Hello community, here is the log from the commit of package nodejs8.14420 for openSUSE:Leap:15.1:Update checked in at 2020-10-10 06:23:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/nodejs8.14420 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.nodejs8.14420.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs8.14420" Sat Oct 10 06:23:53 2020 rev:1 rq:839900 version:8.17.0 Changes: -------- New Changes file: --- /dev/null 2020-09-10 00:27:47.435250138 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.nodejs8.14420.new.4249/nodejs8.changes 2020-10-10 06:23:55.218000362 +0200 @@ -0,0 +1,2237 @@ +------------------------------------------------------------------- +Thu Sep 24 14:42:45 UTC 2020 - Adam Majer <adam.ma...@suse.de> + +- CVE-2020-15095.patch: fix information leak through log files + (bsc#1173937, CVE-2020-15095) + +------------------------------------------------------------------- +Mon Aug 10 16:38:00 UTC 2020 - Adam Majer <adam.ma...@suse.de> + +- Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation + on Aarch64 with gcc10 (bsc#1172686) + +------------------------------------------------------------------- +Tue Jul 28 07:13:57 UTC 2020 - Dirk Mueller <dmuel...@suse.com> + +- avoid rpmbuild warnings on if/else/endif constructs + +------------------------------------------------------------------- +Tue Jun 9 11:45:10 UTC 2020 - Adam Majer <adam.ma...@suse.de> + +- Add Require for nodejs8 when intalling npm8 (bsc#1172728) + +------------------------------------------------------------------- +Thu Jun 4 13:40:27 UTC 2020 - Adam Majer <adam.ma...@suse.de> + +- CVE-2020-8174.patch: napi: fix various types of memory corruption + in napi_get_value_string_*() (CVE-2020-8174, bsc#1172443) +- nghttp2_1.41.0.patch: deps: update nghttp2 to 1.41.0 +- CVE-2020-11080.patch: http2: fix HTTP/2 Large Settings Frame DoS + (CVE-2020-11080, bsc#1172442) +- minimist.patch: Fixes a vulnerability in an npm component + (CVE-2020-7598, bsc#1166916) + +------------------------------------------------------------------- +Mon May 4 12:28:16 UTC 2020 - Adam Majer <adam.ma...@suse.de> + +- Reduce Requires to Recommends on nodejs8-devel when installing npm8 + +------------------------------------------------------------------- +Tue Apr 7 11:26:00 UTC 2020 - Michel Normand <norm...@linux.vnet.ibm.com> + +- Update _constraints for ppc64 (BE) + +------------------------------------------------------------------- +Fri Feb 7 14:54:56 UTC 2020 - Adam Majer <adam.ma...@suse.de> + +- CVE-2019-15604.patch: fixes a remotely triggerable assertion + on a TLS server via a crafted certificate string + (CVE-2019-15604, bsc#1163104) + +- CVE-2019-15605.patch: fixes an HTTP request smuggling vulnerability + via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102) + +- CVE-2019-15606.patch: trim HTTP header values of optional + white space (CVE-2019-15606, bsc#1163103) + +------------------------------------------------------------------- +Tue Jan 7 13:20:06 UTC 2020 - Guillaume GARDET <guillaume.gar...@opensuse.org> + +- Update _constraints for aarch64 + +------------------------------------------------------------------- +Tue Jan 7 13:12:10 UTC 2020 - Guillaume GARDET <guillaume.gar...@opensuse.org> + +- Really disable LTO when required (nodejs < 12) + +------------------------------------------------------------------- +Thu Dec 19 11:30:13 UTC 2019 - Adam Majer <adam.ma...@suse.de> + +- New upstream LTS release 8.17.0: + * deps: updates npm to 6.13.4 fixing an arbitrary path overwrite + and access via "bin" field (bsc#1159352, CVE-2019-16777, + CVE-2019-16776, CVE-2019-16775) + +- refreshed: versioned.patch node-gyp-addon-gypi.patch +- upstreamed: CVE-2019-13173.patch + +------------------------------------------------------------------- +Thu Oct 24 14:34:22 UTC 2019 - Adam Majer <adam.ma...@suse.de> + +- New upstream LTS release 8.16.2: + * deps: update OpenSSL to 1.0.2s + +------------------------------------------------------------------- +Wed Oct 2 10:13:11 UTC 2019 - Michel Normand <norm...@linux.vnet.ibm.com> + +- Add _constraints for aarch64 & ppc64le to avoid build error + +------------------------------------------------------------------- +Wed Sep 18 13:44:55 UTC 2019 - Vítězslav Čížek <vci...@suse.com> + +- Fix build with OpenSSL 1.1.1d (bsc#1149792) + * https://github.com/nodejs/node/pull/29550 + * add fix_build_with_openssl_1.1.1d.patch + +------------------------------------------------------------------- +Fri Aug 16 14:33:44 UTC 2019 - Adam Majer <adam.ma...@suse.de> + +- Update to 8.16.1: + Security update regarding HTTP/2 Denial of Service vulnerabilities + For details see, + https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V12.md#12.8.1 + https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md + (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, + bsc#1146091, bsc#1146099, bsc#1146094, bsc#1146095, + CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, + bsc#1146100, bsc#1146090, bsc#1146097, bsc#1146093) + +- Changes in 8.16.0: + * n-api: + + add API for async functions + + mark thread-safe functions as stable + +------------------------------------------------------------------- +Fri Aug 9 10:09:19 UTC 2019 - Adam Majer <adam.ma...@suse.de> + +- npm_search_paths.patch: make sure that npm resolves its default + config file like in all other versions, as /etc/nodejs/npmrc + (bsc#1144919) + +------------------------------------------------------------------- +Mon Jul 29 09:01:29 UTC 2019 - Adam Majer <adam.ma...@suse.de> + +- CVE-2019-13173.patch: fix potential file overwrite via hardlink + in fstream.DirWriter() function (bsc#1140290, CVE-2019-13173) + +------------------------------------------------------------------- +Tue May 7 11:13:57 UTC 2019 - Adam Majer <adam.ma...@suse.de> + +- openssl_1_1_1.patch: backport fixes for OpenSSL 1.1.1 (bsc#1134209) + +------------------------------------------------------------------- +Thu Feb 28 13:26:36 UTC 2019 - Adam Majer <adam.ma...@suse.de> + +- New upstream LTS release 8.15.1: + * http: Further prevention of "Slowloris" attacks on HTTP and HTTPS + connections by consistently applying the receive timeout set by + server.headersTimeout to connections in keep-alive mode. + (CVE-2019-5737, bsc#1127532) + +------------------------------------------------------------------- +Fri Feb 1 12:40:17 UTC 2019 - adam.ma...@suse.de + +- nodejs.keyring: update keyring to today's list as per + https://github.com/nodejs/node + +------------------------------------------------------------------- +Mon Jan 7 15:37:20 UTC 2019 - adam.ma...@suse.de + +- New upstream LTS release 8.15.0: + * cli: add --max-http-header-size flag + * http: add maxHeaderSize property + +- Changes in LTS release 8.14.1: + * http2: fix sequence of error/close events + +- Changes in LTS release 8.14.0: + * http: + + Headers received by HTTP servers must not exceed 8192 bytes + in total to prevent possible Denial of Service attacks. + (CVE-2018-12121, bsc#1117626) + + A timeout of 40 seconds now applies to servers receiving HTTP + headers. This value can be adjusted with server.headersTimeout. + Where headers are not completely received within this period, + the socket is destroyed on the next received chunk. In + conjunction with server.setTimeout(), this aids in protecting + against excessive resource retention and possible + Denial of Service. (CVE-2018-12122, bsc#1117627) + + Two-byte characters are now strictly disallowed for the path + option in HTTP client requests. Paths containing characters + outside of the range \u0021 - \u00ff will now be rejected + with a TypeError. This behavior can be reverted if necessary + by supplying the --security-revert=CVE-2018-12116 command + line argument (this is not recommended). + (CVE-2018-12116, bsc#1117630) + * url: Fix a bug that would allow a hostname being spoofed when + parsing URLs with url.parse() with the 'javascript:' protocol. + (CVE-2018-12123, bsc#1117629) + +- Changes in LTS release 8.13.0: + * assert: backport some assert commits + * deps: + + upgrade to libuv 1.23.2 + + V8: cherry-pick 64-bit hash seed commits + * http: added aborted property to request + * http2: no longer experimental + + bump dependency of nghttp2 to 1.34.0 + +- fix_ci_tests.patch: Reduce timeout for test-http2-session-timeout +- skip_test_on_lowmem.patch: skip test on low-memory build machine +- env_shebang.patch: dropped in favour of programmatic update + +------------------------------------------------------------------- +Mon Dec 24 10:13:43 UTC 2018 - Guillaume GARDET <guillaume.gar...@opensuse.org> + +- Enable armv6 build + ++++ 2040 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.nodejs8.14420.new.4249/nodejs8.changes New: ---- CVE-2019-15604.patch CVE-2019-15605.patch CVE-2019-15606.patch CVE-2020-11080.patch CVE-2020-15095.patch CVE-2020-8174.patch SHASUMS256.txt SHASUMS256.txt.sig _constraints bash_output_helper.bash fix_build_with_openssl_1.1.1d.patch fix_ci_tests.patch flaky_test_rerun.patch manual_configure.patch minimist.patch nghttp2_1.41.0.patch node-gyp-addon-gypi.patch node-v8.17.0.tar.xz nodejs-libpath.patch nodejs-sle11-python26-check_output.patch nodejs.keyring nodejs8.changes nodejs8.spec npm_search_paths.patch openssl_1_1_1.patch skip_test_on_lowmem.patch versioned.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nodejs8.spec ++++++ ++++ 1132 lines (skipped) ++++++ CVE-2019-15604.patch ++++++ ported from commit f940bee3b7da865e28093472dee9ce664f273f6d Author: Fedor Indutny <fe...@indutny.com> Date: Tue Nov 26 12:47:00 2019 -0800 crypto: fix assertion caused by unsupported ext `X509V3_EXT_print` can return value different from `1` if the X509 extension does not support printing to a buffer. Instead of failing with an unrecoverable assertion - replace the relevant value in the hashmap with a JS null value. Fixes: https://hackerone.com/reports/746733 Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/193 PR-URL: https://github.com/nodejs-private/node-private/pull/175 Reviewed-By: Ben Noordhuis <i...@bnoordhuis.nl> Reviewed-By: Beth Griggs <bethany.gri...