From df3c9dd6fbbb407d3366413336951972f102924d583a7fc256ae13106a62af9c Mon Sep 17 00:00:00 2001
From: Adam Majer <amajer@suse.com>
Date: Tue, 9 Apr 2024 14:39:25 +0000
Subject: [PATCH] - Update to 21.7.2:   * CVE-2024-27983 - Assertion failed in
 node::http2::Http2Session::~Http2Session()     leads to HTTP/2 server crash-
 (High) (bsc#1222244)   * CVE-2024-27982 - HTTP Request Smuggling via Content
 Length     Obfuscation- (Medium) (bsc#1222384)   * updated dependencies:    
 + llhttp version 9.2.1     + undici version 6.11.1 (bsc#1222530,
 CVE-2024-30260) - node-gyp-addon-gypi.patch: adapted for new unit test
 layouts

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs21?expand=0&rev=26
---
 SHASUMS256.txt      |  82 ++++++++++++++++++++++----------------------
 SHASUMS256.txt.sig  | Bin 566 -> 437 bytes
 node-v21.7.1.tar.xz |   3 --
 node-v21.7.2.tar.xz |   3 ++
 nodejs21.changes    |  13 +++++--
 nodejs21.spec       |  41 +++++++++++-----------
 6 files changed, 75 insertions(+), 67 deletions(-)
 delete mode 100644 node-v21.7.1.tar.xz
 create mode 100644 node-v21.7.2.tar.xz

