Update to security release 20.3.1

- https://nodejs.org/en/blog/vulnerability/june-2023-security-releases
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.3.1

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
This commit is contained in:
Stephen Gallagher 2023-06-22 12:54:46 -04:00
parent c8a3601325
commit 9d9ff2a528
3 changed files with 40 additions and 19 deletions

View File

@ -6,6 +6,7 @@
# ARG_POSITIONAL_SINGLE([version],[Node.js release version]) # ARG_POSITIONAL_SINGLE([version],[Node.js release version])
# ARG_OPTIONAL_BOOLEAN([push],[],[Whether to upload to the lookaside cache],[on]) # ARG_OPTIONAL_BOOLEAN([push],[],[Whether to upload to the lookaside cache],[on])
# ARG_OPTIONAL_BOOLEAN([debug],[],[Print all commands],[off]) # ARG_OPTIONAL_BOOLEAN([debug],[],[Print all commands],[off])
# ARG_OPTIONAL_SINGLE([undici-wasi-sdk-version],[],[Override the wasi-sdk version for undici])
# ARG_DEFAULTS_POS([]) # ARG_DEFAULTS_POS([])
# ARG_HELP([Tool to aid in Node.js packaging of new releases]) # ARG_HELP([Tool to aid in Node.js packaging of new releases])
# ARGBASH_GO() # ARGBASH_GO()
@ -37,15 +38,17 @@ _arg_version=
# THE DEFAULTS INITIALIZATION - OPTIONALS # THE DEFAULTS INITIALIZATION - OPTIONALS
_arg_push="on" _arg_push="on"
_arg_debug="off" _arg_debug="off"
_arg_undici_wasi_sdk_version=
print_help() print_help()
{ {
printf '%s\n' "Tool to aid in Node.js packaging of new releases" printf '%s\n' "Tool to aid in Node.js packaging of new releases"
printf 'Usage: %s [--(no-)push] [--(no-)debug] [-h|--help] <version>\n' "$0" printf 'Usage: %s [--(no-)push] [--(no-)debug] [--undici-wasi-sdk-version <arg>] [-h|--help] <version>\n' "$0"
printf '\t%s\n' "<version>: Node.js release version" printf '\t%s\n' "<version>: Node.js release version"
printf '\t%s\n' "--push, --no-push: Whether to upload to the lookaside cache (on by default)" printf '\t%s\n' "--push, --no-push: Whether to upload to the lookaside cache (on by default)"
printf '\t%s\n' "--debug, --no-debug: Print all commands (off by default)" printf '\t%s\n' "--debug, --no-debug: Print all commands (off by default)"
printf '\t%s\n' "--undici-wasi-sdk-version: Override the wasi-sdk version for undici (no default)"
printf '\t%s\n' "-h, --help: Prints help" printf '\t%s\n' "-h, --help: Prints help"
} }
@ -65,6 +68,14 @@ parse_commandline()
_arg_debug="on" _arg_debug="on"
test "${1:0:5}" = "--no-" && _arg_debug="off" test "${1:0:5}" = "--no-" && _arg_debug="off"
;; ;;
--undici-wasi-sdk-version)
test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1
_arg_undici_wasi_sdk_version="$2"
shift
;;
--undici-wasi-sdk-version=*)
_arg_undici_wasi_sdk_version="${_key##--undici-wasi-sdk-version=}"
;;
-h|--help) -h|--help)
print_help print_help
exit 0 exit 0
@ -195,8 +206,18 @@ tar -zcf undici-${UNDICI_VERSION}-stripped.tar.gz undici-${UNDICI_VERSION}/
rm -f v${UNDICI_VERSION}.tar.gz rm -f v${UNDICI_VERSION}.tar.gz
# Download the WASI compiler used to build undici # Download the WASI compiler used to build undici
UNDICI_WASI_MAJOR=$(grep -oP '(?<=WASI_SDK_VERSION_MAJOR=).*' undici-${UNDICI_VERSION}/build/Dockerfile) if [ -z $_arg_undici_wasi_sdk_version ]; then
UNDICI_WASI_MINOR=$(grep -oP '(?<=WASI_SDK_VERSION_MINOR=).*' undici-${UNDICI_VERSION}/build/Dockerfile) UNDICI_WASI_MAJOR=$(grep -oP '(?<=WASI_SDK_VERSION_MAJOR=).*' undici-${UNDICI_VERSION}/build/Dockerfile)
UNDICI_WASI_MINOR=$(grep -oP '(?<=WASI_SDK_VERSION_MINOR=).*' undici-${UNDICI_VERSION}/build/Dockerfile)
else
OIFS=$IFS
IFS="."
UNDICI_WASI_VERSION=($_arg_undici_wasi_sdk_version)
UNDICI_WASI_MAJOR=${UNDICI_WASI_VERSION[0]}
UNDICI_WASI_MINOR=${UNDICI_WASI_VERSION[1]}
IFS=$OIFS
fi
wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-${UNDICI_WASI_MAJOR}/wasi-sdk-${UNDICI_WASI_MAJOR}.${UNDICI_WASI_MINOR}-linux.tar.gz wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-${UNDICI_WASI_MAJOR}/wasi-sdk-${UNDICI_WASI_MAJOR}.${UNDICI_WASI_MINOR}-linux.tar.gz
rm -rf undici-${UNDICI_VERSION}/ rm -rf undici-${UNDICI_VERSION}/