@uk.ibm.com> Index: node-v8.17.0/src/node_crypto.cc =================================================================== --- node-v8.17.0.orig/src/node_crypto.cc +++ node-v8.17.0/src/node_crypto.cc @@ -1818,9 +1818,11 @@ static Local<Object> X509ToObject(Enviro ext = X509_get_ext(cert, index); CHECK_NE(ext, nullptr); - if (!SafeX509ExtPrint(bio, ext)) { - rv = X509V3_EXT_print(bio, ext, 0, 0); - CHECK_EQ(rv, 1); + if (!SafeX509ExtPrint(bio, ext) && + X509V3_EXT_print(bio, ext, 0, 0) != 1) { + info->Set(context, keys[i], Null(env->isolate())).FromJust(); + (void) BIO_reset(bio); + continue; } BIO_get_mem_ptr(bio, &mem); Index: node-v8.17.0/test/parallel/test-tls-cert-ext-encoding.js =================================================================== --- /dev/null +++ node-v8.17.0/test/parallel/test-tls-cert-ext-encoding.js @@ -0,0 +1,79 @@ +'use strict'; +const common = require('../common'); +if (!common.hasCrypto) + common.skip('missing crypto'); + +// NOTE: This certificate is hand-generated, hence it is not located in +// `test/fixtures/keys` to avoid confusion. +// +// The key property of this cert is that subjectAltName contains a string with +// a type `23` which cannot be encoded into string by `X509V3_EXT_print`. +const pem = ` +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzrmfPz5M3wTq2/CwMeSQr/N+R1FCJ+O5n+SMleKvBqaK63eJ +kL4BnySMc+ZLKCt4UQSsPFIBK63QFq8n6/vjuTDMJiBTsvzytw8zJt1Zr2HA71N3 +VIPt6NdJ/w5lgddTYxR7XudJZJ5lk3PkG8ZgrhuenPYP80UJYVzAC2YZ9KYe3r2B +rVbut1j+8h0TwVcx2Zg5PorsC/EVxHwo4dCmIHceodikr3UVqHneRcrDBytdG6Mo +IqHhZJwBeii/EES9tpWwWbzYYh+38aGGLIF2h5UlVpr0bdBVVUg+uVX3y/Qmu2Qv +4CrAO2IPV6JER9Niwl3ktzNjOMAUQG6BCRSqRQIDAQABAoIBAAmB0+cOsG5ZRYvT +5+aDgnv1EMuq2wYGnRTTZ/vErxP5OM5XcwYrFtwAzEzQPIieZywisOEdTFx74+QH +LijWLsTnj5v5RKAorejpVArnhyZfsoXPKt/CKYDZ1ddbDCQKiRU3be0RafisqDM9 +0zHLz8pyDrtdPaKMfD/0Cgj8KxlrLTmfD4otPXds8fZpQe1hR1y12XKVp47l1siW +qFGTaUPDJpQ67xybR08x5DOqmyo4cNMOuReRWrc/qRbWint9U1882eOH09gVfpJZ +Gp6FZVPSgz10MZdLSPLhXqZkY4IxIvNltjBDqkmivd12CD+GVr0qUmTJHzTpk+kG +/CWuRQkCgYEA4EFf8SJHEl0fLDJnOQFyUPY3MalMuopUkQ5CBUe3QXjQhHXsRDfj +Ci/lyzShJkHPbMDHb/rx3lYZB0xNhwnMWKS1gCFVgOCOTZLfD0K1Anxc1hOSgVxI +y5FdO9VW7oQNlsMH/WuDHps0HhJW/00lcrmdyoUM1+fE/3yPQndhUmMCgYEA6/z6 +8Gq4PHHNql+gwunAH2cZKNdmcP4Co8MvXCZwIJsLenUuLIZQ/YBKZoM/y5X/cFAG +WFJJuUe6KFetPaDm6NgZgpOmawyUwd5czDjJ6wWgsRywiTISInfJlgWLBVMOuba7 +iBL9Xuy0hmcbj0ByoRW9l3gCiBX3yJw3I6wqXTcCgYBnjei22eRF15iIeTHvQfq+ +5iNwnEQhM7V/Uj0sYQR/iEGJmUaj7ca6somDf2cW2nblOlQeIpxD1jAyjYqTW/Pv +zwc9BqeMHqW3rqWwT1Z0smbQODOD5tB6qEKMWaSN+Y6o2qC65kWjAXpclI110PME ++i+iEDRxEsaGT8d7otLfDwKBgQCs+xBaQG/x5p2SAGzP0xYALstzc4jk1FzM+5rw +mkBgtiXQyqpg+sfNOkfPIvAVZEsMYax0+0SNKrWbMsGLRjFchmMUovQ+zccQ4NT2 +4b2op8Rlbxk8R9ahK1s5u7Bu47YMjZSjJwBQn4OobVX3SI994njJ2a9JX4j0pQWK +AX5AOwKBgAfOsr8HSHTcxSW4F9gegj+hXsRYbdA+eUkFhEGrYyRJgIlQrk/HbuZC +mKd/bQ5R/vwd1cxgV6A0APzpZtbwdhvP0RWji+WnPPovgGcfK0AHFstHnga67/uu +h2LHnKQZ1qWHn+BXWo5d7hBRwWVaK66g3GDN0blZpSz1kKcpy1Pl +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICwjCCAaqgAwIBAgIDAQABMA0GCSqGSIb3DQEBDQUAMBUxEzARBgNVBAMWCmxv +Y2FsLmhvc3QwHhcNMTkxMjA1MDQyODMzWhcNNDQxMTI5MDQyODMzWjAVMRMwEQYD +VQQDFgpsb2NhbC5ob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +zrmfPz5M3wTq2/CwMeSQr/N+R1FCJ+O5n+SMleKvBqaK63eJkL4BnySMc+ZLKCt4 +UQSsPFIBK63QFq8n6/vjuTDMJiBTsvzytw8zJt1Zr2HA71N3VIPt6NdJ/w5lgddT +YxR7XudJZJ5lk3PkG8ZgrhuenPYP80UJYVzAC2YZ9KYe3r2BrVbut1j+8h0TwVcx +2Zg5PorsC/EVxHwo4dCmIHceodikr3UVqHneRcrDBytdG6MoIqHhZJwBeii/EES9 +tpWwWbzYYh+38aGGLIF2h5UlVpr0bdBVVUg+uVX3y/Qmu2Qv4CrAO2IPV6JER9Ni +wl3ktzNjOMAUQG6BCRSqRQIDAQABoxswGTAXBgNVHREEEDAOlwwqLmxvY2FsLmhv +c3QwDQYJKoZIhvcNAQENBQADggEBAH5ThRLDLwOGuhKsifyiq7k8gbx1FqRegO7H +SIiIYYB35v5Pk0ZPN8QBJwNQzJEjUMjCpHXNdBxknBXRaA8vkbnryMfJm37gPTwA +m6r0uEG78WgcEAe8bgf9iKtQGP/iydKXpSSpDgKoHbswIxD5qtzT+o6VNnkRTSfK +/OGwakluFSoJ/Q9rLpR8lKjA01BhetXMmHbETiY8LSkxOymMldXSzUTD1WdrVn8U +L3dobxT//R/0GraKXG02mf3gZNlb0MMTvW0pVwVy39YmcPEGh8L0hWh1rpAA/VXC +f79uOowv3lLTzQ9na5EThA0tp8d837hdYrrIHh5cfTqBDxG0Tu8= +-----END CERTIFICATE----- +`; + +const tls = require('tls'); + +const options = { + key: pem, + cert: pem, +}; + +const server = tls.createServer(options, (socket) => { + socket.end(); +}); +server.listen(0, common.mustCall(function() { + const client = tls.connect({ + port: this.address().port, + rejectUnauthorized: false + }, common.mustCall(() => { + // This should not crash process: + client.getPeerCertificate(); + + server.close(); + client.end(); + })); +})); ++++++ CVE-2019-15605.patch ++++++ ++++ 2082 lines (skipped) ++++++ CVE-2019-15606.patch ++++++ commit 2eee90e959ca4abaf53caf238d063c396f2ea17c Author: Sam Roberts <vieuxt...@gmail.com> Date: Fri Jan 10 15:00:11 2020 -0800 http: strip trailing OWS from header values HTTP header values can have trailing OWS, but it should be stripped. It is not semantically part of the header's value, and if treated as part of the value, it can cause spurious inequality between expected and actual header values. Note that a single SPC of leading OWS is common before the field-value, and it is already handled by the HTTP parser by stripping all leading OWS. It is only the trailing OWS that must be stripped by the parser user. header-field = field-name ":" OWS field-value OWS ; https://tools.ietf.org/html/rfc7230#section-3.2 OWS = *( SP / HTAB ) ; https://tools.ietf.org/html/rfc7230#section-3.2.3 Fixes: https://hackerone.com/reports/730779 PR-URL: https://github.com/nodejs-private/node-private/pull/191 Reviewed-By: Matteo Collina <matteo.coll...@gmail.com> Reviewed-By: Ben Noordhuis <i...@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjih...@gmail.com> Reviewed-By: Beth Griggs <bethany.gri...@uk.ibm.com> diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc index c2cd7a213b..420e94564e 100644 --- a/src/node_http_parser.cc +++ b/src/node_http_parser.cc @@ -74,6 +74,10 @@ const uint32_t kOnMessageComplete = 3; const uint32_t kOnExecute = 4; +inline bool IsOWS(char c) { + return c == ' ' || c == '\t'; +} + // helper class for the Parser struct StringPtr { StringPtr() { @@ -133,13 +137,22 @@ struct StringPtr { Local<String> ToString(Environment* env) const { - if (str_) + if (size_ != 0) return OneByteString(env->isolate(), str_, size_); else return String::Empty(env->isolate()); } + // Strip trailing OWS (SPC or HTAB) from string. + Local<String> ToTrimmedString(Environment* env) { + while (size_ > 0 && IsOWS(str_[size_ - 1])) { + size_--; + } + return ToString(env); + } + + const char* str_; bool on_heap_; size_t size_; @@ -669,7 +682,7 @@ class Parser : public AsyncWrap, public StreamListener { size_t j = 0; while (i < num_values_ && j < arraysize(argv) / 2) { argv[j * 2] = fields_[i].ToString(env()); - argv[j * 2 + 1] = values_[i].ToString(env()); + argv[j * 2 + 1] = values_[i].ToTrimmedString(env()); i++; j++; } diff --git a/test/parallel/test-http-header-owstext.js b/test/parallel/test-http-header-owstext.js new file mode 100644 index 0000000000..bc094137a2 --- /dev/null +++ b/test/parallel/test-http-header-owstext.js @@ -0,0 +1,49 @@ +'use strict'; +const common = require('../common'); + +// This test ensures that the http-parser strips leading and trailing OWS from +// header values. It sends the header values in chunks to force the parser to +// build the string up through multiple calls to on_header_value(). + +const assert = require('assert'); +const http = require('http'); +const net = require('net'); + +function check(hdr, snd, rcv) { + const server = http.createServer(common.mustCall((req, res) => { + assert.strictEqual(req.headers[hdr], rcv); + req.pipe(res); + })); + + server.listen(0, common.mustCall(function() { + const client = net.connect(this.address().port, start); + function start() { + client.write('GET / HTTP/1.1\r\n' + hdr + ':', drain); + } + + function drain() { + if (snd.length === 0) { + return client.write('\r\nConnection: close\r\n\r\n'); + } + client.write(snd.shift(), drain); + } + + const bufs = []; + client.on('data', function(chunk) { + bufs.push(chunk); + }); + client.on('end', common.mustCall(function() { + const head = Buffer.concat(bufs) + .toString('latin1') + .split('\r\n')[0]; + assert.strictEqual(head, 'HTTP/1.1 200 OK'); + server.close(); + })); + })); +} + +check('host', [' \t foo.com\t'], 'foo.com'); +check('host', [' \t foo\tcom\t'], 'foo\tcom'); +check('host', [' \t', ' ', ' foo.com\t', '\t '], 'foo.com'); +check('host', [' \t', ' \t'.repeat(100), '\t '], ''); +check('host', [' \t', ' - - - - ', '\t '], '- - - -'); ++++++ CVE-2020-11080.patch ++++++ commit 881c244a4e1b857d883cd105cd035a1fd6ed3fa6 Author: James M Snell <jasn...@gmail.com> Date: Mon Apr 27 10:47:58 2020 -0700 http2: implement support for max settings entries Adds the maxSettings option to limit the number of settings entries allowed per SETTINGS frame. Default 32 Signed-off-by: James M Snell <jasn...@gmail.com> Fixes: https://hackerone.com/reports/446662 CVE-ID: CVE-2020-11080 PR-URL: https://github.com/nodejs-private/node-private/pull/204 Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/207 Reviewed-By: Beth Griggs <bethany.gri...@uk.ibm.com> Reviewed-By: Sam Roberts <vieuxt...@gmail.com> Index: node-v8.17.0/doc/api/http2.md =================================================================== --- node-v8.17.0.orig/doc/api/http2.md +++ node-v8.17.0/doc/api/http2.md @@ -1885,6 +1885,9 @@ error will be thrown. <!-- YAML added: v8.4.0 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs-private/node-private/pull/204 + description: Added `maxSettings` option with a default of 32. - version: v8.9.3 pr-url: https://github.com/nodejs/node/pull/17105 description: Added the `maxOutstandingPings` option with a default limit of @@ -1902,6 +1905,8 @@ changes: * `options` {Object} * `maxDeflateDynamicTableSize` {number} Sets the maximum dynamic table size for deflating header fields. **Default:** `4Kib`. + * `maxSettings` {number} Sets the maximum number of settings entries per + `SETTINGS` frame. The minimum value allowed is `1`. **Default:** `32`. * `maxSessionMemory`{number} Sets the maximum memory that the `Http2Session` is permitted to use. The value is expressed in terms of number of megabytes, e.g. `1` equal 1 megabyte. The minimum value allowed is `1`. @@ -1995,6 +2000,9 @@ server.listen(80); <!