rpms/nodejs
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase + CVEs

Browse Source
This commit is contained in:
zsvetlik 2022-11-16 18:16:28 +00:00
parent ff9422b100
commit eaec3dd901
3 changed files with 60 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
0002-install-keep-installing-dtrace-and-systemtap-files.patch Normal file
View File

@ -0,0 +1,31 @@
From 9872b897d6a9a39e3392c39bca70cfd9dd084558 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 26 Sep 2022 16:02:39 +0200
Subject: [PATCH] install: keep installing dtrace and systemtap files
Partly reverts commit e27e709d3ca93b3e7036ddc4f4d28dfde228bfb6.
Signed-off-by: rpm-build <rpm-build>
---
tools/install.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tools/install.py b/tools/install.py
index 4b01d67..dc16797 100755
--- a/tools/install.py
+++ b/tools/install.py
@@ -178,6 +178,11 @@ def files(action):
output_lib = 'libnode.' + variables.get('shlib_suffix')
action([output_prefix + output_lib], variables.get('libdir') + '/' + output_lib)
+ if 'true' == variables.get('node_use_dtrace'):
+ action(['out/Release/node.d'], variables.get('libdir') + '/dtrace/node.d')
+
+ action(['src/node.stp'], 'share/systemtap/tapset/')
+
action(['deps/v8/tools/gdbinit'], 'share/doc/node/')
action(['deps/v8/tools/lldb_commands.py'], 'share/doc/node/')
--
2.37.3

116
nodejs.spec
View File

@ -41,7 +41,7 @@
# than a Fedora release lifecycle. # than a Fedora release lifecycle.
%global nodejs_epoch 1 %global nodejs_epoch 1
%global nodejs_major 16 %global nodejs_major 16
%global nodejs_minor 17 %global nodejs_minor 18
%global nodejs_patch 1 %global nodejs_patch 1
%global nodejs_abi %{nodejs_major}.%{nodejs_minor} %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
@ -69,7 +69,7 @@
%global c_ares_version 1.18.1 %global c_ares_version 1.18.1
# llhttp - from deps/llhttp/include/llhttp.h # llhttp - from deps/llhttp/include/llhttp.h
%global llhttp_version 6.0.9 %global llhttp_version 6.0.10
# libuv - from deps/uv/include/uv/version.h # libuv - from deps/uv/include/uv/version.h
%global libuv_version 1.43.0 %global libuv_version 1.43.0
@ -79,14 +79,14 @@
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
%global nghttp3_major 0 %global nghttp3_major 0
%global nghttp3_minor 1 %global nghttp3_minor 7
%global nghttp3_patch 0-DEV %global nghttp3_patch 0
%global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch} %global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch}
# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
%global ngtcp2_major 0 %global ngtcp2_major 0
%global ngtcp2_minor 1 %global ngtcp2_minor 8
%global ngtcp2_patch 0-DEV %global ngtcp2_patch 1
%global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch} %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
# ICU - from tools/icu/current_ver.dep # ICU - from tools/icu/current_ver.dep
@ -118,7 +118,7 @@
# npm - from deps/npm/package.json # npm - from deps/npm/package.json
%global npm_epoch 1 %global npm_epoch 1
%global npm_version 8.15.0 %global npm_version 8.19.2
# In order to avoid needing to keep incrementing the release version for the # In order to avoid needing to keep incrementing the release version for the
# main package forever, we will just construct one for npm that is guaranteed # main package forever, we will just construct one for npm that is guaranteed
@ -127,10 +127,10 @@
%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
