
+ });
+
t.test('can return null objects', { skip: !Object.create }, function (st) {
var expected = Object.create(null);
expected.a = Object.create(null);
@@ -540,7 +615,7 @@ test('parse()', function (t) {
result.push(parseInt(parts[1], 16));
parts = reg.exec(str);
}
- return iconv.decode(SaferBuffer.from(result), 'shift_jis').toString();
+ return String(iconv.decode(SaferBuffer.from(result), 'shift_jis'));
}
}), { 県: '大阪府' });
st.end();
Index: node-v8.17.0/deps/npm/node_modules/qs/test/stringify.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/test/stringify.js
+++ node-v8.17.0/deps/npm/node_modules/qs/test/stringify.js
@@ -19,6 +19,15 @@ test('stringify()', function (t) {
st.end();
});
+ t.test('stringifies falsy values', function (st) {
+ st.equal(qs.stringify(undefined), '');
+ st.equal(qs.stringify(null), '');
+ st.equal(qs.stringify(null, { strictNullHandling: true }), '');
+ st.equal(qs.stringify(false), '');
+ st.equal(qs.stringify(0), '');
+ st.end();
+ });
+
t.test('adds query prefix', function (st) {
st.equal(qs.stringify({ a: 'b' }, { addQueryPrefix: true }), '?a=b');
st.end();
@@ -29,6 +38,13 @@ test('stringify()', function (t) {
st.end();
});
+ t.test('stringifies nested falsy values', function (st) {
+ st.equal(qs.stringify({ a: { b: { c: null } } }), 'a%5Bb%5D%5Bc%5D=');
+ st.equal(qs.stringify({ a: { b: { c: null } } }, { strictNullHandling: true }), 'a%5Bb%5D%5Bc%5D');
+ st.equal(qs.stringify({ a: { b: { c: false } } }), 'a%5Bb%5D%5Bc%5D=false');
+ st.end();
+ });
+
t.test('stringifies a nested object', function (st) {
st.equal(qs.stringify({ a: { b: 'c' } }), 'a%5Bb%5D=c');
st.equal(qs.stringify({ a: { b: { c: { d: 'e' } } } }), 'a%5Bb%5D%5Bc%5D%5Bd%5D=e');
@@ -490,6 +506,12 @@ test('stringify()', function (t) {
return String.fromCharCode(buffer.readUInt8(0) + 97);
}
}), 'a=b');
+
+ st.equal(qs.stringify({ a: SaferBuffer.from('a b') }, {
+ encoder: function (buffer) {
+ return buffer;
+ }
+ }), 'a=a b');
st.end();
});
@@ -530,17 +552,20 @@ test('stringify()', function (t) {
t.test('RFC 1738 spaces serialization', function (st) {
st.equal(qs.stringify({ a: 'b c' }, { format: qs.formats.RFC1738 }), 'a=b+c');
st.equal(qs.stringify({ 'a b': 'c d' }, { format: qs.formats.RFC1738 }), 'a+b=c+d');
+ st.equal(qs.stringify({ 'a b': SaferBuffer.from('a b') }, { format: qs.formats.RFC1738 }), 'a+b=a+b');
st.end();
});
t.test('RFC 3986 spaces serialization', function (st) {
st.equal(qs.stringify({ a: 'b c' }, { format: qs.formats.RFC3986 }), 'a=b%20c');
st.equal(qs.stringify({ 'a b': 'c d' }, { format: qs.formats.RFC3986 }), 'a%20b=c%20d');
+ st.equal(qs.stringify({ 'a b': SaferBuffer.from('a b') }, { format: qs.formats.RFC3986 }), 'a%20b=a%20b');
st.end();
});
t.test('Backward compatibility to RFC 3986', function (st) {
st.equal(qs.stringify({ a: 'b c' }), 'a=b%20c');
+ st.equal(qs.stringify({ 'a b': SaferBuffer.from('a b') }), 'a%20b=a%20b');
st.end();
});
@@ -593,5 +618,25 @@ test('stringify()', function (t) {
st.end();
});
+ t.test('strictNullHandling works with custom filter', function (st) {
+ var filter = function (prefix, value) {
+ return value;
+ };
+
+ var options = { strictNullHandling: true, filter: filter };
+ st.equal(qs.stringify({ key: null }, options), 'key');
+ st.end();
+ });
+
+ t.test('strictNullHandling works with null serializeDate', function (st) {
+ var serializeDate = function () {
+ return null;
+ };
+ var options = { strictNullHandling: true, serializeDate: serializeDate };
+ var date = new Date();
+ st.equal(qs.stringify({ key: date }, options), 'key');
+ st.end();
+ });
+
t.end();
});
Index: node-v8.17.0/deps/npm/node_modules/qs/test/utils.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/test/utils.js
+++ node-v8.17.0/deps/npm/node_modules/qs/test/utils.js
@@ -4,6 +4,10 @@ var test = require('tape');
var utils = require('../lib/utils');
test('merge()', function (t) {
+ t.deepEqual(utils.merge(null, true), [null, true], 'merges true into null');
+
+ t.deepEqual(utils.merge(null, [42]), [null, 42], 'merges null into an array');
+
t.deepEqual(utils.merge({ a: 'b' }, { a: 'c' }), { a: ['b', 'c'] }, 'merges two objects with the same key');
var oneMerged = utils.merge({ foo: 'bar' }, { foo: { first: '123' } });
@@ -18,6 +22,33 @@ test('merge()', function (t) {
var nestedArrays = utils.merge({ foo: ['baz'] }, { foo: ['bar', 'xyzzy'] });
t.deepEqual(nestedArrays, { foo: ['baz', 'bar', 'xyzzy'] });
+ var noOptionsNonObjectSource = utils.merge({ foo: 'baz' }, 'bar');
+ t.deepEqual(noOptionsNonObjectSource, { foo: 'baz', bar: true });
+
+ t.test(
+ 'avoids invoking array setters unnecessarily',
+ { skip: typeof Object.defineProperty !== 'function' },
+ function (st) {
+ var setCount = 0;
+ var getCount = 0;
+ var observed = [];
+ Object.defineProperty(observed, 0, {
+ get: function () {
+ getCount += 1;
+ return { bar: 'baz' };
+ },
+ set: function () { setCount += 1; }
+ });
+ utils.merge(observed, [null]);
+ st.equal(setCount, 0);
+ st.equal(getCount, 1);
+ observed[0] = observed[0]; // eslint-disable-line no-self-assign
+ st.equal(setCount, 1);
+ st.equal(getCount, 2);
+ st.end();
+ }
+ );
+
t.end();
});
Index: node-v8.17.0/deps/npm/node_modules/qs/LICENSE.md
===================================================================
--- /dev/null
+++ node-v8.17.0/deps/npm/node_modules/qs/LICENSE.md
@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2014, Nathan LaFreniere and other [contributors](https://github.com/ljharb/qs/graphs/contributors)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Index: node-v8.17.0/deps/npm/node_modules/qs/LICENSE
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/qs/LICENSE
+++ /dev/null
@@ -1,28 +0,0 @@
-Copyright (c) 2014 Nathan LaFreniere and other contributors.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- * The names of any contributors may not be used to endorse or promote
- products derived from this software without specific prior written
- permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS AND CONTRIBUTORS BE LIABLE FOR ANY
-DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
- * * *
-
-The complete list of contributors can be found at: https://github.com/hapijs/qs/graphs/contributors

14
CVE-2022-0235.patch Normal file
View File

@@ -0,0 +1,14 @@
Index: node-v8.17.0/deps/npm/node_modules/node-fetch-npm/src/index.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/node-fetch-npm/src/index.js
+++ node-v8.17.0/deps/npm/node_modules/node-fetch-npm/src/index.js
@@ -99,6 +99,9 @@ function fetch (uri, opts) {
}
if (url.parse(request.url).hostname !== redirectURL.hostname) {
request.headers.delete('authorization')
+ request.headers.delete('www-authenticate')
+ request.headers.delete('cookie')
+ request.headers.delete('cookie2')
}
// per fetch spec, for POST request with 301/302 response, or any request with 303 response, use GET when following redirect

13
fix_ci_tests.patch
View File

@@ -173,3 +173,16 @@ Index: node-v8.17.0/test/parallel/test-crypto-dh.js
// Create a shared using a DH group.