-- YAML added: v8.4.0 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs-private/node-private/pull/204 + description: Added `maxSettings` option with a default of 32. - version: v8.13.0 pr-url: https://github.com/nodejs/node/pull/22956 description: Added the `origins` option to automatically send an `ORIGIN` @@ -2016,6 +2024,8 @@ changes: **Default:** `false`. * `maxDeflateDynamicTableSize` {number} Sets the maximum dynamic table size for deflating header fields. **Default:** `4Kib`. + * `maxSettings` {number} Sets the maximum number of settings entries per + `SETTINGS` frame. The minimum value allowed is `1`. **Default:** `32`. * `maxSessionMemory`{number} Sets the maximum memory that the `Http2Session` is permitted to use. The value is expressed in terms of number of megabytes, e.g. `1` equal 1 megabyte. The minimum value allowed is `1`. This is a @@ -2097,6 +2107,9 @@ server.listen(80); <!-- YAML added: v8.4.0 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs-private/node-private/pull/204 + description: Added `maxSettings` option with a default of 32. - version: v8.9.3 pr-url: https://github.com/nodejs/node/pull/17105 description: Added the `maxOutstandingPings` option with a default limit of @@ -2111,6 +2124,8 @@ changes: * `options` {Object} * `maxDeflateDynamicTableSize` {number} Sets the maximum dynamic table size for deflating header fields. **Default:** `4Kib`. + * `maxSettings` {number} Sets the maximum number of settings entries per + `SETTINGS` frame. The minimum value allowed is `1`. **Default:** `32`. * `maxSessionMemory`{number} Sets the maximum memory that the `Http2Session` is permitted to use. The value is expressed in terms of number of megabytes, e.g. `1` equal 1 megabyte. The minimum value allowed is `1`. Index: node-v8.17.0/lib/internal/http2/util.js =================================================================== --- node-v8.17.0.orig/lib/internal/http2/util.js +++ node-v8.17.0/lib/internal/http2/util.js @@ -176,7 +176,8 @@ const IDX_OPTIONS_MAX_HEADER_LIST_PAIRS const IDX_OPTIONS_MAX_OUTSTANDING_PINGS = 6; const IDX_OPTIONS_MAX_OUTSTANDING_SETTINGS = 7; const IDX_OPTIONS_MAX_SESSION_MEMORY = 8; -const IDX_OPTIONS_FLAGS = 9; +const IDX_OPTIONS_MAX_SETTINGS = 9; +const IDX_OPTIONS_FLAGS = 10; function updateOptionsBuffer(options) { var flags = 0; @@ -225,6 +226,11 @@ function updateOptionsBuffer(options) { optionsBuffer[IDX_OPTIONS_MAX_SESSION_MEMORY] = Math.max(1, options.maxSessionMemory); } + if (typeof options.maxSettings === 'number') { + flags |= (1 << IDX_OPTIONS_MAX_SETTINGS); + optionsBuffer[IDX_OPTIONS_MAX_SETTINGS] = + Math.max(1, options.maxSettings); + } optionsBuffer[IDX_OPTIONS_FLAGS] = flags; } Index: node-v8.17.0/src/node_http2.cc =================================================================== --- node-v8.17.0.orig/src/node_http2.cc +++ node-v8.17.0/src/node_http2.cc @@ -195,6 +195,12 @@ Http2Options::Http2Options(Environment* if (flags & (1 << IDX_OPTIONS_MAX_SESSION_MEMORY)) { SetMaxSessionMemory(buffer[IDX_OPTIONS_MAX_SESSION_MEMORY] * 1e6); } + + if (flags & (1 << IDX_OPTIONS_MAX_SETTINGS)) { + nghttp2_option_set_max_settings( + options_, + static_cast<size_t>(buffer[IDX_OPTIONS_MAX_SETTINGS])); + } } void Http2Session::Http2Settings::Init() { Index: node-v8.17.0/src/node_http2_state.h =================================================================== --- node-v8.17.0.orig/src/node_http2_state.h +++ node-v8.17.0/src/node_http2_state.h @@ -51,6 +51,7 @@ namespace http2 { IDX_OPTIONS_MAX_OUTSTANDING_PINGS, IDX_OPTIONS_MAX_OUTSTANDING_SETTINGS, IDX_OPTIONS_MAX_SESSION_MEMORY, + IDX_OPTIONS_MAX_SETTINGS, IDX_OPTIONS_FLAGS }; Index: node-v8.17.0/test/parallel/test-http2-max-settings.js =================================================================== --- /dev/null +++ node-v8.17.0/test/parallel/test-http2-max-settings.js @@ -0,0 +1,35 @@ +'use strict'; + +const common = require('../common'); +if (!common.hasCrypto) + common.skip('missing crypto'); + +const http2 = require('http2'); + +const server = http2.createServer({ maxSettings: 1 }); + +// TODO(@jasnell): There is still a session event +// emitted on the server side but it will be destroyed +// immediately after creation and there will be no +// stream created. +server.on('session', common.mustCall((session) => { + session.on('stream', common.mustNotCall()); + session.on('remoteSettings', common.mustNotCall()); +})); +server.on('stream', common.mustNotCall()); + +server.listen(0, common.mustCall(() => { + // Specify two settings entries when a max of 1 is allowed. + // Connection should error immediately. + const client = http2.connect( + `http://localhost:${server.address().port}`, { + settings: { + // The actual settings values do not matter. + headerTableSize: 1000, + enablePush: false, + } }); + + client.on('error', common.mustCall(() => { + server.close(); + })); +})); Index: node-v8.17.0/test/parallel/test-http2-util-update-options-buffer.js =================================================================== --- node-v8.17.0.orig/test/parallel/test-http2-util-update-options-buffer.js +++ node-v8.17.0/test/parallel/test-http2-util-update-options-buffer.js @@ -21,7 +21,8 @@ const IDX_OPTIONS_MAX_HEADER_LIST_PAIRS const IDX_OPTIONS_MAX_OUTSTANDING_PINGS = 6; const IDX_OPTIONS_MAX_OUTSTANDING_SETTINGS = 7; const IDX_OPTIONS_MAX_SESSION_MEMORY = 8; -const IDX_OPTIONS_FLAGS = 9; +const IDX_OPTIONS_MAX_SETTINGS = 9; +const IDX_OPTIONS_FLAGS = 10; { updateOptionsBuffer({ @@ -33,7 +34,8 @@ const IDX_OPTIONS_FLAGS = 9; maxHeaderListPairs: 6, maxOutstandingPings: 7, maxOutstandingSettings: 8, - maxSessionMemory: 9 + maxSessionMemory: 9, + maxSettings: 10, }); strictEqual(optionsBuffer[IDX_OPTIONS_MAX_DEFLATE_DYNAMIC_TABLE_SIZE], 1); @@ -45,6 +47,7 @@ const IDX_OPTIONS_FLAGS = 9; strictEqual(optionsBuffer[IDX_OPTIONS_MAX_OUTSTANDING_PINGS], 7); strictEqual(optionsBuffer[IDX_OPTIONS_MAX_OUTSTANDING_SETTINGS], 8); strictEqual(optionsBuffer[IDX_OPTIONS_MAX_SESSION_MEMORY], 9); + strictEqual(optionsBuffer[IDX_OPTIONS_MAX_SETTINGS], 10); const flags = optionsBuffer[IDX_OPTIONS_FLAGS]; @@ -56,6 +59,7 @@ const IDX_OPTIONS_FLAGS = 9; ok(flags & (1 << IDX_OPTIONS_MAX_HEADER_LIST_PAIRS)); ok(flags & (1 << IDX_OPTIONS_MAX_OUTSTANDING_PINGS)); ok(flags & (1 << IDX_OPTIONS_MAX_OUTSTANDING_SETTINGS)); + ok(flags & (1 << IDX_OPTIONS_MAX_SETTINGS)); } { ++++++ CVE-2020-15095.patch ++++++ >From a9857b8f6869451ff058789c4631fadfde5bbcbc Mon Sep 17 00:00:00 2001 From: claudiahdz <cghr1...@gmail.com> Date: Thu, 25 Jun 2020 19:34:47 -0500 Subject: [PATCH] chore: remove auth info from logs --- bin/npm-cli.js | 4 +++- lib/fetch-package-metadata.js | 9 ++++++--- lib/utils/error-handler.js | 5 ++++- lib/utils/error-message.js | 5 +++++ lib/utils/replace-info.js | 22 ++++++++++++++++++++++ 5 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 lib/utils/replace-info.js diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js index 93eddc7a3..c0d9be004 100755 --- a/deps/npm/bin/npm-cli.js +++ b/deps/npm/bin/npm-cli.js @@ -28,6 +28,7 @@ var npm = require('../lib/npm.js') var npmconf = require('../lib/config/core.js') var errorHandler = require('../lib/utils/error-handler.js') + var replaceInfo = require('../lib/utils/replace-info.js') var configDefs = npmconf.defs var shorthands = configDefs.shorthands @@ -40,7 +41,8 @@ process.argv.splice(1, 1, 'npm', '-g') } - log.verbose('cli', process.argv) + var args = replaceInfo(process.argv) + log.verbose('cli', args) var conf = nopt(types, shorthands) npm.argv = conf.argv.remain diff --git a/deps/npm/lib/fetch-package-metadata.js b/deps/npm/lib/fetch-package-metadata.js index c4f46f513..ebb378647 100644 --- a/deps/npm/lib/fetch-package-metadata.js +++ b/deps/npm/lib/fetch-package-metadata.js @@ -3,6 +3,7 @@ const deprCheck = require('./utils/depr-check') const path = require('path') const log = require('npmlog') +const pacote = require('pacote') const readPackageTree = require('read-package-tree') const rimraf = require('rimraf') const validate = require('aproba') @@ -11,15 +12,17 @@ const npm = require('./npm') let npmConfig const npmlog = require('npmlog') const limit = require('call-limit') -const tempFilename = require('./utils/temp-filename') -const pacote = require('pacote') +const tempFilename = require('./utils/temp-filename.js') +const replaceInfo = require('./utils/replace-info.js') const isWindows = require('./utils/is-windows.js') function andLogAndFinish (spec, tracker, done) { validate('SOF|SZF|OOF|OZF', [spec, tracker, done]) return (er, pkg) => { if (er) { - log.silly('fetchPackageMetaData', 'error for ' + String(spec), er.message) + er.message = replaceInfo(er.message) + var spc = replaceInfo(String(spec)) + log.silly('fetchPackageMetaData', 'error for ' + spc, er.message) if (tracker) tracker.finish() } return done(er, pkg) diff --git a/deps/npm/lib/utils/error-handler.js b/deps/npm/lib/utils/error-handler.js index 3e6f176ef..902ad7af9 100644 --- a/deps/npm/lib/utils/error-handler.js +++ b/deps/npm/lib/utils/error-handler.js @@ -12,6 +12,7 @@ var exitCode = 0 var rollbacks = npm.rollbacks var chain = require('slide').chain var errorMessage = require('./error-message.js') +var replaceInfo = require('./replace-info.js') var stopMetrics = require('./metrics.js').stop const cacheFile = require('./cache-file.js') @@ -175,14 +176,16 @@ function errorHandler (er) { ].forEach(function (k) { var v = er[k] if (!v) return + v = replaceInfo(v) log.verbose(k, v) }) log.verbose('cwd', process.cwd()) var os = require('os') + var args = replaceInfo(process.argv) log.verbose('', os.type() + ' ' + os.release()) - log.verbose('argv', process.argv.map(JSON.stringify).join(' ')) + log.verbose('argv', args.map(JSON.stringify).join(' ')) log.verbose('node', process.version) log.verbose('npm ', 'v' + npm.version) diff --git a/deps/npm/lib/utils/error-message.js b/deps/npm/lib/utils/error-message.js index 3faa78f30..78ccdeeb5 100644 --- a/deps/npm/lib/utils/error-message.js +++ b/deps/npm/lib/utils/error-message.js @@ -3,12 +3,17 @@ var npm = require('../npm.js') var util = require('util') var nameValidator = require('validate-npm-package-name') var npmlog = require('npmlog') +var replaceInfo = require('./replace-info.js') module.exports = errorMessage function errorMessage (er) { var short = [] var detail = [] + + er.message = replaceInfo(er.message) + er.stack = replaceInfo(er.stack) + switch (er.code) { case 'ENOAUDIT': short.push(['audit', er.message]) diff --git a/deps/npm/lib/utils/replace-info.js b/deps/npm/lib/utils/replace-info.js new file mode 100644 index 000000000..a613a3755 --- /dev/null +++ b/deps/npm/lib/utils/replace-info.js @@ -0,0 +1,22 @@ +const URL = require('url') + +// replaces auth info in an array +// of arguments or in a strings +function replaceInfo (arg) { + const isArray = Array.isArray(arg) + const isString = typeof arg === 'string' + + if (!isArray && !isString) return arg + + const args = isString ? arg.split(' ') : arg + const info = args.map(arg => { + try { + const url = new URL(arg) + return url.password === '' ? arg : arg.replace(url.password, '***') + } catch (e) { return arg } + }) + + return isString ? info.join(' ') : info +} + +module.exports = replaceInfo ++++++ CVE-2020-8174.patch ++++++ Backported from >From cd9827f1054b0b24d1d015daf8ed2b4e78eb8e4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tnies...