import nodejs-14.17.3-2.module+el8.4.0+11738+3bd42762

2021-07-12 14:32:12 +00:00 · 2021-07-12 14:32:12 +00:00 · ab2b7ed43c
parent 7662f35d3c
commit ab2b7ed43c
5 changed files with 42 additions and 133 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/icu4c-67_1-src.tgz
-SOURCES/node-v14.16.0-stripped.tar.gz
+SOURCES/icu4c-69_1-src.tgz
+SOURCES/node-v14.17.3-stripped.tar.gz
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@ -1,2 +1,2 @@
-6822a4a94324d1ba591b3e8ef084e4491af253c1 SOURCES/icu4c-67_1-src.tgz
-953a6d085899d3c040616a6380fd9e21d2d41003 SOURCES/node-v14.16.0-stripped.tar.gz
+620a71c84428758376baa0fb81a581c3daa866ce SOURCES/icu4c-69_1-src.tgz
+03c817ff5bbebe21d120a2ddee9a87ff223914db SOURCES/node-v14.17.3-stripped.tar.gz
--- a/SOURCES/0003-yarn-not-installable-on-aarch64.patch
+++ b/SOURCES/0003-yarn-not-installable-on-aarch64.patch
@ -1,92 +0,0 @@
- From d4d05ceb418c525b0d07e76b81b8694ac2f5b309 Mon Sep 17 00:00:00 2001
-From: Daniel Bevenius <daniel.bevenius@gmail.com>
-Date: Wed, 16 Sep 2020 06:12:54 +0200
-Subject: [PATCH] [deps] V8: cherry-pick 71736859756b2bd0444bdb0a87a
-
-Original commit message:
-
-   [heap] Add large_object_threshold to AllocateRaw
-
-   This commit adds a check in Heap::AllocateRaw when setting the
-   large_object variable, when the AllocationType is of type kCode, to
-   take into account the size of the CodeSpace's area size.
-
-   The motivation for this change is that without this check it is
-   possible that size_in_bytes is less than 128, and hence not considered
-   a large object, but it might be larger than the available space
-   in code_space->AreaSize(), which will cause the object to be created
-   in the CodeLargeObjectSpace. This will later cause a segmentation fault
-   when calling the following chain of functions:
-
-      if (!large_object) {
-         MemoryChunk::FromHeapObject(heap_object)
-             ->GetCodeObjectRegistry()
-             ->RegisterNewlyAllocatedCodeObject(heap_object.address());
-      }
-
-   We (Red Hat) ran into this issue when running Node.js v12.16.1 in
-   combination with yarn on aarch64 (this was the only architecture that
-   this happed on).
-
-   Bug: v8:10808
-   Change-Id: I0c396b0eb64bc4cc91d9a3be521254f3130eac7b
-   Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390665
-   Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
-   Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
-   Cr-Commit-Position: refs/heads/master@{#69876}
-
-Refs: https://github.com/v8/v8/commit/71736859756b2bd0444bdb0a87a61a0b090cbba2
---
- deps/v8/src/heap/heap-inl.h            | 13 +++--
- deps/v8/src/heap/heap.h                |  6 ++-
- 4 files changed, 83 insertions(+), 6 deletions(-)
-
-diff --git a/deps/v8/src/heap/heap-inl.h b/deps/v8/src/heap/heap-inl.h
-index 39f5ec6c66e..b56ebc03d58 100644
--- a/deps/v8/src/heap/heap-inl.h
-+++ b/deps/v8/src/heap/heap-inl.h
-@@ -192,7 +192,12 @@ AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationType type,
-   IncrementObjectCounters();
- #endif
- 
-  bool large_object = size_in_bytes > kMaxRegularHeapObjectSize;
-+  size_t large_object_threshold =
-+      AllocationType::kCode == type