# uvwasi - from deps/uvwasi/include/uvwasi.h # uvwasi - from deps/uvwasi/include/uvwasi.h
%global uvwasi_version 0.0.12 %global uvwasi_version 0.0.13
# histogram_c - assumed from timestamps # histogram_c - assumed from timestamps
%global histogram_version 0.9.7 %global histogram_version 0.11.2
Name: nodejs Name: nodejs
Epoch: %{nodejs_epoch} Epoch: %{nodejs_epoch}
@ -172,16 +172,14 @@ Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-
# Version: jq '.version' deps/undici/src/package.json # Version: jq '.version' deps/undici/src/package.json
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.8.0.tar.gz # Original: https://github.com/nodejs/undici/archive/refs/tags/v5.8.0.tar.gz
# Adjustments: rm -f undici-5.8.0/lib/llhttp/llhttp*.wasm* # Adjustments: rm -f undici-5.8.0/lib/llhttp/llhttp*.wasm*
Source111: undici-5.8.0.tar.gz Source111: undici-5.9.1.tar.gz
# The WASM blob was made using wasi-sdk v14; compiler libraries are linked in. # The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
# Version source: build/Dockerfile # Version source: build/Dockerfile
Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
# Disable running gyp on bundled deps we don't use # Disable running gyp on bundled deps we don't use
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
Patch2: 0002-install-keep-installing-dtrace-and-systemtap-files.patch
# Patch to install both node and libnode.so, using the correct libdir
Patch2: 0002-Install-both-binaries-and-use-libdir.patch
BuildRequires: make BuildRequires: make
BuildRequires: python3-devel BuildRequires: python3-devel
@ -229,8 +227,6 @@ Requires: openssl >= %{openssl_minimum}
# we need the system certificate store # we need the system certificate store
Requires: ca-certificates Requires: ca-certificates
Requires: nodejs-libs%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
# Pull in the full-icu data by default # Pull in the full-icu data by default
Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release} Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
@ -316,29 +312,6 @@ Requires: libuv-devel%{?_isa}
Development headers for the Node.js JavaScript runtime. Development headers for the Node.js JavaScript runtime.
%package libs
Summary: Node.js and v8 libraries
# Compatibility for obsolete v8 package
%if 0%{?__isa_bits} == 64
Provides: libv8.so.%{v8_major}()(64bit)
Provides: libv8_libbase.so.%{v8_major}()(64bit)
Provides: libv8_libplatform.so.%{v8_major}()(64bit)
%else
# 32-bits
Provides: libv8.so.%{v8_major}
Provides: libv8_libbase.so.%{v8_major}
Provides: libv8_libplatform.so.%{v8_major}
%endif
Provides: v8 = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
Provides: v8%{?_isa} = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
Obsoletes: v8 < 1:6.7.17-10
%description libs
Libraries to support Node.js and provide stable v8 interfaces.
%package full-i18n %package full-i18n
Summary: Non-English locale data for Node.js Summary: Non-English locale data for Node.js
Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
@ -348,17 +321,6 @@ Optional data files to provide full-icu support for Node.js. Remove this
package to save space if non-English locales are not needed. package to save space if non-English locales are not needed.
%package -n v8-devel
Summary: v8 - development headers
Epoch: %{v8_epoch}
Version: %{v8_version}
Release: %{v8_release}%{?dist}
Requires: %{name}-devel%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
%description -n v8-devel
Development headers for the v8 runtime.
