Import rpm: 465a72e724a3969530fd9f6c90fee326f31f1ad1

2023-02-23 13:02:39 -05:00 · 2023-02-23 13:02:39 -05:00 · 4e5f9a0773
commit 4e5f9a0773
parent dabd5cfcc7
4 changed files with 80 additions and 30 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,6 @@
+SOURCES/cjs-module-lexer-1.2.2.tar.gz
 SOURCES/icu4c-71_1-src.tgz
-SOURCES/node-v18.2.0-stripped.tar.gz
+SOURCES/node-v18.12.1-stripped.tar.gz
+SOURCES/undici-5.11.0.tar.gz
+SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
+SOURCES/wasi-sdk-wasi-sdk-14.tar.gz
--- a/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/0001-Disable-running-gyp-on-shared-deps.patch
@ -1,4 +1,4 @@
-From 142fe30256f96e28b49f55d5c72e604719aaaad8 Mon Sep 17 00:00:00 2001
+From 2abb9e98751595936ac1c867b3f08695f5bcf22c Mon Sep 17 00:00:00 2001
 From: Zuzana Svetlikova <zsvetlik@redhat.com>
 Date: Fri, 17 Apr 2020 12:59:44 +0200
 Subject: [PATCH] Disable running gyp on shared deps
@ -10,10 +10,10 @@ Signed-off-by: rpm-build <rpm-build>
 2 files changed, 1 insertion(+), 18 deletions(-)

 diff --git a/Makefile b/Makefile
-index 4aace77..0bad864 100644
+index 9c01f8f..133a3d0 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -147,7 +147,7 @@ with-code-cache test-code-cache:
+@@ -148,7 +148,7 @@ with-code-cache test-code-cache:
 	$(warning '$@' target is a noop)
 
 out/Makefile: config.gypi common.gypi node.gyp \
@ -23,17 +23,17 @@ index 4aace77..0bad864 100644
 	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
 	$(PYTHON) tools/gyp_node.py -f make
 diff --git a/node.gyp b/node.gyp
-index 86fe9a6..bfa5093 100644
+index 8f131ac..dce5fdc 100644
 --- a/node.gyp
 +++ b/node.gyp
-@@ -449,23 +449,6 @@
+@@ -429,23 +429,6 @@
               ],
             },
           ],
 -         }, {
 -           'variables': {
 -              'opensslconfig_internal': '<(obj_dir)/deps/openssl/openssl.cnf',
-              'opensslconfig': './deps/openssl/openssl/apps/openssl.cnf',
+-              'opensslconfig': './deps/openssl/nodejs-openssl.cnf',
 -           },
 -           'actions': [
 -             {
@ -42,8 +42,8 @@ index 86fe9a6..bfa5093 100644
 -               'outputs': [ '<(opensslconfig_internal)', ],
 -               'action': [
 -                 'python', 'tools/copyfile.py',
-                 './deps/openssl/openssl/apps/openssl.cnf',
-                 '<(obj_dir)/deps/openssl/openssl.cnf',
+-                 '<(opensslconfig)',
+-                 '<(opensslconfig_internal)',
 -               ],
 -             },
 -           ],
@ -51,5 +51,5 @@ index 86fe9a6..bfa5093 100644
       ],
     }, # node_core_target_name
 -- 
-2.36.1
+2.37.3

--- a/nodejs.spec
+++ b/nodejs.spec
@ -30,7 +30,7 @@
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 1
+%global baserelease 2

 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}

@ -41,8 +41,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 18
-%global nodejs_minor 2
-%global nodejs_patch 0
+%global nodejs_minor 12
+%global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 108
@ -56,9 +56,9 @@
 # Epoch is set to ensure clean upgrades from the old v8 package
 %global v8_epoch 2
 %global v8_major 10
-%global v8_minor 1
-%global v8_build 124
-%global v8_patch 8
+%global v8_minor 2
+%global v8_build 154
+%global v8_patch 15
 # V8 presently breaks ABI at least every x.y release while never bumping SONAME
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@ -74,7 +74,7 @@
 # llhttp - from deps/llhttp/include/llhttp.h
 %global llhttp_major 6
 %global llhttp_minor 0
-%global llhttp_patch 6
+%global llhttp_patch 10
 %global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch}

 # libuv - from deps/uv/include/uv/version.h
@ -91,14 +91,14 @@

 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
 %global nghttp3_major 0
-%global nghttp3_minor 1
-%global nghttp3_patch 0-DEV
+%global nghttp3_minor 7
+%global nghttp3_patch 0
 %global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch}

 # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
 %global ngtcp2_major 0
-%global ngtcp2_minor 1
-%global ngtcp2_patch 0-DEV
+%global ngtcp2_minor 8
+%global ngtcp2_patch 1
 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}

 # ICU - from tools/icu/current_ver.dep
@ -134,20 +134,20 @@
 # npm - from deps/npm/package.json
 %global npm_epoch 1
 %global npm_major 8
-%global npm_minor 9
-%global npm_patch 0
+%global npm_minor 19
+%global npm_patch 2
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}

