diff --git a/SHASUMS256.txt b/SHASUMS256.txt index 1c71f63..366b3df 100644 --- a/SHASUMS256.txt +++ b/SHASUMS256.txt @@ -1,34 +1,34 @@ -e4d8d6030efe1e0b103ba7a158996b2ff4ceef0f8fd05af9ea61eb4b17d6fa0c node-v18.9.0-aix-ppc64.tar.gz -60300b40f539fc93005859fcb7ea585bfd111800e90b6ee744a07f2380512bbb node-v18.9.0-darwin-arm64.tar.gz -d20ad4d52c0df79bc2296f78cb5cd7d0757e848263b30822538f31d695d3b0a4 node-v18.9.0-darwin-arm64.tar.xz -dce1144cbfc01e03c2e84582461c3ce83541968b2b52a3d3a6f2bbfb09183fba node-v18.9.0-darwin-x64.tar.gz -aecd44f8799e31ed73fb746d00da28f0a32d0ec45079ee85545881e607ddd4d3 node-v18.9.0-darwin-x64.tar.xz -e7ec2a64fc24cc5c790289df80e4788190ca6760a96b6947ef02452bb520cd00 node-v18.9.0-headers.tar.gz -47ad304159c8c01271f166b8750d82d96b7d7e1586d9a9225fea0f50a5ce4224 node-v18.9.0-headers.tar.xz -0d0e671158e072a63c24714bfc4c19a4bb0a70c89d219b1f23d67cbea9c5ffcf node-v18.9.0-linux-arm64.tar.gz -3ec898c66916ab7e245c34f402c091c50bcaa325617f692a6b62dc8d9c06baa0 node-v18.9.0-linux-arm64.tar.xz -195bea2e5be6c791bc460fdc0939375f25b6246cbb57521374eddc9e77323829 node-v18.9.0-linux-armv7l.tar.gz -730697bcfc5ba1538a3c8380edcf51cfa58c760804fb90bab6cfda34d30c55f8 node-v18.9.0-linux-armv7l.tar.xz -794bb57444e14e3282f8f2416483c385e3ae1d66b8babb025ed2b78e22d8157d node-v18.9.0-linux-ppc64le.tar.gz -1b8fadd2d879d2a8b6ee97fcfc0caaa0e1190026e565c097c898824541cd2d86 node-v18.9.0-linux-ppc64le.tar.xz -1061f5ed96290df7f3e5b1f183fdacfd82bba0d8c2dfb984505110f83e9ac215 node-v18.9.0-linux-s390x.tar.gz -86d55c4f495e74e8a9d03e4e34ef4f2ee6ec6ab187ecedf3e430e93baf9faea0 node-v18.9.0-linux-s390x.tar.xz -7fdbfdb985a48db3d22a2472330db05d94c9aff59192b09d8f9ab5fcedba76d5 node-v18.9.0-linux-x64.tar.gz -0137e43f5492dd97b6ef1f39ea4581975016e5f1e70db461d7292c6853ace066 node-v18.9.0-linux-x64.tar.xz -bae2d3417a9e1c4cc7145801e428c13e9fce006044258194d073207efd1b736b node-v18.9.0-win-x64.7z -d7a9c9e8a36259d1e15052c135fbd11937d0f0485360e402e833522076233a7a node-v18.9.0-win-x64.zip -7b2f1a76c4bbcc464f05b4895dbe5e48047d35cf88b210bdde71034f0aee3146 node-v18.9.0-win-x86.7z -6543f6e72a704bf56170dd874f9edc6ed9468d15008dbb214654d3681221c37e node-v18.9.0-win-x86.zip -38744484707594133d1b9e94d2575d403d132761241de2a6b5a4bf0648946ea0 node-v18.9.0-x64.msi -4c4e9206f652e47371eb52753501280348bb8bfad827d1ac6f782152a00df31b node-v18.9.0-x86.msi -7b469adcc4863e53fdbeb66e0eff3316abdf40d80be51adc6b4c7fe1dd04348e node-v18.9.0.pkg -89af82a3f8df01a24bb61b69a4e9a0482bfa8793a7686c88227bce10ee0c72bc node-v18.9.0.tar.gz -c75cc89afead976791900accde02a7b1e7e762702f0f6fa68eaacb01984d9654 node-v18.9.0.tar.xz -6f4da4ffa06afa4096acb5279e6875ccb5ffcd03a86fbbee382dde4bc96565f5 win-x64/node.exe +6b602994ea7e22d49e1b2406d3d1119133d6bc89e52f70cd61090968b9e5ec93 node-v18.9.1-aix-ppc64.tar.gz +289dca525c5535bddf389b69386ceb12d7c77eeae9aa2f666652877f982f9b5d node-v18.9.1-darwin-arm64.tar.gz +b80c029f945c522d553b70f4a8de14a077983dc36b4481a3051cd7103fb4a04c node-v18.9.1-darwin-arm64.tar.xz +ef7d92bb3b21b50242175483dca6ccd98052d6f4be3ce5b9ae55f0b95c0db25d node-v18.9.1-darwin-x64.tar.gz +dff4fe1259b7801121bf7335cddd742801c8b34a4aba9dc3eb5943c1edb163ee node-v18.9.1-darwin-x64.tar.xz +fb963b1e81110447f6c19dc5211c1bc2f44b53460d10daac8dd920ebff081ffc node-v18.9.1-headers.tar.gz +62f3863047d94f3ce1250f61be20fd697e47e972e636ff3385d469d55e8dd71a