Compare commits
No commits in common. "c10s" and "c8-stream-10" have entirely different histories.
c10s
...
c8-stream-
11
.gitignore
vendored
11
.gitignore
vendored
@ -1,9 +1,2 @@
|
|||||||
*~
|
SOURCES/icu4c-64_2-src.tgz
|
||||||
*.swp
|
SOURCES/node-v10.24.0-stripped.tar.gz
|
||||||
/*.tar.gz
|
|
||||||
/*.src.rpm
|
|
||||||
/*.tgz
|
|
||||||
/node-*/*
|
|
||||||
/.build-*.log
|
|
||||||
/noarch
|
|
||||||
/x86_64
|
|
||||||
|
2
.nodejs.metadata
Normal file
2
.nodejs.metadata
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
3127155ecf2b75ab4835f501b7478e39c07bb852 SOURCES/icu4c-64_2-src.tgz
|
||||||
|
be0e0b385a852c376f452b3d94727492e05407e4 SOURCES/node-v10.24.0-stripped.tar.gz
|
@ -1,26 +0,0 @@
|
|||||||
From 6c80c1956373978489a297a630f4f50222c47775 Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Tue, 30 May 2023 13:12:35 +0200
|
|
||||||
Subject: [PATCH] Disable running gyp on shared deps
|
|
||||||
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
Makefile | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/Makefile b/Makefile
|
|
||||||
index ef3eda2..8b52a4f 100644
|
|
||||||
--- a/Makefile
|
|
||||||
+++ b/Makefile
|
|
||||||
@@ -148,7 +148,7 @@ with-code-cache test-code-cache:
|
|
||||||
$(warning '$@' target is a noop)
|
|
||||||
|
|
||||||
out/Makefile: config.gypi common.gypi node.gyp \
|
|
||||||
- deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
|
|
||||||
+ deps/llhttp/llhttp.gyp \
|
|
||||||
tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
|
|
||||||
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
|
|
||||||
$(PYTHON) tools/gyp_node.py -f make
|
|
||||||
--
|
|
||||||
2.44.0
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From b7d979b5f7d28114050d1cdc43f39e6e83bd80d5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Honza Horak <hhorak@redhat.com>
|
|
||||||
Date: Thu, 12 Oct 2023 13:52:59 +0200
|
|
||||||
Subject: [PATCH] disable fips options
|
|
||||||
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
src/crypto/crypto_util.cc | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
|
|
||||||
index 59ae7f8..7343396 100644
|
|
||||||
--- a/src/crypto/crypto_util.cc
|
|
||||||
+++ b/src/crypto/crypto_util.cc
|
|
||||||
@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
|
|
||||||
/* Override FIPS settings in configuration file, if needed. */
|
|
||||||
if (per_process::cli_options->enable_fips_crypto ||
|
|
||||||
per_process::cli_options->force_fips_crypto) {
|
|
||||||
+ fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
|
|
||||||
+ return false;
|
|
||||||
#if OPENSSL_VERSION_MAJOR >= 3
|
|
||||||
OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
|
|
||||||
if (fips_provider == nullptr)
|
|
||||||
--
|
|
||||||
2.44.0
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -1,581 +0,0 @@
|
|||||||
From fb8b050abf63459eb83cad4d4bf695c56db2790a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Honza Horak <hhorak@redhat.com>
|
|
||||||
Date: Mon, 15 Apr 2024 15:21:35 +0200
|
|
||||||
Subject: [PATCH] Fix CVE-2024-22019
|
|
||||||
|
|
||||||
Resolves: RHEL-28064
|
|
||||||
|
|
||||||
This is a combination of the upstream commit from v18:
|
|
||||||
https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171
|
|
||||||
|
|
||||||
and necessary rebase of llhttp from 6.0.11 to 6.1.0 that has the needed
|
|
||||||
chunk features.
|
|
||||||
|
|
||||||
Original patch:
|
|
||||||
> From 11bd886e0a4eadd7e55502758fff6486a3fa3a4e Mon Sep 17 00:00:00 2001
|
|
||||||
> From: Paolo Insogna <paolo@cowtech.it>
|
|
||||||
> Date: Tue, 9 Jan 2024 18:10:04 +0100
|
|
||||||
> Subject: [PATCH] http: add maximum chunk extension size
|
|
||||||
>
|
|
||||||
> Cherry-picked from v18 patch:
|
|
||||||
> https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171
|
|
||||||
>
|
|
||||||
> PR-URL: https://github.com/nodejs-private/node-private/pull/520
|
|
||||||
> Refs: https://github.com/nodejs-private/node-private/pull/518
|
|
||||||
> CVE-ID: CVE-2024-22019
|
|
||||||
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
deps/llhttp/.gitignore | 1 +
|
|
||||||
deps/llhttp/CMakeLists.txt | 2 +-
|
|
||||||
deps/llhttp/include/llhttp.h | 7 +-
|
|
||||||
deps/llhttp/src/api.c | 7 +
|
|
||||||
deps/llhttp/src/llhttp.c | 122 ++++++++++++++--
|
|
||||||
doc/api/errors.md | 12 ++
|
|
||||||
lib/_http_server.js | 9 ++
|
|
||||||
src/node_http_parser.cc | 20 ++-
|
|
||||||
.../test-http-chunk-extensions-limit.js | 131 ++++++++++++++++++
|
|
||||||
tools/update-llhttp.sh | 2 +-
|
|
||||||
10 files changed, 294 insertions(+), 19 deletions(-)
|
|
||||||
create mode 100644 deps/llhttp/.gitignore
|
|
||||||
create mode 100644 test/parallel/test-http-chunk-extensions-limit.js
|
|
||||||
|
|
||||||
diff --git a/deps/llhttp/.gitignore b/deps/llhttp/.gitignore
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..98438a2
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/deps/llhttp/.gitignore
|
|
||||||
@@ -0,0 +1 @@
|
|
||||||
+libllhttp.pc
|
|
||||||
diff --git a/deps/llhttp/CMakeLists.txt b/deps/llhttp/CMakeLists.txt
|
|
||||||
index d038203..747564a 100644
|
|
||||||
--- a/deps/llhttp/CMakeLists.txt
|
|
||||||
+++ b/deps/llhttp/CMakeLists.txt
|
|
||||||
@@ -1,7 +1,7 @@
|
|
||||||
cmake_minimum_required(VERSION 3.5.1)
|
|
||||||
cmake_policy(SET CMP0069 NEW)
|
|
||||||
|
|
||||||
-project(llhttp VERSION 6.0.11)
|
|
||||||
+project(llhttp VERSION 6.1.0)
|
|
||||||
include(GNUInstallDirs)
|
|
||||||
|
|
||||||
set(CMAKE_C_STANDARD 99)
|
|
||||||
diff --git a/deps/llhttp/include/llhttp.h b/deps/llhttp/include/llhttp.h
|
|
||||||
index 2da66f1..78f27ab 100644
|
|
||||||
--- a/deps/llhttp/include/llhttp.h
|
|
||||||
+++ b/deps/llhttp/include/llhttp.h
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
#define INCLUDE_LLHTTP_H_
|
|
||||||
|
|
||||||
#define LLHTTP_VERSION_MAJOR 6
|
|
||||||
-#define LLHTTP_VERSION_MINOR 0
|
|
||||||
-#define LLHTTP_VERSION_PATCH 11
|
|
||||||
+#define LLHTTP_VERSION_MINOR 1
|
|
||||||
+#define LLHTTP_VERSION_PATCH 0
|
|
||||||
|
|
||||||
#ifndef LLHTTP_STRICT_MODE
|
|
||||||
# define LLHTTP_STRICT_MODE 0
|
|
||||||
@@ -348,6 +348,9 @@ struct llhttp_settings_s {
|
|
||||||
*/
|
|
||||||
llhttp_cb on_headers_complete;
|
|
||||||
|
|
||||||
+ /* Possible return values 0, -1, HPE_USER */
|
|
||||||
+ llhttp_data_cb on_chunk_parameters;
|
|
||||||
+
|
|
||||||
/* Possible return values 0, -1, HPE_USER */
|
|
||||||
llhttp_data_cb on_body;
|
|
||||||
|
|
||||||
diff --git a/deps/llhttp/src/api.c b/deps/llhttp/src/api.c
|
|
||||||
index c4ce197..d3065b3 100644
|
|
||||||
--- a/deps/llhttp/src/api.c
|
|
||||||
+++ b/deps/llhttp/src/api.c
|
|
||||||
@@ -355,6 +355,13 @@ int llhttp__on_chunk_header(llhttp_t* s, const char* p, const char* endp) {
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
+int llhttp__on_chunk_parameters(llhttp_t* s, const char* p, const char* endp) {
|
|
||||||
+ int err;
|
|
||||||
+ SPAN_CALLBACK_MAYBE(s, on_chunk_parameters, p, endp - p);
|
|
||||||
+ return err;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
int llhttp__on_chunk_complete(llhttp_t* s, const char* p, const char* endp) {
|
|
||||||
int err;
|
|
||||||
CALLBACK_MAYBE(s, on_chunk_complete);
|
|
||||||
diff --git a/deps/llhttp/src/llhttp.c b/deps/llhttp/src/llhttp.c
|
|
||||||
index 5e7c5d1..46f86a0 100644
|
|
||||||
--- a/deps/llhttp/src/llhttp.c
|
|
||||||
+++ b/deps/llhttp/src/llhttp.c
|
|
||||||
@@ -340,6 +340,8 @@ enum llparse_state_e {
|
|
||||||
s_n_llhttp__internal__n_invoke_is_equal_content_length,
|
|
||||||
s_n_llhttp__internal__n_chunk_size_almost_done,
|
|
||||||
s_n_llhttp__internal__n_chunk_parameters,
|
|
||||||
+ s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters,
|
|
||||||
+ s_n_llhttp__internal__n_chunk_parameters_ows,
|
|
||||||
s_n_llhttp__internal__n_chunk_size_otherwise,
|
|
||||||
s_n_llhttp__internal__n_chunk_size,
|
|
||||||
s_n_llhttp__internal__n_chunk_size_digit,
|
|
||||||
@@ -539,6 +541,10 @@ int llhttp__on_body(
|
|
||||||
llhttp__internal_t* s, const unsigned char* p,
|
|
||||||
const unsigned char* endp);
|
|
||||||
|
|
||||||
+int llhttp__on_chunk_parameters(
|
|
||||||
+ llhttp__internal_t* s, const unsigned char* p,
|
|
||||||
+ const unsigned char* endp);
|
|
||||||
+
|
|
||||||
int llhttp__on_status(
|
|
||||||
llhttp__internal_t* s, const unsigned char* p,
|
|
||||||
const unsigned char* endp);
|
|
||||||
@@ -1226,8 +1232,7 @@ static llparse_state_t llhttp__internal__run(
|
|
||||||
goto s_n_llhttp__internal__n_chunk_parameters;
|
|
||||||
}
|
|
||||||
case 2: {
|
|
||||||
- p++;
|
|
||||||
- goto s_n_llhttp__internal__n_chunk_size_almost_done;
|
|
||||||
+ goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters;
|
|
||||||
}
|
|
||||||
default: {
|
|
||||||
goto s_n_llhttp__internal__n_error_10;
|
|
||||||
@@ -1236,6 +1241,34 @@ static llparse_state_t llhttp__internal__run(
|
|
||||||
/* UNREACHABLE */;
|
|
||||||
abort();
|
|
||||||
}
|
|
||||||
+ case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters:
|
|
||||||
+ s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: {
|
|
||||||
+ if (p == endp) {
|
|
||||||
+ return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
|
|
||||||
+ }
|
|
||||||
+ state->_span_pos0 = (void*) p;
|
|
||||||
+ state->_span_cb0 = llhttp__on_chunk_parameters;
|
|
||||||
+ goto s_n_llhttp__internal__n_chunk_parameters;
|
|
||||||
+ /* UNREACHABLE */;
|
|
||||||
+ abort();
|
|
||||||
+ }
|
|
||||||
+ case s_n_llhttp__internal__n_chunk_parameters_ows:
|
|
||||||
+ s_n_llhttp__internal__n_chunk_parameters_ows: {
|
|
||||||
+ if (p == endp) {
|
|
||||||
+ return s_n_llhttp__internal__n_chunk_parameters_ows;
|
|
||||||
+ }
|
|
||||||
+ switch (*p) {
|
|
||||||
+ case ' ': {
|
|
||||||
+ p++;
|
|
||||||
+ goto s_n_llhttp__internal__n_chunk_parameters_ows;
|
|
||||||
+ }
|
|
||||||
+ default: {
|
|
||||||
+ goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ /* UNREACHABLE */;
|
|
||||||
+ abort();
|
|
||||||
+ }
|
|
||||||
case s_n_llhttp__internal__n_chunk_size_otherwise:
|
|
||||||
s_n_llhttp__internal__n_chunk_size_otherwise: {
|
|
||||||
if (p == endp) {
|
|
||||||
@@ -1246,13 +1279,9 @@ static llparse_state_t llhttp__internal__run(
|
|
||||||
p++;
|
|
||||||
goto s_n_llhttp__internal__n_chunk_size_almost_done;
|
|
||||||
}
|
|
||||||
- case ' ': {
|
|
||||||
- p++;
|
|
||||||
- goto s_n_llhttp__internal__n_chunk_parameters;
|
|
||||||
- }
|
|
||||||
case ';': {
|
|
||||||
p++;
|
|
||||||
- goto s_n_llhttp__internal__n_chunk_parameters;
|
|
||||||
+ goto s_n_llhttp__internal__n_chunk_parameters_ows;
|
|
||||||
}
|
|
||||||
default: {
|
|
||||||
goto s_n_llhttp__internal__n_error_11;
