diff --git a/0002-install-keep-installing-dtrace-and-systemtap-files.patch b/0002-install-keep-installing-dtrace-and-systemtap-files.patch new file mode 100644 index 0000000..f055d91 --- /dev/null +++ b/0002-install-keep-installing-dtrace-and-systemtap-files.patch @@ -0,0 +1,31 @@ +From 9872b897d6a9a39e3392c39bca70cfd9dd084558 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 26 Sep 2022 16:02:39 +0200 +Subject: [PATCH] install: keep installing dtrace and systemtap files + +Partly reverts commit e27e709d3ca93b3e7036ddc4f4d28dfde228bfb6. + +Signed-off-by: rpm-build +--- + tools/install.py | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/tools/install.py b/tools/install.py +index 4b01d67..dc16797 100755 +--- a/tools/install.py ++++ b/tools/install.py +@@ -178,6 +178,11 @@ def files(action): + output_lib = 'libnode.' + variables.get('shlib_suffix') + action([output_prefix + output_lib], variables.get('libdir') + '/' + output_lib) + ++ if 'true' == variables.get('node_use_dtrace'): ++ action(['out/Release/node.d'], variables.get('libdir') + '/dtrace/node.d') ++ ++ action(['src/node.stp'], 'share/systemtap/tapset/') ++ + action(['deps/v8/tools/gdbinit'], 'share/doc/node/') + action(['deps/v8/tools/lldb_commands.py'], 'share/doc/node/') + +-- +2.37.3 + diff --git a/nodejs.spec b/nodejs.spec index da6af1c..66eed79 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -41,7 +41,7 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 16 -%global nodejs_minor 17 +%global nodejs_minor 18 %global nodejs_patch 1 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h @@ -69,7 +69,7 @@ %global c_ares_version 1.18.1 # llhttp - from deps/llhttp/include/llhttp.h -%global llhttp_version 6.0.9 +%global llhttp_version 6.0.10 # libuv - from deps/uv/include/uv/version.h %global libuv_version 1.43.0 @@ -79,14 +79,14 @@ # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h %global nghttp3_major 0 -%global nghttp3_minor 1 -%global nghttp3_patch 0-DEV +%global nghttp3_minor 7 +%global nghttp3_patch 0 %global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch} # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h %global ngtcp2_major 0 -%global ngtcp2_minor 1 -%global ngtcp2_patch 0-DEV +%global ngtcp2_minor 8 +%global ngtcp2_patch 1 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch} # ICU - from tools/icu/current_ver.dep @@ -118,7 +118,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 8.15.0 +%global npm_version 8.19.2 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -127,10 +127,10 @@ %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} # uvwasi - from deps/uvwasi/include/uvwasi.h -%global uvwasi_version 0.0.12 +%global uvwasi_version 0.0.13 # histogram_c - assumed from timestamps -%global histogram_version 0.9.7 +%global histogram_version 0.11.2 Name: nodejs Epoch: %{nodejs_epoch} @@ -172,16 +172,14 @@ Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk- # Version: jq '.version' deps/undici/src/package.json # Original: https://github.com/nodejs/undici/archive/refs/tags/v5.8.0.tar.gz # Adjustments: rm -f undici-5.8.0/lib/llhttp/llhttp*.wasm* -Source111: undici-5.8.0.tar.gz +Source111: undici-5.9.1.tar.gz # The WASM blob was made using wasi-sdk v14; compiler libraries are linked in. # Version source: build/Dockerfile Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch - -# Patch to install both node and libnode.so, using the correct libdir -Patch2: 0002-Install-both-binaries-and-use-libdir.patch +Patch2: 0002-install-keep-installing-dtrace-and-systemtap-files.patch BuildRequires: make BuildRequires: python3-devel @@ -229,8 +227,6 @@ Requires: openssl >= %{openssl_minimum} # we need the system certificate store Requires: ca-certificates -Requires: nodejs-libs%{?