const alice = crypto.createDiffieHellmanGroup('modp5');
Index: node-v8.17.0/test/parallel/test-zlib-dictionary-fail.js
===================================================================
--- node-v8.17.0.orig/test/parallel/test-zlib-dictionary-fail.js
+++ node-v8.17.0/test/parallel/test-zlib-dictionary-fail.js
@@ -53,7 +53,7 @@ const input = Buffer.from([0x78, 0xBB, 0
stream.on('error', common.mustCall(function(err) {
// It's not possible to separate invalid dict and invalid data when using
// the raw format
- assert(/invalid/.test(err.message));
+ assert(/(invalid|Operation-Ending-Supplemental Code is 0x12)/.test(err.message));
}));
stream.write(input);

42
nodejs8.changes
View File

@@ -1,3 +1,45 @@
-------------------------------------------------------------------
Wed Apr 20 11:00:47 UTC 2022 - Adam Majer <adam.majer@suse.de>
- CVE-2021-44906.patch: fix prototype pollution in npm dependency
(bsc#1198247, CVE-2021-44906)
- CVE-2021-44907.patch: fix insuficient sanitation in npm dependency
(bsc#1197283, CVE-2021-44907)
- CVE-2022-0235.patch: fix passing of cookie data and sensitive headers
to different hostnames in node-fetch-npm (bsc#1194819, CVE-2022-0235)
-------------------------------------------------------------------
Tue Feb 15 15:11:29 UTC 2022 - Adam Majer <adam.majer@suse.de>
- npm-v6.14.16.tar.gz: update to npm 6.14.16 fixing
* CVE-2021-23343 - ReDoS via splitDeviceRe, splitTailRe and
splitPathRe (bsc#1192153)
* CVE-2021-32803 - node-tar: Insufficient symlink protection
allowing arbitrary file creation and overwrite (bsc#1191963)
* CVE-2021-32804 - node-tar: Insufficient absolute path sanitization
allowing arbitrary file creation and overwrite (bsc#1191962)
* CVE-2021-3918 - json-schema is vulnerable to Improperly
Controlled Modification of Object Prototype Attributes (bsc#1192696)
- CVE-2021-3807.patch: node-ansi-regex: Regular expression
denial of service (ReDoS) matching ANSI escape codes
(bsc#1192154, CVE-2021-3807)
- test_ssl_cert_fixups.patch: fixup SSL certificates in unit tests
- fix_ci_tests.patch: fix zlib tests for z15
-------------------------------------------------------------------
Wed Aug 4 16:29:06 UTC 2021 - Adam Majer <adam.majer@suse.de>
- CVE-2021-22930.patch: http2: fixes use after free on close
in stream canceling (bsc#1188917, CVE-2021-22930)
-------------------------------------------------------------------
Wed Jul 7 12:52:49 UTC 2021 - Adam Majer <adam.majer@suse.de>
- CVE-2020-8265.patch: Add a unit test for CVE-2020-8265 to make
sure we don't have it broken in the future.
-------------------------------------------------------------------
Tue Jul 6 13:02:20 UTC 2021 - Adam Majer <adam.majer@suse.de>

591
nodejs8.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package nodejs8
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -40,6 +40,9 @@ Release: 0
%define node_version_number 8
# openssl bsc#1192489 - fix released
%bcond_without openssl_RSA_get0_pss_params
%if 0%{?suse_version} > 1500 || 0%{?fedora_version}
%bcond_without libalternatives
%else
@@ -103,7 +106,13 @@ Release: 0
%bcond_without intree_nghttp2
%endif
%ifarch aarch64 ppc ppc64 ppc64le s390 s390x
%if 0%{suse_version} >= 1550
%bcond_with intree_brotli
%else
%bcond_without intree_brotli
%endif
%ifnarch x86_64 %{ix86}
%bcond_with gdb
%else
%bcond_without gdb
@@ -114,14 +123,14 @@ Release: 0
Summary: Evented I/O for V8 JavaScript
License: MIT
Group: Development/Languages/NodeJS
Url: https://nodejs.org
URL: https://nodejs.org
Source: https://nodejs.org/dist/v%{version}/node-v%{version}.tar.xz
Source1: https://nodejs.org/dist/v%{version}/SHASUMS256.txt
Source2: https://nodejs.org/dist/v%{version}/SHASUMS256.txt.sig
Source3: nodejs.keyring
# npm upgrade. manpages generated manually
Source9: https://github.com/npm/cli/archive/refs/tags/v6.14.13.tar.gz#/npm-v6.14.3.tar.gz
Source9: https://github.com/npm/cli/archive/refs/tags/v6.14.16.tar.gz#/npm-v6.14.16.tar.gz
Source90: npm_man.tar.xz
Source20: bash_output_helper.bash
@@ -139,9 +148,15 @@ Patch35: CVE-2019-15605.patch
Patch36: CVE-2020-8174.patch
Patch37: nghttp2_1.41.0.patch
Patch38: CVE-2020-11080.patch
Patch39: CVE-2020-8265.patch
Patch42: CVE-2020-8287.patch
Patch43: CVE-2021-22884.patch
Patch44: CVE-2021-22883.patch
Patch47: CVE-2021-22930.patch
Patch50: CVE-2021-3807.patch
Patch51: CVE-2021-44906.patch
Patch52: CVE-2021-44907.patch
Patch53: CVE-2022-0235.patch
## Patches specific to SUSE and openSUSE
# PATCH-FIX-OPENSUSE -- set correct path for dtrace if it is built
@@ -157,13 +172,19 @@ Patch103: nodejs-sle11-python26-check_output.patch
Patch104: npm_search_paths.patch
Patch105: skip_test_on_lowmem.patch
Patch120: flaky_test_rerun.patch
Patch130: test_ssl_cert_fixups.patch
# Use versioned binaries and paths
Patch200: versioned.patch
BuildRequires: pkg-config
BuildRequires: fdupes
BuildRequires: procps
BuildRequires: xz
BuildRequires: zlib-devel
%if 0%{?suse_version}
BuildRequires: config(netcfg)
%endif
@@ -180,12 +201,10 @@ BuildRequires: config(netcfg)