node-v18.9.1-headers.tar.xz +a1610d6f75f45fb0dc73164231c63308d653c09a57dd14a989cf4de9b96e965b node-v18.9.1-linux-arm64.tar.gz +d4edf28b695374faafc944f291151bf2fcfcf4b575207eadaee86a2c2aa1cbbe node-v18.9.1-linux-arm64.tar.xz +d488cd0cda2c71d397c69db4088d4bec631c1489e1d58afbf2ed6e7d0ccc2660 node-v18.9.1-linux-armv7l.tar.gz +82502c7fb666b3842491d6244cd1eda72562ebe801dbe5c37bddab28acb91414 node-v18.9.1-linux-armv7l.tar.xz +6a853f4702c41c0da9f625def2db01e24a91e89a2c8dbbeb7b79556572390aa6 node-v18.9.1-linux-ppc64le.tar.gz +3b892a3f3f37d262f344b2cbf0a2aa1deb8534c3674d42a256f5153df409c087 node-v18.9.1-linux-ppc64le.tar.xz +042b5069395cb1f377a6b25203afdb099187ca44c67f848f805ecc7f8d97f412 node-v18.9.1-linux-s390x.tar.gz +eb0cc3db68e17faab8d60ad8e69f0a21eaf14dfd593c4f1b7117d49f51baaf43 node-v18.9.1-linux-s390x.tar.xz +33ecf5f39618f4beb90a9be98880325cb4f06e33b52e315040a54fd0700f2434 node-v18.9.1-linux-x64.tar.gz +0777cf4e281359061a6b5d0afe6750f5efd0e874f489a5ebb53ec8b8f77e8b82 node-v18.9.1-linux-x64.tar.xz +60160570e4d22c1735e74c0e954bcd94621870871a170b6b2cb4089d91204053 node-v18.9.1-win-x64.7z +763e691ed8f51b8664da4dcc5a0f5d428dbd69d4162630a6fcf366e5e9e25e81 node-v18.9.1-win-x64.zip +c9a22fe916685f1178d3ff60bdfc49a0d8d0b17944c640d0a0bfc8e25317bdaf node-v18.9.1-win-x86.7z +860cd7354943eb137715c510b77a7e230666b47998edd6f5ea803db1aaf8999a node-v18.9.1-win-x86.zip +b2886faeaed5a1ddc03325e8c1fca143e0bbfa250ae7a69a8326be364ad28577 node-v18.9.1-x64.msi +af847e88b3a3d0ceb63ffd572ff906d3a60b2a235334b7336f11904cbe7d35bb node-v18.9.1-x86.msi +a3219e92b15afd4baa6a3bc8e3ad25f3036cb07bea08d2622c9a59db8d0a24f9 node-v18.9.1.pkg +50ae12386eb79058ad2d38335e41ca120904900a36b1bcfb10934be9373f737b node-v18.9.1.tar.gz +f381963d43568ba699915c88629dc6da4a1963804dcd37b2e6e1d10d923dd5d9 node-v18.9.1.tar.xz +6d5094f77f1273b8127046d9c528bb800470b178a0b44d271907de5cf19b9dde win-x64/node.exe 3111a04d3ae94921ac20f2afc4e167c59e50c07609ee940d1a8eec46f08310ad win-x64/node.lib -7f5f093c1f612803629218793c5eb72719274faa078a4f63ecbe543b7a00e9e6 win-x64/node_pdb.7z -e750259b9c628578fc2ae463d62fadf6c95c266e1c5f32f252d80c7e716c3418 win-x64/node_pdb.zip -3452040fc8d9e8894e169229d30425f00dfbf0082e00081baa7d550e7b7321d8 win-x86/node.exe +28b6e90a8880b076b46e3f4662d19ea3e020f7b06c12135de31a62a2015019fb win-x64/node_pdb.7z +464771c89a6bd4fd3684e172d2dbd510906c30c4273c6526d26ddc1f7e3bce78 win-x64/node_pdb.zip +f93ea0dbeb0e5326f53c7f1258d5315542c045651e43dae5ce18f7f32977fa3d win-x86/node.exe e0b45a34da85070b41e13169a6ed30ea782d400dd8e8597d665727bac8d621f0 win-x86/node.lib -1bc12a2b9686a08a935fc6e78c9595e44d61df33a342bd98ad89088f75367a7b win-x86/node_pdb.7z -c52111fdd0180eb82d96b376c37ecf1160f57ccb0e12102a5183ece4708d8c70 win-x86/node_pdb.zip +f0a4d77ebccca0909f5532d9c14ac140dbb003075397b086ad4c7ede0b803b7e win-x86/node_pdb.7z +a1b7b350faceec615894e3c1e4a812122ef6f1c652bc3e531a6ea07104cfb155 win-x86/node_pdb.zip diff --git a/SHASUMS256.txt.sig b/SHASUMS256.txt.sig index e095ae9..e2a4f9a 100644 Binary files a/SHASUMS256.txt.sig and b/SHASUMS256.txt.sig differ diff --git a/node-v18.9.1.tar.xz b/node-v18.9.1.tar.xz new file mode 100644 index 0000000..70877f1 --- /dev/null +++ b/node-v18.9.