|
|
||||||
@@ -6074,6 +6103,24 @@ static llparse_state_t llhttp__internal__run(
|
|
||||||
/* UNREACHABLE */;
|
|
||||||
abort();
|
|
||||||
}
|
|
||||||
+ s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: {
|
|
||||||
+ const unsigned char* start;
|
|
||||||
+ int err;
|
|
||||||
+
|
|
||||||
+ start = state->_span_pos0;
|
|
||||||
+ state->_span_pos0 = NULL;
|
|
||||||
+ err = llhttp__on_chunk_parameters(state, start, p);
|
|
||||||
+ if (err != 0) {
|
|
||||||
+ state->error = err;
|
|
||||||
+ state->error_pos = (const char*) (p + 1);
|
|
||||||
+ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done;
|
|
||||||
+ return s_error;
|
|
||||||
+ }
|
|
||||||
+ p++;
|
|
||||||
+ goto s_n_llhttp__internal__n_chunk_size_almost_done;
|
|
||||||
+ /* UNREACHABLE */;
|
|
||||||
+ abort();
|
|
||||||
+ }
|
|
||||||
s_n_llhttp__internal__n_error_10: {
|
|
||||||
state->error = 0x2;
|
|
||||||
state->reason = "Invalid character in chunk parameters";
|
|
||||||
@@ -8441,6 +8488,8 @@ enum llparse_state_e {
|
|
||||||
s_n_llhttp__internal__n_invoke_is_equal_content_length,
|
|
||||||
s_n_llhttp__internal__n_chunk_size_almost_done,
|
|
||||||
s_n_llhttp__internal__n_chunk_parameters,
|
|
||||||
+ s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters,
|
|
||||||
+ s_n_llhttp__internal__n_chunk_parameters_ows,
|
|
||||||
s_n_llhttp__internal__n_chunk_size_otherwise,
|
|
||||||
s_n_llhttp__internal__n_chunk_size,
|
|
||||||
s_n_llhttp__internal__n_chunk_size_digit,
|
|
||||||
@@ -8635,6 +8684,10 @@ int llhttp__on_body(
|
|
||||||
llhttp__internal_t* s, const unsigned char* p,
|
|
||||||
const unsigned char* endp);
|
|
||||||
|
|
||||||
+int llhttp__on_chunk_parameters(
|
|
||||||
+ llhttp__internal_t* s, const unsigned char* p,
|
|
||||||
+ const unsigned char* endp);
|
|
||||||
+
|
|
||||||
int llhttp__on_status(
|
|
||||||
llhttp__internal_t* s, const unsigned char* p,
|
|
||||||
const unsigned char* endp);
|
|
||||||
@@ -9299,8 +9352,7 @@ static llparse_state_t llhttp__internal__run(
|
|
||||||
goto s_n_llhttp__internal__n_chunk_parameters;
|
|
||||||
}
|
|
||||||
case 2: {
|
|
||||||
- p++;
|
|
||||||
- goto s_n_llhttp__internal__n_chunk_size_almost_done;
|
|
||||||
+ goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters;
|
|
||||||
}
|
|
||||||
default: {
|
|
||||||
goto s_n_llhttp__internal__n_error_6;
|
|
||||||
@@ -9309,6 +9361,34 @@ static llparse_state_t llhttp__internal__run(
|
|
||||||
/* UNREACHABLE */;
|
|
||||||
abort();
|
|
||||||
}
|
|
||||||
+ case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters:
|
|
||||||
+ s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: {
|
|
||||||
+ if (p == endp) {
|
|
||||||
+ return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
|
|
||||||
+ }
|
|
||||||
+ state->_span_pos0 = (void*) p;
|
|
||||||
+ state->_span_cb0 = llhttp__on_chunk_parameters;
|
|
||||||
+ goto s_n_llhttp__internal__n_chunk_parameters;
|
|
||||||
+ /* UNREACHABLE */;
|
|
||||||
+ abort();
|
|
||||||
+ }
|
|
||||||
+ case s_n_llhttp__internal__n_chunk_parameters_ows:
|
|
||||||
+ s_n_llhttp__internal__n_chunk_parameters_ows: {
|
|
||||||
+ if (p == endp) {
|
|
||||||
+ return s_n_llhttp__internal__n_chunk_parameters_ows;
|
|
||||||
+ }
|
|
||||||
+ switch (*p) {
|
|
||||||
+ case ' ': {
|
|
||||||
+ p++;
|
|
||||||
+ goto s_n_llhttp__internal__n_chunk_parameters_ows;
|
|
||||||
+ }
|
|
||||||
+ default: {
|
|
||||||
+ goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ /* UNREACHABLE */;
|
|
||||||
+ abort();
|
|
||||||
+ }
|
|
||||||
case s_n_llhttp__internal__n_chunk_size_otherwise:
|
|
||||||
s_n_llhttp__internal__n_chunk_size_otherwise: {
|
|
||||||
if (p == endp) {
|
|
||||||
@@ -9319,13 +9399,9 @@ static llparse_state_t llhttp__internal__run(
|
|
||||||
p++;
|
|
||||||
goto s_n_llhttp__internal__n_chunk_size_almost_done;
|
|
||||||
}
|
|
||||||
- case ' ': {
|
|
||||||
- p++;
|
|
||||||
- goto s_n_llhttp__internal__n_chunk_parameters;
|
|
||||||
- }
|
|
||||||
case ';': {
|
|
||||||
p++;
|
|
||||||
- goto s_n_llhttp__internal__n_chunk_parameters;
|
|
||||||
+ goto s_n_llhttp__internal__n_chunk_parameters_ows;
|
|
||||||
}
|
|
||||||
default: {
|
|
||||||
goto s_n_llhttp__internal__n_error_7;
|
|
||||||
@@ -13951,6 +14027,24 @@ static llparse_state_t llhttp__internal__run(
|
|
||||||
/* UNREACHABLE */;
|
|
||||||
abort();
|
|
||||||
}
|
|
||||||
+ s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: {
|
|
||||||
+ const unsigned char* start;
|
|
||||||
+ int err;
|
|
||||||
+
|
|
||||||
+ start = state->_span_pos0;
|
|
||||||
+ state->_span_pos0 = NULL;
|
|
||||||
+ err = llhttp__on_chunk_parameters(state, start, p);
|
|
||||||
+ if (err != 0) {
|
|
||||||
+ state->error = err;
|
|
||||||
+ state->error_pos = (const char*) (p + 1);
|
|
||||||
+ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done;
|
|
||||||
+ return s_error;
|
|
||||||
+ }
|
|
||||||
+ p++;
|
|
||||||
+ goto s_n_llhttp__internal__n_chunk_size_almost_done;
|
|
||||||
+ /* UNREACHABLE */;
|
|
||||||
+ abort();
|
|
||||||
+ }
|
|
||||||
s_n_llhttp__internal__n_error_6: {
|
|
||||||
state->error = 0x2;
|
|
||||||
state->reason = "Invalid character in chunk parameters";
|
|
||||||
diff --git a/doc/api/errors.md b/doc/api/errors.md
|
|
||||||
index dcf8744..a76bfe5 100644
|
|
||||||
--- a/doc/api/errors.md
|
|
||||||
+++ b/doc/api/errors.md
|
|
||||||
@@ -3043,6 +3043,18 @@ malconfigured clients, if more than 8 KiB of HTTP header data is received then
|
|
||||||
HTTP parsing will abort without a request or response object being created, and
|
|
||||||
an `Error` with this code will be emitted.
|
|
||||||
|
|
||||||
+<a id="HPE_CHUNK_EXTENSIONS_OVERFLOW"></a>
|
|
||||||
+
|
|
||||||
+### `HPE_CHUNK_EXTENSIONS_OVERFLOW`
|
|
||||||
+
|
|
||||||
+<!-- YAML
|
|
||||||
+added: REPLACEME
|
|
||||||
+-->
|
|
||||||
+
|
|
||||||
+Too much data was received for a chunk extensions. In order to protect against
|
|
||||||
+malicious or malconfigured clients, if more than 16 KiB of data is received
|
|
||||||
+then an `Error` with this code will be emitted.
|
|
||||||
+
|
|
||||||
<a id="HPE_UNEXPECTED_CONTENT_LENGTH"></a>
|
|
||||||
|
|
||||||
### `HPE_UNEXPECTED_CONTENT_LENGTH`
|
|
||||||
diff --git a/lib/_http_server.js b/lib/_http_server.js
|
|
||||||
index 4e23266..325bce6 100644
|
|
||||||
--- a/lib/_http_server.js
|
|
||||||
+++ b/lib/_http_server.js
|
|
||||||
@@ -706,6 +706,12 @@ const requestHeaderFieldsTooLargeResponse = Buffer.from(
|
|
||||||
`HTTP/1.1 431 ${STATUS_CODES[431]}\r\n` +
|
|
||||||
'Connection: close\r\n\r\n', 'ascii'
|
|
||||||
);
|
|
||||||
+
|
|
||||||
+const requestChunkExtensionsTooLargeResponse = Buffer.from(
|
|
||||||
+ `HTTP/1.1 413 ${STATUS_CODES[413]}\r\n` +
|
|
||||||
+ 'Connection: close\r\n\r\n', 'ascii',
|
|
||||||
+);
|
|
||||||
+
|
|
||||||
function socketOnError(e) {
|
|
||||||
// Ignore further errors
|
|
||||||
this.removeListener('error', socketOnError);
|
|
||||||
@@ -719,6 +725,9 @@ function socketOnError(e) {
|
|
||||||
case 'HPE_HEADER_OVERFLOW':
|
|
||||||
response = requestHeaderFieldsTooLargeResponse;
|
|
||||||
break;
|
|
||||||
+ case 'HPE_CHUNK_EXTENSIONS_OVERFLOW':
|
|
||||||
+ response = requestChunkExtensionsTooLargeResponse;
|
|
||||||
+ break;
|
|
||||||
case 'ERR_HTTP_REQUEST_TIMEOUT':
|
|
||||||
response = requestTimeoutResponse;
|
|
||||||
break;
|
|
||||||
diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc
|
|
||||||
index 74f3248..b92e848 100644
|
|
||||||
--- a/src/node_http_parser.cc
|
|
||||||
+++ b/src/node_http_parser.cc
|
|
||||||
@@ -79,6 +79,8 @@ const uint32_t kOnExecute = 5;
|
|
||||||
const uint32_t kOnTimeout = 6;
|
|
||||||
// Any more fields than this will be flushed into JS
|
|
||||||
const size_t kMaxHeaderFieldsCount = 32;
|
|
||||||
+// Maximum size of chunk extensions
|
|
||||||
+const size_t kMaxChunkExtensionsSize = 16384;
|
|
||||||
|
|
||||||
const uint32_t kLenientNone = 0;
|
|
||||||
const uint32_t kLenientHeaders = 1 << 0;
|
|
||||||
@@ -206,6 +208,7 @@ class Parser : public AsyncWrap, public StreamListener {
|
|
||||||
|
|
||||||
int on_message_begin() {
|
|
||||||
num_fields_ = num_values_ = 0;
|
|
||||||
+ chunk_extensions_nread_ = 0;
|
|
||||||
url_.Reset();
|
|
||||||
status_message_.Reset();
|
|
||||||
header_parsing_start_time_ = uv_hrtime();
|
|
||||||
@@ -443,9 +446,22 @@ class Parser : public AsyncWrap, public StreamListener {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
- // Reset nread for the next chunk
|
|
||||||
+ int on_chunk_extension(const char* at, size_t length) {
|
|
||||||
+ chunk_extensions_nread_ += length;
|
|
||||||
+
|
|
||||||
+ if (chunk_extensions_nread_ > kMaxChunkExtensionsSize) {
|
|
||||||
+ llhttp_set_error_reason(&parser_,
|
|
||||||
+ "HPE_CHUNK_EXTENSIONS_OVERFLOW:Chunk extensions overflow");
|
|
||||||
+ return HPE_USER;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // Reset nread for the next chunk and also reset the extensions counter
|
|
||||||
int on_chunk_header() {
|
|
||||||
header_nread_ = 0;
|
|
||||||
+ chunk_extensions_nread_ = 0;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -887,6 +903,7 @@ class Parser : public AsyncWrap, public StreamListener {
|
|
||||||
const char* current_buffer_data_;
|
|
||||||
bool pending_pause_ = false;
|
|
||||||
uint64_t header_nread_ = 0;
|
|
||||||
+ uint64_t chunk_extensions_nread_ = 0;
|
|
||||||
uint64_t max_http_header_size_;
|
|
||||||
uint64_t headers_timeout_;
|
|
||||||
uint64_t header_parsing_start_time_ = 0;
|
|
||||||
@@ -921,6 +938,7 @@ const llhttp_settings_t Parser::settings = {
|
|
||||||
Proxy<DataCall, &Parser::on_header_field>::Raw,
|
|
||||||
Proxy<DataCall, &Parser::on_header_value>::Raw,
|
|
||||||
Proxy<Call, &Parser::on_headers_complete>::Raw,
|
|
||||||
+ Proxy<DataCall, &Parser::on_chunk_extension>::Raw,
|
|
||||||
Proxy<DataCall, &Parser::on_body>::Raw,
|
|
||||||
Proxy<Call, &Parser::on_message_complete>::Raw,
|
|
||||||
Proxy<Call, &Parser::on_chunk_header>::Raw,
|
|
||||||
diff --git a/test/parallel/test-http-chunk-extensions-limit.js b/test/parallel/test-http-chunk-extensions-limit.js
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..6868b3d
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/test/parallel/test-http-chunk-extensions-limit.js
|
|
||||||
@@ -0,0 +1,131 @@
|
|
||||||
+'use strict';
|
|
||||||
+
|
|
||||||
+const common = require('../common');
|
|
||||||
+const http = require('http');
|
|
||||||
+const net = require('net');
|
|
||||||
+const assert = require('assert');
|
|
||||||
+
|
|
||||||
+// Verify that chunk extensions are limited in size when sent all together.