%package -n npm %package -n npm
Summary: Node.js Package Manager Summary: Node.js Package Manager
Epoch: %{npm_epoch} Epoch: %{npm_epoch}
@ -446,14 +408,12 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl
export LDFLAGS="%{build_ldflags}" export LDFLAGS="%{build_ldflags}"
%{__python3} configure.py --prefix=%{_prefix} \ %{__python3} configure.py --prefix=%{_prefix} \
--shared \
--libdir=%{_lib} \
--shared-openssl \ --shared-openssl \
--shared-zlib \ --shared-zlib \
--shared-brotli \ --shared-brotli \
%{!?with_bundled:--shared-libuv} \ %{!?with_bundled:--shared-libuv} \
%{!?with_bundled:--shared-nghttp2} \ %{!?with_bundled:--shared-nghttp2} \
--with-dtrace \ %{?with_bundled:--without-dtrace}%{!?with_bundled:--with-dtrace} \
--with-intl=small-icu \ --with-intl=small-icu \
--with-icu-default-data-dir=%{icudatadir} \ --with-icu-default-data-dir=%{icudatadir} \
--without-corepack \ --without-corepack \
@ -501,20 +461,6 @@ rm -rf %{buildroot}
chmod 0755 %{buildroot}/%{_bindir}/node chmod 0755 %{buildroot}/%{_bindir}/node
chrpath --delete %{buildroot}%{_bindir}/node chrpath --delete %{buildroot}%{_bindir}/node
# Install library symlink
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/libnode.so
# Install v8 compatibility symlinks
for header in %{buildroot}%{_includedir}/node/libplatform %{buildroot}%{_includedir}/node/v8*.h; do
header=$(basename ${header})
ln -s ./node/${header} %{buildroot}%{_includedir}/${header}
done
ln -s ./node/cppgc %{buildroot}%{_includedir}/cppgc
for soname in libv8 libv8_libbase libv8_libplatform; do
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so.%{v8_major}
done
# own the sitelib directory # own the sitelib directory
mkdir -p %{buildroot}%{_prefix}/lib/node_modules mkdir -p %{buildroot}%{_prefix}/lib/node_modules
@ -587,15 +533,15 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
%check %check
# Fail the build if the versions don't match # Fail the build if the versions don't match
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')" %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')" %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')" %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
# Ensure we have punycode and that the version matches # Ensure we have punycode and that the version matches
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')" %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
# Ensure we have npm and that the version matches # Ensure we have npm and that the version matches
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}%{_bindir}/node %{buildroot}%{_bindir}/npm version --json |jq -e '.npm == "%{npm_version}"' NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')"
# Make sure i18n support is working # Make sure i18n support is working
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2} NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
@ -627,18 +573,20 @@ end
%dir %{_datadir}/systemtap/tapset %dir %{_datadir}/systemtap/tapset
%{_datadir}/systemtap/tapset/node.stp %{_datadir}/systemtap/tapset/node.stp
%if %{without bundled}
%dir %{_usr}/lib/dtrace %dir %{_usr}/lib/dtrace
%{_usr}/lib/dtrace/node.d %{_usr}/lib/dtrace/node.d
%endif
%{_rpmconfigdir}/fileattrs/nodejs_native.attr %{_rpmconfigdir}/fileattrs/nodejs_native.attr
%{_rpmconfigdir}/nodejs_native.req %{_rpmconfigdir}/nodejs_native.req
%license LICENSE
%doc AUTHORS CHANGELOG.md onboarding.md GOVERNANCE.md README.md %doc AUTHORS CHANGELOG.md onboarding.md GOVERNANCE.md README.md
