diff --git a/SOURCES/npmrc b/SOURCES/npmrc index 50be1d1..30b238d 100644 --- a/SOURCES/npmrc +++ b/SOURCES/npmrc @@ -1,2 +1,4 @@ prefix=/usr/local python=/usr/bin/python3 +update-notifier=false + diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 6558ad8..f70552a 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -33,7 +33,7 @@ # This is used by both the nodejs package and the npm subpackage that # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. -%global baserelease 1 +%global baserelease 3 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -591,69 +591,11 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod # Make sure i18n support is working NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2} - -%pretrans -n npm -p --- Remove all of the symlinks from the bundled npm node_modules directory --- This scriptlet can be removed in Fedora 31 -base_path = "%{_prefix}/lib/node_modules/npm/node_modules/" -d_st = posix.stat(base_path) -if d_st then - for f in posix.files(base_path) do - path = base_path..f - st = posix.stat(path) - if st and st.type == "link" then - os.remove(path) - end - end -end - --- Replace the npm docs directory with a symlink --- Drop this scriptlet when F31 is EOL -path = "%{_prefix}/lib/node_modules/npm/doc" -st = posix.stat(path) -if st and st.type == "directory" then - status = os.rename(path, path .. ".rpmmoved") - if not status then - suffix = 0 - while not status do - suffix = suffix + 1 - status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) - end - os.rename(path, path .. ".rpmmoved") - end -end - --- Replace the npm docs directory with a symlink --- Drop this scriptlet when F31 is EOL -path = "%{_prefix}/lib/node_modules/npm/html" -st = posix.stat(path) -if st and st.type == "directory" then - status = os.rename(path, path .. ".rpmmoved") - if not status then - suffix = 0 - while not status do - suffix = suffix + 1 - status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) - end - os.rename(path, path .. ".rpmmoved") - end -end - --- Replace the npm man directory with a symlink --- Drop this scriptlet when F31 is EOL -path = "%{_prefix}/lib/node_modules/npm/man" -st = posix.stat(path) -if st and st.type == "directory" then - status = os.rename(path, path .. ".rpmmoved") - if not status then - suffix = 0 - while not status do - suffix = suffix + 1 - status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) - end - os.rename(path, path .. ".rpmmoved") - end -end +# Ensure npm's update notifier has been disabled +LD_LIBRARY_PATH=%{buildroot}%{_libdir} \ +%{buildroot}%{_bindir}/node \ +%{buildroot}%{_bindir}/npm \ +--globalconfig=%{buildroot}$(LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}%{_bindir}/node %{buildroot}%{_bindir}/npm config get globalconfig) config ls -l --json | jq -e '.["update-notifier"] == false' %files @@ -725,6 +667,14 @@ end %changelog +* Thu Mar 20 2025 Andrei Radchenko - 1:20.18.2-3 +- Remove obsolete lua pretransaction script from spec file + Resolves: RHEL-81125 + +* Wed Mar 05 2025 Andrei Radchenko - 1:20.18.2-2 +- Disable npm's update-notifier + Resolves: RHEL-81077 + * Thu Jan 30 2025 Tomáš Juhász - 1:20.18.2-1 - Update to version 20.18.2 Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150