|
|
||||||
+{
|
|
||||||
+ const server = http.createServer((req, res) => {
|
|
||||||
+ req.on('end', () => {
|
|
||||||
+ res.writeHead(200, { 'Content-Type': 'text/plain' });
|
|
||||||
+ res.end('bye');
|
|
||||||
+ });
|
|
||||||
+
|
|
||||||
+ req.resume();
|
|
||||||
+ });
|
|
||||||
+
|
|
||||||
+ server.listen(0, () => {
|
|
||||||
+ const sock = net.connect(server.address().port);
|
|
||||||
+ let data = '';
|
|
||||||
+
|
|
||||||
+ sock.on('data', (chunk) => data += chunk.toString('utf-8'));
|
|
||||||
+
|
|
||||||
+ sock.on('end', common.mustCall(function() {
|
|
||||||
+ assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n');
|
|
||||||
+ server.close();
|
|
||||||
+ }));
|
|
||||||
+
|
|
||||||
+ sock.end('' +
|
|
||||||
+ 'GET / HTTP/1.1\r\n' +
|
|
||||||
+ 'Host: localhost:8080\r\n' +
|
|
||||||
+ 'Transfer-Encoding: chunked\r\n\r\n' +
|
|
||||||
+ '2;' + 'A'.repeat(20000) + '=bar\r\nAA\r\n' +
|
|
||||||
+ '0\r\n\r\n'
|
|
||||||
+ );
|
|
||||||
+ });
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+// Verify that chunk extensions are limited in size when sent in intervals.
|
|
||||||
+{
|
|
||||||
+ const server = http.createServer((req, res) => {
|
|
||||||
+ req.on('end', () => {
|
|
||||||
+ res.writeHead(200, { 'Content-Type': 'text/plain' });
|
|
||||||
+ res.end('bye');
|
|
||||||
+ });
|
|
||||||
+
|
|
||||||
+ req.resume();
|
|
||||||
+ });
|
|
||||||
+
|
|
||||||
+ server.listen(0, () => {
|
|
||||||
+ const sock = net.connect(server.address().port);
|
|
||||||
+ let remaining = 20000;
|
|
||||||
+ let data = '';
|
|
||||||
+
|
|
||||||
+ const interval = setInterval(
|
|
||||||
+ () => {
|
|
||||||
+ if (remaining > 0) {
|
|
||||||
+ sock.write('A'.repeat(1000));
|
|
||||||
+ } else {
|
|
||||||
+ sock.write('=bar\r\nAA\r\n0\r\n\r\n');
|
|
||||||
+ clearInterval(interval);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ remaining -= 1000;
|
|
||||||
+ },
|
|
||||||
+ common.platformTimeout(20),
|
|
||||||
+ ).unref();
|
|
||||||
+
|
|
||||||
+ sock.on('data', (chunk) => data += chunk.toString('utf-8'));
|
|
||||||
+
|
|
||||||
+ sock.on('end', common.mustCall(function() {
|
|
||||||
+ assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n');
|
|
||||||
+ server.close();
|
|
||||||
+ }));
|
|
||||||
+
|
|
||||||
+ sock.write('' +
|
|
||||||
+ 'GET / HTTP/1.1\r\n' +
|
|
||||||
+ 'Host: localhost:8080\r\n' +
|
|
||||||
+ 'Transfer-Encoding: chunked\r\n\r\n' +
|
|
||||||
+ '2;'
|
|
||||||
+ );
|
|
||||||
+ });
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+// Verify the chunk extensions is correctly reset after a chunk
|
|
||||||
+{
|
|
||||||
+ const server = http.createServer((req, res) => {
|
|
||||||
+ req.on('end', () => {
|
|
||||||
+ res.writeHead(200, { 'content-type': 'text/plain', 'connection': 'close', 'date': 'now' });
|
|
||||||
+ res.end('bye');
|
|
||||||
+ });
|
|
||||||
+
|
|
||||||
+ req.resume();
|
|
||||||
+ });
|
|
||||||
+
|
|
||||||
+ server.listen(0, () => {
|
|
||||||
+ const sock = net.connect(server.address().port);
|
|
||||||
+ let data = '';
|
|
||||||
+
|
|
||||||
+ sock.on('data', (chunk) => data += chunk.toString('utf-8'));
|
|
||||||
+
|
|
||||||
+ sock.on('end', common.mustCall(function() {
|
|
||||||
+ assert.strictEqual(
|
|
||||||
+ data,
|
|
||||||
+ 'HTTP/1.1 200 OK\r\n' +
|
|
||||||
+ 'content-type: text/plain\r\n' +
|
|
||||||
+ 'connection: close\r\n' +
|
|
||||||
+ 'date: now\r\n' +
|
|
||||||
+ 'Transfer-Encoding: chunked\r\n' +
|
|
||||||
+ '\r\n' +
|
|
||||||
+ '3\r\n' +
|
|
||||||
+ 'bye\r\n' +
|
|
||||||
+ '0\r\n' +
|
|
||||||
+ '\r\n',
|
|
||||||
+ );
|
|
||||||
+
|
|
||||||
+ server.close();
|
|
||||||
+ }));
|
|
||||||
+
|
|
||||||
+ sock.end('' +
|
|
||||||
+ 'GET / HTTP/1.1\r\n' +
|
|
||||||
+ 'Host: localhost:8080\r\n' +
|
|
||||||
+ 'Transfer-Encoding: chunked\r\n\r\n' +
|
|
||||||
+ '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
|
|
||||||
+ '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
|
|
||||||
+ '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
|
|
||||||
+ '0\r\n\r\n'
|
|
||||||
+ );
|
|
||||||
+ });
|
|
||||||
+}
|
|
||||||
diff --git a/tools/update-llhttp.sh b/tools/update-llhttp.sh
|
|
||||||
index 12e2f46..a95eef1 100755
|
|
||||||
--- a/tools/update-llhttp.sh
|
|
||||||
+++ b/tools/update-llhttp.sh
|
|
||||||
@@ -59,5 +59,5 @@ echo ""
|
|
||||||
echo "Please git add llhttp, commit the new version:"
|
|
||||||
echo ""
|
|
||||||
echo "$ git add -A deps/llhttp"
|
|
||||||
-echo "$ git commit -m \"deps: update nghttp2 to $LLHTTP_VERSION\""
|
|
||||||
+echo "$ git commit -m \"deps: update llhttp to $LLHTTP_VERSION\""
|
|
||||||
echo ""
|
|
||||||
--
|
|
||||||
2.44.0
|
|
||||||
|
|
@ -1,42 +0,0 @@
|
|||||||
From 2df9af7073929ab94b6dda040df08bc3ff7d8ab1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: RafaelGSS <rafael.nunu@hotmail.com>
|
|
||||||
Date: Tue, 26 Mar 2024 15:55:13 -0300
|
|
||||||
Subject: [PATCH] src: ensure to close stream when destroying session
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Co-Authored-By: Anna Henningsen <anna@addaleax.net>
|
|
||||||
PR-URL: https://github.com/nodejs-private/node-private/pull/561
|
|
||||||
Fixes: https://hackerone.com/reports/2319584
|
|
||||||
Reviewed-By: Michael Dawson <midawson@redhat.com>
|
|
||||||
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
|
|
||||||
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
|
||||||
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
|
|
||||||
CVE-ID: CVE-2024-27983
|
|
||||||
Signed-off-by: Jan Staněk <jstanek@redhat.com>
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
src/node_http2.cc | 6 ++++++
|
|
||||||
1 file changed, 6 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/node_http2.cc b/src/node_http2.cc
|
|
||||||
index 53216dc..9a6d63d 100644
|
|
||||||
--- a/src/node_http2.cc
|
|
||||||
+++ b/src/node_http2.cc
|
|
||||||
@@ -529,6 +529,12 @@ Http2Session::Http2Session(Http2State* http2_state,
|
|
||||||
Http2Session::~Http2Session() {
|
|
||||||
CHECK(!is_in_scope());
|
|
||||||
Debug(this, "freeing nghttp2 session");
|
|
||||||
+ // Ensure that all `Http2Stream` instances and the memory they hold
|
|
||||||
+ // on to are destroyed before the nghttp2 session is.
|
|
||||||
+ for (const auto& [id, stream] : streams_) {
|
|
||||||
+ stream->Detach();
|
|
||||||
+ }
|
|
||||||
+ streams_.clear();
|
|
||||||
// Explicitly reset session_ so the subsequent
|
|
||||||
// current_nghttp2_memory_ check passes.
|
|
||||||
session_.reset();
|
|
||||||
--
|
|
||||||
2.44.0
|
|
||||||
|
|
@ -1,112 +0,0 @@
|
|||||||
From 132ad9e8a8f8e246e59744a7fed995ed396f6cb4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
|
|
||||||
Date: Sat, 9 Mar 2024 16:26:42 +0900
|
|
||||||
Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Signed-off-by: Jan Staněk <jstanek@redhat.com>
|
|
||||||
Fixes: CVE-2024-28182
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 7 ++++++-
|
|
||||||
deps/nghttp2/lib/nghttp2_helper.c | 2 ++
|
|
||||||
deps/nghttp2/lib/nghttp2_session.c | 7 +++++++
|
|
||||||
deps/nghttp2/lib/nghttp2_session.h | 10 ++++++++++
|
|
||||||
4 files changed, 25 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
|
|
||||||
index fa22081..b394bde 100644
|
|
||||||
--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
|
|
||||||
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
|
|
||||||
@@ -440,7 +440,12 @@ typedef enum {
|
|
||||||
* exhaustion on server side to send these frames forever and does
|
|
||||||
* not read network.
|
|
||||||
*/
|
|
||||||
- NGHTTP2_ERR_FLOODED = -904
|
|
||||||
+ NGHTTP2_ERR_FLOODED = -904,
|
|
||||||
+ /**
|
|
||||||
+ * When a local endpoint receives too many CONTINUATION frames
|
|
||||||
+ * following a HEADER frame.
|
|
||||||
+ */
|
|
||||||
+ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
|
|
||||||
} nghttp2_error;
|
|
||||||
|
|
||||||
/**
|
|
||||||
diff --git a/deps/nghttp2/lib/nghttp2_helper.c b/deps/nghttp2/lib/nghttp2_helper.c
|
|
||||||
index 93dd475..b3563d9 100644
|
|
||||||
--- a/deps/nghttp2/lib/nghttp2_helper.c
|
|
||||||
+++ b/deps/nghttp2/lib/nghttp2_helper.c
|
|
||||||
@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) {
|
|
||||||
"closed";
|
|
||||||
case NGHTTP2_ERR_TOO_MANY_SETTINGS:
|
|
||||||
return "SETTINGS frame contained more than the maximum allowed entries";
|
|
||||||
+ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
|
|
||||||
+ return "Too many CONTINUATION frames following a HEADER frame";
|
|
||||||
default:
|
|
||||||
return "Unknown error code";
|
|
||||||
}
|
|
||||||
diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
|
|
||||||
index ec5024d..8e4d2e7 100644
|
|
||||||
--- a/deps/nghttp2/lib/nghttp2_session.c
|
|
||||||
+++ b/deps/nghttp2/lib/nghttp2_session.c
|
|
||||||
@@ -496,6 +496,7 @@ static int session_new(nghttp2_session **session_ptr,
|
|
||||||
(*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
|
|
||||||
(*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
|
|
||||||
(*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
|
|
||||||
+ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
|
|
||||||
|
|
||||||
if (option) {
|
|
||||||
if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
|
|
||||||
@@ -6778,6 +6779,8 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
session_inbound_frame_reset(session);
|
|
||||||
+
|
|
||||||
+ session->num_continuations = 0;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
@@ -6899,6 +6902,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
|
|
||||||
}
|
|
||||||
#endif /* DEBUGBUILD */
|
|
||||||
|
|
||||||
+ if (++session->num_continuations > session->max_continuations) {
|
|
||||||
+ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
readlen = inbound_frame_buf_read(iframe, in, last);
|
|
||||||
in += readlen;
|
|
||||||
|
|
||||||
diff --git a/deps/nghttp2/lib/nghttp2_session.h b/deps/nghttp2/lib/nghttp2_session.h
|
|
||||||
index b119329..ef8f7b2 100644
|
|
||||||
--- a/deps/nghttp2/lib/nghttp2_session.h
|
|
||||||
+++ b/deps/nghttp2/lib/nghttp2_session.h
|
|
||||||
@@ -110,6 +110,10 @@ typedef struct {
|
|
||||||
#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
|
|
||||||
#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
|
|
||||||
|
|
||||||
+/* The default max number of CONTINUATION frames following an incoming
|
|
||||||
+ HEADER frame. */
|
|
||||||
+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
|
|
||||||
+
|
|
||||||
/* Internal state when receiving incoming frame */
|
|
||||||
typedef enum {
|
|
||||||
/* Receiving frame header */
|
|
||||||
@@ -290,6 +294,12 @@ struct nghttp2_session {
|
|
||||||
size_t max_send_header_block_length;
|
|
||||||
/* The maximum number of settings accepted per SETTINGS frame. */
|
|
||||||
size_t max_settings;
|
|
||||||
+ /* The maximum number of CONTINUATION frames following an incoming
|
|
||||||
+ HEADER frame. */
|
|
||||||
+ size_t max_continuations;
|
|
||||||
+ /* The number of CONTINUATION frames following an incoming HEADER
|
|
||||||
+ frame. This variable is reset when END_HEADERS flag is seen. */
|
|
||||||
+ size_t num_continuations;
|
|
||||||
/* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
|
|
||||||
uint32_t next_stream_id;
|
|
||||||
/* The last stream ID this session initiated. For client session,
|
|
||||||
--
|
|
||||||
2.44.0
|
|
||||||
|
|
@ -1,94 +0,0 @@
|
|||||||
From 625b03149d2ec68cdbcfe3f2801d6f0420d917cb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
|
|
||||||
Date: Sat, 9 Mar 2024 16:48:10 +0900
|
|
||||||
Subject: [PATCH] Add nghttp2_option_set_max_continuations
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Signed-off-by: Jan Staněk <jstanek@redhat.com>
|
|
||||||
Related: CVE-2024-28182
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
|
|
||||||
deps/nghttp2/lib/nghttp2_option.c | 5 +++++
|
|
||||||
deps/nghttp2/lib/nghttp2_option.h | 5 +++++
|
|
||||||
deps/nghttp2/lib/nghttp2_session.c | 4 ++++
|
|
||||||
4 files changed, 25 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
|
|
||||||
index b394bde..4d3339b 100644
|
|
||||||
--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
|
|
||||||
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
|
|
||||||
@@ -2778,6 +2778,17 @@ NGHTTP2_EXTERN void
|
|
||||||
nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
|
|
||||||
uint64_t burst, uint64_t rate);
|
|
||||||
|
|
||||||
+/**
|
|
||||||
+ * @function
|
|
||||||
+ *
|
|
||||||
+ * This function sets the maximum number of CONTINUATION frames
|
|
||||||
+ * following an incoming HEADER frame. If more than those frames are
|
|
||||||
+ * received, the remote endpoint is considered to be misbehaving and
|
|
||||||
+ * session will be closed. The default value is 8.
