Rebase + CVEs
This commit is contained in:
zsvetlik
parent
ff9422b100
commit
eaec3dd901
@ -0,0 +1,31 @@
|
||||
From 9872b897d6a9a39e3392c39bca70cfd9dd084558 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 26 Sep 2022 16:02:39 +0200
|
||||
Subject: [PATCH] install: keep installing dtrace and systemtap files
|
||||
|
||||
Partly reverts commit e27e709d3ca93b3e7036ddc4f4d28dfde228bfb6.
|
||||
|
||||
Signed-off-by: rpm-build <rpm-build>
|
||||
---
|
||||
tools/install.py | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/tools/install.py b/tools/install.py
|
||||
index 4b01d67..dc16797 100755
|
||||
--- a/tools/install.py
|
||||
+++ b/tools/install.py
|
||||
@@ -178,6 +178,11 @@ def files(action):
|
||||
output_lib = 'libnode.' + variables.get('shlib_suffix')
|
||||
action([output_prefix + output_lib], variables.get('libdir') + '/' + output_lib)
|
||||
|
||||
+ if 'true' == variables.get('node_use_dtrace'):
|
||||
+ action(['out/Release/node.d'], variables.get('libdir') + '/dtrace/node.d')
|
||||
+
|
||||
+ action(['src/node.stp'], 'share/systemtap/tapset/')
|
||||
+
|
||||
action(['deps/v8/tools/gdbinit'], 'share/doc/node/')
|
||||
action(['deps/v8/tools/lldb_commands.py'], 'share/doc/node/')
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
||||
116
nodejs.spec
116
nodejs.spec
@ -41,7 +41,7 @@
|
||||
# than a Fedora release lifecycle.
|
||||
%global nodejs_epoch 1
|
||||
%global nodejs_major 16
|
||||
%global nodejs_minor 17
|
||||
%global nodejs_minor 18
|
||||
%global nodejs_patch 1
|
||||
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
|
||||
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
|
||||
@ -69,7 +69,7 @@
|
||||
%global c_ares_version 1.18.1
|
||||
|
||||
# llhttp - from deps/llhttp/include/llhttp.h
|
||||
%global llhttp_version 6.0.9
|
||||
%global llhttp_version 6.0.10
|
||||
|
||||
# libuv - from deps/uv/include/uv/version.h
|
||||
%global libuv_version 1.43.0
|
||||
@ -79,14 +79,14 @@
|
||||
|
||||
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
|
||||
%global nghttp3_major 0
|
||||
%global nghttp3_minor 1
|
||||
%global nghttp3_patch 0-DEV
|
||||
%global nghttp3_minor 7
|
||||
%global nghttp3_patch 0
|
||||
%global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch}
|
||||
|
||||
# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
|
||||
%global ngtcp2_major 0
|
||||
%global ngtcp2_minor 1
|
||||
%global ngtcp2_patch 0-DEV
|
||||
%global ngtcp2_minor 8
|
||||
%global ngtcp2_patch 1
|
||||
%global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
|
||||
|
||||
# ICU - from tools/icu/current_ver.dep
|
||||
@ -118,7 +118,7 @@
|
||||
|
||||
# npm - from deps/npm/package.json
|
||||
%global npm_epoch 1
|
||||
%global npm_version 8.15.0
|
||||
%global npm_version 8.19.2
|
||||
|
||||
# In order to avoid needing to keep incrementing the release version for the
|
||||
# main package forever, we will just construct one for npm that is guaranteed
|
||||
@ -127,10 +127,10 @@
|
||||
%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
|
||||
|
||||
# uvwasi - from deps/uvwasi/include/uvwasi.h
|
||||
%global uvwasi_version 0.0.12
|
||||
%global uvwasi_version 0.0.13
|
||||
|
||||
# histogram_c - assumed from timestamps
|
||||
%global histogram_version 0.9.7
|
||||
%global histogram_version 0.11.2
|
||||
|
||||
Name: nodejs
|
||||
Epoch: %{nodejs_epoch}
|
||||
@ -172,16 +172,14 @@ Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-
|
||||
# Version: jq '.version' deps/undici/src/package.json
|
||||
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.8.0.tar.gz
|
||||
# Adjustments: rm -f undici-5.8.0/lib/llhttp/llhttp*.wasm*
|
||||
Source111: undici-5.8.0.tar.gz
|
||||
Source111: undici-5.9.1.tar.gz
|
||||
# The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
|
||||
# Version source: build/Dockerfile
|
||||
Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
|
||||
|
||||
# Disable running gyp on bundled deps we don't use
|
||||
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
||||
|
||||
# Patch to install both node and libnode.so, using the correct libdir
|
||||
Patch2: 0002-Install-both-binaries-and-use-libdir.patch
|
||||
Patch2: 0002-install-keep-installing-dtrace-and-systemtap-files.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: python3-devel
|
||||
@ -229,8 +227,6 @@ Requires: openssl >= %{openssl_minimum}
|
||||
# we need the system certificate store
|
||||
Requires: ca-certificates
|
||||
|
||||
Requires: nodejs-libs%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
|
||||
|
||||
# Pull in the full-icu data by default
|
||||
Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
|
||||
|
||||
@ -316,29 +312,6 @@ Requires: libuv-devel%{?_isa}
|
||||
Development headers for the Node.js JavaScript runtime.
