From d740a4fbe35703b2bfae0c47b3a2fb80594f3fa1 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Tue, 20 May 2025 16:58:37 +0800 Subject: [PATCH] Fix CVE-2025-23165 and CVE-2025-23166 (cherry picked from commit c17bbb0ea2eefbf0caa93a961e2e9885284d2293) --- CVE-2025-23165.patch | 38 +++ CVE-2025-23166.patch | 544 +++++++++++++++++++++++++++++++++++++++++++ nodejs.spec | 7 +- 3 files changed, 588 insertions(+), 1 deletion(-) create mode 100644 CVE-2025-23165.patch create mode 100644 CVE-2025-23166.patch diff --git a/CVE-2025-23165.patch b/CVE-2025-23165.patch new file mode 100644 index 0000000..510a520 --- /dev/null +++ b/CVE-2025-23165.patch @@ -0,0 +1,38 @@ +From 9e13bf0a81e15c7b3a9f1826dccbcea991d7e63a Mon Sep 17 00:00:00 2001 +From: Justin Nietzel +Date: Wed, 9 Apr 2025 16:51:27 -0400 +Subject: [PATCH] fs: add missing call to uv_fs_req_cleanup + +Always call uv_fs_req_cleanup after calling uv_fs_open instead of just +when uv_fs_open returns a negative result. I referenced ReadFileSync +from node:js2c when making this change. + +https://github.com/bnoordhuis made the same suggestion based on the +PR https://github.com/nodejs/node/pull/49691. + +Fixes: https://github.com/nodejs/node/issues/57800 +PR-URL: https://github.com/nodejs/node/pull/57811 +Reviewed-By: Matteo Collina +Reviewed-By: James M Snell +CVE-ID: CVE-2025-23165 + +Origin: https://github.com/nodejs/node/commit/9e13bf0a81e15c7b3a9f1826dccbcea991d7e63a +--- + src/node_file.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/node_file.cc b/src/node_file.cc +index 39a70311f4ad21..bba27a4a901594 100644 +--- a/src/node_file.cc ++++ b/src/node_file.cc +@@ -2615,9 +2615,9 @@ static void ReadFileUtf8(const FunctionCallbackInfo& args) { + FS_SYNC_TRACE_END(open); + if (req.result < 0) { + uv_fs_req_cleanup(&req); +- // req will be cleaned up by scope leave. + return env->ThrowUVException(req.result, "open", nullptr, path.out()); + } ++ uv_fs_req_cleanup(&req); + } + + auto defer_close = OnScopeLeave([file, is_fd, &req]() { diff --git a/CVE-2025-23166.patch b/CVE-2025-23166.patch new file mode 100644 index 0000000..c6b4d3b --- /dev/null +++ b/CVE-2025-23166.patch @@ -0,0 +1,544 @@ +From 6c57465920cf1b981a63031e71b1e4a73bf9beaa Mon Sep 17 00:00:00 2001 +From: RafaelGSS +Date: Mon, 12 May 2025 12:33:54 -0300 +Subject: [PATCH] src: fix error handling on async crypto operations +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes: https://hackerone.com/reports/2817648 +Co-Authored-By: Filip Skokan +Co-Authored-By: Tobias Nießen +Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/688 +CVE-ID: CVE-2025-23166 +PR-URL: https://github.com/nodejs-private/node-private/pull/710 + +Origin: https://github.com/nodejs/node/commit/6c57465920cf1b981a63031e71b1e4a73bf9beaa +--- + src/crypto/crypto_dh.cc | 8 +++--- + src/crypto/crypto_dh.h | 8 +++--- + src/crypto/crypto_ec.cc | 3 +- + src/crypto/crypto_ec.h | 8 +++--- + src/crypto/crypto_hash.cc | 8 +++--- + src/crypto/crypto_hash.h | 8 +++--- + src/crypto/crypto_hkdf.cc | 8 +++--- + src/crypto/crypto_hkdf.h | 8 +++--- + src/crypto/crypto_hmac.cc | 8 +++--- + src/crypto/crypto_hmac.h | 8 +++--- + src/crypto/crypto_pbkdf2.cc | 8 +++--- + src/crypto/crypto_pbkdf2.h | 8 +++--- + src/crypto/crypto_random.cc | 20 ++++++------- + src/crypto/crypto_random.h | 19 +++++++------ + src/crypto/crypto_scrypt.cc | 8 +++--- + src/crypto/crypto_scrypt.h | 8 +++--- + src/crypto/crypto_sig.cc | 28 +++++++++++-------- + src/crypto/crypto_sig.h | 8 +++--- + src/crypto/crypto_util.h | 3 +- + .../parallel/test-crypto-async-sign-verify.js | 26 +++++++++++++++++ + 20 files changed, 122 insertions(+), 89 deletions(-) + +diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc +index dac37f52b9687c..5d26faa578b5f0 100644 +--- a/src/crypto/crypto_dh.cc ++++ b/src/crypto/crypto_dh.cc +@@ -705,10 +705,10 @@ Maybe DHBitsTraits::EncodeOutput( + return Just(!result->IsEmpty()); + } + +-bool DHBitsTraits::DeriveBits( +- Environment* env, +- const DHBitsConfig& params, +- ByteSource* out) { ++bool DHBitsTraits::DeriveBits(Environment* env, ++ const DHBitsConfig& params, ++ ByteSource* out, ++ CryptoJobMode mode) { + *out = StatelessDiffieHellmanThreadsafe( + params.private_key->GetAsymmetricKey(), + params.public_key->GetAsymmetricKey()); +diff --git a/src/crypto/crypto_dh.h b/src/crypto/crypto_dh.h +index ec12548dbe57d5..f7c4b675725412 100644 +--- a/src/crypto/crypto_dh.h ++++ b/src/crypto/crypto_dh.h +@@ -131,10 +131,10 @@ struct DHBitsTraits final { + unsigned int offset, + DHBitsConfig* params); + +- static bool DeriveBits( +- Environment* env, +- const DHBitsConfig& params, +- ByteSource* out_); ++ static bool DeriveBits(Environment* env, ++ const DHBitsConfig& params, ++ ByteSource* out_, ++ CryptoJobMode mode); + + static v8::Maybe EncodeOutput( + Environment* env, +diff --git a/src/crypto/crypto_ec.cc b/src/crypto/crypto_ec.cc +index e8653c7db88590..4484c22265695d 100644 +--- a/src/crypto/crypto_ec.cc ++++ b/src/crypto/crypto_ec.cc +@@ -480,7 +480,8 @@ Maybe ECDHBitsTraits::AdditionalConfig( + + bool ECDHBitsTraits::DeriveBits(Environment* env, + const ECDHBitsConfig& params, +- ByteSource* out) { ++ ByteSource* out, ++ CryptoJobMode mode) { + size_t len = 0; + ManagedEVPPKey m_privkey = params.private_->GetAsymmetricKey(); + ManagedEVPPKey m_pubkey = params.public_->GetAsymmetricKey(); +diff --git a/src/crypto/crypto_ec.h b/src/crypto/crypto_ec.h +index adeef8e3a3a92d..d5e180d1e34427 100644 +--- a/src/crypto/crypto_ec.h ++++ b/src/crypto/crypto_ec.h +@@ -77,10 +77,10 @@ struct ECDHBitsTraits final { + unsigned int offset, + ECDHBitsConfig* params); + +- static bool DeriveBits( +- Environment* env, +- const ECDHBitsConfig& params, +- ByteSource* out_); ++ static bool DeriveBits(Environment* env, ++ const ECDHBitsConfig& params, ++ ByteSource* out_, ++ CryptoJobMode mode); + + static v8::Maybe EncodeOutput( + Environment* env, +diff --git a/src/crypto/crypto_hash.cc b/src/crypto/crypto_hash.cc +index 09ed200299646a..da301e433159f8 100644 +--- a/src/crypto/crypto_hash.cc ++++ b/src/crypto/crypto_hash.cc +@@ -501,10 +501,10 @@ Maybe HashTraits::AdditionalConfig( + return Just(true); + } + +-bool HashTraits::DeriveBits( +- Environment* env, +- const HashConfig& params, +- ByteSource* out) { ++bool HashTraits::DeriveBits(Environment* env, ++ const HashConfig& params, ++ ByteSource* out, ++ CryptoJobMode mode) { + EVPMDCtxPointer ctx(EVP_MD_CTX_new()); + + if (UNLIKELY(!ctx || +diff --git a/src/crypto/crypto_hash.h b/src/crypto/crypto_hash.h +index 07e3a2ae4635b8..0ea2114fc81a38 100644 +--- a/src/crypto/crypto_hash.h ++++ b/src/crypto/crypto_hash.h +@@ -70,10 +70,10 @@ struct