From da73624575da060fa757a6cb48b2961a047fdafa Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Wed, 1 Sep 2021 11:20:28 +0000 Subject: [PATCH] import nodejs-16.7.0-2.module+el8.5.0+12455+4b61e68d --- .gitignore | 2 +- .nodejs.metadata | 2 +- SPECS/nodejs.spec | 40 +++++++++++++++++++++++++--------------- 3 files changed, 27 insertions(+), 17 deletions(-) diff --git a/.gitignore b/.gitignore index c341245..91480ee 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/icu4c-69_1-src.tgz -SOURCES/node-v16.4.2-stripped.tar.gz +SOURCES/node-v16.7.0-stripped.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 93995ed..78e6dd0 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,2 +1,2 @@ 620a71c84428758376baa0fb81a581c3daa866ce SOURCES/icu4c-69_1-src.tgz -7a256b1c471ab300c71772134c53d6ed8390a7d0 SOURCES/node-v16.4.2-stripped.tar.gz +c20abd2bf8f1ab262d500ca27dc29475a0f7b675 SOURCES/node-v16.7.0-stripped.tar.gz diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 0fb3c2c..250e1c7 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -14,7 +14,7 @@ # This is used by both the nodejs package and the npm subpackage thar # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. -%global baserelease 1 +%global baserelease 2 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -25,8 +25,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 16 -%global nodejs_minor 4 -%global nodejs_patch 2 +%global nodejs_minor 7 +%global nodejs_patch 0 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 93 @@ -40,9 +40,9 @@ # Epoch is set to ensure clean upgrades from the old v8 package %global v8_epoch 2 %global v8_major 9 -%global v8_minor 1 -%global v8_build 269 -%global v8_patch 36 +%global v8_minor 2 +%global v8_build 230 +%global v8_patch 21 # V8 presently breaks ABI at least every x.y release while never bumping SONAME %global v8_abi %{v8_major}.%{v8_minor} %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} @@ -52,7 +52,7 @@ # https://github.com/nodejs/node/pull/9332 %global c_ares_major 1 %global c_ares_minor 17 -%global c_ares_patch 1 +%global c_ares_patch 2 %global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch} # llhttp - from deps/llhttp/include/llhttp.h @@ -63,7 +63,7 @@ # libuv - from deps/uv/include/uv/version.h %global libuv_major 1 -%global libuv_minor 41 +%global libuv_minor 42 %global libuv_patch 0 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch} @@ -77,7 +77,7 @@ %global nghttp3_major 0 %global nghttp3_minor 1 %global nghttp3_patch 0-DEV -%global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch} +%global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch} # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h %global ngtcp2_major 0 @@ -118,8 +118,8 @@ # npm - from deps/npm/package.json %global npm_epoch 1 %global npm_major 7 -%global npm_minor 18 -%global npm_patch 1 +%global npm_minor 20 +%global npm_patch 3 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} # uvwasi - from deps/uvwasi/include/uvwasi.h @@ -169,9 +169,6 @@ Source7: nodejs_native.attr # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch -# RHBZ#1915296 - yarn install crashes with nodejs:14 on aarch64 -# Patch3: 0003-yarn-not-installable-on-aarch64.patch - BuildRequires: make BuildRequires: python3-devel BuildRequires: zlib-devel @@ -356,7 +353,6 @@ rm -rf deps/brotli pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js") find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \; find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \; -sed -i "s~python~python3~" $(find . -type f | grep "gyp$") sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_unittest.py find . -type f -exec sed -i "s~python -c~python3 -c~" {} \; @@ -372,6 +368,7 @@ find . -type f -exec sed -i "s~python -c~python3 -c~" {} \; export CC='gcc' export CXX='g++' +%{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}} # build with debugging symbols and add defines from libuv (#892601) # Node's v8 breaks with GCC 6 because of incorrect usage of methods on @@ -682,6 +679,19 @@ end %changelog +* Mon Aug 30 2021 Zuzana Svetlikova - 1:16.7.0-2 +- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, +- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 +- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810 +- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963 +- fix python3 in gyp + +* Wed Aug 18 2021 Zuzana Svetlikova - 1:16.7.0-1 +- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, +- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 +- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810 +- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963 + * Fri Jul 09 2021 Zuzana Svetlikova - 1:16.4.2-1 - Resolves: RHBZ#1979847 - Resolves CVE-2021-22918(libuv)