|
||||
|
||||
|
||||
%package libs
|
||||
Summary: Node.js and v8 libraries
|
||||
|
||||
# Compatibility for obsolete v8 package
|
||||
%if 0%{?__isa_bits} == 64
|
||||
Provides: libv8.so.%{v8_major}()(64bit)
|
||||
Provides: libv8_libbase.so.%{v8_major}()(64bit)
|
||||
Provides: libv8_libplatform.so.%{v8_major}()(64bit)
|
||||
%else
|
||||
# 32-bits
|
||||
Provides: libv8.so.%{v8_major}
|
||||
Provides: libv8_libbase.so.%{v8_major}
|
||||
Provides: libv8_libplatform.so.%{v8_major}
|
||||
%endif
|
||||
|
||||
Provides: v8 = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
|
||||
Provides: v8%{?_isa} = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
|
||||
Obsoletes: v8 < 1:6.7.17-10
|
||||
|
||||
%description libs
|
||||
Libraries to support Node.js and provide stable v8 interfaces.
|
||||
|
||||
|
||||
%package full-i18n
|
||||
Summary: Non-English locale data for Node.js
|
||||
Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
||||
@ -348,17 +321,6 @@ Optional data files to provide full-icu support for Node.js. Remove this
|
||||
package to save space if non-English locales are not needed.
|
||||
|
||||
|
||||
%package -n v8-devel
|
||||
Summary: v8 - development headers
|
||||
Epoch: %{v8_epoch}
|
||||
Version: %{v8_version}
|
||||
Release: %{v8_release}%{?dist}
|
||||
Requires: %{name}-devel%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
||||
|
||||
%description -n v8-devel
|
||||
Development headers for the v8 runtime.
|
||||
|
||||
|
||||
%package -n npm
|
||||
Summary: Node.js Package Manager
|
||||
Epoch: %{npm_epoch}
|
||||
@ -446,14 +408,12 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl
|
||||
export LDFLAGS="%{build_ldflags}"
|
||||
|
||||
%{__python3} configure.py --prefix=%{_prefix} \
|
||||
--shared \
|
||||
--libdir=%{_lib} \
|
||||
--shared-openssl \
|
||||
--shared-zlib \
|
||||
--shared-brotli \
|
||||
%{!?with_bundled:--shared-libuv} \
|
||||
%{!?with_bundled:--shared-nghttp2} \
|
||||
--with-dtrace \
|
||||
%{?with_bundled:--without-dtrace}%{!?with_bundled:--with-dtrace} \
|
||||
--with-intl=small-icu \
|
||||
--with-icu-default-data-dir=%{icudatadir} \
|
||||
--without-corepack \
|
||||
@ -501,20 +461,6 @@ rm -rf %{buildroot}
|
||||
chmod 0755 %{buildroot}/%{_bindir}/node
|
||||
chrpath --delete %{buildroot}%{_bindir}/node
|
||||
|
||||
# Install library symlink
|
||||
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/libnode.so
|
||||
|
||||
# Install v8 compatibility symlinks
|
||||
for header in %{buildroot}%{_includedir}/node/libplatform %{buildroot}%{_includedir}/node/v8*.h; do
|
||||
header=$(basename ${header})
|
||||
ln -s ./node/${header} %{buildroot}%{_includedir}/${header}
|
||||
done
|
||||
ln -s ./node/cppgc %{buildroot}%{_includedir}/cppgc
|
||||
for soname in libv8 libv8_libbase libv8_libplatform; do
|
||||
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so
|
||||
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so.%{v8_major}
|
||||
done
|
||||
|
||||
# own the sitelib directory
|
||||
mkdir -p %{buildroot}%{_prefix}/lib/node_modules
|
||||
|
||||
@ -587,15 +533,15 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
|
||||
|
||||
%check
|
||||
# Fail the build if the versions don't match
|
||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
|
||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
|
||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
|
||||
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
|
||||
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
|
||||
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
|
||||
|
||||
# Ensure we have punycode and that the version matches
|
||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
|
||||
%{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
|
||||
|
||||
# Ensure we have npm and that the version matches
|
