From 04a585e6a551bbfe0e7873a9764fdccf520474e0 Mon Sep 17 00:00:00 2001 From: misaka00251 Date: Thu, 29 May 2025 18:46:01 +0800 Subject: [PATCH] Update to 22.16.0 --- 0001-Use-system-uv-zlib.patch | 25 - ...ome-errors-related-to-CVE-2025-23085.patch | 51 -- 0001-fix-compile-with-GCC-UBSAN.patch | 308 ++++++++++ CVE-2023-45853.patch | 36 -- CVE-2024-5274.patch | 38 -- CVE-2024-7971.patch | 101 ---- CVE-2025-23165.patch | 38 -- CVE-2025-23166.patch | 544 ------------------ ...ata-bin-l.zip => icu4c-77_1-data-bin-l.zip | 4 +- node-v20.18.2.tar.xz => node-v22.16.0.tar.xz | 4 +- nodejs.spec | 62 +- 11 files changed, 349 insertions(+), 862 deletions(-) delete mode 100644 0001-Use-system-uv-zlib.patch delete mode 100644 0001-correct-some-errors-related-to-CVE-2025-23085.patch create mode 100644 0001-fix-compile-with-GCC-UBSAN.patch delete mode 100644 CVE-2023-45853.patch delete mode 100644 CVE-2024-5274.patch delete mode 100644 CVE-2024-7971.patch delete mode 100644 CVE-2025-23165.patch delete mode 100644 CVE-2025-23166.patch rename icu4c-75_1-data-bin-l.zip => icu4c-77_1-data-bin-l.zip (32%) rename node-v20.18.2.tar.xz => node-v22.16.0.tar.xz (32%) diff --git a/0001-Use-system-uv-zlib.patch b/0001-Use-system-uv-zlib.patch deleted file mode 100644 index 4872187..0000000 --- a/0001-Use-system-uv-zlib.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 114ef2bb6ce7712a9b6be0593d38e6a8874f8b67 Mon Sep 17 00:00:00 2001 -From: misaka00251 -Date: Mon, 22 May 2023 21:44:32 +0800 -Subject: [PATCH] Use system uv & zlib - ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 0be0659d..3c442014 100644 ---- a/Makefile -+++ b/Makefile -@@ -169,7 +169,7 @@ with-code-cache test-code-cache: - $(warning '$@' target is a noop) - - out/Makefile: config.gypi common.gypi node.gyp \ -- deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \ -+ deps/llhttp/llhttp.gyp \ - deps/simdutf/simdutf.gyp deps/ada/ada.gyp \ - tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \ - tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp --- -2.39.2 (Apple Git-143) - diff --git a/0001-correct-some-errors-related-to-CVE-2025-23085.patch b/0001-correct-some-errors-related-to-CVE-2025-23085.patch deleted file mode 100644 index 7bc00c4..0000000 --- a/0001-correct-some-errors-related-to-CVE-2025-23085.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 888d300c1ae7f1ef4d0eda26df9335b02b62e7b0 Mon Sep 17 00:00:00 2001 -From: hanguanqiang -Date: Wed, 2 Apr 2025 14:42:23 +0800 -Subject: [PATCH] correct some errors related to CVE-2025-23085 - ---- - src/node_http2.cc | 2 +- - test/parallel/test-http2-premature-close.js | 6 +++--- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/node_http2.cc b/src/node_http2.cc -index 1569149b..5a24f99e 100644 ---- a/src/node_http2.cc -+++ b/src/node_http2.cc -@@ -1193,7 +1193,7 @@ int Http2Session::OnFrameNotSent(nghttp2_session* handle, - // closed but the Http2Session will still be up causing a memory leak. - // Therefore, if the GOAWAY frame couldn't be send due to - // ERR_SESSION_CLOSING we should force close from our side. -- if (frame->hd.type != 0x03) { -+ if (frame->hd.type != NGHTTP2_GOAWAY) { - return 0; - } - } -diff --git a/test/parallel/test-http2-premature-close.js b/test/parallel/test-http2-premature-close.js -index a9b08f55..df30c429 100644 ---- a/test/parallel/test-http2-premature-close.js -+++ b/test/parallel/test-http2-premature-close.js -@@ -29,9 +29,9 @@ async function requestAndClose(server) { - // Send a valid HEADERS frame - const headersFrame = Buffer.concat([ - Buffer.from([ -- 0x00, 0x00, 0x0c, // Length: 12 bytes -+ 0x00, 0x00, 0x0e, // Length: 14 bytes - 0x01, // Type: HEADERS -- 0x05, // Flags: END_HEADERS + END_STREAM -+ 0x04, // Flags: END_HEADERS - (streamId >> 24) & 0xFF, // Stream ID: high byte - (streamId >> 16) & 0xFF, - (streamId >> 8) & 0xFF, -@@ -41,7 +41,7 @@ async function requestAndClose(server) { - 0x82, // Indexed Header Field Representation (Predefined ":method: GET") - 0x84, // Indexed Header Field Representation (Predefined ":path: /") - 0x86, // Indexed Header Field Representation (Predefined ":scheme: http") -- 0x44, 0x0a, // Custom ":authority: localhost" -+ 0x41, 0x09, // ":authority: localhost" Length: 9 bytes - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, - ]), - ]); --- -2.43.0 - diff --git a/0001-fix-compile-with-GCC-UBSAN.patch b/0001-fix-compile-with-GCC-UBSAN.patch new file mode 100644 index 0000000..822fb57 --- /dev/null +++ b/0001-fix-compile-with-GCC-UBSAN.patch @@ -0,0 +1,308 @@ +From 6042c61424c1e607848a900c7c82985a814d801e Mon Sep 17 00:00:00 2001 +From: Petr Matrix +Date: Fri, 23 May 2025 12:15:21 +0800 +Subject: [PATCH] fix compile with GCC UBSAN + +GCC errantly enables -fno-delete-null-pointer-checks. + +Ref: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71962 +Ref: https://github.com/abseil/abseil-cpp/issues/1634#issuecomment-2576011026 +Signed-off-by: misaka00251 +--- + .../abseil-cpp/absl/container/flat_hash_map.h | 7 ++++--- + .../abseil-cpp/absl/container/flat_hash_set.h | 5 +++-- + .../absl/container/internal/hash_policy_traits.h | 4 ++-- + .../container/internal/hash_policy_traits_test.cc | 13 +++++++------ + .../internal/raw_hash_set_allocator_test.cc | 5 +++-- + .../container/internal/raw_hash_set_benchmark.cc | 9 +++++---- + .../internal/raw_hash_set_probe_benchmark.cc | 3 ++- + .../absl/container/internal/raw_hash_set_test.cc | 13 +++++++------ + .../abseil-cpp/absl/container/node_hash_map.h | 7 ++++--- + .../abseil-cpp/absl/container/node_hash_set.h | 5 +++-- + 10 files changed, 40 insertions(+), 31 deletions(-) + +diff --git a/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_map.h b/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_map.h +index a33c794f..f74c100e 100644 +--- a/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_map.h ++++ b/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_map.h +@@ -32,6 +32,7 @@ + + #include + #include ++#include + #include + #include + +@@ -607,10 +608,10 @@ struct FlatHashMapPolicy { + } + + template +- static constexpr HashSlotFn get_hash_slot_fn() { ++ static constexpr std::optional get_hash_slot_fn() { + return memory_internal::IsLayoutCompatible::value +- ? &TypeErasedApplyToSlotFn +- : nullptr; ++ ? std::optional(&TypeErasedApplyToSlotFn) ++ : std::nullopt; + } + + static size_t space_used(const slot_type*) { return 0; } +diff --git a/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_set.h b/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_set.h +index 5f72f954..b26daee5 100644 +--- a/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_set.h ++++ b/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_set.h +@@ -31,6 +31,7 @@ + + #include + #include ++#include + #include + #include + +@@ -508,8 +509,8 @@ struct FlatHashSetPolicy { + static size_t space_used(const T*) { return 0; } + + template +- static constexpr HashSlotFn get_hash_slot_fn() { +- return &TypeErasedApplyToSlotFn; ++ static constexpr std::optional get_hash_slot_fn() { ++ return std::optional(&TypeErasedApplyToSlotFn); + } + }; + } // namespace container_internal +diff --git a/deps/v8/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h b/deps/v8/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +index ec08794a..02bdba9b 100644 +--- a/deps/v8/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h ++++ b/deps/v8/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +@@ -160,9 +160,9 @@ struct hash_policy_traits : common_policy_traits { + // silent error: the address of * will never be NULL [-Werror=address] + #pragma GCC diagnostic ignored "-Waddress" + #endif +- return Policy::template get_hash_slot_fn() == nullptr ++ return !Policy::template get_hash_slot_fn().has_value() + ? &hash_slot_fn_non_type_erased +- : Policy::template get_hash_slot_fn(); ++ : Policy::template get_hash_slot_fn().value(); + #if defined(__GNUC__) && !defined(__clang__) + #pragma GCC diagnostic pop + #endif +diff --git a/deps/v8/third_party/abseil-cpp/absl/container/internal/hash_policy_traits_test.cc b/deps/v8/third_party/abseil-cpp/absl/container/internal/hash_policy_traits_test.cc +index 2d2c7c2c..66552635 100644 +--- a/deps/v8/third_party/abseil-cpp/absl/container/internal/hash_policy_traits_test.cc ++++ b/deps/v8/third_party/abseil-cpp/absl/container/internal/hash_policy_traits_test.cc +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + + #include "gmock/gmock.h" + #include "gtest/gtest.h" +@@ -46,8 +47,8 @@ struct PolicyWithoutOptionalOps { + static std::function value; + + template +- static constexpr HashSlotFn get_hash_slot_fn() { +- return nullptr; ++ static constexpr std::optional get_hash_slot_fn() { ++ return std::nullopt; + } + }; + +@@ -100,8 +101,8 @@ struct PolicyNoHashFn { + } + + template +- static constexpr HashSlotFn get_hash_slot_fn() { +- return nullptr; ++ static constexpr std::optional get_hash_slot_fn() { ++ return std::nullopt; + } + }; + +@@ -109,8 +110,8 @@ size_t* PolicyNoHashFn::apply_called_count; + + struct PolicyCustomHashFn : PolicyNoHashFn { + template +- static constexpr HashSlotFn get_hash_slot_fn() { +- return &TypeErasedApplyToSlotFn; ++ static constexpr std::optional get_hash_slot_fn() { ++ return std::optional(&TypeErasedApplyToSlotFn); + } + }; + +diff --git a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_allocator_test.cc b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_allocator_test.cc +index 7e7a5063..59907895 100644 +--- a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_allocator_test.cc ++++ b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_allocator_test.cc +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -181,8 +182,8 @@ struct Policy { + static slot_type& element(slot_type* slot) { return *slot; } + + template +- static constexpr HashSlotFn get_hash_slot_fn() { +- return nullptr; ++ static constexpr std::optional get_hash_slot_fn() { ++ return std::nullopt; + } + }; + +diff --git a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_benchmark.cc b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_benchmark.cc +index 0fa9c712..a4a2b02a 100644 +--- a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_benchmark.cc ++++ b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_benchmark.cc +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -62,8 +63,8 @@ struct IntPolicy { + } + + template +- static constexpr HashSlotFn get_hash_slot_fn() { +- return nullptr; ++ static constexpr std::optional get_hash_slot_fn() { ++ return std::nullopt; + } + }; + +@@ -125,8 +126,8 @@ class StringPolicy { + } + + template +- static constexpr HashSlotFn get_hash_slot_fn() { +- return nullptr; ++ static constexpr std::optional get_hash_slot_fn() { ++ return std::nullopt; + } + }; + +diff --git a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_probe_benchmark.cc b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_probe_benchmark.cc +index 8f36305d..be46f9e7 100644 +--- a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_probe_benchmark.cc ++++ b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_probe_benchmark.cc +@@ -16,6 +16,7 @@ + // distributions, all using the default hash function for swisstable. + + #include ++#include + #include // NOLINT + #include + +@@ -73,7 +74,7 @@ struct Policy { + + template + static constexpr auto get_hash_slot_fn() { +- return nullptr; ++ return std::nullopt; + } + }; + +diff --git a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_test.cc