diff --git a/nodejs.spec b/nodejs.spec index c59562f..e54797c 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -30,7 +30,7 @@ # This is used by both the nodejs package and the npm subpackage that # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. -%global baserelease 7 +%global baserelease 8 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -195,6 +195,8 @@ Patch7: 0007-Add-nghttp2_option_set_max_continuations.patch Patch8: 0008-zlib-pause-stream-if-outgoing-buffer-is-full.patch # CVE-2024-25629 Patch9: 0009-Address-CVE-2024-25629.patch +# CVE-2024-27982 +Patch10: 0010-http-do-not-allow-OBS-fold-in-headers-by-default.patch BuildRequires: make BuildRequires: python3-devel @@ -735,6 +737,9 @@ end %changelog +* Tue May 07 2024 Jan Staněk - 1:16.20.2-8 +- Actually apply the patch for CVE-2024-27982 + * Wed Apr 24 2024 Jan Staněk - 1:16.20.2-7 - Backport patch for CVE-2024-27982