rpms/nodejs
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Properly apply the patch for CVE-2024-27982

Browse Source 
Resolves: RHEL-33015
This commit is contained in:
Jan Staněk 2024-05-07 10:55:38 +02:00
parent 8ceb521afe
commit f225ed2be1
No known key found for this signature in database
GPG Key ID: 2972F2037B243B6D
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nodejs.spec
View File

@ -30,7 +30,7 @@
# This is used by both the nodejs package and the npm subpackage that # This is used by both the nodejs package and the npm subpackage that
# has a separate version - the name is special so that rpmdev-bumpspec # has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end. # will bump this rather than adding .1 to the end.
%global baserelease 7 %global baserelease 8
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -195,6 +195,8 @@ Patch7: 0007-Add-nghttp2_option_set_max_continuations.patch
Patch8: 0008-zlib-pause-stream-if-outgoing-buffer-is-full.patch Patch8: 0008-zlib-pause-stream-if-outgoing-buffer-is-full.patch
# CVE-2024-25629 # CVE-2024-25629
Patch9: 0009-Address-CVE-2024-25629.patch Patch9: 0009-Address-CVE-2024-25629.patch
# CVE-2024-27982
Patch10: 0010-http-do-not-allow-OBS-fold-in-headers-by-default.patch
BuildRequires: make BuildRequires: make
BuildRequires: python3-devel BuildRequires: python3-devel
@ -735,6 +737,9 @@ end
%changelog %changelog
* Tue May 07 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-8
- Actually apply the patch for CVE-2024-27982
* Wed Apr 24 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-7 * Wed Apr 24 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-7
- Backport patch for CVE-2024-27982 - Backport patch for CVE-2024-27982