import nodejs-14.21.1-2.module+el8.7.0+17528+a329cd47

c8-stream-14 imports/c8-stream-14/nodejs-14.21.1-2.module+el8.7.0+17528+a329cd47
CentOS Sources 2 years ago committed by MSVSphere Packaging Team
commit 5fd23a4537

4
.gitignore vendored

@ -0,0 +1,4 @@
SOURCES/cjs-module-lexer-1.2.2.tar.gz
SOURCES/icu4c-70_1-src.tgz
SOURCES/node-v14.21.1-stripped.tar.gz
SOURCES/wasi-sdk-wasi-sdk-11.tar.gz

@ -0,0 +1,4 @@
6976e77068429bd0b47b573793289e065ceb6b27 SOURCES/cjs-module-lexer-1.2.2.tar.gz
f7c1363edee6be7de8b624ffbb801892b3417d4e SOURCES/icu4c-70_1-src.tgz
2812a06625a63430d5f36ce9019cc2df321956e6 SOURCES/node-v14.21.1-stripped.tar.gz
8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz

@ -0,0 +1,26 @@
From 0daef8b47290ffa866f321173a0a45f7c131f172 Mon Sep 17 00:00:00 2001
From: Zuzana Svetlikova <zsvetlik@redhat.com>
Date: Fri, 17 Apr 2020 12:59:44 +0200
Subject: [PATCH] Disable running gyp on shared deps
Signed-off-by: rpm-build <rpm-build>
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 82281b5..9e65fc4 100644
--- a/Makefile
+++ b/Makefile
@@ -143,7 +143,7 @@ with-code-cache test-code-cache:
$(warning '$@' target is a noop)
out/Makefile: config.gypi common.gypi node.gyp \
- deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
+ deps/llhttp/llhttp.gyp \
tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
$(PYTHON) tools/gyp_node.py -f make
--
2.38.1

@ -0,0 +1,45 @@
From 8fc20d21cd7861ecc4f034ae82234a05227c2c12 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 9 Dec 2021 15:48:46 +0100
Subject: [PATCH] deps(ansi-regex): fix potential ReDoS
This is the upstream fix [1] applied to all applicable bundled deps.
[1]: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
Fixes: CVE-2021-3807
Signed-off-by: rpm-build <rpm-build>
---
.../node_modules/string-width/node_modules/ansi-regex/index.js | 2 +-
deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
index c4aaecf..7d32201 100644
--- a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
+++ b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
@@ -2,7 +2,7 @@
module.exports = () => {
const pattern = [
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\\u0007)',
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))'
].join('|');
diff --git a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
index c254480..9e37ec3 100644
--- a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
+++ b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
@@ -6,7 +6,7 @@ module.exports = options => {
}, options);
const pattern = [
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
].join('|');
--
2.38.1

