Update to 12.8.1
Resolves: CVE-2019-9511 "Data Dribble" Resolves: CVE-2019-9512 "Ping Flood" Resolves: CVE-2019-9513 "Resource Loop" Resolves: CVE-2019-9514 "Reset Flood" Resolves: CVE-2019-9515 "Settings Flood" Resolves: CVE-2019-9516 "0-Length Headers Leak" Resolves: CVE-2019-9517 "Internal Data Buffering" Resolves: CVE-2019-9518 "Empty Frames Flood" https://github.com/nodejs/node/blob/v12.8.1/doc/changelogs/CHANGELOG_V12.md#12.8.1 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
This commit is contained in:
Stephen Gallagher
parent
a2b8a18f3d
commit
95a3bb3361
@ -1,29 +1,33 @@
|
||||
From 03ff54a26a47fce13a83094dcfba7840852bf30c Mon Sep 17 00:00:00 2001
|
||||
From d8cdfcd680cbd728904c19b2eea7730c61b16c73 Mon Sep 17 00:00:00 2001
|
||||
From: Zuzana Svetlikova <zsvetlik@redhat.com>
|
||||
Date: Thu, 27 Apr 2017 14:25:42 +0200
|
||||
Subject: [PATCH 1/4] Disable running gyp on shared deps
|
||||
Subject: [PATCH 1/3] Disable running gyp on shared deps
|
||||
|
||||
---
|
||||
Makefile | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
Makefile | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index d7427e578f882034895fc44529d3711c621c06b9..a12edd09252202e98aecaca76cb8457ac98d2ad7 100644
|
||||
index 1e4915a6d2ebedc8af009d8505b5b8d11a53f5f7..cae1c3c1da9a440d84a6f86fa6353e81db535c71 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -139,11 +139,11 @@ with-code-cache:
|
||||
@@ -139,13 +139,13 @@ with-code-cache:
|
||||
.PHONY: test-code-cache
|
||||
test-code-cache: with-code-cache
|
||||
echo "'test-code-cache' target is a noop"
|
||||
|
||||
out/Makefile: config.gypi common.gypi node.gyp \
|
||||
- deps/uv/uv.gyp deps/http_parser/http_parser.gyp deps/zlib/zlib.gyp \
|
||||
- deps/uv/uv.gyp deps/http_parser/http_parser.gyp deps/zlib/zlib.gyp \
|
||||
- tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
|
||||
- tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
|
||||
+ deps/http_parser/http_parser.gyp \
|
||||
tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
|
||||
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
|
||||
+ tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
|
||||
+ tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
|
||||
$(PYTHON) tools/gyp_node.py -f make
|
||||
|
||||
config.gypi: configure configure.py
|
||||
@if [ -x config.status ]; then \
|
||||
./config.status; \
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 18ea2d546f5a384d51aad0e7bd39f5b1daaf6471 Mon Sep 17 00:00:00 2001
|
||||
From ef6374e4ed159b719f465ecdb2e273019f134fb0 Mon Sep 17 00:00:00 2001
|
||||
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||
Date: Tue, 1 May 2018 08:05:30 -0400
|
||||
Subject: [PATCH 2/4] Suppress NPM message to run global update
|
||||
Subject: [PATCH 2/3] Suppress NPM message to run global update
|
||||
|
||||
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
||||
---
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 5cb76403cf796f548ff4a7ed62d6545acb5febe3 Mon Sep 17 00:00:00 2001
|
||||
From bc1d8e49a42cb88d86b2accba6ee1776baba4ca5 Mon Sep 17 00:00:00 2001
|
||||
From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
|
||||
Date: Tue, 19 Mar 2019 23:22:40 -0400
|
||||
Subject: [PATCH 3/4] Install both binaries and use libdir.
|
||||
Subject: [PATCH 3/3] Install both binaries and use libdir.
|
||||
|
||||
This allows us to build with a shared library for other users while
|
||||
still providing the normal executable.
|
||||
@ -13,7 +13,7 @@ Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com>
|
||||
2 files changed, 20 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/configure.py b/configure.py
|
||||
index a791efebbca128a2138f61713eb2f5d23b8ced98..32eeee090b5248f5236e75f3201177ec446eb41d 100755
|
||||
index cc805d3fd165fd2abe4c8581ffdb8829341ad2ba..64f50439bc09827f99786c3b0d574ba454954ca9 100755
|
||||
--- a/configure.py
|
||||
+++ b/configure.py
|
||||
@@ -550,10 +550,16 @@ parser.add_option('--shared',
|
||||
@ -33,7 +33,7 @@ index a791efebbca128a2138f61713eb2f5d23b8ced98..32eeee090b5248f5236e75f3201177ec
|
||||
dest='without_v8_platform',
|
||||
default=False,
|
||||
help='do not initialize v8 platform during node.js startup. ' +
|
||||
@@ -1096,10 +1102,11 @@ def configure_node(o):
|
||||
@@ -1094,10 +1100,11 @@ def configure_node(o):
|
||||
o['variables']['node_no_browser_globals'] = b(options.no_browser_globals)
|
||||
# TODO(refack): fix this when implementing embedded code-cache when cross-compiling.
|
||||
if o['variables']['want_separate_host_toolset'] == 0:
|
||||
|
||||
@ -1,35 +0,0 @@
|
||||
From 6d3a39df826c88e4ab12b937bef06c5905c08ab7 Mon Sep 17 00:00:00 2001
|
||||
From: Jeroen Ooms <jeroenooms@gmail.com>
|
||||
Date: Mon, 29 Jul 2019 20:15:14 +0200
|
||||
Subject: [PATCH 4/4] build: include stubs in shared library
|
||||
|
||||
This is needed for external applications that link to shared libnode.
