diff --git a/.gitignore b/.gitignore index 6d61726..8692d82 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/icu4c-69_1-src.tgz -SOURCES/node-v16.13.1-stripped.tar.gz +SOURCES/icu4c-70_1-src.tgz +SOURCES/node-v16.16.0-stripped.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 18bd083..c2ce414 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,2 +1,2 @@ -620a71c84428758376baa0fb81a581c3daa866ce SOURCES/icu4c-69_1-src.tgz -09e2ea9b62a6e92a73c34e2997ec237ebd04141f SOURCES/node-v16.13.1-stripped.tar.gz +f7c1363edee6be7de8b624ffbb801892b3417d4e SOURCES/icu4c-70_1-src.tgz +17d4c0f6337149c1171c478dbebc8c224ebd0778 SOURCES/node-v16.16.0-stripped.tar.gz diff --git a/SOURCES/nodejs-tarball.sh b/SOURCES/nodejs-tarball.sh index a439469..f59d5c2 100755 --- a/SOURCES/nodejs-tarball.sh +++ b/SOURCES/nodejs-tarball.sh @@ -128,7 +128,7 @@ echo "$ICUMD5 $ICUTARBALL" > icu.md5 md5sum -c icu.md5 rm -f icu.md5 SHASUMS256.txt -rhpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz +#fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz rm -f node-v${version}.tar.gz diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 9548f15..b2ebdbf 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -1,17 +1,33 @@ -%global with_debug 0 +%bcond_with debug # PowerPC, s390x and aarch64 segfault during Debug builds # https://github.com/nodejs/node/issues/20642 %ifarch %{power64} s390x aarch64 -%global with_debug 0 +%bcond_with debug %endif -# bundle dependencies that are not available as Fedora modules +# The following macros control the usage of dependencies bundled from upstream. +# +# When to use what: +# - Regular (presumably non-modular) build: use neither (the default in Fedora) +# - Early bootstrapping build that is not intended to be shipped: +# use --with=bootstrap; this will bundle deps and add `~bootstrap` release suffix +# - Build with some dependencies not avalaible in necessary versions (i.e. module build): +# use --with=bundled; will bundle deps, but do not add the suffix +# +# create bootstrapping build with bundled deps and extra release suffix %bcond_with bootstrap +# bundle dependencies that are not available as Fedora modules +%if %{with bootstrap} +%bcond_without bundled +%else +%bcond_with bundled +%endif + %bcond_without python3_fixup # == Master Relase == -# This is used by both the nodejs package and the npm subpackage thar +# This is used by both the nodejs package and the npm subpackage that # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. %global baserelease 3 @@ -25,8 +41,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 16 -%global nodejs_minor 13 -%global nodejs_patch 1 +%global nodejs_minor 16 +%global nodejs_patch 0 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 93 @@ -58,19 +74,19 @@ # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_major 6 %global llhttp_minor 0 -%global llhttp_patch 4 +%global llhttp_patch 7 %global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch} # libuv - from deps/uv/include/uv/version.h %global libuv_major 1 -%global libuv_minor 42 +%global libuv_minor 43 %global libuv_patch 0 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch} # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h %global nghttp2_major 1 -%global nghttp2_minor 45 -%global nghttp2_patch 1 +%global nghttp2_minor 47 +%global nghttp2_patch 0 %global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch} # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h @@ -86,7 +102,7 @@ %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch} # ICU - from tools/icu/current_ver.dep -%global icu_major 69 +%global icu_major 70 %global icu_minor 1 %global icu_version %{icu_major}.