@ -0,0 +1,98 @@
From 00da0b65c4c6bd75be2b91fba196be520e8ccf00 Mon Sep 17 00:00:00 2001
From: Jordan Harband <ljharb@gmail.com>
Date: Mon, 27 Dec 2021 19:15:57 -0800
Subject: [PATCH] deps(qs/parse): ignore `__proto__` keys (CVE-2022-24999)
Signed-off-by: rpm-build <rpm-build>
---
deps/npm/node_modules/qs/lib/parse.js | 2 +-
deps/npm/node_modules/qs/test/parse.js | 60 ++++++++++++++++++++++++++
2 files changed, 61 insertions(+), 1 deletion(-)
diff --git a/deps/npm/node_modules/qs/lib/parse.js b/deps/npm/node_modules/qs/lib/parse.js
index 8c9872e..08e623a 100644
--- a/deps/npm/node_modules/qs/lib/parse.js
+++ b/deps/npm/node_modules/qs/lib/parse.js
@@ -69,7 +69,7 @@ var parseObject = function (chain, val, options) {
) {
obj = [];
obj[index] = leaf;
- } else {
+ } else if (cleanRoot !== '__proto__') {
obj[cleanRoot] = leaf;
}
}
diff --git a/deps/npm/node_modules/qs/test/parse.js b/deps/npm/node_modules/qs/test/parse.js
index 0f8fe45..3e93784 100644
--- a/deps/npm/node_modules/qs/test/parse.js
+++ b/deps/npm/node_modules/qs/test/parse.js
@@ -515,6 +515,66 @@ test('parse()', function (t) {
st.end();
});
+ t.test('dunder proto is ignored', function (st) {
+ var payload = 'categories[__proto__]=login&categories[__proto__]&categories[length]=42';
+ var result = qs.parse(payload, { allowPrototypes: true });
+
+ st.deepEqual(
+ result,
+ {
+ categories: {
+ length: '42'
+ }
+ },
+ 'silent [[Prototype]] payload'
+ );
+
+ var plainResult = qs.parse(payload, { allowPrototypes: true, plainObjects: true });
+
+ st.deepEqual(
+ plainResult,
+ {
+ __proto__: null,
+ categories: {
+ __proto__: null,
+ length: '42'
+ }
+ },
+ 'silent [[Prototype]] payload: plain objects'
+ );
+
+ var query = qs.parse('categories[__proto__]=cats&categories[__proto__]=dogs&categories[some][json]=toInject', { allowPrototypes: true });
+
+ st.notOk(Array.isArray(query.categories), 'is not an array');
+ st.notOk(query.categories instanceof Array, 'is not instanceof an array');
+ st.deepEqual(query.categories, { some: { json: 'toInject' } });
+ st.equal(JSON.stringify(query.categories), '{"some":{"json":"toInject"}}', 'stringifies as a non-array');
+
+ st.deepEqual(
+ qs.parse('foo[__proto__][hidden]=value&foo[bar]=stuffs', { allowPrototypes: true }),
+ {
+ foo: {
+ bar: 'stuffs'
+ }
+ },
+ 'hidden values'
+ );
+
+ st.deepEqual(
+ qs.parse('foo[__proto__][hidden]=value&foo[bar]=stuffs', { allowPrototypes: true, plainObjects: true }),
+ {
+ __proto__: null,
+ foo: {
+ __proto__: null,
+ bar: 'stuffs'
+ }
+ },
+ 'hidden values: plain objects'
+ );
+
+ st.end();
+ });
+
t.test('can return null objects', { skip: !Object.create }, function (st) {
var expected = Object.create(null);
expected.a = Object.create(null);
--
2.38.1

