Update bundled nghttp2 to 1.57.0

Resolves: RHEL-12606
2023-10-12 14:19:59 +02:00 · 2023-10-12 14:19:59 +02:00 · 3cb8b0c43c
commit 3cb8b0c43c
parent d5f5f15a5c
4 changed files with 5826 additions and 14 deletions
--- a/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/0001-Disable-running-gyp-on-shared-deps.patch
@ -1,4 +1,4 @@
-From 8a45f34d9d74d59879973210cf06f4383b9832b8 Mon Sep 17 00:00:00 2001
+From 39f761838b5fc10af995642bd44e6bb4c79085f1 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Tue, 30 May 2023 13:12:35 +0200
 Subject: [PATCH] Disable running gyp on shared deps
@ -9,7 +9,7 @@ Signed-off-by: rpm-build <rpm-build>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/Makefile b/Makefile
-index 6d6f2e4..88e1a11 100644
+index ef3eda2..8b52a4f 100644
 --- a/Makefile
 +++ b/Makefile
@@ -148,7 +148,7 @@ with-code-cache test-code-cache:
@ -22,5 +22,5 @@ index 6d6f2e4..88e1a11 100644
 	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
 	$(PYTHON) tools/gyp_node.py -f make
 -- 
-2.40.1
+2.41.0
--- a/nodejs-fips-disable-options.patch
+++ b/nodejs-fips-disable-options.patch
@ -1,14 +1,17 @@
-FIPS related options cause a segfault, let's end sooner
+From b9370dcfba759c63e894f12abcf49699f1e8f0dc Mon Sep 17 00:00:00 2001
 From: Honza Horak <hhorak@redhat.com>
 Date: Thu, 12 Oct 2023 13:52:59 +0200
 Subject: [PATCH] disable fips options
-Upstream report: https://github.com/nodejs/node/pull/48950
+Signed-off-by: rpm-build <rpm-build>
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2227796
+---
 src/crypto/crypto_util.cc | 2 ++
 1 file changed, 2 insertions(+)
-This patch makes the part of the code that processes cmd-line options for
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
-FIPS to end sooner before the code gets to the problematic part of the code.
+index 59ae7f8..7343396 100644
-
+--- a/src/crypto/crypto_util.cc
-diff -up node-v18.16.1/src/crypto/crypto_util.cc.origfips node-v18.16.1/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
 --- node-v18.16.1/src/crypto/crypto_util.cc.origfips	2023-07-31 12:09:46.603683081 +0200
 +++ node-v18.16.1/src/crypto/crypto_util.cc	2023-07-31 12:16:16.906617914 +0200
@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
   /* Override FIPS settings in configuration file, if needed. */
   if (per_process::cli_options->enable_fips_crypto ||
@ -18,3 +21,6 @@ diff -up node-v18.16.1/src/crypto/crypto_util.cc.origfips node-v18.16.1/src/cryp
 #if OPENSSL_VERSION_MAJOR >= 3
     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
     if (fips_provider == nullptr)
 -- 
 2.41.0
--- a/0003-deps-nghttp2-update-to-1.57.0.patch
+++ b/0003-deps-nghttp2-update-to-1.57.0.patch
--- a/nodejs.spec
+++ b/nodejs.spec
@ -30,7 +30,7 @@
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 1
+%global baserelease 2
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -182,7 +182,8 @@ Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
-Patch3: nodejs-fips-disable-options.patch
+Patch2: 0002-disable-fips-options.patch
 Patch3: 0003-deps-nghttp2-update-to-1.57.0.patch
 BuildRequires: make
 BuildRequires: python3-devel
@ -722,6 +723,9 @@ end
 %changelog
 * Thu Oct 12 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-2
 - Update bundled nghttp2 to 1.57.0 (CVE-2023-44487)
 * Wed Aug 30 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.20.2-1
 - Rebase to 16.20.2
  Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559