Replace whole repo with latest content from branch stream-12-rhel-8.8.0

Content corresponds with RHEL dist-git commit 3dab532
This commit is contained in:
Honza Horak 2023-05-16 21:19:13 +02:00
parent 7d69a3fb48
commit 7cc0ec01ee
10 changed files with 127 additions and 214 deletions

17
.gitignore vendored
View File

@ -1,4 +1,17 @@
SOURCES/icu4c-67_1-src.tgz
SOURCES/node-v12.20.1-stripped.tar.gz
/node-v10.7.0-stripped.tar.gz
/node-v10.11.0-stripped.tar.gz
/node-v10.14.1-stripped.tar.gz
/node-v12.4.0-stripped.tar.gz
/node-v12.13.1-stripped.tar.gz
/node-v12.14.1-stripped.tar.gz
/node-v12.16.1-stripped.tar.gz
/node-v12.18.1-stripped.tar.gz
/icu4c-67_1-src.tgz
/node-v12.18.2-stripped.tar.gz
/node-v12.18.4-stripped.tar.gz
/node-v12.19.1-stripped.tar.gz
/node-v12.20.1-stripped.tar.gz
/node-v12.21.0-stripped.tar.gz
/node-v12.22.2-stripped.tar.gz
/node-v12.22.3-stripped.tar.gz
/node-v12.22.5-stripped.tar.gz

View File

@ -1,32 +1,36 @@
From e2ff0fc92ddbaa5535d684e353c55cefe99eb081 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Tue, 27 Sep 2022 13:48:12 +0200
Subject: [PATCH] Install both binaries and use libdir
From a496364130e7566afb153375b00e0f1d9c96943c Mon Sep 17 00:00:00 2001
From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
Date: Tue, 19 Mar 2019 23:22:40 -0400
Subject: [PATCH] Install both binaries and use libdir.
This allows us to build with a shared library for other users while
still providing the normal executable.
Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com>
Signed-off-by: rpm-build <rpm-build>
---
configure.py | 7 +++++++
tools/install.py | 8 +++++---
2 files changed, 12 insertions(+), 3 deletions(-)
configure.py | 7 +++++++
tools/install.py | 31 ++++++++++++++-----------------
2 files changed, 21 insertions(+), 17 deletions(-)
diff --git a/configure.py b/configure.py
index 1a7023d..b16db0c 100755
index b67ad1f..875ebef 100755
--- a/configure.py
+++ b/configure.py
@@ -739,6 +739,12 @@ parser.add_argument('--shared',
@@ -602,6 +602,12 @@ parser.add_option('--shared',
help='compile shared library for embedding node in another project. ' +
'(This mode is not officially supported for regular applications)')
+parser.add_argument('--libdir',
+parser.add_option('--libdir',
+ action='store',
+ dest='libdir',
+ default='lib',
+ help='a directory to install the shared library into')
+
parser.add_argument('--without-v8-platform',
parser.add_option('--without-v8-platform',
action='store_true',
dest='without_v8_platform',
@@ -1368,6 +1374,7 @@ def configure_node(o):
@@ -1168,6 +1174,7 @@ def configure_node(o):
o['variables']['node_no_browser_globals'] = b(options.no_browser_globals)
o['variables']['node_shared'] = b(options.shared)
@ -35,38 +39,50 @@ index 1a7023d..b16db0c 100755
if options.dest_os == 'android':
diff --git a/tools/install.py b/tools/install.py
index a6d1f8b..e3ef9d7 100755
index 6558029..a1cae2e 100755
--- a/tools/install.py
+++ b/tools/install.py
@@ -144,6 +144,7 @@ def files(action):
@@ -121,26 +121,23 @@ def subdir_files(path, dest, action):
def files(action):
is_windows = sys.platform == 'win32'
output_file = 'node'
- output_file = 'node'
output_prefix = 'out/Release/'
+ output_libprefix = output_prefix
if is_windows:
output_file += '.exe'
@@ -151,8 +152,8 @@ def files(action):
if 'true' == variables.get('node_shared'):
if is_windows:
- action([output_prefix + 'libnode.dll'], 'bin/libnode.dll')
- action([output_prefix + 'libnode.lib'], 'lib/libnode.lib')
+ action([output_libprefix + 'libnode.dll'], 'bin/libnode.dll')
+ action([output_libprefix + 'libnode.lib'], 'lib/libnode.lib')
elif sys.platform == 'zos':
# GYP will output to lib.target; see _InstallableTargetInstallPath
# function in tools/gyp/pylib/gyp/generator/make.py
@@ -176,7 +177,8 @@ def files(action):
try_symlink(so_name, link_path)
else:
output_lib = 'libnode.' + variables.get('shlib_suffix')
- action([output_prefix + output_lib], 'lib/' + output_lib)
+ action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib)
- if 'false' == variables.get('node_shared'):
- if is_windows:
- output_file += '.exe'
+ if is_windows:
+ output_bin = 'node.exe'
+ output_lib = 'node.dll'
else:
- if is_windows:
- output_file += '.dll'
- else:
- output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix')
- # GYP will output to lib.target except on OS X, this is hardcoded
- # in its source - see the _InstallableTargetInstallPath function.
- if sys.platform != 'darwin':
- output_prefix += 'lib.target/'
-
- if 'false' == variables.get('node_shared'):
- action([output_prefix + output_file], 'bin/' + output_file)
- else:
- action([output_prefix + output_file], 'lib/' + output_file)
+ output_bin = 'node'
+ output_lib = 'libnode.' + variables.get('shlib_suffix')
+ # GYP will output to lib.target except on OS X, this is hardcoded
+ # in its source - see the _InstallableTargetInstallPath function.
+ if sys.platform != 'darwin':
+ output_prefix += 'lib.target/'
+
+ action([output_prefix + output_bin], 'bin/' + output_bin)
+ if 'true' == variables.get('node_shared'):
+ action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib)
if 'true' == variables.get('node_use_dtrace'):
action(['out/Release/node.d'], 'lib/dtrace/node.d')
--
2.37.3
2.26.2