diff --git a/SHASUMS256.txt b/SHASUMS256.txt
index 20822ea..adb6ba7 100644
--- a/SHASUMS256.txt
+++ b/SHASUMS256.txt
@@ -1,41 +1,41 @@
-cba4d1d6c05684edeb88f06351c61c3acdb3d8d6df46b9dcd8ca89af847268e5  node-v21.7.1-aix-ppc64.tar.gz
-d21f34e3864d93a8491591002e67a704a8a8ac5f9035d9da890327f884edd1c6  node-v21.7.1-arm64.msi
-0a4dde483479dcf272f3d4d7afb509c3d45cf7a1ea451ce108f434dad4fa43e4  node-v21.7.1-darwin-arm64.tar.gz
-20b26630c1c6d2c3db9815fca135931bdbe2b5c1c228a3f1f6a9ed6dde91ef76  node-v21.7.1-darwin-arm64.tar.xz
-a406f4fbe68ff33319d513fa645aa7b9508c2cb65299f0a2de1757c2a6333c85  node-v21.7.1-darwin-x64.tar.gz
-9212f90b3aaaadaf38fe32639e12ceee3c82380b50cc67402f660a9daecb7e87  node-v21.7.1-darwin-x64.tar.xz
-deb71c9d4698eb835ff748671d5f04b2e0c7f53e0de457d4ee9f926ab9d285d9  node-v21.7.1-headers.tar.gz
-c33217484a2f8a3aa556a4c46144757031d1a8955867e004a3db6996b67c3415  node-v21.7.1-headers.tar.xz
-466647785722c5b9b9f2e430e11645e16f1d112b303b0ffdf2d5fa0eb95e647c  node-v21.7.1-linux-arm64.tar.gz
-d384c843621ccb80f1367fdff85d4e3870bc934ffe37ed48eb320ebebba8ddbb  node-v21.7.1-linux-arm64.tar.xz
-75a2787505079e972fe91d9507be0a13be2a7cf009db7a520a725bc280225704  node-v21.7.1-linux-armv7l.tar.gz
-e375b24d57c8126d58ae31b807c91df6532c52e3441e22d2b3cde5116553c8fb  node-v21.7.1-linux-armv7l.tar.xz
-5c70f1b4d960130751334c064e5b164c3366900baf8d3ee2a11d8c444ba9c84f  node-v21.7.1-linux-ppc64le.tar.gz
-28b98d0ec62937bd0769327272615683caabef5c0a5112bd19b9b02d9332e732  node-v21.7.1-linux-ppc64le.tar.xz
-6bf591654202c04037ee24de8c3940aff0b54d7449b9c13850f204a9bee11bce  node-v21.7.1-linux-s390x.tar.gz
-30d5f6eeb3b94ff150d0fc2c07527cd70c8a1ff0384b3ef191663ffe66cb4934  node-v21.7.1-linux-s390x.tar.xz
-c7b15146aed968b781c235b6a8f67608be559c4615de9526a9851ae28660cc09  node-v21.7.1-linux-x64.tar.gz
-cb25d7a4aa57d15f280ce45cd72f95e9d2020702b7ca75c7fe632444f7c0452c  node-v21.7.1-linux-x64.tar.xz
-3a8ecf4f887cbe37a1c7a1b720ed259c9e5cdb3648986a148a02211b4a77c6fa  node-v21.7.1.pkg
-0ba90deb3e4de7c4665cdaabafe2c50d48c6b47e44863bb557ae1b7f01112f40  node-v21.7.1.tar.gz
-1272b6e129d564dbde17527b844210b971c20a70ae729268186b7cb9d990a64b  node-v21.7.1.tar.xz
-6ae0f60b24443708b4673b856c66827c2361957c01ee0c9628281486f0191615  node-v21.7.1-win-arm64.7z
-c8931f7130c38e175aa55dfbe4235b20af033ec59d174f4dabf8809b79abe0d5  node-v21.7.1-win-arm64.zip
-7c55e73c25e491a22e302e3919dd58145030a2f14bc6e9b2fed0a45c7dd6f867  node-v21.7.1-win-x64.7z
-debff16a17e92d084dc19b98b21be35b15d9627befab1c8311b4ff946bf51773  node-v21.7.1-win-x64.zip
-a64136c1aeafb096e8461c304c18eaa910d81f75e1ead5155a5548f4e3733a9b  node-v21.7.1-win-x86.7z
-5db22af240445b0afadadedac497c8b57960f6d27828bb03040be90dfe7561f6  node-v21.7.1-win-x86.zip
-e6354ee73967ce6b2ae401edb1d54adaedb321123308e2af1dec71a497e73eaa  node-v21.7.1-x64.msi
-8673470064c13f491e594b4f4522eba504fc9082db728eed9ba43987b88de69b  node-v21.7.1-x86.msi
-00d60e58adb4884085675d48064426c0745799169c79e553e1523ffe88f26fd4  win-arm64/node.exe
-b068c2ffb9fa47420d55d44bb24ae42211007bbc34426cf68a663b34f8187a41  win-arm64/node.lib
-600be209fe1a2a4693eef98393cea9ab3bbc3f08b974ad004cf0aaa944ed2488  win-arm64/node_pdb.7z
-53273a368d2079975617d3a5566c5006ee25af68e58408b7cd0842e342acac17  win-arm64/node_pdb.zip
-39908c8a16f867e5a2e9666ba8089dd497c4fa48a8008bed9d52cd78181944b2  win-x64/node.exe
-96d09c2055c2f252122c86b65d2aabd5f90b1a075844f24bf8bcdbab05baf53e  win-x64/node.lib
-1f4ece18dbfb3ea96f242f1ca94b309c1e56a50bc6138c33c842d45b198abc7f  win-x64/node_pdb.7z
-73f6d43a1678df35720662d9052a0a80321c9e92e9c87ef7dc9d70da31197fe9  win-x64/node_pdb.zip
-1f8c02748de3c6aefe7f40939db330ec03afe95fff23bbe12ba93fa9f0c180bc  win-x86/node.exe
-19f86a492bf3b2a2854ebf0d05734afd9866348fc6474ed5b8c53c62ec9b7aa2  win-x86/node.lib
-316254a7e269bcdcc37bb831b280c59f565745be01294b4024b8aef19507fe0b  win-x86/node_pdb.7z
-36186f7fa5b9eb53ed12945b9506d91c487e0fc78b27267c949f609f0e36803e  win-x86/node_pdb.zip
+6290bc006ee81332da8345b2d254ecf75674de0898a6dd5e348c7685ca0df325  node-v21.7.2-aix-ppc64.tar.gz
+92b1d9ecd1e4520a1ac82963719dd7fd80b3f250751e34d67a8a7553fd149720  node-v21.7.2-arm64.msi
+d00a2b5002db121d798f1c9556342abb6ec6a4fac9d6197bc86c922a796812ae  node-v21.7.2-darwin-arm64.tar.gz
