Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package nodejs16 for openSUSE:Factory
checked in at 2022-01-14 23:12:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nodejs16 (Old)
and /work/SRC/openSUSE:Factory/.nodejs16.new.1892 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs16"
Fri Jan 14 23:12:41 2022 rev:14 rq:945772 version:16.13.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/nodejs16/nodejs16.changes 2021-12-12
00:55:44.874507684 +0100
+++ /work/SRC/openSUSE:Factory/.nodejs16.new.1892/nodejs16.changes
2022-01-14 23:13:14.074631556 +0100
@@ -1,0 +2,26 @@
+Tue Jan 11 18:48:04 UTC 2022 - Adam Majer <adam.ma...@suse.de>
+
+- update to 16.13.2:
+ Security update fixing the following issues:
+
+ * Improper handling of URI Subject Alternative Names (Medium)
+ (CVE-2021-44531, bsc#1194511)
+ * Certificate Verification Bypass via String Injection (Medium)
+ (CVE-2021-44532, bsc#1194512)
+ * Incorrect handling of certificate subject and issuer fields (Medium)
+ (CVE-2021-44533, bsc#1194513)
+ * Prototype pollution via console.table properties (Low)
+ (CVE-2022-21824, bsc#1194514)
+
+-------------------------------------------------------------------
+Wed Jan 5 20:50:19 UTC 2022 - Adam Majer <adam.ma...@suse.de>
+
+- fix_ci_tests.patch: fix tests on s390x
+
+-------------------------------------------------------------------
+Tue Jan 4 12:17:19 UTC 2022 - Adam Majer <adam.ma...@suse.de>
+
+- rsa-pss-revert.patch: temporarily revert functionality requiring
+ newer openssl
+
+-------------------------------------------------------------------
Old:
----
node-v16.13.1.tar.xz
New:
----
node-v16.13.2.tar.xz
rsa-pss-revert.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nodejs16.spec ++++++
--- /var/tmp/diff_new_pack.oOjlfW/_old 2022-01-14 23:13:14.978632139 +0100
+++ /var/tmp/diff_new_pack.oOjlfW/_new 2022-01-14 23:13:14.982632141 +0100
@@ -1,7 +1,7 @@
#
# spec file for package nodejs16
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -32,7 +32,7 @@
%endif
Name: nodejs16
-Version: 16.13.1
+Version: 16.13.2
Release: 0
# Double DWZ memory limits
@@ -41,6 +41,9 @@
%define node_version_number 16
+# TBA: openssl bsc#1192489
+%bcond_with openssl_RSA_get0_pss_params
+
%if 0%{?suse_version} > 1500 || 0%{?fedora_version}
%bcond_without libalternatives
%else
@@ -86,25 +89,25 @@
%define _libexecdir %{_exec_prefix}/lib
%endif
-%if 0%{?suse_version} >= 1500 || 0%{?sle_version} >= 120400
+%if 0%{?suse_version} >= 1500 || 0%{?sle_version} >= 120400 ||
0%{?fedora_version} >= 35
%bcond_with intree_openssl
%else
%bcond_without intree_openssl
%endif
-%if 0%{?suse_version} >= 1330
+%if 0%{?suse_version} >= 1330 || 0%{?fedora_version} >= 35
%bcond_with intree_cares
%else
%bcond_without intree_cares
%endif
-%if 0%{?suse_version} >= 1550
+%if 0%{?suse_version} >= 1500 || 0%{?fedora_version} >= 35
%bcond_with intree_icu
%else
%bcond_without intree_icu
%endif
-%if 0%{?suse_version} >= 1550
+%if 0%{?suse_version} >= 1550 || 0%{?fedora_version} >= 35
%bcond_with intree_nghttp2
%else
%bcond_without intree_nghttp2
@@ -157,11 +160,17 @@
Patch120: flaky_test_rerun.patch
Patch132: test-skip-y2038-on-32bit-time_t.patch
+Patch133: rsa-pss-revert.patch
# Use versioned binaries and paths
Patch200: versioned.patch
+BuildRequires: fdupes
BuildRequires: pkg-config
+BuildRequires: procps
+BuildRequires: xz
+BuildRequires: zlib-devel
+
%if 0%{?suse_version}
BuildRequires: config(netcfg)