@tnie.de> Date: Tue, 21 Apr 2020 10:21:29 -0700 Subject: [PATCH] napi: fix memory corruption vulnerability MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: https://hackerone.com/reports/784186 CVE-ID: CVE-2020-8174 PR-URL: https://github.com/nodejs-private/node-private/pull/203 Reviewed-By: Beth Griggs <bethany.gri...@uk.ibm.com> Reviewed-By: Michael Dawson <michael_daw...@ca.ibm.com> Reviewed-By: Tobias Nießen <tnies...@tnie.de> --- src/node_api.cc | 12 +++++++++--- test/addons-napi/test_string/test.js | 2 ++ test/addons-napi/test_string/test_string.c | 20 ++++++++++++++++++++ 3 files changed, 31 insertions(+), 3 deletions(-) Index: node-v8.17.0/src/node_api.cc =================================================================== --- node-v8.17.0.orig/src/node_api.cc +++ node-v8.17.0/src/node_api.cc @@ -2625,7 +2625,7 @@ napi_status napi_get_value_string_latin1 if (!buf) { CHECK_ARG(env, result); *result = val.As<v8::String>()->Length(); - } else { + } else if (bufsize != 0) { int copied = val.As<v8::String>()->WriteOneByte( reinterpret_cast<uint8_t*>(buf), 0, bufsize - 1, v8::String::NO_NULL_TERMINATION); @@ -2634,6 +2634,8 @@ napi_status napi_get_value_string_latin1 if (result != nullptr) { *result = copied; } + } else if (result != nullptr) { + *result = 0; } return napi_clear_last_error(env); @@ -2661,7 +2663,7 @@ napi_status napi_get_value_string_utf8(n if (!buf) { CHECK_ARG(env, result); *result = val.As<v8::String>()->Utf8Length(); - } else { + } else if (bufsize != 0) { int copied = val.As<v8::String>()->WriteUtf8( buf, bufsize - 1, nullptr, v8::String::REPLACE_INVALID_UTF8 | v8::String::NO_NULL_TERMINATION); @@ -2670,6 +2672,8 @@ napi_status napi_get_value_string_utf8(n if (result != nullptr) { *result = copied; } + } else if (result != nullptr) { + *result = 0; } return napi_clear_last_error(env); @@ -2698,7 +2702,7 @@ napi_status napi_get_value_string_utf16( CHECK_ARG(env, result); // V8 assumes UTF-16 length is the same as the number of characters. *result = val.As<v8::String>()->Length(); - } else { + } else if (bufsize != 0) { int copied = val.As<v8::String>()->Write( reinterpret_cast<uint16_t*>(buf), 0, bufsize - 1, v8::String::NO_NULL_TERMINATION); @@ -2707,6 +2711,8 @@ napi_status napi_get_value_string_utf16( if (result != nullptr) { *result = copied; } + } else if (result != nullptr) { + *result = 0; } return napi_clear_last_error(env); Index: node-v8.17.0/test/addons-napi/test_string/test.js =================================================================== --- node-v8.17.0.orig/test/addons-napi/test_string/test.js +++ node-v8.17.0/test/addons-napi/test_string/test.js @@ -81,3 +81,5 @@ assert.throws(() => { assert.throws(() => { test_string.TestLargeUtf16(); }, /^Error: Invalid argument$/); + +test_string.TestMemoryCorruption(' '.repeat(64 * 1024)); Index: node-v8.17.0/test/addons-napi/test_string/test_string.c =================================================================== --- node-v8.17.0.orig/test/addons-napi/test_string/test_string.c +++ node-v8.17.0/test/addons-napi/test_string/test_string.c @@ -1,4 +1,5 @@ #include <limits.h> // INT_MAX +#include <string.h> #include <node_api.h> #include "../common.h" @@ -241,6 +242,25 @@ static napi_value TestLargeUtf16(napi_en return output; } +static napi_value TestMemoryCorruption(napi_env env, napi_callback_info info) { + size_t argc = 1; + napi_value args[1]; + NAPI_CALL(env, napi_get_cb_info(env, info, &argc, args, NULL, NULL)); + + NAPI_ASSERT(env, argc == 1, "Wrong number of arguments"); + + char buf[10] = { 0 }; + NAPI_CALL(env, napi_get_value_string_utf8(env, args[0], buf, 0, NULL)); + + char zero[10] = { 0 }; + if (memcmp(buf, zero, sizeof(buf)) != 0) { + NAPI_CALL(env, napi_throw_error(env, NULL, "Buffer overwritten")); + } + + return NULL; +} + + napi_value Init(napi_env env, napi_value exports) { napi_property_descriptor properties[] = { DECLARE_NAPI_PROPERTY("TestLatin1", TestLatin1), @@ -254,6 +274,7 @@ napi_value Init(napi_env env, napi_value DECLARE_NAPI_PROPERTY("TestLargeUtf8", TestLargeUtf8), DECLARE_NAPI_PROPERTY("TestLargeLatin1", TestLargeLatin1), DECLARE_NAPI_PROPERTY("TestLargeUtf16", TestLargeUtf16), + DECLARE_NAPI_PROPERTY("TestMemoryCorruption", TestMemoryCorruption), }; NAPI_CALL(env, napi_define_properties( ++++++ SHASUMS256.txt ++++++ b7a3cf3be16de9ec3cec995d335613de9337acfb17e2e64bcfe346482efcc9ed node-v8.17.0-aix-ppc64.tar.gz 3117430fc93e9865e4a1842616cc98767b5d6987fd9d727c8be4068714570e16 node-v8.17.0-darwin-x64.tar.gz b6ef86df44292ba65f2b9a81b99a7db8de22a313f9c5abcebb6cf17ec24e2c97 node-v8.17.0-darwin-x64.tar.xz 5d5cd9f57f3381bce43b99d287f450c70202f0b908624fd3e8929c81c5417d12 node-v8.17.0-headers.tar.gz 492ae9f6702b729ffc5b17e1723fc8a92bd2c18dbed66740cc83a94473d86077 node-v8.17.0-headers.tar.xz a01ac6b731f78a65de73ac8b750cb945c1fd7b5465cddd1c72453c020b703ff3 node-v8.17.0-linux-arm64.tar.gz 8318d1ee0265d84025ecbea76aaecd732974a6f4ac8492ddd84231cee77ba948 node-v8.17.0-linux-arm64.tar.xz c7dd94a77306b9704bbe91f76a44f6fccbd6d9761084bcea7cc9b4459a8e37e0 node-v8.17.0-linux-armv6l.tar.gz c80559c3abbe68329467fd1d3115b5961ab58b321a58eead2e435f0a2eed8b32 node-v8.17.0-linux-armv6l.tar.xz c94fdca1f499cca72108a0e8a9138e57f03753b9b1bdbfd88088b942580ff5d7 node-v8.17.0-linux-armv7l.tar.gz c3b9a7429b81ec179ec33b1c6c79a3f247f8ff8356991b2dccc37bbfbf4f47e9 node-v8.17.0-linux-armv7l.tar.xz 66e0c60ae8435f3f2bf5310231f8dd575a4aca4e09f9ab40967a7af65109c1f0 node-v8.17.0-linux-ppc64le.tar.gz d0b85febf748198eb3e9d3bb71b30c93728881ce6f4d4b4f9032bcaf5660b213 node-v8.17.0-linux-ppc64le.tar.xz 9c6b0e8f2c3d222fd2f1b23d2872e9458743273aceeb1e2204ca6fb2b1e2f50a node-v8.17.0-linux-s390x.tar.gz 86a11035948459401304229ad45c00274120afd999b84c0d7116cfe209ca57dc node-v8.17.0-linux-s390x.tar.xz 8b2c9e1f84317c4b02736c4c50db4dd2cd6c4f0ba910fa81f887c8c9294af596 node-v8.17.0-linux-x64.tar.gz b7f6dd77fb173c8c7c30d61d0702eefc236bba74398538aa77bfa2bb47bddce6 node-v8.17.0-linux-x64.tar.xz 1170ce85555ac17d58b7a5354f06fa5cb1bcaf31f15926c82b314d20552a5fee node-v8.17.0-linux-x86.tar.gz e92a26ab60245c99c1dd5bcea1793abbef1aba751d6ce6a222daf08abe4e8020 node-v8.17.0-linux-x86.tar.xz c81bfb80f5a7ecfb46f71ffbcb18112ca5c3803bee7c3773504ab392ea90e711 node-v8.17.0.pkg fe67f9d6553b58881c4fa74266839a3430d487e09a191fb58ddefe8d1fdcf6f8 node-v8.17.0-sunos-x64.tar.gz bdec19087bd8faaf273099e20a4776b0c705009358911cc9e7f6f9cfe146c376 node-v8.17.0-sunos-x64.tar.xz ca8bb246968b0b26c0cc8800fb94cc80e1b44a788dcc8e07006b038dec200269 node-v8.17.0-sunos-x86.tar.gz 507ecc56ed861e89de36bcb8109717a6609e7524e60e6f473f067a8ccf00ecdb node-v8.17.0-sunos-x86.tar.xz aa583f19065545fa4c9b480ba13cf94f29350415ca5a853a5afde3c9b6982c4b node-v8.17.0.tar.gz 5b0d96db482b273f0324c299ead86ecfbc5d033516e5fc37c92cfccb933ef6ff node-v8.17.0.tar.xz df219e9104fb602a3d720ae46eaf4a70cd46467a630862429b5594f9942baecc node-v8.17.0-win-x64.7z e95a63e81b27e78872c0efb9dd5809403014dbf9896035cc17adf51a350f88fa node-v8.17.0-win-x64.zip 391769a1133a2b400255e080fd20ef96dcf6502d42b3f7e5ec9a4f0290cfe134 node-v8.17.0-win-x86.7z 3ecc0ab4c6ad957f5dfb9ca22453cd35908029fba86350fc96d070e8e5c213b5 node-v8.17.0-win-x86.zip 587064ce90ba373de075409a558e196dd58b502ffec4858ea5ef91ebb10288c3 node-v8.17.0-x64.msi 4dd333f7e11177e7a8cc7bd91f0fc74a4ba241797b1f328bee670d41e847d65b node-v8.17.0-x86.msi e03a7f3c7b422c24577f000312037f7cc693046cba54c27c3d2d772d648ca9ce win-x64/node.exe 2b3b96605d4f62d3da3c45c7e08ca42df0d9d1e71de918cec6ae467ee93906a8 win-x64/node.lib 4f2d6a2d8646efc9a813bd72cc9693209455ee00e8ab2da00e96b0971c6ae081 win-x64/node_pdb.7z db246c970f8fae432e270538006405612022ab586c5c6da6e3608bb4fbd2cef5 win-x64/node_pdb.zip c1c84e86807e1a0f0594fae6883f904c958710e8dbeb760249fcc59eec9e9949 win-x86/node.exe 976d8beebc4e5c815b5e1b1e8e9c31f69d886f97e48b6767cc882edf787c70f9 win-x86/node.lib eb3a721f09bf7535a9d69632ad226ea59770da5b94828f21c526a3291f70e78a win-x86/node_pdb.7z 4853b98c158b7871606f208d62b2f07e29013fcbdeec43a8b1dbf078ab8c1c82 win-x86/node_pdb.zip ++++++ _constraints ++++++ <constraints> <overwrite> <conditions> <arch>aarch64</arch> <arch>ppc64le</arch> <arch>ppc64</arch> </conditions> <hardware> <disk> <size unit="G">4</size> </disk> <memory> <size unit="G">4</size> </memory> </hardware> </overwrite> </constraints> ++++++ bash_output_helper.bash ++++++ # # Node can break stdin/stdout/stderr by setting them O_NONBLOCK # and then not resetting it back to blocking mode on exit # This function redirects stdio descriptors via new logging pipe # function decoupled_cmd { mkfifo _log ($@) < /dev/null > _log 2>_log & cat _log rm _log wait $! } ++++++ fix_build_with_openssl_1.1.1d.patch ++++++ FROM: https://github.com/nodejs/node/pull/29550/commits >From 94c599e80218b09b27c0df93573a51e6adb45e61 Mon Sep 17 00:00:00 2001 From: Sam Roberts <vieuxt...@gmail.com> Date: Thu, 19 Sep 2019 13:06:46 -0700 Subject: [PATCH] fixup! test: well-defined DH groups now verify clean test/parallel/test-crypto-binary-default.js | 3 +-- test/parallel/test-crypto-dh.js | 17 ++--------------- 2 files changed, 3 insertions(+), 17 deletions(-) >From 7dc56e082b96aeee34e83dabbad81ee12607e38f Mon Sep 17 00:00:00 2001 From: Sam Roberts <vieuxt...