# GCC 5 is only available in the SUSE:SLE-11:SP4:Update repository (SDK).
%if %node_version_number >= 8
BuildRequires: gcc5-c++
%define cc_exec gcc-5
%define cpp_exec g++-5
%define forced_gcc_version 5
%else
BuildRequires: gcc48-c++
%define cc_exec gcc-4.8
%define cpp_exec g++-4.8
%define forced_gcc_version 4.8
%endif
%endif
# sles == 11 block
@@ -193,43 +212,56 @@ BuildRequires: gcc48-c++
# Pick and stick with "latest" compiler at time of LTS release
# for SLE-12:Update targets
%if 0%{?suse_version} == 1315
%if %node_version_number >= 17
BuildRequires: gcc10-c++
%define forced_gcc_version 10
%else
%if %node_version_number >= 14
BuildRequires: gcc9-c++
%define cc_exec gcc-9
%define cpp_exec g++-9
%define forced_gcc_version 9
%else
%if %node_version_number >= 8
BuildRequires: gcc7-c++
%define cc_exec gcc-7
%define cpp_exec g++-7
%define forced_gcc_version 7
%endif
%endif
%endif
%endif
%if 0%{?suse_version} == 1500
%if %node_version_number >= 17
BuildRequires: gcc10-c++
%define forced_gcc_version 10
%endif
%endif
# compiler selection
# No special version defined, use default.
%if ! 0%{?cc_exec:1}
%if ! 0%{?forced_gcc_version:1}
BuildRequires: gcc-c++
%endif
BuildRequires: fdupes
BuildRequires: procps
BuildRequires: xz
BuildRequires: zlib-devel
# Python dependencies
%if %node_version_number >= 16
%if 0%{?suse_version} && 0%{?suse_version} < 1500
BuildRequires: python36
%else
BuildRequires: python3
%endif
%else
%if %node_version_number >= 12
BuildRequires: python3
%if 0%{?suse_version}
BuildRequires: netcfg
%endif
%else
%if 0%{?suse_version} >= 1500
BuildRequires: python2
%else
BuildRequires: python
%endif
%endif
%endif
@@ -242,13 +274,29 @@ BuildRequires: group(nobody)
BuildRequires: pkgconfig(openssl) >= %{openssl_req_ver}
%if 0%{?suse_version} >= 1500
# require patched openssl library on SLES for nodejs16
%if 0%{?suse_version}
%if %node_version_number >= 16 && 0%{suse_version} <= 1500 && %{pkg_vcmp openssl-1_1 < '1.1.1e' } && 0%{with openssl_RSA_get0_pss_params}
BuildRequires: openssl-has-RSA_get0_pss_params
Requires: openssl-has-RSA_get0_pss_params
%endif
%endif
%if 0%{?suse_version}
%if 0%{?suse_version} >= 1500
BuildRequires: openssl >= %{openssl_req_ver}
BuildRequires: libopenssl1_1-hmac
%else
BuildRequires: openssl-1_1 >= %{openssl_req_ver}
%endif
BuildRequires: libopenssl1_1-hmac
# /suse_version
%endif
%if 0%{?fedora_version}
BuildRequires: openssl >= %{openssl_req_ver}
%endif
%else
%if %node_version_number <= 12 && 0%{?suse_version} == 1315 && 0%{?sle_version} < 120400
Provides: bundled(openssl) = 1.0.2s
@@ -324,7 +372,11 @@ ExclusiveArch: not_buildable
Provides: bundled(libuv) = 1.23.2
Provides: bundled(v8) = 6.2.414.78
%if %{with intree_brotli}
%else
BuildRequires: pkgconfig(libbrotlidec)
%endif
Provides: bundled(http-parser) = 2.9.3
@@ -359,7 +411,7 @@ Requires: nodejs-common
Requires: nodejs8 = %{version}
Provides: nodejs-npm = %{version}
Obsoletes: nodejs-npm < 4.0.0
Provides: npm(npm) = 6.13.4
Provides: npm(npm) = 6.14.13
Provides: npm = %{version}
%if 0%{?suse_version} >= 1500
%if %{node_version_number} >= 10
@@ -367,12 +419,435 @@ Requires: user(nobody)
Requires: group(nobody)
%endif
%endif
Provides: bundled(node-abbrev) = 1.1.1
Provides: bundled(node-agent-base) = 4.2.1
Provides: bundled(node-agent-base) = 4.3.0
Provides: bundled(node-agentkeepalive) = 3.5.2
Provides: bundled(node-ajv) = 5.5.2
Provides: bundled(node-ajv) = 6.12.6
Provides: bundled(node-ansi-align) = 2.0.0
Provides: bundled(node-ansi-regex) = 2.1.1
Provides: bundled(node-ansi-regex) = 3.0.0
Provides: bundled(node-ansi-regex) = 4.1.0
Provides: bundled(node-ansi-styles) = 3.2.1
Provides: bundled(node-ansicolors) = 0.3.2
Provides: bundled(node-ansistyles) = 0.1.3
Provides: bundled(node-aproba) = 1.2.0
Provides: bundled(node-aproba) = 2.0.0
Provides: bundled(node-archy) = 1.0.0
Provides: bundled(node-are-we-there-yet) = 1.1.4
Provides: bundled(node-asap) = 2.0.6
Provides: bundled(node-asn1) = 0.2.4
Provides: bundled(node-assert-plus) = 1.0.0
Provides: bundled(node-asynckit) = 0.4.0
Provides: bundled(node-aws-sign2) = 0.7.0
Provides: bundled(node-aws4) = 1.8.0
Provides: bundled(node-balanced-match) = 1.0.0
Provides: bundled(node-bcrypt-pbkdf) = 1.0.2
Provides: bundled(node-bin-links) = 1.1.8
Provides: bundled(node-bl) = 3.0.1
Provides: bundled(node-bluebird) = 3.5.5
Provides: bundled(node-boxen) = 1.3.0
Provides: bundled(node-brace-expansion) = 1.1.11
Provides: bundled(node-buffer-from) = 1.0.0
Provides: bundled(node-builtin-modules) = 1.1.1
Provides: bundled(node-builtins) = 1.0.3
Provides: bundled(node-byline) = 5.0.0
Provides: bundled(node-byte-size) = 5.0.1
Provides: bundled(node-cacache) = 12.0.3
Provides: bundled(node-call-limit) = 1.1.1
Provides: bundled(node-camelcase) = 4.1.0
Provides: bundled(node-camelcase) = 5.3.1
Provides: bundled(node-capture-stack-trace) = 1.0.0
Provides: bundled(node-caseless) = 0.12.0
Provides: bundled(node-chalk) = 2.4.1
Provides: bundled(node-chownr) = 1.1.4
Provides: bundled(node-ci-info) = 1.6.0
Provides: bundled(node-ci-info) = 2.0.0
Provides: bundled(node-cidr-regex) = 2.0.10
Provides: bundled(node-cli-boxes) = 1.0.0
Provides: bundled(node-cli-columns) = 3.1.2
Provides: bundled(node-cli-table3) = 0.5.1
Provides: bundled(node-cliui) = 5.0.0
Provides: bundled(node-clone) = 1.0.4
Provides: bundled(node-cmd-shim) = 3.0.3
Provides: bundled(node-co) = 4.6.0
Provides: bundled(node-code-point-at) = 1.1.0
Provides: bundled(node-color-convert) = 1.9.1
Provides: bundled(node-color-name) = 1.1.3
Provides: bundled(node-colors) = 1.3.3
Provides: bundled(node-columnify) = 1.5.4
Provides: bundled(node-combined-stream) = 1.0.6
Provides: bundled(node-concat-map) = 0.0.1
Provides: bundled(node-concat-stream) = 1.6.2
Provides: bundled(node-config-chain) = 1.1.12
Provides: bundled(node-configstore) = 3.1.5
Provides: bundled(node-console-control-strings) = 1.1.0
Provides: bundled(node-copy-concurrently) = 1.0.5
Provides: bundled(node-core-util-is) = 1.0.2
Provides: bundled(node-create-error-class) = 3.0.2
Provides: bundled(node-cross-spawn) = 5.1.0
Provides: bundled(node-crypto-random-string) = 1.0.0
Provides: bundled(node-cyclist) = 0.2.2
Provides: bundled(node-dashdash) = 1.14.1
Provides: bundled(node-debug) = 3.1.0
Provides: bundled(node-debuglog) = 1.0.1
Provides: bundled(node-decamelize) = 1.2.0
Provides: bundled(node-decode-uri-component) = 0.2.0
Provides: bundled(node-deep-extend) = 0.6.0
Provides: bundled(node-defaults) = 1.0.3
Provides: bundled(node-define-properties) = 1.1.3
Provides: bundled(node-delayed-stream) = 1.0.0
Provides: bundled(node-delegates) = 1.0.0
Provides: bundled(node-detect-indent) = 5.0.0
Provides: bundled(node-detect-newline) = 2.1.0
Provides: bundled(node-dezalgo) = 1.0.3
Provides: bundled(node-dot-prop) = 4.2.1
Provides: bundled(node-dotenv) = 5.0.1
Provides: bundled(node-duplexer3) = 0.1.4
Provides: bundled(node-duplexify) = 3.6.0
Provides: bundled(node-ecc-jsbn) = 0.1.2
Provides: bundled(node-editor) = 1.0.0
Provides: bundled(node-emoji-regex) = 7.0.3
Provides: bundled(node-encoding) = 0.1.12
Provides: bundled(node-end-of-stream) = 1.4.1
Provides: bundled(node-env-paths) = 2.2.0
Provides: bundled(node-err-code) = 1.1.2
Provides: bundled(node-errno) = 0.1.7
Provides: bundled(node-es-abstract) = 1.12.0
Provides: bundled(node-es-to-primitive) = 1.2.0
Provides: bundled(node-es6-promise) = 4.2.8
Provides: bundled(node-es6-promisify) = 5.0.0
