From 9d9ff2a528865b446c28c40f9699a376f80e464e Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Thu, 22 Jun 2023 12:54:46 -0400 Subject: [PATCH] Update to security release 20.3.1 - https://nodejs.org/en/blog/vulnerability/june-2023-security-releases - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.3.1 Signed-off-by: Stephen Gallagher --- nodejs-sources.sh | 27 ++++++++++++++++++++++++--- nodejs20.spec | 24 ++++++++++++------------ sources | 8 ++++---- 3 files changed, 40 insertions(+), 19 deletions(-) diff --git a/nodejs-sources.sh b/nodejs-sources.sh index 465cbdb..1a3ba8c 100755 --- a/nodejs-sources.sh +++ b/nodejs-sources.sh @@ -6,6 +6,7 @@ # ARG_POSITIONAL_SINGLE([version],[Node.js release version]) # ARG_OPTIONAL_BOOLEAN([push],[],[Whether to upload to the lookaside cache],[on]) # ARG_OPTIONAL_BOOLEAN([debug],[],[Print all commands],[off]) +# ARG_OPTIONAL_SINGLE([undici-wasi-sdk-version],[],[Override the wasi-sdk version for undici]) # ARG_DEFAULTS_POS([]) # ARG_HELP([Tool to aid in Node.js packaging of new releases]) # ARGBASH_GO() @@ -37,15 +38,17 @@ _arg_version= # THE DEFAULTS INITIALIZATION - OPTIONALS _arg_push="on" _arg_debug="off" +_arg_undici_wasi_sdk_version= print_help() { printf '%s\n' "Tool to aid in Node.js packaging of new releases" - printf 'Usage: %s [--(no-)push] [--(no-)debug] [-h|--help] \n' "$0" + printf 'Usage: %s [--(no-)push] [--(no-)debug] [--undici-wasi-sdk-version ] [-h|--help] \n' "$0" printf '\t%s\n' ": Node.js release version" printf '\t%s\n' "--push, --no-push: Whether to upload to the lookaside cache (on by default)" printf '\t%s\n' "--debug, --no-debug: Print all commands (off by default)" + printf '\t%s\n' "--undici-wasi-sdk-version: Override the wasi-sdk version for undici (no default)" printf '\t%s\n' "-h, --help: Prints help" } @@ -65,6 +68,14 @@ parse_commandline() _arg_debug="on" test "${1:0:5}" = "--no-" && _arg_debug="off" ;; + --undici-wasi-sdk-version) + test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1 + _arg_undici_wasi_sdk_version="$2" + shift + ;; + --undici-wasi-sdk-version=*) + _arg_undici_wasi_sdk_version="${_key##--undici-wasi-sdk-version=}" + ;; -h|--help) print_help exit 0 @@ -195,8 +206,18 @@ tar -zcf undici-${UNDICI_VERSION}-stripped.tar.gz undici-${UNDICI_VERSION}/ rm -f v${UNDICI_VERSION}.tar.gz # Download the WASI compiler used to build undici -UNDICI_WASI_MAJOR=$(grep -oP '(?<=WASI_SDK_VERSION_MAJOR=).*' undici-${UNDICI_VERSION}/build/Dockerfile) -UNDICI_WASI_MINOR=$(grep -oP '(?<=WASI_SDK_VERSION_MINOR=).*' undici-${UNDICI_VERSION}/build/Dockerfile) +if [ -z $_arg_undici_wasi_sdk_version ]; then + UNDICI_WASI_MAJOR=$(grep -oP '(?<=WASI_SDK_VERSION_MAJOR=).*' undici-${UNDICI_VERSION}/build/Dockerfile) + UNDICI_WASI_MINOR=$(grep -oP '(?<=WASI_SDK_VERSION_MINOR=).*' undici-${UNDICI_VERSION}/build/Dockerfile) +else + OIFS=$IFS + IFS="." + UNDICI_WASI_VERSION=($_arg_undici_wasi_sdk_version) + UNDICI_WASI_MAJOR=${UNDICI_WASI_VERSION[0]} + UNDICI_WASI_MINOR=${UNDICI_WASI_VERSION[1]} + IFS=$OIFS +fi + wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-${UNDICI_WASI_MAJOR}/wasi-sdk-${UNDICI_WASI_MAJOR}.