diff --git a/.gitignore b/.gitignore index 15ae08c..6ff2449 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ +SOURCES/cjs-module-lexer-1.2.2.tar.gz SOURCES/icu4c-71_1-src.tgz -SOURCES/node-v18.6.0-stripped.tar.gz +SOURCES/node-v18.8.0-stripped.tar.gz +SOURCES/undici-5.8.2.tar.gz +SOURCES/wasi-sdk-wasi-sdk-11.tar.gz +SOURCES/wasi-sdk-wasi-sdk-14.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 2a90853..dd3e006 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,2 +1,6 @@ +6976e77068429bd0b47b573793289e065ceb6b27 SOURCES/cjs-module-lexer-1.2.2.tar.gz 406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz -a82035bca2c75dd8321015463bd73996a0842a1c SOURCES/node-v18.6.0-stripped.tar.gz +8b2134f2d551e4830a5f8b0d376b42a35f478a1b SOURCES/node-v18.8.0-stripped.tar.gz +29a0b677c4dad6f3976e8c139c459fc49dc608b4 SOURCES/undici-5.8.2.tar.gz +8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz +900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 6218986..3984838 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -41,7 +41,7 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 18 -%global nodejs_minor 6 +%global nodejs_minor 8 %global nodejs_patch 0 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h @@ -134,8 +134,8 @@ # npm - from deps/npm/package.json %global npm_epoch 1 %global npm_major 8 -%global npm_minor 13 -%global npm_patch 2 +%global npm_minor 18 +%global npm_patch 0 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} # uvwasi - from deps/uvwasi/include/uvwasi.h @@ -184,6 +184,26 @@ Source100: %{name}-tarball.sh # nodejs-packaging SRPM. Source7: nodejs_native.attr +# These are full sources for dependencies included as WASM blobs in the source of Node itself. +# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to. +# Recipes for creating these blobs are included in the sources. + +# Version: jq '.version' deps/cjs-module-lexer/package.json +# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz +# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm +Source101: cjs-module-lexer-1.2.2.tar.gz +# The WASM blob was made using wasi-sdk v11; compiler libraries are linked in. +# Version source: Makefile +Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz + +# Version: jq '.version' deps/undici/src/package.json +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.8.2.tar.gz +# Adjustments: rm -f undici-5.8.2/lib/llhttp/llhttp*.wasm* +Source111: undici-5.8.2.tar.gz +# The WASM blob was made using wasi-sdk v14; compiler libraries are linked in. +# Version source: build/Dockerfile +Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz + # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch @@ -674,6 +694,7 @@ end %doc %{_mandir}/man5/package-lock-json.5* %doc %{_mandir}/man5/npm-shrinkwrap-json.5* %doc %{_mandir}/man7/config.7* +%doc %{_mandir}/man7/dependency-selectors.7* %doc %{_mandir}/man7/developers.7* %doc %{_mandir}/man7/logging.7* %doc %{_mandir}/man7/orgs.7* @@ -693,6 +714,10 @@ end %changelog +* Fri Aug 26 2022 Jan Staněk - 1:18.8.0-1 +- Rebase to version 18.8.0 +- Include sources for WASM blobs + * Fri Jul 15 2022 Jan Staněk - 1:18.6.0-1 - Rebase to version 18.6.0 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215