View File

@ -26,8 +26,8 @@
# than a Fedora release lifecycle. # than a Fedora release lifecycle.
%global nodejs_epoch 1 %global nodejs_epoch 1
%global nodejs_major 20 %global nodejs_major 20
%global nodejs_minor 2 %global nodejs_minor 3
%global nodejs_patch 0 %global nodejs_patch 1
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
%global nodejs_soversion 115 %global nodejs_soversion 115
%global nodejs_abi %{nodejs_soversion} %global nodejs_abi %{nodejs_soversion}
@ -61,20 +61,20 @@
%global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} %global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
# zlib - from deps/zlib/zlib.h # zlib - from deps/zlib/zlib.h
%global zlib_version 1.2.13 %global zlib_version 1.2.13.1-motley
# c-ares - from deps/cares/include/ares_version.h # c-ares - from deps/cares/include/ares_version.h
# https://github.com/nodejs/node/pull/9332 # https://github.com/nodejs/node/pull/9332
%global c_ares_version 1.19.0 %global c_ares_version 1.19.1
# llhttp - from deps/llhttp/include/llhttp.h # llhttp - from deps/llhttp/include/llhttp.h
%global llhttp_version 8.1.0 %global llhttp_version 8.1.1
# libuv - from deps/uv/include/uv/version.h # libuv - from deps/uv/include/uv/version.h
%global libuv_version 1.44.2 %global libuv_version 1.45.0
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
%global nghttp2_version 1.52.0 %global nghttp2_version 1.53.0
# ICU - from tools/icu/current_ver.dep # ICU - from tools/icu/current_ver.dep
%global icu_major 73 %global icu_major 73
@ -97,7 +97,7 @@
# npm - from deps/npm/package.json # npm - from deps/npm/package.json
%global npm_epoch 1 %global npm_epoch 1
%global npm_version 9.6.6 %global npm_version 9.6.7
# In order to avoid needing to keep incrementing the release version for the # In order to avoid needing to keep incrementing the release version for the
# main package forever, we will just construct one for npm that is guaranteed # main package forever, we will just construct one for npm that is guaranteed
@ -108,7 +108,7 @@
%global npm_envr %{npm_epoch}:%{npm_version}-%{npm_release} %global npm_envr %{npm_epoch}:%{npm_version}-%{npm_release}
# uvwasi - from deps/uvwasi/include/uvwasi.h # uvwasi - from deps/uvwasi/include/uvwasi.h
%global uvwasi_version 0.0.16 %global uvwasi_version 0.0.18
# histogram_c - assumed from timestamps # histogram_c - assumed from timestamps
%global histogram_version 0.9.7 %global histogram_version 0.9.7
@ -145,8 +145,8 @@ Source203: v8.pc.in
# These are generated by nodejs-sources.sh # These are generated by nodejs-sources.sh
Source101: cjs-module-lexer-1.2.2-stripped.tar.gz Source101: cjs-module-lexer-1.2.2-stripped.tar.gz
Source102: wasi-sdk-11.0-linux.tar.gz Source102: wasi-sdk-11.0-linux.tar.gz
Source111: undici-5.22.0-stripped.tar.gz Source111: undici-5.22.1-stripped.tar.gz
Source112: wasi-sdk-14.0-linux.tar.gz Source112: wasi-sdk-20.0-linux.tar.gz
Patch: 0001-Remove-unused-OpenSSL-config.patch Patch: 0001-Remove-unused-OpenSSL-config.patch
@ -299,7 +299,7 @@ Provides: bundled(histogram) = %{histogram_version}
# Upstream has added a new URL parser that has no option to build as a shared # Upstream has added a new URL parser that has no option to build as a shared
# library (19.7.0+) # library (19.7.0+)
Provides: bundled(ada) = 2.4.0 Provides: bundled(ada) = 2.5.0
%description %description

