[packages/nodejs] - updated to 12.16.1 (12.15.0 fixed CVE-2019-15604 CVE-2019-15605 CVE-2019-15606) - one more change

qboosh qboosh at pld-linux.org
Sun Mar 22 07:39:40 CET 2020 

commit 4398233e40c2005e8512137c4598d072e6302ae1
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Sun Mar 22 07:40:48 2020 +0100

    - updated to 12.16.1 (12.15.0 fixed CVE-2019-15604 CVE-2019-15605 CVE-2019-15606)
    - one more change needed in Disable-running-gyp-on-shared-deps patch

 0001-Disable-running-gyp-on-shared-deps.patch | 12 ++++++++
 nodejs.spec                                   | 43 ++++++++++++++-------------
 2 files changed, 35 insertions(+), 20 deletions(-)
---
diff --git a/nodejs.spec b/nodejs.spec
index ee31232..7240665 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -4,7 +4,7 @@
 
 # Conditional build:
 %bcond_without	system_uv	# system uv
-%bcond_with	httpparse	# use system http-parser and llhttp
+%bcond_with	http_parser	# use system http-parser and llhttp
 
 # NOTES:
 # - https://nodejs.org/en/download/releases/
@@ -22,12 +22,12 @@ Name:		nodejs
 # Active start: 2019-10-21
 # Maintenance start: October 2020
 # Maintenance end: April 2022
-Version:	12.14.1
-Release:	2
+Version:	12.16.1
+Release:	1
 License:	BSD and MIT and Apache v2.0 and GPL v3
 Group:		Development/Languages
 Source0:	https://nodejs.org/dist/v%{version}/node-v%{version}.tar.gz
-# Source0-md5:	7f2fa2f5df2b8179b5b00ec7de361b34
+# Source0-md5:	99f580f6066c53b7bf4b5f02b81dac29
 
 # force node to use /usr/lib/node as the systemwide module directory
 Patch2:		%{name}-libpath.patch
@@ -38,14 +38,14 @@ Patch5:		0002-Install-both-binaries-and-use-libdir.patch
 URL:		https://nodejs.org/
 BuildRequires:	c-ares-devel >= 1.14.0
 BuildRequires:	gcc >= 6:4.8
-%if %{with httpparse}
-BuildRequires:	http-parser-devel >= 2.9.2
-BuildRequires:	llhttp-devel
+%if %{with http_parser}
+BuildRequires:	http-parser-devel >= 2.9.3
+BuildRequires:	llhttp-devel >= 2.0.1
 %endif
 BuildRequires:	libicu-devel >= 0.64
 BuildRequires:	libstdc++-devel >= 6:4.8
 %{?with_system_uv:BuildRequires:	libuv-devel >= 1.34.0}
-BuildRequires:	nghttp2-devel >= 1.39.1
+BuildRequires:	nghttp2-devel >= 1.40.0
 BuildRequires:	openssl-devel >= 1.0.1
 BuildRequires:	pkgconfig
 BuildRequires:	python >= 1:2.7
@@ -55,11 +55,14 @@ BuildRequires:	rpm >= 4.4.9-56
 BuildRequires:	rpmbuild(macros) >= 1.219
 BuildRequires:	sed >= 4.0
 BuildRequires:	zlib-devel
+%{?with_http_parser:Requires:	http-parser >= 2.9.3}
+%{?with_system_uv:Requires:	libuv >= 1.34.0}
+Requires:	nghttp2 >= 1.40.0
 Requires:	ca-certificates
 Provides:	nodejs(engine) = %{version}
 Provides:	nodejs(module-version) = %{node_module_version}
 Obsoletes:	nodejs-waf
-ExclusiveArch:	%{ix86} %{x8664} arm
+ExclusiveArch:	%{ix86} %{x8664} %{arm}
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %define		sover	%(echo %{version} | cut -d. -f2)
@@ -88,7 +91,7 @@ Summary(pl.UTF-8):	Pliki nagłówkowe nodejs
 Group:		Development/Libraries
 Requires:	%{name} = %{version}-%{release}
 Requires:	gcc
-%{?with_http_parse:Requires:	http-parser-devel >= 2.9.2}
+%{?with_http_parser:Requires:	http-parser-devel >= 2.9.3}
 Requires:	libstdc++-devel
 %{?with_system_uv:Requires:	libuv-devel >= 1.34.0}
 Requires:	openssl-devel
@@ -105,7 +108,7 @@ Summary:	Documentation for Node.js engine
 Summary(pl.UTF-8):	Dokumentacja silnika Node.js
 Group:		Documentation
 URL:		https://nodejs.org/dist/v%{doc_ver}/docs/api
-%if "%{_rpmversion}" >= "5"
+%if "%{_rpmversion}" >= "4.6"
 BuildArch:	noarch
 %endif
 
