From c7ed62fc2e20f68fd29092f20f3dbd64901239b3 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 1 Feb 2022 15:11:21 -0500 Subject: [PATCH] import nodejs-14.18.2-2.module+el8.5.0+13644+8d46dafd --- .gitignore | 2 +- .nodejs.metadata | 2 +- ...-deps-ansi-regex-fix-potential-ReDoS.patch | 74 +++++++ ...-protect-against-prototype-pollution.patch | 73 +++++++ ...005-CVE-2021-23343-nodejs-path-parse.patch | 180 ------------------ SPECS/nodejs.spec | 51 +++-- 6 files changed, 180 insertions(+), 202 deletions(-) create mode 100644 SOURCES/0001-deps-ansi-regex-fix-potential-ReDoS.patch create mode 100644 SOURCES/0002-deps-json-schema-protect-against-prototype-pollution.patch delete mode 100644 SOURCES/0005-CVE-2021-23343-nodejs-path-parse.patch diff --git a/.gitignore b/.gitignore index ef831e8..f881379 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/icu4c-69_1-src.tgz -SOURCES/node-v14.17.5-stripped.tar.gz +SOURCES/node-v14.18.2-stripped.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 7f1e486..6dbf0a6 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,2 +1,2 @@ 620a71c84428758376baa0fb81a581c3daa866ce SOURCES/icu4c-69_1-src.tgz -cdb2e0bdf9693d85a58d7b8576a4595618e0909e SOURCES/node-v14.17.5-stripped.tar.gz +bba4efed29ee2e3e9078b955890d9b68f6750f6a SOURCES/node-v14.18.2-stripped.tar.gz diff --git a/SOURCES/0001-deps-ansi-regex-fix-potential-ReDoS.patch b/SOURCES/0001-deps-ansi-regex-fix-potential-ReDoS.patch new file mode 100644 index 0000000..b23946b --- /dev/null +++ b/SOURCES/0001-deps-ansi-regex-fix-potential-ReDoS.patch @@ -0,0 +1,74 @@ +From e040864f2797b9c705bac5862581d5f190510e04 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 9 Dec 2021 15:48:46 +0100 +Subject: [PATCH] deps(ansi-regex): fix potential ReDoS + +This is the upstream fix [1] applied to all applicable bundled deps. + +[1]: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 + +Fixes: CVE-2021-3807 +Signed-off-by: rpm-build +--- + deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js | 2 +- + .../node_modules/string-width/node_modules/ansi-regex/index.js | 2 +- + .../npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js | 2 +- + deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js b/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js +index c254480..9e37ec3 100644 +--- a/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js ++++ b/deps/npm/node_modules/cliui/node_modules/ansi-regex/index.js +@@ -6,7 +6,7 @@ module.exports = options => { + }, options); + + const pattern = [ +- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', ++ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', + '(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))' + ].join('|'); + +diff --git a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js +index c4aaecf..7d32201 100644 +--- a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js ++++ b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js +@@ -2,7 +2,7 @@ + + module.exports = () => { + const pattern = [ +- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\\u0007)', ++ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', + '(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))' + ].join('|'); + +diff --git a/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js b/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js +index c254480..9e37ec3 100644 +--- a/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js ++++ b/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js +@@ -6,7 +6,7 @@ module.exports = options => { + }, options); + + const pattern = [ +- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', ++ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', + '(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))' + ].join('|'); + +diff --git a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js +index c254480..9e37ec3 100644 +--- a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js ++++ b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js +@@ -6,7 +6,7 @@ module.exports = options => { + }, options); + + const pattern = [ +- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', ++ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', + '(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))' + ].join('|'); + +-- +2.33.1 + + diff --git a/SOURCES/0002-deps-json-schema-protect-against-prototype-pollution.patch b/SOURCES/0002-deps-json-schema-protect-against-prototype-pollution.patch new file mode 100644 index 0000000..2f0a58b --- /dev/null +++ b/SOURCES/0002-deps-json-schema-protect-against-prototype-pollution.patch @@ -0,0 +1,73 @@ +From 25661e4fc0e7c6a3d47bc189f886af76b1ecafa1 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 9 Dec 2021 13:01:08 +0100 +Subject: [PATCH] deps(json-schema): protect against prototype pollution + +Amalgamation of the following upstream patches: +https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 +https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a +https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa + +Fixes: CVE-2021-3918 +Signed-off-by: rpm-build +--- + .../node_modules/json-schema/lib/validate.js | 4 +-- + .../node_modules/json-schema/test/tests.js | 28 ++++++++++++++++++- + 2 files changed, 29 insertions(+), 3 deletions(-) + +diff --git a/deps/npm/node_modules/json-schema/lib/validate.js b/deps/npm/node_modules/json-schema/lib/validate.js +index 4b61088..d05ee86 100644 +--- a/deps/npm/node_modules/json-schema/lib/validate.js ++++ b/deps/npm/node_modules/json-schema/lib/validate.js +@@ -209,8 +209,8 @@ var validate = exports._validate = function(/*Any*/instance,/*Object*/schema,/*O + } + + for(var i in objTypeDef){ +- if(objTypeDef.hasOwnProperty(i)){ +- var value = instance[i]; ++ if(objTypeDef.hasOwnProperty(i) && i != '__proto__' && i != 'constructor'){ ++ var value = instance.hasOwnProperty(i) ? instance[i] : undefined; + // skip _not_ specified properties + if (value === undefined && options.existingOnly) continue; + var propDef = objTypeDef[i]; +diff --git a/deps/npm/node_modules/json-schema/test/tests.js b/deps/npm/node_modules/json-schema/test/tests.js +index 40eeda5..70f515a 100644 +--- a/deps/npm/node_modules/json-schema/test/tests.js ++++ b/deps/npm/node_modules/json-schema/test/tests.js +@@ -91,5 +91,31 @@ var suite = vows.describe('JSON Schema').addBatch({ + + 'Json-Ref self-validates': assertSelfValidates('json-ref'), + 'Json-Ref/Hyper': assertValidates('json-ref', 'hyper-schema'), +- 'Json-Ref/Core': assertValidates('json-ref', 'schema') ++ 'Json-Ref/Core': assertValidates('json-ref', 'schema'), ++ prototypePollution: function() { ++ console.log('testing') ++ const instance = JSON.parse(` ++ { ++ "$schema":{ ++ "type": "object", ++ "properties":{ ++ "__proto__": { ++ "type": "object", ++ ++ "properties":{ ++ "polluted": { ++ "type": "string", ++ "default": "polluted" ++ } ++ } ++ } ++ }, ++ "__proto__": {} ++ } ++ }`); ++ ++ const a = {}; ++ validate(instance); ++ assert.equal(a.polluted, undefined); ++ } + }).export(module); +-- +2.33.1 + + diff --git a/SOURCES/0005-CVE-2021-23343-nodejs-path-parse.patch b/SOURCES/0005-CVE-2021-23343-nodejs-path-parse.patch