HashTraits final { + unsigned int offset, + HashConfig* params); + +- static bool DeriveBits( +- Environment* env, +- const HashConfig& params, +- ByteSource* out); ++ static bool DeriveBits(Environment* env, ++ const HashConfig& params, ++ ByteSource* out, ++ CryptoJobMode mode); + + static v8::Maybe EncodeOutput( + Environment* env, +diff --git a/src/crypto/crypto_hkdf.cc b/src/crypto/crypto_hkdf.cc +index 0dd9b42473ca73..526be1d064a7ec 100644 +--- a/src/crypto/crypto_hkdf.cc ++++ b/src/crypto/crypto_hkdf.cc +@@ -100,10 +100,10 @@ Maybe HKDFTraits::AdditionalConfig( + return Just(true); + } + +-bool HKDFTraits::DeriveBits( +- Environment* env, +- const HKDFConfig& params, +- ByteSource* out) { ++bool HKDFTraits::DeriveBits(Environment* env, ++ const HKDFConfig& params, ++ ByteSource* out, ++ CryptoJobMode mode) { + EVPKeyCtxPointer ctx = + EVPKeyCtxPointer(EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr)); + if (!ctx || !EVP_PKEY_derive_init(ctx.get()) || +diff --git a/src/crypto/crypto_hkdf.h b/src/crypto/crypto_hkdf.h +index c4a537cef8a792..acd2b670a8c8e7 100644 +--- a/src/crypto/crypto_hkdf.h ++++ b/src/crypto/crypto_hkdf.h +@@ -42,10 +42,10 @@ struct HKDFTraits final { + unsigned int offset, + HKDFConfig* params); + +- static bool DeriveBits( +- Environment* env, +- const HKDFConfig& params, +- ByteSource* out); ++ static bool DeriveBits(Environment* env, ++ const HKDFConfig& params, ++ ByteSource* out, ++ CryptoJobMode mode); + + static v8::Maybe EncodeOutput( + Environment* env, +diff --git a/src/crypto/crypto_hmac.cc b/src/crypto/crypto_hmac.cc +index 86315374fdf71c..0b42a662385867 100644 +--- a/src/crypto/crypto_hmac.cc ++++ b/src/crypto/crypto_hmac.cc +@@ -220,10 +220,10 @@ Maybe HmacTraits::AdditionalConfig( + return Just(true); + } + +-bool HmacTraits::DeriveBits( +- Environment* env, +- const HmacConfig& params, +- ByteSource* out) { ++bool HmacTraits::DeriveBits(Environment* env, ++ const HmacConfig& params, ++ ByteSource* out, ++ CryptoJobMode mode) { + HMACCtxPointer ctx(HMAC_CTX_new()); + + if (!ctx || +diff --git a/src/crypto/crypto_hmac.h b/src/crypto/crypto_hmac.h +index c80cc36f11dddc..dd490f05ec2a80 100644 +--- a/src/crypto/crypto_hmac.h ++++ b/src/crypto/crypto_hmac.h +@@ -73,10 +73,10 @@ struct HmacTraits final { + unsigned int offset, + HmacConfig* params); + +- static bool DeriveBits( +- Environment* env, +- const HmacConfig& params, +- ByteSource* out); ++ static bool DeriveBits(Environment* env, ++ const HmacConfig& params, ++ ByteSource* out, ++ CryptoJobMode mode); + + static v8::Maybe EncodeOutput( + Environment* env, +diff --git a/src/crypto/crypto_pbkdf2.cc b/src/crypto/crypto_pbkdf2.cc +index 963d0db6c62a45..f6d37dadcdf707 100644 +--- a/src/crypto/crypto_pbkdf2.cc ++++ b/src/crypto/crypto_pbkdf2.cc +@@ -111,10 +111,10 @@ Maybe PBKDF2Traits::AdditionalConfig( + return Just(true); + } + +-bool PBKDF2Traits::DeriveBits( +- Environment* env, +- const PBKDF2Config& params, +- ByteSource* out) { ++bool PBKDF2Traits::DeriveBits(Environment* env, ++ const PBKDF2Config& params, ++ ByteSource* out, ++ CryptoJobMode mode) { + ByteSource::Builder buf(params.length); + + // Both pass and salt may be zero length here. +diff --git a/src/crypto/crypto_pbkdf2.h b/src/crypto/crypto_pbkdf2.h +index 6fda7cd3101002..11ffad784db59b 100644 +--- a/src/crypto/crypto_pbkdf2.h ++++ b/src/crypto/crypto_pbkdf2.h +@@ -55,10 +55,10 @@ struct PBKDF2Traits final { + unsigned int offset, + PBKDF2Config* params); + +- static bool DeriveBits( +- Environment* env, +- const PBKDF2Config& params, +- ByteSource* out); ++ static bool DeriveBits(Environment* env, ++ const PBKDF2Config& params, ++ ByteSource* out, ++ CryptoJobMode mode); + + static v8::Maybe EncodeOutput( + Environment* env, +diff --git a/src/crypto/crypto_random.cc b/src/crypto/crypto_random.cc +index 48154df7dc91ed..03bdcd5c6707d7 100644 +--- a/src/crypto/crypto_random.cc ++++ b/src/crypto/crypto_random.cc +@@ -56,10 +56,10 @@ Maybe RandomBytesTraits::AdditionalConfig( + return Just(true); + } + +-bool RandomBytesTraits::DeriveBits( +- Environment* env, +- const RandomBytesConfig& params, +- ByteSource* unused) { ++bool RandomBytesTraits::DeriveBits(Environment* env, ++ const RandomBytesConfig& params, ++ ByteSource* unused, ++ CryptoJobMode mode) { + return CSPRNG(params.buffer, params.size).is_ok(); + } + +@@ -151,7 +151,8 @@ Maybe RandomPrimeTraits::AdditionalConfig( + + bool RandomPrimeTraits::DeriveBits(Environment* env, + const RandomPrimeConfig& params, +- ByteSource* unused) { ++ ByteSource* unused, ++ CryptoJobMode mode) { + // BN_generate_prime_ex() calls RAND_bytes_ex() internally. + // Make sure the CSPRNG is properly seeded. + CHECK(CSPRNG(nullptr, 0).is_ok()); +@@ -194,11 +195,10 @@ Maybe CheckPrimeTraits::AdditionalConfig( + return Just(true); + } + +-bool CheckPrimeTraits::DeriveBits( +- Environment* env, +- const CheckPrimeConfig& params, +- ByteSource* out) { +- ++bool CheckPrimeTraits::DeriveBits(Environment* env, ++ const CheckPrimeConfig& params, ++ ByteSource* out, ++ CryptoJobMode mode) { + BignumCtxPointer ctx(BN_CTX_new()); + + int ret = BN_is_prime_ex( +diff --git a/src/crypto/crypto_random.h b/src/crypto/crypto_random.h +index a2807ed6ec8743..b673cbbfd1704f 100644 +--- a/src/crypto/crypto_random.h ++++ b/src/crypto/crypto_random.h +@@ -32,10 +32,10 @@ struct RandomBytesTraits final { + unsigned int offset, + RandomBytesConfig* params); + +- static bool DeriveBits( +- Environment* env, +- const RandomBytesConfig& params, +- ByteSource* out_); ++ static bool DeriveBits(Environment* env, ++ const RandomBytesConfig& params, ++ ByteSource* out_, ++ CryptoJobMode mode); + + static v8::Maybe EncodeOutput( + Environment* env, +@@ -72,7 +72,8 @@ struct RandomPrimeTraits final { + static bool DeriveBits( + Environment* env, + const RandomPrimeConfig& params, +- ByteSource* out_); ++ ByteSource* out_, ++ CryptoJobMode mode); + + static v8::Maybe EncodeOutput( + Environment* env, +@@ -105,10 +106,10 @@ struct CheckPrimeTraits final { + unsigned int offset, + CheckPrimeConfig* params); + +- static bool DeriveBits( +- Environment* env, +- const CheckPrimeConfig& params, +- ByteSource* out); ++ static bool DeriveBits(Environment* env, ++ const CheckPrimeConfig& params, ++ ByteSource* out, ++ CryptoJobMode mode); + + static v8::Maybe EncodeOutput( + Environment* env, +diff --git a/src/crypto/crypto_scrypt.cc b/src/crypto/crypto_scrypt.cc +index a262a2be96d7c3..2b21476d1b1bb4 100644 +--- a/src/crypto/crypto_scrypt.cc ++++ b/src/crypto/crypto_scrypt.cc +@@ -124,10 +124,10 @@ Maybe ScryptTraits::AdditionalConfig( + return Just(true); + } + +-bool