-+          ? std::min(kMaxRegularHeapObjectSize, code_space()->AreaSize())
-+          : kMaxRegularHeapObjectSize;
-+  bool large_object =
-+      static_cast<size_t>(size_in_bytes) > large_object_threshold;
- 
-   HeapObject object;
-   AllocationResult allocation;
-@@ -225,10 +230,10 @@ AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationType type,
-         allocation = old_space_->AllocateRaw(size_in_bytes, alignment, origin);
-       }
-     } else if (AllocationType::kCode == type) {
-      if (size_in_bytes <= code_space()->AreaSize() && !large_object) {
-        allocation = code_space_->AllocateRawUnaligned(size_in_bytes);
-      } else {
-+      if (large_object) {
-         allocation = code_lo_space_->AllocateRaw(size_in_bytes);
-+      } else {
-+        allocation = code_space_->AllocateRawUnaligned(size_in_bytes);
-       }
-     } else if (AllocationType::kMap == type) {
-       allocation = map_space_->AllocateRawUnaligned(size_in_bytes);
-diff --git a/deps/v8/src/heap/heap.h b/deps/v8/src/heap/heap.h
-index 888d174c02f..0165fa6970f 100644
--- a/deps/v8/src/heap/heap.h
-+++ b/deps/v8/src/heap/heap.h
-@@ -1404,8 +1404,10 @@ class Heap {
-   // Heap object allocation tracking. ==========================================
-   // ===========================================================================
- 
-  void AddHeapObjectAllocationTracker(HeapObjectAllocationTracker* tracker);
-  void RemoveHeapObjectAllocationTracker(HeapObjectAllocationTracker* tracker);
-+  V8_EXPORT_PRIVATE void AddHeapObjectAllocationTracker(
-+      HeapObjectAllocationTracker* tracker);
-+  V8_EXPORT_PRIVATE void RemoveHeapObjectAllocationTracker(
-+      HeapObjectAllocationTracker* tracker);
-   bool has_heap_object_allocation_tracker() const {
-     return !allocation_trackers_.empty();
-   }
--- a/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
+++ b/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
@ -1,13 +0,0 @@
-diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
-index d720681628..727362aac0 100644
--- a/deps/npm/node_modules/y18n/index.js
-+++ b/deps/npm/node_modules/y18n/index.js
-@@ -11,7 +11,7 @@ function Y18N (opts) {
-   this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
- 
-   // internal stuff.
-  this.cache = {}
-+  this.cache = Object.create(null)
-   this.writeQueue = []
- }
- 
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@ -26,8 +26,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 14
-%global nodejs_minor 16
-%global nodejs_patch 0
+%global nodejs_minor 17
+%global nodejs_patch 3
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 %if %{?with_libs} == 1
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
@ -45,7 +45,7 @@
 %global v8_major 8
 %global v8_minor 4
 %global v8_build 371
-%global v8_patch 19
+%global v8_patch 23
 # V8 presently breaks ABI at least every x.y release while never bumping SONAME
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@ -54,7 +54,7 @@
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
 %global c_ares_major 1
-%global c_ares_minor 16
+%global c_ares_minor 17
 %global c_ares_patch 1
 %global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}