Provides: bundled(node-escape-string-regexp) = 1.0.5
Provides: bundled(node-execa) = 0.7.0
Provides: bundled(node-extend) = 3.0.2
Provides: bundled(node-extsprintf) = 1.3.0
Provides: bundled(node-fast-deep-equal) = 1.1.0
Provides: bundled(node-fast-deep-equal) = 3.1.3
Provides: bundled(node-fast-json-stable-stringify) = 2.0.0
Provides: bundled(node-figgy-pudding) = 3.5.1
Provides: bundled(node-find-npm-prefix) = 1.0.2
Provides: bundled(node-find-up) = 2.1.0
Provides: bundled(node-find-up) = 3.0.0
Provides: bundled(node-flush-write-stream) = 1.0.3
Provides: bundled(node-forever-agent) = 0.6.1
Provides: bundled(node-form-data) = 2.3.2
Provides: bundled(node-from2) = 1.3.0
Provides: bundled(node-from2) = 2.3.0
Provides: bundled(node-fs-constants) = 1.0.0
Provides: bundled(node-fs-minipass) = 1.2.7
Provides: bundled(node-fs-vacuum) = 1.2.10
Provides: bundled(node-fs-write-stream-atomic) = 1.0.10
Provides: bundled(node-fs.realpath) = 1.0.0
Provides: bundled(node-function-bind) = 1.1.1
Provides: bundled(node-gauge) = 2.7.4
Provides: bundled(node-genfun) = 5.0.0
Provides: bundled(node-gentle-fs) = 2.3.1
Provides: bundled(node-get-caller-file) = 2.0.5
Provides: bundled(node-get-stream) = 3.0.0
Provides: bundled(node-get-stream) = 4.1.0
Provides: bundled(node-getpass) = 0.1.7
Provides: bundled(node-glob) = 7.1.6
Provides: bundled(node-global-dirs) = 0.1.1
Provides: bundled(node-got) = 6.7.1
Provides: bundled(node-graceful-fs) = 4.2.4
Provides: bundled(node-har-schema) = 2.0.0
Provides: bundled(node-har-validator) = 5.1.5
Provides: bundled(node-has) = 1.0.3
Provides: bundled(node-has-flag) = 3.0.0
Provides: bundled(node-has-symbols) = 1.0.0
Provides: bundled(node-has-unicode) = 2.0.1
Provides: bundled(node-hosted-git-info) = 2.8.9
Provides: bundled(node-html-escaper) = 2.0.2
Provides: bundled(node-http-cache-semantics) = 3.8.1
Provides: bundled(node-http-proxy-agent) = 2.1.0
Provides: bundled(node-http-signature) = 1.2.0
Provides: bundled(node-https-proxy-agent) = 2.2.4
Provides: bundled(node-humanize-ms) = 1.2.1
Provides: bundled(node-iconv-lite) = 0.4.23
Provides: bundled(node-iferr) = 0.1.5
Provides: bundled(node-iferr) = 1.0.2
Provides: bundled(node-ignore-walk) = 3.0.3
Provides: bundled(node-import-lazy) = 2.1.0
Provides: bundled(node-imurmurhash) = 0.1.4
Provides: bundled(node-infer-owner) = 1.0.4
Provides: bundled(node-inflight) = 1.0.6
Provides: bundled(node-inherits) = 2.0.4
Provides: bundled(node-ini) = 1.3.8
Provides: bundled(node-init-package-json) = 1.10.3
Provides: bundled(node-ip) = 1.1.5
Provides: bundled(node-ip-regex) = 2.1.0
Provides: bundled(node-is-callable) = 1.1.4
Provides: bundled(node-is-ci) = 1.2.1
Provides: bundled(node-is-cidr) = 3.0.0
Provides: bundled(node-is-date-object) = 1.0.1
Provides: bundled(node-is-fullwidth-code-point) = 1.0.0
Provides: bundled(node-is-fullwidth-code-point) = 2.0.0
Provides: bundled(node-is-installed-globally) = 0.1.0
Provides: bundled(node-is-npm) = 1.0.0
Provides: bundled(node-is-obj) = 1.0.1
Provides: bundled(node-is-path-inside) = 1.0.1
Provides: bundled(node-is-redirect) = 1.0.0
Provides: bundled(node-is-regex) = 1.0.4
Provides: bundled(node-is-retry-allowed) = 1.2.0
Provides: bundled(node-is-stream) = 1.1.0
Provides: bundled(node-is-symbol) = 1.0.2
Provides: bundled(node-is-typedarray) = 1.0.0
Provides: bundled(node-isarray) = 0.0.1
Provides: bundled(node-isarray) = 1.0.0
Provides: bundled(node-isexe) = 2.0.0
Provides: bundled(node-isstream) = 0.1.2
Provides: bundled(node-jsbn) = 0.1.1
Provides: bundled(node-json-parse-better-errors) = 1.0.2
Provides: bundled(node-json-schema) = 0.4.0
Provides: bundled(node-json-schema-traverse) = 0.3.1
Provides: bundled(node-json-schema-traverse) = 0.4.1
Provides: bundled(node-json-stringify-safe) = 5.0.1
Provides: bundled(node-jsonparse) = 1.3.1
Provides: bundled(node-JSONStream) = 1.3.5
Provides: bundled(node-jsprim) = 1.4.2
Provides: bundled(node-latest-version) = 3.1.0
Provides: bundled(node-lazy-property) = 1.0.0
Provides: bundled(node-libcipm) = 4.0.8
Provides: bundled(node-libnpm) = 3.0.1
Provides: bundled(node-libnpmaccess) = 3.0.2
Provides: bundled(node-libnpmconfig) = 1.2.1
Provides: bundled(node-libnpmhook) = 5.0.3
Provides: bundled(node-libnpmorg) = 1.0.1
Provides: bundled(node-libnpmpublish) = 1.1.2
Provides: bundled(node-libnpmsearch) = 2.0.2
Provides: bundled(node-libnpmteam) = 1.0.2
Provides: bundled(node-libnpx) = 10.2.4
Provides: bundled(node-locate-path) = 2.0.0
Provides: bundled(node-locate-path) = 3.0.0
Provides: bundled(node-lock-verify) = 2.1.0
Provides: bundled(node-lockfile) = 1.0.4
Provides: bundled(node-lodash._baseindexof) = 3.1.0
Provides: bundled(node-lodash._baseuniq) = 4.6.0
Provides: bundled(node-lodash._bindcallback) = 3.0.1
Provides: bundled(node-lodash._cacheindexof) = 3.0.2
Provides: bundled(node-lodash._createcache) = 3.1.2
Provides: bundled(node-lodash._createset) = 4.0.3
Provides: bundled(node-lodash._getnative) = 3.9.1
Provides: bundled(node-lodash._root) = 3.0.1
Provides: bundled(node-lodash.clonedeep) = 4.5.0
Provides: bundled(node-lodash.restparam) = 3.6.1
Provides: bundled(node-lodash.union) = 4.6.0
Provides: bundled(node-lodash.uniq) = 4.5.0
Provides: bundled(node-lodash.without) = 4.4.0
Provides: bundled(node-lowercase-keys) = 1.0.1
Provides: bundled(node-lru-cache) = 4.1.5
Provides: bundled(node-lru-cache) = 5.1.1
Provides: bundled(node-make-dir) = 1.3.0
Provides: bundled(node-make-fetch-happen) = 5.0.2
Provides: bundled(node-map-age-cleaner) = 0.1.3
Provides: bundled(node-meant) = 1.0.2
Provides: bundled(node-mime-db) = 1.35.0
Provides: bundled(node-mime-types) = 2.1.19
Provides: bundled(node-mimic-fn) = 1.2.0
Provides: bundled(node-minimatch) = 3.0.4
Provides: bundled(node-minimist) = 1.2.6
Provides: bundled(node-minipass) = 2.3.3
Provides: bundled(node-minipass) = 2.9.0
Provides: bundled(node-minizlib) = 1.3.3
Provides: bundled(node-mississippi) = 3.0.0
Provides: bundled(node-mkdirp) = 0.5.5
Provides: bundled(node-move-concurrently) = 1.0.1
Provides: bundled(node-ms) = 2.0.0
Provides: bundled(node-ms) = 2.1.1
Provides: bundled(node-mute-stream) = 0.0.7
Provides: bundled(node-nice-try) = 1.0.5
Provides: bundled(node-node-fetch-npm) = 2.0.2
Provides: bundled(node-node-gyp) = 5.1.0
Provides: bundled(node-nopt) = 4.0.3
Provides: bundled(node-normalize-package-data) = 2.5.0
Provides: bundled(node-npm-audit-report) = 1.3.3
Provides: bundled(node-npm-bundled) = 1.1.1
Provides: bundled(node-npm-cache-filename) = 1.0.2
Provides: bundled(node-npm-install-checks) = 3.0.2
Provides: bundled(node-npm-lifecycle) = 3.1.5
Provides: bundled(node-npm-logical-tree) = 1.2.1
Provides: bundled(node-npm-normalize-package-bin) = 1.0.1
Provides: bundled(node-npm-package-arg) = 6.1.1
Provides: bundled(node-npm-packlist) = 1.4.8
Provides: bundled(node-npm-pick-manifest) = 3.0.2
Provides: bundled(node-npm-profile) = 4.0.4
Provides: bundled(node-npm-registry-fetch) = 4.0.7
Provides: bundled(node-npm-run-path) = 2.0.2
Provides: bundled(node-npm-user-validate) = 1.0.1
Provides: bundled(node-npmlog) = 4.1.2
Provides: bundled(node-number-is-nan) = 1.0.1
Provides: bundled(node-oauth-sign) = 0.9.0
Provides: bundled(node-object-assign) = 4.1.1
Provides: bundled(node-object-keys) = 1.0.12
Provides: bundled(node-object.getownpropertydescriptors) = 2.0.3
Provides: bundled(node-once) = 1.4.0
Provides: bundled(node-opener) = 1.5.2
Provides: bundled(node-os-homedir) = 1.0.2
