Properly apply the patch for CVE-2024-27982

Resolves: RHEL-33015
2024-05-07 10:55:38 +02:00 · 2024-05-07 10:55:38 +02:00 · f225ed2be1
commit f225ed2be1
parent 8ceb521afe
1 changed files with 6 additions and 1 deletions
--- a/nodejs.spec
+++ b/nodejs.spec
@ -30,7 +30,7 @@
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 7
+%global baserelease 8

 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}

@ -195,6 +195,8 @@ Patch7: 0007-Add-nghttp2_option_set_max_continuations.patch
 Patch8: 0008-zlib-pause-stream-if-outgoing-buffer-is-full.patch
 # CVE-2024-25629
 Patch9: 0009-Address-CVE-2024-25629.patch
+# CVE-2024-27982
+Patch10: 0010-http-do-not-allow-OBS-fold-in-headers-by-default.patch

 BuildRequires: make
 BuildRequires: python3-devel
@ -735,6 +737,9 @@ end


 %changelog
+* Tue May 07 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-8
+- Actually apply the patch for CVE-2024-27982
+
 * Wed Apr 24 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-7
 - Backport patch for CVE-2024-27982