View File

@ -1,31 +0,0 @@
From 9872b897d6a9a39e3392c39bca70cfd9dd084558 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 26 Sep 2022 16:02:39 +0200
Subject: [PATCH] install: keep installing dtrace and systemtap files
Partly reverts commit e27e709d3ca93b3e7036ddc4f4d28dfde228bfb6.
Signed-off-by: rpm-build <rpm-build>
---
tools/install.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tools/install.py b/tools/install.py
index 4b01d67..dc16797 100755
--- a/tools/install.py
+++ b/tools/install.py
@@ -178,6 +178,11 @@ def files(action):
output_lib = 'libnode.' + variables.get('shlib_suffix')
action([output_prefix + output_lib], variables.get('libdir') + '/' + output_lib)
+ if 'true' == variables.get('node_use_dtrace'):
+ action(['out/Release/node.d'], variables.get('libdir') + '/dtrace/node.d')
+
+ action(['src/node.stp'], 'share/systemtap/tapset/')
+
action(['deps/v8/tools/gdbinit'], 'share/doc/node/')
action(['deps/v8/tools/lldb_commands.py'], 'share/doc/node/')
--
2.37.3

View File

@ -1,13 +0,0 @@
diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
index d720681628..727362aac0 100644
--- a/deps/npm/node_modules/y18n/index.js
+++ b/deps/npm/node_modules/y18n/index.js
@@ -11,7 +11,7 @@ function Y18N (opts) {
this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
// internal stuff.
- this.cache = {}
+ this.cache = Object.create(null)
this.writeQueue = []
}

