From a3cb03650fb33a88443a7c0b1db8d71b527dcbfe Mon Sep 17 00:00:00 2001 From: Zuzana Svetlikova Date: Thu, 4 Jun 2020 00:05:04 +0200 Subject: [PATCH] Resolves: RHBZ#1815402, Security update to 14.4.0 --- .gitignore | 1 + nodejs.spec | 17 ++++++++++++----- sources | 2 +- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 2f58cf8..72f98bc 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ /icu4c-66_1-src.tgz /node-v14.3.0-stripped.tar.gz /icu4c-67_1-src.tgz +/node-v14.4.0-stripped.tar.gz diff --git a/nodejs.spec b/nodejs.spec index 66e5f8b..da417c9 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -26,7 +26,7 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 14 -%global nodejs_minor 3 +%global nodejs_minor 4 %global nodejs_patch 0 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} %if %{?with_libs} == 1 @@ -72,7 +72,7 @@ # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h %global nghttp2_major 1 -%global nghttp2_minor 40 +%global nghttp2_minor 41 %global nghttp2_patch 0 %global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch} @@ -170,6 +170,9 @@ BuildRequires: zlib-devel BuildRequires: brotli-devel BuildRequires: gcc >= 6.3.0 BuildRequires: gcc-c++ >= 6.3.0 +# needed to generate bundled provides for npm dependencies +# https://src.fedoraproject.org/rpms/nodejs/pull-request/2 +# https://pagure.io/nodejs-packaging/pull-request/10 BuildRequires: nodejs-packaging BuildRequires: chrpath BuildRequires: libatomic @@ -229,7 +232,6 @@ Conflicts: node <= 0.3.2-12 Provides: nodejs-punycode = %{punycode_version} Provides: npm(punycode) = %{punycode_version} - # Node.js has forked c-ares from upstream in an incompatible way, so we need # to carry the bundled version internally. # See https://github.com/nodejs/node/commit/766d063e0578c0f7758c3a965c971763f43fec85 @@ -260,7 +262,6 @@ Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} %endif - %description Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. @@ -268,6 +269,7 @@ Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. + %package devel Summary: JavaScript runtime - development headers Group: Development/Languages @@ -639,6 +641,7 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod # Make sure i18n support is working NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2} + %pretrans -n npm -p -- Remove all of the symlinks from the bundled npm node_modules directory -- This scriptlet can be removed in Fedora 31 @@ -816,7 +819,11 @@ end %changelog -* Thu May 21 2020 zsvetlik@redhat.com - 1:14.3.0-1 +* Wed Jun 03 2020 Zuzana Svetlikova - 1:14.4.0-1 +- Security update to 14.4.0 +- Resolves: RHBZ#1815402 + +* Thu May 21 2020 Zuzana Svetlikova - 1:14.3.0-1 - Update to 14.3.0 - Fix optflags to save memory - Resolves: RHBZ#1815402 diff --git a/sources b/sources index e4fae6b..331ca8e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -5795f5fca68414549313ac5afabdc94e node-v14.3.0-stripped.tar.gz +02b1b38283a80a0bcf7c00e4fd4cf298 node-v14.4.0-stripped.tar.gz c4d62b497cbd89ab2a9ca6b543e57b30 icu4c-67_1-src.tgz