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f381963d43568ba699915c88629dc6da4a1963804dcd37b2e6e1d10d923dd5d9 +size 38315220 diff --git a/nodejs18.changes b/nodejs18.changes index d050bd6..4a16b91 100644 --- a/nodejs18.changes +++ b/nodejs18.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Sep 26 13:13:39 UTC 2022 - Adam Majer + +- Update to Nodejs 18.9.1: + * deps: llhttp updated to 6.0.10 + + CVE-2022-32213 bypass via obs-fold mechanic + + Incorrect Parsing of Multi-line Transfer-Encoding + (CVE-2022-32215) + + Incorrect Parsing of Header Fields (CVE-35256) + * crypto: fix weak randomness in WebCrypto keygen + (CVE-2022-35255) + ------------------------------------------------------------------- Thu Sep 15 15:00:25 UTC 2022 - Adam Majer diff --git a/nodejs18.spec b/nodejs18.spec index d333904..8c1a55a 100644 --- a/nodejs18.spec +++ b/nodejs18.spec @@ -15,23 +15,13 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # -########################################################### -# -# WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! -# -# This spec file is generated from a template hosted at -# https://github.com/AdamMajer/nodejs-packaging -# -########################################################### -# Fedora doesn't have rpm-config-SUSE which provides -# ext_man in /usr/lib/rpm/macros.d/macros.obs %if 0%{?fedora_version} %define ext_man .gz %endif Name: nodejs18 -Version: 18.9.0 +Version: 18.9.1 Release: 0 # Double DWZ memory limits @@ -129,12 +119,12 @@ Source1: https://nodejs.org/dist/v%{version}/SHASUMS256.txt Source2: https://nodejs.org/dist/v%{version}/SHASUMS256.txt.sig Source3: nodejs.keyring -# Python 3.4 compatible node-gyp -### https://github.com/nodejs/node-gyp.git -### git archive v7.1.2 gyp/ | xz > node-gyp_7.1.2.tar.xz -Source5: node-gyp_7.1.2.tar.xz -# Only required to run unit tests in NodeJS 10+ -Source10: update_npm_tarball.sh +# Python 3.4 compatible node-gyp +### https://github.com/nodejs/node-gyp.git +### git archive v7.1.2 gyp/ | xz > node-gyp_7.1.2.tar.xz +Source5: node-gyp_7.1.2.tar.xz +# Only required to run unit tests in NodeJS 10+ +Source10: update_npm_tarball.sh Source11: node_modules.tar.xz Source20: bash_output_helper.bash @@ -145,8 +135,6 @@ Patch5: sle12_python3_compat.patch Patch7: manual_configure.patch Patch13: openssl_binary_detection.patch - - ## Patches specific to SUSE and openSUSE Patch100: linker_lto_jobs.patch # PATCH-FIX-OPENSUSE -- set correct path for dtrace if it is built @@ -173,8 +161,8 @@ Patch200: versioned.patch Patch303: openssl3_fixups.patch Patch304: new_python3.patch -BuildRequires: pkg-config BuildRequires: fdupes +BuildRequires: pkg-config BuildRequires: procps BuildRequires: xz BuildRequires: zlib-devel @@ -194,10 +182,10 @@ BuildRequires: config(netcfg) %if 0%{?suse_version} == 1110 # GCC 5 is only available in the SUSE:SLE-11:SP4:Update repository (SDK). %if %node_version_number >= 8 -BuildRequires: gcc5-c++ +BuildRequires: gcc5-c++ %define forced_gcc_version 5 %else -BuildRequires: gcc48-c++ +BuildRequires: gcc48-c++ %define forced_gcc_version 4.8 %endif %endif @@ -207,15 +195,15 @@ BuildRequires: gcc48-c++ # for SLE-12:Update targets %if 0%{?suse_version} == 1315 %if %node_version_number >= 17 -BuildRequires: gcc12-c++ +BuildRequires: gcc12-c++ %define forced_gcc_version 12 %else %if %node_version_number >= 14 -BuildRequires: gcc9-c++ +BuildRequires: gcc9-c++ %define forced_gcc_version 9 %else %if %node_version_number >= 8 -BuildRequires: gcc7-c++ +BuildRequires: gcc7-c++ %define forced_gcc_version 7 %endif %endif @@ -224,7 +212,7 @@ BuildRequires: gcc7-c++ %if 0%{?suse_version} == 1500 %if %node_version_number >= 17 -BuildRequires: gcc12-c++ +BuildRequires: gcc12-c++ %define forced_gcc_version 12 %endif %endif @@ -235,7 +223,6 @@ BuildRequires: gcc12-c++ BuildRequires: gcc-c++ %endif - # Python dependencies %if %node_version_number >= 16 @@ -260,8 +247,8 @@ BuildRequires: python %endif %if 0%{?suse_version} >= 1500 && %{node_version_number} >= 10 -BuildRequires: user(nobody) BuildRequires: group(nobody) +BuildRequires: user(nobody) %endif %if ! 0%{with intree_openssl} @@ -324,7 +311,7 @@ BuildRequires: valgrind %if %{with libalternatives} Requires: alts %else -Requires(postun): %{_sbindir}/update-alternatives +Requires(postun):%{_sbindir}/update-alternatives %endif # either for update-alternatives, or their removal Requires(post): %{_sbindir}/update-alternatives @@ -363,8 +350,8 @@ ExclusiveArch: not_buildable %endif %endif -Provides: bundled(uvwasi) = 0.0.12 Provides: bundled(libuv) = 1.43.0 +Provides: bundled(uvwasi) = 0.0.12 Provides: bundled(v8) = 10.2.154.15 %if %{with intree_brotli} Provides: bundled(brotli) = 1.0.9 @@ -372,8 +359,7 @@ Provides: bundled(brotli) = 1.0.9 BuildRequires: pkgconfig(libbrotlidec) %endif - -Provides: bundled(llhttp) = 6.0.9 +Provides: bundled(llhttp) = 6.0.10 Provides: bundled(ngtcp2) = 0.1.0-DEV Provides: bundled(node-acorn) = 8.8.0 @@ -391,8 +377,8 @@ provided by npm. Summary: Development headers for NodeJS 18.x Group: Development/Languages/NodeJS Provides: nodejs-devel = %{version} -Requires: npm18 = %{version} Requires: %{name} = %{version} +Requires: npm18 = %{version} %description devel This package provides development headers for Node.js needed for creation @@ -409,12 +395,12 @@ Requires: nodejs-common Requires: nodejs18 = %{version} Provides: nodejs-npm = %{version} Obsoletes: nodejs-npm < 4.0.0 -Provides: npm(npm) = 8.19.1 Provides: npm = %{version} +Provides: npm(npm) = 8.19.1 %if 0%{?suse_version} >= 1500 %if %{node_version_number} >= 10 -Requires: user(nobody) Requires: group(nobody) +Requires: user(nobody) %endif %endif Provides: bundled(node-abbrev) = 1.1.1 @@ -580,8 +566,8 @@ Provides: bundled(node-spdx-exceptions) = 2.3.0 Provides: bundled(node-spdx-expression-parse) = 3.0.1 Provides: bundled(node-spdx-license-ids) = 3.0.11 Provides: bundled(node-ssri) = 9.0.1 -Provides: bundled(node-string_decoder) = 1.3.0 Provides: bundled(node-string-width) = 4.2.3 +Provides: bundled(node-string_decoder) = 1.3.0 Provides: bundled(node-strip-ansi) = 6.0.1 Provides: bundled(node-supports-color) = 7.2.0 Provides: bundled(node-tar) = 6.1.11 @@ -688,7 +674,6 @@ mkdir deps/npm/node_modules/node-gyp tar -C deps/npm/node_modules/node-gyp Jxf %{SOURCE5} %endif - %build # normalize shebang %if %{node_version_number} >= 12 @@ -1016,6 +1001,7 @@ update-alternatives --remove npm-default %{_bindir}/npm%{node_version_number} update-alternatives --remove npx-default %{_bindir}/npx%{node_version_number} %else + %pre # remove files that are no longer owned but provided by update-alternatives if ! [ -L %{_mandir}/man1/node.1%{ext_man} ]; then