%doc %{_mandir}/man1/node.1* %doc %{_mandir}/man1/node.1*
%files devel %files devel
%{_includedir}/node %{_includedir}/node
%{_libdir}/libnode.so
%{_datadir}/node/common.gypi %{_datadir}/node/common.gypi
%{_pkgdocdir}/gdbinit %{_pkgdocdir}/gdbinit
@ -648,24 +596,6 @@ end
%{icudatadir}/icudt%{icu_major}*.dat %{icudatadir}/icudt%{icu_major}*.dat
%files libs
%license LICENSE
%{_libdir}/libnode.so.%{nodejs_soversion}
%{_libdir}/libv8.so.%{v8_major}
%{_libdir}/libv8_libbase.so.%{v8_major}
%{_libdir}/libv8_libplatform.so.%{v8_major}
%dir %{nodejs_datadir}/
%files -n v8-devel
%{_includedir}/libplatform
%{_includedir}/v8*.h
%{_includedir}/cppgc
%{_libdir}/libv8.so
%{_libdir}/libv8_libbase.so
%{_libdir}/libv8_libplatform.so
%files -n npm %files -n npm
%{_bindir}/npm %{_bindir}/npm
%{_bindir}/npx %{_bindir}/npx
@ -682,6 +612,7 @@ end
%doc %{_mandir}/man5/package-lock-json.5* %doc %{_mandir}/man5/package-lock-json.5*
%doc %{_mandir}/man5/npm-shrinkwrap-json.5* %doc %{_mandir}/man5/npm-shrinkwrap-json.5*
%doc %{_mandir}/man7/config.7* %doc %{_mandir}/man7/config.7*
%doc %{_mandir}/man7/dependency-selectors.7*
%doc %{_mandir}/man7/developers.7* %doc %{_mandir}/man7/developers.7*
%doc %{_mandir}/man7/logging.7* %doc %{_mandir}/man7/logging.7*
%doc %{_mandir}/man7/orgs.7* %doc %{_mandir}/man7/orgs.7*
@ -701,6 +632,11 @@ end
%changelog %changelog
* Wed Nov 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.18.1-1
- Rebase + CVEs
- Resolves: #2142808
- Resolves: #2142826, #2131745, #2142855
* Tue Sep 27 2022 Jan Staněk <jstanek@redhat.com> - 16.17.1-1 * Tue Sep 27 2022 Jan Staněk <jstanek@redhat.com> - 16.17.1-1
- Rebase to version 16.17.1 - Rebase to version 16.17.1
Resolves: CVE-2022-35255 CVE-2022-35256 Resolves: CVE-2022-35255 CVE-2022-35256

6
sources
View File

@ -1,6 +1,6 @@
SHA512 (node-v16.17.1-stripped.tar.gz) = f7b18b02c23ddb32abb01bc4473fadfe860d8009ab14437951a44fea424312d59d2812f59570fa7dd78a5b53fc7dc892da237ea9f80498da3ffb3d4edd185ba7 SHA512 (node-v16.18.1-stripped.tar.gz) = 6c13f04aaceffccb75f609faa407197d47b0fff3aab82d85a10bc209e74ab7a045075afb9839e2eb71934a025375427c83426292509f6c72ef6375090a6fb5c4
SHA512 (icu4c-71_1-src.tgz) = 1fd2a20aef48369d1f06e2bb74584877b8ad0eb529320b976264ec2db87420bae242715795f372dbc513ea80047bc49077a064e78205cd5e8b33d746fd2a2912 SHA512 (icu4c-71_1-src.tgz) = 1fd2a20aef48369d1f06e2bb74584877b8ad0eb529320b976264ec2db87420bae242715795f372dbc513ea80047bc49077a064e78205cd5e8b33d746fd2a2912
SHA512 (cjs-module-lexer-1.2.2.tar.gz) = e2134c4541efec2f32d5fa5fd5151511a599ecd08e85fbfc8d56cbd0f3b2a404a9b1c072a601e4237e229ed12859abf6f52201ee0f55fcd0e43f49d0017e7cd1 SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb
SHA512 (undici-5.9.1.tar.gz) = fcadac58e368b1f90975a609b24900794c6b234733755cc35bc81f20fda977e8eecfedb6b43b91a25fd6900dbf4c5b133847f65c00d97144d39b5995d0b65568
SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c
SHA512 (undici-5.8.0.tar.gz) = 635756eb22e64c67dead202db4768e1e21ea25cda6c2598c619845fad063a600d98a3c9b510b12453ceeb2ac2cbb4949a1dddfebc5c1940c55781a28eb0cced5
SHA512 (wasi-sdk-wasi-sdk-14.tar.gz) = 4fecb3d9c04b91eb2388a9e51d49fbff6f22b81f9945a07ecdbfe479c96dad1e3b673b8bee24842b0dae5294129a9cb35dcf8e5ecf45437a6d01fb6e0fd13645 SHA512 (wasi-sdk-wasi-sdk-14.tar.gz) = 4fecb3d9c04b91eb2388a9e51d49fbff6f22b81f9945a07ecdbfe479c96dad1e3b673b8bee24842b0dae5294129a9cb35dcf8e5ecf45437a6d01fb6e0fd13645