b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_test.cc +index 9180db59..585dabbb 100644 +--- a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_test.cc ++++ b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_test.cc +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -430,8 +431,8 @@ struct ValuePolicy { + } + + template +- static constexpr HashSlotFn get_hash_slot_fn() { +- return nullptr; ++ static constexpr std::optional get_hash_slot_fn() { ++ return std::nullopt; + } + + static constexpr bool soo_enabled() { return kSoo; } +@@ -538,8 +539,8 @@ class StringPolicy { + } + + template +- static constexpr HashSlotFn get_hash_slot_fn() { +- return nullptr; ++ static constexpr std::optional get_hash_slot_fn() { ++ return std::nullopt; + } + }; + +@@ -1020,8 +1021,8 @@ struct DecomposePolicy { + } + + template +- static constexpr HashSlotFn get_hash_slot_fn() { +- return nullptr; ++ static constexpr std::optional get_hash_slot_fn() { ++ return std::nullopt; + } + }; + +diff --git a/deps/v8/third_party/abseil-cpp/absl/container/node_hash_map.h b/deps/v8/third_party/abseil-cpp/absl/container/node_hash_map.h +index cb41543c..9606e91a 100644 +--- a/deps/v8/third_party/abseil-cpp/absl/container/node_hash_map.h ++++ b/deps/v8/third_party/abseil-cpp/absl/container/node_hash_map.h +@@ -38,6 +38,7 @@ + + #include + #include ++#include + #include + #include + +@@ -606,10 +607,10 @@ class NodeHashMapPolicy + static const Value& value(const value_type* elem) { return elem->second; } + + template +- static constexpr HashSlotFn get_hash_slot_fn() { ++ static constexpr std::optional get_hash_slot_fn() { + return memory_internal::IsLayoutCompatible::value +- ? &TypeErasedDerefAndApplyToSlotFn +- : nullptr; ++ ? std::optional(&TypeErasedDerefAndApplyToSlotFn) ++ : std::nullopt; + } + }; + } // namespace container_internal +diff --git a/deps/v8/third_party/abseil-cpp/absl/container/node_hash_set.h b/deps/v8/third_party/abseil-cpp/absl/container/node_hash_set.h +index 8cc4b624..014f78f8 100644 +--- a/deps/v8/third_party/abseil-cpp/absl/container/node_hash_set.h ++++ b/deps/v8/third_party/abseil-cpp/absl/container/node_hash_set.h +@@ -36,6 +36,7 @@ + #define ABSL_CONTAINER_NODE_HASH_SET_H_ + + #include ++#include + #include + + #include "absl/algorithm/container.h" +@@ -504,8 +505,8 @@ struct NodeHashSetPolicy + static size_t element_space_used(const T*) { return sizeof(T); } + + template +- static constexpr HashSlotFn get_hash_slot_fn() { +- return &TypeErasedDerefAndApplyToSlotFn; ++ static constexpr std::optional get_hash_slot_fn() { ++ return std::optional(&TypeErasedDerefAndApplyToSlotFn); + } + }; + } // namespace container_internal +-- +2.49.0 + diff --git a/CVE-2023-45853.patch b/CVE-2023-45853.patch deleted file mode 100644 index 676c1cb..0000000 --- a/CVE-2023-45853.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001 -From: Hans Wennborg -Date: Fri, 18 Aug 2023 11:05:33 +0200 -Subject: [PATCH] Reject overflows of zip header fields in minizip. - -This checks the lengths of the file name, extra field, and comment -that would be put in the zip headers, and rejects them if they are -too long. They are each limited to 65535 bytes in length by the zip -format. This also avoids possible buffer overflows if the provided -fields are too long. ---- - deps/v8/third_party/zlib/contrib/minizip/zip.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/deps/v8/third_party/zlib/contrib/minizip/zip.c b/deps/v8/third_party/zlib/contrib/minizip/zip.c -index 3d3d4cadd..0446109b2 100644 ---- a/deps/v8/third_party/zlib/contrib/minizip/zip.c -+++ b/deps/v8/third_party/zlib/contrib/minizip/zip.c -@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c - return ZIP_PARAMERROR; - #endif - -+ // The filename and comment length must fit in 16 bits. -+ if ((filename!=NULL) && (strlen(filename)>0xffff)) -+ return ZIP_PARAMERROR; -+ if ((comment!=NULL) && (strlen(comment)>0xffff)) -+ return ZIP_PARAMERROR; -+ // The extra field length must fit in 16 bits. If the member also requires -+ // a Zip64 extra block, that will also need to fit within that 16-bit -+ // length, but that will be checked for later. -+ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) -+ return ZIP_PARAMERROR; -+ - zi = (zip64_internal*)file; - - if (zi->in_opened_file_inzip == 1) diff --git a/CVE-2024-5274.patch b/CVE-2024-5274.patch deleted file mode 100644 index 17eb19a..0000000 --- a/CVE-2024-5274.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f79f2d4458557b78e390276cd39f88941ea2d6a9 Mon Sep 17 00:00:00 2001 -From: Shu-yu Guo -Date: Fri, 3 Jan 2025 17:32:00 +0800 -Subject: [PATCH] [parser] Using FunctionParsingScope for parsing class static - ---- - deps/v8/src/ast/scopes.cc | 2 +- - deps/v8/src/parsing/parser-base.h | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/deps/v8/src/ast/scopes.cc b/deps/v8/src/ast/scopes.cc -index cd8be1ca..1cbeaaca 100644 ---- a/deps/v8/src/ast/scopes.cc -+++ b/deps/v8/src/ast/scopes.cc -@@ -2420,7 +2420,7 @@ bool Scope::MustAllocate(Variable* var) { - var->set_is_used(); - if (inner_scope_calls_eval_ && !var->is_this()) var->SetMaybeAssigned(); - } -- DCHECK(!var->has_forced_context_allocation() || var->is_used()); -+ CHECK(!var->has_forced_context_allocation() || var->is_used()); - // Global variables do not need to be allocated. - return !var->IsGlobalObjectProperty() && var->is_used(); - } -diff --git a/deps/v8/src/parsing/parser-base.h b/deps/v8/src/parsing/parser-base.h -index cfba92d7..efefb37f 100644 ---- a/deps/v8/src/parsing/parser-base.h -+++ b/deps/v8/src/parsing/parser-base.h -@@ -2611,6 +2611,7 @@ typename ParserBase::BlockT ParserBase::ParseClassStaticBlock( - } - - FunctionState