| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| test_dns_lookupService_promises.patch | this test assumes /etc/services, work around it | Jrmy Lal <kapouer@melix.org> | yes | 2022-06-26 | ||
| ares_compat.patch | keep nodejs compatible with libc-ares 1.17.1 | Jrmy Lal <kapouer@melix.org> | not-needed | 2021-08-11 | ||
| shared_uv_from_uvwasi.patch | uvwasi depends on uv.gyp and ignores shared_libuv | Jrmy Lal <kapouer@melix.org> | yes | 2021-07-03 | ||
| large_pages_assembly_gnu_stack.patch | Adds .GNU-stack section header to disable executable stack flag | James Addison <jay@jp-hosting.net> | no | https://github.com/nodejs/node/pull/37688 | ||
| dfhs_module_path_arch_triplet.patch | Multiarch search path, arch triplet, DFHS path for modules | "Bastien ROUCARIS" <roucaries.bastien@gmail.com> | yes | 2020-03-04 | ||
| use_system_node_gyp.patch | use system-installed node-gyp for building test modules | Jrmy Lal <kapouer@melix.org> | not-needed | 2015-09-09 | ||
| privacy_breach.patch | remove google font from template.html, and link to local | Jrmy Lal <kapouer@melix.org> | not-needed | 2015-09-09 | ||
| make-doc.patch | build doc using marked and js-yaml While waiting for unified/remarked/rehyped modules to be available in debian | Jrmy Lal <kapouer@melix.org> | not-needed | 2020-08-05 | ||
| 2017_mips_configure_fpu.patch | use configuration directive to set mips fpu mode | YunQiang Su <wzssyqa@gmail.com> | yes | 2015-09-29 | ||
| test_ci_buildd.patch | adapt test-ci build target for buildd * run tests with ./node * remove addons from test-ci suite, because it creates a dependency loop nodejs -> node-gyp -> nodejs which is painful to manage. * disabled because it requires stdin: + test-stdout-close-unref + test-regress-GH-746 * test-tick-processor fails on ppc64 and s390x, currently investigated https://github.com/nodejs/node/issues/2471 * test-cluster-disconnect sometimes fails on busy buildd, forwarded upstream https://github.com/nodejs/node/issues/3383 * test-fs-watch is flaky, might be related to https://github.com/nodejs/node/issues/4082 * huge timeout value for all platforms, buildd could be busy * test-npm-install and test-release-npm must fail, debian package dfsg-repacked npm out * ability to override CI_NATIVE_SUITES, CI_JS_SUITES * disable tests failing because DNS is disabled * sequential/test-http2-session-timeout is flaky https://github.com/nodejs/node/issues/20628 |
Jrmy Lal <kapouer@melix.org> | not-needed | 2020-02-09 | ||
| fix_disable_cctest.patch | do not build cctest, build broken on debian | Jrmy Lal <kapouer@melix.org> | invalid | 2017-12-18 | ||
| benchmark_without_alice.patch | a test uses a benchmark that read alice.html, dfsg excluded | Jrmy Lal <kapouer@melix.org> | not-needed | 2020-03-04 | ||
| atomic.patch | Link to -latomic by default This avoids surprises on mips*el/ppc*el | Jrmy Lal <kapouer@melix.org> | not-needed | upstream | 2019-10-25 | |
| mips-fix.patch | upstream mips fix | no | https://github.com/nodejs/node/issues/31118 | 2020-05-30 | ||
| mips-less-memory.patch | mksnapshot uses too much memory on 32-bit mipsel | Jrmy Lal <kapouer@melix.org> | yes | 2020-06-03 | ||
| mips-no-jitless.patch | on mipsel, mips64el, node --jitless segfaults | Jrmy Lal <kapouer@melix.org> | yes | 2020-06-03 | ||
| localhost-no-addrconfig.patch | do not use dns.ADDRCONFIG for localhost it fails on IPv6-only systems. Setting it with libc fails on linux. https://github.com/nodejs/node/issues/33279 |
Jrmy Lal <kapouer@melix.org> | yes | debian | 2020-06-11 | |
| ppc64.patch | [PATCH] Fix crashes on Linux/PPC64 ELFv1 | Marcus Comstedt <marcus@mc.pp.se> | no | https://github.com/nodejs/node/pull/33866 | 2020-06-13 | |
| python3.patch | support build with python3 | Jrmy Lal <kapouer@melix.org> | not-needed | 2020-08-08 | ||
| cjs-module-lexer.patch | cannot rebuilt dist/lexer.js, just use pure-js lexer | Jrmy Lal <kapouer@melix.org> | not-needed | 2020-11-24 | ||