_isa} = %{nodejs_epoch}:%{version}-%{release} - # Pull in the full-icu data by default Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release} @@ -316,29 +312,6 @@ Requires: libuv-devel%{?_isa} Development headers for the Node.js JavaScript runtime. -%package libs -Summary: Node.js and v8 libraries - -# Compatibility for obsolete v8 package -%if 0%{?__isa_bits} == 64 -Provides: libv8.so.%{v8_major}()(64bit) -Provides: libv8_libbase.so.%{v8_major}()(64bit) -Provides: libv8_libplatform.so.%{v8_major}()(64bit) -%else -# 32-bits -Provides: libv8.so.%{v8_major} -Provides: libv8_libbase.so.%{v8_major} -Provides: libv8_libplatform.so.%{v8_major} -%endif - -Provides: v8 = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist} -Provides: v8%{?_isa} = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist} -Obsoletes: v8 < 1:6.7.17-10 - -%description libs -Libraries to support Node.js and provide stable v8 interfaces. - - %package full-i18n Summary: Non-English locale data for Node.js Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} @@ -348,17 +321,6 @@ Optional data files to provide full-icu support for Node.js. Remove this package to save space if non-English locales are not needed. -%package -n v8-devel -Summary: v8 - development headers -Epoch: %{v8_epoch} -Version: %{v8_version} -Release: %{v8_release}%{?dist} -Requires: %{name}-devel%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} - -%description -n v8-devel -Development headers for the v8 runtime. - - %package -n npm Summary: Node.js Package Manager Epoch: %{npm_epoch} @@ -446,14 +408,12 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl export LDFLAGS="%{build_ldflags}" %{__python3} configure.py --prefix=%{_prefix} \ - --shared \ - --libdir=%{_lib} \ --shared-openssl \ --shared-zlib \ --shared-brotli \ %{!?with_bundled:--shared-libuv} \ %{!?with_bundled:--shared-nghttp2} \ - --with-dtrace \ + %{?with_bundled:--without-dtrace}%{!?with_bundled:--with-dtrace} \ --with-intl=small-icu \ --with-icu-default-data-dir=%{icudatadir} \ --without-corepack \ @@ -501,20 +461,6 @@ rm -rf %{buildroot} chmod 0755 %{buildroot}/%{_bindir}/node chrpath --delete %{buildroot}%{_bindir}/node -# Install library symlink -ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/libnode.so - -# Install v8 compatibility symlinks -for header in %{buildroot}%{_includedir}/node/libplatform %{buildroot}%{_includedir}/node/v8*.h; do - header=$(basename ${header}) - ln -s ./node/${header} %{buildroot}%{_includedir}/${header} -done -ln -s ./node/cppgc %{buildroot}%{_includedir}/cppgc -for soname in libv8 libv8_libbase libv8_libplatform; do - ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so - ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so.%{v8_major} -done - # own the sitelib directory mkdir -p %{buildroot}%{_prefix}/lib/node_modules @@ -587,15 +533,15 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/* %check # Fail the build if the versions don't match -LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')" -LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')" -LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')" +%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')" +%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')" +%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')" # Ensure