Rebase to 16.6.2

Resolves: CVE-2021-22931 CVE-2021-22939 CVE-2021-22940
This commit is contained in:
Jan Staněk 2021-08-12 14:44:40 +02:00
parent 94ead171a1
commit de0701411d
No known key found for this signature in database
GPG Key ID: 2972F2037B243B6D
2 changed files with 16 additions and 12 deletions

View File

@ -9,7 +9,7 @@
# This is used by both the nodejs package and the npm subpackage thar # This is used by both the nodejs package and the npm subpackage thar
# has a separate version - the name is special so that rpmdev-bumpspec # has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end. # will bump this rather than adding .1 to the end.
%global baserelease 3 %global baserelease 1
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -20,8 +20,8 @@
# than a Fedora release lifecycle. # than a Fedora release lifecycle.
%global nodejs_epoch 1 %global nodejs_epoch 1
%global nodejs_major 16 %global nodejs_major 16
%global nodejs_minor 5 %global nodejs_minor 6
%global nodejs_patch 0 %global nodejs_patch 2
%global nodejs_abi %{nodejs_major}.%{nodejs_minor} %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
%global nodejs_soversion 93 %global nodejs_soversion 93
@ -35,9 +35,9 @@
# Epoch is set to ensure clean upgrades from the old v8 package # Epoch is set to ensure clean upgrades from the old v8 package
%global v8_epoch 2 %global v8_epoch 2
%global v8_major 9 %global v8_major 9
%global v8_minor 1 %global v8_minor 2
%global v8_build 269 %global v8_build 230
%global v8_patch 38 %global v8_patch 21
# V8 presently breaks ABI at least every x.y release while never bumping SONAME # V8 presently breaks ABI at least every x.y release while never bumping SONAME
%global v8_abi %{v8_major}.%{v8_minor} %global v8_abi %{v8_major}.%{v8_minor}
%global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@ -47,7 +47,7 @@
# https://github.com/nodejs/node/pull/9332 # https://github.com/nodejs/node/pull/9332
%global c_ares_major 1 %global c_ares_major 1
%global c_ares_minor 17 %global c_ares_minor 17
%global c_ares_patch 1 %global c_ares_patch 2
%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch} %global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
# llhttp - from deps/llhttp/include/llhttp.h # llhttp - from deps/llhttp/include/llhttp.h
@ -72,7 +72,7 @@
%global nghttp3_major 0 %global nghttp3_major 0
%global nghttp3_minor 1 %global nghttp3_minor 1
%global nghttp3_patch 0-DEV %global nghttp3_patch 0-DEV
%global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch} %global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch}
# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
%global ngtcp2_major 0 %global ngtcp2_major 0
@ -113,8 +113,8 @@
# npm - from deps/npm/package.json # npm - from deps/npm/package.json
%global npm_epoch 1 %global npm_epoch 1
%global npm_major 7 %global npm_major 7
%global npm_minor 19 %global npm_minor 20
%global npm_patch 1 %global npm_patch 3
%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
# uvwasi - from deps/uvwasi/include/uvwasi.h # uvwasi - from deps/uvwasi/include/uvwasi.h
@ -386,7 +386,6 @@ rm -rf deps/brotli
pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js") pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js")
find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \; find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \;
find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \; find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \;
sed -i "s~python~python3~" $(find . -type f | grep "gyp$")
sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py
sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_unittest.py sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_unittest.py
find . -type f -exec sed -i "s~python -c~python3 -c~" {} \; find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
@ -407,6 +406,7 @@ find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
export CC='%{__cc}' export CC='%{__cc}'
export CXX='%{__cxx}' export CXX='%{__cxx}'
%{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}}
# build with debugging symbols and add defines from libuv (#892601) # build with debugging symbols and add defines from libuv (#892601)
# Node's v8 breaks with GCC 6 because of incorrect usage of methods on # Node's v8 breaks with GCC 6 because of incorrect usage of methods on
@ -694,6 +694,10 @@ end
%changelog %changelog
* Thu Aug 12 2021 Jan Staněk <jstanek@redhat.com> - 1:16.6.2-1
- Rebase to 16.6.2
Resolves: CVE-2021-22931 CVE-2021-22939 CVE-2021-22940
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:16.5.0-3 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:16.5.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688 Related: rhbz#1991688

View File

@ -1,2 +1,2 @@
SHA512 (node-v16.5.0-stripped.tar.gz) = 6e3bada9d70df7f24621dfa1398c40950d22aaa5bee5668868ae78ce5e8c333c681dc78ed3099da3203c05339904b20aabaff4a87c2ae77a998113a3dbc39720 SHA512 (node-v16.6.2-stripped.tar.gz) = af3f7a4114fc9600077e21295d8eb764ce56806eb249ac64c91d33ea874ee3f18004d0e7d0dc5cb69546ff0a8c7f4174963db4bb05c19fc28c9b5db63cf4b9c7
SHA512 (icu4c-69_1-src.tgz) = d4aeb781715144ea6e3c6b98df5bbe0490bfa3175221a1d667f3e6851b7bd4a638fa4a37d4a921ccb31f02b5d15a6dded9464d98051964a86f7b1cde0ff0aab7 SHA512 (icu4c-69_1-src.tgz) = d4aeb781715144ea6e3c6b98df5bbe0490bfa3175221a1d667f3e6851b7bd4a638fa4a37d4a921ccb31f02b5d15a6dded9464d98051964a86f7b1cde0ff0aab7