nodejs24/sources
tjuhasz dc3a5abd2a Update to version 24.18.0
Resolves: RHEL-183886
Resolves: RHEL-189398
Resolves: RHEL-189348
Resolves: RHEL-185997
Resolves: RHEL-185984
Resolves: RHEL-185978
Resolves: RHEL-183655

CVE fixes included in rebase:
CVE-2026-48618 - tls: normalize hostname for server identity checks
CVE-2026-48933 - crypto: guard WebCrypto cipher output length
CVE-2026-6734 -  undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
 Advisory: https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj
CVE-2026-9697 -  undici vulnerable to TLS certificate validation bypass via
dropped requestTls in SOCKS5 ProxyAgent
  Advisory: https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g
CVE-2026-12151 - undici WebSocket client vulnerable to denial of service via fragment count bypass
 Advisory: https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g
CVE-2026-42338 - ip-address: Cross-site scripting via improper HTML escaping of untrusted input

Also following CVEs with lower severity:
CVE-2026-48615, CVE-2026-48619, CVE-2026-48928, CVE-2026-48930, CVE-2026-48934
CVE-2026-48937, CVE-2026-48617, CVE-2026-48931, CVE-2026-48935

Drop downstream nghttp2 patch
2026-07-07 13:36:32 +02:00

5 lines
667 B
Plaintext

SHA512 (node-v24.18.0-stripped.tar.gz) = 53eddd27f3c4e748f00ff74f1a5116ef14f27b26f6886dbe614a556c11abdef4c85927895e844956dbf782bfc5f57497e38e4110aef6d8673cc5a730d7a476bb
SHA512 (icu4c-78.3-data-bin-b.zip) = 99e984f706423eccd14507c43d479a116a69ccbcf28af765d4dad7d6397eaa9be60208febf45efefc1932479c7b26d3246d2c08b20f99ad9b81512761726b5a4
SHA512 (icu4c-78.3-data-bin-l.zip) = 4f0f083fe62c35da76a150498e04230bc2dfba6c07f32781f5173c13c3e1237e4157fa312dabb69909f495b84334f1ef544244268efa667927b20350a1d3d455
SHA512 (packaging-scripts.tar.gz) = 09e566ddf0b9d613ec0714fc191f214473b36f636ebf08eaf333429bc4abac8dc9356fcc9292cf67e5900e327b1a21223ef552b27f0d01f92cf9fd8ed6edff36