|
|
||||||
+ */
|
|
||||||
+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
|
|
||||||
+ size_t val);
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* @function
|
|
||||||
*
|
|
||||||
diff --git a/deps/nghttp2/lib/nghttp2_option.c b/deps/nghttp2/lib/nghttp2_option.c
|
|
||||||
index 43d4e95..53144b9 100644
|
|
||||||
--- a/deps/nghttp2/lib/nghttp2_option.c
|
|
||||||
+++ b/deps/nghttp2/lib/nghttp2_option.c
|
|
||||||
@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
|
|
||||||
option->stream_reset_burst = burst;
|
|
||||||
option->stream_reset_rate = rate;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
|
|
||||||
+ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
|
|
||||||
+ option->max_continuations = val;
|
|
||||||
+}
|
|
||||||
diff --git a/deps/nghttp2/lib/nghttp2_option.h b/deps/nghttp2/lib/nghttp2_option.h
|
|
||||||
index 2259e18..c89cb97 100644
|
|
||||||
--- a/deps/nghttp2/lib/nghttp2_option.h
|
|
||||||
+++ b/deps/nghttp2/lib/nghttp2_option.h
|
|
||||||
@@ -71,6 +71,7 @@ typedef enum {
|
|
||||||
NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
|
|
||||||
NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
|
|
||||||
NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
|
|
||||||
+ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
|
|
||||||
} nghttp2_option_flag;
|
|
||||||
|
|
||||||
/**
|
|
||||||
@@ -98,6 +99,10 @@ struct nghttp2_option {
|
|
||||||
* NGHTTP2_OPT_MAX_SETTINGS
|
|
||||||
*/
|
|
||||||
size_t max_settings;
|
|
||||||
+ /**
|
|
||||||
+ * NGHTTP2_OPT_MAX_CONTINUATIONS
|
|
||||||
+ */
|
|
||||||
+ size_t max_continuations;
|
|
||||||
/**
|
|
||||||
* Bitwise OR of nghttp2_option_flag to determine that which fields
|
|
||||||
* are specified.
|
|
||||||
diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
|
|
||||||
index 8e4d2e7..ced7517 100644
|
|
||||||
--- a/deps/nghttp2/lib/nghttp2_session.c
|
|
||||||
+++ b/deps/nghttp2/lib/nghttp2_session.c
|
|
||||||
@@ -585,6 +585,10 @@ static int session_new(nghttp2_session **session_ptr,
|
|
||||||
option->stream_reset_burst,
|
|
||||||
option->stream_reset_rate);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
|
|
||||||
+ (*session_ptr)->max_continuations = option->max_continuations;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
|
|
||||||
--
|
|
||||||
2.44.0
|
|
||||||
|
|
File diff suppressed because one or more lines are too long
@ -1,39 +0,0 @@
|
|||||||
From ec80a9196e2aedfd617d05964725f113000a41ea Mon Sep 17 00:00:00 2001
|
|
||||||
From: Brad House <brad@brad-house.com>
|
|
||||||
Date: Thu, 22 Feb 2024 16:23:33 -0500
|
|
||||||
Subject: [PATCH] Address CVE-2024-25629
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Original commit title: Merge pull request from GHSA-mg26-v6qh-x48q
|
|
||||||
|
|
||||||
Signed-off-by: Jan Staněk <jstanek@redhat.com>
|
|
||||||
Fixes: CVE-2024-25629
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
deps/cares/src/lib/ares__read_line.c | 8 ++++++++
|
|
||||||
1 file changed, 8 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/deps/cares/src/lib/ares__read_line.c b/deps/cares/src/lib/ares__read_line.c
|
|
||||||
index c62ad2a..16627e4 100644
|
|
||||||
--- a/deps/cares/src/lib/ares__read_line.c
|
|
||||||
+++ b/deps/cares/src/lib/ares__read_line.c
|
|
||||||
@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
|
|
||||||
if (!fgets(*buf + offset, bytestoread, fp))
|
|
||||||
return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
|
|
||||||
len = offset + strlen(*buf + offset);
|
|
||||||
+
|
|
||||||
+ /* Probably means there was an embedded NULL as the first character in
|
|
||||||
+ * the line, throw away line */
|
|
||||||
+ if (len == 0) {
|
|
||||||
+ offset = 0;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if ((*buf)[len - 1] == '\n')
|
|
||||||
{
|
|
||||||
(*buf)[len - 1] = 0;
|
|
||||||
--
|
|
||||||
2.44.0
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
31
SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
Normal file
31
SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From 2cd4c12776af3da588231d3eb498e6451c30eae5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zuzana Svetlikova <zsvetlik@redhat.com>
|
||||||
|
Date: Thu, 27 Apr 2017 14:25:42 +0200
|
||||||
|
Subject: [PATCH] Disable running gyp on shared deps
|
||||||
|
|
||||||
|
Signed-off-by: rpm-build <rpm-build>
|
||||||
|
---
|
||||||
|
Makefile | 7 +++----
|
||||||
|
1 file changed, 3 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Makefile b/Makefile
|
||||||
|
index 73feb4c..45bbceb 100644
|
||||||
|
--- a/Makefile
|
||||||
|
+++ b/Makefile
|
||||||
|
@@ -123,10 +123,9 @@ with-code-cache:
|
||||||
|
test-code-cache: with-code-cache
|
||||||
|
$(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache
|
||||||
|
|
||||||
|
-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \
|
||||||
|
- deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \
|
||||||
|
- deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \
|
||||||
|
- config.gypi
|
||||||
|
+out/Makefile: common.gypi deps/http_parser/http_parser.gyp \
|
||||||
|
+ deps/v8/gypfiles/toolchain.gypi deps/v8/gypfiles/features.gypi \
|
||||||
|
+ deps/v8/gypfiles/v8.gyp node.gyp config.gypi
|
||||||
|
$(PYTHON) tools/gyp_node.py -f make
|
||||||
|
|
||||||
|
config.gypi: configure configure.py
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
84
SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch
Normal file
84
SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
From e7afb2d6e2a6c8f9c9c32e12a10c3c5c4902a251 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Tue, 1 May 2018 08:05:30 -0400
|
||||||
|
Subject: [PATCH] Suppress NPM message to run global update
|
||||||
|
|
||||||
|
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Signed-off-by: rpm-build <rpm-build>
|
||||||
|
---
|
||||||
|
deps/npm/bin/npm-cli.js | 54 -----------------------------------------
|
||||||
|
1 file changed, 54 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js
|
||||||
|
index c0d9be0..0f0892e 100755
|
||||||
|
--- a/deps/npm/bin/npm-cli.js
|
||||||
|
+++ b/deps/npm/bin/npm-cli.js
|
||||||
|
@@ -71,65 +71,11 @@
|
||||||
|
npm.command = 'help'
|
||||||
|
}
|
||||||
|
|
||||||
|
- var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')
|
||||||
|
-
|
||||||
|
// now actually fire up npm and run the command.
|
||||||
|
// this is how to use npm programmatically:
|
||||||
|
conf._exit = true
|
||||||
|
npm.load(conf, function (er) {
|
||||||
|
if (er) return errorHandler(er)
|
||||||
|
- if (
|
||||||
|
- !isGlobalNpmUpdate &&
|
||||||
|
- npm.config.get('update-notifier') &&
|
||||||
|
- !unsupported.checkVersion(process.version).unsupported
|
||||||
|
- ) {
|
||||||
|
- const pkg = require('../package.json')
|
||||||
|
- let notifier = require('update-notifier')({pkg})
|
||||||
|
- const isCI = require('ci-info').isCI
|
||||||
|
- if (
|
||||||
|
- notifier.update &&
|
||||||
|
- notifier.update.latest !== pkg.version &&
|
||||||
|
- !isCI
|
||||||
|
- ) {
|
||||||
|
- const color = require('ansicolors')
|
||||||
|
- const useColor = npm.config.get('color')
|
||||||
|
- const useUnicode = npm.config.get('unicode')
|
||||||
|
- const old = notifier.update.current
|
||||||
|
- const latest = notifier.update.latest
|
||||||
|
- let type = notifier.update.type
|
||||||
|
- if (useColor) {
|
||||||
|
- switch (type) {
|
||||||
|
- case 'major':
|
||||||
|
- type = color.red(type)
|
||||||
|
- break
|
||||||
|
- case 'minor':
|
||||||
|
- type = color.yellow(type)
|
||||||
|
- break
|
||||||
|
- case 'patch':
|
||||||
|
- type = color.green(type)
|
||||||
|
- break
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- const changelog = `https://github.com/npm/cli/releases/tag/v${latest}`
|
||||||
|
- notifier.notify({
|
||||||
|
- message: `New ${type} version of ${pkg.name} available! ${
|
||||||
|
- useColor ? color.red(old) : old
|
||||||
|
- } ${useUnicode ? '→' : '->'} ${
|
||||||
|
- useColor ? color.green(latest) : latest
|
||||||
|
- }\n` +
|
||||||
|
- `${
|
||||||
|
- useColor ? color.yellow('Changelog:') : 'Changelog:'
|
||||||
|
- } ${
|
||||||
|
- useColor ? color.cyan(changelog) : changelog
|
||||||
|
- }\n` +
|
||||||
|
- `Run ${
|
||||||
|
- useColor
|
||||||
|
- ? color.green(`npm install -g ${pkg.name}`)
|
||||||
|
- : `npm i -g ${pkg.name}`
|
||||||
|
- } to update!`
|
||||||
|
- })
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
npm.commands[npm.command](npm.argv, function (err) {
|
||||||
|
// https://genius.com/Lin-manuel-miranda-your-obedient-servant-lyrics
|
||||||
|
if (
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,122 @@
|
|||||||
|
From 0028cc74dac4dd24b8599ade85cb49fdafa9f559 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Fri, 6 Dec 2019 16:40:25 -0500
|
||||||
|
Subject: [PATCH] build: auto-load ICU data from --with-icu-default-data-dir
|
||||||
|
|
||||||
|
When compiled with `--with-intl=small` and
|
||||||
|
`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
|
||||||
|
fallback location for the ICU data.
|
||||||
|
|
||||||
|
We will first perform an access check using fopen(PATH, 'r') to
|
||||||
|
ensure that the file is readable. If it is, we'll set the
|
||||||
|
icu_data_directory and proceed. There's a slight overhead for the
|
||||||
|
fopen() check, but it should be barely measurable.
|
||||||
|
|
||||||
|
This will be useful for Linux distribution packagers who want to
|
||||||
|
be able to ship a minimal node binary in a container image but
|
||||||
|
also be able to add on the full i18n support where needed. With
|
||||||
|
this patch, it becomes possible to ship the interpreter as
|
||||||
|
/usr/bin/node in one package for the distribution and to ship the
|
||||||
|
data files in another package (without a strict dependency
|
||||||
|
between the two). This means that users of the distribution will
|
||||||
|
not need to explicitly direct Node.js to locate the ICU data. It
|
||||||
|
also means that in environments where full internationalization is
|
||||||
|
not required, they do not need to carry the extra content (with
|
||||||
|
the associated storage costs).
|
||||||
|
|
||||||
|
Refs: https://github.com/nodejs/node/issues/3460
|
||||||
|
|
||||||
|
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Signed-off-by: rpm-build <rpm-build>
|
||||||
|
---
|
||||||
|
configure.py | 9 +++++++++
|
||||||
|
node.gypi | 7 +++++++
|
||||||
|
src/node.cc | 20 ++++++++++++++++++++
|
||||||
|
3 files changed, 36 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/configure.py b/configure.py
|
||||||
|
index 89f7bf5..d611a88 100755
|
||||||
|
--- a/configure.py
|
||||||
|
+++ b/configure.py
|
||||||
|
@@ -433,6 +433,14 @@ intl_optgroup.add_option('--with-icu-source',
|
||||||
|
'the icu4c source archive. '
|
||||||
|
'v%d.x or later recommended.' % icu_versions['minimum_icu'])
|
||||||
|
|
||||||
|
+intl_optgroup.add_option('--with-icu-default-data-dir',
|
||||||
|
+ action='store',
|
||||||
|
+ dest='with_icu_default_data_dir',
|
||||||
|
+ help='Path to the icuXXdt{lb}.dat file. If unspecified, ICU data will '
|
||||||
|
+ 'only be read if the NODE_ICU_DATA environment variable or the '
|
||||||
|
+ '--icu-data-dir runtime argument is used. This option has effect '
|
||||||
|
+ 'only when Node.js is built with --with-intl=small-icu.')