initializer_state(&function_state_, &scope_, initializer_scope); -+ FunctionParsingScope body_parsing_scope(impl()); - AcceptINScope accept_in(this, true); - - // Each static block has its own var and lexical scope, so make a new var --- -2.43.0 - diff --git a/CVE-2024-7971.patch b/CVE-2024-7971.patch deleted file mode 100644 index cc0b8df..0000000 --- a/CVE-2024-7971.patch +++ /dev/null @@ -1,101 +0,0 @@ -From b03d043bdc5abb867ef3d937f116dcb576e774e0 Mon Sep 17 00:00:00 2001 -From: Clemens Backes -Date: Fri, 3 Jan 2025 16:13:32 +0800 -Subject: [PATCH] [wasm] Spill all loop inputs before entering loop - ---- - .../v8/src/wasm/baseline/liftoff-assembler.cc | 35 +++++-------------- - deps/v8/src/wasm/baseline/liftoff-assembler.h | 6 ++-- - deps/v8/src/wasm/baseline/liftoff-compiler.cc | 2 +- - 3 files changed, 12 insertions(+), 31 deletions(-) - -diff --git a/deps/v8/src/wasm/baseline/liftoff-assembler.cc b/deps/v8/src/wasm/baseline/liftoff-assembler.cc -index 29120dd0..29ab4714 100644 ---- a/deps/v8/src/wasm/baseline/liftoff-assembler.cc -+++ b/deps/v8/src/wasm/baseline/liftoff-assembler.cc -@@ -764,29 +764,10 @@ void LiftoffAssembler::DropExceptionValueAtOffset(int offset) { - cache_state_.stack_state.pop_back(); - } - --void LiftoffAssembler::PrepareLoopArgs(int num) { -- for (int i = 0; i < num; ++i) { -- VarState& slot = cache_state_.stack_state.end()[-1 - i]; -- if (slot.is_stack()) continue; -- RegClass rc = reg_class_for(slot.kind()); -- if (slot.is_reg()) { -- if (cache_state_.get_use_count(slot.reg()) > 1) { -- // If the register is used more than once, we cannot use it for the -- // merge. Move it to an unused register instead. -- LiftoffRegList pinned; -- pinned.set(slot.reg()); -- LiftoffRegister dst_reg = GetUnusedRegister(rc, pinned); -- Move(dst_reg, slot.reg(), slot.kind()); -- cache_state_.dec_used(slot.reg()); -- cache_state_.inc_used(dst_reg); -- slot.MakeRegister(dst_reg); -- } -- continue; -- } -- LiftoffRegister reg = GetUnusedRegister(rc, {}); -- LoadConstant(reg, slot.constant()); -- slot.MakeRegister(reg); -- cache_state_.inc_used(reg); -+void LiftoffAssembler::SpillLoopArgs(int num) { -+ for (VarState& slot : -+ base::VectorOf(cache_state_.stack_state.end() - num, num)) { -+ Spill(&slot); - } - } - -@@ -978,14 +959,14 @@ void LiftoffAssembler::Spill(VarState* slot) { - } - - void LiftoffAssembler::SpillLocals() { -- for (uint32_t i = 0; i < num_locals_; ++i) { -- Spill(&cache_state_.stack_state[i]); -+ for (VarState& local_slot : -+ base::VectorOf(cache_state_.stack_state.data(), num_locals_)) { -+ Spill(&local_slot); - } - } - - void LiftoffAssembler::SpillAllRegisters() { -- for (uint32_t i = 0, e = cache_state_.stack_height(); i < e; ++i) { -- auto& slot = cache_state_.stack_state[i]; -+ for (VarState& slot : cache_state_.stack_state) { - if (!slot.is_reg()) continue; - Spill(slot.offset(), slot.reg(), slot.kind()); - slot.MakeStack(); -diff --git a/deps/v8/src/wasm/baseline/liftoff-assembler.h b/deps/v8/src/wasm/baseline/liftoff-assembler.h -index aef63c64..d5c3b056 100644 ---- a/deps/v8/src/wasm/baseline/liftoff-assembler.h -+++ b/deps/v8/src/wasm/baseline/liftoff-assembler.h -@@ -549,9 +549,9 @@ class LiftoffAssembler : public MacroAssembler { - // the bottom of the stack. - void DropExceptionValueAtOffset(int offset); - -- // Ensure that the loop inputs are either in a register or spilled to the -- // stack, so that we can merge different values on the back-edge. -- void PrepareLoopArgs(int num); -+ // Spill all loop inputs to the stack to free registers and to ensure that we -+ // can merge different values on the back-edge. -+ void SpillLoopArgs(int num); - - V8_INLINE static int NextSpillOffset(ValueKind kind, int top_spill_offset) { - int offset = top_spill_offset + SlotSizeForType(kind); -diff --git a/deps/v8/src/wasm/baseline/liftoff-compiler.cc b/deps/v8/src/wasm/baseline/liftoff-compiler.cc -index f0887de7..9aed6ddd 100644 ---- a/deps/v8/src/wasm/baseline/liftoff-compiler.cc -+++ b/deps/v8/src/wasm/baseline/liftoff-compiler.cc -@@ -1262,7 +1262,7 @@ class LiftoffCompiler { - // pre-analysis of the function. - __ SpillLocals(); - -- __ PrepareLoopArgs(loop->start_merge.arity); -+ __ SpillLoopArgs(loop->start_merge.arity); - - // Loop labels bind at the beginning of the block. - __ bind(loop->label.get()); --- -2.43.0 - diff --git a/CVE-2025-23165.patch b/CVE-2025-23165.patch deleted file mode 100644 index 510a520..0000000 --- a/CVE-2025-23165.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 9e13bf0a81e15c7b3a9f1826dccbcea991d7e63a Mon Sep 17 00:00:00 2001 -From: Justin Nietzel -Date: Wed, 9 Apr 2025 16:51:27 -0400 -Subject: [PATCH] fs: add missing call to uv_fs_req_cleanup - -Always call uv_fs_req_cleanup after calling uv_fs_open instead of just -when uv_fs_open returns a negative result. I referenced ReadFileSync -from node:js2c when making this change. - -https://github.com/bnoordhuis made the same suggestion based on the -PR https://github.com/nodejs/node/pull/49691. - -Fixes: https://github.com/nodejs/node/issues/57800 -PR-URL: https://github.com/nodejs/node/pull/57811 -Reviewed-By: Matteo Collina -Reviewed-By: James M Snell -CVE-ID: CVE-2025-23165 - -Origin: https://github.com/nodejs/node/commit/9e13bf0a81e15c7b3a9f1826dccbcea991d7e63a ---- - src/node_file.cc | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/node_file.cc b/src/node_file.cc -index 39a70311f4ad21..bba27a4a901594 100644 ---- a/src/node_file.cc -+++ b/src/node_file.cc -@@ -2615,9 +2615,9 @@ static void ReadFileUtf8(const FunctionCallbackInfo& args) { - FS_SYNC_TRACE_END(open); - if (req.result < 0) { - uv_fs_req_cleanup(&req); -- // req will be cleaned up by scope leave. - return