Update to 12.8.1

Resolves: CVE-2019-9511 "Data Dribble" Resolves: CVE-2019-9512 "Ping Flood" Resolves: CVE-2019-9513 "Resource Loop" Resolves: CVE-2019-9514 "Reset Flood" Resolves: CVE-2019-9515 "Settings Flood" Resolves: CVE-2019-9516 "0-Length Headers Leak" Resolves: CVE-2019-9517 "Internal Data Buffering" Resolves: CVE-2019-9518 "Empty Frames Flood" https://github.com/nodejs/node/blob/v12.8.1/doc/changelogs/CHANGELOG_V12.md#12.8.1 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2019-08-15 11:18:11 -04:00 · 2019-08-15 11:18:11 -04:00 · 95a3bb3361
commit 95a3bb3361
parent a2b8a18f3d
7 changed files with 38 additions and 60 deletions
--- a/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/0001-Disable-running-gyp-on-shared-deps.patch
@ -1,29 +1,33 @@
-From 03ff54a26a47fce13a83094dcfba7840852bf30c Mon Sep 17 00:00:00 2001
+From d8cdfcd680cbd728904c19b2eea7730c61b16c73 Mon Sep 17 00:00:00 2001
 From: Zuzana Svetlikova <zsvetlik@redhat.com>
 Date: Thu, 27 Apr 2017 14:25:42 +0200
-Subject: [PATCH 1/4] Disable running gyp on shared deps
+Subject: [PATCH 1/3] Disable running gyp on shared deps
 ---
- Makefile | 2 +-
+ Makefile | 6 +++---
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/Makefile b/Makefile
-index d7427e578f882034895fc44529d3711c621c06b9..a12edd09252202e98aecaca76cb8457ac98d2ad7 100644
+index 1e4915a6d2ebedc8af009d8505b5b8d11a53f5f7..cae1c3c1da9a440d84a6f86fa6353e81db535c71 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -139,11 +139,11 @@ with-code-cache:
+@@ -139,13 +139,13 @@ with-code-cache:
 .PHONY: test-code-cache
 test-code-cache: with-code-cache
 	echo "'test-code-cache' target is a noop"
 out/Makefile: config.gypi common.gypi node.gyp \
 -	deps/uv/uv.gyp deps/http_parser/http_parser.gyp deps/zlib/zlib.gyp \
 -	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
 -	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
 +  deps/http_parser/http_parser.gyp \
-   tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
+  tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
-   tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
+  tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
 	$(PYTHON) tools/gyp_node.py -f make
 config.gypi: configure configure.py
 	@if [ -x config.status ]; then \
 		./config.status; \
 -- 
 2.21.0
--- a/0002-Suppress-NPM-message-to-run-global-update.patch
+++ b/0002-Suppress-NPM-message-to-run-global-update.patch
@ -1,7 +1,7 @@
-From 18ea2d546f5a384d51aad0e7bd39f5b1daaf6471 Mon Sep 17 00:00:00 2001
+From ef6374e4ed159b719f465ecdb2e273019f134fb0 Mon Sep 17 00:00:00 2001
 From: Stephen Gallagher <sgallagh@redhat.com>
 Date: Tue, 1 May 2018 08:05:30 -0400
-Subject: [PATCH 2/4] Suppress NPM message to run global update
+Subject: [PATCH 2/3] Suppress NPM message to run global update
 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 ---
--- a/0003-Install-both-binaries-and-use-libdir.patch
+++ b/0003-Install-both-binaries-and-use-libdir.patch
@ -1,7 +1,7 @@
-From 5cb76403cf796f548ff4a7ed62d6545acb5febe3 Mon Sep 17 00:00:00 2001
+From bc1d8e49a42cb88d86b2accba6ee1776baba4ca5 Mon Sep 17 00:00:00 2001
 From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
 Date: Tue, 19 Mar 2019 23:22:40 -0400
-Subject: [PATCH 3/4] Install both binaries and use libdir.
+Subject: [PATCH 3/3] Install both binaries and use libdir.
 This allows us to build with a shared library for other users while
 still providing the normal executable.
@ -13,7 +13,7 @@ Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com>
 2 files changed, 20 insertions(+), 16 deletions(-)
 diff --git a/configure.py b/configure.py
-index a791efebbca128a2138f61713eb2f5d23b8ced98..32eeee090b5248f5236e75f3201177ec446eb41d 100755
+index cc805d3fd165fd2abe4c8581ffdb8829341ad2ba..64f50439bc09827f99786c3b0d574ba454954ca9 100755
 --- a/configure.py
 +++ b/configure.py
@@ -550,10 +550,16 @@ parser.add_option('--shared',
@ -33,7 +33,7 @@ index a791efebbca128a2138f61713eb2f5d23b8ced98..32eeee090b5248f5236e75f3201177ec
     dest='without_v8_platform',
     default=False,
     help='do not initialize v8 platform during node.js startup. ' +
-@@ -1096,10 +1102,11 @@ def configure_node(o):
+@@ -1094,10 +1100,11 @@ def configure_node(o):
   o['variables']['node_no_browser_globals'] = b(options.no_browser_globals)
   # TODO(refack): fix this when implementing embedded code-cache when cross-compiling.
   if o['variables']['want_separate_host_toolset'] == 0:
--- a/0004-build-include-stubs-in-shared-library.patch
+++ b/0004-build-include-stubs-in-shared-library.patch
@ -1,35 +0,0 @@
 From 6d3a39df826c88e4ab12b937bef06c5905c08ab7 Mon Sep 17 00:00:00 2001
 From: Jeroen Ooms <jeroenooms@gmail.com>
 Date: Mon, 29 Jul 2019 20:15:14 +0200
 Subject: [PATCH 4/4] build: include stubs in shared library
 This is needed for external applications that link to shared libnode.