ScryptTraits::DeriveBits( +- Environment* env, +- const ScryptConfig& params, +- ByteSource* out) { ++bool ScryptTraits::DeriveBits(Environment* env, ++ const ScryptConfig& params, ++ ByteSource* out, ++ CryptoJobMode mode) { + ByteSource::Builder buf(params.length); + + // Both the pass and salt may be zero-length at this point +diff --git a/src/crypto/crypto_scrypt.h b/src/crypto/crypto_scrypt.h +index 3d185637f44be3..9ea9d75d85bf35 100644 +--- a/src/crypto/crypto_scrypt.h ++++ b/src/crypto/crypto_scrypt.h +@@ -57,10 +57,10 @@ struct ScryptTraits final { + unsigned int offset, + ScryptConfig* params); + +- static bool DeriveBits( +- Environment* env, +- const ScryptConfig& params, +- ByteSource* out); ++ static bool DeriveBits(Environment* env, ++ const ScryptConfig& params, ++ ByteSource* out, ++ CryptoJobMode mode); + + static v8::Maybe EncodeOutput( + Environment* env, +diff --git a/src/crypto/crypto_sig.cc b/src/crypto/crypto_sig.cc +index fa4ba62f8f94f5..27e74090c5a4ad 100644 +--- a/src/crypto/crypto_sig.cc ++++ b/src/crypto/crypto_sig.cc +@@ -713,11 +713,11 @@ Maybe SignTraits::AdditionalConfig( + return Just(true); + } + +-bool SignTraits::DeriveBits( +- Environment* env, +- const SignConfiguration& params, +- ByteSource* out) { +- ClearErrorOnReturn clear_error_on_return; ++bool SignTraits::DeriveBits(Environment* env, ++ const SignConfiguration& params, ++ ByteSource* out, ++ CryptoJobMode mode) { ++ bool can_throw = mode == CryptoJobMode::kCryptoJobSync; + EVPMDCtxPointer context(EVP_MD_CTX_new()); + EVP_PKEY_CTX* ctx = nullptr; + +@@ -729,7 +729,7 @@ bool SignTraits::DeriveBits( + params.digest, + nullptr, + params.key.get())) { +- crypto::CheckThrow(env, SignBase::Error::kSignInit); ++ if (can_throw) crypto::CheckThrow(env, SignBase::Error::kSignInit); + return false; + } + break; +@@ -740,7 +740,7 @@ bool SignTraits::DeriveBits( + params.digest, + nullptr, + params.key.get())) { +- crypto::CheckThrow(env, SignBase::Error::kSignInit); ++ if (can_throw) crypto::CheckThrow(env, SignBase::Error::kSignInit); + return false; + } + break; +@@ -758,7 +758,7 @@ bool SignTraits::DeriveBits( + ctx, + padding, + salt_length)) { +- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); ++ if (can_throw) crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); + return false; + } + +@@ -772,7 +772,8 @@ bool SignTraits::DeriveBits( + &len, + params.data.data(), + params.data.size())) { +- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); ++ if (can_throw) ++ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); + return false; + } + ByteSource::Builder buf(len); +@@ -781,7 +782,8 @@ bool SignTraits::DeriveBits( + &len, + params.data.data(), + params.data.size())) { +- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); ++ if (can_throw) ++ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); + return false; + } + *out = std::move(buf).release(len); +@@ -792,13 +794,15 @@ bool SignTraits::DeriveBits( + params.data.data(), + params.data.size()) || + !EVP_DigestSignFinal(context.get(), nullptr, &len)) { +- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); ++ if (can_throw) ++ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); + return false; + } + ByteSource::Builder buf(len); + if (!EVP_DigestSignFinal( + context.get(), buf.data(), &len)) { +- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); ++ if (can_throw) ++ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); + return false; + } + +diff --git a/src/crypto/crypto_sig.h b/src/crypto/crypto_sig.h +index 633201473e4645..3b2801fa11ef3f 100644 +--- a/src/crypto/crypto_sig.h ++++ b/src/crypto/crypto_sig.h +@@ -147,10 +147,10 @@ struct SignTraits final { + unsigned int offset, + SignConfiguration* params); + +- static bool DeriveBits( +- Environment* env, +- const SignConfiguration& params, +- ByteSource* out); ++ static bool DeriveBits(Environment* env, ++ const SignConfiguration& params, ++ ByteSource* out, ++ CryptoJobMode mode); + + static v8::Maybe EncodeOutput( + Environment* env, +diff --git a/src/crypto/crypto_util.h b/src/crypto/crypto_util.h +index 4ba261014695cf..06165a4dce48c4 100644 +--- a/src/crypto/crypto_util.h ++++ b/src/crypto/crypto_util.h +@@ -503,9 +503,10 @@ class DeriveBitsJob final : public CryptoJob { + std::move(params)) {} + + void DoThreadPoolWork() override { ++ ClearErrorOnReturn clear_error_on_return; + if (!DeriveBitsTraits::DeriveBits( + AsyncWrap::env(), +- *CryptoJob::params(), &out_)) { ++ *CryptoJob::params(), &out_, this->mode())) { + CryptoErrorStore* errors = CryptoJob::errors(); + errors->Capture(); + if (errors->Empty()) +diff --git a/test/parallel/test-crypto-async-sign-verify.js b/test/parallel/test-crypto-async-sign-verify.js +index 4e3c32fdcd23fb..5924d36e480721 100644 +--- a/test/parallel/test-crypto-async-sign-verify.js ++++ b/test/parallel/test-crypto-async-sign-verify.js +@@ -141,3 +141,29 @@ test('dsa_public.pem', 'dsa_private.pem', 'sha256', false, + }) + .catch(common.mustNotCall()); + } ++ ++{ ++ const untrustedKey = `-----BEGIN PUBLIC KEY----- ++MCowBQYDK2VuAyEA6pwGRbadNQAI/tYN8+/p/0/hbsdHfOEGr1ADiLVk/Gc= ++-----END PUBLIC KEY-----`; ++ const data = crypto.randomBytes(32); ++ const signature = crypto.randomBytes(16); ++ ++ const expected = common.hasOpenSSL3 ? ++ /operation not supported for this keytype/ : /no default digest/; ++ ++ crypto.verify(undefined, data, untrustedKey, signature, common.mustCall((err) => { ++ assert.ok(err); ++ assert.match(err.message, expected); ++ })); ++} ++ ++{ ++ const { privateKey } = crypto.generateKeyPairSync('rsa', { ++ modulusLength: 512 ++ }); ++ crypto.sign('sha512', 'message', privateKey, common.mustCall((err) => { ++ assert.ok(err); ++ assert.match(err.message, /digest too big for rsa key/); ++ })); ++} diff --git a/nodejs.spec b/nodejs.spec index cf209b3..6c59561 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -1,4 +1,4 @@ -%global baserelease 2 +%global baserelease 3 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} %global nodejs_epoch 1 %global nodejs_major 20 @@ -77,6 +77,8 @@ Patch1: CVE-2023-45853.patch Patch2: CVE-2024-5274.patch Patch3: CVE-2024-7971.patch Patch4: 0001-correct-some-errors-related-to-CVE-2025-23085.patch +Patch5: CVE-2025-23165.patch +Patch6: CVE-2025-23166.patch BuildRequires: python3-devel python3-setuptools make BuildRequires: zlib-devel python3-jinja2 @@ -407,6 +409,9 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod %{_pkgdocdir}/npm/docs %changelog +* Tue May 20 2025 yaoxin <1024769339@qq.com> - 1:20.18.2-3 +- Fix CVE-2025-23165 and CVE-2025-23166 + * Wed Apr 02 2025 hanguanqiang - 1:20.18.2-2 - correct error related to CVE-2025-23085 -- Gitee