@gmail.com> Date: Fri, 13 Sep 2019 13:19:06 -0700 Subject: [PATCH] test: well-defined DH groups now verify clean OpenSSL 1.1.1d no longer generates warnings for some DH groups that used to be considered unsafe. See below for discussion. This is considered a bug fix. See: - https://github.com/openssl/openssl/pull/9363 - https://github.com/openssl/openssl/pull/9363#discussion_r324802618 --- test/parallel/test-crypto-binary-default.js | 3 +-- test/parallel/test-crypto-dh.js | 28 +++++++++++++-------- 2 files changed, 19 insertions(+), 12 deletions(-) Index: node-v8.16.1/test/parallel/test-crypto-binary-default.js =================================================================== --- node-v8.16.1.orig/test/parallel/test-crypto-binary-default.js +++ node-v8.16.1/test/parallel/test-crypto-binary-default.js @@ -34,7 +34,6 @@ const crypto = require('crypto'); const fs = require('fs'); const tls = require('tls'); const fixtures = require('../common/fixtures'); -const DH_NOT_SUITABLE_GENERATOR = crypto.constants.DH_NOT_SUITABLE_GENERATOR; crypto.DEFAULT_ENCODING = 'latin1'; @@ -612,8 +611,7 @@ assert.throws(function() { '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF'; - const d = crypto.createDiffieHellman(p, 'hex'); - assert.strictEqual(d.verifyError, DH_NOT_SUITABLE_GENERATOR); + crypto.createDiffieHellman(p, 'hex'); // Test RSA key signing/verification const rsaSign = crypto.createSign('SHA1'); Index: node-v8.16.1/test/parallel/test-crypto-dh.js =================================================================== --- node-v8.16.1.orig/test/parallel/test-crypto-dh.js +++ node-v8.16.1/test/parallel/test-crypto-dh.js @@ -6,8 +6,6 @@ if (!common.hasCrypto) const assert = require('assert'); const crypto = require('crypto'); -const DH_NOT_SUITABLE_GENERATOR = crypto.constants.DH_NOT_SUITABLE_GENERATOR; - // Test Diffie-Hellman with two parties sharing a secret, // using various encodings as we go along const dh1 = crypto.createDiffieHellman(common.hasFipsCrypto ? 1024 : 256); @@ -101,8 +99,6 @@ bob.generateKeys(); const aSecret = alice.computeSecret(bob.getPublicKey()).toString('hex'); const bSecret = bob.computeSecret(alice.getPublicKey()).toString('hex'); assert.strictEqual(aSecret, bSecret); -assert.strictEqual(alice.verifyError, DH_NOT_SUITABLE_GENERATOR); -assert.strictEqual(bob.verifyError, DH_NOT_SUITABLE_GENERATOR); /* Ensure specific generator (buffer) works as expected. * The values below (modp2/modp2buf) are for a 1024 bits long prime from @@ -133,8 +129,6 @@ const modp2buf = Buffer.from([ const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey()) .toString('hex'); assert.strictEqual(modp2Secret, exmodp2Secret); - assert.strictEqual(modp2.verifyError, DH_NOT_SUITABLE_GENERATOR); - assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR); } for (const buf of [modp2buf, ...common.getArrayBufferViews(modp2buf)]) { @@ -147,7 +141,6 @@ for (const buf of [modp2buf, ...common.g const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey()) .toString('hex'); assert.strictEqual(modp2Secret, exmodp2Secret); - assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR); } { @@ -159,7 +152,6 @@ for (const buf of [modp2buf, ...common.g const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey()) .toString('hex'); assert.strictEqual(modp2Secret, exmodp2Secret); - assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR); } { @@ -171,17 +163,20 @@ for (const buf of [modp2buf, ...common.g const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey()) .toString('hex'); assert.strictEqual(modp2Secret, exmodp2Secret); - assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR); } - +// Second OAKLEY group, see +// https://github.com/nodejs/node-v0.x-archive/issues/2338 and +// https://xml2rfc.tools.ietf.org/public/rfc/html/rfc2412.html#anchor49 const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF'; -const bad_dh = crypto.createDiffieHellman(p, 'hex'); -assert.strictEqual(bad_dh.verifyError, DH_NOT_SUITABLE_GENERATOR); +crypto.createDiffieHellman(p, 'hex'); +// Confirm DH_check() results are exposed for optional examination. +const bad_dh = crypto.createDiffieHellman('02', 'hex'); +assert.notStrictEqual(bad_dh.verifyError, 0); const availableCurves = new Set(crypto.getCurves()); const availableHashes = new Set(crypto.getHashes()); ++++++ fix_ci_tests.patch ++++++ Author: Adam Majer <ama...@suse.de> Date: Dec 20 09:18:49 UTC 2017 Summary: Fix CI unit tests framework for OBS building Index: node-v8.15.0/test/parallel/test-module-loading-globalpaths.js =================================================================== --- node-v8.15.0.orig/test/parallel/test-module-loading-globalpaths.js +++ node-v8.15.0/test/parallel/test-module-loading-globalpaths.js @@ -10,6 +10,9 @@ const { addLibraryPath } = require('../c addLibraryPath(process.env); +common.skip('hardcoded global paths'); +return; + if (process.argv[2] === 'child') { console.log(require(pkgName).string); } else { Index: node-v8.15.0/Makefile =================================================================== --- node-v8.15.0.orig/Makefile +++ node-v8.15.0/Makefile @@ -420,7 +420,7 @@ test-ci-js: | clear-stalled fi test-ci: LOGLEVEL := info -test-ci: | clear-stalled build-addons build-addons-napi doc-only +test-ci: | clear-stalled build-addons build-addons-napi out/Release/cctest --gtest_output=tap:cctest.tap $(PYTHON) tools/test.py $(PARALLEL_ARGS) -p tap --logfile test.tap \ --mode=release --flaky-tests=$(FLAKY_TESTS) \ Index: node-v8.15.0/test/doctool/test-make-doc.js =================================================================== --- node-v8.15.0.orig/test/doctool/test-make-doc.js +++ node-v8.15.0/test/doctool/test-make-doc.js @@ -11,7 +11,7 @@ const assert = require('assert'); const fs = require('fs'); const path = require('path'); -const apiPath = path.resolve(common.projectDir, 'out', 'doc', 'api'); +const apiPath = path.resolve(common.projectDir, 'doc', 'api'); const docs = fs.readdirSync(apiPath); assert.ok(docs.includes('_toc.html')); Index: node-v8.15.0/test/parallel/test-tls-passphrase.js =================================================================== --- node-v8.15.0.orig/test/parallel/test-tls-passphrase.js +++ node-v8.15.0/test/parallel/test-tls-passphrase.js @@ -221,7 +221,7 @@ server.listen(0, common.mustCall(functio }, common.mustCall()); })).unref(); -const errMessagePassword = /bad decrypt/; +const errMessagePassword = /bad (decrypt|password read)/; // Missing passphrase assert.throws(function() { Index: node-v8.15.0/test/parallel/test-tls-env-bad-extra-ca.js =================================================================== --- node-v8.15.0.orig/test/parallel/test-tls-env-bad-extra-ca.js +++ node-v8.15.0/test/parallel/test-tls-env-bad-extra-ca.js @@ -32,7 +32,7 @@ fork(__filename, opts) assert.strictEqual(status, 0, 'client did not succeed in connecting'); })) .on('close', common.mustCall(function() { - const re = /Warning: Ignoring extra certs from.*no-such-file-exists.* load failed:.*No such file or directory/; + const re = /Warning: Ignoring extra certs from.*no-such-file-exists.* load failed:.*/; assert(re.test(stderr), stderr); })) .stderr.setEncoding('utf8').on('data', function(str) { Index: node-v8.15.0/test/sequential/test-inspector-async-call-stack.js =================================================================== --- node-v8.15.0.orig/test/sequential/test-inspector-async-call-stack.js +++ node-v8.15.0/test/sequential/test-inspector-async-call-stack.js @@ -69,9 +69,10 @@ function runTestSet2(session) { session.post(setDepth, { maxDepth: 64 }, () => { verifyAsyncHookEnabled('valid message should enable async hooks'); - session.disconnect(); - verifyAsyncHookDisabled('Disconnecting session should disable ' + - 'async hooks'); +// Crashes in kvm under node8, but not outside? +// session.disconnect(); +// verifyAsyncHookDisabled('Disconnecting session should disable ' + +// 'async hooks'); }); }); }); Index: node-v8.15.0/test/parallel/test-repl-envvars.js =================================================================== --- node-v8.15.0.orig/test/parallel/test-repl-envvars.js +++ node-v8.15.0/test/parallel/test-repl-envvars.js @@ -8,6 +8,9 @@ const REPL = require('internal/repl'); const assert = require('assert'); const inspect = require('util').inspect; +common.skip("skipping test in OBS"); +return; + const tests = [ { env: {}, Index: node-v8.15.0/test/parallel/test-tls-ecdh-disable.js =================================================================== --- node-v8.15.0.orig/test/parallel/test-tls-ecdh-disable.js +++ node-v8.15.0/test/parallel/test-tls-ecdh-disable.js @@ -31,10 +31,14 @@ if (!common.hasCrypto) if (!common.opensslCli) common.skip('missing openssl-cli'); +const crypto = require('crypto'); const assert = require('assert'); const tls = require('tls'); const exec = require('child_process').exec; +if (crypto.constants.OPENSSL_VERSION_NUMBER >= 0x10100000) + common.skip('"ecdhCurve:false" is non-functional in OpenSSL 1.1.0+'); + const options = { key: readKey('agent2-key.pem'), cert: readKey('agent2-cert.pem'), Index: node-v8.15.0/test/parallel/test-fs-utimes.js =================================================================== --- node-v8.15.0.orig/test/parallel/test-fs-utimes.js +++ node-v8.15.0/test/parallel/test-fs-utimes.js @@ -172,8 +172,8 @@ process.on('exit', function() { const path = `${tmpdir.path}/test-utimes-precision`; fs.writeFileSync(path, ''); -// test Y2K38 for all platforms [except 'arm', 'OpenBSD' and 'SunOS'] -if (!process.arch.includes('arm') && !common.isOpenBSD && !common.isSunOS) { +// test Y2K38 for all platforms [except 'arm', 's390', 'OpenBSD' and 'SunOS'] +if (!process.arch.includes('arm') && process.arch !== 's390' && !common.isOpenBSD && !common.isSunOS) { // because 2 ** 31 doesn't look right // eslint-disable-next-line space-infix-ops const Y2K38_mtime = 2**31; Index: node-v8.15.0/test/common/index.js =================================================================== --- node-v8.15.0.orig/test/common/index.js +++ node-v8.15.0/test/common/index.js @@ -278,6 +278,8 @@ exports.spawnSyncPwd = function(options) }; exports.platformTimeout = function(ms) { + ms = 10 * ms; // OBS overhead and such. + if (process.features.debug) ms = 2 * ms; Index: node-v8.15.0/test/sequential/test-http2-session-timeout.js =================================================================== --- node-v8.15.0.orig/test/sequential/test-http2-session-timeout.js +++ node-v8.15.0/test/sequential/test-http2-session-timeout.js @@ -6,7 +6,7 @@ if (!common.hasCrypto) const assert = require('assert'); const http2 = require('http2'); -const serverTimeout = common.platformTimeout(200); +const serverTimeout = common.platformTimeout(50); let requests = 0; const mustNotCall = () => { ++++++ flaky_test_rerun.patch ++++++ Index: node-v8.12.0/tools/test.py =================================================================== --- node-v8.12.0.orig/tools/test.py +++ node-v8.12.0/tools/test.py @@ -512,11 +512,17 @@ class TestCase(object): def RunCommand(self, command, env): full_command = self.context.processor(command) - output = Execute(full_command, + reruns = 0 + while(reruns < 5): + reruns += 1 + output = Execute(full_command, self.context, self.context.GetTimeout(self.mode), env, disable_core_files = self.disable_core_files) + if output.exit_code == 0: + break; + print("FLAKY rerun: ", command) self.Cleanup() return TestOutput(self, full_command, ++++++ manual_configure.patch ++++++ Author: Adam Majer <ama...