%endif
@@ -178,12 +187,10 @@
# GCC 5 is only available in the SUSE:SLE-11:SP4:Update repository (SDK).
%if %node_version_number >= 8
BuildRequires: gcc5-c++
-%define cc_exec gcc-5
-%define cpp_exec g++-5
+%define forced_gcc_version 5
%else
BuildRequires: gcc48-c++
-%define cc_exec gcc-4.8
-%define cpp_exec g++-4.8
+%define forced_gcc_version 4.8
%endif
%endif
# sles == 11 block
@@ -191,41 +198,47 @@
# Pick and stick with "latest" compiler at time of LTS release
# for SLE-12:Update targets
%if 0%{?suse_version} == 1315
+%if %node_version_number >= 17
+BuildRequires: gcc10-c++
+%define forced_gcc_version 10
+%else
%if %node_version_number >= 14
BuildRequires: gcc9-c++
-%define cc_exec gcc-9
-%define cpp_exec g++-9
+%define forced_gcc_version 9
%else
%if %node_version_number >= 8
BuildRequires: gcc7-c++
-%define cc_exec gcc-7
-%define cpp_exec g++-7
+%define forced_gcc_version 7
+%endif
+%endif
%endif
%endif
+
+%if 0%{?suse_version} == 1500
+%if %node_version_number >= 17
+BuildRequires: gcc10-c++
+%define forced_gcc_version 10
+%endif
%endif
# compiler selection
# No special version defined, use default.
-%if ! 0%{?cc_exec:1}
+%if ! 0%{?forced_gcc_version:1}
BuildRequires: gcc-c++
%endif
-BuildRequires: fdupes
-BuildRequires: procps
-BuildRequires: xz
-BuildRequires: zlib-devel
-
# Python dependencies
-%if %node_version_number >= 12
+%if %node_version_number >= 16
+
%if 0%{?suse_version} && 0%{?suse_version} < 1500
BuildRequires: python36
%else
-BuildRequires: python3 > 3.6.0
+BuildRequires: python3
%endif
-%if 0%{?suse_version}
-BuildRequires: netcfg
-%endif
+%else
+%if %node_version_number >= 12
+BuildRequires: python3
%else
%if 0%{?suse_version} >= 1500
@@ -233,6 +246,8 @@
%else
BuildRequires: python
%endif
+
+%endif
%endif
%if 0%{?suse_version} >= 1500 && %{node_version_number} >= 10
@@ -244,13 +259,27 @@
BuildRequires: pkgconfig(openssl) >= %{openssl_req_ver}
+# require patched openssl library on SLES for nodejs16
+%if %node_version_number >= 16 && 0%{?suse_version} <= 1500 &&
0%{?suse_version} && 0%{with openssl_RSA_get0_pss_params}
+BuildRequires: openssl-has-RSA_get0_pss_params
+Requires: openssl-has-RSA_get0_pss_params
+%endif
+
+%if 0%{?suse_version}
%if 0%{?suse_version} >= 1500
-BuildRequires: libopenssl1_1-hmac
BuildRequires: openssl >= %{openssl_req_ver}
%else
BuildRequires: openssl-1_1 >= %{openssl_req_ver}
%endif
+BuildRequires: libopenssl1_1-hmac
+# /suse_version
+%endif
+
+%if 0%{?fedora_version}
+BuildRequires: openssl >= %{openssl_req_ver}
+%endif
+
%else
%if %node_version_number <= 12 && 0%{?suse_version} == 1315 &&
0%{?sle_version} < 120400
Provides: bundled(openssl) = 1.1.1l
@@ -266,7 +295,7 @@
%endif
%if ! 0%{with intree_icu}
-BuildRequires: pkgconfig(icu-i18n) >= 68
+BuildRequires: pkgconfig(icu-i18n) >= 69
%else
Provides: bundled(icu) = 69.1
%endif
@@ -630,6 +659,9 @@
%patch110 -p1
%patch120 -p1
%patch132 -p1
+%if ! 0%{with openssl_RSA_get0_pss_params}
+%patch133 -p1
+%endif
%patch200 -p1
# remove backup files, if any
@@ -638,6 +670,13 @@
# abnormalities from patching
find \( -name \*.js.orig -or -name \*.md.orig -or -name \*.1.orig \) -delete
+# downgrade node-gyp to last version that supports python 3.4 for SLE12
+%if 0%{?use_version} && 0%{?suse_version} < 1500
+rm -r deps/npm/node_modules/node-gyp
+mkdir deps/npm/node_modules/node-gyp
+tar -C deps/npm/node_modules/node-gyp Jxf %{SOURCE5}
+%endif
+
%build
# normalize shebang
%if %{node_version_number} >= 12
@@ -660,10 +699,6 @@
rm -rf deps/icu-small
%endif
-%if ! 0%{with intree_openssl}
-rm -rf deps/openssl
-%endif
-
%if ! 0%{with intree_cares}
find deps/cares -name *.[ch] -delete
%endif
@@ -675,7 +710,7 @@
export CFLAGS="%{?build_cflags:%build_cflags}%{?!build_cflags:%optflags}
-fno-strict-aliasing"
# -Wno-class-memaccess is not available in gcc < 8 (= system compiler on Leap
until at least 15.3 is gcc7)
export
CXXFLAGS="%{?build_cxxflags:%build_cxxflags}%{?!build_cxxflags:%optflags}
-Wno-error=return-type -fno-strict-aliasing"
-%if 0%{?sle_version} > 150300 || 0%{?suse_version} > 1500
+%if 0%{?forced_gcc_version} >= 8 || 0%{?suse_version} > 1500 ||
0%{?fedora_version} >= 35
export CXXFLAGS="\${CXXFLAGS} -Wno-class-memaccess"
%endif
export LDFLAGS="%{?build_ldflags}"
@@ -689,9 +724,9 @@
export CXXFLAGS="\${CXXFLAGS} -g1"
export LDFLAGS="\${LDFLAGS} -Wl,--reduce-memory-overhead"