@ -66,18 +66,18 @@

 # libuv - from deps/uv/include/uv/version.h
 %global libuv_major 1
-%global libuv_minor 40
+%global libuv_minor 41
 %global libuv_patch 0
 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}

 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
 %global nghttp2_major 1
-%global nghttp2_minor 41
+%global nghttp2_minor 42
 %global nghttp2_patch 0
 %global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}

 # ICU - from tools/icu/current_ver.dep
-%global icu_major 67
+%global icu_major 69
 %global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}

@ -110,7 +110,7 @@
 %global npm_epoch 1
 %global npm_major 6
 %global npm_minor 14
-%global npm_patch 11
+%global npm_patch 13
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}

 # uvwasi - from deps/uvwasi/include/uvwasi.h
@ -166,11 +166,7 @@ Patch2: 0002-Install-both-binaries-and-use-libdir.patch
 %endif

 # RHBZ#1915296 - yarn install crashes with nodejs:14 on aarch64 
-Patch3: 0003-yarn-not-installable-on-aarch64.patch
-
-# CVE-2020-7774
-Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
-
+# Patch3: 0003-yarn-not-installable-on-aarch64.patch

 BuildRequires: make
 BuildRequires: python3-devel
@ -184,12 +180,12 @@ BuildRequires: gcc-c++ >= 6.3.0
 BuildRequires: nodejs-packaging
 BuildRequires: chrpath
 BuildRequires: libatomic
+BuildRequires: systemtap-sdt-devel

 %if %{with bootstrap}
 Provides: bundled(libuv) = %{libuv_version}
 Provides: bundled(nghttp2) = %{nghttp2_version}
 %else
-BuildRequires: systemtap-sdt-devel
 BuildRequires: libuv-devel >= 1:%{libuv_version}
 Requires: libuv >= 1:%{libuv_version}
 BuildRequires: libnghttp2-devel >= %{nghttp2_version}
@ -443,7 +439,8 @@ export LDFLAGS="%{build_ldflags}"
           --shared-brotli \
           --without-dtrace \
           --with-intl=small-icu \
-           --openssl-use-def-ca-store
+           --openssl-use-def-ca-store \
+           --openssl-default-cipher-list=PROFILE=SYSTEM
 %else
 %{__python3} configure.py --prefix=%{_prefix} \
           --shared \
@ -456,7 +453,8 @@ export LDFLAGS="%{build_ldflags}"
           --with-dtrace \
           --with-intl=small-icu \
           --with-icu-default-data-dir=%{icudatadir} \
-           --openssl-use-def-ca-store
+           --openssl-use-def-ca-store \
+           --openssl-default-cipher-list=PROFILE=SYSTEM
 %endif
 %else
 %if %{with bootstrap}
@ -466,7 +464,8 @@ export LDFLAGS="%{build_ldflags}"
           --shared-brotli \
           --without-dtrace \
           --with-intl=small-icu \
-           --openssl-use-def-ca-store
+           --openssl-use-def-ca-store \
+           --openssl-default-cipher-list=PROFILE=SYSTEM
 %else
 %{__python3} configure.py --prefix=%{_prefix} \
           --shared-openssl \
@ -477,7 +476,8 @@ export LDFLAGS="%{build_ldflags}"
           --with-dtrace \
           --with-intl=small-icu \
           --with-icu-default-data-dir=%{icudatadir} \
-           --openssl-use-def-ca-store
+           --openssl-use-def-ca-store \
+           --openssl-default-cipher-list=PROFILE=SYSTEM
 %endif
 %endif

@ -825,27 +825,41 @@ end


 %changelog
+* Thu Jul 08 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.17.3-2
+- Resolves: RHBZ#1980032, RHBZ#1978203
+- Resolves RHBZ#1842826
+- Don't use patch3
+
+* Thu Jul 08 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.17.3-1
+- Resolves: RHBZ#1980032, RHBZ#1978203
+- Resolves RHBZ#1842826
+- Resolves CVE-2021-22918(libuv), use system cipher list
+
+* Wed Mar 10 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-3
+- Resolves: RHBZ#1930775
+- Always build with systemtap
+
 * Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-2
- Resolves: RHBZ#1932427
+- Resolves: RHBZ#1930775
 - remove --debug-nghttp2 option

 * Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-1
- Resolves: RHBZ#1932317, RHBZ#1932425
+- Resolves: RHBZ#1932318, RHBZ#1932366
 - Rebase, remove ini patch

 * Tue Jan 26 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-2
 - Add patch for yarn crash
- Resolves: RHBZ#1916465
+- Resolves: RHBZ#1915296

 * Tue Jan 19 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-1
 - Security rebase to 14.15.4
 - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
- Resolves: RHBZ#1916463, RHBZ#1914788
- Resolves: RHBZ#1914785, RHBZ#1916387, RHBZ#1916389, RHBZ#1916390, RHBZ#1916690
+- Resolves: RHBZ#1913001, RHBZ#1912953
+- Resolves: RHBZ#1912636, RHBZ#1898602, RHBZ#1898768, RHBZ#1893987, RHBZ#1893184

 * Thu Oct 29 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.0-1
+- Resolves: RHBZ#1858864
 - Update to LTS release
- Rebase: RHBZ#1891809

 * Mon Sep 21 2020 Jan Staněk <jstanek@redhat.com> - 1:14.11.0-1
 - Security update to 14.11.0