 # uvwasi - from deps/uvwasi/include/uvwasi.h
 %global uvwasi_major 0
 %global uvwasi_minor 0
-%global uvwasi_patch 12
+%global uvwasi_patch 13
 %global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}

 # histogram_c - assumed from timestamps
 %global histogram_major 0
-%global histogram_minor 9
-%global histogram_patch 7
+%global histogram_minor 11
+%global histogram_patch 2
 %global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch}

 # In order to avoid needing to keep incrementing the release version for the
@ -184,6 +184,26 @@ Source100: %{name}-tarball.sh
 # nodejs-packaging SRPM.
 Source7: nodejs_native.attr

+# These are full sources for dependencies included as WASM blobs in the source of Node itself.
+# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to.
+# Recipes for creating these blobs are included in the sources.
+
+# Version: jq '.version' deps/cjs-module-lexer/package.json
+# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz
+# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm
+Source101: cjs-module-lexer-1.2.2.tar.gz
+# The WASM blob was made using wasi-sdk v11; compiler libraries are linked in.
+# Version source: Makefile
+Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
+
+# Version: jq '.version' deps/undici/src/package.json
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.11.0.tar.gz
+# Adjustments: rm -f undici-5.11.0/lib/llhttp/llhttp*.wasm*
+Source111: undici-5.11.0.tar.gz
+# The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
+# Version source: build/Dockerfile
+Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
+
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch

@ -375,7 +395,7 @@ pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js")
 find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \;
 find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \;
 sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py
-sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_unittest.py
+sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_test.py
 find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
 %endif

@ -674,9 +694,11 @@ end
 %doc %{_mandir}/man5/package-lock-json.5*
 %doc %{_mandir}/man5/npm-shrinkwrap-json.5*
 %doc %{_mandir}/man7/config.7*
+%doc %{_mandir}/man7/dependency-selectors.7*
 %doc %{_mandir}/man7/developers.7*
-%doc %{_mandir}/man7/orgs.7*
 %doc %{_mandir}/man7/logging.7*
+%doc %{_mandir}/man7/orgs.7*
+%doc %{_mandir}/man7/package-spec.7*
 %doc %{_mandir}/man7/registry.7*
 %doc %{_mandir}/man7/removal.7*
 %doc %{_mandir}/man7/scope.7*
@ -692,6 +714,26 @@ end


 %changelog
+* Fri Nov 18 2022 Jan Staněk <jstanek@redhat.com> - 1:18.12.1-2
+- Update version of bundled histogram
+
+* Wed Nov 09 2022 Jan Staněk <jstanek@redhat.com> - 1:18.12.1-1
+- Rebase to version 18.12.1
+  Resolves: rhbz#2125580 CVE-2022-43548 CVE-2022-3517
+
+* Tue Sep 27 2022 Jan Staněk <jstanek@redhat.com> - 1:18.9.1-1
+- Rebase to version 18.9.1
+  Resolves: CVE-2022-35255 CVE-2022-35256
+
+* Fri Aug 26 2022 Jan Staněk <jstanek@redhat.com> - 1:18.8.0-1
+- Rebase to version 18.8.0
+- Include sources for WASM blobs
+
+* Fri Jul 15 2022 Jan Staněk <jstanek@redhat.com> - 1:18.6.0-1
+- Rebase to version 18.6.0
+  Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215
+  Resolves: CVE-2022-29244
+
 * Tue May 31 2022 Jan Staněk <jstanek@redhat.com> - 1:18.2.0-1
 - Rebase to version 18.2.0

--- a/8
+++ b/8
@ -1,2 +1,6 @@
-SHA512 (icu4c-71_1-src.tgz) = 1fd2a20aef48369d1f06e2bb74584877b8ad0eb529320b976264ec2db87420bae242715795f372dbc513ea80047bc49077a064e78205cd5e8b33d746fd2a2912
-SHA512 (node-v18.2.0-stripped.tar.gz) = c51881ae16d950a8a9f3e123b8901937b0152e81128a51645cdc07408a076cc4212883a408b3e88de91bfa30d6d2dc327a1f7b842e4b78f62defb13d78d4d08b
+SHA1 (cjs-module-lexer-1.2.2.tar.gz) = 6976e77068429bd0b47b573793289e065ceb6b27
+SHA1 (icu4c-71_1-src.tgz) = 406b0c8635288b772913b6ff646451e69748878a
+SHA1 (node-v18.12.1-stripped.tar.gz) = 816c2656eea956f3fcd0d98562d7d225abd3e95f
+SHA1 (undici-5.11.0.tar.gz) = 0ea4e5cfe13969896bf41c0d2d029a621917b944
+SHA1 (wasi-sdk-wasi-sdk-11.tar.gz) = 8979d177dd62e3b167a6fd7dc7185adb0128c439
+SHA1 (wasi-sdk-wasi-sdk-14.tar.gz) = 900a50a32f0079d53c299db92b88bb3c5d2022b8