|
||||||
|
+
|
||||||
|
parser.add_option('--with-ltcg',
|
||||||
|
action='store_true',
|
||||||
|
dest='with_ltcg',
|
||||||
|
@@ -1359,6 +1367,7 @@ def configure_intl(o):
|
||||||
|
locs.add('root') # must have root
|
||||||
|
o['variables']['icu_locales'] = string.join(locs,',')
|
||||||
|
# We will check a bit later if we can use the canned deps/icu-small
|
||||||
|
+ o['variables']['icu_default_data'] = options.with_icu_default_data_dir or ''
|
||||||
|
elif with_intl == 'full-icu':
|
||||||
|
# full ICU
|
||||||
|
o['variables']['v8_enable_i18n_support'] = 1
|
||||||
|
diff --git a/node.gypi b/node.gypi
|
||||||
|
index 466a174..65b97d6 100644
|
||||||
|
--- a/node.gypi
|
||||||
|
+++ b/node.gypi
|
||||||
|
@@ -113,6 +113,13 @@
|
||||||
|
'conditions': [
|
||||||
|
[ 'icu_small=="true"', {
|
||||||
|
'defines': [ 'NODE_HAVE_SMALL_ICU=1' ],
|
||||||
|
+ 'conditions': [
|
||||||
|
+ [ 'icu_default_data!=""', {
|
||||||
|
+ 'defines': [
|
||||||
|
+ 'NODE_ICU_DEFAULT_DATA_DIR="<(icu_default_data)"',
|
||||||
|
+ ],
|
||||||
|
+ }],
|
||||||
|
+ ],
|
||||||
|
}]],
|
||||||
|
}],
|
||||||
|
[ 'node_use_bundled_v8=="true" and \
|
||||||
|
diff --git a/src/node.cc b/src/node.cc
|
||||||
|
index 7c01187..c9840e3 100644
|
||||||
|
--- a/src/node.cc
|
||||||
|
+++ b/src/node.cc
|
||||||
|
@@ -92,6 +92,7 @@
|
||||||
|
|
||||||
|
#if defined(NODE_HAVE_I18N_SUPPORT)
|
||||||
|
#include <unicode/uvernum.h>
|
||||||
|
+#include <unicode/utypes.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(LEAK_SANITIZER)
|
||||||
|
@@ -2643,6 +2644,25 @@ void Init(std::vector<std::string>* argv,
|
||||||
|
// If the parameter isn't given, use the env variable.
|
||||||
|
if (per_process_opts->icu_data_dir.empty())
|
||||||
|
SafeGetenv("NODE_ICU_DATA", &per_process_opts->icu_data_dir);
|
||||||
|
+
|
||||||
|
+#ifdef NODE_ICU_DEFAULT_DATA_DIR
|
||||||
|
+ // If neither the CLI option nor the environment variable was specified,
|
||||||
|
+ // fall back to the configured default
|
||||||
|
+ if (per_process_opts->icu_data_dir.empty()) {
|
||||||
|
+ // Check whether the NODE_ICU_DEFAULT_DATA_DIR contains the right data
|
||||||
|
+ // file and can be read.
|
||||||
|
+ static const char full_path[] =
|
||||||
|
+ NODE_ICU_DEFAULT_DATA_DIR "/" U_ICUDATA_NAME ".dat";
|
||||||
|
+
|
||||||
|
+ FILE* f = fopen(full_path, "rb");
|
||||||
|
+
|
||||||
|
+ if (f != nullptr) {
|
||||||
|
+ fclose(f);
|
||||||
|
+ per_process_opts->icu_data_dir = NODE_ICU_DEFAULT_DATA_DIR;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif // NODE_ICU_DEFAULT_DATA_DIR
|
||||||
|
+
|
||||||
|
// Initialize ICU.
|
||||||
|
// If icu_data_dir is empty here, it will load the 'minimal' data.
|
||||||
|
if (!i18n::InitializeICUDirectory(per_process_opts->icu_data_dir)) {
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
|
||||||
|
index d720681628..727362aac0 100644
|
||||||
|
--- a/deps/npm/node_modules/y18n/index.js
|
||||||
|
+++ b/deps/npm/node_modules/y18n/index.js
|
||||||
|
@@ -11,7 +11,7 @@ function Y18N (opts) {
|
||||||
|
this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
|
||||||
|
|
||||||
|
// internal stuff.
|
||||||
|
- this.cache = {}
|
||||||
|
+ this.cache = Object.create(null)
|
||||||
|
this.writeQueue = []
|
||||||
|
}
|
||||||
|
|
@ -128,7 +128,7 @@ echo "$ICUMD5 $ICUTARBALL" > icu.md5
|
|||||||
md5sum -c icu.md5
|
md5sum -c icu.md5
|
||||||
rm -f icu.md5 SHASUMS256.txt
|
rm -f icu.md5 SHASUMS256.txt
|
||||||
|
|
||||||
#fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
|
rhpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
|
||||||
|
|
||||||
rm -f node-v${version}.tar.gz
|
rm -f node-v${version}.tar.gz
|
||||||
|
|
||||||
@ -155,11 +155,11 @@ grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_versio
|
|||||||
grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
|
grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
|
||||||
grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
|
grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
|
||||||
echo
|
echo
|
||||||
echo "llhttp"
|
echo "http-parser"
|
||||||
echo "========================="
|
echo "========================="
|
||||||
grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
|
grep "define HTTP_PARSER_VERSION_MAJOR" node-v${version}/deps/http_parser/http_parser.h
|
||||||
grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
|
grep "define HTTP_PARSER_VERSION_MINOR" node-v${version}/deps/http_parser/http_parser.h
|
||||||
grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
|
grep "define HTTP_PARSER_VERSION_PATCH" node-v${version}/deps/http_parser/http_parser.h
|
||||||
echo
|
echo
|
||||||
echo "libuv"
|
echo "libuv"
|
||||||
echo "========================="
|
echo "========================="
|
||||||
@ -171,14 +171,6 @@ echo "nghttp2"
|
|||||||
echo "========================="
|
echo "========================="
|
||||||
grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
|
grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
|
||||||
echo
|
echo
|
||||||
echo "nghttp3"
|
|
||||||
echo "========================="
|
|
||||||
grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
|
|
||||||
echo
|
|
||||||
echo "ngtcp2"
|
|
||||||
echo "========================="
|
|
||||||
grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
|
|
||||||
echo
|
|
||||||
echo "ICU"
|
echo "ICU"
|
||||||
echo "========================="
|
echo "========================="
|
||||||
grep "url" node-v${version}/tools/icu/current_ver.dep
|
grep "url" node-v${version}/tools/icu/current_ver.dep
|
||||||
@ -187,12 +179,6 @@ echo "punycode"
|
|||||||
echo "========================="
|
echo "========================="
|
||||||
grep "'version'" node-v${version}/lib/punycode.js
|
grep "'version'" node-v${version}/lib/punycode.js
|
||||||
echo
|
echo
|
||||||
echo "uvwasi"
|
|
||||||
echo "========================="
|
|
||||||
grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
|
|
||||||
grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
|
|
||||||
grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
|
|
||||||
echo
|
|
||||||
echo "npm"
|
echo "npm"
|
||||||
echo "========================="
|
echo "========================="
|
||||||
grep "\"version\":" node-v${version}/deps/npm/package.json
|
grep "\"version\":" node-v${version}/deps/npm/package.json
|
1
SOURCES/npmrc
Normal file
1
SOURCES/npmrc
Normal file
@ -0,0 +1 @@
|
|||||||
|
prefix=/usr/local
|
894
SPECS/nodejs.spec
Normal file
894
SPECS/nodejs.spec
Normal file
@ -0,0 +1,894 @@
|
|||||||
|
%global with_debug 0
|
||||||
|
|
||||||
|
# PowerPC, s390x and aarch64 segfault during Debug builds
|
||||||
|
# https://github.com/nodejs/node/issues/20642
|
||||||
|
%ifarch %{power64} s390x aarch64
|
||||||
|
%global with_debug 0
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# bundle dependencies that are not available as Fedora modules