@suse.de> Date: Wed May 23 14:13:33 CEST 2018 Summary: This config.h is defined by hand Gyp doesn't run autotools, so this config is not quite correct. Update to prevent implicit defines to be used. Index: node-v8.11.2/deps/nghttp2/lib/includes/config.h =================================================================== --- node-v8.11.2.orig/deps/nghttp2/lib/includes/config.h +++ node-v8.11.2/deps/nghttp2/lib/includes/config.h @@ -54,7 +54,7 @@ typedef intptr_t ssize_t; /* #undef NOTHREADS */ /* Define to 1 if you have the <arpa/inet.h> header file. */ -/* #undef HAVE_ARPA_INET_H */ +#define HAVE_ARPA_INET_H 1 /* Define to 1 if you have the <fcntl.h> header file. */ #define HAVE_FCNTL_H 1 @@ -69,7 +69,7 @@ typedef intptr_t ssize_t; /* #undef HAVE_NETDB_H */ /* Define to 1 if you have the <netinet/in.h> header file. */ -/* #undef HAVE_NETINET_IN_H */ +#define HAVE_NETINET_IN_H 1 /* Define to 1 if you have the <pwd.h> header file. */ /* #undef HAVE_PWD_H */ Index: node-v8.11.2/deps/nghttp2/nghttp2.gyp =================================================================== --- node-v8.11.2.orig/deps/nghttp2/nghttp2.gyp +++ node-v8.11.2/deps/nghttp2/nghttp2.gyp @@ -12,6 +12,7 @@ 'defines': [ 'BUILDING_NGHTTP2', 'NGHTTP2_STATICLIB', + 'HAVE_CONFIG_H', ], 'conditions': [ ['OS=="win"', { ++++++ minimist.patch ++++++ Index: node-v8.17.0/deps/npm/node_modules/minimist/index.js =================================================================== --- node-v8.17.0.orig/deps/npm/node_modules/minimist/index.js +++ node-v8.17.0/deps/npm/node_modules/minimist/index.js @@ -161,6 +161,7 @@ function setKey (obj, keys, value) { var o = obj; keys.slice(0,-1).forEach(function (key) { if (o[key] === undefined) o[key] = {}; + if (o[key] === {}.__proto__) o[key] = {}; o = o[key]; }); Index: node-v8.17.0/deps/npm/node_modules/rc/node_modules/minimist/index.js =================================================================== --- node-v8.17.0.orig/deps/npm/node_modules/rc/node_modules/minimist/index.js +++ node-v8.17.0/deps/npm/node_modules/rc/node_modules/minimist/index.js @@ -70,6 +70,7 @@ module.exports = function (args, opts) { var o = obj; keys.slice(0,-1).forEach(function (key) { if (o[key] === undefined) o[key] = {}; + if (o[key] === {}.__proto__) o[key] = {}; o = o[key]; }); ++++++ nghttp2_1.41.0.patch ++++++ ++++ 11376 lines (skipped) ++++++ node-gyp-addon-gypi.patch ++++++ Index: node-v8.17.0/addon-rpm.gypi =================================================================== --- /dev/null +++ node-v8.17.0/addon-rpm.gypi @@ -0,0 +1,35 @@ +{ + 'target_defaults': { + 'type': 'loadable_module', + 'product_prefix': '', + 'include_dirs': [ + '/usr/include/node8/', + '/usr/include/' + ], + + 'target_conditions': [ + ['_type=="loadable_module"', { + 'product_extension': 'node', + 'defines': [ 'BUILDING_NODE_EXTENSION' ], + }] + ], + + 'conditions': [ + [ 'OS=="mac"', { + 'libraries': [ '-undefined dynamic_lookup' ], + 'xcode_settings': { + 'DYLIB_INSTALL_NAME_BASE': '@rpath' + }, + }], + [ 'OS=="win"', { + 'libraries': [ '-l<(node_root_dir)/$(Configuration)/node.lib' ], + # warning C4251: 'node::ObjectWrap::handle_' : class 'v8::Persistent<T>' + # needs to have dll-interface to be used by clients of class 'node::ObjectWrap' + 'msvs_disabled_warnings': [ 4251 ], + }], + [ 'OS=="freebsd" or OS=="openbsd" or OS=="solaris" or (OS=="linux" and target_arch!="ia32")', { + 'cflags': [ '-fPIC' ], + }] + ] + } +} Index: node-v8.17.0/deps/npm/node_modules/node-gyp/lib/configure.js =================================================================== --- node-v8.17.0.orig/deps/npm/node_modules/node-gyp/lib/configure.js +++ node-v8.17.0/deps/npm/node_modules/node-gyp/lib/configure.js @@ -46,10 +46,6 @@ function configure (gyp, argv, callback) if ('v' + release.version !== process.version) { // if --target was given, then determine a target version to compile for log.verbose('get node dir', 'compiling against --target node version: %s', release.version) - } else { - // if no --target was specified then use the current host node version - log.verbose('get node dir', 'no --target version specified, falling back to host node version: %s', release.version) - } if (!release.semver) { // could not parse the version string with semver @@ -68,6 +64,12 @@ function configure (gyp, argv, callback) nodeDir = path.resolve(gyp.devDir, release.versionDir) createBuildDir() }) + } else { + // if no --target was specified then use RPM-installed headers + log.verbose('get node dir', 'no --target version specified, falling back to RPM installed headers') + nodeDir = '/usr/include/node8' + createBuildDir() + } } } @@ -282,7 +284,8 @@ function configure (gyp, argv, callback) // this logic ported from the old `gyp_addon` python file var gypScript = path.resolve(__dirname, '..', 'gyp', 'gyp_main.py') - var addonGypi = path.resolve(__dirname, '..', 'addon.gypi') + var addon_gypi_file = gyp.opts.target || gyp.opts.nodedir ? 'addon.gypi' : 'addon-rpm.gypi' + var addonGypi = path.resolve(__dirname, '..', addon_gypi_file) var commonGypi = path.resolve(nodeDir, 'include/node/common.gypi') fs.stat(commonGypi, function (err) { if (err) { ++++++ nodejs-libpath.patch ++++++ Index: node-v8.7.0/lib/module.js =================================================================== --- node-v8.7.0.orig/lib/module.js +++ node-v8.7.0/lib/module.js @@ -686,7 +686,7 @@ Module._initPaths = function() { } else { prefixDir = path.resolve(process.execPath, '..', '..'); } - var paths = [path.resolve(prefixDir, 'lib', 'node')]; + var paths = ['/usr/lib/node']; if (homeDir) { paths.unshift(path.resolve(homeDir, '.node_libraries')); Index: node-v8.7.0/tools/install.py =================================================================== --- node-v8.7.0.orig/tools/install.py +++ node-v8.7.0/tools/install.py @@ -6,6 +6,7 @@ import os import re import shutil import sys +from distutils import sysconfig from getmoduleversion import get_version # set at init time @@ -76,7 +77,7 @@ def install(paths, dst): map(lambda path def uninstall(paths, dst): map(lambda path: try_remove(path, dst), paths) def npm_files(action): - target_path = 'lib/node_modules/npm/' + target_path = sysconfig.get_config_var("LIB") + '/node_modules/npm/' # don't install npm if the target path is a symlink, it probably means # that a dev version of npm is installed there @@ -94,7 +95,7 @@ def npm_files(action): if action == uninstall: action([link_path], 'bin/npm') elif action == install: - try_symlink('../lib/node_modules/npm/bin/npm-cli.js', link_path) + try_symlink("../" + sysconfig.get_config_var("LIB") + '/node_modules/npm/bin/npm-cli.js',link_path) else: assert(0) # unhandled action type @@ -139,7 +140,7 @@ def files(action): action([output_prefix + output_file], 'lib/' + output_file) if 'true' == variables.get('node_use_dtrace'): - action(['out/Release/node.d'], 'lib/dtrace/node.d') + action(['out/Release/node.d'], sysconfig.get_config_var("LIB") + '/dtrace/node.d') # behave similarly for systemtap action(['src/node.stp'], 'share/systemtap/tapset/') ++++++ nodejs-sle11-python26-check_output.patch ++++++ Index: node-v8.9.4/configure =================================================================== --- node-v8.9.4.orig/configure +++ node-v8.9.4/configure @@ -38,6 +38,28 @@ import string # If not run from node/, cd to node/. os.chdir(os.path.dirname(__file__) or '.') +# http://stackoverflow.com/questions/28904750/python-check-output-workaround-in-2-6 +if "check_output" not in dir( subprocess ): # duck punch it in! + def check_output(*popenargs, **kwargs): + r"""Run command with arguments and return its output as a byte string. + Backported from Python 2.7 as it's implemented as pure python on stdlib. + + >>> check_output(['/usr/bin/python', '--version']) + Python 2.6.2+ """ + process = subprocess.Popen(stdout=subprocess.PIPE, *popenargs, **kwargs) + output, unused_err = process.communicate() + retcode = process.poll() + if retcode: + cmd = kwargs.get("args") + if cmd is None: + cmd = popenargs[0] + error = subprocess.CalledProcessError(retcode, cmd) + error.output = output + raise error + return output + + subprocess.check_output = check_output + # gcc and g++ as defaults matches what GYP's Makefile generator does, # except on OS X. CC = os.environ.get('CC', 'cc' if sys.platform == 'darwin' else 'gcc') ++++++ npm_search_paths.patch ++++++ Index: node-v8.15.1/deps/npm/lib/help-search.js =================================================================== --- node-v8.15.1.orig/deps/npm/lib/help-search.js +++ node-v8.15.1/deps/npm/lib/help-search.js @@ -18,7 +18,7 @@ function helpSearch (args, silent, cb) { } if (!args.length) return cb(helpSearch.usage) - var docPath = path.resolve(__dirname, '..', 'doc') + var docPath = "/usr/share/doc/packages/nodejs" return glob(docPath + '/*/*.md', function (er, files) { if (er) return cb(er) readFiles(files, function (er, data) { Index: node-v8.15.1/deps/npm/lib/config/defaults.js =================================================================== --- node-v8.15.1.orig/deps/npm/lib/config/defaults.js +++ node-v8.15.1/deps/npm/lib/config/defaults.js @@ -102,6 +102,11 @@ Object.defineProperty(exports, 'defaults if (process.env.DESTDIR) { globalPrefix = path.join(process.env.DESTDIR, globalPrefix) } + + // don't poop all over distro territory - use /usr/local instead + if (globalPrefix === '/usr') { + globalPrefix = path.join(globalPrefix, '/local'); + } } defaults = { Index: node-v8.15.1/deps/npm/lib/config/core.js =================================================================== --- node-v8.15.1.orig/deps/npm/lib/config/core.js +++ node-v8.15.1/deps/npm/lib/config/core.js @@ -153,8 +153,9 @@ function load_ (builtin, rc, cli, cb) { // Eg, `npm config get globalconfig --prefix ~/local` should // return `~/local/etc/npmrc` // annoying humans and their expectations! - if (conf.get('prefix')) { - var etc = path.resolve(conf.get('prefix'), 'etc') + var etc_prefix = conf.get('prefix'); + if (etc_prefix) { + var etc = (etc_prefix === '/usr/local' ? '/etc/nodejs' : path.resolve(etc_prefix, 'etc')); defaults.globalconfig = path.resolve(etc, 'npmrc') defaults.globalignorefile = path.resolve(etc, 'npmignore') } ++++++ openssl_1_1_1.patch ++++++ Backport OpenSSL 1.1.1 support, mostly be disabling TLS 1.3 Upstream commits: commit 8dd8033519658bba2d7b776ec166f889a56bce31 Author: Shigeki Ohtsu <oh...