diff --git a/0006-correct-some-errors-related-to-CVE-2025-23085.patch b/0006-correct-some-errors-related-to-CVE-2025-23085.patch new file mode 100644 index 0000000000000000000000000000000000000000..bf0245e98eb0808739a2fb7fefd1b64eadd79955 --- /dev/null +++ b/0006-correct-some-errors-related-to-CVE-2025-23085.patch @@ -0,0 +1,51 @@ +From eb3b118b51fa6c336ecfabf093cc0a54c62e9a63 Mon Sep 17 00:00:00 2001 +From: hanguanqiang +Date: Fri, 11 Apr 2025 09:04:09 +0800 +Subject: [PATCH] correct-some-errors-related-to-CVE-2025-23085 + +--- + src/node_http2.cc | 2 +- + test/parallel/test-http2-premature-close.js | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/node_http2.cc b/src/node_http2.cc +index 6365734..ac59ce9 100644 +--- a/src/node_http2.cc ++++ b/src/node_http2.cc +@@ -1048,7 +1048,7 @@ int Http2Session::OnFrameNotSent(nghttp2_session* handle, + // closed but the Http2Session will still be up causing a memory leak. + // Therefore, if the GOAWAY frame couldn't be send due to + // ERR_SESSION_CLOSING we should force close from our side. +- if (frame->hd.type != 0x03) { ++ if (frame->hd.type != NGHTTP2_GOAWAY) { + return 0; + } + } +diff --git a/test/parallel/test-http2-premature-close.js b/test/parallel/test-http2-premature-close.js +index a9b08f5..df30c42 100644 +--- a/test/parallel/test-http2-premature-close.js ++++ b/test/parallel/test-http2-premature-close.js +@@ -29,9 +29,9 @@ async function requestAndClose(server) { + // Send a valid HEADERS frame + const headersFrame = Buffer.concat([ + Buffer.from([ +- 0x00, 0x00, 0x0c, // Length: 12 bytes ++ 0x00, 0x00, 0x0e, // Length: 14 bytes + 0x01, // Type: HEADERS +- 0x05, // Flags: END_HEADERS + END_STREAM ++ 0x04, // Flags: END_HEADERS + (streamId >> 24) & 0xFF, // Stream ID: high byte + (streamId >> 16) & 0xFF, + (streamId >> 8) & 0xFF, +@@ -41,7 +41,7 @@ async function requestAndClose(server) { + 0x82, // Indexed Header Field Representation (Predefined ":method: GET") + 0x84, // Indexed Header Field Representation (Predefined ":path: /") + 0x86, // Indexed Header Field Representation (Predefined ":scheme: http") +- 0x44, 0x0a, // Custom ":authority: localhost" ++ 0x41, 0x09, // ":authority: localhost" Length: 9 bytes + 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, + ]), + ]); +-- +2.43.0 + diff --git a/nodejs.spec b/nodejs.spec index 75271f038332a06f3cdf46b3bba940962feee371..18da8f6b89eac42a21545e1e7e161103fb3711c3 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -1,5 +1,5 @@ %bcond_with bootstrap -%global baserelease 9 +%global baserelease 10 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} %global nodejs_epoch 1 %global nodejs_major 12 @@ -111,6 +111,7 @@ Patch00032: CVE-2024-22025.patch Patch00033: CVE-2024-27982.patch Patch00034: CVE-2024-27983.patch Patch00035: CVE-2025-23085.patch +Patch00036: 0006-correct-some-errors-related-to-CVE-2025-23085.patch BuildRequires: python3-devel BuildRequires: zlib-devel @@ -513,6 +514,9 @@ end %{_pkgdocdir}/npm/docs %changelog +* Fri Apr 11 2025 hanguanqiang - 1:12.22.11-10 +- correct error related to CVE-2025-23085 + * Thu Mar 06 2025 yaoxin <1024769339@qq.com> - 1:12.22.11-9 - Fix CVE-2025-23085