From 076165d65d2d44b7edecedebeb0163d8458742a0 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 21 Sep 2021 14:58:10 +0000 Subject: [PATCH] import nodejs-14.17.5-1.module+el8.4.0+12247+e2879e58 --- .gitignore | 2 +- .nodejs.metadata | 2 +- .../0004-always-available-fips-options.patch | 624 ++++++++++++++++++ ...005-CVE-2021-23343-nodejs-path-parse.patch | 180 +++++ SPECS/nodejs.spec | 28 +- 5 files changed, 828 insertions(+), 8 deletions(-) create mode 100644 SOURCES/0004-always-available-fips-options.patch create mode 100644 SOURCES/0005-CVE-2021-23343-nodejs-path-parse.patch diff --git a/.gitignore b/.gitignore index 6d0e110..ef831e8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/icu4c-69_1-src.tgz -SOURCES/node-v14.17.3-stripped.tar.gz +SOURCES/node-v14.17.5-stripped.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 957a374..7f1e486 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,2 +1,2 @@ 620a71c84428758376baa0fb81a581c3daa866ce SOURCES/icu4c-69_1-src.tgz -03c817ff5bbebe21d120a2ddee9a87ff223914db SOURCES/node-v14.17.3-stripped.tar.gz +cdb2e0bdf9693d85a58d7b8576a4595618e0909e SOURCES/node-v14.17.5-stripped.tar.gz diff --git a/SOURCES/0004-always-available-fips-options.patch b/SOURCES/0004-always-available-fips-options.patch new file mode 100644 index 0000000..26d4853 --- /dev/null +++ b/SOURCES/0004-always-available-fips-options.patch @@ -0,0 +1,624 @@ +From 7c7f5159fcc71d915dfcc5f97ab18d5f8912f1b5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Tue, 25 Aug 2020 14:04:54 +0200 +Subject: [PATCH] crypto: make FIPS related options always awailable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There is no reason to hide FIPS functionality behind build flags. +OpenSSL always provide the information about FIPS availability via +`FIPS_mode()` function. + +This makes the user experience more consistent, because the OpenSSL +library is always queried and the `crypto.getFips()` always returns +OpenSSL settings. + +Fixes #34903 + +PR-URL: https://github.com/nodejs/node/pull/36341 +Reviewed-By: Anna Henningsen +Reviewed-By: Michael Dawson +Reviewed-By: Daniel Bevenius +Signed-off-by: Jan Staněk +Signed-off-by: rpm-build +--- + doc/api/cli.md | 8 +-- + lib/crypto.js | 22 ++---- + node.gypi | 3 - + src/node.cc | 6 +- + src/node_config.cc | 2 - + src/node_crypto.cc | 45 +++++++----- + src/node_options.cc | 2 - + src/node_options.h | 2 - + test/parallel/test-cli-node-print-help.js | 7 +- + test/parallel/test-crypto-fips.js | 71 +++++++++---------- + ...rocess-env-allowed-flags-are-documented.js | 11 +-- + 11 files changed, 74 insertions(+), 105 deletions(-) + +diff --git a/doc/api/cli.md b/doc/api/cli.md +index a8ef339..c41bd49 100644 +--- a/doc/api/cli.md ++++ b/doc/api/cli.md +@@ -182,8 +182,8 @@ code from strings throw an exception instead. This does not affect the Node.js + added: v6.0.0 + --> + +-Enable FIPS-compliant crypto at startup. (Requires Node.js to be built with +-`./configure --openssl-fips`.) ++Enable FIPS-compliant crypto at startup. (Requires Node.js to be built ++against FIPS-compatible OpenSSL.) + + ### `--enable-source-maps` + + + Load an OpenSSL configuration file on startup. Among other uses, this can be +-used to enable FIPS-compliant crypto if Node.js is built with +-`./configure --openssl-fips`. ++used to enable FIPS-compliant crypto if Node.js is built ++against FIPS-enabled OpenSSL. + + ### `--pending-deprecation` +