@ohtsu.org> Date: Wed Sep 12 17:34:24 2018 +0900 tls: workaround handshakedone in renegotiation `SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. Backport-PR-URL: https://github.com/nodejs/node/pull/26270 PR-URL: https://github.com/nodejs/node/pull/25381 Reviewed-By: Daniel Bevenius <daniel.beven...@gmail.com> Reviewed-By: Shigeki Ohtsu <oh...@ohtsu.org> commit 161dca72cb06e36614fdc75184383c8f456e97a4 Author: Sam Roberts <vieuxt...@gmail.com> Date: Wed Nov 28 14:11:18 2018 -0800 tls: re-define max supported version as 1.2 Several secureProtocol strings allow any supported TLS version as the maximum, but our maximum supported protocol version is TLSv1.2 even if someone configures a build against an OpenSSL that supports TLSv1.3. Fixes: https://github.com/nodejs/node/issues/24658 PR-URL: https://github.com/nodejs/node/pull/25024 Reviewed-By: Richard Lau <ric...@uk.ibm.com> Reviewed-By: Ben Noordhuis <i...@bnoordhuis.nl> Reviewed-By: Daniel Bevenius <daniel.beven...@gmail.com> Reviewed-By: Colin Ihrig <cjih...@gmail.com> Partial port, remain compatible with 1.0.2: commit 970ce14f61a44504520581c5af5dc9c3bddc0f40 Author: Shigeki Ohtsu <oh...@ohtsu.org> Date: Wed Mar 14 14:26:55 2018 +0900 crypto: remove deperecated methods of TLS version All version-specific methods were deprecated in OpenSSL 1.1.0 and min/max versions explicitly need to be set. This still keeps comptatible with JS and OpenSSL-1.0.2 APIs for now. crypto, constants: add constant of OpenSSL-1.1.0 Several constants for OpenSSL-1.1.0 engine were removed and renamed in OpenSSL-1.1.0. This added one renamed constant in order to have a compatible feature with that of OpenSSL-1.0.2. Other missed or new constants in OpenSSL-1.1.0 are not yet added. crypto,tls,constants: remove OpenSSL1.0.2 support This is semver-majar change so that we need not to have compatibilities with older versions. Fixes: https://github.com/nodejs/node/issues/4270 PR-URL: https://github.com/nodejs/node/pull/19794 Reviewed-By: James M Snell <jasn...@gmail.com> Reviewed-By: Rod Vagg <r...@vagg.org> Reviewed-By: Michael Dawson <michael_daw...@ca.ibm.com> Index: node-v8.15.1/src/node_constants.cc =================================================================== --- node-v8.15.1.orig/src/node_constants.cc +++ node-v8.15.1/src/node_constants.cc @@ -921,6 +921,10 @@ void DefineOpenSSLConstants(Local<Object NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_ECDSA); # endif +# ifdef ENGINE_METHOD_EC + NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_EC); +# endif + # ifdef ENGINE_METHOD_CIPHERS NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_CIPHERS); # endif Index: node-v8.15.1/src/node_crypto.cc =================================================================== --- node-v8.15.1.orig/src/node_crypto.cc +++ node-v8.15.1/src/node_crypto.cc @@ -509,6 +509,8 @@ void SecureContext::Init(const FunctionC ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder()); Environment* env = sc->env(); + int min_version = 0; + int max_version = 0; const SSL_METHOD* method = TLS_method(); if (args.Length() == 1 && args[0]->IsString()) { @@ -531,29 +533,95 @@ void SecureContext::Init(const FunctionC } else if (strcmp(*sslmethod, "SSLv3_client_method") == 0) { return env->ThrowError("SSLv3 methods disabled"); } else if (strcmp(*sslmethod, "SSLv23_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + method = TLS_method(); + #else method = SSLv23_method(); + #endif } else if (strcmp(*sslmethod, "SSLv23_server_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + method = TLS_server_method(); + #else method = SSLv23_server_method(); + #endif } else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + method = TLS_client_method(); + #else method = SSLv23_client_method(); + #endif } else if (strcmp(*sslmethod, "TLSv1_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + min_version = TLS1_VERSION; + max_version = TLS1_VERSION; + method = TLS_method(); + #else method = TLSv1_method(); + #endif } else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + min_version = TLS1_VERSION; + max_version = TLS1_VERSION; + method = TLS_server_method(); + #else method = TLSv1_server_method(); + #endif } else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + min_version = TLS1_VERSION; + max_version = TLS1_VERSION; + method = TLS_client_method(); + #else method = TLSv1_client_method(); + #endif } else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; + method = TLS_method(); + #else method = TLSv1_1_method(); + #endif } else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; + method = TLS_server_method(); + #else method = TLSv1_1_server_method(); + #endif } else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; + method = TLS_client_method(); + #else method = TLSv1_1_client_method(); + #endif } else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; + method = TLS_method(); + #else method = TLSv1_2_method(); + #endif } else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; + method = TLS_server_method(); + #else method = TLSv1_2_server_method(); + #endif } else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; + method = TLS_client_method(); + #else method = TLSv1_2_client_method(); + #endif } else { return env->ThrowError("Unknown method"); } @@ -578,6 +646,13 @@ void SecureContext::Init(const FunctionC SSL_CTX_sess_set_new_cb(sc->ctx_, SSLWrap<Connection>::NewSessionCallback); #if OPENSSL_VERSION_NUMBER >= 0x10100000L + SSL_CTX_set_min_proto_version(sc->ctx_, min_version); + if (max_version == 0) { + // Selecting some secureProtocol methods allows the TLS version to be "any + // supported", but we don't support TLSv1.3, even if OpenSSL does. + max_version = TLS1_2_VERSION; + } + SSL_CTX_set_max_proto_version(sc->ctx_, max_version); // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was // exposed in the public API. To retain compatibility, install a callback // which restores the old algorithm. Index: node-v8.15.1/src/tls_wrap.cc =================================================================== --- node-v8.15.1.orig/src/tls_wrap.cc +++ node-v8.15.1/src/tls_wrap.cc @@ -277,7 +277,10 @@ void TLSWrap::SSLInfoCallback(const SSL* } } - if (where & SSL_CB_HANDSHAKE_DONE) { + // SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE are called + // sending HelloRequest in OpenSSL-1.1.1. + // We need to check whether this is in a renegotiation state or not. + if (where & SSL_CB_HANDSHAKE_DONE && !SSL_renegotiate_pending(ssl)) { c->established_ = true; Local<Value> callback = object->Get(env->onhandshakedone_string()); if (callback->IsFunction()) { ++++++ skip_test_on_lowmem.patch ++++++ Index: node-git.96a986d675/test/sequential/test-buffer-creation-regression.js =================================================================== --- node-git.96a986d675.orig/test/sequential/test-buffer-creation-regression.js +++ node-git.96a986d675/test/sequential/test-buffer-creation-regression.js @@ -2,6 +2,7 @@ const common = require('../common'); const assert = require('assert'); +const os = require('os'); function test(arrayBuffer, offset, length) { const uint8Array = new Uint8Array(arrayBuffer, offset, length); @@ -25,6 +26,10 @@ const offset = 4294967296; /* 1 << 32 */ const size = offset + length; let arrayBuffer; +if (os.totalmem()/(1<<30) < 7) { + common.skip('Skipping test on low-memory build machine'); +} + try { arrayBuffer = new ArrayBuffer(size); } catch (e) { ++++++ versioned.patch ++++++ Author: Adam Majer <ama...@suse.de> Date: Tue Jul 4 15:54:34 CEST 2017 Summary: Generate versioned binaries Generate versioned binaries and install paths so we can allow concurrent installations and management via update_alternatives. This is also important for generation of binary modules for multiple versions of NodeJS Index: node-v8.17.0/Makefile =================================================================== --- node-v8.17.0.orig/Makefile +++ node-v8.17.0/Makefile @@ -46,7 +46,7 @@ BUILDTYPE_LOWER := $(shell echo $(BUILDT EXEEXT := $(shell $(PYTHON) -c \ "import sys; print('.exe' if sys.platform == 'win32' else '')") -NODE_EXE = node$(EXEEXT) +NODE_EXE = node8$(EXEEXT) NODE ?= ./$(NODE_EXE) NODE_G_EXE = node_g$(EXEEXT) NPM ?