import nodejs-18.12.1-2.module+el8.7.0+17306+fc023f99

2022-12-06 10:27:06 -05:00 · 2022-12-06 10:27:06 -05:00 · 51ef31dc0a
commit 51ef31dc0a
parent 2be086c2cd
4 changed files with 24 additions and 49 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,6 @@
 SOURCES/cjs-module-lexer-1.2.2.tar.gz
 SOURCES/icu4c-71_1-src.tgz
-SOURCES/node-v18.9.1-stripped.tar.gz
-SOURCES/undici-5.10.0.tar.gz
+SOURCES/node-v18.12.1-stripped.tar.gz
+SOURCES/undici-5.11.0.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@ -1,6 +1,6 @@
 6976e77068429bd0b47b573793289e065ceb6b27 SOURCES/cjs-module-lexer-1.2.2.tar.gz
 406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz
-a665236ba7ffed7160a662ba74703274f73523fc SOURCES/node-v18.9.1-stripped.tar.gz
-a0ca081b1bab3d13e1530f823b7bb841d2ec961e SOURCES/undici-5.10.0.tar.gz
+816c2656eea956f3fcd0d98562d7d225abd3e95f SOURCES/node-v18.12.1-stripped.tar.gz
+0ea4e5cfe13969896bf41c0d2d029a621917b944 SOURCES/undici-5.11.0.tar.gz
 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz
--- a/SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch
+++ b/SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch
@ -1,31 +0,0 @@
-From 9872b897d6a9a39e3392c39bca70cfd9dd084558 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 26 Sep 2022 16:02:39 +0200
-Subject: [PATCH] install: keep installing dtrace and systemtap files
-
-Partly reverts commit e27e709d3ca93b3e7036ddc4f4d28dfde228bfb6.
-
-Signed-off-by: rpm-build <rpm-build>
---
- tools/install.py | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/tools/install.py b/tools/install.py
-index 4b01d67..dc16797 100755
--- a/tools/install.py
-+++ b/tools/install.py
-@@ -178,6 +178,11 @@ def files(action):
-       output_lib = 'libnode.' + variables.get('shlib_suffix')
-       action([output_prefix + output_lib], variables.get('libdir') + '/' + output_lib)
- 
-+  if 'true' == variables.get('node_use_dtrace'):
-+    action(['out/Release/node.d'], variables.get('libdir') + '/dtrace/node.d')
-+
-+  action(['src/node.stp'], 'share/systemtap/tapset/')
-+
-   action(['deps/v8/tools/gdbinit'], 'share/doc/node/')
-   action(['deps/v8/tools/lldb_commands.py'], 'share/doc/node/')
- 
-- 
-2.37.3
-
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@ -30,7 +30,7 @@
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 1
+%global baserelease 2

 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}

@ -41,7 +41,7 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 18
-%global nodejs_minor 9
+%global nodejs_minor 12
 %global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
@ -91,14 +91,14 @@

 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
 %global nghttp3_major 0
-%global nghttp3_minor 1
-%global nghttp3_patch 0-DEV
+%global nghttp3_minor 7
+%global nghttp3_patch 0
 %global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch}

 # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
 %global ngtcp2_major 0
-%global ngtcp2_minor 1
-%global ngtcp2_patch 0-DEV
+%global ngtcp2_minor 8
+%global ngtcp2_patch 1
 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}

 # ICU - from tools/icu/current_ver.dep
@ -135,19 +135,19 @@
 %global npm_epoch 1
 %global npm_major 8
 %global npm_minor 19
-%global npm_patch 1
+%global npm_patch 2
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}

 # uvwasi - from deps/uvwasi/include/uvwasi.h
 %global uvwasi_major 0
 %global uvwasi_minor 0
-%global uvwasi_patch 12
+%global uvwasi_patch 13
 %global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}

 # histogram_c - assumed from timestamps
 %global histogram_major 0
-%global histogram_minor 9
-%global histogram_patch 7
+%global histogram_minor 11
+%global histogram_patch 2
 %global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch}

 # In order to avoid needing to keep incrementing the release version for the
@ -197,16 +197,15 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
 Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz

 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.10.0.tar.gz
-# Adjustments: rm -f undici-5.10.0/lib/llhttp/llhttp*.wasm*
-Source111: undici-5.10.0.tar.gz
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.11.0.tar.gz
+# Adjustments: rm -f undici-5.11.0/lib/llhttp/llhttp*.wasm*
+Source111: undici-5.11.0.tar.gz
 # The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
 # Version source: build/Dockerfile
 Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz

 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
-Patch2: 0002-install-keep-installing-dtrace-and-systemtap-files.patch

 BuildRequires: make
 BuildRequires: python3-devel
@ -715,6 +714,13 @@ end


 %changelog
+* Fri Nov 18 2022 Jan Staněk <jstanek@redhat.com> - 1:18.12.1-2
+- Update version of bundled histogram
+
+* Wed Nov 09 2022 Jan Staněk <jstanek@redhat.com> - 1:18.12.1-1
+- Rebase to version 18.12.1
+  Resolves: rhbz#2125580 CVE-2022-43548 CVE-2022-3517
+
 * Tue Sep 27 2022 Jan Staněk <jstanek@redhat.com> - 1:18.9.1-1
 - Rebase to version 18.9.1
  Resolves: CVE-2022-35255 CVE-2022-35256