-%if 0%{?cc_exec:1}
-export CC=%{?cc_exec}
-export CXX=%{?cpp_exec}
+%if 0%{?forced_gcc_version:1}
+export CC=gcc-%{forced_gcc_version}
+export CXX=g++-%{forced_gcc_version}
%endif
EOF
@@ -853,6 +888,16 @@
test/parallel/test-dns-resolveany.js
# multicast test fail since no socket?
rm -f test/parallel/test-dgram-membership.js
+%if 0%{?fedora_version}
+# test/parallel/test-crypto-certificate.js requires OPENSSL_ENABLE_MD5_VERIFY=1
+# as SPKAC required MD5 for verification
+#
https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/0006-Disable-signature-verification-with-totally-unsafe-h.patch
+export OPENSSL_ENABLE_MD5_VERIFY=1
+
+# error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
+# failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
+rm -f test/parallel/test-tls-no-sslv3.js
+%endif
# Run CI tests
%if 0%{with valgrind_tests}
# valgrind may have false positives, so do not fail on these by default
++++++ SHASUMS256.txt ++++++
--- /var/tmp/diff_new_pack.oOjlfW/_old 2022-01-14 23:13:15.018632164 +0100
+++ /var/tmp/diff_new_pack.oOjlfW/_new 2022-01-14 23:13:15.022632167 +0100
@@ -1,35 +1,35 @@
-b1986cc40595c615fa5c51e29148c41c9e2446c479cdb99575a033f30c5f419c
node-v16.13.1-aix-ppc64.tar.gz
-2d27c10c49af87a8d87bce4d32ca0e37afbc8dcc73d524ec7de3506c6309d4fc
node-v16.13.1-darwin-arm64.tar.gz
-8e1c244ada393734a2fd8b6ea0356ce6569b3c05d834ee4cab57e4c42456d8bd
node-v16.13.1-darwin-arm64.tar.xz
-a139fc6a4c8daf160989420535378d69b53a0d9f5ae43871e9befeb2b8a44187
node-v16.13.1-darwin-x64.tar.gz
-e4683ade1b198fb54e95a7ac8064105a9696bc358f2693365485f13126387ca5
node-v16.13.1-darwin-x64.tar.xz
-f2101cdf05dd040397000596ed0f285dff74a926637cfeabab8e98bb7ba67327
node-v16.13.1-headers.tar.gz
-9274cb504c58585e4cf90999ac678daa7c90ff21063ac77a1f7ce7c0e7535eb6
node-v16.13.1-headers.tar.xz
-c2f2a0a5adbfc267dbe41ef9fbd83af157a64997bc7546c12717ff55ea6b57d8
node-v16.13.1-linux-arm64.tar.gz
-af1127594d6dae96d3f1d307174daa5084d9c9027eb6fc02548022257f4b0a6a
node-v16.13.1-linux-arm64.tar.xz
-749bc9191f1ba3b2c9d79d74675a3c19a69a3e7da5f17d5a1ce3d05a6cbef88e
node-v16.13.1-linux-armv7l.tar.gz
-0816ba8750651a49a5b1bf4fa82d0e080bddc00c01c4316948b82a146b2ec18a
node-v16.13.1-linux-armv7l.tar.xz
-58810743fbfe782e7dbeb1153769bc8aeb3d1b6dcb470c82eca58ab0bc840332
node-v16.13.1-linux-ppc64le.tar.gz
-c19affa95c8a3e52ae99fc3d08c713328de921a3e71c9c5ddb844886e3caa038
node-v16.13.1-linux-ppc64le.tar.xz
-27ac1da92065d04916cd6abe8c6b305bb2a358d0fa3f45417feecdc8641abf88
node-v16.13.1-linux-s390x.tar.gz
-36abceeb29fb4ddd71d6ea15cdf16ee1507702ef44a33998998eeea97e8e7e88
node-v16.13.1-linux-s390x.tar.xz
-5f80197d654fd0b749cdeddf1f07a5eac1fcf6b423a00ffc8f2d3bea9c6dc8d1
node-v16.13.1-linux-x64.tar.gz
-a3721f87cecc0b52b0be8587c20776ac7305db413751db02c55aa2bffac15198
node-v16.13.1-linux-x64.tar.xz
-ec614451f343c28309ed0e7566752ee775cf800565e63df5fbb46cc5eeab3ca7
node-v16.13.1.pkg
-34b23965457fb08a8c62f81e8faf74ea60587cda6fa898e5d030211f5f374cb6
node-v16.13.1.tar.gz
-4c23004fd75eaf799ad8e76fe34f53e0327f433d4acbfc883396f72e96cc63ad
node-v16.13.1.tar.xz
-e4e06ca94b46522096cbf3baa836dbb8af8b44d6c0db0ad577881dc9edf1d252
node-v16.13.1-win-x64.7z
-a9147e9a86f8420893bafc4ef041e578795dc5874b9dccdd731699613b8a60ab
node-v16.13.1-win-x64.zip
-439728a9c2d708e24669897d40b64b02e8d4e55c2e8c5e6f90552e1f20cf534e
node-v16.13.1-win-x86.7z
-d0421f0bd08641a2c9cef44f75c73b53843cace4f1a60cbd60f88a506c822253
node-v16.13.1-win-x86.zip
-8c0434b1735110ef8fbd012c46dfa867fea360b29fbbf76f0995361d17243103
node-v16.13.1-x64.msi
-133d0d96bfa4825f9beca6c8e0603d77a8616f71c2a22222a868524cce4e1b3b
node-v16.13.1-x86.msi
-9ee6bfb71095b215e0c724fe52830ecdc435d57e288418daeaa4fc80baa3fd76
win-x64/node.exe
-034607ba97ebe59b00d4128aeb4bbb12c79550832a546d83b25666902b8ffab1
win-x64/node.lib
-866342f7d8ad5ea2aa4d07ab044f9a005c36c1e99b16188e8a2afd29744df4ea
win-x64/node_pdb.7z
-457d32c4b193d10e37719d84f33b2fcb7bf68f94fe6b04d32d2d26d1358d33fd
win-x64/node_pdb.zip
-79742a53e555909aac020403e0d3a46d51fa70f410da80f6561ef185107529d7
win-x86/node.exe
-6b774d921793b32c4ca2f629972c702ae91a14fb4f391639c913a259cd714844
win-x86/node.lib
-193dfd7538f5f2f16a3a4730cbae60573b613cb548f7d639dc5c524dad41c5ab
win-x86/node_pdb.7z
-579c45886f53d4de4437885043ad76e38a4b62cc9d416404768c519bc7b9adb8
win-x86/node_pdb.zip
+54078953e99360087e1c300f7cc36165b838229034c451367428b40095656133
node-v16.13.2-aix-ppc64.tar.gz
+09d300008ad58792c12622a5eafdb14c931587bb88713df4df64cdf4ff2188d1