View File

@ -1,7 +1,7 @@
SHA512 (node-v20.2.0-stripped.tar.gz) = ffddb389ee9efbfa805a798a95998b991a2d6608b905539ae38a944725dcfd9557211466c30a7e798608841d4ef3486b0b2076b1f03f1b8759a18fbfdf8a703a SHA512 (node-v20.3.1-stripped.tar.gz) = 0e58165972b9cbc9d910fab85b60bd731effc54ab3180847939027ff040a0c033f2e43cb8402e134e41fa098dbcf428fbe22abf481d6ed69347f815b88570806
SHA512 (icu4c-73_1-data-bin-b.zip) = 8b11f143021dbbb13f2c64e9558f36442448384ca8653c57b5f6a462f3b801608d8c3fc111c70931215cf8ced182914b2aeb2d159f3b1139eb5a37932efe85c7 SHA512 (icu4c-73_1-data-bin-b.zip) = 8b11f143021dbbb13f2c64e9558f36442448384ca8653c57b5f6a462f3b801608d8c3fc111c70931215cf8ced182914b2aeb2d159f3b1139eb5a37932efe85c7
SHA512 (icu4c-73_1-data-bin-l.zip) = 41948aecd3eeb907866c2dec532bde55aed03c45e92668ea8d53ca21cd6fb50b0131e118586245e7a0bd7b728c3f619524437d4ab75b360e2d123a8a8b11d584 SHA512 (icu4c-73_1-data-bin-l.zip) = 41948aecd3eeb907866c2dec532bde55aed03c45e92668ea8d53ca21cd6fb50b0131e118586245e7a0bd7b728c3f619524437d4ab75b360e2d123a8a8b11d584
SHA512 (cjs-module-lexer-1.2.2-stripped.tar.gz) = 5f103c948a6b0e068cf02901a785fa2153e16cf859eb1fc3059865642543de97cf86047dff04ee07418637a8f49508ea720aa4f68c18c468df30d4c5ec591c58 SHA512 (cjs-module-lexer-1.2.2-stripped.tar.gz) = d32c0b7c4522d113a57903d85f231ccd834dc50527522b0316553cf1a1e3aedfe9648974d09428559fc5d66f9845f158b38e63f07abe9adeae6fc1d4d9e8e3cb
SHA512 (wasi-sdk-11.0-linux.tar.gz) = e3ed4597f7f2290967eef6238e9046f60abbcb8633a4a2a51525d00e7393df8df637a98a5b668217d332dd44fcbf2442ec7efd5e65724e888d90611164451e20 SHA512 (wasi-sdk-11.0-linux.tar.gz) = e3ed4597f7f2290967eef6238e9046f60abbcb8633a4a2a51525d00e7393df8df637a98a5b668217d332dd44fcbf2442ec7efd5e65724e888d90611164451e20
SHA512 (undici-5.22.0-stripped.tar.gz) = acb5f66448b21c1306ac873605037b669ae38d9d1c0ac45427c44172339c395949aff6c4d84a55b9608c86ae1a926ef1d8aeaf1f1121c1c4817863840d881db6 SHA512 (undici-5.22.1-stripped.tar.gz) = 9e72613ba225c5a1cca7d86851e23ed546aeb56c799649124336f7f483c10b029367a313bdca4f7e4b767bb99788a8d7a8598e7d72fa8553729b67ba606ef663
SHA512 (wasi-sdk-14.0-linux.tar.gz) = 288a367e051f5b3f5853de97fabaedd3acf2255819d50c24f48f573897518500ea808342fd9aea832b2a5717089807bf1cbcf6d46b156b4eb60cc6b3c02ee997 SHA512 (wasi-sdk-20.0-linux.tar.gz) = ff3d368267526887534f50767ff010bd368e9c24178ab2f0cf57a8ed0b3a82fbf85986d620ab2327ac6bb3f456c65adc6edb80626a1289e630dde7e43b191b42