deleted file mode 100644 index 201721d..0000000 --- a/SOURCES/0005-CVE-2021-23343-nodejs-path-parse.patch +++ /dev/null @@ -1,180 +0,0 @@ -https://github.com/jbgutierrez/path-parse/pull/10 - -From 72c38e3a36b8ed2ec03960ac659aa114cbe6a420 Mon Sep 17 00:00:00 2001 -From: Jeffrey Pinyan -Date: Thu, 13 May 2021 10:53:50 -0400 -Subject: [PATCH 1/2] fixed regexes to avoid ReDoS attacks - -Signed-off-by: rpm-build ---- - deps/npm/node_modules/path-parse/index.js | 6 +++--- - deps/npm/node_modules/path-parse/redos.js | 20 ++++++++++++++++++++ - 2 files changed, 23 insertions(+), 3 deletions(-) - create mode 100644 deps/npm/node_modules/path-parse/redos.js - -diff --git a/deps/npm/node_modules/path-parse/index.js b/deps/npm/node_modules/path-parse/index.js -index 3b7601f..e6b2af1 100644 ---- a/deps/npm/node_modules/path-parse/index.js -+++ b/deps/npm/node_modules/path-parse/index.js -@@ -5,11 +5,11 @@ var isWindows = process.platform === 'win32'; - // Regex to split a windows path into three parts: [*, device, slash, - // tail] windows-only - var splitDeviceRe = -- /^([a-zA-Z]:|[\\\/]{2}[^\\\/]+[\\\/]+[^\\\/]+)?([\\\/])?([\s\S]*?)$/; -+ /^([a-zA-Z]:|[\\\/]{2}[^\\\/]+[\\\/]+[^\\\/]+)?([\\\/])?(.*)$/s; - - // Regex to split the tail part of the above into [*, dir, basename, ext] - var splitTailRe = -- /^([\s\S]*?)((?:\.{1,2}|[^\\\/]+?|)(\.[^.\/\\]*|))(?:[\\\/]*)$/; -+ /^((?:[^\\\/]*[\\\/])*)((?:\.{1,2}|[^\\\/]+?|)(\.[^.\/\\]*|))(?:[\\\/]*)$/; - - var win32 = {}; - -@@ -51,7 +51,7 @@ win32.parse = function(pathString) { - // Split a filename into [root, dir, basename, ext], unix version - // 'root' is just a slash, or nothing. - var splitPathRe = -- /^(\/?|)([\s\S]*?)((?:\.{1,2}|[^\/]+?|)(\.[^.\/]*|))(?:[\/]*)$/; -+ /^(\/?|)((?:[^\/]*\/)*)((?:\.{1,2}|[^\/]+?|)(\.[^.\/]*|))(?:[\/]*)$/; - var posix = {}; - - -diff --git a/deps/npm/node_modules/path-parse/redos.js b/deps/npm/node_modules/path-parse/redos.js -new file mode 100644 -index 0000000..261947f ---- /dev/null -+++ b/deps/npm/node_modules/path-parse/redos.js -@@ -0,0 +1,20 @@ -+var pathParse = require('.'); -+ -+function build_attack(n) { -+ var ret = "" -+ for (var i = 0; i < n; i++) { -+ ret += "/" -+ } -+ return ret + "◎"; -+} -+ -+for(var i = 1; i <= 5000000; i++) { -+ if (i % 10000 == 0) { -+ var time = Date.now(); -+ var attack_str = build_attack(i) -+ pathParse.posix(attack_str); -+ pathParse.win32(attack_str); -+ var time_cost = Date.now() - time; -+ console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms") -+ } -+} --- -2.31.1 - - -From 44d1c9cd047988bb819707c726d9640f8aabe04d Mon Sep 17 00:00:00 2001 -From: Jeffrey Pinyan -Date: Thu, 13 May 2021 11:51:45 -0400 -Subject: [PATCH 2/2] streamlined regexes, simplified parse() returns - -Signed-off-by: rpm-build ---- - deps/npm/node_modules/path-parse/index.js | 52 ++++++++--------------- - 1 file changed, 17 insertions(+), 35 deletions(-) - -diff --git a/deps/npm/node_modules/path-parse/index.js b/deps/npm/node_modules/path-parse/index.js -index e6b2af1..f062d0a 100644 ---- a/deps/npm/node_modules/path-parse/index.js -+++ b/deps/npm/node_modules/path-parse/index.js -@@ -2,29 +2,14 @@ - - var isWindows = process.platform === 'win32'; - --// Regex to split a windows path into three parts: [*, device, slash, --// tail] windows-only --var splitDeviceRe = -- /^([a-zA-Z]:|[\\\/]{2}[^\\\/]+[\\\/]+[^\\\/]+)?([\\\/])?(.*)$/s; -- --// Regex to split the tail part of the above into [*, dir, basename, ext] --var splitTailRe = -- /^((?:[^\\\/]*[\\\/])*)((?:\.{1,2}|[^\\\/]+?|)(\.[^.