@ -0,0 +1,151 @@
// Copyright (C) 2014 IBM Corporation and Others. All Rights Reserved.
// This file is part of the Node.JS ICU enablement work
// https://github.com/joyent/node/pull/7719
// and is under the same license.
//
// This is a very, very, very basic test of es402
//
// URL: https://github.com/srl295/btest402
// Author: Steven R. Loomis <srl@icu-project.org>
//
// for a complete test, see http://test262.ecmascript.org
//
// Usage: node btest402.js
try {
console.log("You have console.log.");
} catch(e) {
// this works on d8
console = { log: print };
console.log("Now you have console.log.");
}
function runbtest() {
var summary = {};
try {
var i = Intl;
summary.haveIntl = true;
console.log("+ Congrats, you have the Intl object.");
} catch(e) {
console.log("You don't have the Intl object: " + e);
}
if(summary.haveIntl) {
var locs = [ "en", "mt", "ja","tlh"];
var d = new Date(196400000);
for ( var n=0; n<locs.length; n++ ) {
var loc = locs[n];
var lsummary = summary[loc] = {};
console.log(loc+":");
var sl=null;
try {
sl = Intl.DateTimeFormat.supportedLocalesOf([loc]);
if( sl.length > 0 ) {
lsummary.haveSlo = true;
}
} catch (e) {
console.log("SLO err: " + e);
}
var dstr = "ERR";
try {
lsummary.dstr = d.toLocaleString(loc,{month: "long",day:"numeric",weekday:"long",year:"numeric"});
console.log(" date: (supported:"+sl+") " + lsummary.dstr);
} catch (e) {
console.log(" Date Format err: " + e);
}
try {
new Intl.v8BreakIterator();
console.log(" Intl.v8BreakIterator:" +
Intl.v8BreakIterator.supportedLocalesOf(loc) + " Supported, first()==" +
new Intl.v8BreakIterator(loc).first() );
lsummary.brkOk = true;
} catch ( e) {
console.log(" Intl.v8BreakIterator error (NOT part of EcmaScript402): " + e);
}
console.log();
}
}
// print summary
console.log();
console.log("--------- Analysis ---------");
stxt = "";
if( summary.haveIntl ) {
console.log("* You have the 'Intl' object. Congratulations! You have the possibility of being EcmaScript 402 compliant.");
stxt += "Have Intl, ";
if ( !summary.en.haveSlo ) {
stxt += "Date:no EN, ";
console.log("* English isn't a supported language by the date formatter. Perhaps the data isn't installed properly?");
}
if ( !summary.tlh.haveSlo ) {
stxt += "Date:no 'tlh', ";
console.log("* Klingon isn't a supported language by the date formatter. It is without honor!");
}
// now, what is it actually saying
if( summary.en.dstr.indexOf("1970") == -1) {
stxt += "Date:bad 'en', ";
console.log("* the English date format text looks bad to me. Doesn't even have the year.");
} else {
if( summary.en.dstr.indexOf("Jan") == -1) {
stxt += "Date:bad 'en', ";
console.log("* The English date format text looks bad to me. Doesn't have the right month.");
}
}
if( summary.mt.dstr == summary.en.dstr ) {
stxt += "Date:'mt'=='en', ";
console.log("* The English and Maltese look the same to me. Probably a 'small' build.");
} else if( summary.mt.dstr.indexOf("1970") == -1) {
stxt += "Date:bad 'mt', ";
console.log("* the Maltese date format text looks bad to me. Doesn't even have the year. (This data is missing from the Chromium ICU build)");
} else {
if( summary.mt.dstr.indexOf("Jann") == -1) {
stxt += "Date:bad 'mt', ";
console.log("* The Maltese date format text looks bad to me. Doesn't have the right month. (This data is missing from the Chromium ICU build)");
}
}
if ( !summary.ja.haveSlo ) {
stxt += "Date:no 'ja', ";
console.log("* Japanese isn't a supported language by the date formatter. Could be a 'small' build.");
} else {
if( summary.ja.dstr.indexOf("1970") == -1) {
stxt += "Date:bad 'ja', ";
console.log("* the Japanese date format text looks bad to me. Doesn't even have the year.");
} else {
if( summary.ja.dstr.indexOf("日") == -1) {
stxt += "Date:bad 'ja', ";
console.log("* The Japanese date format text looks bad to me.");
}
}
}
if ( summary.en.brkOk ) {
stxt += "FYI: v8Brk:have 'en', ";
console.log("* You have Intl.v8BreakIterator support. (Note: not part of ES402.)");
}
} else {
console.log("* You don't have the 'Intl' object. You aren't EcmaScript 402 compliant.");
stxt += " NO Intl. ";
}
// 1-liner.
console.log();
console.log("----------------");
console.log( "SUMMARY:" + stxt );
}
var dorun = true;
try {
if(btest402_noautorun) {
dorun = false;
}
} catch(e) {}
if(dorun) {
console.log("Running btest..");
runbtest();
}

