FIPS related options cause a segfault, let's end sooner
Upstream report: https://github.com/nodejs/node/pull/48950 RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2227796 This patch makes the part of the code that processes cmd-line options for FIPS to end sooner before the code gets to the problematic part of the code.
This commit is contained in:
parent
01be108fb0
commit
6d1f346cb0
20
nodejs-fips-disable-options.patch
Normal file
20
nodejs-fips-disable-options.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
FIPS related options cause a segfault, let's end sooner
|
||||||
|
|
||||||
|
Upstream report: https://github.com/nodejs/node/pull/48950
|
||||||
|
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2227796
|
||||||
|
|
||||||
|
This patch makes the part of the code that processes cmd-line options for
|
||||||
|
FIPS to end sooner before the code gets to the problematic part of the code.
|
||||||
|
|
||||||
|
diff -up node-v18.16.1/src/crypto/crypto_util.cc.origfips node-v18.16.1/src/crypto/crypto_util.cc
|
||||||
|
--- node-v18.16.1/src/crypto/crypto_util.cc.origfips 2023-07-31 12:09:46.603683081 +0200
|
||||||
|
+++ node-v18.16.1/src/crypto/crypto_util.cc 2023-07-31 12:16:16.906617914 +0200
|
||||||
|
@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
|
||||||
|
/* Override FIPS settings in configuration file, if needed. */
|
||||||
|
if (per_process::cli_options->enable_fips_crypto ||
|
||||||
|
per_process::cli_options->force_fips_crypto) {
|
||||||
|
+ fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
|
||||||
|
+ return false;
|
||||||
|
#if OPENSSL_VERSION_MAJOR >= 3
|
||||||
|
OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
|
||||||
|
if (fips_provider == nullptr)
|
@ -30,7 +30,7 @@
|
|||||||
# This is used by both the nodejs package and the npm subpackage that
|
# This is used by both the nodejs package and the npm subpackage that
|
||||||
# has a separate version - the name is special so that rpmdev-bumpspec
|
# has a separate version - the name is special so that rpmdev-bumpspec
|
||||||
# will bump this rather than adding .1 to the end.
|
# will bump this rather than adding .1 to the end.
|
||||||
%global baserelease 1
|
%global baserelease 2
|
||||||
|
|
||||||
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
||||||
|
|
||||||
@ -182,6 +182,7 @@ Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-
|
|||||||
|
|
||||||
# Disable running gyp on bundled deps we don't use
|
# Disable running gyp on bundled deps we don't use
|
||||||
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
||||||
|
Patch3: nodejs-fips-disable-options.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
@ -721,6 +722,10 @@ end
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 31 2023 Honza Horak <hhorak@redhat.com> - 1:16.20.1-2
|
||||||
|
- Fix segfault that happens when processing fips-related options
|
||||||
|
Resolves: BZ#2227796
|
||||||
|
|
||||||
* Thu Jul 13 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.1-1
|
* Thu Jul 13 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.1-1
|
||||||
- Rebase to 16.20.1
|
- Rebase to 16.20.1
|
||||||
Resolves: rhbz#2188291
|
Resolves: rhbz#2188291
|
||||||
|
Loading…
Reference in New Issue
Block a user