node-v16.13.2-darwin-arm64.tar.gz
+a67021c57fe05e87ba2e3fe91f828e22a38a032048301bfb3338ba0a7844219d
node-v16.13.2-darwin-arm64.tar.xz
+900a952bb77533d349e738ff8a5179a4344802af694615f36320a888b49b07e6
node-v16.13.2-darwin-x64.tar.gz
+ba5e44a0d6f3cbf2cc06ea27a01bca544504bfe3d4ff69369dad85c60a226ee6
node-v16.13.2-darwin-x64.tar.xz
+a3e023ea3bc30b629c0e86f069c1900ec8f4ccb5ede1984b96ed831d4b4c469e
node-v16.13.2-headers.tar.gz
+2076c3156913509a2378b34f529f2e0c17abb688652ec823b66a3b0f0466e5df
node-v16.13.2-headers.tar.xz
+e87d7c173d7c70672d71cc816ffe0baea2b0458cb7f96c248560410e9cd37522
node-v16.13.2-linux-arm64.tar.gz
+a3cf8e4e9fbea27573eee6da84720bf7227ddd22842b842d48049d6dfe55fb03
node-v16.13.2-linux-arm64.tar.xz
+59af2a54018112c31faec25502e01c1781c28ef85e168f383806606eba846ddf
node-v16.13.2-linux-armv7l.tar.gz
+e09c6d5b24f7ac26a7efec72acaf973f7a96d7f15f9cb9078c067d16ef23d50c
node-v16.13.2-linux-armv7l.tar.xz
+1455299d2b2c6e913eff9d75b261df7658f27ab062b99213efcdd076198faf71
node-v16.13.2-linux-ppc64le.tar.gz
+9227a9e154493a1c341cde8a3cef52f7f2ac03805e6b5a55e2c11b726e1a77d4
node-v16.13.2-linux-ppc64le.tar.xz
+331c6396743093a99ee89c01df32bff7c67985d64e3584d846af80331ee44507
node-v16.13.2-linux-s390x.tar.gz
+c4ba46fc19366f7377d28a60a98f741bfa38045d7924306244c51d1660afcc8d
node-v16.13.2-linux-s390x.tar.xz
+a0f23911d5d9c371e95ad19e4e538d19bffc0965700f187840eb39a91b0c3fb0
node-v16.13.2-linux-x64.tar.gz
+7f5e9a42d6e86147867d35643c7b1680c27ccd45db85666fc52798ead5e74421
node-v16.13.2-linux-x64.tar.xz
+6a517182b2195f37636dc50a2d65ab0484130dd397d31bb22ab9d0a0df48c48f
node-v16.13.2.pkg
+cd5a07cae25985704a5b1878355b2793d62d70fc97b8a181ad2bf86201121b08
node-v16.13.2.tar.gz
+98b1de1ff92a292b93d2b2c93bc2a98656647b3d0c0d5623069f4f8047a8b4a0
node-v16.13.2.tar.xz
+df1cd0a54fbc0ddf6a6149a133bd737d55806b0cb3f3bb2be91e03c3760226af
node-v16.13.2-win-x64.7z
+107e3ece84b7fa1e80b3bdf03181d395246c7867e27b17b6d7e6fa9c7932b467
node-v16.13.2-win-x64.zip
+8ccbbf348eafc8ffd140f3d193c76a060056d10148a053aeed327774ce70ec59
node-v16.13.2-win-x86.7z
+79a30a8f846e2a3951a36a56f8d824070001d5762e3ba517d6b563364179a18f
node-v16.13.2-win-x86.zip
+1690d6c4947e9b998b183b8eca3056729763e63d2306bc38fc1170b4f0de0689
node-v16.13.2-x64.msi
+a220a4b55ec0a6b9aa7b5651cded20a167a75f8a51aa908ff15dd25890f19e00
node-v16.13.2-x86.msi
+b30d47d1450739f14a1e6dfd187cf0944c6464fff18d60989bd89860da6c9fa4
win-x64/node.exe
+c078b821ad8079c44556ec064cbd3a7e4ecbc894128698df7687ec6aae9c3075
win-x64/node.lib
+8e1b546e7203dadcec859a7ca13955036c109592bc7303e413f9fcd1cbd46757
win-x64/node_pdb.7z
+b6ea03f867a72eae1fd9ae4f5156738542e581be6235c3f0aa3a79b96c0c0f2a
win-x64/node_pdb.zip
+4473873cc5b4c0d9ff5172325c6d9b544e2a4e3176725b7cfc1aa246219ecb98
win-x86/node.exe
+4c5ff3e89d6c4e098c502a616dca2c981c6cedd2ceead00155ddfef05bd9a1b2
win-x86/node.lib
+18bfb673a2cecdc162a3af2d46ebc56958a34d0212c3d5c863444b9ec4aef8c2
win-x86/node_pdb.7z
+653763b41926a122a9b1f5f8f8f8e3b09fb4af69675a26024a0130cbada5575d
win-x86/node_pdb.zip
++++++ SHASUMS256.txt.sig ++++++
Binary files /var/tmp/diff_new_pack.oOjlfW/_old and
/var/tmp/diff_new_pack.oOjlfW/_new differ
++++++ fix_ci_tests.patch ++++++
--- /var/tmp/diff_new_pack.oOjlfW/_old 2022-01-14 23:13:15.062632193 +0100
+++ /var/tmp/diff_new_pack.oOjlfW/_new 2022-01-14 23:13:15.066632195 +0100
@@ -110,4 +110,45 @@
// Invalid test: curve argument is undefined
assert.throws(
+Index: node-v16.13.1/test/parallel/test-zlib-dictionary-fail.js
+===================================================================
+--- node-v16.13.1.orig/test/parallel/test-zlib-dictionary-fail.js
++++ node-v16.13.1/test/parallel/test-zlib-dictionary-fail.js
+@@ -53,7 +53,7 @@ const input = Buffer.from([0x78, 0xBB, 0
+ stream.on('error', common.mustCall(function(err) {
+ // It's not possible to separate invalid dict and invalid data when using
+ // the raw format
+- assert.match(err.message, /invalid/);
++ assert.match(err.message, /(invalid|Operation-Ending-Supplemental Code is
0x12)/);
+ }));
+
+ stream.write(input);
+Index: node-v16.13.1/test/parallel/test-zlib-flush-drain-longblock.js
+===================================================================
+--- node-v16.13.1.orig/test/parallel/test-zlib-flush-drain-longblock.js
++++ node-v16.13.1/test/parallel/test-zlib-flush-drain-longblock.js
+@@ -16,7 +16,7 @@ zipper.write('A'.repeat(17000));
+ zipper.flush();
+
+ let received = 0;