||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}%{_bindir}/node %{buildroot}%{_bindir}/npm version --json |jq -e '.npm == "%{npm_version}"'
|
||||
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')"
|
||||
|
||||
# Make sure i18n support is working
|
||||
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
|
||||
@ -627,18 +573,20 @@ end
|
||||
%dir %{_datadir}/systemtap/tapset
|
||||
%{_datadir}/systemtap/tapset/node.stp
|
||||
|
||||
%if %{without bundled}
|
||||
%dir %{_usr}/lib/dtrace
|
||||
%{_usr}/lib/dtrace/node.d
|
||||
%endif
|
||||
|
||||
%{_rpmconfigdir}/fileattrs/nodejs_native.attr
|
||||
%{_rpmconfigdir}/nodejs_native.req
|
||||
%license LICENSE
|
||||
%doc AUTHORS CHANGELOG.md onboarding.md GOVERNANCE.md README.md
|
||||
%doc %{_mandir}/man1/node.1*
|
||||
|
||||
|
||||
%files devel
|
||||
%{_includedir}/node
|
||||
%{_libdir}/libnode.so
|
||||
%{_datadir}/node/common.gypi
|
||||
%{_pkgdocdir}/gdbinit
|
||||
|
||||
@ -648,24 +596,6 @@ end
|
||||
%{icudatadir}/icudt%{icu_major}*.dat
|
||||
|
||||
|
||||
%files libs
|
||||
%license LICENSE
|
||||
%{_libdir}/libnode.so.%{nodejs_soversion}
|
||||
%{_libdir}/libv8.so.%{v8_major}
|
||||
%{_libdir}/libv8_libbase.so.%{v8_major}
|
||||
%{_libdir}/libv8_libplatform.so.%{v8_major}
|
||||
%dir %{nodejs_datadir}/
|
||||
|
||||
|
||||
%files -n v8-devel
|
||||
%{_includedir}/libplatform
|
||||
%{_includedir}/v8*.h
|
||||
%{_includedir}/cppgc
|
||||
%{_libdir}/libv8.so
|
||||
%{_libdir}/libv8_libbase.so
|
||||
%{_libdir}/libv8_libplatform.so
|
||||
|
||||
|
||||
%files -n npm
|
||||
%{_bindir}/npm
|
||||
%{_bindir}/npx
|
||||
@ -682,6 +612,7 @@ end
|
||||
%doc %{_mandir}/man5/package-lock-json.5*
|
||||
%doc %{_mandir}/man5/npm-shrinkwrap-json.5*
|
||||
%doc %{_mandir}/man7/config.7*
|
||||
%doc %{_mandir}/man7/dependency-selectors.7*
|
||||
%doc %{_mandir}/man7/developers.7*
|
||||
%doc %{_mandir}/man7/logging.7*
|
||||
%doc %{_mandir}/man7/orgs.7*
|
||||
@ -701,6 +632,11 @@ end
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Nov 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.18.1-1
|
||||
- Rebase + CVEs
|
||||
- Resolves: #2142808
|
||||
- Resolves: #2142826, #2131745, #2142855
|
||||
|
||||
* Tue Sep 27 2022 Jan Staněk <jstanek@redhat.com> - 16.17.1-1
|
||||
- Rebase to version 16.17.1
|
||||
Resolves: CVE-2022-35255 CVE-2022-35256
|
||||
|
||||
6
sources
6
sources
@ -1,6 +1,6 @@
|
||||
SHA512 (node-v16.17.1-stripped.tar.gz) = f7b18b02c23ddb32abb01bc4473fadfe860d8009ab14437951a44fea424312d59d2812f59570fa7dd78a5b53fc7dc892da237ea9f80498da3ffb3d4edd185ba7
|
||||
SHA512 (node-v16.18.1-stripped.tar.gz) = 6c13f04aaceffccb75f609faa407197d47b0fff3aab82d85a10bc209e74ab7a045075afb9839e2eb71934a025375427c83426292509f6c72ef6375090a6fb5c4
|
||||
SHA512 (icu4c-71_1-src.tgz) = 1fd2a20aef48369d1f06e2bb74584877b8ad0eb529320b976264ec2db87420bae242715795f372dbc513ea80047bc49077a064e78205cd5e8b33d746fd2a2912
|
||||
SHA512 (cjs-module-lexer-1.2.2.tar.gz) = e2134c4541efec2f32d5fa5fd5151511a599ecd08e85fbfc8d56cbd0f3b2a404a9b1c072a601e4237e229ed12859abf6f52201ee0f55fcd0e43f49d0017e7cd1
|
||||
SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb
|
||||
SHA512 (undici-5.9.1.tar.gz) = fcadac58e368b1f90975a609b24900794c6b234733755cc35bc81f20fda977e8eecfedb6b43b91a25fd6900dbf4c5b133847f65c00d97144d39b5995d0b65568
|
||||
SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c
|
||||
SHA512 (undici-5.8.0.tar.gz) = 635756eb22e64c67dead202db4768e1e21ea25cda6c2598c619845fad063a600d98a3c9b510b12453ceeb2ac2cbb4949a1dddfebc5c1940c55781a28eb0cced5
|
||||
SHA512 (wasi-sdk-wasi-sdk-14.tar.gz) = 4fecb3d9c04b91eb2388a9e51d49fbff6f22b81f9945a07ecdbfe479c96dad1e3b673b8bee24842b0dae5294129a9cb35dcf8e5ecf45437a6d01fb6e0fd13645
|
||||
|
||||
Loading…
Reference in New Issue
Block a user