From 2be086c2cd330d07324f43f084b9c9ee0c041215 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 8 Nov 2022 05:57:06 -0500 Subject: [PATCH] import nodejs-18.9.1-1.module+el8.7.0+16806+4109802b --- .gitignore | 4 +-- .nodejs.metadata | 4 +-- ...1-Disable-running-gyp-on-shared-deps.patch | 10 +++--- ...nstalling-dtrace-and-systemtap-files.patch | 31 +++++++++++++++++++ SPECS/nodejs.spec | 23 ++++++++------ 5 files changed, 54 insertions(+), 18 deletions(-) create mode 100644 SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch diff --git a/.gitignore b/.gitignore index 6ff2449..a9e2783 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/cjs-module-lexer-1.2.2.tar.gz SOURCES/icu4c-71_1-src.tgz -SOURCES/node-v18.8.0-stripped.tar.gz -SOURCES/undici-5.8.2.tar.gz +SOURCES/node-v18.9.1-stripped.tar.gz +SOURCES/undici-5.10.0.tar.gz SOURCES/wasi-sdk-wasi-sdk-11.tar.gz SOURCES/wasi-sdk-wasi-sdk-14.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index dd3e006..ef50074 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,6 +1,6 @@ 6976e77068429bd0b47b573793289e065ceb6b27 SOURCES/cjs-module-lexer-1.2.2.tar.gz 406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz -8b2134f2d551e4830a5f8b0d376b42a35f478a1b SOURCES/node-v18.8.0-stripped.tar.gz -29a0b677c4dad6f3976e8c139c459fc49dc608b4 SOURCES/undici-5.8.2.tar.gz +a665236ba7ffed7160a662ba74703274f73523fc SOURCES/node-v18.9.1-stripped.tar.gz +a0ca081b1bab3d13e1530f823b7bb841d2ec961e SOURCES/undici-5.10.0.tar.gz 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz 900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz diff --git a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch index b78e6a3..90d5b8f 100644 --- a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch +++ b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch @@ -1,4 +1,4 @@ -From fe1e9d3f6d87416aa4cd8f8bee186d71a8ea2b0f Mon Sep 17 00:00:00 2001 +From 2abb9e98751595936ac1c867b3f08695f5bcf22c Mon Sep 17 00:00:00 2001 From: Zuzana Svetlikova Date: Fri, 17 Apr 2020 12:59:44 +0200 Subject: [PATCH] Disable running gyp on shared deps @@ -10,10 +10,10 @@ Signed-off-by: rpm-build 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/Makefile b/Makefile -index e0d756f..c90bfa7 100644 +index 9c01f8f..133a3d0 100644 --- a/Makefile +++ b/Makefile -@@ -147,7 +147,7 @@ with-code-cache test-code-cache: +@@ -148,7 +148,7 @@ with-code-cache test-code-cache: $(warning '$@' target is a noop) out/Makefile: config.gypi common.gypi node.gyp \ @@ -23,7 +23,7 @@ index e0d756f..c90bfa7 100644 tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp $(PYTHON) tools/gyp_node.py -f make diff --git a/node.gyp b/node.gyp -index 6b3a6d9..5882cef 100644 +index 8f131ac..dce5fdc 100644 --- a/node.gyp +++ b/node.gyp @@ -429,23 +429,6 @@ @@ -51,5 +51,5 @@ index 6b3a6d9..5882cef 100644 ], }, # node_core_target_name -- -2.36.1 +2.37.3 diff --git a/SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch b/SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch new file mode 100644 index 0000000..f055d91 --- /dev/null +++ b/SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch @@ -0,0 +1,31 @@ +From 9872b897d6a9a39e3392c39bca70cfd9dd084558 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 26 Sep 2022 16:02:39 +0200 +Subject: [PATCH] install: keep installing dtrace and systemtap files + +Partly reverts commit e27e709d3ca93b3e7036ddc4f4d28dfde228bfb6. + +Signed-off-by: rpm-build +--- + tools/install.py | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/tools/install.py b/tools/install.py +index 4b01d67..dc16797 100755 +--- a/tools/install.py ++++ b/tools/install.py +@@ -178,6 +178,11 @@ def files(action): + output_lib = 'libnode.' + variables.get('shlib_suffix') + action([output_prefix + output_lib], variables.get('libdir') + '/' + output_lib) + ++ if 'true' == variables.get('node_use_dtrace'): ++ action(['out/Release/node.d'], variables.get('libdir') + '/dtrace/node.d') ++ ++ action(['src/node.stp'], 'share/systemtap/tapset/') ++ + action(['deps/v8/tools/gdbinit'], 'share/doc/node/') + action(['deps/v8/tools/lldb_commands.py'], 'share/doc/node/') + +-- +2.37.3 + diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 3984838..33f7496 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -41,8 +41,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 18 -%global nodejs_minor 8 -%global nodejs_patch 0 +%global nodejs_minor 9 +%global nodejs_patch 1 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 108 @@ -58,7 +58,7 @@ %global v8_major 10 %global v8_minor 2 %global v8_build 154 -%global v8_patch 13 +%global v8_patch 15 # V8 presently breaks ABI at least every x.y release while never bumping SONAME %global v8_abi %{v8_major}.%{v8_minor} %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} @@ -74,7 +74,7 @@ # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_major 6 %global llhttp_minor 0 -%global llhttp_patch 7 +%global llhttp_patch 10 %global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch} # libuv - from deps/uv/include/uv/version.h @@ -134,8 +134,8 @@ # npm - from deps/npm/package.json %global npm_epoch 1 %global npm_major 8 -%global npm_minor 18 -%global npm_patch 0 +%global npm_minor 19 +%global npm_patch 1 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} # uvwasi - from deps/uvwasi/include/uvwasi.h @@ -197,15 +197,16 @@ Source101: cjs-module-lexer-1.2.2.tar.gz Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.8.2.tar.gz -# Adjustments: rm -f undici-5.8.2/lib/llhttp/llhttp*.wasm* -Source111: undici-5.8.2.tar.gz +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.10.0.tar.gz +# Adjustments: rm -f undici-5.10.0/lib/llhttp/llhttp*.wasm* +Source111: undici-5.10.0.tar.gz # The WASM blob was made using wasi-sdk v14; compiler libraries are linked in. # Version source: build/Dockerfile Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch +Patch2: 0002-install-keep-installing-dtrace-and-systemtap-files.patch BuildRequires: make BuildRequires: python3-devel @@ -714,6 +715,10 @@ end %changelog +* Tue Sep 27 2022 Jan Staněk - 1:18.9.1-1 +- Rebase to version 18.9.1 + Resolves: CVE-2022-35255 CVE-2022-35256 + * Fri Aug 26 2022 Jan Staněk - 1:18.8.0-1 - Rebase to version 18.8.0 - Include sources for WASM blobs