From c6e7788528f7bb0a99bb568a6215d2f8ebf348f1 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 04 2023 08:52:57 +0000 Subject: import nodejs-18.14.2-2.module+el8.7.0+18445+9493b6ea --- diff --git a/.gitignore b/.gitignore index e192521..1567fe1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/cjs-module-lexer-1.2.2.tar.gz -SOURCES/icu4c-71_1-src.tgz -SOURCES/node-v18.12.1-stripped.tar.gz -SOURCES/undici-5.11.0.tar.gz +SOURCES/icu4c-72_1-src.tgz +SOURCES/node-v18.14.2-stripped.tar.gz +SOURCES/undici-5.20.0.tar.gz SOURCES/wasi-sdk-wasi-sdk-11.tar.gz SOURCES/wasi-sdk-wasi-sdk-14.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 8d135b9..29611c3 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,6 +1,6 @@ 6976e77068429bd0b47b573793289e065ceb6b27 SOURCES/cjs-module-lexer-1.2.2.tar.gz -406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz -816c2656eea956f3fcd0d98562d7d225abd3e95f SOURCES/node-v18.12.1-stripped.tar.gz -0ea4e5cfe13969896bf41c0d2d029a621917b944 SOURCES/undici-5.11.0.tar.gz +a97546f0119c37a3526143bc29fb573a4417ff84 SOURCES/icu4c-72_1-src.tgz +f0f8d1ceb4dc2bf7170ac999d731611f776b0af3 SOURCES/node-v18.14.2-stripped.tar.gz +0b3e890fd45200fb3a2fdc14408cc51e23990480 SOURCES/undici-5.20.0.tar.gz 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz 900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz diff --git a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch index 90d5b8f..046a7e3 100644 --- a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch +++ b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch @@ -1,29 +1,18 @@ -From 2abb9e98751595936ac1c867b3f08695f5bcf22c Mon Sep 17 00:00:00 2001 -From: Zuzana Svetlikova -Date: Fri, 17 Apr 2020 12:59:44 +0200 -Subject: [PATCH] Disable running gyp on shared deps - -Signed-off-by: rpm-build ---- - Makefile | 2 +- - node.gyp | 17 ----------------- - 2 files changed, 1 insertion(+), 18 deletions(-) - diff --git a/Makefile b/Makefile -index 9c01f8f..133a3d0 100644 +index 9401346623..c9d3da24c5 100644 --- a/Makefile +++ b/Makefile -@@ -148,7 +148,7 @@ with-code-cache test-code-cache: +@@ -169,7 +169,7 @@ with-code-cache test-code-cache: $(warning '$@' target is a noop) out/Makefile: config.gypi common.gypi node.gyp \ - deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \ + deps/llhttp/llhttp.gyp \ + deps/simdutf/simdutf.gyp \ tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \ tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp - $(PYTHON) tools/gyp_node.py -f make diff --git a/node.gyp b/node.gyp -index 8f131ac..dce5fdc 100644 +index cec24aed03..13af00f40d 100644 --- a/node.gyp +++ b/node.gyp @@ -429,23 +429,6 @@ @@ -41,7 +30,7 @@ index 8f131ac..dce5fdc 100644 - 'inputs': [ '<(opensslconfig)', ], - 'outputs': [ '<(opensslconfig_internal)', ], - 'action': [ -- 'python', 'tools/copyfile.py', +- '<(python)', 'tools/copyfile.py', - '<(opensslconfig)', - '<(opensslconfig_internal)', - ], @@ -50,6 +39,3 @@ index 8f131ac..dce5fdc 100644 }], ], }, # node_core_target_name --- -2.37.3 - diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index fc9afa8..549f2fd 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -17,7 +17,7 @@ # # create bootstrapping build with bundled deps and extra release suffix %bcond_with bootstrap -# bundle dependencies that are not available as Fedora modules +# bundle dependencies that are not available in CentOS %if %{with bootstrap} %bcond_without bundled %else @@ -41,8 +41,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 18 -%global nodejs_minor 12 -%global nodejs_patch 1 +%global nodejs_minor 14 +%global nodejs_patch 2 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 108 @@ -58,7 +58,7 @@ %global v8_major 10 %global v8_minor 2 %global v8_build 154 -%global v8_patch 15 +%global v8_patch 26 # V8 presently breaks ABI at least every x.y release while never bumping SONAME %global v8_abi %{v8_major}.