${UNDICI_WASI_MINOR}-linux.tar.gz rm -rf undici-${UNDICI_VERSION}/ diff --git a/nodejs20.spec b/nodejs20.spec index 977c115..6ac1189 100644 --- a/nodejs20.spec +++ b/nodejs20.spec @@ -26,8 +26,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 20 -%global nodejs_minor 2 -%global nodejs_patch 0 +%global nodejs_minor 3 +%global nodejs_patch 1 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 115 %global nodejs_abi %{nodejs_soversion} @@ -61,20 +61,20 @@ %global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} # zlib - from deps/zlib/zlib.h -%global zlib_version 1.2.13 +%global zlib_version 1.2.13.1-motley # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_version 1.19.0 +%global c_ares_version 1.19.1 # llhttp - from deps/llhttp/include/llhttp.h -%global llhttp_version 8.1.0 +%global llhttp_version 8.1.1 # libuv - from deps/uv/include/uv/version.h -%global libuv_version 1.44.2 +%global libuv_version 1.45.0 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -%global nghttp2_version 1.52.0 +%global nghttp2_version 1.53.0 # ICU - from tools/icu/current_ver.dep %global icu_major 73 @@ -97,7 +97,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 9.6.6 +%global npm_version 9.6.7 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -108,7 +108,7 @@ %global npm_envr %{npm_epoch}:%{npm_version}-%{npm_release} # uvwasi - from deps/uvwasi/include/uvwasi.h -%global uvwasi_version 0.0.16 +%global uvwasi_version 0.0.18 # histogram_c - assumed from timestamps %global histogram_version 0.9.7 @@ -145,8 +145,8 @@ Source203: v8.pc.in # These are generated by nodejs-sources.sh Source101: cjs-module-lexer-1.2.2-stripped.tar.gz Source102: wasi-sdk-11.0-linux.tar.gz -Source111: undici-5.22.0-stripped.tar.gz -Source112: wasi-sdk-14.0-linux.tar.gz +Source111: undici-5.22.1-stripped.tar.gz +Source112: wasi-sdk-20.0-linux.tar.gz Patch: 0001-Remove-unused-OpenSSL-config.patch @@ -299,7 +299,7 @@ Provides: bundled(histogram) = %{histogram_version} # Upstream has added a new URL parser that has no option to build as a shared # library (19.7.0+) -Provides: bundled(ada) = 2.4.0 +Provides: bundled(ada) = 2.5.0 %description diff --git a/sources b/sources index 9b5e662..8d22a00 100644 --- a/sources +++ b/sources @@ -1,7 +1,7 @@ -SHA512 (node-v20.2.0-stripped.tar.gz) = ffddb389ee9efbfa805a798a95998b991a2d6608b905539ae38a944725dcfd9557211466c30a7e798608841d4ef3486b0b2076b1f03f1b8759a18fbfdf8a703a +SHA512 (node-v20.3.1-stripped.tar.gz) = 0e58165972b9cbc9d910fab85b60bd731effc54ab3180847939027ff040a0c033f2e43cb8402e134e41fa098dbcf428fbe22abf481d6ed69347f815b88570806 SHA512 (icu4c-73_1-data-bin-b.zip) = 8b11f143021dbbb13f2c64e9558f36442448384ca8653c57b5f6a462f3b801608d8c3fc111c70931215cf8ced182914b2aeb2d159f3b1139eb5a37932efe85c7 SHA512 (icu4c-73_1-data-bin-l.zip) = 41948aecd3eeb907866c2dec532bde55aed03c45e92668ea8d53ca21cd6fb50b0131e118586245e7a0bd7b728c3f619524437d4ab75b360e2d123a8a8b11d584 -SHA512 (cjs-module-lexer-1.2.2-stripped.tar.gz) = 5f103c948a6b0e068cf02901a785fa2153e16cf859eb1fc3059865642543de97cf86047dff04ee07418637a8f49508ea720aa4f68c18c468df30d4c5ec591c58 +SHA512 (cjs-module-lexer-1.2.2-stripped.tar.gz) = d32c0b7c4522d113a57903d85f231ccd834dc50527522b0316553cf1a1e3aedfe9648974d09428559fc5d66f9845f158b38e63f07abe9adeae6fc1d4d9e8e3cb SHA512 (wasi-sdk-11.0-linux.tar.gz) = e3ed4597f7f2290967eef6238e9046f60abbcb8633a4a2a51525d00e7393df8df637a98a5b668217d332dd44fcbf2442ec7efd5e65724e888d90611164451e20 -SHA512 (undici-5.22.0-stripped.tar.gz) = acb5f66448b21c1306ac873605037b669ae38d9d1c0ac45427c44172339c395949aff6c4d84a55b9608c86ae1a926ef1d8aeaf1f1121c1c4817863840d881db6 -SHA512 (wasi-sdk-14.0-linux.tar.gz) = 288a367e051f5b3f5853de97fabaedd3acf2255819d50c24f48f573897518500ea808342fd9aea832b2a5717089807bf1cbcf6d46b156b4eb60cc6b3c02ee997 +SHA512 (undici-5.22.1-stripped.tar.gz) = 9e72613ba225c5a1cca7d86851e23ed546aeb56c799649124336f7f483c10b029367a313bdca4f7e4b767bb99788a8d7a8598e7d72fa8553729b67ba606ef663 +SHA512 (wasi-sdk-20.0-linux.tar.gz) = ff3d368267526887534f50767ff010bd368e9c24178ab2f0cf57a8ed0b3a82fbf85986d620ab2327ac6bb3f456c65adc6edb80626a1289e630dde7e43b191b42