stable

nodejs16-16.20.0-2.fc38, nodejs18-18.15.0-6.fc38, & 1 more

FEDORA-2023-973319d5b7 created by sgallagh a year ago for Fedora 38

Fixes for virtual Provides/Requires of nodejs and nodejs-devel


Assorted fixes for v8-devel


Update to 19.8.1

Fix confilct with nodejs18


2023-02-16, Version 16.19.1 'Gallium' (LTS), @richardlau

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

  • CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
  • CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
  • CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)

Fixed by an update to undici:

More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

This security release includes OpenSSL security updates as outlined in the recent OpenSSL security advisory.

Commits

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-973319d5b7

This update has been submitted for testing by sgallagh.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update has obsoleted nodejs16-16.20.0-1.fc38, and has inherited its bugs and notes.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago

This update has been pushed to testing.

a year ago
User Icon pwalter commented & provided feedback a year ago
karma

Works

User Icon frantisekz commented & provided feedback a year ago
karma

Works well

This update has been submitted for stable by bodhi.

a year ago

There is an ongoing freeze; this will be pushed to stable after the freeze is over.

a year ago

This update has been pushed to stable.

a year ago
User Icon ellert commented & provided feedback a year ago
karma

This is an improvement, but BR: npm still installs nodejs20-npm instead of nodejs-npm.

See the following koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=99528731

The root.log shows that the following packages gets installed:

DEBUG util.py:445:  Dependencies resolved.
DEBUG util.py:445:  ================================================================================
DEBUG util.py:445:   Package                  Arch      Version                      Repo      Size
DEBUG util.py:445:  ================================================================================
DEBUG util.py:445:  Installing:
DEBUG util.py:445:   nodejs20-npm             i686      1:9.5.1-1.19.8.1.7.fc38      build    2.0 M
DEBUG util.py:445:   web-assets-devel         noarch    5-19.fc38                    build    9.3 k
DEBUG util.py:445:  Installing dependencies:
DEBUG util.py:445:   fonts-filesystem         noarch    1:2.0.5-11.fc38              build    8.1 k
DEBUG util.py:445:   libuv                    i686      1:1.44.2-3.fc38              build    159 k
DEBUG util.py:445:   nodejs                   i686      1:18.15.0-6.fc38             build    1.8 M
DEBUG util.py:445:   nodejs-libs              i686      1:18.15.0-6.fc38             build     14 M
DEBUG util.py:445:   nodejs20                 i686      1:19.8.1-7.fc38              build    1.8 M
DEBUG util.py:445:   nodejs20-libs            i686      1:19.8.1-7.fc38              build     15 M
DEBUG util.py:445:   web-assets-filesystem    noarch    5-19.fc38                    build    7.9 k
DEBUG util.py:445:  Transaction Summary
DEBUG util.py:445:  ================================================================================
DEBUG util.py:445:  Install  9 Packages

I.e. nodejs20-npm gets installed instead of nodejs-npm, which results in FTBFS since the non-standard nodejs20-npm does not have a banary named npm, and the build fails with (see build.log):

+ npm run compile
/var/tmp/rpm-tmp.pU6JSV: line 44: npm: command not found
error: Bad exit status from /var/tmp/rpm-tmp.pU6JSV (%build)

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
approved
a year ago

Automated Test Results