+47784735ff348e9ca6eed5a1482d58582949f0ace7d74ba5d510ab763d5e1327  node-v21.7.2-darwin-arm64.tar.xz
+6211829236013582fb654b4b9f8c6528dcb07620f6f82878ef514fae1b30685e  node-v21.7.2-darwin-x64.tar.gz
+309457de4a2e87db456b5656383be8590d8a69aacd1e161015d98a88697a206f  node-v21.7.2-darwin-x64.tar.xz
+32bc006ce485d8726e72c666feb08de567098d881b8e79ee37fc9aa9854329c6  node-v21.7.2-headers.tar.gz
+66fa0952f5b207c1e1771492d04285a2199bf0dc756e392fe03d3be54ca3733d  node-v21.7.2-headers.tar.xz
+5cf1cb89feb40404adad999307659754dd17fc9afa6c086aaff690ecbf8af66c  node-v21.7.2-linux-arm64.tar.gz
+0a07d44da8324ad0514ccd4d588d5aa8d749d76b01b69d55343c2132d1efbe3b  node-v21.7.2-linux-arm64.tar.xz
+73df605f0aaa18c4a8e9789206d18045b277f4233f50837b1563f9b3dd50f696  node-v21.7.2-linux-armv7l.tar.gz
+8c23b9f1d6a9022b04cda94c85bbfd329a178d7710c1bbd25587a668078d9915  node-v21.7.2-linux-armv7l.tar.xz
+4ece271c97fc434c34328081245e406e23a23fed32868f90fe901f1a232a27bd  node-v21.7.2-linux-ppc64le.tar.gz
+11750d12cec45b7f7451b18dcd98ddcdce07afbb68db57bb0dc89e883b78ab6b  node-v21.7.2-linux-ppc64le.tar.xz
+9df7a1c8c9be7a7f4a62b822c3cbbc0f4c66ad185b7383c6bfb021e99a9441b0  node-v21.7.2-linux-s390x.tar.gz
+ba8e598921c29e2ff5efd6f42a3e11c765a77339ac7ef7e1b55c6aba95f3bf8b  node-v21.7.2-linux-s390x.tar.xz
+06b891c82c9b19b8d8553222de5de8afd43a38c1b898f9ca323e1d2e22da9075  node-v21.7.2-linux-x64.tar.gz
+9d55843dd4b2400fe4034de3281003de718dbd0c6f61ce6b53e94e987b16c9dc  node-v21.7.2-linux-x64.tar.xz
+f9e642aa9e729842b289c0314be8c7d468aca2994b1b8d8a8c2143382f1c4136  node-v21.7.2-win-arm64.7z
+a9a62973ac69adb98d62f5aa6d3a7ca668fb7b1a5c84833e93ff330eef1d972b  node-v21.7.2-win-arm64.zip
+a532dd8dae519c78100497f398621574431757afa933ab32d39b1ba3fcf44d9b  node-v21.7.2-win-x64.7z
+99102e5964c6cd3c3ba5562243dbfda8e1f265e7fff2489aa1d806074893d88a  node-v21.7.2-win-x64.zip
+9987f8a12d2cb0439a9def11b449793b372d4ff96acceb9321a736f5c57e5f41  node-v21.7.2-win-x86.7z
+ce346bb8e5d2722d653d8f6cee81fdcc80fb88c51ca945763ff12c7e4f659bbb  node-v21.7.2-win-x86.zip
+b936d30bbd0927157165fb09d2eaff2d939d1f13136bbddc50e64c31aa86b4ac  node-v21.7.2-x64.msi
+83b30683316bb2f8115d58af23b8bb154de9615632cf491fec6c365aff3b74f5  node-v21.7.2-x86.msi
+f75990a446cd3512c80598d815243592776a99ac7f4e5f2cbccc5cf1369b7cfe  node-v21.7.2.pkg
+dc1b18771e7ed3da051fc2242806bfde5ae02b63fe7205e80156e92de8f8fa3d  node-v21.7.2.tar.gz
+b4b1e2a07e96f85f6ce34a2fbfea348691aefe5cb219aa6951e23ccc991f9e2f  node-v21.7.2.tar.xz
+80541446e8ef8a2d26d73e4517afbb560717d47e4ed0d122fdddd90f8662da53  win-arm64/node.exe
+298d58a6fed36728a8d1b07f6fe3678c5a6faf4c77bdcd7288e155c117404eea  win-arm64/node.lib
+1881ceeab304bc003ed87c03a1206f9f9e7deb861a44af68361e493a23a5aec1  win-arm64/node_pdb.7z
+c7824ff2aea7a565d81d3ba0e2992497fd7a0f776f39179681f326d9b6eab75b  win-arm64/node_pdb.zip
+64b5a1e9101e6281f072b385691affbe45b2cb93ba84a592f1a9941d994e621f  win-x64/node.exe
+473d2b087bfa76b2746542c6c4bd019b0527545849e04cbc3d0872ebd9335f0a  win-x64/node.lib
+93d79e521d9f3513eee1cb9ad98f38c7b62b3845be285333ad3731cd50c983ab  win-x64/node_pdb.7z
+e8f7a31dae7239154e53f57e3b1545102b6905419c1545ffeed721509f95426c  win-x64/node_pdb.zip
+f16257e0cdae9de68cc3bff533ddac2bbfe42f3b7cba16a2a8fc1b40a98e3d3c  win-x86/node.exe
+8ecea23973c4e82d13c18f78f4e23beebac5b70f1d54c100d08d41f52ade421e  win-x86/node.lib
+6ddf27e2fcc6528a95fd5db9046a5629698714aeae43ff4e21d6b99904bb8cde  win-x86/node_pdb.7z
+91af5f3e3bb0e838a2c2e5c6a2d96331309fe52bb0897072774954eddc1976c4  win-x86/node_pdb.zip
diff --git a/SHASUMS256.txt.sig b/SHASUMS256.txt.sig
index a1b35e49fdab678a23123c0784818c1d4a938fc997a7d69d4b4a07fabac30c4d..ecbebd5d9a683ec06769746396519623a24d1259ae0885fb6b6512cecf5e7773 100644
GIT binary patch
literal 437
zcmV;m0ZRUf0kQ-D0SEvc79j+Q3<%qWc@{734f)%P>a^d_RbKQ30%i?kEC31#5R2-x
z-_KQE^jCNb_^)+s#eA~MKEeGZ$AbaKZbBnT{jj50u=4eB4{}QO7A3z(VqAaV=cTCB
z^?mWUqIs<h81v5kLsVG=#bUXcZ(V4E(|pbELwpB%sJNJapGO*{=!EeV)N~eJeI`h2
znUWSWgl|>BdxFwfS&V2RwDqdTlIrZHV;1@95QfblLkx;mzy6VM(Cqx2+5bz8OUXw(
ztvl*x#zeWF+4yeEAB+4JnIUR&(C^%KgyULJ@7tDb_iB37C;O90kq9~>gD@IN9%N4e
zU356Mqlx+U3WkVqtmO<QtLjUsY8_ysvy0xkW&J0ec%H2%A)wUbdb5Uy3ga9lxc!2|
zEc3OP#2rek?}Bfc&8)l?6XnBc=ZJ3)?QAO&cfJ8jFNWguTQRu_6@pH$Bs*3m`NZyh
z`ncqvwbJ=ruDoDt6$%}W9+te#t@D3ja_K&x5-LUP!Oe$LEgZeNOA0hHrRA~TS55|0
f8YAP{LC(L28h{_qAkkC(_9$x71tS{S2zHU;@-y5A

