Rebase to 16.6.2

Resolves: CVE-2021-22931 CVE-2021-22939 CVE-2021-22940
This commit is contained in:
Jan Staněk 2021-08-12 14:44:40 +02:00
parent 94ead171a1
commit de0701411d
No known key found for this signature in database
GPG Key ID: 2972F2037B243B6D
2 changed files with 16 additions and 12 deletions

View File

@ -9,7 +9,7 @@
# This is used by both the nodejs package and the npm subpackage thar
# has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end.
%global baserelease 3
%global baserelease 1
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -20,8 +20,8 @@
# than a Fedora release lifecycle.
%global nodejs_epoch 1
%global nodejs_major 16
%global nodejs_minor 5
%global nodejs_patch 0
%global nodejs_minor 6
%global nodejs_patch 2
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
%global nodejs_soversion 93
@ -35,9 +35,9 @@
# Epoch is set to ensure clean upgrades from the old v8 package
%global v8_epoch 2
%global v8_major 9
%global v8_minor 1
%global v8_build 269
%global v8_patch 38
%global v8_minor 2
%global v8_build 230
%global v8_patch 21
# V8 presently breaks ABI at least every x.y release while never bumping SONAME
%global v8_abi %{v8_major}.%{v8_minor}
%global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@ -47,7 +47,7 @@
# https://github.com/nodejs/node/pull/9332
%global c_ares_major 1
%global c_ares_minor 17
%global c_ares_patch 1
%global c_ares_patch 2
%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
# llhttp - from deps/llhttp/include/llhttp.h
@ -113,8 +113,8 @@
# npm - from deps/npm/package.json
%global npm_epoch 1
%global npm_major 7
%global npm_minor 19
%global npm_patch 1
%global npm_minor 20
%global npm_patch 3
%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
# uvwasi - from deps/uvwasi/include/uvwasi.h
@ -386,7 +386,6 @@ rm -rf deps/brotli
pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js")
find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \;
find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \;
sed -i "s~python~python3~" $(find . -type f | grep "gyp$")
sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py
sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_unittest.py
find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
@ -407,6 +406,7 @@ find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
export CC='%{__cc}'
export CXX='%{__cxx}'
%{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}}
# build with debugging symbols and add defines from libuv (#892601)
# Node's v8 breaks with GCC 6 because of incorrect usage of methods on
@ -694,6 +694,10 @@ end
%changelog
* Thu Aug 12 2021 Jan Staněk <jstanek@redhat.com> - 1:16.6.2-1
- Rebase to 16.6.2
Resolves: CVE-2021-22931 CVE-2021-22939 CVE-2021-22940
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:16.5.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

View File

@ -1,2 +1,2 @@
SHA512 (node-v16.5.0-stripped.tar.gz) = 6e3bada9d70df7f24621dfa1398c40950d22aaa5bee5668868ae78ce5e8c333c681dc78ed3099da3203c05339904b20aabaff4a87c2ae77a998113a3dbc39720
SHA512 (node-v16.6.2-stripped.tar.gz) = af3f7a4114fc9600077e21295d8eb764ce56806eb249ac64c91d33ea874ee3f18004d0e7d0dc5cb69546ff0a8c7f4174963db4bb05c19fc28c9b5db63cf4b9c7
SHA512 (icu4c-69_1-src.tgz) = d4aeb781715144ea6e3c6b98df5bbe0490bfa3175221a1d667f3e6851b7bd4a638fa4a37d4a921ccb31f02b5d15a6dded9464d98051964a86f7b1cde0ff0aab7