View File

@ -1,99 +0,0 @@
From 3ef951c3e17a56fe7bbb1b9f2c476ad55c52c287 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Tue, 8 Dec 2020 14:21:50 -0800
Subject: [PATCH] do not allow invalid hazardous string as section name
Signed-off-by: rpm-build <rpm-build>
---
deps/npm/node_modules/ini/ini.js | 8 +++++
deps/npm/node_modules/ini/test/proto.js | 45 +++++++++++++++++++++++++
2 files changed, 53 insertions(+)
create mode 100644 deps/npm/node_modules/ini/test/proto.js
diff --git a/deps/npm/node_modules/ini/ini.js b/deps/npm/node_modules/ini/ini.js
index 590195d..0401258 100644
--- a/deps/npm/node_modules/ini/ini.js
+++ b/deps/npm/node_modules/ini/ini.js
@@ -80,6 +80,12 @@ function decode (str) {
if (!match) return
if (match[1] !== undefined) {
section = unsafe(match[1])
+ if (section === '__proto__') {
+ // not allowed
+ // keep parsing the section, but don't attach it.
+ p = {}
+ return
+ }
p = out[section] = out[section] || {}
return
}
@@ -94,6 +100,7 @@ function decode (str) {
// Convert keys with '[]' suffix to an array
if (key.length > 2 && key.slice(-2) === '[]') {
key = key.substring(0, key.length - 2)
+ if (key === '__proto__') return
if (!p[key]) {
p[key] = []
} else if (!Array.isArray(p[key])) {
@@ -125,6 +132,7 @@ function decode (str) {
var l = parts.pop()
var nl = l.replace(/\\\./g, '.')
parts.forEach(function (part, _, __) {
+ if (part === '__proto__') return
if (!p[part] || typeof p[part] !== 'object') p[part] = {}
p = p[part]
})
diff --git a/deps/npm/node_modules/ini/test/proto.js b/deps/npm/node_modules/ini/test/proto.js
new file mode 100644
index 0000000..ab35533
--- /dev/null
+++ b/deps/npm/node_modules/ini/test/proto.js
@@ -0,0 +1,45 @@
+var ini = require('../')
+var t = require('tap')
+
+var data = `
+__proto__ = quux
+foo = baz
+[__proto__]
+foo = bar
+[other]
+foo = asdf
+[kid.__proto__.foo]
+foo = kid
+[arrproto]
+hello = snyk
+__proto__[] = you did a good job
+__proto__[] = so you deserve arrays
+thanks = true
+`
+var res = ini.parse(data)
+t.deepEqual(res, {
+ foo: 'baz',
+ other: {
+ foo: 'asdf',
+ },
+ kid: {
+ foo: {
+ foo: 'kid',
+ },
+ },
+ arrproto: {
+ hello: 'snyk',
+ thanks: true,
+ },
+})
+t.equal(res.__proto__, Object.prototype)
+t.equal(res.kid.__proto__, Object.prototype)
+t.equal(res.kid.foo.__proto__, Object.prototype)
+t.equal(res.arrproto.__proto__, Object.prototype)
+t.equal(Object.prototype.foo, undefined)
+t.equal(Object.prototype[0], undefined)
+t.equal(Object.prototype['0'], undefined)
+t.equal(Object.prototype[1], undefined)
+t.equal(Object.prototype['1'], undefined)
+t.equal(Array.prototype[0], undefined)
+t.equal(Array.prototype[1], undefined)
--
2.29.2

View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

View File

@ -185,15 +185,19 @@ echo "punycode"
echo "========================="
grep "'version'" node-v${version}/lib/punycode.js
echo
echo "npm"
echo "========================="
grep "\"version\":" node-v${version}/deps/npm/package.json
echo
echo "uvwasi"
echo "========================="
grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
echo
echo "npm"
echo "brotli"
echo "========================="
grep "\"version\":" node-v${version}/deps/npm/package.json
grep "#define BROTLI_VERSION" node-v${version}/deps/brotli/c/common/version.h
echo
echo "Make sure these versions match what is in the RPM spec file"