%{v8_minor} %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} @@ -79,13 +79,13 @@ # libuv - from deps/uv/include/uv/version.h %global libuv_major 1 -%global libuv_minor 43 -%global libuv_patch 0 +%global libuv_minor 44 +%global libuv_patch 2 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch} # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h %global nghttp2_major 1 -%global nghttp2_minor 47 +%global nghttp2_minor 51 %global nghttp2_patch 0 %global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch} @@ -102,7 +102,7 @@ %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch} # ICU - from tools/icu/current_ver.dep -%global icu_major 71 +%global icu_major 72 %global icu_minor 1 %global icu_version %{icu_major}.%{icu_minor} @@ -120,6 +120,12 @@ %global icu_flag full-icu %endif +# simduft from deps/simdutf/simdutf.h +%global simduft_major 2 +%global simduft_minor 0 +%global simduft_patch 7 +%global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch} + # OpenSSL minimum version %global openssl_minimum 1:1.1.1 @@ -133,9 +139,9 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_major 8 -%global npm_minor 19 -%global npm_patch 2 +%global npm_major 9 +%global npm_minor 5 +%global npm_patch 0 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} # uvwasi - from deps/uvwasi/include/uvwasi.h @@ -197,9 +203,9 @@ Source101: cjs-module-lexer-1.2.2.tar.gz Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.11.0.tar.gz -# Adjustments: rm -f undici-5.11.0/lib/llhttp/llhttp*.wasm* -Source111: undici-5.11.0.tar.gz +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.20.0.tar.gz +# Adjustments: rm -f undici-5.20.0/lib/llhttp/llhttp*.wasm* +Source111: undici-5.20.0.tar.gz # The WASM blob was made using wasi-sdk v14; compiler libraries are linked in. # Version source: build/Dockerfile Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz @@ -209,10 +215,16 @@ Patch1: 0001-Disable-running-gyp-on-shared-deps.patch BuildRequires: make BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-jinja2 +%if !%{with python3_fixup} +BuildRequires: python-unversioned-command +%endif BuildRequires: zlib-devel BuildRequires: brotli-devel BuildRequires: gcc >= 8.3.0 BuildRequires: gcc-c++ >= 8.3.0 +BuildRequires: jq # needed to generate bundled provides for npm dependencies # https://src.fedoraproject.org/rpms/nodejs/pull-request/2 # https://pagure.io/nodejs-packaging/pull-request/10 @@ -299,6 +311,7 @@ Provides: bundled(icu) = %{icu_version} Provides: bundled(uvwasi) = %{uvwasi_version} Provides: bundled(histogram) = %{histogram_version} Provides: bundled(corepack) = %{corepack_version} +Provides: bundled(simduft) = %{simduft_version} # Make sure we keep NPM up to date when we update Node.js %if 0%{?rhel} < 8 @@ -388,6 +401,8 @@ The API documentation for the Node.js JavaScript runtime. # remove bundled dependencies that we aren't building rm -rf deps/zlib rm -rf deps/brotli +rm -rf deps/v8/third_party/jinja2 +rm -rf tools/inspector_protocol/jinja2 # Replace any instances of unversioned python' with python3 %if %{with python3_fixup} @@ -693,6 +708,8 @@ end %doc %{_mandir}/man5/package-json.5* %doc %{_mandir}/man5/package-lock-json.5* %doc %{_mandir}/man5/npm-shrinkwrap-json.5* +%doc %{_mandir}/man5/npm-global.5.* +%doc %{_mandir}/man5/npm-json.5.* %doc %{_mandir}/man7/config.7* %doc %{_mandir}/man7/dependency-selectors.7* %doc %{_mandir}/man7/developers.7* @@ -714,6 +731,15 @@ end %changelog +* Tue Mar 21 2023 Zuzana Svetlikova - 1:18.14.2-2 +- Provide simduft + +* Tue Mar 21 2023 Zuzana Svetlikova - 1:18.14.2-1 +- Rebase to 18.14.2 +- Resolves: #2178087 +- Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 +- Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 + * Fri Nov 18 2022 Jan Staněk - 1:18.12.1-2 - Update version of bundled histogram