\/\\]*|))(?:[\\\/]*)$/; -+// Regex to split a windows path into into [dir, root, basename, name, ext] -+var splitWindowsRe = -+ /^(((?:[a-zA-Z]:|[\\\/]{2}[^\\\/]+[\\\/]+[^\\\/]+)?[\\\/]?)(?:[^\\\/]*[\\\/])*)((\.{1,2}|[^\\\/]+?|)(\.[^.\/\\]*|))[\\\/]*$/; - - var win32 = {}; - --// Function to split a filename into [root, dir, basename, ext] - function win32SplitPath(filename) { -- // Separate device+slash from tail -- var result = splitDeviceRe.exec(filename), -- device = (result[1] || '') + (result[2] || ''), -- tail = result[3] || ''; -- // Split the tail into dir, basename and extension -- var result2 = splitTailRe.exec(tail), -- dir = result2[1], -- basename = result2[2], -- ext = result2[3]; -- return [device, dir, basename, ext]; -+ return splitWindowsRe.exec(filename).slice(1); - } - - win32.parse = function(pathString) { -@@ -34,24 +19,24 @@ win32.parse = function(pathString) { - ); - } - var allParts = win32SplitPath(pathString); -- if (!allParts || allParts.length !== 4) { -+ if (!allParts || allParts.length !== 5) { - throw new TypeError("Invalid path '" + pathString + "'"); - } - return { -- root: allParts[0], -- dir: allParts[0] + allParts[1].slice(0, -1), -+ root: allParts[1], -+ dir: allParts[0] === allParts[1] ? allParts[0] : allParts[0].slice(0, -1), - base: allParts[2], -- ext: allParts[3], -- name: allParts[2].slice(0, allParts[2].length - allParts[3].length) -+ ext: allParts[4], -+ name: allParts[3] - }; - }; - - - --// Split a filename into [root, dir, basename, ext], unix version -+// Split a filename into [dir, root, basename, name, ext], unix version - // 'root' is just a slash, or nothing. - var splitPathRe = -- /^(\/?|)((?:[^\/]*\/)*)((?:\.{1,2}|[^\/]+?|)(\.[^.\/]*|))(?:[\/]*)$/; -+ /^((\/?)(?:[^\/]*\/)*)((\.{1,2}|[^\/]+?|)(\.[^.\/]*|))[\/]*$/; - var posix = {}; - - -@@ -67,19 +52,16 @@ posix.parse = function(pathString) { - ); - } - var allParts = posixSplitPath(pathString); -- if (!allParts || allParts.length !== 4) { -+ if (!allParts || allParts.length !== 5) { - throw new TypeError("Invalid path '" + pathString + "'"); - } -- allParts[1] = allParts[1] || ''; -- allParts[2] = allParts[2] || ''; -- allParts[3] = allParts[3] || ''; -- -+ - return { -- root: allParts[0], -- dir: allParts[0] + allParts[1].slice(0, -1), -+ root: allParts[1], -+ dir: allParts[0].slice(0, -1), - base: allParts[2], -- ext: allParts[3], -- name: allParts[2].slice(0, allParts[2].length - allParts[3].length) -+ ext: allParts[4], -+ name: allParts[3], - }; - }; - --- -2.31.1 - diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 2d55f11..7acefba 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -15,7 +15,7 @@ # This is used by both the nodejs package and the npm subpackage thar # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. -%global baserelease 1 +%global baserelease 2 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -26,8 +26,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 14 -%global nodejs_minor 17 -%global nodejs_patch 5 +%global nodejs_minor 18 +%global nodejs_patch 2 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} %if %{?with_libs} == 1 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h @@ -54,19 +54,19 @@ # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 %global c_ares_major 1 -%global c_ares_minor 17 -%global c_ares_patch 2 +%global c_ares_minor 18 +%global c_ares_patch 1 %global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch} # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_major 2 %global llhttp_minor 1 -%global llhttp_patch 3 +%global llhttp_patch 4 %global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch} # libuv - from deps/uv/include/uv/version.h %global libuv_major 1 -%global libuv_minor 41 +%global libuv_minor 42 %global libuv_patch 0 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch} @@ -110,7 +110,7 @@ %global npm_epoch 1 %global npm_major 6 %global npm_minor 14 -%global npm_patch 14 +%global npm_patch 15 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} # uvwasi - from deps/uvwasi/include/uvwasi.h @@ -169,7 +169,8 @@ Patch2: 0002-Install-both-binaries-and-use-libdir.patch # https://github.com/nodejs/node/issues/34903 Patch3: 0004-always-available-fips-options.patch -Patch4: 0005-CVE-2021-23343-nodejs-path-parse.patch +Patch4: 0001-deps-ansi-regex-fix-potential-ReDoS.patch +Patch5: 0002-deps-json-schema-protect-against-prototype-pollution.patch BuildRequires: make BuildRequires: python3-devel @@ -395,7 +396,6 @@ rm -rf deps/brotli pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js") find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \; find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \; -sed -i "s~python~python3~" $(find . -type f | grep "gyp$") sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_unittest.py find . -type f -exec sed -i "s~python -c~python3 -c~" {} \; @@ -411,6 +411,7 @@ find . -type f -exec sed -i "s~python -c~python3 -c~" {} \; export CC='gcc' export CXX='g++' +%{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}} # build with debugging symbols and add defines from libuv (#892601) # Node's v8 breaks with GCC 6 because of incorrect usage of methods on @@ -828,27 +829,36 @@ end %changelog +* Mon Dec 13 2021 Zuzana Svetlikova - 1:14.18.2-2 +- Add missing fixes +- Resolves: RHBZ#2027642, RHBZ#2027635 + +* Wed Dec 01 2021 Zuzana Svetlikova - 1:14.18.2-1 +- Resolves: RHBZ#2027609 +- Resolves: RHBZ#2027649, RHBZ#2027646, RHBZ#2027642, RHBZ#2027635 +- Rebase to new version to fix CVEs + * Tue Aug 17 2021 Zuzana Svetlikova - 1:14.17.5-1 - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves RHBZ#1847529 (make FIPS always available) -- Resolves: RHBZ#1988599, RHBZ#1994000, RHBZ#1993998, RHBZ#1993095 -- Resolves: RHBZ#1994028, RHBZ#1994402, RHBZ#1994406, RHBZ#1994398 -- Resolves: RHBZ#1993924 (make FIPS always available) +- Resolves: RHBZ#1988600, RHBZ#1993815, RHBZ#1993809, RHBZ#1993096 +- Resolves: RHBZ#1986743, RHBZ#1993947, RHBZ#1993940, RHBZ#1989427 +- Resolves: RHBZ#1951620 (make FIPS always available) * Mon Aug 09 2021 Zuzana Svetlikova - 1:14.17.3-3 -- Resolves: RHBZ#1991584, RHBZ#1991578 +- Resolves: RHBZ#1945513, RHBZ#1945287 - Resolves CVE-2021-23362 CVE-2021-27290 - Bump for missing mentions of CVEs * Thu Jul 08 2021 Zuzana Svetlikova - 1:14.17.3-2 -- Resolves: RHBZ#1980032, RHBZ#1978203 -- Resolves RHBZ#1842826 +- Resolves: RHBZ#1979844, RHBZ#1977829 +- Resolves: RHBZ#1842826 - Don't use patch3 * Thu Jul 08 2021 Zuzana Svetlikova - 1:14.17.3-1 -- Resolves: RHBZ#1980032, RHBZ#1978203 -- Resolves RHBZ#1842826 +- Resolves: RHBZ#1979844, RHBZ#1977829 +- Resolves: RHBZ#1842826 - Resolves CVE-2021-22918(libuv), use system cipher list * Wed Mar 10 2021 Zuzana Svetlikova - 1:14.16.0-3 @@ -856,11 +866,12 @@ end - Always build with systemtap * Mon Mar 01 2021 Zuzana Svetlikova - 1:14.16.0-2 -- Resolves: RHBZ#1930775 +- Resolves RHBZ#1930775 - remove --debug-nghttp2 option * Mon Mar 01 2021 Zuzana Svetlikova - 1:14.16.0-1 -- Resolves: RHBZ#1932318, RHBZ#1932366 +- Resolves CVE-2021-22883 CVE-2021-22884 +- Resolves: RHBZ#1934566, RHBZ#1934599 - Rebase, remove ini patch * Tue Jan 26 2021 Zuzana Svetlikova - 1:14.15.4-2