+-unzipper.on('data', common.mustCall((d) => {
++unzipper.on('data', common.mustCallAtLeast((d) => {
+ received += d.length;
+ }, 2));
+
+Index: node-v16.13.1/test/parallel/test-zlib-from-string.js
+===================================================================
+--- node-v16.13.1.orig/test/parallel/test-zlib-from-string.js
++++ node-v16.13.1/test/parallel/test-zlib-from-string.js
+@@ -55,7 +55,9 @@ const expectedBase64Gzip = 'H4sIAAAAAAAA
+ 'sHnHNzRtagj5AQAA';
+
+ zlib.deflate(inputString, common.mustCall((err, buffer) => {
+- assert.strictEqual(buffer.toString('base64'), expectedBase64Deflate);
++ zlib.unzip(buffer, common.mustCall((err, unzipped) => {
++ assert.strictEqual(unzipped.toString(), inputString);
++ }));
+ }));
+
+ zlib.gzip(inputString, common.mustCall((err, buffer) => {
++++++ node-v16.13.1.tar.xz -> node-v16.13.2.tar.xz ++++++
/work/SRC/openSUSE:Factory/nodejs16/node-v16.13.1.tar.xz
/work/SRC/openSUSE:Factory/.nodejs16.new.1892/node-v16.13.2.tar.xz differ: char
26, line 1
++++++ rsa-pss-revert.patch ++++++
Index: node-v17.3.0/doc/api/crypto.md
===================================================================
--- node-v17.3.0.orig/doc/api/crypto.md
+++ node-v17.3.0/doc/api/crypto.md
@@ -1959,20 +1959,11 @@ const {
<!-- YAML
added: v15.7.0
-changes:
- - version: v16.9.0
- pr-url: https://github.com/nodejs/node/pull/39851
- description: Expose `RSASSA-PSS-params` sequence parameters
- for RSA-PSS keys.
-->
* {Object}
* `modulusLength`: {number} Key size in bits (RSA, DSA).
* `publicExponent`: {bigint} Public exponent (RSA).
- * `hashAlgorithm`: {string} Name of the message digest (RSA-PSS).
- * `mgf1HashAlgorithm`: {string} Name of the message digest used by
- MGF1 (RSA-PSS).
- * `saltLength`: {number} Minimal salt length in bytes (RSA-PSS).
* `divisorLength`: {number} Size of `q` in bits (DSA).
* `namedCurve`: {string} Name of the curve (EC).
@@ -1981,11 +1972,8 @@ this object contains information about t
through this property can be used to uniquely identify a key or to compromise
the security of the key.
-For RSA-PSS keys, if the key material contains a `RSASSA-PSS-params` sequence,
-the `hashAlgorithm`, `mgf1HashAlgorithm`, and `saltLength` properties will be
-set.
-
-Other key details might be exposed via this API using additional attributes.
+RSA-PSS parameters, DH, or any future key type details might be exposed via
this
+API using additional attributes.
### `keyObject.asymmetricKeyType`
Index: node-v17.3.0/src/crypto/crypto_rsa.cc
===================================================================
--- node-v17.3.0.orig/src/crypto/crypto_rsa.cc
+++ node-v17.3.0/src/crypto/crypto_rsa.cc
@@ -561,84 +561,10 @@ Maybe<bool> GetRsaKeyDetail(
reinterpret_cast<unsigned char*>(public_exponent.data());
CHECK_EQ(BN_bn2binpad(e, data, len), len);
- if (target
- ->Set(
- env->context(),
- env->public_exponent_string(),
- public_exponent.ToArrayBuffer())
- .IsNothing()) {
- return Nothing<bool>();
- }
-
- if (type == EVP_PKEY_RSA_PSS) {
- // Due to the way ASN.1 encoding works, default values are omitted when
- // encoding the data structure. However, there are also RSA-PSS keys for
- // which no parameters are set. In that case, the ASN.1 RSASSA-PSS-params
- // sequence will be missing entirely and RSA_get0_pss_params will return
- // nullptr. If parameters are present but all parameters are set to their
- // default values, an empty sequence will be stored in the ASN.1 structure.
- // In that case, RSA_get0_pss_params does not return nullptr but all fields
- // of the returned RSA_PSS_PARAMS will be set to nullptr.
-
- const RSA_PSS_PARAMS* params = RSA_get0_pss_params(rsa);
- if (params != nullptr) {
- int hash_nid = NID_sha1;
- int mgf_nid = NID_mgf1;
- int mgf1_hash_nid = NID_sha1;
- int64_t salt_length = 20;
-
- if (params->hashAlgorithm != nullptr) {
- hash_nid = OBJ_obj2nid(params->hashAlgorithm->algorithm);
- }
-
- if (target
- ->Set(
- env->context(),
- env->hash_algorithm_string(),
- OneByteString(env->isolate(), OBJ_nid2ln(hash_nid)))
- .IsNothing()) {
- return Nothing<bool>();
- }
-
- if (params->maskGenAlgorithm != nullptr) {
- mgf_nid = OBJ_obj2nid(params->maskGenAlgorithm->algorithm);
- if (mgf_nid == NID_mgf1) {
- mgf1_hash_nid = OBJ_obj2nid(params->maskHash->algorithm);
- }
- }
-
- // If, for some reason, the MGF is not MGF1, then the MGF1 hash function
- // is intentionally not added to the object.