literal 566
zcmV-60?GY}0y6{v0SEvc79j+W%%MN;9Skm!0FDWF4|<wf;Z^_z0%hxnrvM5G5O)uH
znp)vj08j%E0Fff&Z;uxPtciKhZE<@;&~##tijrL(hT&n6gez(6xkfyYgJ-0%{#T&_
z<1UdFGHyaxA{ot<=cX-+Y^Ei)_zE8<zdE_AT<qlYaRx$JEPDL@Ht@;T>+hY>l3nhQ
z!|*XmgESNA$dYD(Mx7c0{8oz#U)Vd?9*-kYTlJWVs=(n>s$z9lyHR7I&)yp!Hw@BR
zjpyF7bs<x9A&D~)H!}y0ivk6+%~nw!7ST@?%E9`#el--GSu2x%#NyRP^t2W9l;c~G
zN(=5SMo@)CWJpd!O2q0;DX^^NDBd0MR{E+l!tZ99x0Bhss*P0p9KBFJ?WQSmkbnA{
zY#k*RJvp{RjYg{RPFAQ7@Z=h1)o?f<F1U?i+JkG9qS;QJs3b{%5|NY#_*Ck~Vmt-t
zL`v1Ya`16(+f><w^pacb@)dqY#wBOFL}te76=0XaN!t`$khH^6JbIT}1pcvLS$`S-
z_Jb8qOGhIl0>eZwAyd6sd89aY!fQJ$AmX!~&b4y(+31k(-#Q!|>K<?kCCY{Km!og3
z)psv$`13xtrJ$%OdbD5dylr>fFFir=f8dh5cl;y%@PrPA@oL-UB*<q<VX%gqOLh)j
zHLE^UDO2XLc~}w;i``$8y4qZ9Nu08s4H62hGZGx^KPG1AOix8IMF;0X43yX$-OTZ&
EV$dTDK>z>%

