From 51ef31dc0afa37158c9b3fca6dfce39769917cc9 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 6 Dec 2022 10:27:06 -0500 Subject: [PATCH] import nodejs-18.12.1-2.module+el8.7.0+17306+fc023f99 --- .gitignore | 4 +-- .nodejs.metadata | 4 +-- ...nstalling-dtrace-and-systemtap-files.patch | 31 ----------------- SPECS/nodejs.spec | 34 +++++++++++-------- 4 files changed, 24 insertions(+), 49 deletions(-) delete mode 100644 SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch diff --git a/.gitignore b/.gitignore index a9e2783..e192521 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/cjs-module-lexer-1.2.2.tar.gz SOURCES/icu4c-71_1-src.tgz -SOURCES/node-v18.9.1-stripped.tar.gz -SOURCES/undici-5.10.0.tar.gz +SOURCES/node-v18.12.1-stripped.tar.gz +SOURCES/undici-5.11.0.tar.gz SOURCES/wasi-sdk-wasi-sdk-11.tar.gz SOURCES/wasi-sdk-wasi-sdk-14.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index ef50074..8d135b9 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,6 +1,6 @@ 6976e77068429bd0b47b573793289e065ceb6b27 SOURCES/cjs-module-lexer-1.2.2.tar.gz 406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz -a665236ba7ffed7160a662ba74703274f73523fc SOURCES/node-v18.9.1-stripped.tar.gz -a0ca081b1bab3d13e1530f823b7bb841d2ec961e SOURCES/undici-5.10.0.tar.gz +816c2656eea956f3fcd0d98562d7d225abd3e95f SOURCES/node-v18.12.1-stripped.tar.gz +0ea4e5cfe13969896bf41c0d2d029a621917b944 SOURCES/undici-5.11.0.tar.gz 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz 900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz diff --git a/SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch b/SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch deleted file mode 100644 index f055d91..0000000 --- a/SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9872b897d6a9a39e3392c39bca70cfd9dd084558 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 26 Sep 2022 16:02:39 +0200 -Subject: [PATCH] install: keep installing dtrace and systemtap files - -Partly reverts commit e27e709d3ca93b3e7036ddc4f4d28dfde228bfb6. - -Signed-off-by: rpm-build ---- - tools/install.py | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/tools/install.py b/tools/install.py -index 4b01d67..dc16797 100755 ---- a/tools/install.py -+++ b/tools/install.py -@@ -178,6 +178,11 @@ def files(action): - output_lib = 'libnode.' + variables.get('shlib_suffix') - action([output_prefix + output_lib], variables.get('libdir') + '/' + output_lib) - -+ if 'true' == variables.get('node_use_dtrace'): -+ action(['out/Release/node.d'], variables.get('libdir') + '/dtrace/node.d') -+ -+ action(['src/node.stp'], 'share/systemtap/tapset/') -+ - action(['deps/v8/tools/gdbinit'], 'share/doc/node/') - action(['deps/v8/tools/lldb_commands.py'], 'share/doc/node/') - --- -2.37.3 - diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 33f7496..fc9afa8 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -30,7 +30,7 @@ # This is used by both the nodejs package and the npm subpackage that # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. -%global baserelease 1 +%global baserelease 2 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -41,7 +41,7 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 18 -%global nodejs_minor 9 +%global nodejs_minor 12 %global nodejs_patch 1 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h @@ -91,14 +91,14 @@ # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h %global nghttp3_major 0 -%global nghttp3_minor 1 -%global nghttp3_patch 0-DEV +%global nghttp3_minor 7 +%global nghttp3_patch 0 %global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch} # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h %global ngtcp2_major 0 -%global ngtcp2_minor 1 -%global ngtcp2_patch 0-DEV +%global ngtcp2_minor 8 +%global ngtcp2_patch 1 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch} # ICU - from tools/icu/current_ver.dep @@ -135,19 +135,19 @@ %global npm_epoch 1 %global npm_major 8 %global npm_minor 19 -%global npm_patch 1 +%global npm_patch 2 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} # uvwasi - from deps/uvwasi/include/uvwasi.h %global uvwasi_major 0 %global uvwasi_minor 0 -%global uvwasi_patch 12 +%global uvwasi_patch 13 %global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch} # histogram_c - assumed from timestamps %global histogram_major 0 -%global histogram_minor 9 -%global histogram_patch 7 +%global histogram_minor 11 +%global histogram_patch 2 %global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch} # In order to avoid needing to keep incrementing the release version for the @@ -197,16 +197,15 @@ Source101: cjs-module-lexer-1.2.2.tar.gz Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.10.0.tar.gz -# Adjustments: rm -f undici-5.10.0/lib/llhttp/llhttp*.wasm* -Source111: undici-5.10.0.tar.gz +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.11.0.tar.gz +# Adjustments: rm -f undici-5.11.0/lib/llhttp/llhttp*.wasm* +Source111: undici-5.11.0.tar.gz # The WASM blob was made using wasi-sdk v14; compiler libraries are linked in. # Version source: build/Dockerfile Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch -Patch2: 0002-install-keep-installing-dtrace-and-systemtap-files.patch BuildRequires: make BuildRequires: python3-devel @@ -715,6 +714,13 @@ end %changelog +* Fri Nov 18 2022 Jan Staněk - 1:18.12.1-2 +- Update version of bundled histogram + +* Wed Nov 09 2022 Jan Staněk - 1:18.12.1-1 +- Rebase to version 18.12.1 + Resolves: rhbz#2125580 CVE-2022-43548 CVE-2022-3517 + * Tue Sep 27 2022 Jan Staněk - 1:18.9.1-1 - Rebase to version 18.9.1 Resolves: CVE-2022-35255 CVE-2022-35256