- if (mgf_nid == NID_mgf1) {
- if (target
- ->Set(
- env->context(),
- env->mgf1_hash_algorithm_string(),
- OneByteString(env->isolate(), OBJ_nid2ln(mgf1_hash_nid)))
- .IsNothing()) {
- return Nothing<bool>();
- }
- }
-
- if (params->saltLength != nullptr) {
- if (ASN1_INTEGER_get_int64(&salt_length, params->saltLength) != 1) {
- ThrowCryptoError(env, ERR_get_error(), "ASN1_INTEGER_get_in64
error");
- return Nothing<bool>();
- }
- }
-
- if (target
- ->Set(
- env->context(),
- env->salt_length_string(),
- Number::New(env->isolate(),
static_cast<double>(salt_length)))
- .IsNothing()) {
- return Nothing<bool>();
- }
- }
- }
-
- return Just<bool>(true);
+ return target->Set(
+ env->context(),
+ env->public_exponent_string(),
+ public_exponent.ToArrayBuffer());
}
namespace RSAAlg {
Index: node-v17.3.0/src/env.h
===================================================================
--- node-v17.3.0.orig/src/env.h
+++ node-v17.3.0/src/env.h
@@ -271,7 +271,6 @@ constexpr size_t kFsStatsBufferLength =
V(gid_string, "gid")
\
V(h2_string, "h2")
\
V(handle_string, "handle")
\
- V(hash_algorithm_string, "hashAlgorithm")
\
V(help_text_string, "helpText")
\
V(homedir_string, "homedir")
\
V(host_string, "host")
\
@@ -320,7 +319,6 @@ constexpr size_t kFsStatsBufferLength =
V(message_port_string, "messagePort")
\
V(message_string, "message")
\
V(messageerror_string, "messageerror")
\
- V(mgf1_hash_algorithm_string, "mgf1HashAlgorithm")
\
V(minttl_string, "minttl")
\
V(module_string, "module")
\
V(modulus_string, "modulus")
\
@@ -390,7 +388,6 @@ constexpr size_t kFsStatsBufferLength =
V(replacement_string, "replacement")
\
V(require_string, "require")
\
V(retry_string, "retry")
\
- V(salt_length_string, "saltLength")
\
V(scheme_string, "scheme")
\
V(scopeid_string, "scopeid")
\
V(serial_number_string, "serialNumber")
\
Index: node-v17.3.0/test/fixtures/keys/Makefile
===================================================================
--- node-v17.3.0.orig/test/fixtures/keys/Makefile
+++ node-v17.3.0/test/fixtures/keys/Makefile
@@ -64,11 +64,9 @@ all: \
rsa_pss_private_2048.pem \
rsa_pss_private_2048_sha256_sha256_16.pem \
rsa_pss_private_2048_sha512_sha256_20.pem \
- rsa_pss_private_2048_sha1_sha1_20.pem \
rsa_pss_public_2048.pem \
rsa_pss_public_2048_sha256_sha256_16.pem \
rsa_pss_public_2048_sha512_sha256_20.pem \
- rsa_pss_public_2048_sha1_sha1_20.pem \
ed25519_private.pem \
ed25519_public.pem \
x25519_private.pem \
@@ -710,9 +708,6 @@ rsa_pss_private_2048_sha256_sha256_16.pe
rsa_pss_private_2048_sha512_sha256_20.pem:
openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048
-pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha512 -pkeyopt
rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:20 -out
rsa_pss_private_2048_sha512_sha256_20.pem
-rsa_pss_private_2048_sha1_sha1_20.pem:
- openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048
-pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha1 -pkeyopt
rsa_pss_keygen_mgf1_md:sha1 -pkeyopt rsa_pss_keygen_saltlen:20 -out
rsa_pss_private_2048_sha1_sha1_20.pem
-
rsa_pss_public_2048.pem: rsa_pss_private_2048.pem
openssl pkey -in rsa_pss_private_2048.pem -pubout -out
rsa_pss_public_2048.pem
@@ -722,9 +717,6 @@ rsa_pss_public_2048_sha256_sha256_16.pem
rsa_pss_public_2048_sha512_sha256_20.pem:
rsa_pss_private_2048_sha512_sha256_20.pem
openssl pkey -in rsa_pss_private_2048_sha512_sha256_20.pem -pubout -out
rsa_pss_public_2048_sha512_sha256_20.pem
-rsa_pss_public_2048_sha1_sha1_20.pem: rsa_pss_private_2048_sha1_sha1_20.pem
- openssl pkey -in rsa_pss_private_2048_sha1_sha1_20.pem -pubout -out
rsa_pss_public_2048_sha1_sha1_20.pem
-
ed25519_private.pem:
openssl genpkey -algorithm ED25519 -out ed25519_private.pem
Index: node-v17.3.0/test/fixtures/keys/rsa_pss_private_2048_sha1_sha1_20.pem
===================================================================
--- node-v17.3.0.orig/test/fixtures/keys/rsa_pss_private_2048_sha1_sha1_20.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQowAASCBKcwggSjAgEAAoIBAQCpdutzsPFQ1100
-ouR5aAwYry8aAtG0c+zX9UqNXGCpRDWzPPpXHUZSB1BmTTL4EhK2tkAfblYNqzRu