diff --git a/node-v21.7.1.tar.xz b/node-v21.7.1.tar.xz
deleted file mode 100644
index c1892cc..0000000
--- a/node-v21.7.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1272b6e129d564dbde17527b844210b971c20a70ae729268186b7cb9d990a64b
-size 42519836
diff --git a/node-v21.7.2.tar.xz b/node-v21.7.2.tar.xz
new file mode 100644
index 0000000..085c215
--- /dev/null
+++ b/node-v21.7.2.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b4b1e2a07e96f85f6ce34a2fbfea348691aefe5cb219aa6951e23ccc991f9e2f
+size 42378944
diff --git a/nodejs21.changes b/nodejs21.changes
index 6beb10f..f2dd57c 100644
--- a/nodejs21.changes
+++ b/nodejs21.changes
@@ -1,7 +1,16 @@
 -------------------------------------------------------------------
-Tue Apr  9 12:30:22 UTC 2024 - Adam Majer <adam.majer@suse.de>
+Tue Apr  9 14:13:21 UTC 2024 - Adam Majer <adam.majer@suse.de>
 
-- node-gyp-addon-gypi.patch: refreshed
+- Update to 21.7.2:
+  * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
+    leads to HTTP/2 server crash- (High) (bsc#1222244)
+  * CVE-2024-27982 - HTTP Request Smuggling via Content Length
+    Obfuscation- (Medium) (bsc#1222384)
+  * updated dependencies:
+    + llhttp version 9.2.1
+    + undici version 6.11.1 (bsc#1222530, CVE-2024-30260)
+
+- node-gyp-addon-gypi.patch: adapted for new unit test layouts
 
 -------------------------------------------------------------------
 Tue Apr  2 13:54:32 UTC 2024 - Adam Majer <adam.majer@suse.de>
diff --git a/nodejs21.spec b/nodejs21.spec
index 1ee62ad..96238a7 100644
--- a/nodejs21.spec
+++ b/nodejs21.spec
@@ -31,7 +31,7 @@
 %endif
 
 Name:           nodejs21
-Version:        21.7.1
+Version:        21.7.2
 Release:        0
 
 # Double DWZ memory limits
@@ -379,7 +379,7 @@ BuildRequires:  pkgconfig(libbrotlidec)
 %endif
 
 
-Provides:       bundled(llhttp) = 9.1.3
+Provides:       bundled(llhttp) = 9.2.1
 Provides:       bundled(ngtcp2) = 1.3.0
 Provides:       bundled(base64) = 0.5.2
 Provides:       bundled(simdutf) = 4.0.8
@@ -387,13 +387,12 @@ Provides:       bundled(simdjson) = 3.7.0
 # bundled url-ada parser, not ada
 Provides:       bundled(ada) = 2.7.6
 
-Provides:       bundled(node-@fastify/busboy) = 2.1.0
 Provides:       bundled(node-acorn) = 8.11.3
 Provides:       bundled(node-acorn-walk) = 8.3.2
 Provides:       bundled(node-cjs-module-lexer) = 1.2.2
 Provides:       bundled(node-corepack) = 0.25.2
 Provides:       bundled(node-minimatch) = 9.0.3
-Provides:       bundled(node-undici) = 6.6.2
+Provides:       bundled(node-undici) = 6.11.1
 
 %description
 Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js
@@ -668,39 +667,39 @@ tar Jxf %{SOURCE5}
 popd
 
 %if %{node_version_number} >= 19
-%patch308 -p1
+%patch -P 308 -p1
 %else
 %endif
 %endif
 
-%patch1 -p1
-%patch3 -p1
+%patch -P 1 -p1
+%patch -P 3 -p1
 %if %{node_version_number} <= 12 && 0%{?suse_version} < 1500
-%patch5 -p1
+%patch -P 5 -p1
 %endif
-%patch7 -p1
+%patch -P 7 -p1
 %if 0%{with valgrind_tests}
 %endif
-%patch13 -p1
-%patch100 -p1
-%patch101 -p1
+%patch -P 13 -p1
+%patch -P 100 -p1
+%patch -P 101 -p1
 %if 0%{?suse_version} >= 1500 || 0%{?suse_version} == 0
-%patch102 -p1
+%patch -P 102 -p1
 %endif
 # Add check_output to configure script (not part of Python 2.6 in SLE11).
 %if 0%{?suse_version} == 1110
 %endif
-%patch104 -p1
-%patch106 -p1
-%patch110 -p1
-%patch120 -p1
-%patch132 -p1
+%patch -P 104 -p1
+%patch -P 106 -p1
+%patch -P 110 -p1
+%patch -P 120 -p1
+%patch -P 132 -p1
 %if ! 0%{with openssl_RSA_get0_pss_params}
 %endif
-%patch200 -p1
+%patch -P 200 -p1
 
-%patch305 -p1
-%patch309 -p1
+%patch -P 305 -p1
+%patch -P 309 -p1
 
 %if %{node_version_number} == 12
 # minimist security update - patch50