env->ThrowUVException(req.result, "open", nullptr, path.out()); - } -+ uv_fs_req_cleanup(&req); - } - - auto defer_close = OnScopeLeave([file, is_fd, &req]() { diff --git a/CVE-2025-23166.patch b/CVE-2025-23166.patch deleted file mode 100644 index c6b4d3b..0000000 --- a/CVE-2025-23166.patch +++ /dev/null @@ -1,544 +0,0 @@ -From 6c57465920cf1b981a63031e71b1e4a73bf9beaa Mon Sep 17 00:00:00 2001 -From: RafaelGSS -Date: Mon, 12 May 2025 12:33:54 -0300 -Subject: [PATCH] src: fix error handling on async crypto operations -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fixes: https://hackerone.com/reports/2817648 -Co-Authored-By: Filip Skokan -Co-Authored-By: Tobias Nießen -Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/688 -CVE-ID: CVE-2025-23166 -PR-URL: https://github.com/nodejs-private/node-private/pull/710 - -Origin: https://github.com/nodejs/node/commit/6c57465920cf1b981a63031e71b1e4a73bf9beaa ---- - src/crypto/crypto_dh.cc | 8 +++--- - src/crypto/crypto_dh.h | 8 +++--- - src/crypto/crypto_ec.cc | 3 +- - src/crypto/crypto_ec.h | 8 +++--- - src/crypto/crypto_hash.cc | 8 +++--- - src/crypto/crypto_hash.h | 8 +++--- - src/crypto/crypto_hkdf.cc | 8 +++--- - src/crypto/crypto_hkdf.h | 8 +++--- - src/crypto/crypto_hmac.cc | 8 +++--- - src/crypto/crypto_hmac.h | 8 +++--- - src/crypto/crypto_pbkdf2.cc | 8 +++--- - src/crypto/crypto_pbkdf2.h | 8 +++--- - src/crypto/crypto_random.cc | 20 ++++++------- - src/crypto/crypto_random.h | 19 +++++++------ - src/crypto/crypto_scrypt.cc | 8 +++--- - src/crypto/crypto_scrypt.h | 8 +++--- - src/crypto/crypto_sig.cc | 28 +++++++++++-------- - src/crypto/crypto_sig.h | 8 +++--- - src/crypto/crypto_util.h | 3 +- - .../parallel/test-crypto-async-sign-verify.js | 26 +++++++++++++++++ - 20 files changed, 122 insertions(+), 89 deletions(-) - -diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc -index dac37f52b9687c..5d26faa578b5f0 100644 ---- a/src/crypto/crypto_dh.cc -+++ b/src/crypto/crypto_dh.cc -@@ -705,10 +705,10 @@ Maybe DHBitsTraits::EncodeOutput( - return Just(!result->IsEmpty()); - } - --bool DHBitsTraits::DeriveBits( -- Environment* env, -- const DHBitsConfig& params, -- ByteSource* out) { -+bool DHBitsTraits::DeriveBits(Environment* env, -+ const DHBitsConfig& params, -+ ByteSource* out, -+ CryptoJobMode mode) { - *out = StatelessDiffieHellmanThreadsafe( - params.private_key->GetAsymmetricKey(), - params.public_key->GetAsymmetricKey()); -diff --git a/src/crypto/crypto_dh.h b/src/crypto/crypto_dh.h -index ec12548dbe57d5..f7c4b675725412 100644 ---- a/src/crypto/crypto_dh.h -+++ b/src/crypto/crypto_dh.h -@@ -131,10 +131,10 @@ struct DHBitsTraits final { - unsigned int offset, - DHBitsConfig* params); - -- static bool DeriveBits( -- Environment* env, -- const DHBitsConfig& params, -- ByteSource* out_); -+ static bool DeriveBits(Environment* env, -+ const DHBitsConfig& params, -+ ByteSource* out_, -+ CryptoJobMode mode); - - static v8::Maybe EncodeOutput( - Environment* env, -diff --git a/src/crypto/crypto_ec.cc b/src/crypto/crypto_ec.cc -index e8653c7db88590..4484c22265695d 100644 ---- a/src/crypto/crypto_ec.cc -+++ b/src/crypto/crypto_ec.cc -@@ -480,7 +480,8 @@ Maybe ECDHBitsTraits::AdditionalConfig( - - bool ECDHBitsTraits::DeriveBits(Environment* env, - const ECDHBitsConfig& params, -- ByteSource* out) { -+ ByteSource* out, -+ CryptoJobMode mode) { - size_t len = 0; - ManagedEVPPKey m_privkey = params.private_->GetAsymmetricKey(); - ManagedEVPPKey m_pubkey = params.public_->GetAsymmetricKey(); -diff --git a/src/crypto/crypto_ec.h b/src/crypto/crypto_ec.h -index adeef8e3a3a92d..d5e180d1e34427 100644 ---- a/src/crypto/crypto_ec.h -+++ b/src/crypto/crypto_ec.h -@@ -77,10 +77,10 @@ struct ECDHBitsTraits final { - unsigned int offset, - ECDHBitsConfig* params); - -- static bool DeriveBits( -- Environment* env, -- const ECDHBitsConfig& params, -- ByteSource* out_); -+ static bool DeriveBits(Environment* env, -+ const ECDHBitsConfig& params, -+ ByteSource* out_, -+ CryptoJobMode mode); - - static v8::Maybe EncodeOutput( - Environment* env, -diff --git a/src/crypto/crypto_hash.cc b/src/crypto/crypto_hash.cc -index 09ed200299646a..da301e433159f8 100644 ---- a/src/crypto/crypto_hash.cc -+++ b/src/crypto/crypto_hash.cc -@@ -501,10 +501,10 @@ Maybe HashTraits::AdditionalConfig( - return Just(true); - } - --bool HashTraits::DeriveBits( -- Environment* env, -- const HashConfig& params, -- ByteSource* out) { -+bool HashTraits::DeriveBits(Environment* env, -+ const HashConfig& params, -+ ByteSource* out, -+ CryptoJobMode mode) { - EVPMDCtxPointer ctx(EVP_MD_CTX_new()); - - if (UNLIKELY(!ctx || -diff --git a/src/crypto/crypto_hash.h b/src/crypto/crypto_hash.h -index 07e3a2ae4635b8..0ea2114fc81a38 100644 ---- a/src/crypto/crypto_hash.h -+++ b/src/crypto/crypto_hash.h -@@ -70,10 +70,10 @@ struct HashTraits final { - unsigned int offset, - HashConfig* params); - -- static bool DeriveBits( -- Environment* env, -- const HashConfig& params, -- ByteSource* out); -+ static bool DeriveBits(Environment* env, -+ const HashConfig& params, -+ ByteSource* out, -+ CryptoJobMode mode); - - static v8::Maybe EncodeOutput( - Environment* env, -diff --git a/src/crypto/crypto_hkdf.cc b/src/crypto/crypto_hkdf.cc -index 0dd9b42473ca73..526be1d064a7ec 100644 ---- a/src/crypto/crypto_hkdf.cc -+++ b/src/crypto/crypto_hkdf.cc -@@ -100,10 +100,10 @@ Maybe HKDFTraits::AdditionalConfig( - return Just(true); - } - --bool HKDFTraits::DeriveBits( -- Environment* env, -- const HKDFConfig& params, -- ByteSource* out) { -+bool HKDFTraits::DeriveBits(Environment* env, -+ const HKDFConfig& params, -+ ByteSource* out, -+ CryptoJobMode mode) { - EVPKeyCtxPointer ctx = - EVPKeyCtxPointer(EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr)); - if (!ctx || !EVP_PKEY_derive_init(ctx.get()) || -diff --git a/src/crypto/crypto_hkdf.h b/src/crypto/crypto_hkdf.h -index c4a537cef8a792..acd2b670a8c8e7 100644 ---- a/src/crypto/crypto_hkdf.h -+++ b/src/crypto/crypto_hkdf.h -@@ -42,10 +42,10 @@ struct HKDFTraits final { - unsigned int offset, - HKDFConfig* params); - -- static bool DeriveBits( -- Environment* env, -- const HKDFConfig& params, -- ByteSource* out); -+ static bool DeriveBits(Environment* env, -+ const HKDFConfig& params, -+ ByteSource* out, -+ CryptoJobMode mode); - - static v8::Maybe EncodeOutput( - Environment* env, -diff --git a/src/crypto/crypto_hmac.cc b/src/crypto/crypto_hmac.cc -index 86315374fdf71c..0b42a662385867 100644 ---- a/src/crypto/crypto_hmac.cc -+++ b/src/crypto/crypto_hmac.cc -@@ -220,10 +220,10 @@ Maybe HmacTraits::AdditionalConfig( - return Just(true); - } - --bool HmacTraits::DeriveBits( -- Environment* env, -- const HmacConfig& params, -- ByteSource* out) { -+bool HmacTraits::DeriveBits(Environment* env, -+ const HmacConfig& params, -+ ByteSource* out, -+ CryptoJobMode mode) { - HMACCtxPointer ctx(HMAC_CTX_new()); - - if (!ctx || -diff --git a/src/crypto/crypto_hmac.h b/src/crypto/crypto_hmac.h -index c80cc36f11dddc..dd490f05ec2a80 100644 ---- a/src/crypto/crypto_hmac.h -+++ b/src/crypto/crypto_hmac.h -@@ -73,10 +73,10 @@ struct HmacTraits final { - unsigned int offset, - HmacConfig* params); - -- static bool DeriveBits( -- Environment* env, -- const HmacConfig& params, -- ByteSource* out); -+ static bool DeriveBits(Environment* env, -+ const HmacConfig& params, -+ ByteSource* out, -+ CryptoJobMode mode); - - static v8::Maybe EncodeOutput( - Environment* env, -diff --git a/src/crypto/crypto_pbkdf2.cc b/src/crypto/crypto_pbkdf2.cc -index 963d0db6c62a45..f6d37dadcdf707 100644 ---- a/src/crypto/crypto_pbkdf2.cc -+++ b/src/crypto/crypto_pbkdf2.cc -@@ -111,10 +111,10 @@ Maybe PBKDF2Traits::AdditionalConfig( - return Just(true); - } - --bool PBKDF2Traits::DeriveBits( -- Environment* env, -- const PBKDF2Config& params, -- ByteSource* out) { -+bool PBKDF2Traits::DeriveBits(Environment* env, -+ const PBKDF2Config& params, -+ ByteSource* out, -+ CryptoJobMode mode) { - ByteSource::Builder buf(params.length); - - // Both pass and salt may be zero length here. -diff --git a/src/crypto/crypto_pbkdf2.h b/src/crypto/crypto_pbkdf2.h -index 6fda7cd3101002..11ffad784db59b 100644 ---- a/src/crypto/crypto_pbkdf2.h -+++ b/src/crypto/crypto_pbkdf2.h -@@ -55,10 +55,10 @@ struct PBKDF2Traits final { - unsigned int offset, - PBKDF2Config* params); - -- static bool DeriveBits( -- Environment* env, -- const PBKDF2Config& params, -- ByteSource* out); -+ static bool DeriveBits(Environment* env, -+ const PBKDF2Config& params, -+ ByteSource* out, -+ CryptoJobMode mode); - - static v8::Maybe EncodeOutput( - Environment* env, -diff --git a/src/crypto/crypto_random.cc b/src/crypto/crypto_random.cc -index 48154df7dc91ed..03bdcd5c6707d7 100644 ---- a/src/crypto/crypto_random.cc -+++ b/src/crypto/crypto_random.cc -@@ -56,10 +56,10 @@ Maybe RandomBytesTraits::AdditionalConfig( - return Just(true); - } - --bool RandomBytesTraits::DeriveBits( -- Environment* env, -- const RandomBytesConfig& params, -- ByteSource* unused) { -+bool RandomBytesTraits::DeriveBits(Environment* env, -+ const RandomBytesConfig& params, -+ ByteSource* unused, -+ CryptoJobMode mode) { - return CSPRNG(params.buffer, params.size).is_ok(); - } - -@@ -151,7 +151,8 @@ Maybe RandomPrimeTraits::AdditionalConfig( - - bool RandomPrimeTraits::DeriveBits(Environment* env, - const RandomPrimeConfig& params, -- ByteSource* unused) { -+ ByteSource* unused, -+ CryptoJobMode mode) { - // BN_generate_prime_ex() calls RAND_bytes_ex() internally. - // Make sure the CSPRNG is properly seeded. - CHECK(CSPRNG(nullptr, 0).is_ok()); -@@ -194,11 +195,10 @@ Maybe CheckPrimeTraits::AdditionalConfig( - return Just(true); - } - --bool CheckPrimeTraits::DeriveBits( -- Environment* env, -- const CheckPrimeConfig& params, -- ByteSource* out) { -- -+bool CheckPrimeTraits::DeriveBits(Environment* env, -+ const CheckPrimeConfig& params, -+ ByteSource* out, -+ CryptoJobMode mode) { - BignumCtxPointer ctx(BN_CTX_new()); - - int ret = BN_is_prime_ex( -diff --git a/src/crypto/crypto_random.h b/src/crypto/crypto_random.h -index a2807ed6ec8743..b673cbbfd1704f 100644 ---- a/src/crypto/crypto_random.h -+++ b/src/crypto/crypto_random.h -@@ -32,10 +32,10 @@ struct RandomBytesTraits final { - unsigned int offset, - RandomBytesConfig* params); - -- static bool DeriveBits( -- Environment* env, -- const RandomBytesConfig& params, -- ByteSource* out_); -+ static bool DeriveBits(Environment* env, -+ const RandomBytesConfig& params, -+ ByteSource* out_, -+ CryptoJobMode mode); - - static v8::Maybe EncodeOutput( - Environment* env, -@@ -72,7 +72,8 @@ struct RandomPrimeTraits final { - static bool DeriveBits( - Environment* env, - const RandomPrimeConfig& params, -- ByteSource* out_); -+ ByteSource* out_, -+ CryptoJobMode mode); - - static v8::Maybe EncodeOutput( - Environment* env, -@@ -105,10 +106,10 @@ struct CheckPrimeTraits final { - unsigned int offset, - CheckPrimeConfig* params); - -- static bool DeriveBits( -- Environment* env, -- const CheckPrimeConfig& params, -- ByteSource* out); -+ static bool DeriveBits(Environment* env, -+ const CheckPrimeConfig& params, -+ ByteSource* out, -+ CryptoJobMode mode); - - static v8::Maybe EncodeOutput( - Environment* env, -diff --git a/src/crypto/crypto_scrypt.cc b/src/crypto/crypto_scrypt.cc -index a262a2be96d7c3..2b21476d1b1bb4 100644 ---- a/src/crypto/crypto_scrypt.cc -+++ b/src/crypto/crypto_scrypt.cc -@@ -124,10 +124,10 @@ Maybe ScryptTraits::AdditionalConfig( - return Just(true); - } - --bool