Provides: bundled(node-os-tmpdir) = 1.0.2
Provides: bundled(node-osenv) = 0.1.5
Provides: bundled(node-p-defer) = 1.0.0
Provides: bundled(node-p-finally) = 1.0.0
Provides: bundled(node-p-is-promise) = 2.1.0
Provides: bundled(node-p-limit) = 1.2.0
Provides: bundled(node-p-limit) = 2.2.0
Provides: bundled(node-p-limit) = 2.3.0
Provides: bundled(node-p-locate) = 2.0.0
Provides: bundled(node-p-locate) = 3.0.0
Provides: bundled(node-p-try) = 1.0.0
Provides: bundled(node-p-try) = 2.2.0
Provides: bundled(node-package-json) = 4.0.1
Provides: bundled(node-pacote) = 9.5.12
Provides: bundled(node-parallel-transform) = 1.1.0
Provides: bundled(node-path-exists) = 3.0.0
Provides: bundled(node-path-is-absolute) = 1.0.1
Provides: bundled(node-path-is-inside) = 1.0.2
Provides: bundled(node-path-key) = 2.0.1
Provides: bundled(node-path-parse) = 1.0.7
Provides: bundled(node-performance-now) = 2.1.0
Provides: bundled(node-pify) = 3.0.0
Provides: bundled(node-prepend-http) = 1.0.4
Provides: bundled(node-process-nextick-args) = 2.0.0
Provides: bundled(node-promise-inflight) = 1.0.1
Provides: bundled(node-promise-retry) = 1.1.1
Provides: bundled(node-promzard) = 0.3.0
Provides: bundled(node-proto-list) = 1.2.4
Provides: bundled(node-protoduck) = 5.0.1
Provides: bundled(node-prr) = 1.0.1
Provides: bundled(node-pseudomap) = 1.0.2
Provides: bundled(node-psl) = 1.1.29
Provides: bundled(node-pump) = 2.0.1
Provides: bundled(node-pump) = 3.0.0
Provides: bundled(node-pumpify) = 1.5.1
Provides: bundled(node-punycode) = 1.4.1
Provides: bundled(node-punycode) = 2.1.1
Provides: bundled(node-qrcode-terminal) = 0.12.0
Provides: bundled(node-qs) = 6.5.3
Provides: bundled(node-query-string) = 6.8.2
Provides: bundled(node-qw) = 1.0.1
Provides: bundled(node-rc) = 1.2.8
Provides: bundled(node-read) = 1.0.7
Provides: bundled(node-read-cmd-shim) = 1.0.5
Provides: bundled(node-read-installed) = 4.0.3
Provides: bundled(node-read-package-json) = 2.1.1
Provides: bundled(node-read-package-tree) = 5.3.1
Provides: bundled(node-readable-stream) = 1.1.14
Provides: bundled(node-readable-stream) = 2.3.6
Provides: bundled(node-readable-stream) = 3.6.0
Provides: bundled(node-readdir-scoped-modules) = 1.1.0
Provides: bundled(node-registry-auth-token) = 3.4.0
Provides: bundled(node-registry-url) = 3.1.0
Provides: bundled(node-request) = 2.88.0
Provides: bundled(node-require-directory) = 2.1.1
Provides: bundled(node-require-main-filename) = 2.0.0
Provides: bundled(node-resolve) = 1.10.0
Provides: bundled(node-resolve-from) = 4.0.0
Provides: bundled(node-retry) = 0.10.1
Provides: bundled(node-retry) = 0.12.0
Provides: bundled(node-rimraf) = 2.7.1
Provides: bundled(node-run-queue) = 1.0.3
Provides: bundled(node-safe-buffer) = 5.1.2
Provides: bundled(node-safe-buffer) = 5.2.0
Provides: bundled(node-safe-buffer) = 5.2.1
Provides: bundled(node-safer-buffer) = 2.1.2
Provides: bundled(node-semver) = 5.7.1
Provides: bundled(node-semver-diff) = 2.1.0
Provides: bundled(node-set-blocking) = 2.0.0
Provides: bundled(node-sha) = 3.0.0
Provides: bundled(node-shebang-command) = 1.2.0
Provides: bundled(node-shebang-regex) = 1.0.0
Provides: bundled(node-signal-exit) = 3.0.2
Provides: bundled(node-slide) = 1.1.6
Provides: bundled(node-smart-buffer) = 4.1.0
Provides: bundled(node-socks) = 2.3.3
Provides: bundled(node-socks-proxy-agent) = 4.0.2
Provides: bundled(node-sorted-object) = 2.0.1
Provides: bundled(node-sorted-union-stream) = 2.1.3
Provides: bundled(node-spdx-correct) = 3.0.0
Provides: bundled(node-spdx-exceptions) = 2.1.0
Provides: bundled(node-spdx-expression-parse) = 3.0.0
Provides: bundled(node-spdx-license-ids) = 3.0.5
Provides: bundled(node-split-on-first) = 1.1.0
Provides: bundled(node-sshpk) = 1.14.2
Provides: bundled(node-ssri) = 6.0.2
Provides: bundled(node-stream-each) = 1.2.2
Provides: bundled(node-stream-iterate) = 1.2.0
Provides: bundled(node-stream-shift) = 1.0.0
Provides: bundled(node-strict-uri-encode) = 2.0.0
Provides: bundled(node-string_decoder) = 0.10.31
Provides: bundled(node-string_decoder) = 1.1.1
Provides: bundled(node-string_decoder) = 1.3.0
Provides: bundled(node-string-width) = 1.0.2
Provides: bundled(node-string-width) = 2.1.1
Provides: bundled(node-string-width) = 3.1.0
Provides: bundled(node-stringify-package) = 1.0.1
Provides: bundled(node-strip-ansi) = 3.0.1
Provides: bundled(node-strip-ansi) = 4.0.0
Provides: bundled(node-strip-ansi) = 5.2.0
Provides: bundled(node-strip-eof) = 1.0.0
Provides: bundled(node-strip-json-comments) = 2.0.1
Provides: bundled(node-supports-color) = 5.4.0
Provides: bundled(node-tar) = 4.4.19
Provides: bundled(node-tar-stream) = 2.1.0
Provides: bundled(node-term-size) = 1.2.0
Provides: bundled(node-text-table) = 0.2.0
Provides: bundled(node-through) = 2.3.8
Provides: bundled(node-through2) = 2.0.3
Provides: bundled(node-timed-out) = 4.0.1
Provides: bundled(node-tiny-relative-date) = 1.3.0
Provides: bundled(node-tough-cookie) = 2.4.3
Provides: bundled(node-tunnel-agent) = 0.6.0
Provides: bundled(node-tweetnacl) = 0.14.5
Provides: bundled(node-typedarray) = 0.0.6
Provides: bundled(node-uid-number) = 0.0.6
Provides: bundled(node-umask) = 1.1.0
Provides: bundled(node-unique-filename) = 1.1.1
Provides: bundled(node-unique-slug) = 2.0.0
Provides: bundled(node-unique-string) = 1.0.0
Provides: bundled(node-unpipe) = 1.0.0
Provides: bundled(node-unzip-response) = 2.0.1
Provides: bundled(node-update-notifier) = 2.5.0
Provides: bundled(node-uri-js) = 4.4.0
Provides: bundled(node-url-parse-lax) = 1.0.0
Provides: bundled(node-util-deprecate) = 1.0.2
Provides: bundled(node-util-extend) = 1.0.3
Provides: bundled(node-util-promisify) = 2.1.0
Provides: bundled(node-uuid) = 3.3.3
Provides: bundled(node-validate-npm-package-license) = 3.0.4
Provides: bundled(node-validate-npm-package-name) = 3.0.0
Provides: bundled(node-verror) = 1.10.0
Provides: bundled(node-wcwidth) = 1.0.1
Provides: bundled(node-which) = 1.3.1
Provides: bundled(node-which-module) = 2.0.0
Provides: bundled(node-wide-align) = 1.1.2
Provides: bundled(node-widest-line) = 2.0.1
Provides: bundled(node-worker-farm) = 1.7.0
Provides: bundled(node-wrap-ansi) = 5.1.0
Provides: bundled(node-wrappy) = 1.0.2
Provides: bundled(node-write-file-atomic) = 2.4.3
Provides: bundled(node-xdg-basedir) = 3.0.0
Provides: bundled(node-xtend) = 4.0.1
Provides: bundled(node-y18n) = 4.0.1
Provides: bundled(node-yallist) = 2.1.2
Provides: bundled(node-yallist) = 3.0.2
Provides: bundled(node-yallist) = 3.0.3
Provides: bundled(node-yallist) = 3.1.1
Provides: bundled(node-yargs) = 14.2.3
Provides: bundled(node-yargs-parser) = 15.0.1
%description -n npm8
A package manager for Node.js that allows developers to install and
publish packages to a package registry.
%package -n corepack8
Summary: Helper bridge between NodeJS projects and their dependencies
Group: Development/Languages/NodeJS
Requires: nodejs-common >= 5.0
%description -n corepack8
Zero-runtime-dependency package acting as bridge between Node projects
and their package managers.
%package docs
Summary: Node.js API documentation
Group: Documentation/Other
@@ -402,10 +877,6 @@ tar Jxf %{SOURCE90} -C deps/npm
tar Jxf %{SOURCE11}
%endif
%if %{node_version_number} >= 16 && 0%{?suse_version} > 0 && 0%{?suse_version} < 1500
tar Jxf %{SOURCE5} --directory=tools/gyp --strip-components=1
%endif
%patch3 -p1
%patch7 -p1
%if 0%{with valgrind_tests}
@@ -418,9 +889,15 @@ tar Jxf %{SOURCE5} --directory=tools/gyp --strip-components=1