-CAYlKHbFpFLs2zLEorfp0WsFNPaBHE9JHpLIM4oXxPCUypZ7JAn56ZYonYCZ8Il5
-8SzD9aoF41RTEmpcx3XkL2RQa022RiSccYZKx/yzskUUAdTvTvYyujH1MkvsfVP+
-Ns5bRL6IVqowFd3xv6ctvfQMxz0rltgTC+wOm3CFtn+G63y6P/Z0U2DRdacsNkN6
-PFGXAIB0kSvKzs8gVocEBiSwMkcT/KD3R68PY18b2auqaGcm8gA+gaVJ36KAW4dO
-AjbY+YitAgMBAAECggEAfPvfFXln0Ra1gE+vMDdjzITPuWBg57Uj9fbMIEwEYnKT
-JHmRrNRDe9Y3HuxK7hjuQmFSE5xdzUD6rzgtyBP63TOfkV7tJ4dXGxS/2JxCPeDy
-PNxWp18Ttwoh4as0pudikDYN8DCRm3eC/TO5r2EtH6CVHZuUZI8bTMsDMiihrQ8F
-B8+KucBG5DDy/OlDeieAZxZA4Y0/c+W0DNZ/LIPGwaqMzYCSZJXyV0t33HytUwM2
-QZ+RbWqcUcrCI3lFAO8IyEULCi+RnSByZeJ0xwUkdQTI5jT6+G8BrO70Oiab8g+Q
-Rx2s7PxWpIMVS7/JD1PsL4hLrVh3uqh8PZl3/FG9IQKBgQDZWkOR2LA+ixmD6XJb
-Q+7zW2guHnK6wDrQFKmBGLaDdAER64WL1Unt6Umu7FPxth2niYMEgRexBgnj5hQN
-LfPYTiIeXs5ErrU96fVQABsV0Hra1M2Rhve5nynjFFpbHjDXtizzLpE30MsC7YkN
-EqD4YYzjWHrbk/UlQ7tx3eAvtQKBgQDHmNM4TRuyH2yaYxDqnho6fgJv7Z4KgbM0
-1wcUxi5kPDQsFtaVOzFhNserzsWvotQjLkC2+CK5qlCdm59ZlpUqszF6+YyUs5Gq
-WmHdqryduT1VxSV/pd6wGEQo27fxFV7LsT1JhVMh9Iri8MK0b1BD6+kVUf5NcKDB
-Od2o8A1gGQKBgA5Y3Pj1mrymJesFL91CYLWDpR7WN7CIG9m8Y2v4G6QVtjRenZQb
-YiPoMErxoqDj6pUyiIl1lADFa0W13ED6dYwjrDDhBTCXb7NEjELZnvATsOhc/6zJ
-gfSowvUQVN6K4aJ7jgAHZOKQT7ZDw7YvMpzyo4AmSQXRgG8TR34+rRu5AoGACApP
-9+SjSPmbFl0HQWw9Aj4xOvEHfMTcwzQmRN/23nLOZzhETJ6lzpS2VmVt8TVN9lzW
-nohAXdpOhQrP0HwQZjfxtlJ3J0ZUh9g8OQG3t2LO5bWbXRkBb3aKyFqRflSuDOaG
-4X9NagC/14R7U2loglPuf71d0SDIWQBLvZJt94ECgYEAnY7aKHnWdLszcB8uyEkJ
-EJkUEaa+K/nTqOzqffZ01cTWJmUG7a2KuvQ+UQM2BHk2+wBmUo45Iz/dyePOJY0B
-Fu2agiV4+R4z2XVQnIvXgY5HaPxvLz0THksY/pD58gBmFaLMx4ADEwQ+s4Y2g12H
-ABsKNRHfSnKTwOm/dYvcVqs=
------END PRIVATE KEY-----
Index: node-v17.3.0/test/fixtures/keys/rsa_pss_public_2048_sha1_sha1_20.pem
===================================================================
--- node-v17.3.0.orig/test/fixtures/keys/rsa_pss_public_2048_sha1_sha1_20.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQowAAOCAQ8AMIIBCgKCAQEAqXbrc7DxUNddNKLkeWgM
-GK8vGgLRtHPs1/VKjVxgqUQ1szz6Vx1GUgdQZk0y+BIStrZAH25WDas0bggGJSh2
-xaRS7NsyxKK36dFrBTT2gRxPSR6SyDOKF8TwlMqWeyQJ+emWKJ2AmfCJefEsw/Wq
-BeNUUxJqXMd15C9kUGtNtkYknHGGSsf8s7JFFAHU7072Mrox9TJL7H1T/jbOW0S+
-iFaqMBXd8b+nLb30DMc9K5bYEwvsDptwhbZ/hut8uj/2dFNg0XWnLDZDejxRlwCA
-dJErys7PIFaHBAYksDJHE/yg90evD2NfG9mrqmhnJvIAPoGlSd+igFuHTgI22PmI
-rQIDAQAB
------END PUBLIC KEY-----
Index: node-v17.3.0/test/parallel/test-crypto-key-objects.js
===================================================================
--- node-v17.3.0.orig/test/parallel/test-crypto-key-objects.js
+++ node-v17.3.0/test/parallel/test-crypto-key-objects.js
@@ -582,21 +582,11 @@ const privateDsa = fixtures.readKey('dsa
const publicKey = createPublicKey(publicPem);
const privateKey = createPrivateKey(privatePem);
- // Because no RSASSA-PSS-params appears in the PEM, no defaults should be
- // added for the PSS parameters. This is different from an empty
- // RSASSA-PSS-params sequence (see test below).
- const expectedKeyDetails = {
- modulusLength: 2048,
- publicExponent: 65537n
- };
-
assert.strictEqual(publicKey.type, 'public');
assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
- assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails);
assert.strictEqual(privateKey.type, 'private');
assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
- assert.deepStrictEqual(privateKey.asymmetricKeyDetails,
expectedKeyDetails);
assert.throws(
() => publicKey.export({ format: 'jwk' }),
@@ -635,38 +625,6 @@ const privateDsa = fixtures.readKey('dsa
}
{
- // This key pair enforces sha1 as the message digest and the MGF1
- // message digest and a salt length of 20 bytes.
-
- const publicPem = fixtures.readKey('rsa_pss_public_2048_sha1_sha1_20.pem');
- const privatePem =
- fixtures.readKey('rsa_pss_private_2048_sha1_sha1_20.pem');
-
- const publicKey = createPublicKey(publicPem);
- const privateKey = createPrivateKey(privatePem);
-
- // Unlike the previous key pair, this key pair contains an
RSASSA-PSS-params
- // sequence. However, because all values in the RSASSA-PSS-params are set
to
- // their defaults (see RFC 3447), the ASN.1 structure contains an empty
- // sequence. Node.js should add the default values to the key details.