ScryptTraits::DeriveBits( -- Environment* env, -- const ScryptConfig& params, -- ByteSource* out) { -+bool ScryptTraits::DeriveBits(Environment* env, -+ const ScryptConfig& params, -+ ByteSource* out, -+ CryptoJobMode mode) { - ByteSource::Builder buf(params.length); - - // Both the pass and salt may be zero-length at this point -diff --git a/src/crypto/crypto_scrypt.h b/src/crypto/crypto_scrypt.h -index 3d185637f44be3..9ea9d75d85bf35 100644 ---- a/src/crypto/crypto_scrypt.h -+++ b/src/crypto/crypto_scrypt.h -@@ -57,10 +57,10 @@ struct ScryptTraits final { - unsigned int offset, - ScryptConfig* params); - -- static bool DeriveBits( -- Environment* env, -- const ScryptConfig& params, -- ByteSource* out); -+ static bool DeriveBits(Environment* env, -+ const ScryptConfig& params, -+ ByteSource* out, -+ CryptoJobMode mode); - - static v8::Maybe EncodeOutput( - Environment* env, -diff --git a/src/crypto/crypto_sig.cc b/src/crypto/crypto_sig.cc -index fa4ba62f8f94f5..27e74090c5a4ad 100644 ---- a/src/crypto/crypto_sig.cc -+++ b/src/crypto/crypto_sig.cc -@@ -713,11 +713,11 @@ Maybe SignTraits::AdditionalConfig( - return Just(true); - } - --bool SignTraits::DeriveBits( -- Environment* env, -- const SignConfiguration& params, -- ByteSource* out) { -- ClearErrorOnReturn clear_error_on_return; -+bool SignTraits::DeriveBits(Environment* env, -+ const SignConfiguration& params, -+ ByteSource* out, -+ CryptoJobMode mode) { -+ bool can_throw = mode == CryptoJobMode::kCryptoJobSync; - EVPMDCtxPointer context(EVP_MD_CTX_new()); - EVP_PKEY_CTX* ctx = nullptr; - -@@ -729,7 +729,7 @@ bool SignTraits::DeriveBits( - params.digest, - nullptr, - params.key.get())) { -- crypto::CheckThrow(env, SignBase::Error::kSignInit); -+ if (can_throw) crypto::CheckThrow(env, SignBase::Error::kSignInit); - return false; - } - break; -@@ -740,7 +740,7 @@ bool SignTraits::DeriveBits( - params.digest, - nullptr, - params.key.get())) { -- crypto::CheckThrow(env, SignBase::Error::kSignInit); -+ if (can_throw) crypto::CheckThrow(env, SignBase::Error::kSignInit); - return false; - } - break; -@@ -758,7 +758,7 @@ bool SignTraits::DeriveBits( - ctx, - padding, - salt_length)) { -- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); -+ if (can_throw) crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); - return false; - } - -@@ -772,7 +772,8 @@ bool SignTraits::DeriveBits( - &len, - params.data.data(), - params.data.size())) { -- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); -+ if (can_throw) -+ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); - return false; - } - ByteSource::Builder buf(len); -@@ -781,7 +782,8 @@ bool SignTraits::DeriveBits( - &len, - params.data.data(), - params.data.size())) { -- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); -+ if (can_throw) -+ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); - return false; - } - *out = std::move(buf).release(len); -@@ -792,13 +794,15 @@ bool SignTraits::DeriveBits( - params.data.data(), - params.data.size()) || - !EVP_DigestSignFinal(context.get(), nullptr, &len)) { -- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); -+ if (can_throw) -+ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); - return false; - } - ByteSource::Builder buf(len); - if (!EVP_DigestSignFinal( - context.get(), buf.data(), &len)) { -- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); -+ if (can_throw) -+ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey); - return false; - } - -diff --git a/src/crypto/crypto_sig.h b/src/crypto/crypto_sig.h -index 633201473e4645..3b2801fa11ef3f 100644 ---- a/src/crypto/crypto_sig.h -+++ b/src/crypto/crypto_sig.h -@@ -147,10 +147,10 @@ struct SignTraits final { - unsigned int offset, - SignConfiguration* params); - -- static bool DeriveBits( -- Environment* env, -- const SignConfiguration& params, -- ByteSource* out); -+ static bool DeriveBits(Environment* env, -+ const SignConfiguration& params, -+ ByteSource* out, -+ CryptoJobMode mode); - - static v8::Maybe EncodeOutput( - Environment* env, -diff --git a/src/crypto/crypto_util.h b/src/crypto/crypto_util.h -index 4ba261014695cf..06165a4dce48c4 100644 ---- a/src/crypto/crypto_util.h -+++ b/src/crypto/crypto_util.h -@@ -503,9 +503,10 @@ class DeriveBitsJob final : public CryptoJob { - std::move(params)) {} - - void DoThreadPoolWork() override { -+ ClearErrorOnReturn clear_error_on_return; - if (!DeriveBitsTraits::DeriveBits( - AsyncWrap::env(), -- *CryptoJob::params(), &out_)) { -+ *CryptoJob::params(), &out_, this->mode())) { - CryptoErrorStore* errors = CryptoJob::errors(); - errors->Capture(); - if (errors->Empty()) -diff --git a/test/parallel/test-crypto-async-sign-verify.js b/test/parallel/test-crypto-async-sign-verify.js -index 4e3c32fdcd23fb..5924d36e480721 100644 ---- a/test/parallel/test-crypto-async-sign-verify.js -+++ b/test/parallel/test-crypto-async-sign-verify.js -@@ -141,3 +141,29 @@ test('dsa_public.pem', 'dsa_private.pem', 'sha256', false, - }) - .catch(common.mustNotCall()); - } -+ -+{ -+ const untrustedKey = `-----BEGIN PUBLIC KEY----- -+MCowBQYDK2VuAyEA6pwGRbadNQAI/tYN8+/p/0/hbsdHfOEGr1ADiLVk/Gc= -+-----END PUBLIC KEY-----`; -+ const data = crypto.randomBytes(32); -+ const signature = crypto.randomBytes(16); -+ -+ const expected = common.hasOpenSSL3 ? -+ /operation not supported for this keytype/ : /no default digest/; -+ -+ crypto.verify(undefined, data, untrustedKey, signature, common.mustCall((err) => { -+ assert.ok(err); -+ assert.match(err.message, expected); -+ })); -+} -+ -+{ -+ const { privateKey } = crypto.generateKeyPairSync('rsa', { -+ modulusLength: 512 -+ }); -+ crypto.sign('sha512', 'message', privateKey, common.mustCall((err) => { -+ assert.ok(err); -+ assert.match(err.message, /digest too big for rsa key/); -+ })); -+} diff --git a/icu4c-75_1-data-bin-l.zip b/icu4c-77_1-data-bin-l.zip similarity index 32% rename from icu4c-75_1-data-bin-l.zip rename to icu4c-77_1-data-bin-l.zip index 164655d..e8e4b14 100644 --- a/icu4c-75_1-data-bin-l.zip +++ b/icu4c-77_1-data-bin-l.zip @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:593c2c0059108eda0ec0bd37b3d643d906599cfee451a3c5077921d77e485bdb -size 12159013 +oid sha256:0913674ff673c585f8bc08370916b6a6ccc30ffb6408a5c1bc3edbf5a687fd96 +size 12441528 diff --git a/node-v20.18.2.tar.xz b/node-v22.16.0.tar.xz similarity index 32% rename from node-v20.18.2.tar.xz rename to node-v22.16.0.tar.xz index 71461f2..6d1399c 100644 --- a/node-v20.18.2.tar.xz +++ b/node-v22.16.0.