Compare commits
No commits in common. "c8-stream-16" and "c8-stream-12" have entirely different histories.
c8-stream-
...
c8-stream-
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/nodemon-v3.0.1-bundled.tar.gz
|
SOURCES/nodemon-v2.0.3-bundled.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
c100f2de26d7386dcfd7609445d9a01cd23e3a58 SOURCES/nodemon-v3.0.1-bundled.tar.gz
|
a515df94af26b438ffbf4d914259f16a03cc7c15 SOURCES/nodemon-v2.0.3-bundled.tar.gz
|
||||||
|
@ -1,63 +0,0 @@
|
|||||||
From 62287c7af3aabd73db9bd1057c4c6cfcb5f3f67b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Takayuki Sato <sttk.xslet@gmail.com>
|
|
||||||
Date: Tue, 20 Jul 2021 14:46:33 +0900
|
|
||||||
Subject: [PATCH] deps(glob-parent): Resolve ReDoS vulnerability from
|
|
||||||
CVE-2021-35065 (#49)
|
|
||||||
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
node_modules/glob-parent/index.js | 27 +++++++++++++++++++++++++--
|
|
||||||
1 file changed, 25 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/node_modules/glob-parent/index.js b/node_modules/glob-parent/index.js
|
|
||||||
index 09e257e..b182190 100644
|
|
||||||
--- a/node_modules/glob-parent/index.js
|
|
||||||
+++ b/node_modules/glob-parent/index.js
|
|
||||||
@@ -6,7 +6,6 @@ var isWin32 = require('os').platform() === 'win32';
|
|
||||||
|
|
||||||
var slash = '/';
|
|
||||||
var backslash = /\\/g;
|
|
||||||
-var enclosure = /[\{\[].*[\}\]]$/;
|
|
||||||
var globby = /(^|[^\\])([\{\[]|\([^\)]+$)/;
|
|
||||||
var escaped = /\\([\!\*\?\|\[\]\(\)\{\}])/g;
|
|
||||||
|
|
||||||
@@ -25,7 +24,7 @@ module.exports = function globParent(str, opts) {
|
|
||||||
}
|
|
||||||
|
|
||||||
// special case for strings ending in enclosure containing path separator
|
|
||||||
- if (enclosure.test(str)) {
|
|
||||||
+ if (isEnclosure(str)) {
|
|
||||||
str += slash;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -40,3 +39,27 @@ module.exports = function globParent(str, opts) {
|
|
||||||
// remove escape chars and return result
|
|
||||||
return str.replace(escaped, '$1');
|
|
||||||
};
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+function isEnclosure(str) {
|
|
||||||
+ var lastChar = str.slice(-1)
|
|
||||||
+
|
|
||||||
+ var enclosureStart;
|
|
||||||
+ switch (lastChar) {
|
|
||||||
+ case '}':
|
|
||||||
+ enclosureStart = '{';
|
|
||||||
+ break;
|
|
||||||
+ case ']':
|
|
||||||
+ enclosureStart = '[';
|
|
||||||
+ break;
|
|
||||||
+ default:
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ var foundIndex = str.indexOf(enclosureStart);
|
|
||||||
+ if (foundIndex < 0) {
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return str.slice(foundIndex + 1, -1).includes(slash);
|
|
||||||
+}
|
|
||||||
--
|
|
||||||
2.39.2
|
|
||||||
|
|
@ -5,15 +5,13 @@
|
|||||||
%global enable_tests 0
|
%global enable_tests 0
|
||||||
|
|
||||||
Name: nodejs-%{npm_name}
|
Name: nodejs-%{npm_name}
|
||||||
Version: 3.0.1
|
Version: 2.0.3
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Simple monitor script for use during development of a node.js app
|
Summary: Simple monitor script for use during development of a node.js app
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: https://www.npmjs.com/package/nodemon
|
URL: https://github.com/remy/nodemon
|
||||||
Source0: %{npm_name}-v%{version}-bundled.tar.gz
|
Source0: %{npm_name}-v%{version}-bundled.tar.gz
|
||||||
|
|
||||||
Patch1: 0001-deps-glob-parent-Resolve-ReDoS-vulnerability-from-CV.patch
|
|
||||||
|
|
||||||
BuildRequires: nodejs-devel
|
BuildRequires: nodejs-devel
|
||||||
BuildRequires: nodejs-packaging
|
BuildRequires: nodejs-packaging
|
||||||
BuildRequires: npm
|
BuildRequires: npm
|
||||||
@ -49,7 +47,7 @@ replacement wrapper for node, think of it as replacing the word "node"
|
|||||||
on the command line when you run your script.
