From 2cc7084efb153465589f9f632e3a98fffd0f8504 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Fri, 9 Dec 2022 14:17:11 +0000 Subject: [PATCH] import nodejs-16.18.1-3.module+el8.7.0+17465+1a1abd74 --- .gitignore | 2 +- .nodejs.metadata | 2 +- SPECS/nodejs.spec | 28 ++++++++++++++++++++++++---- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 5728f42..a6e94a4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/cjs-module-lexer-1.2.2.tar.gz SOURCES/icu4c-71_1-src.tgz SOURCES/node-v16.18.1-stripped.tar.gz -SOURCES/undici-5.9.1.tar.gz +SOURCES/undici-5.10.0.tar.gz SOURCES/wasi-sdk-wasi-sdk-11.tar.gz SOURCES/wasi-sdk-wasi-sdk-14.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 933c9db..c58aefc 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,6 +1,6 @@ b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz 406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz 0e8bf36bf0ed737011cc49026a1e7b82d7a1f638 SOURCES/node-v16.18.1-stripped.tar.gz -29d1d37064671ed3055fdfe06f0e323a08d62ca9 SOURCES/undici-5.9.1.tar.gz +a2668423c8ed5321e39ce08e239141b084563bb5 SOURCES/undici-5.10.0.tar.gz 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz 900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 00786cd..e0fe410 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -35,7 +35,7 @@ # This is used by both the nodejs package and the npm subpackage that # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. -%global baserelease 2 +%global baserelease 3 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -200,9 +200,9 @@ Source101: cjs-module-lexer-1.2.2.tar.gz Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.8.0.tar.gz -# Adjustments: rm -f undici-5.8.0/lib/llhttp/llhttp*.wasm* -Source111: undici-5.9.1.tar.gz +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.10.0.tar.gz +# Adjustments: rm -f undici-5.10.0/lib/llhttp/llhttp*.wasm* +Source111: undici-5.10.0.tar.gz # The WASM blob was made using wasi-sdk v14; compiler libraries are linked in. # Version source: build/Dockerfile Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz @@ -395,6 +395,22 @@ rm -rf deps/brotli rm -rf deps/v8/third_party/jinja2 rm -rf tools/inspector_protocol/jinja2 +# check for correct versions of dependencies we are bundling +check_wasm_dep() { + local -r name="$1" source="$2" packagejson="$3" + local -r expected_version="$(jq -r '.version' "${packagejson}")" + + if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then + printf '%s version matches\n' "${name}" >&2 + else + printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2 + return 1 + fi +} + +check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json +check_wasm_dep undici '%{SOURCE111}' deps/undici/src/package.json + # Replace any instances of unversioned python' with python3 %if %{with python3_fixup} pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js") @@ -712,6 +728,10 @@ end %changelog +* Wed Dec 07 2022 Jan Staněk - 1:16.18.1-3 +- Update sources of undici WASM blobs + Resolves: rhbz#2151546 + * Fri Dec 02 2022 Jan Staněk - 1:16.18.1-2 - Record CVE references already addressed in this or previous upstream versions Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824