|
||||
Fixes #27431
|
||||
---
|
||||
node.gyp | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/node.gyp b/node.gyp
|
||||
index 55b7da02ccaf1835b5fd986aaa320d72f8b7fbf2..4eae262a61e77bb8a9556e42a241b83eda3f0eba 100644
|
||||
--- a/node.gyp
|
||||
+++ b/node.gyp
|
||||
@@ -684,10 +684,16 @@
|
||||
# - "C4244: conversion from 'type1' to 'type2', possible loss of data"
|
||||
# Ususaly safe. Disable for `dep`, enable for `src`
|
||||
'msvs_disabled_warnings!': [4244],
|
||||
|
||||
'conditions': [
|
||||
+ [ 'node_shared=="true"', {
|
||||
+ 'sources': [
|
||||
+ 'src/node_snapshot_stub.cc',
|
||||
+ 'src/node_code_cache_stub.cc',
|
||||
+ ]
|
||||
+ }],
|
||||
[ 'node_shared=="true" and node_module_version!="" and OS!="win"', {
|
||||
'product_extension': '<(shlib_suffix)',
|
||||
'xcode_settings': {
|
||||
'LD_DYLIB_INSTALL_NAME':
|
||||
'@rpath/lib<(node_core_target_name).<(shlib_suffix)'
|
||||
--
|
||||
2.21.0
|
||||
|
||||
25
nodejs.spec
25
nodejs.spec
@ -8,7 +8,7 @@
|
||||
# This is used by both the nodejs package and the npm subpackage thar
|
||||
# has a separate version - the name is special so that rpmdev-bumpspec
|
||||
# will bump this rather than adding .1 to the end.
|
||||
%global baserelease 3
|
||||
%global baserelease 1
|
||||
|
||||
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
||||
|
||||
@ -19,8 +19,8 @@
|
||||
# than a Fedora release lifecycle.
|
||||
%global nodejs_epoch 1
|
||||
%global nodejs_major 12
|
||||
%global nodejs_minor 7
|
||||
%global nodejs_patch 0
|
||||
%global nodejs_minor 8
|
||||
%global nodejs_patch 1
|
||||
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
|
||||
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
|
||||
%global nodejs_soversion 72
|
||||
@ -68,7 +68,7 @@
|
||||
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
|
||||
%global nghttp2_major 1
|
||||
%global nghttp2_minor 39
|
||||
%global nghttp2_patch 1
|
||||
%global nghttp2_patch 2
|
||||
%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
|
||||
|
||||
# ICU - from tools/icu/current_ver.dep
|
||||
@ -102,7 +102,7 @@
|
||||
%global npm_epoch 1
|
||||
%global npm_major 6
|
||||
%global npm_minor 10
|
||||
%global npm_patch 0
|
||||
%global npm_patch 2
|
||||
%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
|
||||
|
||||
# In order to avoid needing to keep incrementing the release version for the
|
||||
@ -144,9 +144,6 @@ Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch
|
||||
# Patch to install both node and libnode.so, using the correct libdir
|
||||
Patch3: 0003-Install-both-binaries-and-use-libdir.patch
|
||||
|
||||
# Upstream patch to include stubs in libnode. Drop in 12.8.0
|
||||
Patch4: 0004-build-include-stubs-in-shared-library.patch
|
||||
|
||||
BuildRequires: python2-devel
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: zlib-devel
|
||||
@ -622,6 +619,18 @@ end
|
||||
%{_pkgdocdir}/npm/doc
|
||||
|
||||
%changelog
|
||||
* Thu Aug 15 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.8.2-1
|
||||
- Update to 12.8.1
|
||||
- Resolves: CVE-2019-9511 "Data Dribble"
|
||||
- Resolves: CVE-2019-9512 "Ping Flood"
|
||||
- Resolves: CVE-2019-9513 "Resource Loop"
|
||||
- Resolves: CVE-2019-9514 "Reset Flood"
|
||||
- Resolves: CVE-2019-9515 "Settings Flood"
|
||||
- Resolves: CVE-2019-9516 "0-Length Headers Leak"
|
||||
- Resolves: CVE-2019-9517 "Internal Data Buffering"
|
||||
- Resolves: CVE-2019-9518 "Empty Frames Flood"
|
||||
- https://github.com/nodejs/node/blob/v12.8.1/doc/changelogs/CHANGELOG_V12.md#12.8.1
|
||||
|
||||
* Mon Aug 05 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.7.0-3
|
||||
- Fix epoch dependencies
|
||||
- Carry data files for ICU
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
[koji]
|
||||
targets = master f30 f29
|
||||
targets = master f31
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (node-v12.7.0-stripped.tar.gz) = 267c9a8883b5264d2679dc9306b00533e8cc072e7b59d8b6c9440a6daab0e89fde78f625796f8349210a9b0aafd69ba1f596de32615ae674b8d04f8e185ca311
|
||||
SHA512 (node-v12.8.1-stripped.tar.gz) = b7c007e7a0c92303893a389d345f1040d43a0c8eb1ed46f250476ddfae368dbf5a708a81a6bf9f30411684aeabb436371451ebab9decaf2b8e192ea8a342784f
|
||||
|
||||
Loading…
Reference in New Issue
Block a user