%{icu_minor} @@ -118,14 +134,14 @@ # npm - from deps/npm/package.json %global npm_epoch 1 %global npm_major 8 -%global npm_minor 1 -%global npm_patch 2 +%global npm_minor 11 +%global npm_patch 0 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} # uvwasi - from deps/uvwasi/include/uvwasi.h %global uvwasi_major 0 %global uvwasi_minor 0 -%global uvwasi_patch 11 +%global uvwasi_patch 12 %global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch} # histogram_c - assumed from timestamps @@ -140,8 +156,6 @@ # base npm version number is increasing. %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} -# Node.js 16.9.1 and later comes with an experimental package management tool -%global corepack_version 0.10.0 Name: nodejs Epoch: %{nodejs_epoch} @@ -185,14 +199,18 @@ BuildRequires: chrpath BuildRequires: libatomic BuildRequires: systemtap-sdt-devel -%if %{with bootstrap} -Provides: bundled(libuv) = %{libuv_version} -Provides: bundled(nghttp2) = %{nghttp2_version} +%if %{with bundled} +Provides: bundled(libuv) = %{libuv_version} %else BuildRequires: libuv-devel >= 1:%{libuv_version} -Requires: libuv >= 1:%{libuv_version} +Requires: libuv >= 1:%{libuv_version} +%endif + +%if %{with bundled} +Provides: bundled(nghttp2) = %{nghttp2_version} +%else BuildRequires: libnghttp2-devel >= %{nghttp2_version} -Requires: libnghttp2 >= %{nghttp2_version} +Requires: libnghttp2 >= %{nghttp2_version} %endif # Temporarily bundle llhttp because the upstream doesn't @@ -258,7 +276,6 @@ Provides: bundled(icu) = %{icu_version} # or there's no option to built it as a shared dependency, so we bundle them Provides: bundled(uvwasi) = %{uvwasi_version} Provides: bundled(histogram) = %{histogram_version} -Provides: bundled(corepack) = %{corepack_version} # Make sure we keep NPM up to date when we update Node.js %if 0%{?rhel} < 8 @@ -285,9 +302,7 @@ Requires: zlib-devel%{?_isa} Requires: brotli-devel%{?_isa} Requires: nodejs-packaging -%if %{with bootstrap} -# deps are bundled -%else +%if %{without bundled} Requires: libuv-devel%{?_isa} %endif @@ -376,47 +391,30 @@ export CXX='g++' # build with debugging symbols and add defines from libuv (#892601) # Node's v8 breaks with GCC 6 because of incorrect usage of methods on # NULL objects. We need to pass -fno-delete-null-pointer-checks -export CFLAGS='%{optflags} \ - -D_LARGEFILE_SOURCE \ - -D_FILE_OFFSET_BITS=64 \ - -DZLIB_CONST \ - -fno-delete-null-pointer-checks' -export CXXFLAGS='%{optflags} \ - -D_LARGEFILE_SOURCE \ - -D_FILE_OFFSET_BITS=64 \ - -DZLIB_CONST \ - -fno-delete-null-pointer-checks' - -# Explicit new lines in C(XX)FLAGS can break naive build scripts -export CFLAGS="$(echo ${CFLAGS} | tr '\n\\' ' ')" -export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' ' ')" +extra_cflags=( + -D_LARGEFILE_SOURCE + -D_FILE_OFFSET_BITS=64 + -DZLIB_CONST + -fno-delete-null-pointer-checks +) +export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cflags[*]}" export LDFLAGS="%{build_ldflags}" -%if %{with bootstrap} -%{__python3} configure.py --prefix=%{_prefix} \ - --shared-openssl \ - --shared-zlib \ - --shared-brotli \ - --with-dtrace \ - --with-intl=small-icu \ - --openssl-use-def-ca-store \ - --openssl-default-cipher-list=PROFILE=SYSTEM -%else %{__python3} configure.py --prefix=%{_prefix} \ --shared-openssl \ --shared-zlib \ --shared-brotli \ - --shared-libuv \ - --shared-nghttp2 \ - --with-dtrace \ + %{!?with_bundled:--shared-libuv} \ + %{!?with_bundled:--shared-nghttp2} \ + %{?with_bundled:--without-dtrace}%{!?with_bundled:--with-dtrace} \ --with-intl=small-icu \ --with-icu-default-data-dir=%{icudatadir} \ + --without-corepack \ --openssl-use-def-ca-store \ --openssl-default-cipher-list=PROFILE=SYSTEM -%endif -%if %{?with_debug} == 1 +%if %{with debug} # Setting BUILDTYPE=Debug builds both release and debug binaries make BUILDTYPE=Debug %{?