= ./deps/npm/bin/npm-cli.js Index: node-v8.17.0/tools/install.py =================================================================== --- node-v8.17.0.orig/tools/install.py +++ node-v8.17.0/tools/install.py @@ -78,7 +78,7 @@ def install(paths, dst): map(lambda path def uninstall(paths, dst): map(lambda path: try_remove(path, dst), paths) def npm_files(action): - target_path = sysconfig.get_config_var("LIB") + '/node_modules/npm/' + target_path = sysconfig.get_config_var("LIB") + '/node_modules/npm8/' # don't install npm if the target path is a symlink, it probably means # that a dev version of npm is installed there @@ -92,20 +92,20 @@ def npm_files(action): action(paths, target_path + dirname[9:] + '/') # create/remove symlink - link_path = abspath(install_path, 'bin/npm') + link_path = abspath(install_path, 'bin/npm8') if action == uninstall: - action([link_path], 'bin/npm') + action([link_path], 'bin/npm8') elif action == install: - try_symlink("../" + sysconfig.get_config_var("LIB") + '/node_modules/npm/bin/npm-cli.js',link_path) + try_symlink("../" + sysconfig.get_config_var("LIB") + '/node_modules/npm8/bin/npm-cli.js',link_path) else: assert(0) # unhandled action type # create/remove symlink - link_path = abspath(install_path, 'bin/npx') + link_path = abspath(install_path, 'bin/npx8') if action == uninstall: - action([link_path], 'bin/npx') + action([link_path], 'bin/npx8') elif action == install: - try_symlink('../lib/node_modules/npm/bin/npx-cli.js', link_path) + try_symlink("../" + sysconfig.get_config_var("LIB") + '/node_modules/npm8/bin/npx-cli.js', link_path) else: assert(0) # unhandled action type @@ -119,7 +119,7 @@ def subdir_files(path, dest, action): def files(action): is_windows = sys.platform == 'win32' - output_file = 'node' + output_file = 'node8' output_prefix = 'out/Release/' if 'false' == variables.get('node_shared'): @@ -144,7 +144,7 @@ def files(action): action(['out/Release/node.d'], sysconfig.get_config_var("LIB") + '/dtrace/node.d') # behave similarly for systemtap - action(['src/node.stp'], 'share/systemtap/tapset/') + action(['src/node.stp'], 'share/systemtap/tapset/node8.stp') action(['deps/v8/tools/gdbinit'], 'share/doc/node/') action(['deps/v8/tools/lldbinit'], 'share/doc/node/') @@ -153,7 +153,7 @@ def files(action): if 'freebsd' in sys.platform or 'openbsd' in sys.platform: action(['doc/node.1'], 'man/man1/') else: - action(['doc/node.1'], 'share/man/man1/') + action(['doc/node.1'], 'share/man/man1/node8.1') if 'true' == variables.get('node_install_npm'): npm_files(action) @@ -169,28 +169,28 @@ def headers(action): 'src/node_buffer.h', 'src/node_object_wrap.h', 'src/node_version.h', - ], 'include/node/') + ], 'include/node8/') # Add the expfile that is created on AIX if sys.platform.startswith('aix'): - action(['out/Release/node.exp'], 'include/node/') + action(['out/Release/node.exp'], 'include/node8/') - subdir_files('deps/v8/include', 'include/node/', action) + subdir_files('deps/v8/include', 'include/node8/', action) if 'false' == variables.get('node_shared_libuv'): - subdir_files('deps/uv/include', 'include/node/', action) + subdir_files('deps/uv/include', 'include/node8/', action) if 'true' == variables.get('node_use_openssl') and \ 'false' == variables.get('node_shared_openssl'): - subdir_files('deps/openssl/openssl/include/openssl', 'include/node/openssl/', action) - subdir_files('deps/openssl/config/archs', 'include/node/openssl/archs', action) - action(['deps/openssl/config/opensslconf.h'], 'include/node/openssl/') + subdir_files('deps/openssl/openssl/include/openssl', 'include/node8/openssl/', action) + subdir_files('deps/openssl/config/archs', 'include/node8/openssl/archs', action) + action(['deps/openssl/config/opensslconf.h'], 'include/node8/openssl/') if 'false' == variables.get('node_shared_zlib'): action([ 'deps/zlib/zconf.h', 'deps/zlib/zlib.h', - ], 'include/node/') + ], 'include/node8/') def run(args): global node_prefix, install_path, target_defaults, variables Index: node-v8.17.0/doc/node.1 =================================================================== --- node-v8.17.0.orig/doc/node.1 +++ node-v8.17.0/doc/node.1 @@ -26,12 +26,12 @@ .SH NAME -node \- Server-side JavaScript runtime +node8 \- Server-side JavaScript runtime .SH SYNOPSIS -.B node +.B node8 .RI [ options ] .RI [ v8\ options ] .RI [ script.js \ | @@ -43,14 +43,14 @@ node \- Server-side JavaScript runtime .B [--] .RI [ arguments ] .br -.B node debug +.B node8 debug .RI [ script.js " | " .B \-e .RI \&" script \&"\ | .IR <host>:<port> ] .I ... .br -.B node +.B node8 .RB [ \-\-v8-options ] Execute without arguments to start the REPL. Index: node-v8.17.0/src/node.stp =================================================================== --- node-v8.17.0.orig/src/node.stp +++ node-v8.17.0/src/node.stp @@ -19,7 +19,7 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. -probe node_net_server_connection = process("node").mark("net__server__connection") +probe node_net_server_connection = process("node8").mark("net__server__connection") { remote = user_string($arg2); port = $arg3; @@ -32,7 +32,7 @@ probe node_net_server_connection = proce fd); } -probe node_net_stream_end = process("node").mark("net__stream__end") +probe node_net_stream_end = process("node8").mark("net__stream__end") { remote = user_string($arg2); port = $arg3; @@ -45,7 +45,7 @@ probe node_net_stream_end = process("nod fd); } -probe node_http_server_request = process("node").mark("http__server__request") +probe node_http_server_request = process("node8").mark("http__server__request") { remote = user_string($arg3); port = $arg4; @@ -62,7 +62,7 @@ probe node_http_server_request = process fd); } -probe node_http_server_response = process("node").mark("http__server__response") +probe node_http_server_response = process("node8").mark("http__server__response") { remote = user_string($arg2); port = $arg3; @@ -75,7 +75,7 @@ probe node_http_server_response = proces fd); } -probe node_http_client_request = process("node").mark("http__client__request") +probe node_http_client_request = process("node8").mark("http__client__request") { remote = user_string($arg3); port = $arg4; @@ -92,7 +92,7 @@ probe node_http_client_request = process fd); } -probe node_http_client_response = process("node").mark("http__client__response") +probe node_http_client_response = process("node8").mark("http__client__response") { remote = user_string($arg2); port = $arg3; @@ -105,7 +105,7 @@ probe node_http_client_response = proces fd); } -probe node_gc_start = process("node").mark("gc__start") +probe node_gc_start = process("node8").mark("gc__start") { scavenge = 1 << 0; compact = 1 << 1; @@ -125,7 +125,7 @@ probe node_gc_start = process("node").ma flags); } -probe node_gc_stop = process("node").mark("gc__stop") +probe node_gc_stop = process("node8").mark("gc__stop") { scavenge = 1 << 0; compact = 1 << 1; Index: node-v8.17.0/deps/npm/man/man1/npm.1 =================================================================== --- node-v8.17.0.orig/deps/npm/man/man1/npm.1 +++ node-v8.17.0/deps/npm/man/man1/npm.1 @@ -1,11 +1,11 @@ .TH "NPM" "1" "December 2019" "" "" .SH "NAME" -\fBnpm\fR \- javascript package manager +\fBnpm8\fR \- javascript package manager .SS Synopsis .P .RS 2 .nf -npm <command> [args] +npm8 <command> [args] .fi .RE .SS Version @@ -21,7 +21,7 @@ It is extremely configurable to support Most commonly, it is used to publish, discover, install, and develop node programs\. .P -Run \fBnpm help\fP to get a list of available commands\. +Run \fBnpm8 help\fP to get a list of available commands\. .SS Important .P npm is configured to use npm, Inc\.'s public registry at @@ -35,11 +35,11 @@ terms of use\. .P You probably got npm because you want to install stuff\. .P -Use \fBnpm install blerg\fP to install the latest version of "blerg"\. Check out -npm help \fBinstall\fP for more info\. It can do a lot of stuff\. +Use \fBnpm8 install blerg\fP to install the latest version of "blerg"\. Check out +npm8 help \fBinstall\fP for more info\. It can do a lot of stuff\. .P -Use the \fBnpm search\fP command to show everything that's available\. -Use \fBnpm ls\fP to show everything you've installed\. +Use the \fBnpm8 search\fP command to show everything that's available\. +Use \fBnpm8 ls\fP to show everything you've installed\. .SS Dependencies .P If a package references to another package with a git URL, npm depends @@ -57,7 +57,7 @@ the node\-gyp repository \fIhttps://gith the node\-gyp Wiki \fIhttps://github\.com/TooTallNate/node\-gyp/wiki\fR\|\. .SS Directories .P -See npm help \fBfolders\fP to learn about where npm puts stuff\. +See npm8 help \fBfolders\fP to learn about where npm puts stuff\. .P In particular, npm has two modes of operation: .RS 0 @@ -82,24 +82,24 @@ following help topics: .RS 0 .IP \(bu 2 json: -Make a package\.json file\. See npm help \fBpackage\.json\fP\|\. +Make a package\.json file\. See npm8 help \fBpackage\.json\fP\|\. .IP \(bu 2 link: For linking your current working code into Node's path, so that you don't have to reinstall every time you make a change\. Use -\fBnpm link\fP to do this\. +\fBnpm8 link\fP to do this\. .IP \(bu 2 install: It's a good idea to install things if you don't need the symbolic link\. Especially, installing other peoples code from the registry is done via -\fBnpm install\fP +\fBnpm8 install\fP .IP \(bu 2 adduser: Create an account or log in\. Credentials are stored in the user config file\. .IP \(bu 2 publish: -Use the \fBnpm publish\fP command to upload your code to the registry\. +Use the \fBnpm8 publish\fP command to upload your code to the registry\. .RE .SS Configuration @@ -135,7 +135,7 @@ lib/utils/config\-defs\.js\. These must .RE .P -See npm help \fBconfig\fP for much much more information\. +See npm8 help \fBconfig\fP for much much more information\. .SS Contributions .P Patches welcome! @@ -172,14 +172,14 @@ i@izs\.me .SS See Also .RS 0 .IP \(bu 2 -npm help help +npm8 help help .IP \(bu 2 -npm help package\.json +npm8 help package\.json .IP \(bu 2 -npm help install +npm8 help install .IP \(bu 2 -npm help config +npm8 help config .IP \(bu 2 -npm help npmrc +npm8 help npmrc .RE Index: node-v8.17.0/node.gyp =================================================================== --- node-v8.17.0.orig/node.gyp +++ node-v8.17.0/node.gyp @@ -21,8 +21,8 @@ 'node_shared_openssl%': 'false', 'node_v8_options%': '', 'node_enable_v8_vtunejit%': 'false', - 'node_core_target_name%': 'node', - 'node_lib_target_name%': 'node_lib', + 'node_core_target_name%': 'node8', + 'node_lib_target_name%': 'node8_lib', 'node_intermediate_lib_type%': 'static_library', 'library_files': [ 'lib/internal/bootstrap_node.js', Index: node-v8.17.0/src/node_main.cc =================================================================== --- node-v8.17.0.orig/src/node_main.cc +++ node-v8.17.0/src/node_main.cc @@ -21,6 +21,7 @@ #include "node.h" #include <stdio.h> +#include <stdlib.h> #ifdef _WIN32 #include <windows.h> @@ -119,6 +120,7 @@ int main(int argc, char *argv[]) { #endif // Disable stdio buffering, it interacts poorly with printf() // calls elsewhere in the program (e.g., any logging from V8.) + setenv("NODE_VERSION", "8", 0); setvbuf(stdout, nullptr, _IONBF, 0); setvbuf(stderr, nullptr, _IONBF, 0); return node::Start(argc, argv); Index: node-v8.17.0/tools/test.py =================================================================== --- node-v8.17.0.orig/tools/test.py +++ node-v8.17.0/tools/test.py @@ -873,7 +873,7 @@ class Context(object): def GetVm(self, arch, mode): if arch == 'none': - name = 'out/Debug/node' if mode == 'debug' else 'out/Release/node' + name = 'out/Debug/node' if mode == 'debug' else 'out/Release/node8' else: name = 'out/%s.%s/node' % (arch, mode)