|
||||||
|
%bcond_with bootstrap
|
||||||
|
|
||||||
|
# == Master Relase ==
|
||||||
|
# This is used by both the nodejs package and the npm subpackage that
|
||||||
|
# has a separate version - the name is special so that rpmdev-bumpspec
|
||||||
|
# will bump this rather than adding .1 to the end.
|
||||||
|
%global baserelease 1
|
||||||
|
|
||||||
|
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
||||||
|
|
||||||
|
# == Node.js Version ==
|
||||||
|
# Note: Fedora should only ship LTS versions of Node.js (currently expected
|
||||||
|
# to be major versions with even numbers). The odd-numbered versions are new
|
||||||
|
# feature releases that are only supported for nine months, which is shorter
|
||||||
|
# than a Fedora release lifecycle.
|
||||||
|
%global nodejs_epoch 1
|
||||||
|
%global nodejs_major 10
|
||||||
|
%global nodejs_minor 24
|
||||||
|
%global nodejs_patch 0
|
||||||
|
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
|
||||||
|
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
|
||||||
|
%global nodejs_soversion 64
|
||||||
|
%global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
|
||||||
|
%global nodejs_release %{baserelease}
|
||||||
|
|
||||||
|
%global nodejs_datadir %{_datarootdir}/nodejs
|
||||||
|
|
||||||
|
# == Bundled Dependency Versions ==
|
||||||
|
# v8 - from deps/v8/include/v8-version.h
|
||||||
|
# Epoch is set to ensure clean upgrades from the old v8 package
|
||||||
|
%global v8_epoch 1
|
||||||
|
%global v8_major 6
|
||||||
|
%global v8_minor 8
|
||||||
|
%global v8_build 275
|
||||||
|
%global v8_patch 32
|
||||||
|
# V8 presently breaks ABI at least every x.y release while never bumping SONAME
|
||||||
|
%global v8_abi %{v8_major}.%{v8_minor}
|
||||||
|
%global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
|
||||||
|
%global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
|
||||||
|
|
||||||
|
# c-ares - from deps/cares/include/ares_version.h
|
||||||
|
# https://github.com/nodejs/node/pull/9332
|
||||||
|
%global c_ares_major 1
|
||||||
|
%global c_ares_minor 15
|
||||||
|
%global c_ares_patch 0
|
||||||
|
%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
|
||||||
|
|
||||||
|
# http-parser - from deps/http_parser/http_parser.h
|
||||||
|
%global http_parser_major 2
|
||||||
|
%global http_parser_minor 9
|
||||||
|
%global http_parser_patch 4
|
||||||
|
%global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}
|
||||||
|
|
||||||
|
# libuv - from deps/uv/include/uv/version.h
|
||||||
|
%global libuv_major 1
|
||||||
|
%global libuv_minor 34
|
||||||
|
%global libuv_patch 2
|
||||||
|
%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
|
||||||
|
|
||||||
|
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
|
||||||
|
%global nghttp2_major 1
|
||||||
|
%global nghttp2_minor 41
|
||||||
|
%global nghttp2_patch 0
|
||||||
|
%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
|
||||||
|
|
||||||
|
# ICU - from tools/icu/current_ver.dep
|
||||||
|
%global icu_major 64
|
||||||
|
%global icu_minor 2
|
||||||
|
%global icu_version %{icu_major}.%{icu_minor}
|
||||||
|
|
||||||
|
%global icudatadir %{nodejs_datadir}/icudata
|
||||||
|
%{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
|
||||||
|
# " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
|
||||||
|
|
||||||
|
|
||||||
|
# punycode - from lib/punycode.js
|
||||||
|
# Note: this was merged into the mainline since 0.6.x
|
||||||
|
# Note: this will be unmerged in an upcoming major release
|
||||||
|
%global punycode_major 2
|
||||||
|
%global punycode_minor 1
|
||||||
|
%global punycode_patch 0
|
||||||
|
%global punycode_version %{punycode_major}.%{punycode_minor}.%{punycode_patch}
|
||||||
|
|
||||||
|
# npm - from deps/npm/package.json
|
||||||
|
%global npm_epoch 1
|
||||||
|
%global npm_major 6
|
||||||
|
%global npm_minor 14
|
||||||
|
%global npm_patch 11
|
||||||
|
%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
|
||||||
|
|
||||||
|
# In order to avoid needing to keep incrementing the release version for the
|
||||||
|
# main package forever, we will just construct one for npm that is guaranteed
|
||||||
|
# to increment safely. Changing this can only be done during an update when the
|
||||||
|
# base npm version number is increasing.
|
||||||
|
%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
|
||||||
|
|
||||||
|
# brotli - from deps/brotli/c/common/version.h
|
||||||
|
# v10.x doesn't have --shared-brotli configure option, so we have to bundle it
|
||||||
|
%global brotli_major 1
|
||||||
|
%global brotli_minor 0
|
||||||
|
%global brotli_patch 7
|
||||||
|
%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}
|
||||||
|
|
||||||
|
Name: nodejs
|
||||||
|
Epoch: %{nodejs_epoch}
|
||||||
|
Version: %{nodejs_version}
|
||||||
|
Release: %{nodejs_release}%{?dist}
|
||||||
|
Summary: JavaScript runtime
|
||||||
|
License: MIT and ASL 2.0 and ISC and BSD
|
||||||
|
Group: Development/Languages
|
||||||
|
URL: http://nodejs.org/
|
||||||
|
|
||||||
|
ExclusiveArch: %{nodejs_arches}
|
||||||
|
|
||||||
|
# nodejs bundles openssl, but we use the system version in Fedora
|
||||||
|
# because openssl contains prohibited code, we remove openssl completely from
|
||||||
|
# the tarball, using the script in Source100
|
||||||
|
Source0: node-v%{nodejs_version}-stripped.tar.gz
|
||||||
|
Source1: npmrc
|
||||||
|
Source2: btest402.js
|
||||||
|
Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz
|
||||||
|
Source100: %{name}-tarball.sh
|
||||||
|
|
||||||
|
# The native module Requires generator remains in the nodejs SRPM, so it knows
|
||||||
|
# the nodejs and v8 versions. The remainder has migrated to the
|
||||||
|
# nodejs-packaging SRPM.
|
||||||
|
Source7: nodejs_native.attr
|
||||||
|
|
||||||
|
# Disable running gyp on bundled deps we don't use
|
||||||
|
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
||||||
|
|
||||||
|
# Suppress the message from npm to run `npm -g update npm`
|
||||||
|
# This does bad things on an RPM-managed npm.
|
||||||
|
Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch
|
||||||
|
|
||||||
|
# Upstream patch to enable auto-detection of full ICU data
|
||||||
|
# https://github.com/nodejs/node/pull/30825
|
||||||
|
Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
|
||||||
|
|
||||||
|
# CVE-2020-7774
|
||||||
|
Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
|
||||||
|
|
||||||
|
BuildRequires: make
|
||||||
|
BuildRequires: python2-devel
|
||||||
|
BuildRequires: python3-devel
|
||||||
|
BuildRequires: zlib-devel
|
||||||
|
BuildRequires: gcc >= 6.3.0
|
||||||
|
BuildRequires: gcc-c++ >= 6.3.0
|
||||||
|
# needed to generate bundled provides for npm dependencies
|
||||||
|
# https://src.fedoraproject.org/rpms/nodejs/pull-request/2
|
||||||
|
# https://pagure.io/nodejs-packaging/pull-request/10
|
||||||
|
BuildRequires: nodejs-packaging
|
||||||
|
BuildRequires: chrpath
|
||||||
|
BuildRequires: libatomic
|
||||||
|
|
||||||
|
%if %{with bootstrap}
|
||||||
|
Provides: bundled(http-parser) = %{http_parser_version}
|
||||||
|
Provides: bundled(libuv) = %{libuv_version}
|
||||||
|
Provides: bundled(nghttp2) = %{nghttp2_version}
|
||||||
|
%else
|
||||||
|
BuildRequires: systemtap-sdt-devel
|
||||||
|
BuildRequires: libuv-devel >= 1:%{libuv_version}
|
||||||
|
Requires: libuv >= 1:%{libuv_version}
|
||||||
|
BuildRequires: libnghttp2-devel >= %{nghttp2_version}
|
||||||
|
Requires: libnghttp2 >= %{nghttp2_version}
|
||||||
|
BuildRequires: http-parser-devel >= %{http_parser_version}
|
||||||
|
Requires: http-parser >= %{http_parser_version}
|
||||||
|
|
||||||
|
%endif
|
||||||
|
|
||||||
|
BuildRequires: openssl-devel
|
||||||
|
|
||||||
|
# we need the system certificate store
|
||||||
|
Requires: ca-certificates
|
||||||
|
|
||||||
|
# Pull in the full-icu data by default
|
||||||
|
Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
|
||||||
|
|
||||||
|
# we need ABI virtual provides where SONAMEs aren't enough/not present so deps
|
||||||
|
# break when binary compatibility is broken
|
||||||
|
Provides: nodejs(abi) = %{nodejs_abi}
|
||||||
|
Provides: nodejs(abi%{nodejs_major}) = %{nodejs_abi}
|
||||||
|
Provides: nodejs(v8-abi) = %{v8_abi}
|
||||||
|
Provides: nodejs(v8-abi%{v8_major}) = %{v8_abi}
|
||||||
|
|
||||||
|
# this corresponds to the "engine" requirement in package.json
|
||||||
|
Provides: nodejs(engine) = %{nodejs_version}
|
||||||
|
|
||||||
|
# Node.js currently has a conflict with the 'node' package in Fedora
|
||||||
|
# The ham-radio group has agreed to rename their binary for us, but
|
||||||
|
# in the meantime, we're setting an explicit Conflicts: here
|
||||||
|
Conflicts: node <= 0.3.2-12
|
||||||
|
|
||||||
|
# The punycode module was absorbed into the standard library in v0.6.
|
||||||
|
# It still exists as a seperate package for the benefit of users of older
|
||||||
|
# versions. Since we've never shipped anything older than v0.10 in Fedora,
|
||||||
|
# we don't need the seperate nodejs-punycode package, so we Provide it here so
|
||||||
|
# dependent packages don't need to override the dependency generator.
|
||||||
|
# See also: RHBZ#11511811
|
||||||
|
# UPDATE: punycode will be deprecated and so we should unbundle it in Node v8
|
||||||
|
# and use upstream module instead
|
||||||
|
# https://github.com/nodejs/node/commit/29e49fc286080215031a81effbd59eac092fff2f
|
||||||
|
Provides: nodejs-punycode = %{punycode_version}
|
||||||
|
Provides: npm(punycode) = %{punycode_version}
|
||||||
|
|
||||||
|
# Node.js has forked c-ares from upstream in an incompatible way, so we need
|
||||||
|
# to carry the bundled version internally.
|
||||||
|
# See https://github.com/nodejs/node/commit/766d063e0578c0f7758c3a965c971763f43fec85
|
||||||
|
Provides: bundled(c-ares) = %{c_ares_version}
|
||||||
|
|
||||||
|
# Node.js is closely tied to the version of v8 that is used with it. It makes
|
||||||
|
# sense to use the bundled version because upstream consistently breaks ABI
|
||||||
|
# even in point releases. Node.js upstream has now removed the ability to build
|
||||||
|
# against a shared system version entirely.
|
||||||
|
# See https://github.com/nodejs/node/commit/d726a177ed59c37cf5306983ed00ecd858cfbbef
|
||||||
|
Provides: bundled(v8) = %{v8_version}
|
||||||
|
|
||||||
|
# Node.js is bound to a specific version of ICU which may not match the OS
|
||||||
|
# We cannot pin the OS to this version of ICU because every update includes
|
||||||
|
# an ABI-break, so we'll use the bundled copy.
|
||||||
|
Provides: bundled(icu) = %{icu_version}
|
||||||
|
|
||||||
|
# Make sure we keep NPM up to date when we update Node.js
|
||||||
|
%if 0%{?rhel}
|
||||||
|
# EPEL doesn't support Recommends, so make it strict
|
||||||
|
Requires: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
|
||||||
|
%else
|
||||||
|
Recommends: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Provide bundled brotli until we can build it with system package
|
||||||
|
Provides: bundled(brotli) = %{brotli_version}
|
||||||
|
|
||||||
|
%description
|
||||||
|
Node.js is a platform built on Chrome's JavaScript runtime
|
||||||
|
for easily building fast, scalable network applications.
|
||||||
|
Node.js uses an event-driven, non-blocking I/O model that
|
||||||
|
makes it lightweight and efficient, perfect for data-intensive
|
||||||
|
real-time applications that run across distributed devices.
|
||||||
|
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: JavaScript runtime - development headers
|
||||||
|
Group: Development/Languages
|
||||||
|
Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
||||||
|
Requires: openssl-devel%{?_isa}
|
||||||
|
Requires: zlib-devel%{?_isa}
|
||||||
|
Requires: nodejs-packaging
|
||||||
|
|
||||||
|
%if %{with bootstrap}
|
||||||
|
# deps are bundled
|
||||||
|
%else
|
||||||
|
Requires: http-parser-devel%{?_isa}
|
||||||
|
Requires: libuv-devel%{?_isa}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
Development headers for the Node.js JavaScript runtime.
|
||||||
|
|
||||||
|
|
||||||
|
%package full-i18n
|
||||||
|
Summary: Non-English locale data for Node.js
|
||||||
|
Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
||||||
|
|
||||||
|
%description full-i18n
|
||||||
|
Optional data files to provide full-icu support for Node.js. Remove this
|
||||||
|
package to save space if non-English locales are not needed.
|
||||||
|
|
||||||
|
|
||||||
|
%package -n npm
|
||||||
|
Summary: Node.js Package Manager
|
||||||
|
Epoch: %{npm_epoch}
|
||||||
|
Version: %{npm_version}
|
||||||
|
Release: %{npm_release}%{?dist}
|
||||||
|
|
||||||
|
# We used to ship npm separately, but it is so tightly integrated with Node.js
|
||||||
|
# (and expected to be present on all Node.js systems) that we ship it bundled
|
||||||
|
# now.
|
||||||
|
Obsoletes: npm < 0:3.5.4-6
|
||||||
|
Provides: npm = %{npm_epoch}:%{npm_version}
|
||||||
|
Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
||||||
|
|
||||||
|
# Do not add epoch to the virtual NPM provides or it will break
|
||||||
|
# the automatic dependency-generation script.
|
||||||
|
Provides: npm(npm) = %{npm_version}
|
||||||
|
|
||||||
|
%description -n npm
|
||||||
|
npm is a package manager for node.js. You can use it to install and publish
|
||||||
|
your node programs. It manages dependencies and does other cool stuff.
|
||||||
|
|
||||||
|
|
||||||
|
%package docs
|
||||||
|
Summary: Node.js API documentation
|
||||||
|
Group: Documentation
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
# We don't require that the main package be installed to
|
||||||
|
# use the docs, but if it is installed, make sure the
|
||||||
|
# version always matches
|
||||||
|
Conflicts: %{name} > %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
||||||
|
Conflicts: %{name} < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
||||||
|
|
||||||
|
%description docs
|
||||||
|
The API documentation for the Node.js JavaScript runtime.
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p1 -n node-v%{nodejs_version}
|
||||||
|
|
||||||
|
# remove bundled dependencies that we aren't building
|
||||||
|
rm -rf deps/zlib
|
||||||
|
|
||||||
|
# Replace any instances of unversioned python' with python2
|
||||||
|
pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js")
|
||||||
|
find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python2~" {} \;
|
||||||
|
find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python2~" {} \;
|
||||||
|
sed -i "s~python~python2~" $(find . -type f | grep "gyp$")
|
||||||
|
sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py
|
||||||
|
sed -i "s~usr\/bin\/python.*$~usr\/bin\/python2~" ./deps/v8/tools/mb/mb_unittest.py
|
||||||
|
find . -type f -exec sed -i "s~python -c~python2 -c~" {} \;
|
||||||
|
sed -i "s~which('python')~which('python2')~" configure
|
||||||
|
|
||||||
|
%build
|
||||||
|
|
||||||
|
%ifarch s390 s390x %{arm} %ix86
|
||||||
|
# Decrease debuginfo verbosity to reduce memory consumption during final
|
||||||
|
# library linking
|
||||||
|
%global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
|
||||||
|
%endif
|
||||||
|
|
||||||
|
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
|
||||||
|
export CC='%{__cc}'
|
||||||
|
export CXX='%{__cxx}'
|
||||||
|
|
||||||
|
# build with debugging symbols and add defines from libuv (#892601)
|
||||||
|
# Node's v8 breaks with GCC 6 because of incorrect usage of methods on
|
||||||
|
# NULL objects. We need to pass -fno-delete-null-pointer-checks
|
||||||
|
export CFLAGS='%{optflags} \
|
||||||
|
-D_LARGEFILE_SOURCE \
|
||||||
|
-D_FILE_OFFSET_BITS=64 \
|
||||||
|
-DZLIB_CONST \
|
||||||
|
-fno-delete-null-pointer-checks'
|
||||||
|
export CXXFLAGS='%{optflags} \
|
||||||
|
-D_LARGEFILE_SOURCE \
|
||||||
|
-D_FILE_OFFSET_BITS=64 \
|
||||||
|
-DZLIB_CONST \
|
||||||
|
-fno-delete-null-pointer-checks'
|
||||||
|
|
||||||
|
# Explicit new lines in C(XX)FLAGS can break naive build scripts
|
||||||
|
export CFLAGS="$(echo ${CFLAGS} | tr '\n\\' ' ')"
|
||||||
|
export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' ' ')"
|
||||||
|
|
||||||
|
export LDFLAGS="%{build_ldflags}"
|
||||||
|
|
||||||
|
%if %{with bootstrap}
|
||||||
|
./configure --prefix=%{_prefix} \
|
||||||
|
--shared-openssl \
|
||||||
|
--shared-zlib \
|
||||||
|
--without-dtrace \
|
||||||
|
--with-intl=small-icu \
|
||||||
|
--openssl-use-def-ca-store
|
||||||
|
%else
|
||||||
|
./configure --prefix=%{_prefix} \
|
||||||
|
--shared-openssl \
|
||||||
|
--shared-zlib \
|
||||||
|
--shared-libuv \
|
||||||
|
--shared-http-parser \
|
||||||
|
--shared-nghttp2 \
|
||||||
|
--with-dtrace \
|
||||||
|
--with-intl=small-icu \
|
||||||
|
--with-icu-default-data-dir=%{icudatadir} \
|
||||||
|
--openssl-use-def-ca-store
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{?with_debug} == 1
|
||||||
|
# Setting BUILDTYPE=Debug builds both release and debug binaries
|
||||||
|
make BUILDTYPE=Debug %{?_smp_mflags}
|
||||||
|
%else
|
||||||
|
make BUILDTYPE=Release %{?_smp_mflags}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Extract the ICU data and convert it to the appropriate endianness