|
on the command line when you run your script.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p1 -n package
|
%setup -q -n %{npm_name}-%{version}
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -58,11 +56,14 @@ on the command line when you run your script.
|
|||||||
|
|
||||||
%install
|
%install
|
||||||
mkdir -p %{buildroot}%{nodejs_sitelib}/%{npm_name}
|
mkdir -p %{buildroot}%{nodejs_sitelib}/%{npm_name}
|
||||||
cp -pr doc bin lib package.json node_modules %{buildroot}%{nodejs_sitelib}/%{npm_name}
|
cp -pr doc bin lib package.json website node_modules %{buildroot}%{nodejs_sitelib}/%{npm_name}
|
||||||
|
|
||||||
mkdir -p %{buildroot}%{_bindir}
|
mkdir -p %{buildroot}%{_bindir}
|
||||||
ln -sf %{nodejs_sitelib}/%{npm_name}/bin/nodemon.js %{buildroot}%{_bindir}/nodemon
|
ln -sf %{nodejs_sitelib}/%{npm_name}/bin/nodemon.js %{buildroot}%{_bindir}/nodemon
|
||||||
|
|
||||||
|
|
||||||
|
#%%nodejs_symlink_deps
|
||||||
|
|
||||||
%if 0%{?enable_tests}
|
%if 0%{?enable_tests}
|
||||||
%check
|
%check
|
||||||
%nodejs_symlink_deps --check
|
%nodejs_symlink_deps --check
|
||||||
@ -70,50 +71,14 @@ npm run test
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%doc doc README.md
|
%doc CODE_OF_CONDUCT.md doc faq.md README.md
|
||||||
%{nodejs_sitelib}/%{npm_name}
|
%{nodejs_sitelib}/%{npm_name}
|
||||||
%{_bindir}/nodemon
|
%{_bindir}/nodemon
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Aug 18 2023 Dominik Rehák <drehak@redhat.com> - 3.0.1-1
|
|
||||||
- Rebase to 3.0.1
|
|
||||||
Resolves: CVE-2022-25883
|
|
||||||
|
|
||||||
* Mon Feb 27 2023 Jan Staněk <jstanek@redhat.com> - 2.0.20-3
|
|
||||||
- Patch bundled glob-parent
|
|
||||||
Resolves: CVE-2021-35065
|
|
||||||
|
|
||||||
* Fri Dec 02 2022 Jan Staněk <jstanek@redhat.com> - 2.0.20-1
|
|
||||||
- Record CVE fixed in the current or previous upstream versions
|
|
||||||
Resolves: CVE-2021-44906
|
|
||||||
|
|
||||||
* Wed Nov 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.20-1
|
|
||||||
- Rebase to 2.0.20
|
|
||||||
- Resolves: CVE-2022-3517
|
|
||||||
- Resolves: #2135491
|
|
||||||
|
|
||||||
* Wed Aug 03 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.19-2
|
|
||||||
- Switched from autosetup
|
|
||||||
- Removed CODE_OF_CONDUCT.md and faq.md which is not present in npmjs package, might switch to GH sources in the future
|
|
||||||
- Resolves: RHBZ#2108141
|
|
||||||
|
|
||||||
* Mon Jul 25 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.19-1
|
|
||||||
- Rebase to 2.0.19
|
|
||||||
- Resolves CVE-2022-33987
|
|
||||||
- Resolves: RHBZ#2108141
|
|
||||||
|
|
||||||
* Tue Nov 30 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.15-1
|
|
||||||
- Resolves: RHBZ#2005419
|
|
||||||
- Resolves CVE-2020-28469
|
|
||||||
- Rebase to newest version
|
|
||||||
- Change source to npmjs.com
|
|
||||||
|
|
||||||
* Tue May 11 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.7-1
|
|
||||||
- Resolves: RHBZ#1953991
|
|
||||||
- Update to 2.0.7 to resolve CVE-2020-28469
|
|
||||||
|
|
||||||
* Wed May 06 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.3-1
|
* Wed May 06 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.3-1
|
||||||
- Updated
|
- Resolves: RHBZ#1920692, RHBZ#1804236, RHBZ#1803247
|
||||||
|
- Rebase to 2.0.3
|
||||||
|
|
||||||
* Mon Aug 13 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.18.3-1
|
* Mon Aug 13 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.18.3-1
|
||||||
- Resolves: #1615413
|
- Resolves: #1615413
|
||||||
|
Loading…
Reference in New Issue
Block a user