@ -0,0 +1,195 @@
#!/bin/sh
# Uses Argbash to generate command argument parsing. To update
# arguments, make sure to call
# `argbash nodejs-tarball.sh -o nodejs-tarball.sh`
# ARG_POSITIONAL_SINGLE([version],[Node.js release version],[""])
# ARG_DEFAULTS_POS([])
# ARG_HELP([Tool to aid in Node.js packaging of new releases])
# ARGBASH_GO()
# needed because of Argbash --> m4_ignore([
### START OF CODE GENERATED BY Argbash v2.8.1 one line above ###
# Argbash is a bash code generator used to get arguments parsing right.
# Argbash is FREE SOFTWARE, see https://argbash.io for more info
die()
{
local _ret=$2
test -n "$_ret" || _ret=1
test "$_PRINT_HELP" = yes && print_help >&2
echo "$1" >&2
exit ${_ret}
}
begins_with_short_option()
{
local first_option all_short_options='h'
first_option="${1:0:1}"
test "$all_short_options" = "${all_short_options/$first_option/}" && return 1 || return 0
}
# THE DEFAULTS INITIALIZATION - POSITIONALS
_positionals=()
_arg_version=""
# THE DEFAULTS INITIALIZATION - OPTIONALS
print_help()
{
printf '%s\n' "Tool to aid in Node.js packaging of new releases"
printf 'Usage: %s [-h|--help] [<version>]\n' "$0"
printf '\t%s\n' "<version>: Node.js release version (default: '""')"
printf '\t%s\n' "-h, --help: Prints help"
}
parse_commandline()
{
_positionals_count=0
while test $# -gt 0
do
_key="$1"
case "$_key" in
-h|--help)
print_help
exit 0
;;
-h*)
print_help
exit 0
;;
*)
_last_positional="$1"
_positionals+=("$_last_positional")
_positionals_count=$((_positionals_count + 1))
;;
esac
shift
done
}
handle_passed_args_count()
{
test "${_positionals_count}" -le 1 || _PRINT_HELP=yes die "FATAL ERROR: There were spurious positional arguments --- we expect between 0 and 1, but got ${_positionals_count} (the last one was: '${_last_positional}')." 1
}
assign_positional_args()
{
local _positional_name _shift_for=$1
_positional_names="_arg_version "
shift "$_shift_for"
for _positional_name in ${_positional_names}
do
test $# -gt 0 || break
eval "$_positional_name=\${1}" || die "Error during argument parsing, possibly an Argbash bug." 1
shift
done
}
parse_commandline "$@"
handle_passed_args_count
assign_positional_args 1 "${_positionals[@]}"
# OTHER STUFF GENERATED BY Argbash
### END OF CODE GENERATED BY Argbash (sortof) ### ])
# [ <-- needed because of Argbash
set -e
echo $_arg_version
if [ x$_arg_version != x ]; then
version=$_arg_version
else
version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1)
fi
rm -f node-v${version}.tar.gz node-v${version}-stripped.tar.gz
wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz \
http://nodejs.org/dist/v${version}/SHASUMS256.txt
sha256sum -c SHASUMS256.txt --ignore-missing
tar -zxf node-v${version}.tar.gz
rm -rf node-v${version}/deps/openssl
tar -zcf node-v${version}-stripped.tar.gz node-v${version}
# Download the matching version of ICU
rm -f icu4c*-src.tgz icu.md5
ICUMD5=$(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].md5')
wget $(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].url')
ICUTARBALL=$(ls -1 icu4c*-src.tgz)
echo "$ICUMD5 $ICUTARBALL" > icu.md5
md5sum -c icu.md5
rm -f icu.md5 SHASUMS256.txt
rhpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
rm -f node-v${version}.tar.gz
set +e
# Determine the bundled versions of the various packages
echo "Bundled software versions"
echo "-------------------------"
echo
echo "libnode shared object version"
echo "========================="
grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h
echo
echo "V8"
echo "========================="
grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h
echo
echo "c-ares"
echo "========================="
grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h
grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
echo
echo "llhttp"
echo "========================="
grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
echo
echo "libuv"
echo "========================="
grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h
grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h
grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h
echo
echo "nghttp2"
echo "========================="
grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
echo
echo "ICU"
echo "========================="
grep "url" node-v${version}/tools/icu/current_ver.dep
echo
echo "punycode"
echo "========================="
grep "'version'" node-v${version}/lib/punycode.js
echo
echo "uvwasi"
echo "========================="
grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
echo
echo "npm"
echo "========================="
grep "\"version\":" node-v${version}/deps/npm/package.json
echo
echo "Make sure these versions match what is in the RPM spec file"
rm -rf node-v${version}
# ] <-- needed because of Argbash

@ -0,0 +1,2 @@
%__nodejs_native_requires %{_rpmconfigdir}/nodejs_native.req
%__nodejs_native_path ^/usr/lib.*/node_modules/.*\\.node$

@ -0,0 +1,2 @@
prefix=/usr/local
python=/usr/bin/python3

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save