| upstream-fix-test-worker-prof.patch | [PATCH] test: fix flaky test-worker-prof | Rich Trott <rtrott@gmail.com> | no | 2021-02-14 | ||
| cve-2022-32212.patch | commit 48c5aa5cab718d04473fa2761d532657c84b8131 src: fix IPv4 validation in inspector_socket Co-authored-by: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: https://github.com/nodejs-private/node-private/pull/320 Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/325 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: RafaelGSS <rafael.nunu@hotmail.com> CVE-ID: CVE-2022-32212 =================================================================== |
Tobias Nieen <tniessen@tnie.de> | no | 2022-05-27 | ||
| cve-2022-35255.patch | Comment: Although WebCrypto is not implemented in 12.x series, this fix is introducing enhancment to the crypto setup of V8:EntropySource(). commit 0c2a5723beff39d1f62daec96b5389da3d427e79 crypto: fix weak randomness in WebCrypto keygen Commit dae283d96f from August 2020 introduced a call to EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with that: 1. It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2. The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. An example is a freshly booted system or a system without /dev/random or getrandom(2). EntropySource() calls out to openssl's RAND_poll() and RAND_bytes() in a best-effort attempt to obtain random data. OpenSSL has a built-in CSPRNG but that can fail to initialize, in which case it's possible either: 1. No random data gets written to the output buffer, i.e., the output is unmodified, or 2. Weak random data is written. It's theoretically possible for the output to be fully predictable because the CSPRNG starts from a predictable state. Replace EntropySource() and CheckEntropy() with new function CSPRNG() that enforces checking of the return value. Abort on startup when the entropy pool fails to initialize because that makes it too easy to compromise the security of the process. Refs: https://hackerone.com/bugs?report_id=1690000 Refs: https://github.com/nodejs/node/pull/35093 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Tobias Nieen <tniessen@tnie.de> PR-URL: #346 Backport-PR-URL: #351 CVE-ID: CVE-2022-35255 =================================================================== |
Ben Noordhuis <info@bnoordhuis.nl> | no | https://github.com/nodejs/node/commit/0c2a5723beff39d1f62daec96b5389da3d427e79 | 2022-09-11 | |
| cve-2022-43548.patch | commit 2b433af094fb79cf80f086038b7f36342cb6826f inspector: harden IP address validation again Use inet_pton() to parse IP addresses, which restricts IP addresses to a small number of well-defined formats. In particular, octal and hexadecimal number formats are not allowed, and neither are leading zeros. Also explicitly reject 0.0.0.0/8 and ::/128 as non-routable. Refs: https://hackerone.com/reports/1710652 CVE-ID: CVE-2022-43548 PR-URL: https://github.com/nodejs-private/node-private/pull/354 Reviewed-by: Michael Dawson <midawson@redhat.com> Reviewed-by: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-by: Rich Trott <rtrott@gmail.com> =================================================================== |
Tobias Nieen <tniessen@tnie.de> | no | 2022-09-25 | ||
| cve-llhttp.patch | Comment: This patch updates the embeded copy of llhttp from version 2.1.4 to 2.1.6, which is upstream's actual fix for CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35256. Test cases are ported to use mustCall() to replace the later introduced mustSucceed(), to avoid pulling in too many dependent new test codes. References: * https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd * https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0 |
no | 2023-01-05 | |||
| cve-2023-23920.patch | build: build ICU with ICU_NO_USER_DATA_OVERRIDE | RafaelGSS <rafael.nunu@hotmail.com> | yes | debian upstream | https://github.com/nodejs/node/commit/97a0443f1369e65cf656a529b2f5433bfd56ad92 | 2023-01-18 |