%patch36 -p1
%patch37 -p1
%patch38 -p1
%patch39 -p1
%patch42 -p1
%patch43 -p1
%patch44 -p1
%patch47 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
%patch53 -p1
%patch101 -p1
%patch102 -p1
# Add check_output to configure script (not part of Python 2.6 in SLE11).
@@ -429,17 +906,32 @@ tar Jxf %{SOURCE5} --directory=tools/gyp --strip-components=1
%endif
%patch104 -p1
%patch105 -p1
%if 0%{?suse_version} >= 1550
%endif
%patch120 -p1
%patch130 -p1
%if ! 0%{with openssl_RSA_get0_pss_params}
%endif
%patch200 -p1
%if %{node_version_number} <= 14
# minimist security update - patch50
rm -r deps/npm/node_modules/mkdirp/node_modules/minimist
rmdir ./deps/npm/node_modules/mkdirp/node_modules
%endif
# remove backup files, if any
find -name \*~ -print0 -delete
# abnormalities from patching
find \( -name \*.js.orig -or -name \*.md.orig -or -name \*.1.orig \) -delete
# downgrade node-gyp to last version that supports python 3.4 for SLE12
%if 0%{?use_version} && 0%{?suse_version} < 1500
rm -r deps/npm/node_modules/node-gyp
mkdir deps/npm/node_modules/node-gyp
tar -C deps/npm/node_modules/node-gyp Jxf %{SOURCE5}
%endif
%build
# normalize shebang
%if %{node_version_number} >= 12
@@ -462,10 +954,6 @@ find deps/openssl -name *.[ch] -delete
rm -rf deps/icu-small
%endif
%if ! 0%{with intree_openssl}
rm -rf deps/openssl
%endif
%if ! 0%{with intree_cares}
find deps/cares -name *.[ch] -delete
%endif
@@ -473,11 +961,12 @@ find deps/cares -name *.[ch] -delete
find deps/zlib -name *.[ch] -delete
cat > spec.build.config <<EOF
export PREFIX=/usr
export CFLAGS="%{?build_cflags:%build_cflags}%{?!build_cflags:%optflags} -fno-strict-aliasing"
# -Wno-class-memaccess is not available in gcc < 8 (= system compiler on Leap until at least 15.3 is gcc7)
export CXXFLAGS="%{?build_cxxflags:%build_cxxflags}%{?!build_cxxflags:%optflags} -Wno-error=return-type -fno-strict-aliasing"
%if 0%{?sle_version} > 150300
export CXXFLAGS="${CXXFLAGS} -Wno-class-memaccess"
%if 0%{?forced_gcc_version} >= 8 || 0%{?suse_version} > 1500 || 0%{?fedora_version} >= 35
export CXXFLAGS="\${CXXFLAGS} -Wno-class-memaccess"
%endif
export LDFLAGS="%{?build_ldflags}"
@@ -490,9 +979,9 @@ export CFLAGS="\${CFLAGS} -g1"
export CXXFLAGS="\${CXXFLAGS} -g1"
export LDFLAGS="\${LDFLAGS} -Wl,--reduce-memory-overhead"
%if 0%{?cc_exec:1}
export CC=%{?cc_exec}
export CXX=%{?cpp_exec}
%if 0%{?forced_gcc_version:1}
export CC=gcc-%{forced_gcc_version}
export CXX=g++-%{forced_gcc_version}
%endif
EOF
@@ -525,6 +1014,9 @@ EOF
%if ! 0%{with intree_nghttp2}
--shared-nghttp2 \
%endif
%if ! 0%{with intree_brotli}
--shared-brotli \
%endif
%if 0%{with gdb}
--gdb \
%endif
@@ -654,6 +1146,16 @@ rm -f test/parallel/test-dns-cancel-reverse-lookup.js \
test/parallel/test-dns-resolveany.js
# multicast test fail since no socket?
rm -f test/parallel/test-dgram-membership.js
%if 0%{?fedora_version}
# test/parallel/test-crypto-certificate.js requires OPENSSL_ENABLE_MD5_VERIFY=1
# as SPKAC required MD5 for verification
# https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/0006-Disable-signature-verification-with-totally-unsafe-h.patch
export OPENSSL_ENABLE_MD5_VERIFY=1
# error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
# failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
rm -f test/parallel/test-tls-no-sslv3.js
%endif
# Run CI tests
%if 0%{with valgrind_tests}
# valgrind may have false positives, so do not fail on these by default
@@ -710,6 +1212,13 @@ make test-ci
%ghost %{_sysconfdir}/alternatives/npx.1%{ext_man}
%endif
%if %{node_version_number} >= 14
%files -n corepack%{node_version_number}
%defattr(-, root, root)
%{_bindir}/corepack%{node_version_number}
%{_libdir}/node_modules/corepack%{node_version_number}
%endif
%files devel
%defattr(-, root, root)
%{_includedir}/node%{node_version_number}

3
npm-v6.14.16.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:666ae387b982ccd9878bd1449a029e004b063596c410d2b35c4097e1ae2a23f1
size 5968743

3
npm_man.tar.xz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fbe9a1482b6cd68665a2f37ba2f2f1dd31ae1be7f7ba1d2ec6b44cef0e1ca7f9
size 78200

303
test_ssl_cert_fixups.patch Normal file
View File

@@ -0,0 +1,303 @@
Index: node-v10.24.1/test/fixtures/pass-cert.pem
===================================================================
--- node-v10.24.1.orig/test/fixtures/pass-cert.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB2TCCAUICCQDQv9q5AAtoEzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJK
-UDEOMAwGA1UECBMFVG9reW8xEjAQBgNVBAoUCW5vZGVqc19qcDAeFw0xMTExMjYx
-NzA0MDhaFw0yMTExMjMxNzA0MDhaMDExCzAJBgNVBAYTAkpQMQ4wDAYDVQQIEwVU
-b2t5bzESMBAGA1UEChQJbm9kZWpzX2pwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQChmQeFwsaomtQbw9Nm55Dn6KSR9bkY8PDroQUeTNa90BlIbhGsKYm4l7bE
-RaasFgOrkcQpk45fdDVYPjKxraZiGXXKjSIDYeDAIC/+CkwQKrejgCPmJs4gV4g+
-npvwi1gVr2NAg7fkJOyEW2TDp4dsAD8qtG8Aml0C1hJXwFYmBwIDAQABMA0GCSqG
-SIb3DQEBBQUAA4GBAGJYkr3VgHUZSyGrdUWeGKiKS4EY3D4ki8Luv9Jf/IpxJLbZ
-NGaKUbXSVYSW3US0yR1+lsNvWchmc0wLsbNEHbIiS4BQPkqX7F8FCthM1gwRLQPa
-Sofz3dRNFKDmivG9mdbQDPD/duft7Kn6E3JS5myYUJ0dRKeYfOXLXCY2pZpG
------END CERTIFICATE-----
Index: node-v10.24.1/test/fixtures/pass-csr.pem
===================================================================
--- node-v10.24.1.orig/test/fixtures/pass-csr.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBcDCB2gIBADAxMQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xEjAQBgNV
-BAoUCW5vZGVqc19qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoZkHhcLG
-qJrUG8PTZueQ5+ikkfW5GPDw66EFHkzWvdAZSG4RrCmJuJe2xEWmrBYDq5HEKZOO
-X3Q1WD4ysa2mYhl1yo0iA2HgwCAv/gpMECq3o4Aj5ibOIFeIPp6b8ItYFa9jQIO3
-5CTshFtkw6eHbAA/KrRvAJpdAtYSV8BWJgcCAwEAAaAAMA0GCSqGSIb3DQEBBQUA
-A4GBAC9g7s3rG6G7JSTUOizY1u9Ij6QM9Y6PqQthr4OJHa+Hln5FJQahpgJmA4kC
-WYoWvBMBgFPFBCYAj0yMPohrlAwlbd9MADe4gg3lxuO9UxXDzp/lOVRBAEa4n5i+