View File

@ -29,8 +29,8 @@
# than a Fedora release lifecycle.
%global nodejs_epoch 1
%global nodejs_major 12
%global nodejs_minor 20
%global nodejs_patch 1
%global nodejs_minor 22
%global nodejs_patch 5
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
%if %{?with_libs} == 1
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
@ -57,8 +57,8 @@
# c-ares - from deps/cares/include/ares_version.h
# https://github.com/nodejs/node/pull/9332
%global c_ares_major 1
%global c_ares_minor 16
%global c_ares_patch 1
%global c_ares_minor 17
%global c_ares_patch 2
%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
# http-parser - from deps/http_parser/http_parser.h
@ -106,7 +106,7 @@
%global npm_epoch 1
%global npm_major 6
%global npm_minor 14
%global npm_patch 10
%global npm_patch 14
%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
# uvwasi - from deps/uvwasi/include/uvwasi.h
@ -167,12 +167,16 @@ Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
Patch2: 0002-Install-both-binaries-and-use-libdir.patch
%endif
# CVE-2020-7774
Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
# Upstream patch to use getauxval
Patch3: 0003-src-use-getauxval-in-node_main.cc.patch
# CVE-2020-7788
Patch5: 0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch
# Make FIPS always available
# https://github.com/nodejs/node/issues/34903
Patch4: 0004-always-available-fips-options.patch
Patch5: 0005-CVE-2021-23343-nodejs-path-parse.patch
BuildRequires: make
BuildRequires: python2-devel
BuildRequires: python3-devel
BuildRequires: zlib-devel
@ -184,13 +188,13 @@ BuildRequires: gcc-c++ >= 6.3.0
BuildRequires: nodejs-packaging
BuildRequires: chrpath
BuildRequires: libatomic
BuildRequires: systemtap-sdt-devel
%if %{with bootstrap}
Provides: bundled(http-parser) = %{http_parser_version}
Provides: bundled(libuv) = %{libuv_version}
Provides: bundled(nghttp2) = %{nghttp2_version}
%else
BuildRequires: systemtap-sdt-devel
BuildRequires: libuv-devel >= 1:%{libuv_version}
Requires: libuv >= 1:%{libuv_version}
BuildRequires: libnghttp2-devel >= %{nghttp2_version}
@ -454,7 +458,6 @@ export LDFLAGS="%{build_ldflags}"
# --shared-brotli \
# --without-dtrace \
# --with-intl=small-icu \
# --debug-nghttp2 \
# --openssl-use-def-ca-store
#%else
#./configure --prefix=%{_prefix} \
@ -481,8 +484,8 @@ export LDFLAGS="%{build_ldflags}"
--shared-brotli \
--without-dtrace \
--with-intl=small-icu \
--debug-nghttp2 \
--openssl-use-def-ca-store
--openssl-use-def-ca-store \
--openssl-default-cipher-list=PROFILE=SYSTEM
%else
./configure --prefix=%{_prefix} \
--shared-openssl \
@ -493,8 +496,8 @@ export LDFLAGS="%{build_ldflags}"
--with-dtrace \
--with-intl=%{icu_flag} \
--with-icu-default-data-dir=%{icudatadir} \
--debug-nghttp2 \
--openssl-use-def-ca-store
--openssl-use-def-ca-store \
--openssl-default-cipher-list=PROFILE=SYSTEM
%endif
%else
@ -505,8 +508,8 @@ export LDFLAGS="%{build_ldflags}"
--shared-zlib \
--without-dtrace \
--with-intl=small-icu \
--debug-nghttp2 \
--openssl-use-def-ca-store
--openssl-use-def-ca-store \
--openssl-default-cipher-list=PROFILE=SYSTEM
%else
./configure --prefix=%{_prefix} \
--shared-openssl \
@ -516,8 +519,8 @@ export LDFLAGS="%{build_ldflags}"
--with-dtrace \
--with-intl=%{icu_flag} \
--with-icu-default-data-dir=%{icudatadir} \
--debug-nghttp2 \
--openssl-use-def-ca-store
--openssl-use-def-ca-store \
--openssl-default-cipher-list=PROFILE=SYSTEM
%endif
%endif
@ -870,14 +873,42 @@ end
%changelog
* Mon Aug 16 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.5-1
- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940,
- Resolves CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
- Resolves: RHBZ#1951621 (make FIPS always available)
- Resolves: RHBZ#1988596, RHBZ#1993814, RHBZ#1993808, RHBZ#1993094
- Resolves: RHBZ#1986742, RHBZ#1993946, RHBZ#1993939, RHBZ#1989426
* Mon Aug 09 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.3-3
- Resolves CVE-2021-23362 CVE-2021-27290
- Resolves: RHBZ#1945512, RHBZ#1945286
- Add missing CVE trackers
* Thu Jul 08 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.3-2
- Resolves: RHBZ#1979843, RHBZ#1977759
- Resolves: RHBz#1952915
- Fix typo, BR systemtap-sdt-level always, remove y18n patch
* Wed Jul 07 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.3-1
- Resolves: RHBZ#1979843, RHBZ#1977759
- Resolves: RHBz#1952915
- Resolves CVE-2021-22918(libuv), use system cipher list
* Tue Mar 02 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.21.0-1
- Resolves: RHBZ#1934566, RHBZ#1934598
- remove --debug-nghttp2 option
- remove ini patch
- Backport patch to use getauxval
* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.20.1-1
- Security rebase for January security release
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
- Resolves: RHBZ#1916460, RHBZ#1914786
- Resolves: RHBZ#1914784, RHBZ#1916396
- Resolves: RHBZ#1913000, RHBZ#1912952
- Resolves: RHBZ#1912635, RHBZ#1893984
* Tue Nov 24 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.19.1-1
- Resolves: RHBZ#1901044, #1901045, #1901046, #1901047
- Resolves: RHBZ#1861602, #1874302, #1898598, #1898765
- c-ares, ajv and y18n CVEs and yarn installability issues
* Mon Oct 05 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.18.4-2

View File

@ -1,2 +0,0 @@
[koji]
targets = master f34 f33

View File

@ -1,2 +1,2 @@
SHA512 (node-v12.22.5-stripped.tar.gz) = 9bda1a68f6f94710881c0f80dd75168f4eac5a7599f4395f14c97693b1ee571020ea781e90ef15621112a50f3e5b62fb2dfe947f31be2ef20112a6a8f91da93a
SHA512 (icu4c-67_1-src.tgz) = 4779f1ce1ca7976f6fad6768853ea8c540da54d11509e3b6cfd864a04b5f2db1c3d4b546387f91ad02fb90804525bc37d2543173f0d705d6ca11dc6f2b7640a8
SHA512 (node-v12.20.1-stripped.tar.gz) = 3f4ee70278921f68ca1ba123f988916072bd5141ffca21413b278110d409c71101a84fcb1cee839d2a081ff5e3fbe2d07dec85b98d747de66a18cbef828b5123