rpms
/
nodejs
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update bundled nghttp2 to 1.57.0 

Resolves: RHEL-12598
Fixes: CVE-2023-44487
This commit is contained in:
Jan Staněk 2023-10-12 14:19:59 +02:00 committed by Honza Horak
parent d1488301af
commit 05b1dd9f72
3 changed files with 5813 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
0001-Disable-running-gyp-on-shared-deps.patch
View File

@ -1,4 +1,4 @@
From 8a45f34d9d74d59879973210cf06f4383b9832b8 Mon Sep 17 00:00:00 2001
From 39f761838b5fc10af995642bd44e6bb4c79085f1 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Tue, 30 May 2023 13:12:35 +0200
Subject: [PATCH] Disable running gyp on shared deps
@ -9,7 +9,7 @@ Signed-off-by: rpm-build <rpm-build>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 6d6f2e4..88e1a11 100644
index ef3eda2..8b52a4f 100644
--- a/Makefile
+++ b/Makefile
@@ -148,7 +148,7 @@ with-code-cache test-code-cache:
@ -22,5 +22,5 @@ index 6d6f2e4..88e1a11 100644
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
$(PYTHON) tools/gyp_node.py -f make
--
2.40.1
2.41.0

5802
0003-deps-nghttp2-update-to-1.57.0.patch Normal file
View File

File diff suppressed because it is too large Load Diff

12
nodejs.spec
View File

@ -35,7 +35,7 @@
# This is used by both the nodejs package and the npm subpackage that
# has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end.
%global baserelease 3
%global baserelease 4
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -84,7 +84,7 @@
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
%global nghttp2_major 1
%global nghttp2_minor 47
%global nghttp2_minor 57
%global nghttp2_patch 0
%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
@ -203,7 +203,8 @@ Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-
# Disable running gyp on bundled deps we don't use
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
Patch2: nodejs-CVE-2024-22019.patch
Patch3: 0003-deps-nghttp2-update-to-1.57.0.patch
Patch4: nodejs-CVE-2024-22019.patch
BuildRequires: make
BuildRequires: python3-devel
@ -722,9 +723,12 @@ end
%changelog
* Tue Mar 05 2024 Honza Horak <hhorak@redhat.com> - 1:16.20.2-3
* Tue Mar 05 2024 Honza Horak <hhorak@redhat.com> - 1:16.20.2-4
- Fix CVE-2024-22019
* Thu Oct 12 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-3
- Update bundled nghttp2 to 1.57.0 (CVE-2023-44487)
* Fri Aug 18 2023 Dominik Rehák <drehak@redhat.com> - 1:16.20.2-1
- Rebase to 16.20.2
Resolves: rhbz#2231866