_smp_mflags} %else @@ -462,7 +460,7 @@ rm -rf %{buildroot} chmod 0755 %{buildroot}/%{_bindir}/node chrpath --delete %{buildroot}%{_bindir}/node -%if %{?with_debug} == 1 +%if %{with debug} # Install the debug binary and set its permissions install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g %endif @@ -500,7 +498,7 @@ cp -pr deps/npm/man/* %{buildroot}%{_mandir}/ rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man ln -sf %{_mandir} %{buildroot}%{_prefix}/lib/node_modules/npm/man -# Install Gatsby HTML documentation to %{_pkgdocdir} +# Install Gatsby HTML documentation to %%{_pkgdocdir} cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/ rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs @@ -521,14 +519,9 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \ -exec chmod -x {} \; # The above command is a little overzealous. Add a few permissions back. -chmod 0775 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp +chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js -# Corepack contains a number of executable"shims", including some for Windows -# PowerShell. Drop the executable bit for those so we don't pick up an -# automatic dependency on /usr/bin/pwsh that we cannot satisfy. -chmod -x %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/*.ps1 - # Drop the NPM default configuration in place mkdir -p %{buildroot}%{_sysconfdir} cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc @@ -552,7 +545,6 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/* %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')" # Ensure we have npm and that the version matches -# NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')" NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')" # Make sure i18n support is working @@ -631,12 +623,10 @@ end %dir %{_datadir}/systemtap/tapset %{_datadir}/systemtap/tapset/node.stp -# corepack -%{_bindir}/corepack -%{_prefix}/lib/node_modules/corepack - +%if %{without bundled} %dir %{_usr}/lib/dtrace %{_usr}/lib/dtrace/node.d +%endif %{_rpmconfigdir}/fileattrs/nodejs_native.attr %{_rpmconfigdir}/nodejs_native.req @@ -646,9 +636,7 @@ end %files devel -%if %{?with_debug} == 1 -%{_bindir}/node_g -%endif +%{?with_debug:%{_bindir}/node_g} %{_includedir}/node %{_datadir}/node/common.gypi %{_pkgdocdir}/gdbinit @@ -677,6 +665,7 @@ end %doc %{_mandir}/man7/config.7* %doc %{_mandir}/man7/developers.7* %doc %{_mandir}/man7/orgs.7* +%doc %{_mandir}/man7/logging.7* %doc %{_mandir}/man7/registry.7* %doc %{_mandir}/man7/removal.7* %doc %{_mandir}/man7/scope.7* @@ -692,17 +681,36 @@ end %changelog +* Fri Aug 05 2022 Zuzana Svetlikova - 1:16.16.0-3 +- Fix build +- Resolves: RHBZ#2111416 + +* Fri Aug 05 2022 Zuzana Svetlikova - 1:16.16.0-2 +- Refactor spec +- Resolves: RHBZ#2111416 + +* Tue Jul 26 2022 Zuzana Svetlikova - 1:16.16.0-1 +- Rebase to latest version +- Resolves: RHBZ#2106369 +- CVE fixes for CVE-2022-32212/3/4/5 +- Resolves: #2109578, #2109581, #2109584, #2109588 + +* Mon Apr 11 2022 Zuzana Svetlikova - 1:16.14.0-4 +- Apply lock file validation fixes +- Resolves CVE-2021-43616 +- Resolves: RHBZ#2070012 + * Mon Dec 06 2021 Zuzana Svetlikova - 1:16.13.1-3 -- Resolves: RHBZ#2027610 +- Resolves: RHBZ#2026329 - Add corepack to spec * Mon Dec 06 2021 Zuzana Svetlikova - 1:16.13.1-2 -- Resolves: RHBZ#2027610 +- Resolves: RHBZ#2026329 - Update npm version test * Thu Dec 02 2021 Zuzana Svetlikova - 1:16.13.1-1 -- Resolves: RHBZ#2027644, RHBZ#2027643, RHBZ#2027638, RHBZ#2027633 -- Resolves: RHBZ#2027610 +- Resolves: RHBZ#2014132, RHBZ#2014126, RHBZ#2013828, RHBZ#2024920 +- Resolves: RHBZ#2026329 - Rebase to LTS release and to fix multiple low and medium CVEs * Mon Sep 13 2021 Zuzana Svetlikova - 1:16.8.0-1