 Fixes #27431
 ---
 node.gyp | 6 ++++++
 1 file changed, 6 insertions(+)
 diff --git a/node.gyp b/node.gyp
 index 55b7da02ccaf1835b5fd986aaa320d72f8b7fbf2..4eae262a61e77bb8a9556e42a241b83eda3f0eba 100644
 --- a/node.gyp
 +++ b/node.gyp
@@ -684,10 +684,16 @@
       # - "C4244: conversion from 'type1' to 'type2', possible loss of data"
       #   Ususaly safe. Disable for `dep`, enable for `src`
       'msvs_disabled_warnings!': [4244],
       'conditions': [
 +        [ 'node_shared=="true"', {
 +          'sources': [
 +            'src/node_snapshot_stub.cc',
 +            'src/node_code_cache_stub.cc',
 +          ]
 +        }],
         [ 'node_shared=="true" and node_module_version!="" and OS!="win"', {
           'product_extension': '<(shlib_suffix)',
           'xcode_settings': {
             'LD_DYLIB_INSTALL_NAME':
               '@rpath/lib<(node_core_target_name).<(shlib_suffix)'
 -- 
 2.21.0
--- a/nodejs.spec
+++ b/nodejs.spec
@ -8,7 +8,7 @@
 # This is used by both the nodejs package and the npm subpackage thar
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 3
+%global baserelease 1
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -19,8 +19,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 12
-%global nodejs_minor 7
+%global nodejs_minor 8
-%global nodejs_patch 0
+%global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 72
@ -68,7 +68,7 @@
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
 %global nghttp2_major 1
 %global nghttp2_minor 39
-%global nghttp2_patch 1
+%global nghttp2_patch 2
 %global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
 # ICU - from tools/icu/current_ver.dep
@ -102,7 +102,7 @@
 %global npm_epoch 1
 %global npm_major 6
 %global npm_minor 10
-%global npm_patch 0
+%global npm_patch 2
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
 # In order to avoid needing to keep incrementing the release version for the
@ -144,9 +144,6 @@ Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch
 # Patch to install both node and libnode.so, using the correct libdir
 Patch3: 0003-Install-both-binaries-and-use-libdir.patch
 # Upstream patch to include stubs in libnode. Drop in 12.8.0
 Patch4: 0004-build-include-stubs-in-shared-library.patch
 BuildRequires: python2-devel
 BuildRequires: python3-devel
 BuildRequires: zlib-devel
@ -622,6 +619,18 @@ end
 %{_pkgdocdir}/npm/doc
 %changelog
 * Thu Aug 15 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.8.2-1
 - Update to 12.8.1
 - Resolves: CVE-2019-9511 "Data Dribble"
 - Resolves: CVE-2019-9512 "Ping Flood"
 - Resolves: CVE-2019-9513 "Resource Loop"
 - Resolves: CVE-2019-9514 "Reset Flood"
 - Resolves: CVE-2019-9515 "Settings Flood"
 - Resolves: CVE-2019-9516 "0-Length Headers Leak"
 - Resolves: CVE-2019-9517 "Internal Data Buffering"
 - Resolves: CVE-2019-9518 "Empty Frames Flood"
 - https://github.com/nodejs/node/blob/v12.8.1/doc/changelogs/CHANGELOG_V12.md#12.8.1
 * Mon Aug 05 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.7.0-3
 - Fix epoch dependencies
 - Carry data files for ICU
--- a/package.cfg
+++ b/package.cfg
@ -1,2 +1,2 @@
 [koji]
-targets = master f30 f29
+targets = master f31
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (node-v12.7.0-stripped.tar.gz) = 267c9a8883b5264d2679dc9306b00533e8cc072e7b59d8b6c9440a6daab0e89fde78f625796f8349210a9b0aafd69ba1f596de32615ae674b8d04f8e185ca311
+SHA512 (node-v12.8.1-stripped.tar.gz) = b7c007e7a0c92303893a389d345f1040d43a0c8eb1ed46f250476ddfae368dbf5a708a81a6bf9f30411684aeabb436371451ebab9decaf2b8e192ea8a342784f
`@ -1,2 +1,2 @@`
	`[koji]`	`[koji]`
	`targets = master f30 f29`	`targets = master f31`
`@ -1 +1 @@`
	`SHA512 (node-v12.7.0-stripped.tar.gz) = 267c9a8883b5264d2679dc9306b00533e8cc072e7b59d8b6c9440a6daab0e89fde78f625796f8349210a9b0aafd69ba1f596de32615ae674b8d04f8e185ca311`	`SHA512 (node-v12.8.1-stripped.tar.gz) = b7c007e7a0c92303893a389d345f1040d43a0c8eb1ed46f250476ddfae368dbf5a708a81a6bf9f30411684aeabb436371451ebab9decaf2b8e192ea8a342784f`