we have punycode and that the version matches -LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')" +%{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')" # Ensure we have npm and that the version matches -LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}%{_bindir}/node %{buildroot}%{_bindir}/npm version --json |jq -e '.npm == "%{npm_version}"' +NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')" # Make sure i18n support is working NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2} @@ -627,18 +573,20 @@ end %dir %{_datadir}/systemtap/tapset %{_datadir}/systemtap/tapset/node.stp +%if %{without bundled} %dir %{_usr}/lib/dtrace %{_usr}/lib/dtrace/node.d +%endif %{_rpmconfigdir}/fileattrs/nodejs_native.attr %{_rpmconfigdir}/nodejs_native.req +%license LICENSE %doc AUTHORS CHANGELOG.md onboarding.md GOVERNANCE.md README.md %doc %{_mandir}/man1/node.1* %files devel %{_includedir}/node -%{_libdir}/libnode.so %{_datadir}/node/common.gypi %{_pkgdocdir}/gdbinit @@ -648,24 +596,6 @@ end %{icudatadir}/icudt%{icu_major}*.dat -%files libs -%license LICENSE -%{_libdir}/libnode.so.%{nodejs_soversion} -%{_libdir}/libv8.so.%{v8_major} -%{_libdir}/libv8_libbase.so.%{v8_major} -%{_libdir}/libv8_libplatform.so.%{v8_major} -%dir %{nodejs_datadir}/ - - -%files -n v8-devel -%{_includedir}/libplatform -%{_includedir}/v8*.h -%{_includedir}/cppgc -%{_libdir}/libv8.so -%{_libdir}/libv8_libbase.so -%{_libdir}/libv8_libplatform.so - - %files -n npm %{_bindir}/npm %{_bindir}/npx @@ -682,6 +612,7 @@ end %doc %{_mandir}/man5/package-lock-json.5* %doc %{_mandir}/man5/npm-shrinkwrap-json.5* %doc %{_mandir}/man7/config.7* +%doc %{_mandir}/man7/dependency-selectors.7* %doc %{_mandir}/man7/developers.7* %doc %{_mandir}/man7/logging.7* %doc %{_mandir}/man7/orgs.7* @@ -701,6 +632,11 @@ end %changelog +* Wed Nov 16 2022 Zuzana Svetlikova - 1:16.18.1-1 +- Rebase + CVEs +- Resolves: #2142808 +- Resolves: #2142826, #2131745, #2142855 + * Tue Sep 27 2022 Jan Staněk - 16.17.1-1 - Rebase to version 16.17.1 Resolves: CVE-2022-35255 CVE-2022-35256 diff --git a/sources b/sources index 8eda80b..c294033 100644 --- a/sources +++ b/sources @@ -1,6 +1,6 @@ -SHA512 (node-v16.17.1-stripped.tar.gz) = f7b18b02c23ddb32abb01bc4473fadfe860d8009ab14437951a44fea424312d59d2812f59570fa7dd78a5b53fc7dc892da237ea9f80498da3ffb3d4edd185ba7 +SHA512 (node-v16.18.1-stripped.tar.gz) = 6c13f04aaceffccb75f609faa407197d47b0fff3aab82d85a10bc209e74ab7a045075afb9839e2eb71934a025375427c83426292509f6c72ef6375090a6fb5c4 SHA512 (icu4c-71_1-src.tgz) = 1fd2a20aef48369d1f06e2bb74584877b8ad0eb529320b976264ec2db87420bae242715795f372dbc513ea80047bc49077a064e78205cd5e8b33d746fd2a2912 -SHA512 (cjs-module-lexer-1.2.2.tar.gz) = e2134c4541efec2f32d5fa5fd5151511a599ecd08e85fbfc8d56cbd0f3b2a404a9b1c072a601e4237e229ed12859abf6f52201ee0f55fcd0e43f49d0017e7cd1 +SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb +SHA512 (undici-5.9.1.tar.gz) = fcadac58e368b1f90975a609b24900794c6b234733755cc35bc81f20fda977e8eecfedb6b43b91a25fd6900dbf4c5b133847f65c00d97144d39b5995d0b65568 SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c -SHA512 (undici-5.8.0.tar.gz) = 635756eb22e64c67dead202db4768e1e21ea25cda6c2598c619845fad063a600d98a3c9b510b12453ceeb2ac2cbb4949a1dddfebc5c1940c55781a28eb0cced5 SHA512 (wasi-sdk-wasi-sdk-14.tar.gz) = 4fecb3d9c04b91eb2388a9e51d49fbff6f22b81f9945a07ecdbfe479c96dad1e3b673b8bee24842b0dae5294129a9cb35dcf8e5ecf45437a6d01fb6e0fd13645