- const expectedKeyDetails = {
- modulusLength: 2048,
- publicExponent: 65537n,
- hashAlgorithm: 'sha1',
- mgf1HashAlgorithm: 'sha1',
- saltLength: 20
- };
-
- assert.strictEqual(publicKey.type, 'public');
- assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
- assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails);
-
- assert.strictEqual(privateKey.type, 'private');
- assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
- assert.deepStrictEqual(privateKey.asymmetricKeyDetails,
expectedKeyDetails);
- }
-
- {
// This key pair enforces sha256 as the message digest and the MGF1
// message digest and a salt length of at least 16 bytes.
const publicPem =
@@ -724,21 +682,11 @@ const privateDsa = fixtures.readKey('dsa
const publicKey = createPublicKey(publicPem);
const privateKey = createPrivateKey(privatePem);
- const expectedKeyDetails = {
- modulusLength: 2048,
- publicExponent: 65537n,
- hashAlgorithm: 'sha512',
- mgf1HashAlgorithm: 'sha256',
- saltLength: 20
- };
-
assert.strictEqual(publicKey.type, 'public');
assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
- assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails);
assert.strictEqual(privateKey.type, 'private');
assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
- assert.deepStrictEqual(privateKey.asymmetricKeyDetails,
expectedKeyDetails);
// Node.js usually uses the same hash function for the message and for
MGF1.
// However, when a different MGF1 message digest algorithm has been
Index: node-v17.3.0/test/parallel/test-crypto-keygen.js
===================================================================
--- node-v17.3.0.orig/test/parallel/test-crypto-keygen.js
+++ node-v17.3.0/test/parallel/test-crypto-keygen.js
@@ -309,20 +309,14 @@ const sec1EncExp = (cipher) => getRegExp
assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, {
modulusLength: 512,
- publicExponent: 65537n,
- hashAlgorithm: 'sha256',
- mgf1HashAlgorithm: 'sha256',
- saltLength: 16
+ publicExponent: 65537n
});
assert.strictEqual(privateKey.type, 'private');
assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
assert.deepStrictEqual(privateKey.asymmetricKeyDetails, {
modulusLength: 512,
- publicExponent: 65537n,
- hashAlgorithm: 'sha256',
- mgf1HashAlgorithm: 'sha256',
- saltLength: 16
+ publicExponent: 65537n
});
// Unlike RSA, RSA-PSS does not allow encryption.
@@ -381,10 +375,7 @@ const sec1EncExp = (cipher) => getRegExp
}, common.mustSucceed((publicKey, privateKey) => {
const expectedKeyDetails = {
modulusLength: 512,
- publicExponent: 65537n,
- hashAlgorithm: 'sha256',
- mgf1HashAlgorithm: 'sha256',
- saltLength: 16
+ publicExponent: 65537n
};
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails);
assert.deepStrictEqual(privateKey.asymmetricKeyDetails,
expectedKeyDetails);
@@ -401,10 +392,7 @@ const sec1EncExp = (cipher) => getRegExp
}, common.mustSucceed((publicKey, privateKey) => {
const expectedKeyDetails = {
modulusLength: 512,
- publicExponent: 65537n,
- hashAlgorithm: 'sha512',
- mgf1HashAlgorithm: 'sha512',
- saltLength: 64
+ publicExponent: 65537n
};
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails);
assert.deepStrictEqual(privateKey.asymmetricKeyDetails,
expectedKeyDetails);
@@ -418,10 +406,7 @@ const sec1EncExp = (cipher) => getRegExp
}, common.mustSucceed((publicKey, privateKey) => {
const expectedKeyDetails = {
modulusLength: 512,
- publicExponent: 65537n,
- hashAlgorithm: 'sha512',
- mgf1HashAlgorithm: 'sha512',
- saltLength: 0
+ publicExponent: 65537n
};
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails);
assert.deepStrictEqual(privateKey.asymmetricKeyDetails,
expectedKeyDetails);
@@ -1646,20 +1631,14 @@ if (!common.hasOpenSSL3) {
assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, {
modulusLength: 512,
- publicExponent: 65537n,
- hashAlgorithm: 'sha256',
- mgf1HashAlgorithm: 'sha256',
- saltLength: 16
+ publicExponent: 65537n
});
assert.strictEqual(privateKey.type, 'private');
assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
assert.deepStrictEqual(privateKey.asymmetricKeyDetails, {
modulusLength: 512,
- publicExponent: 65537n,
- hashAlgorithm: 'sha256',
- mgf1HashAlgorithm: 'sha256',
- saltLength: 16
+ publicExponent: 65537n
});
}));
}
Index: node-v17.3.0/test/parallel/test-crypto-keygen-deprecation.js
===================================================================
--- node-v17.3.0.orig/test/parallel/test-crypto-keygen-deprecation.js
+++ node-v17.3.0/test/parallel/test-crypto-keygen-deprecation.js
@@ -32,20 +32,14 @@ const { generateKeyPair } = require('cry
assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, {
modulusLength: 512,
- publicExponent: 65537n,
- hashAlgorithm: 'sha256',
- mgf1HashAlgorithm: 'sha256',
- saltLength: 16
+ publicExponent: 65537n
});
assert.strictEqual(privateKey.type, 'private');
assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
assert.deepStrictEqual(privateKey.asymmetricKeyDetails, {
modulusLength: 512,
- publicExponent: 65537n,
- hashAlgorithm: 'sha256',
- mgf1HashAlgorithm: 'sha256',
- saltLength: 16
+ publicExponent: 65537n
});
}));
}
