!9 Package upgrade

From: @houyingchao Reviewed-by: @gitee-cmd Signed-off-by: @gitee-cmd
2022-06-30 09:28:56 +00:00 · 2022-06-30 09:28:56 +00:00 · 3b6b73d029
commit 3b6b73d029
parent 33d0f97034 19464d7f30
4 changed files with 12 additions and 133 deletions
--- a/CVE-2022-29167.patch
+++ b/CVE-2022-29167.patch
@ -1,121 +0,0 @@
-From ade134119bf1fdc4909d00f5a952c966f0075ad3 Mon Sep 17 00:00:00 2001
-From: Yaraslau Kurmyza <yarik@mozilla.com>
-Date: Mon, 2 May 2022 13:47:12 +0200
-Subject: [PATCH] Parse URLs using stdlib
-
---
- lib/utils.js   | 22 ++++++++++++----------
- test/server.js | 14 ++++++++++++++
- test/utils.js  |  6 +++---
- 3 files changed, 29 insertions(+), 13 deletions(-)
-
-diff --git a/lib/utils.js b/lib/utils.js
-index 60d8219..a2a3094 100644
--- a/lib/utils.js
-+++ b/lib/utils.js
-@@ -4,6 +4,7 @@
- 
- const Sntp = require('sntp');
- const Boom = require('boom');
-+const Url = require('url');
- 
- 
- // Declare internals
-@@ -22,12 +23,6 @@ exports.limits = {
- };
- 
- 
-// Extract host and port from request
-
-//                                            $1                            $2
-internals.hostHeaderRegex = /^(?:(?:\r\n)?\s)*((?:[^:]+)|(?:\[[^\]]+\]))(?::(\d+))?(?:(?:\r\n)?\s)*$/;              // (IPv4, hostname)|(IPv6)
-
-
- exports.parseHost = function (req, hostHeaderName) {
- 
-     hostHeaderName = (hostHeaderName ? hostHeaderName.toLowerCase() : 'host');
-@@ -40,14 +35,21 @@ exports.parseHost = function (req, hostHeaderName) {
-         return null;
-     }
- 
-    const hostParts = hostHeader.match(internals.hostHeaderRegex);
-    if (!hostParts) {
-+    if (hostHeader.indexOf('/') !== -1) {
-         return null;
-     }
- 
-+    let uri;
-+    try {
-+	uri = new Url.URL('http://' + hostHeader);
-+    }
-+    catch (err) {
-+	return null;
-+    }
-+
-     return {
-        name: hostParts[1],
-        port: (hostParts[2] ? hostParts[2] : (req.connection && req.connection.encrypted ? 443 : 80))
-+	name: uri.hostname,
-+	port: (uri.port ? uri.port : (req.connection && req.connection.encrypted ? 443 : 80))
-     };
- };
- 
-diff --git a/test/server.js b/test/server.js
-index 39e66e6..3ef23d6 100755
--- a/test/server.js
-+++ b/test/server.js
-@@ -551,6 +551,20 @@ describe('Server', () => {
-             });
-         });
- 
-+	it('errors on an bad host header (includes path and query)', async () => {
-+
-+	     const req = {
-+		 method: 'GET',
-+		 url: '/resource/4?filter=a',
-+		 headers: {
-+		     host: 'example.com:8080/path?x=z',
-+		     authorization: 'Hawk'
-+		 }
-+	     };
-+
-+	     await expect(Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() })).to.reject('Invalid Host header');
-+	});
-+
-         it('errors on an bad host header (pad port)', (done) => {
- 
-             const req = {
-diff --git a/test/utils.js b/test/utils.js
-index 6182609..98f2422 100755
--- a/test/utils.js
-+++ b/test/utils.js
-@@ -64,7 +64,7 @@ describe('Utils', () => {
-                 method: 'POST',
-                 url: '/resource/4?filter=a',
-                 headers: {
-                    host: '[123:123:123]',
-+		    host: '[123:123::123]',
-                     'content-type': 'text/plain;x=y'
-                 },
-                 connection: {
-@@ -82,7 +82,7 @@ describe('Utils', () => {
-                 method: 'POST',
-                 url: '/resource/4?filter=a',
-                 headers: {
-                    host: '[123:123:123]:8000',
-+			host: '[123:123::123]:8000',
-                     'content-type': 'text/plain;x=y'
-                 },
-                 connection: {
-@@ -92,7 +92,7 @@ describe('Utils', () => {
- 
-             const host = Hawk.utils.parseHost(req, 'Host');
-             expect(host.port).to.equal('8000');
-            expect(host.name).to.equal('[123:123:123]');
-+            expect(host.name).to.equal('[123:123::123]');
-             done();
-         });
- 
-- 
-2.23.0
-
--- a/hawk-4.1.2.tgz
+++ b/hawk-4.1.2.tgz
--- a/hawk-9.0.1.tgz
+++ b/hawk-9.0.1.tgz
--- a/nodejs-hawk.spec
+++ b/nodejs-hawk.spec
@ -1,15 +1,14 @@
 %global enable_tests 0
 Name:                nodejs-hawk
-Version:             4.1.2
-Release:             3
+Version:             9.0.1
+Release:             1
 Summary:             HTTP Hawk authentication scheme
 License:             BSD-3-Clause
 URL:                 https://github.com/hueniverse/hawk
 Source0:             https://registry.npmjs.org/hawk/-/hawk-%{version}.tgz
-Patch0:		     CVE-2022-29167.patch
 BuildArch:           noarch
 ExclusiveArch:       %{nodejs_arches} noarch
-BuildRequires:       nodejs-packaging npm(boom) npm(cryptiles) npm(hoek) npm(sntp)
+BuildRequires:       nodejs-packaging
 %if 0%{?enable_tests}
 BuildRequires:       npm(lab) npm(code)
 %endif
@ -19,12 +18,12 @@ algorithm to provide partial HTTP request cryptographic verification.

 %prep
 %autosetup -n package -p1
-%nodejs_fixdep cryptiles "^2.0.5"
-%nodejs_fixdep boom "^2.10.1"
-%nodejs_fixdep hoek "^0.9.1"
-chmod a-x README.md LICENSE package.json client.js example/* images/* lib/*
+%nodejs_fixdep -r @hapi/b64
+%nodejs_fixdep -r @hapi/boom
+%nodejs_fixdep -r @hapi/cryptiles
+%nodejs_fixdep -r @hapi/hoek
+chmod a-x README.md package.json lib/*
 sed -i 's/\r$//' README.md
-sed -i 's/\r$//' example/usage.js

 %build

@ -35,17 +34,18 @@ cp -pr package.json lib %{buildroot}%{nodejs_sitelib}/hawk

 %check
 %nodejs_symlink_deps --check
-%__nodejs -e "require('./')"
 %if 0%{?enable_tests}
 %{nodejs_sitelib}/lab/bin/lab -a code -t 100 -L
 %endif

 %files
-%doc README.md example images
-%license LICENSE
+%doc README.md
 %{nodejs_sitelib}/hawk

 %changelog
+* Thu Jun 30 2022 houyingchao <houyingchao@h-partners.com> - 9.0.1-1
+- Upgrade to 9.0.1
+
 * Tue May 17 2022 houyingchao <houyingchao@h-partners.com> - 4.1.2-3
 - Fix CVE-2022-29167