|
||||||
|
pushd deps/
|
||||||
|
tar xfz %SOURCE3
|
||||||
|
|
||||||
|
pushd icu/source
|
||||||
|
|
||||||
|
mkdir -p converted
|
||||||
|
%if 0%{?little_endian}
|
||||||
|
# The little endian data file is included in the ICU sources
|
||||||
|
install -Dpm0644 data/in/icudt%{icu_major}l.dat converted/
|
||||||
|
|
||||||
|
%else
|
||||||
|
# For the time being, we need to build ICU and use the included `icupkg` tool
|
||||||
|
# to convert the little endian data file into a big-endian one.
|
||||||
|
# At some point in the future, ICU releases will start including both data
|
||||||
|
# files and we should switch to those.
|
||||||
|
mkdir -p data/out/tmp
|
||||||
|
|
||||||
|
%configure
|
||||||
|
%make_build
|
||||||
|
|
||||||
|
icu_root=$(pwd)
|
||||||
|
LD_LIBRARY_PATH=./lib ./bin/icupkg -tb data/in/icudt%{icu_major}l.dat \
|
||||||
|
converted/icudt%{icu_major}b.dat
|
||||||
|
%endif
|
||||||
|
|
||||||
|
popd # icu/source
|
||||||
|
popd # deps
|
||||||
|
|
||||||
|
|
||||||
|
%install
|
||||||
|
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
|
||||||
|
|
||||||
|
rm -rf %{buildroot}
|
||||||
|
|
||||||
|
./tools/install.py install %{buildroot} %{_prefix}
|
||||||
|
|
||||||
|
# Set the binary permissions properly
|
||||||
|
chmod 0755 %{buildroot}/%{_bindir}/node
|
||||||
|
chrpath --delete %{buildroot}%{_bindir}/node
|
||||||
|
|
||||||
|
%if %{?with_debug} == 1
|
||||||
|
# Install the debug binary and set its permissions
|
||||||
|
install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# own the sitelib directory
|
||||||
|
mkdir -p %{buildroot}%{_prefix}/lib/node_modules
|
||||||
|
|
||||||
|
# ensure Requires are added to every native module that match the Provides from
|
||||||
|
# the nodejs build in the buildroot
|
||||||
|
install -Dpm0644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/fileattrs/nodejs_native.attr
|
||||||
|
cat << EOF > %{buildroot}%{_rpmconfigdir}/nodejs_native.req
|
||||||
|
#!/bin/sh
|
||||||
|
echo 'nodejs(abi%{nodejs_major}) >= %nodejs_abi'
|
||||||
|
echo 'nodejs(v8-abi%{v8_major}) >= %v8_abi'
|
||||||
|
EOF
|
||||||
|
chmod 0755 %{buildroot}%{_rpmconfigdir}/nodejs_native.req
|
||||||
|
|
||||||
|
# install documentation
|
||||||
|
mkdir -p %{buildroot}%{_pkgdocdir}/html
|
||||||
|
cp -pr doc/* %{buildroot}%{_pkgdocdir}/html
|
||||||
|
rm -f %{buildroot}%{_pkgdocdir}/html/nodejs.1
|
||||||
|
|
||||||
|
# node-gyp needs common.gypi too
|
||||||
|
mkdir -p %{buildroot}%{_datadir}/node
|
||||||
|
cp -p common.gypi %{buildroot}%{_datadir}/node
|
||||||
|
|
||||||
|
# Install the GDB init tool into the documentation directory
|
||||||
|
mv %{buildroot}/%{_datadir}/doc/node/gdbinit %{buildroot}/%{_pkgdocdir}/gdbinit
|
||||||
|
|
||||||
|
# install NPM docs to mandir
|
||||||
|
mkdir -p %{buildroot}%{_mandir} \
|
||||||
|
%{buildroot}%{_pkgdocdir}/npm
|
||||||
|
|
||||||
|
cp -pr deps/npm/man/* %{buildroot}%{_mandir}/
|
||||||
|
rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man
|
||||||
|
ln -sf %{_mandir} %{buildroot}%{_prefix}/lib/node_modules/npm/man
|
||||||
|
|
||||||
|
# Install Gatsby HTML documentation to %{_pkgdocdir}
|
||||||
|
cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
|
||||||
|
rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
|
||||||
|
ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs
|
||||||
|
|
||||||
|
# Node tries to install some python files into a documentation directory
|
||||||
|
# (and not the proper one). Remove them for now until we figure out what to
|
||||||
|
# do with them.
|
||||||
|
rm -f %{buildroot}/%{_defaultdocdir}/node/lldb_commands.py \
|
||||||
|
%{buildroot}/%{_defaultdocdir}/node/lldbinit
|
||||||
|
|
||||||
|
# Some NPM bundled deps are executable but should not be. This causes
|
||||||
|
# unnecessary automatic dependencies to be added. Make them not executable.
|
||||||
|
# Skip the npm bin directory or the npm binary will not work.
|
||||||
|
find %{buildroot}%{_prefix}/lib/node_modules/npm \
|
||||||
|
-not -path "%{buildroot}%{_prefix}/lib/node_modules/npm/bin/*" \
|
||||||
|
-executable -type f \
|
||||||
|
-exec chmod -x {} \;
|
||||||
|
|
||||||
|
# The above command is a little overzealous. Add a few permissions back.
|
||||||
|
chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin/node-gyp
|
||||||
|
chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js
|
||||||
|
|
||||||
|
# Drop the NPM default configuration in place
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}
|
||||||
|
cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc
|
||||||
|
|
||||||
|
# NPM upstream expects it to be in /usr/etc/npmrc, so we'll put a symlink here
|
||||||
|
# This is done in the interests of keeping /usr read-only.
|
||||||
|
mkdir -p %{buildroot}%{_prefix}/etc
|
||||||
|
ln -s %{_sysconfdir}/npmrc %{buildroot}%{_prefix}/etc/npmrc
|
||||||
|
|
||||||
|
# Install the full-icu data files
|
||||||
|
install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
|
||||||
|
|
||||||
|
|
||||||
|
%check
|
||||||
|
# Fail the build if the versions don't match
|
||||||
|
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
|
||||||
|
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
|
||||||
|
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
|
||||||
|
|
||||||
|
# Ensure we have punycode and that the version matches
|
||||||
|
%{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
|
||||||
|
|
||||||
|
# Ensure we have npm and that the version matches
|
||||||
|
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"
|
||||||
|
|
||||||
|
# Make sure i18n support is working
|
||||||
|
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
|
||||||
|
|
||||||
|
|
||||||
|
%pretrans -n npm -p <lua>
|
||||||
|
-- Remove all of the symlinks from the bundled npm node_modules directory
|
||||||
|
-- This scriptlet can be removed in Fedora 31
|
||||||
|
base_path = "%{_prefix}/lib/node_modules/npm/node_modules/"
|
||||||
|
d_st = posix.stat(base_path)
|
||||||
|
if d_st then
|
||||||
|
for f in posix.files(base_path) do
|
||||||
|
path = base_path..f
|
||||||
|
st = posix.stat(path)
|
||||||
|
if st and st.type == "link" then
|
||||||
|
os.remove(path)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Replace the npm man directory with a symlink
|
||||||
|
-- Drop this scriptlet when F31 is EOL
|
||||||
|
path = "%{_prefix}/lib/node_modules/npm/man"
|
||||||
|
st = posix.stat(path)
|
||||||
|
if st and st.type == "directory" then
|
||||||
|
status = os.rename(path, path .. ".rpmmoved")
|
||||||
|
if not status then
|
||||||
|
suffix = 0
|
||||||
|
while not status do
|
||||||
|
suffix = suffix + 1
|
||||||
|
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
|
||||||
|
end
|
||||||
|
os.rename(path, path .. ".rpmmoved")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%{_bindir}/node
|
||||||
|
%dir %{_prefix}/lib/node_modules
|
||||||
|
%dir %{_datadir}/node
|
||||||
|
%dir %{_datadir}/systemtap
|
||||||
|
%dir %{_datadir}/systemtap/tapset
|
||||||
|
%{_datadir}/systemtap/tapset/node.stp
|
||||||
|
|
||||||
|
%if %{with bootstrap}
|
||||||
|
# no dtrace
|
||||||
|
%else
|
||||||
|
%dir %{_usr}/lib/dtrace
|
||||||
|
%{_usr}/lib/dtrace/node.d
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%{_rpmconfigdir}/fileattrs/nodejs_native.attr
|
||||||
|
%{_rpmconfigdir}/nodejs_native.req
|
||||||
|
%license LICENSE
|
||||||
|
%doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md
|
||||||
|
%doc %{_mandir}/man1/node.1*
|
||||||
|
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%if %{?with_debug} == 1
|
||||||
|
%{_bindir}/node_g
|
||||||
|
%endif
|
||||||
|
%{_includedir}/node
|
||||||
|
%{_datadir}/node/common.gypi
|
||||||
|
%{_pkgdocdir}/gdbinit
|
||||||
|
|
||||||
|
|
||||||
|
%files full-i18n
|
||||||
|
%dir %{icudatadir}
|
||||||
|
%{icudatadir}/icudt%{icu_major}*.dat
|
||||||
|
|
||||||
|
|
||||||
|
%files -n npm
|
||||||
|
%{_bindir}/npm
|
||||||
|
%{_bindir}/npx
|
||||||
|
%{_prefix}/lib/node_modules/npm
|
||||||
|
%config(noreplace) %{_sysconfdir}/npmrc
|
||||||
|
%{_prefix}/etc/npmrc
|
||||||
|
%ghost %{_sysconfdir}/npmignore
|
||||||
|
%doc %{_mandir}/man1/npm*.1*
|
||||||
|
%doc %{_mandir}/man1/npx.1*
|
||||||
|
%doc %{_mandir}/man5/folders.5*
|
||||||
|
%doc %{_mandir}/man5/install.5*
|
||||||
|
%doc %{_mandir}/man5/npmrc.5*
|
||||||
|
%doc %{_mandir}/man5/package-json.5*
|
||||||
|
%doc %{_mandir}/man5/package-lock-json.5*
|
||||||
|
%doc %{_mandir}/man5/package-locks.5*
|
||||||
|
%doc %{_mandir}/man5/shrinkwrap-json.5*
|
||||||
|
%doc %{_mandir}/man7/config.7*
|
||||||
|
%doc %{_mandir}/man7/developers.7*
|
||||||
|
%doc %{_mandir}/man7/disputes.7*
|
||||||
|
%doc %{_mandir}/man7/orgs.7*
|
||||||
|
%doc %{_mandir}/man7/registry.7*
|
||||||
|
%doc %{_mandir}/man7/removal.7*
|
||||||
|
%doc %{_mandir}/man7/scope.7*
|
||||||
|
%doc %{_mandir}/man7/scripts.7*
|
||||||
|
%doc %{_mandir}/man7/semver.7*
|
||||||
|
|
||||||
|
|
||||||
|
%files docs
|
||||||
|
%dir %{_pkgdocdir}
|
||||||
|
%{_pkgdocdir}/html
|
||||||
|
%{_pkgdocdir}/npm/docs
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Wed Feb 24 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.24.0-1
|
||||||
|
- Resolves: RHBZ#1932373, RHBZ#1932426
|
||||||
|
- Resolves CVE-2021-22883 and CVE-2021-22884
|
||||||
|
- remove -debug-nghttp2 flag (1930775)
|
||||||
|
- remove ini patch merged upstream
|
||||||
|
|
||||||
|
* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.23.1-1
|
||||||
|
- January Security release
|
||||||
|
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
|
||||||
|
- Rebase to 10.23.1
|
||||||
|
- Resolves: RHBZ#1916461, RHBZ#1914789
|
||||||
|
- Resolves: RHBZ#1914783, RHBZ#1916462, RHBZ#1916395, RHBZ#1916459
|
||||||
|
- Resolves: RHBZ#1916691, RHBZ#1916689, RHBZ#1916388
|
||||||
|
- Remove dot-prop patch, as it is fixed by npm rebase
|
||||||
|
|
||||||
|
* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 1:10.22.1-1
|
||||||
|
- Security rebase to 10.22.1
|
||||||
|
|
||||||
|
* Wed Jun 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-3
|
||||||
|
- Resolves: RHBZ#1845307
|
||||||
|
- Remove brotli-devel requires from nodejs-devel
|
||||||
|
|
||||||
|
* Tue Jun 16 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-2
|
||||||
|
- Resolves: RHBZ#1845307
|
||||||
|
- Turn off debug builds
|
||||||
|
|
||||||
|
* Mon Jun 15 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-1
|
||||||
|
- Security update to 10.21.0
|
||||||
|
- Resolves: RHBZ#1845307
|
||||||
|
- Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531
|
||||||
|
- Bundle brotli, because --shared-brotli configure option is missing
|
||||||
|
- Add i18n subpackage
|
||||||
|
|
||||||
|
* Wed Mar 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.19.0-2
|
||||||
|
- Resolves: RHBZ#1811499
|
||||||
|
|
||||||
|
* Mon Feb 10 2020 Jan Staněk <jstanek@redhat.com> - 1:10.19.0-1
|
||||||
|
- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606
|
||||||
|
|
||||||
|
* Tue Sep 10 2019 Jan Staněk <jstanek@redhat.com> - 1:10.16.3-1
|
||||||
|
- Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518
|
||||||
|
|
||||||
|
* Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
|
||||||
|
- move nodejs-packaging BR out of conditional
|
||||||
|
|
||||||
|
* Tue Dec 11 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-1
|
||||||
|
- Resolves: RHBZ#1644207
|
||||||
|
- fixes node-gyp permissions
|
||||||
|
- rebase
|
||||||
|
|
||||||
|
* Thu Oct 11 2018 Jan Staněk <jstanek@redhat.com> - 1:10.11.0-2
|
||||||
|
- BuildRequire nodejs-packaging for proper npm dependency generation
|
||||||
|
- Resolves: rhbz#1615947
|
||||||
|
|
||||||
|
* Mon Oct 08 2018 Jan Staněk <jstanek@redhat.com> - 1:10.11.0-1
|
||||||
|
- Rebase to 10.11.0
|
||||||
|
- Import changes from fedora
|
||||||
|
- Resolves: rhbz#1621766
|
||||||
|
|
||||||
|
* Mon Jul 30 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.7.0-5
|
||||||
|
- Import sources from fedora
|
||||||
|
- Allow using python2 at %%build and %%install
|
||||||
|
- turn off debug for aarch64
|
||||||
|
|
||||||
|
* Fri Jul 20 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.7.0-4
|
||||||
|
- Fix npm upgrade scriptlet
|
||||||
|
- Fix unexpected trailing .1 in npm release field
|
||||||
|
|
||||||
|
* Fri Jul 20 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.7.0-3