-Lw7VEiJtPha4NXgeNzxi5OyBJwxAOPFwsyCdR0SynlifTFHI
------END CERTIFICATE REQUEST-----
Index: node-v10.24.1/test/fixtures/pass-key.pem
===================================================================
--- node-v10.24.1.orig/test/fixtures/pass-key.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIICojAcBgoqhkiG9w0BDAEDMA4ECMeM7uTE/aoCAgIIAASCAoDIIO3VAz+gb7td
-FSOwV/zshzjr7n54r6Jg6fFyeIRrE3tgobr0loPfZUadtd1uxGMFlf4WKqXdk9u/
-Le2BCw34rTVCIlwritFHmcQ56xDKB5WTx+yuzxr97tmnFq00kTeHUcsPOb+eYU5B
-2M0xWpYeEUP4iwQafUz6A6EOjSADYYpdgHHAzIY9VwECPkCqOJJti644OMNPUw8q
-nvoESqwjAO1t2lymNUFk6zHg6FewiyCfjY6ucUCadbN74vUqKAJI45u7HQL8rxSf
-95ncmjpHc+t7GUrQyzD68JaIGFN1Q8d09/ve3EOfoUoDGW+rE3hJ7oISeJfY3k7I
-bBw6i0MO/ZfMs9wbmbMNDKzXQMolXfenK+KdD5Scp6eCeE14KqbQXuDoy+yA9CcZ
-F87v4AyiY2o+A+cS56oY2R9Gc7uX51N8ZQGCuE/IEXeZbemV81br/EytJiZsXbPj
-Kks1QkcsWnfsCUEeyF6IvIRXB70A4fuJ3+V9YoPoIawY18OoRPbMBBWkfMwEJIdB
-2bW3joco0unImwRT6aXFghCnHOdXyQOMNtf1aCSDd/7o+Vac50Lwtuwpp7NsnUID
-V9reIaEugHuM3PHbv3ygm8o3wb2VVRHgWV/wOReEtqLPhERyM1xfVs0y6xCGiE84
-N4uEzAwSGDFgEYACoj7LrqrVVEeVbrD0Gul2/fq9HnKOk6E/tygrwusasyL5vtSX
-ZH/DeKK2XKq70bSu+1eGA/A+SqySckBe4QgEO7Qyb9xWqZhbqDyLg/xCUfDscMyP
-WWW6nN56LcWI7UOEfWJVLTFCBil5T4e2qA4BiJTNc8zwwOM0BIyqvnhlENGbwQBI
-KuSCzKIh
------END ENCRYPTED PRIVATE KEY-----
Index: node-v10.24.1/test/fixtures/raw-key.pem
===================================================================
--- node-v10.24.1.orig/test/fixtures/raw-key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQChmQeFwsaomtQbw9Nm55Dn6KSR9bkY8PDroQUeTNa90BlIbhGs
-KYm4l7bERaasFgOrkcQpk45fdDVYPjKxraZiGXXKjSIDYeDAIC/+CkwQKrejgCPm
-Js4gV4g+npvwi1gVr2NAg7fkJOyEW2TDp4dsAD8qtG8Aml0C1hJXwFYmBwIDAQAB
-AoGAVgZpAsQVjVwe3kj5GSbc9Rfbw/fTeXuKRWWKm/67soA9dVli/wt9zU62dPW/
-LIzrl0IZ8ygh+p6aZ0d1JTEUCPx7e0KocCmNg77i5AG0eK5i/KKjTWB4UGRDylfD
-dnBXQc814bK+VB0mrcp46U/7tLGYkV2Kz/LiNpmxKwITS4ECQQDPoA6WIU87Eulq
-OuVmJnFIQ2IR3SycVisO7TUq2MItq2U4BwsA3aQ4ehpP/uJdAfJEfwi2omRV5pGb
-806pWkfPAkEAxz+igHS8tR11aLck71dD4BRBY7XZCUg6G4zmYYWsqj0yvM6c4Yn0
-HRcrZqFvV/xuMFphWEmMBhrqLvgy66yUSQJBALkei4LeRid0sDswMhMHGaAFvG4T
-FtB5n8CaTPpb854GoKP42521ANP+QnGq36dvsdPStDEqz20rvA4hPLSQs08CQCV8
-eWxFikNg+XfsDQzilCiSZwMFcYHnjtckGSv75FJbFTKkhKuCMuVOOKIkeThKi8iZ
-GHttyuRTKAASPjJM09ECQBrhlKJwYKuUDMp3qkLBgrXYqbFxZtkS2GeFMUfLcRlx
-oMrTFEczz9lZ0huTuQYPeAAOY0Gd84mL0kQqTRTzNLs=
------END RSA PRIVATE KEY-----
Index: node-v10.24.1/test/parallel/test-tls-passphrase.js
===================================================================
--- node-v10.24.1.orig/test/parallel/test-tls-passphrase.js
+++ node-v10.24.1/test/parallel/test-tls-passphrase.js
@@ -28,9 +28,9 @@ const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');
-const passKey = fixtures.readSync('pass-key.pem');
-const rawKey = fixtures.readSync('raw-key.pem');
-const cert = fixtures.readSync('pass-cert.pem');
+const passKey = fixtures.readKey('rsa_private_encrypted.pem');
+const rawKey = fixtures.readKey('rsa_private.pem');
+const cert = fixtures.readKey('rsa_cert.crt');
assert(Buffer.isBuffer(passKey));
assert(Buffer.isBuffer(cert));
@@ -39,7 +39,7 @@ assert.strictEqual(typeof cert.toString(
const server = tls.Server({
key: passKey,
- passphrase: 'passphrase',
+ passphrase: 'password',
cert: cert,
ca: [cert],
requestCert: true,
@@ -53,7 +53,7 @@ server.listen(0, common.mustCall(functio
tls.connect({
port: this.address().port,
key: passKey,
- passphrase: 'passphrase',
+ passphrase: 'password',
cert: cert,
rejectUnauthorized: false
}, common.mustCall());
@@ -77,7 +77,7 @@ server.listen(0, common.mustCall(functio
tls.connect({
port: this.address().port,
key: [passKey],
- passphrase: 'passphrase',
+ passphrase: 'password',
cert: [cert],
rejectUnauthorized: false
}, common.mustCall());
@@ -101,7 +101,7 @@ server.listen(0, common.mustCall(functio
tls.connect({
port: this.address().port,
key: passKey.toString(),
- passphrase: 'passphrase',
+ passphrase: 'password',
cert: cert.toString(),
rejectUnauthorized: false
}, common.mustCall());
@@ -125,7 +125,7 @@ server.listen(0, common.mustCall(functio
tls.connect({
port: this.address().port,
key: [passKey.toString()],
- passphrase: 'passphrase',
+ passphrase: 'password',
cert: [cert.toString()],
rejectUnauthorized: false
}, common.mustCall());
@@ -148,14 +148,14 @@ server.listen(0, common.mustCall(functio
// Object[]
tls.connect({
port: this.address().port,
- key: [{ pem: passKey, passphrase: 'passphrase' }],
+ key: [{ pem: passKey, passphrase: 'password' }],
cert: cert,
rejectUnauthorized: false
}, common.mustCall());
tls.connect({
port: this.address().port,
- key: [{ pem: passKey, passphrase: 'passphrase' }],
+ key: [{ pem: passKey, passphrase: 'password' }],
passphrase: 'ignored',
cert: cert,
rejectUnauthorized: false
@@ -164,14 +164,14 @@ server.listen(0, common.mustCall(functio
tls.connect({
port: this.address().port,
key: [{ pem: passKey }],
- passphrase: 'passphrase',
+ passphrase: 'password',
cert: cert,
rejectUnauthorized: false
}, common.mustCall());
tls.connect({
port: this.address().port,
- key: [{ pem: passKey.toString(), passphrase: 'passphrase' }],
+ key: [{ pem: passKey.toString(), passphrase: 'password' }],
cert: cert,
rejectUnauthorized: false
}, common.mustCall());
@@ -288,7 +288,7 @@ assert.throws(function() {
tls.connect({
port: server.address().port,
key: [{ pem: passKey, passphrase: 'invalid' }],
- passphrase: 'passphrase', // Valid but unused
+ passphrase: 'password', // Valid but unused
cert: cert,
rejectUnauthorized: false
});
Index: node-v10.24.1/test/fixtures/keys/rsa_cert.crt
===================================================================
--- /dev/null
+++ node-v10.24.1/test/fixtures/keys/rsa_cert.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIUbdhzx2BDd1HT3m93SUde7eCIk3MwDQYJKoZIhvcNAQEL
+BQAwgbAxCzAJBgNVBAYTAlVLMRQwEgYDVQQIDAtBY2tuYWNrIEx0ZDETMBEGA1UE
