CVE-2022-3517

modified: nodejs-minimatch.spec modified: nodejs-minimatch.spec (cherry picked from commit 41840763d0f7e00f1f5ff73e0fbbe3215d678ab5)
2022-10-25 17:19:24 +08:00 · 2022-10-25 17:19:24 +08:00 · a8f01693ef
commit a8f01693ef
parent 27ba2946f1
2 changed files with 8551 additions and 2 deletions
--- a/CVE-2022-3517.patch
+++ b/CVE-2022-3517.patch
--- a/nodejs-minimatch.spec
+++ b/nodejs-minimatch.spec
@ -2,11 +2,13 @@
 %global enable_tests 0
 Name:                nodejs-minimatch
 Version:             3.0.4
-Release:             1
+Release:             2
 Summary:             JavaScript glob matcher
 License:             MIT
 URL:                 https://github.com/isaacs/minimatch
 Source0:             https://github.com/isaacs/minimatch/archive/v%{version}/%{name}-%{version}.tar.gz
+Patch1:              CVE-2022-3517.patch
+
 BuildArch:           noarch
 ExclusiveArch:       %{nodejs_arches} noarch
 BuildRequires:       nodejs-packaging
@ -15,7 +17,7 @@ BuildRequires:       npm(tap) npm(brace-expansion)
 Converts glob expressions to JavaScript "RegExp" objects.

 %prep
-%autosetup -n minimatch-%{version}
+%autosetup -n minimatch-%{version} -p1

 %build

@ -40,5 +42,8 @@ cp -p package.json minimatch.js %{buildroot}%{nodejs_sitelib}/minimatch
 %{nodejs_sitelib}/minimatch

 %changelog
+* Tue Oct 25 2022 jiangpeng <jiangpeng01@ncti-gba.cn> - 3.0.4-2
+- Fix CVE-2022-3517
+
 * Mon Aug 17 2020 wutao <wutao61@huawei.com> - 3.0.4-1
 - Package init