@@ -151,7 +154,7 @@ Sondy systemtap/dtrace dla Node.js.
 grep -r '#!.*env python' -l . | xargs %{__sed} -i -e '1 s,#!.*env python,#!%{__python},'
 
 %{__rm} -r deps/npm
-%{?with_httpparse:%{__rm} -r deps/http_parser}
+%{?with_http_parser:%{__rm} -r deps/http_parser}
 %{__rm} -r deps/openssl
 %{?with_system_uv:%{__rm} -r deps/uv}
 %{__rm} -r deps/zlib
@@ -165,19 +168,19 @@ CC="%{__cc}" \
 CXX="%{__cxx}" \
 GYP_DEFINES="soname_version=%{sover}" \
 ./configure \
+	--prefix=%{_prefix} \
+	--libdir=%{_lib} \
 	--openssl-use-def-ca-store \
 	--shared \
 	--shared-cares \
-	--shared-openssl \
-	%{?with_http_parse:--shared-http-parser} \
-	--shared-nghttp2 \
-	--with-intl=system-icu \
+	%{?with_http_parser:--shared-http-parser} \
 	%{?with_system_uv:--shared-libuv} \
+	--shared-nghttp2 \
+	--shared-openssl \
 	--shared-zlib \
-	--without-npm \
+	--with-intl=system-icu \
 	--without-dtrace \
-	--libdir=%{_lib} \
-	--prefix=%{_prefix}
+	--without-npm
 
 # add LFS defines from libuv (RHBZ#892601)
 # CXXFLAGS must be exported, as it is needed for make, not gyp
@@ -241,7 +244,7 @@ rm -rf $RPM_BUILD_ROOT
 
 %files
 %defattr(644,root,root,755)
-%doc README.md AUTHORS CHANGELOG.md LICENSE
+%doc AUTHORS CHANGELOG.md LICENSE README.md SECURITY.md
 %attr(755,root,root) %{_bindir}/node
 %attr(755,root,root) %{_bindir}/nodejs
 %attr(755,root,root) %{_libdir}/libnode.so.%{node_module_version}
diff --git a/0001-Disable-running-gyp-on-shared-deps.patch b/0001-Disable-running-gyp-on-shared-deps.patch
index 668ff55..65ced4e 100644
--- a/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/0001-Disable-running-gyp-on-shared-deps.patch
@@ -27,3 +27,15 @@ index 0947300f24028d00bcfb79b38d96bded136228e3..5d4f88a705053fbdd6b56ec85e999767
 -- 
 2.23.0
 
+--- node-v12.16.1/deps/uvwasi/uvwasi.gyp.orig	2020-02-18 06:08:33.000000000 +0100
++++ node-v12.16.1/deps/uvwasi/uvwasi.gyp	2020-03-21 17:51:55.372551818 +0100
+@@ -14,9 +14,6 @@
+         'src/uv_mapping.c',
+         'src/uvwasi.c',
+       ],
+-      'dependencies': [
+-        '../uv/uv.gyp:libuv',
+-      ],
+       'direct_dependent_settings': {
+         'include_dirs': ['include']
+       },
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/nodejs.git/commitdiff/4398233e40c2005e8512137c4598d072e6302ae1

More information about the pld-cvs-commit mailing list