+BwwKUmh5cyBKb25lczEQMA4GA1UECgwHbm9kZS5qczEdMBsGA1UECwwUVGVzdCBU
+TFMgQ2VydGlmaWNhdGUxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAls
+b2NhbGhvc3QxGzAZBgkqhkiG9w0BCQEWDGFsZXhAYXViLmRldjAeFw0yMjAxMTMx
+OTQ4MjVaFw0zNTA5MjIxOTQ4MjVaMIGwMQswCQYDVQQGEwJVSzEUMBIGA1UECAwL
+QWNrbmFjayBMdGQxEzARBgNVBAcMClJoeXMgSm9uZXMxEDAOBgNVBAoMB25vZGUu
+anMxHTAbBgNVBAsMFFRlc3QgVExTIENlcnRpZmljYXRlMRQwEgYDVQQLDAtFbmdp
+bmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxhbGV4
+QGF1Yi5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC33FiIiiex
+wLe/P8DZx5HsqFlmUO7/lvJ7necJVNwqdZ3ax5jpQB0p6uxfqeOvzcN3k5V7UFb/
+Am+nkSNZMAZhsWzCU2Z4Pjh50QYz3f0Hour7/yIGStOLyYY3hgLK2K8TbhgjQPhd
+kw9+QtKlpvbL8fLgONAoGrVOFnRQGcr70iFffsm79mgZhKVMgYiHPJqJgGHvCtkG
+g9zMgS7p63+Q3ZWedtFS2RhMX3uCBy/mH6EOlRCNBbRmA4xxNzyf5GQaki3T+Iz9
+tOMjdPP+CwV2LqEdylmBuik8vrfTb3qIHLKKBAI8lXN26wWtA3kN4L7NP+cbKlCR
+lqctvhmylLH1AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAA8zZj9aAsJSZ+tFOYYSbHwWAGViuW0zI8eKj9hU417GCqBwGx9g/Rb0pZG/
+b8BlH30JwW41vz/gLQlbjHHVKJOfQ3YByK/7/pAuDrzNy9jg3pbJFKbjkajkJrlt
+DldZIBe+BAJNVTreQDGzs7KYY8+m+3/zVyo4OuYwRpKxMoQH8dyIZ9O9Kp0r+GaD
+Pwr1Ta7976Y4ALULTUCxz1g5CG8pmXtC+B3tmVzdkB9KaiP/CFU/HtE4HcNZ8v6G
+JkgYgHKa2fMPhe2rz8dw9IDms+S/G9vq/ehD9OgGoWrk5wb7DzDyzs8RuGL69WZ7
+Ld1GdelWKK9RhPs29WU+uz1R4gw=
+-----END CERTIFICATE-----
Index: node-v10.24.1/test/fixtures/keys/rsa_private.pem
===================================================================
--- /dev/null
+++ node-v10.24.1/test/fixtures/keys/rsa_private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAt9xYiIonscC3vz/A2ceR7KhZZlDu/5bye53nCVTcKnWd2seY
+6UAdKersX6njr83Dd5OVe1BW/wJvp5EjWTAGYbFswlNmeD44edEGM939B6Lq+/8i
+BkrTi8mGN4YCytivE24YI0D4XZMPfkLSpab2y/Hy4DjQKBq1ThZ0UBnK+9IhX37J
+u/ZoGYSlTIGIhzyaiYBh7wrZBoPczIEu6et/kN2VnnbRUtkYTF97ggcv5h+hDpUQ
+jQW0ZgOMcTc8n+RkGpIt0/iM/bTjI3Tz/gsFdi6hHcpZgbopPL630296iByyigQC
+PJVzdusFrQN5DeC+zT/nGypQkZanLb4ZspSx9QIDAQABAoIBAQCS2erYu8gyoGPi
+3E/zYgQ6ishFAZWzDWSFubwD5wSm4SSAzvViL/RbO6kqS25xR569DmLRiHzD17VI
+mJMsNECUnPrqR2TL256OJZaXrNHh3I1lUwVhEzjeKMsL4/ys+d70XPXoiocVblVs
+moDXEIGEqa48ywPvVE3Fngeuxrsq3/GCVBNiwtt0YjAOZxmKEh31UZdHO+YI+wNF
+/Z8KQCPscN5HGlR0SIQOlqMANz49aKStrevdvjS1UcpabzDEkuK84g3saJhcpAhb
+pGFmAf5GTjkkhE0rE1qDF15dSqrKGfCFtOjUeK17SIEN7E322ChmTReZ1hYGfoSV
+cdFntUINAoGBAPFKL5QeJ6wZu8R/ru11wTG6sQA0Jub2hGccPXpbnPrT+3CACOLI
+JTCLy/xTKW3dqRHj/wZEe+jUw88w7jwGb1BkWr4BI8tDvY9jQLP1jyuLWRfrxXbp
+4Z0oeBBwBeCI/ZG7FIvdDTqWxn1aj3Tmh6s4ByqEdtwrrrJPcBUNl01fAoGBAMMR
+3RGE/ca6X6xz6kgUD6TtHVhiiRJK1jm/u+q0n7i/MBkeDgTZkHYS7lPc0yIdtqaI
+Plz5yzwHnAvuMrv8LSdkjwioig2yQa3tAij8kXxqs7wN5418DMV2s1OJBrPthYPs
+bv4im2iI8V63JQS4ZMYQbckq8ABYccTpOnxXDy0rAoGBAKkvzHa+QjERhjB9GyoT
+1FhLQIsVBmYSWrp1+cGO9V6HPxoeHJzvm+wTSf/uS/FmaINL6+j4Ii4a6gWgmJts
+I6cqBtqNsAx5vjQJczf8KdxthBYa0sXTrsfktXNJKUXMqIgDtp9vazQ2vozs8AQX
+FPAAhD3SzgkJdCBBRSTt97ZfAoGAWAziKpxLKL7LnL4dzDcx8JIPIuwnTxh0plCD
+dCffyLaT8WJ9lXbXHFTjOvt8WfPrlDP/Ylxmfkw5BbGZOP1VLGjZn2DkH9aMiwNm
+bDXFPdG0G3hzQovx/9fajiRV4DWghLHeT9wzJfZabRRiI0VQR472300AVEeX4vgb
+rDBn600CgYEAk7czBCT9rHn/PNwCa17hlTy88C4vXkwbz83Oa+aX5L4e5gw5lhcR
+2ZuZHLb2r6oMt9rlD7EIDItSs+u21LOXWPTAlazdnpYUyw/CzogM/PN+qNwMRXn5
+uXFFhmlP2mVg2EdELTahXch8kWqHaCSX53yvqCtRKu/j76V31TfQZGM=
+-----END RSA PRIVATE KEY-----
Index: node-v10.24.1/test/fixtures/keys/rsa_private_encrypted.pem
===================================================================
--- /dev/null
+++ node-v10.24.1/test/fixtures/keys/rsa_private_encrypted.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,DB3D20E60E8FDC3356BD79712FF8EF7E
+
+K+vu0U3IFTJBBi6zW5Zng80O1jXq/ZmlOFs/j/SQpPwfW1Do9i/Dwa7ntBlTwrCm
+sd3IIPgu2ikfLwxvbxsZN540oCaCqaZ/bmmyzH3MyVDA9MllUu+X8+Q3ATzcYa9R
+U5XfF5DAXsSRnstCbmKagWVQpO0oX8k3ratfny6Ixq86Y82tK8+o5YiBFq1kqa+9
+4yat7IWQbqV5ifUtUPCHZwEqBt+WKazX05BqERjkckHdpfaDrBvSSPXTwoLm6uRR
+ktkUVpO4tHMZ4VlcTfFtpz8gdYYod0nM6vz26hvbESHSwztSgMhmKdsE5eqmYfgu
+F4WkEN4bqAiPjKK3jnUKPt/vg2oKYFQlVYFl9QnBjiRqcQTi3e9lwn1hI7uoMb6g
+HuaCc57JJHPN/ZLP3ts4ZxFbwUjTGioh5Zh6WozG3L3+Ujwq/sDrAskRyzdcuP7I
+Rs3oLbHY03OHyg8IbxR5Iu89l6FLqnR45yvbxXtZ7ImGOPM5Z9pB1CzDhGDx2F6g
+J/Kf/7ZF2DmYUVbVKDfESEDhRfuMAVzhasDPTRqipSA5QvJVQY+J/6QDPrNNmHVB
+4e4ouHIDWERUf0t1Be7THvP3X8OJozj2HApzqa5ZCaJDo8eaL8TCD5uH75ID5URJ
+VscGHaUXT8/sxfHi1x8BibW5W5J/akFsnrnJU/1BZgGznIxjf5tKfHGppSIVdlKP
+3ghYNmEIFPNJ6cxuUA0D2IOV4uO3FTCU6seIzvJhYkmXnticcZYGtmGxXKrodtzS
+J1YuaNkkO/YRZah285lQ6QCIhCFo4Oa4ILjgoTQISuw7nQj5ESyncauzLUBXKX0c
+XDUej64KNTvVF9UXdG48fYvNmSZWCnTye4UmPu17FmwpVra38U+EdoLyWyMIAI5t
+rP6Hhgc9BxOo41Im9QpTcAPfKAknP8Rbm3ACJG5T9FKq/c29d1E//eFR6SL51e/a
+yWdCgJN/FJOAX60+erPwoVoRFEttAeDPkklgFGdc8F4LIYAig9gEZ92ykFFz3fWz
+jIcUVLrL+IokFbPVUBoMihqVyMQsWH+5Qq9wjxf6EDIf0BVtm9U4BJoOkPStFIfF
+Kof7OVv7izyL8R/GIil9VQs9ftwkIUPeXx2Hw0bE3HJ3C8K4+mbLg3tKhGnBDU5Z
+Xm5mLHoCRBa3ZRFWZtigX7POszdLAzftYo8o65Be4OtPS+tQAORk9gHsXATv7dDB
+OGw61x5KA55LHVHhWaRvu3J8E7nhxw0q/HskyZhDC+Y+Xs6vmQSb4nO4ET4NYX1P
+m3PMdgGoqRDJ2jZw4eoQdRKCM0EHSepSAYpO1tcAXhPZS4ITogoRgPpVgOebEQUL
+nKNeNu/BxMSH/IH15jjDLF3TiEoguF9xdTaCxIBzE1SFpVO0u9m9vXpWdPThVgsb
+VcEI487p7v9iImP3BYPT8ZYvytC26EH0hyOrwhahTvTb4vXghkLIyvPUg1lZHc6e
+aPHb2AzYAHLnp/ehDQGKWrCOJ1JE2vBv8ZkLa+XZo7YASXBRZitPOMlvykEyzxmR
+QAmNhKGvFmeM2mmHAp0aC03rgF3lxNsXQ1CyfEdq3UV9ReSnttq8gtrJfCwxV+wY
+-----END RSA PRIVATE KEY-----
Index: node-v10.24.1/test/fixtures/keys/rsa_cert.cnf
===================================================================
--- /dev/null
+++ node-v10.24.1/test/fixtures/keys/rsa_cert.cnf
@@ -0,0 +1,23 @@
+[ req ]
+days = 99999
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+prompt = no
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+C = UK
+ST = Acknack Ltd
+L = Rhys Jones
+O = node.js
+0.OU = Test TLS Certificate
+1.OU = Engineering
+CN = localhost
+emailAddress = alex@aub.dev
+
+[ req_attributes ]
+
+[ v3_ca ]
+basicConstraints = CA:TRUE
+
+[ x509_extensions ]