import nodejs-12.22.3-2.module+el8.4.0+11732+c668cc9f

2021-08-10 08:02:59 -04:00 · 2021-08-10 08:02:59 -04:00 · e726939e43
commit e726939e43
parent 75701e8b68
5 changed files with 34 additions and 33 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
 SOURCES/icu4c-67_1-src.tgz
-SOURCES/node-v12.21.0-stripped.tar.gz
+SOURCES/node-v12.22.3-stripped.tar.gz
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@ -1,2 +1,2 @@
 6822a4a94324d1ba591b3e8ef084e4491af253c1 SOURCES/icu4c-67_1-src.tgz
-a169a24b69f9ad0ad75f38d1857a8411017843bd SOURCES/node-v12.21.0-stripped.tar.gz
+753aeca4079c2f2dd5e4c587ae74ce0d7cd93917 SOURCES/node-v12.22.3-stripped.tar.gz
--- a/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
+++ b/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
@ -1,13 +0,0 @@
-diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
-index d720681628..727362aac0 100644
--- a/deps/npm/node_modules/y18n/index.js
-+++ b/deps/npm/node_modules/y18n/index.js
-@@ -11,7 +11,7 @@ function Y18N (opts) {
-   this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
- 
-   // internal stuff.
-  this.cache = {}
-+  this.cache = Object.create(null)
-   this.writeQueue = []
- }
- 
--- a/SOURCES/nodejs-tarball.sh
+++ b/SOURCES/nodejs-tarball.sh
@ -185,15 +185,19 @@ echo "punycode"
 echo "========================="
 grep "'version'" node-v${version}/lib/punycode.js
 echo
+echo "npm"
+echo "========================="
+grep "\"version\":" node-v${version}/deps/npm/package.json
+echo
 echo "uvwasi"
 echo "========================="
 grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
 grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
 grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
 echo
-echo "npm"
+echo "brotli"
 echo "========================="
-grep "\"version\":" node-v${version}/deps/npm/package.json
+grep "#define BROTLI_VERSION" node-v${version}/deps/brotli/c/common/version.h
 echo
 echo "Make sure these versions match what is in the RPM spec file"

--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@ -18,7 +18,7 @@
 # This is used by both the nodejs package and the npm subpackage thar
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 1
+%global baserelease 2

 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}

@ -29,8 +29,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 12
-%global nodejs_minor 21
-%global nodejs_patch 0
+%global nodejs_minor 22
+%global nodejs_patch 3
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 %if %{?with_libs} == 1
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
@ -106,7 +106,7 @@
 %global npm_epoch 1
 %global npm_major 6
 %global npm_minor 14
-%global npm_patch 11
+%global npm_patch 13
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}

 # uvwasi - from deps/uvwasi/include/uvwasi.h
@ -170,9 +170,6 @@ Patch2: 0002-Install-both-binaries-and-use-libdir.patch
 # Upstream patch to use getauxval
 Patch3: 0003-src-use-getauxval-in-node_main.cc.patch

-# CVE-2020-7774
-Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
-
 BuildRequires: make
 BuildRequires: python2-devel
 BuildRequires: python3-devel
@ -185,13 +182,13 @@ BuildRequires: gcc-c++ >= 6.3.0
 BuildRequires: nodejs-packaging
 BuildRequires: chrpath
 BuildRequires: libatomic
+BuildRequires: systemtap-sdt-devel

 %if %{with bootstrap}
 Provides: bundled(http-parser) = %{http_parser_version}
 Provides: bundled(libuv) = %{libuv_version}
 Provides: bundled(nghttp2) = %{nghttp2_version}
 %else
-BuildRequires: systemtap-sdt-devel
 BuildRequires: libuv-devel >= 1:%{libuv_version}
 Requires: libuv >= 1:%{libuv_version}
 BuildRequires: libnghttp2-devel >= %{nghttp2_version}
@ -480,7 +477,8 @@ export LDFLAGS="%{build_ldflags}"
           --shared-brotli \
           --without-dtrace \
           --with-intl=small-icu \
-           --openssl-use-def-ca-store
+           --openssl-use-def-ca-store \
+           --openssl-default-cipher-list=PROFILE=SYSTEM
 %else
 ./configure --prefix=%{_prefix} \
           --shared-openssl \
@ -491,7 +489,8 @@ export LDFLAGS="%{build_ldflags}"
           --with-dtrace \
           --with-intl=%{icu_flag} \
           --with-icu-default-data-dir=%{icudatadir} \
-           --openssl-use-def-ca-store
+           --openssl-use-def-ca-store \
+           --openssl-default-cipher-list=PROFILE=SYSTEM
 %endif

 %else
@ -502,7 +501,8 @@ export LDFLAGS="%{build_ldflags}"
           --shared-zlib \
           --without-dtrace \
           --with-intl=small-icu \
-           --openssl-use-def-ca-store
+           --openssl-use-def-ca-store \
+           --openssl-default-cipher-list=PROFILE=SYSTEM
 %else
 ./configure --prefix=%{_prefix} \
           --shared-openssl \
@ -512,7 +512,8 @@ export LDFLAGS="%{build_ldflags}"
           --with-dtrace \
           --with-intl=%{icu_flag} \
           --with-icu-default-data-dir=%{icudatadir} \
-           --openssl-use-def-ca-store
+           --openssl-use-def-ca-store \
+           --openssl-default-cipher-list=PROFILE=SYSTEM
 %endif

 %endif
@ -865,8 +866,17 @@ end


 %changelog
+* Thu Jul 08 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.3-2
+- Resolves: RHBZ#1980031, RHBZ#1978201
+- Fix typo, BR systemtap-sdt-level always, remove y18n patch
+
+* Wed Jul 07 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.3-1
+- Resolves: RHBZ#1980031, RHBZ#1978201
+- Resolves #1952915
+- Resolves CVE-2021-22918(libuv), use system cipher list
+
 * Tue Mar 02 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.21.0-1
- Resolves: RHBZ#1932315, RHBZ#1932424
+- Resolves: RHBZ#1932316, RHBZ#1932365
 - remove --debug-nghttp2 option
 - remove ini patch
 - Backport patch to use getauxval
@ -874,11 +884,11 @@ end
 * Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.20.1-1
 - Security rebase for January security release
 - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
- Resolves: RHBZ#1916460, RHBZ#1914786
- Resolves: RHBZ#1914784, RHBZ#1916396
+- Resolves: RHBZ#1913000, RHBZ#1912952
+- Resolves: RHBZ#1912635, RHBZ#1893984

 * Tue Nov 24 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.19.1-1
- Resolves: RHBZ#1901044, #1901045, #1901046, #1901047
+- Resolves: RHBZ#1861602, #1874302, #1898598, #1898765
 - c-ares, ajv and y18n CVEs and yarn installability issues

 * Mon Oct 05 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.18.4-2