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:69bf81b70f3a95ae0763459f02860c282d7e3a47567c8afaf126cc778176a882 -size 41933624 +oid sha256:720894f323e5c1ac24968eb2676660c90730d715cb7f090be71a668662a17c37 +size 48547612 diff --git a/nodejs.spec b/nodejs.spec index 6c59561..7a4a6cb 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -1,37 +1,43 @@ -%global baserelease 3 +%global baserelease 1 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} %global nodejs_epoch 1 -%global nodejs_major 20 -%global nodejs_minor 18 -%global nodejs_patch 2 +%global nodejs_major 22 +%global nodejs_minor 16 +%global nodejs_patch 0 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} -%global nodejs_soversion 115 +%global nodejs_soversion 127 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch} %global nodejs_release %{baserelease} %global nodejs_datadir %{_datarootdir}/nodejs %global v8_epoch 3 -%global v8_major 11 -%global v8_minor 3 -%global v8_build 244 -%global v8_patch 8 +%global v8_major 12 +%global v8_minor 4 +%global v8_build 254 +%global v8_patch 21 %global v8_abi %{v8_major}.%{v8_minor} %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} %global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_version 1.33.1 +%global c_ares_version 1.34.5 # llhttp - from deps/llhttp/include/llhttp.h -%global llhttp_version 8.1.2 +%global llhttp_version 9.2.1 # libuv - from deps/uv/include/uv/version.h -%global libuv_version 1.46.0 +%global libuv_version 1.49.2 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -%global nghttp2_version 1.61.0 +%global nghttp2_version 1.64.0 -%global icu_major 75 +# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h +%global nghttp3_version 1.6.0 + +# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h +%global ngtcp2_version 1.11.0 + +%global icu_major 77 %global icu_minor 1 %global icu_version %{icu_major}.%{icu_minor} %global icudatadir %{nodejs_datadir}/icudata @@ -42,7 +48,7 @@ %global openssl3_minimum 1:3.0.2 %global punycode_version 2.1.0 %global npm_epoch 1 -%global npm_version 10.8.2 +%global npm_version 10.9.2 %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} # uvwasi - from deps/uvwasi/include/uvwasi.h @@ -52,7 +58,10 @@ %global histogram_version 0.9.7 # simdutf from deps/simdutf/simdutf.h -%global simdutf_version 5.5.0 +%global simdutf_version 6.4.2 + +# sqlite – from deps/sqlite/sqlite3.h +%global sqlite_version 3.49.1 # dtrace is not supported on Node.js 19+ %global dtrace_configure %{nil} @@ -72,13 +81,7 @@ Source2: btest402.js Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-data-bin-l.zip Source4: nodejs_native.attr -Patch0: 0001-Use-system-uv-zlib.patch -Patch1: CVE-2023-45853.patch -Patch2: CVE-2024-5274.patch -Patch3: CVE-2024-7971.patch -Patch4: 0001-correct-some-errors-related-to-CVE-2025-23085.patch -Patch5: CVE-2025-23165.patch -Patch6: CVE-2025-23166.patch +Patch0: 0001-fix-compile-with-GCC-UBSAN.patch BuildRequires: python3-devel python3-setuptools make BuildRequires: zlib-devel python3-jinja2 @@ -94,8 +97,11 @@ BuildRequires: libuv-devel >= 1:%{libuv_version} Requires: libuv >= 1:%{libuv_version} Provides: bundled(nghttp2) = %{nghttp2_version} +Provides: bundled(nghttp3) = %{nghttp3_version} +Provides: bundled(ngtcp2) = %{ngtcp2_version} Provides: bundled(llhttp) = %{llhttp_version} Provides: bundled(simdutf) = %{simdutf_version} +Provides: bundled(sqlite) = %{sqlite_version} BuildRequires: openssl-devel >= %{openssl_minimum} Requires: openssl >= %{openssl_minimum} @@ -110,12 +116,12 @@ Provides: nodejs(engine) = %{nodejs_version} Conflicts: node <= 0.3.2-12 Provides: nodejs-punycode = %{punycode_version} Provides: npm(punycode) = %{punycode_version} -Provides: bundled(c-ares) = %{c_ares_version} +BuildRequires: c-ares-devel Provides: bundled(v8) = %{v8_version} Provides: bundled(icu) = %{icu_version} Provides: bundled(uvwasi) = %{uvwasi_version} Provides: bundled(histogram) = %{histogram_version} -Provides: bundled(ada) = 2.7.4 +Provides: bundled(ada) = 2.9.2 Requires: (nodejs-packaging if rpm-build) Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} @@ -227,6 +233,7 @@ export CFLAGS='%{optflags} \ -D_FILE_OFFSET_BITS=64 \ -DZLIB_CONST \ -fno-delete-null-pointer-checks \ + -DOPENSSL_NO_ENGINE \ -O3 \ -fno-ipa-icf' export CXXFLAGS='%{optflags} \ @@ -234,6 +241,7 @@ export CXXFLAGS='%{optflags} \ -D_FILE_OFFSET_BITS=64 \ -DZLIB_CONST \ -fno-delete-null-pointer-checks \ + -DOPENSSL_NO_ENGINE \ -O3 \ -fno-ipa-icf' @@ -255,6 +263,7 @@ export CXXFLAGS="$(echo ${CXXFLAGS} | sed -e s/-fno-ipa-icf//g)" --shared-zlib \ --shared-brotli \ --shared-libuv \ + --shared-cares \ %{dtrace_configure} \ --with-intl=small-icu \ --with-icu-default-data-dir=%{icudatadir} \ @@ -409,6 +418,9 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod %{_pkgdocdir}/npm/docs %changelog +* Thu Jun 05 2025 misaka00251 - 1:22.16.0-1 +- Update to 22.16.0 + * Tue May 20 2025 yaoxin <1024769339@qq.com> - 1:20.18.2-3 - Fix CVE-2025-23165 and CVE-2025-23166 -- Gitee