|
||||||
|
- Restore annotations to binaries
|
||||||
|
- Fix unexpected trailing .1 in release field
|
||||||
|
|
||||||
|
* Thu Jul 19 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.7.0-2
|
||||||
|
- Update to 10.7.0
|
||||||
|
- https://nodejs.org/en/blog/release/v10.7.0/
|
||||||
|
- https://nodejs.org/en/blog/release/v10.6.0/
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:10.5.0-1.1
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jun 21 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.5.0-1
|
||||||
|
- Update to 10.5.0
|
||||||
|
- https://nodejs.org/en/blog/release/v10.5.0/
|
||||||
|
|
||||||
|
* Thu Jun 14 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.4.1-1
|
||||||
|
- Update to 10.4.1 to address security issues
|
||||||
|
- https://nodejs.org/en/blog/release/v10.4.1/
|
||||||
|
- Resolves: rhbz#1590801
|
||||||
|
- Resolves: rhbz#1591014
|
||||||
|
- Resolves: rhbz#1591019
|
||||||
|
|
||||||
|
* Thu Jun 07 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.4.0-1
|
||||||
|
- Update to 10.4.0
|
||||||
|
- https://nodejs.org/en/blog/release/v10.4.0/
|
||||||
|
|
||||||
|
* Wed May 30 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.3.0-1
|
||||||
|
- Update to 10.3.0
|
||||||
|
- Update npm to 6.1.0
|
||||||
|
- https://nodejs.org/en/blog/release/v10.3.0/
|
||||||
|
|
||||||
|
* Tue May 29 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.2.1-2
|
||||||
|
- Fix up bare 'python' to be python2
|
||||||
|
- Drop redundant entry in docs section
|
||||||
|
|
||||||
|
* Fri May 25 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.2.1-1
|
||||||
|
- Update to 10.2.1
|
||||||
|
- https://nodejs.org/en/blog/release/v10.2.1/
|
||||||
|
|
||||||
|
* Wed May 23 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.2.0-1
|
||||||
|
- Update to 10.2.0
|
||||||
|
- https://nodejs.org/en/blog/release/v10.2.0/
|
||||||
|
|
||||||
|
* Thu May 10 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.1.0-3
|
||||||
|
- Fix incorrect rpm macro
|
||||||
|
|
||||||
|
* Thu May 10 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.1.0-2
|
||||||
|
- Include upstream v8 fix for ppc64[le]
|
||||||
|
- Disable debug build on ppc64[le] and s390x
|
||||||
|
|
||||||
|
* Wed May 09 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.1.0-1
|
||||||
|
- Update to 10.1.0
|
||||||
|
- https://nodejs.org/en/blog/release/v10.1.0/
|
||||||
|
- Reenable node_g binary
|
||||||
|
|
||||||
|
* Thu Apr 26 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.0.0-1
|
||||||
|
- Update to 10.0.0
|
||||||
|
- https://nodejs.org/en/blog/release/v10.0.0/
|
||||||
|
- Drop workaround patch
|
||||||
|
- Temporarily drop node_g binary due to
|
||||||
|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587
|
||||||
|
|
||||||
|
* Fri Apr 13 2018 Rafael dos Santos <rdossant@redhat.com> - 1:9.11.1-2
|
||||||
|
- Use standard Fedora linker flags (bug #1543859)
|
||||||
|
|
||||||
|
* Thu Apr 05 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.11.1-1
|
||||||
|
- Update to 9.11.1
|
||||||
|
- https://nodejs.org/en/blog/release/v9.11.0/
|
||||||
|
- https://nodejs.org/en/blog/release/v9.11.1/
|
||||||
|
|
||||||
|
* Wed Mar 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.10.0-1
|
||||||
|
- Update to 9.10.0
|
||||||
|
- https://nodejs.org/en/blog/release/v9.10.0/
|
||||||
|
|
||||||
|
* Wed Mar 21 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.9.0-1
|
||||||
|
- Update to 9.9.0
|
||||||
|
- https://nodejs.org/en/blog/release/v9.9.0/
|
||||||
|
|
||||||
|
* Thu Mar 08 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.8.0-1
|
||||||
|
- Update to 9.8.0
|
||||||
|
- https://nodejs.org/en/blog/release/v9.8.0/
|
||||||
|
|
||||||
|
* Thu Mar 01 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.7.0-1
|
||||||
|
- Update to 9.7.0
|
||||||
|
- https://nodejs.org/en/blog/release/v9.7.0/
|
||||||
|
- Work around F28 build issue
|
||||||
|
|
||||||
|
* Sun Feb 25 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.6.1-1
|
||||||
|
- Update to 9.6.1
|
||||||
|
- https://nodejs.org/en/blog/release/v9.6.1/
|
||||||
|
- https://nodejs.org/en/blog/release/v9.6.0/
|
||||||
|
|
||||||
|
* Mon Feb 05 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.5.0-1
|
||||||
|
- Package Node.js 9.5.0
|
||||||
|
|
||||||
|
* Thu Jan 11 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:8.9.4-2
|
||||||
|
- Fix incorrect Requires:
|
||||||
|
|
||||||
|
* Thu Jan 11 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:8.9.4-1
|
||||||
|
- Update to 8.9.4
|
||||||
|
- https://nodejs.org/en/blog/release/v8.9.4/
|
||||||
|
- Switch to system copy of nghttp2
|
||||||
|
|
||||||
|
* Fri Dec 08 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.9.3-2
|
||||||
|
- Update to 8.9.3
|
||||||
|
- https://nodejs.org/en/blog/release/v8.9.3/
|
||||||
|
- https://nodejs.org/en/blog/release/v8.9.2/
|
||||||
|
|
||||||
|
* Thu Nov 30 2017 Pete Walter <pwalter@fedoraproject.org> - 1:8.9.1-2
|
||||||
|
- Rebuild for ICU 60.1
|
||||||
|
|
||||||
|
* Thu Nov 09 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.9.1-1
|
||||||
|
- Update to 8.9.1
|
||||||
|
|
||||||
|
* Tue Oct 31 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.9.0-1
|
||||||
|
- Update to 8.9.0
|
||||||
|
- Drop upstreamed patch
|
||||||
|
|
||||||
|
* Thu Oct 26 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.8.1-1
|
||||||
|
- Update to 8.8.1 to fix a regression
|
||||||
|
|
||||||
|
* Wed Oct 25 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.8.0-1
|
||||||
|
- Security update to 8.8.0
|
||||||
|
- https://nodejs.org/en/blog/release/v8.8.0/
|
||||||
|
|
||||||
|
* Sun Oct 15 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.7.0-1
|
||||||
|
- Update to 8.7.0
|
||||||
|
- https://nodejs.org/en/blog/release/v8.7.0/
|
||||||
|
|
||||||
|
* Fri Oct 06 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.6.0-2
|
||||||
|
- Use bcond macro instead of bootstrap conditional
|
||||||
|
|
||||||
|
* Wed Sep 27 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.6.0-1
|
||||||
|
- Fix nghttp2 version
|
||||||
|
- Update to 8.6.0
|
||||||
|
- https://nodejs.org/en/blog/release/v8.6.0/
|
||||||
|
|
||||||
|
* Wed Sep 20 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.5.0-3
|
||||||
|
- Build with bootstrap + bundle libuv for modularity
|
||||||
|
- backport patch for aarch64 debug build
|
||||||
|
|
||||||
|
* Wed Sep 13 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.5.0-2
|
||||||
|
- Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395
|
||||||
|
|
||||||
|
* Tue Sep 12 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.5.0-1
|
||||||
|
- Update to v8.5.0
|
||||||
|
- https://nodejs.org/en/blog/release/v8.5.0/
|
||||||
|
|
||||||
|
* Thu Sep 07 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.4.0-2
|
||||||
|
- Refactor openssl BR
|
||||||
|
|
||||||
|
* Wed Aug 16 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.4.0-1
|
||||||
|
- Update to v8.4.0
|
||||||
|
- https://nodejs.org/en/blog/release/v8.4.0/
|
||||||
|
- http2 is now supported, add bundled nghttp2
|
||||||
|
- remove openssl 1.0.1 patches, we won't be using them in fedora
|
||||||
|
|
||||||
|
* Thu Aug 10 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.3.0-1
|
||||||
|
- Update to v8.3.0
|
||||||
|
- https://nodejs.org/en/blog/release/v8.3.0/
|
||||||
|
- update V8 to 6.0
|
||||||
|
- update minimal gcc and g++ requirements to 4.9.4
|
||||||
|
|
||||||
|
* Wed Aug 09 2017 Tom Hughes <tom@compton.nu> - 1:8.2.1-2
|
||||||
|
- Bump release to fix broken dependencies
|
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:8.2.1-1.2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:8.2.1-1.1
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jul 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.2.1-1
|
||||||
|
- Update to v8.2.1
|
||||||
|
- https://nodejs.org/en/blog/release/v8.2.1/
|
||||||
|
|
||||||
|
* Thu Jul 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.2.0-1
|
||||||
|
- Update to v8.2.0
|
||||||
|
- https://nodejs.org/en/blog/release/v8.2.0/
|
||||||
|
- Update npm to 5.3.0
|
||||||
|
- Adds npx command
|
||||||
|
|
||||||
|
* Tue Jul 18 2017 Igor Gnatenko <ignatenko@redhat.com> - 1:8.1.4-3
|
||||||
|
- s/BuildRequires/Requires/ for http-parser-devel%%{?_isa}
|
||||||
|
|
||||||
|
* Mon Jul 17 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.1.4-2
|
||||||
|
- Rename python-devel to python2-devel
|
||||||
|
- own %%{_pkgdocdir}/npm
|
||||||
|
|
||||||
|
* Tue Jul 11 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.1.4-1
|
||||||
|
- Update to v8.1.4
|
||||||
|
- https://nodejs.org/en/blog/release/v8.1.4/
|
||||||
|
- Drop upstreamed c-ares patch
|
||||||
|
|
||||||
|
* Thu Jun 29 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.1.3-1
|
||||||
|
- Update to v8.1.3
|
||||||
|
- https://nodejs.org/en/blog/release/v8.1.3/
|
||||||
|
|
||||||
|
* Wed Jun 28 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.1.2-1
|
||||||
|
- Update to v8.1.2
|
||||||
|
- remove GCC 7 patch, as it is now fixed in node >= 6.12
|
||||||
|
|
@ -1,6 +0,0 @@
|
|||||||
--- !Policy
|
|
||||||
product_versions:
|
|
||||||
- rhel-9
|
|
||||||
decision_context: osci_compose_gate
|
|
||||||
rules:
|
|
||||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
|
@ -1,33 +0,0 @@
|
|||||||
# nodejs binary
|
|
||||||
%__nodejs %{_bindir}/node
|
|
||||||
|
|
||||||
# nodejs library directory
|
|
||||||
%nodejs_sitelib %{_prefix}/lib/node_modules
|
|
||||||
|
|
||||||
#arch specific library directory
|
|
||||||
#for future-proofing only; we don't do multilib
|
|
||||||
%nodejs_sitearch %{nodejs_sitelib}
|
|
||||||
|
|
||||||
# currently installed nodejs version
|
|
||||||
%nodejs_version %(%{__nodejs} -v | sed s/v//)
|
|
||||||
|
|
||||||
# symlink dependencies so `npm link` works
|
|
||||||
# this should be run in every module's %%install section
|
|
||||||
# pass --check to work in the current directory instead of the buildroot
|
|
||||||
# pass --no-devdeps to ignore devDependencies when --check is used
|
|
||||||
%nodejs_symlink_deps %{_rpmconfigdir}/nodejs-symlink-deps %{nodejs_sitelib}
|
|
||||||
|
|
||||||
# patch package.json to fix a dependency
|
|
||||||
# see `man npm-json` for details on writing dependencies for package.json files
|
|
||||||
# e.g. `%%nodejs_fixdep frobber` makes any version of frobber do
|
|
||||||
# `%%nodejs_fixdep frobber '>1.0'` requires frobber > 1.0
|
|
||||||
# `%%nodejs_fixdep -r frobber removes the frobber dep
|
|
||||||
%nodejs_fixdep %{_rpmconfigdir}/nodejs-fixdep
|
|
||||||
|
|
||||||
# macro to filter unwanted provides from Node.js binary native modules
|
|
||||||
%nodejs_default_filter %{expand: \
|
|
||||||
%global __provides_exclude_from ^%{nodejs_sitearch}/.*\\.node$
|
|
||||||
}
|
|
||||||
|
|
||||||
# no-op macro to allow spec compatibility with EPEL
|
|
||||||
%nodejs_find_provides_and_requires %{nil}
|
|
1365
nodejs.spec
1365
nodejs.spec
File diff suppressed because it is too large
Load Diff
@ -1,5 +0,0 @@
|
|||||||
# This is the distibution-level configuration file for npm.
|
|
||||||
# To configure NPM on a system level, use the globalconfig below (defaults to @SYSCONFDIR@/npmrc).
|
|
||||||
# vim:set filetype=dosini:
|
|
||||||
|
|
||||||
globalconfig=@SYSCONFDIR@/npmrc
|
|
@ -1,2 +0,0 @@
|
|||||||
[koji]
|
|
||||||
targets = master f34 f33
|
|
6
sources
6
sources
@ -1,6 +0,0 @@
|
|||||||
SHA512 (node-v16.20.2-stripped.tar.gz) = 9ab65824a56382a72075533274ba5a86dc1fc2adb0215c81c6c9084c6dea45c3107630c0d203557cac867e00caf1c5449a97445cd5914c3e870d9055d2c409de
|
|
||||||
SHA512 (icu4c-71_1-src.tgz) = 1fd2a20aef48369d1f06e2bb74584877b8ad0eb529320b976264ec2db87420bae242715795f372dbc513ea80047bc49077a064e78205cd5e8b33d746fd2a2912
|
|
||||||
SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb
|
|
||||||
SHA512 (undici-5.20.0.tar.gz) = 75a4c164081bbc8114aceeb48680db003cb014d7f92f157d03e9a36c775606a4bede5dbba236ba1722a651ab91968cb192eeae671ec1024f826c4b452d4e20ff
|
|
||||||
SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c
|
|
||||||
SHA512 (wasi-sdk-wasi-sdk-14.tar.gz) = 4fecb3d9c04b91eb2388a9e51d49fbff6f22b81f9945a07ecdbfe479c96dad1e3b673b8bee24842b0dae5294129a9cb35dcf8e5ecf45437a6d01fb6e0fd13645
|
|
Loading…
Reference in New Issue
Block a user