commit: bd954a9d5171bdd9cc4544c5b0036a971f3302cd Author: Marek Szuba <marecki <AT> gentoo <DOT> org> AuthorDate: Thu Feb 25 09:26:08 2021 +0000 Commit: Marek Szuba <marecki <AT> gentoo <DOT> org> CommitDate: Thu Feb 25 11:06:32 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd954a9d
net-libs/nodejs: bump subslot 12 to 12.21.0 Security release to address CVE-2021-22883, CVE-2021-22884, and CVE-2021-23840. Bug: https://bugs.gentoo.org/772422 Signed-off-by: Marek Szuba <marecki <AT> gentoo.org> net-libs/nodejs/Manifest | 1 + net-libs/nodejs/nodejs-12.21.0.ebuild | 219 ++++++++++++++++++++++++++++++++++ 2 files changed, 220 insertions(+) diff --git a/net-libs/nodejs/Manifest b/net-libs/nodejs/Manifest index 816a0ecbebe..4d14278f233 100644 --- a/net-libs/nodejs/Manifest +++ b/net-libs/nodejs/Manifest @@ -1,4 +1,5 @@ DIST node-v12.20.1.tar.xz 23641412 BLAKE2B 1c1d828a46c7d3ba3a8995d65902f20ff4d3e3c992a90e4cd0d0e985d5537a8251a1b789cac106caccca9050e5e74ca2e15b27100f715ef453d194fa07271a7a SHA512 a8948cfa64cc5222a975294a6403c1fb0c2443552ad739a049f7e50beed542c22e0004a456f1a225af847cfd06fcb4101d8f70e3f932750e74be86b14402af4d +DIST node-v12.21.0.tar.xz 23650552 BLAKE2B 532eef3e77d78aa1b6f30ebdc1dee88ed95280c86e44db525ce369cb1c2d9707a30a1a4ec2d8e699f7c1a14ada036fc4d62d0f0c7fa017e72768662768bbbf18 SHA512 48df48a12657e3a2366cd80a1a7040365b7a90053676230f1f93f253a1fcdafc5bc1df5b5ec5c13f616277b5feb7e7653cd145ab9c23222bf7702d7cd1fa74eb DIST node-v14.15.4.tar.xz 33296076 BLAKE2B a707dc15bdb670cdb239560d9b7a10541b793cad2339d02dafac2974df38dbe57d141b60d934f8b91cd65961f3a2df4ce92bcccf8b4359c7041f5f5531f1b704 SHA512 0d497a5d51de52412d09dd0fbcb936dbf0cba810f84d598be8f02c876d55f614e00c1ea0b25a00838e7b9f9c73a7882e3de0e9507d1c6ee45270a62d3438ab41 DIST node-v14.16.0.tar.xz 33301140 BLAKE2B faf380e8f02ea2e6084601fece1e9d3119aeabcebc844fd22a79c18e27cf54f0cd470971cc5a86277a226e59950f511e1173828565bdda1c1f06c52b144cba6f SHA512 ac6f7408df35e2bae8bcad3f461d8e260a2762c77f78d737b0339a592724ff1a98ba171a95e44366e731accfb3208e7cfd6d3edd0f646ddc26a01cfbdbbb655b DIST node-v15.10.0.tar.xz 33246956 BLAKE2B 2227063a352ed090aa92616f1d4651c840db8f22646cfbb8ad54aa568c6ce5ff1d608f98092a680df052849d50c25407e6e2ea51dda8b47591fd5cf58c972a3f SHA512 0d00cef7a2b665f15fae5321f7b9670866cf299855235806809b11b8b17017278be8b58c1252355b36525d704b41340c668f90f364192bdf7a22183b4809a939 diff --git a/net-libs/nodejs/nodejs-12.21.0.ebuild b/net-libs/nodejs/nodejs-12.21.0.ebuild new file mode 100644 index 00000000000..0ea379fb60e --- /dev/null +++ b/net-libs/nodejs/nodejs-12.21.0.ebuild @@ -0,0 +1,219 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7..8} ) +PYTHON_REQ_USE="threads(+)" + +inherit bash-completion-r1 flag-o-matic pax-utils python-any-r1 toolchain-funcs xdg-utils + +DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine" +HOMEPAGE="https://nodejs.org/"; +SRC_URI=" + https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz +" + +LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" +SLOT="0/$(ver_cut 1)" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86 ~amd64-linux ~x64-macos" +IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm +snapshot +ssl +system-ssl systemtap test" +REQUIRED_USE=" + inspector? ( icu ssl ) + npm? ( ssl ) + system-ssl? ( ssl ) +" + +RDEPEND=" + >=app-arch/brotli-1.0.9 + >=dev-libs/libuv-1.39.0:= + >=net-dns/c-ares-1.16.0 + >=net-libs/http-parser-2.9.3:= + >=net-libs/nghttp2-1.40.0 + sys-libs/zlib + icu? ( >=dev-libs/icu-64.2:= ) + system-ssl? ( >=dev-libs/openssl-1.1.1:0= ) +" +BDEPEND=" + ${PYTHON_DEPS} + sys-apps/coreutils + systemtap? ( dev-util/systemtap ) + test? ( net-misc/curl ) +" +DEPEND=" + ${RDEPEND} +" +PATCHES=( + "${FILESDIR}"/${PN}-10.3.0-global-npm-config.patch + "${FILESDIR}"/${PN}-12.20.1-fix_ppc64_crashes.patch + "${FILESDIR}"/${PN}-99999999-llhttp.patch +) +RESTRICT="test" +S="${WORKDIR}/node-v${PV}" + +pkg_pretend() { + (use x86 && ! use cpu_flags_x86_sse2) && \ + die "Your CPU doesn't support the required SSE2 instruction." + + ( [[ ${MERGE_TYPE} != "binary" ]] && ! test-flag-CXX -std=c++11 ) && \ + die "Your compiler doesn't support C++11. Use GCC 4.8, Clang 3.3 or newer." +} + +src_prepare() { + tc-export CC CXX PKG_CONFIG + export V=1 + export BUILDTYPE=Release + + # fix compilation on Darwin + # https://code.google.com/p/gyp/issues/detail?id=260 + sed -i -e "/append('-arch/d" tools/gyp/pylib/gyp/xcode_emulation.py || die + + # less verbose install output (stating the same as portage, basically) + sed -i -e "/print/d" tools/install.py || die + + # proper libdir, hat tip @ryanpcmcquen https://github.com/iojs/io.js/issues/504 + local LIBDIR=$(get_libdir) + sed -i -e "s|lib/|${LIBDIR}/|g" tools/install.py || die + sed -i -e "s/'lib'/'${LIBDIR}'/" deps/npm/lib/npm.js || die + + # Avoid writing a depfile, not useful + sed -i -e "/DEPFLAGS =/d" tools/gyp/pylib/gyp/generator/make.py || die + + sed -i -e "/'-O3'/d" common.gypi node.gypi || die + + # Avoid a test that I've only been able to reproduce from emerge. It doesnt + # seem sandbox related either (invoking it from a sandbox works fine). + # The issue is that no stdin handle is openened when asked for one. + # It doesn't really belong upstream , so it'll just be removed until someone + # with more gentoo-knowledge than me (jbergstroem) figures it out. + rm test/parallel/test-stdout-close-unref.js || die + + # debug builds. change install path, remove optimisations and override buildtype + if use debug; then + sed -i -e "s|out/Release/|out/Debug/|g" tools/install.py || die + BUILDTYPE=Debug + fi + + default +} + +src_configure() { + xdg_environment_reset + + local myconf=( + --shared-brotli + --shared-cares + --shared-http-parser + --shared-libuv + --shared-nghttp2 + --shared-zlib + ) + use debug && myconf+=( --debug ) + use icu && myconf+=( --with-intl=system-icu ) || myconf+=( --with-intl=none ) + use inspector || myconf+=( --without-inspector ) + use npm || myconf+=( --without-npm ) + use snapshot || myconf+=( --without-node-snapshot ) + if use ssl; then + use system-ssl && myconf+=( --shared-openssl --openssl-use-def-ca-store ) + else + myconf+=( --without-ssl ) + fi + + local myarch="" + case ${ABI} in + amd64) myarch="x64";; + arm) myarch="arm";; + arm64) myarch="arm64";; + ppc64) myarch="ppc64";; + x32) myarch="x32";; + x86) myarch="ia32";; + *) myarch="${ABI}";; + esac + + GYP_DEFINES="linux_use_gold_flags=0 + linux_use_bundled_binutils=0 + linux_use_bundled_gold=0" \ + "${EPYTHON}" configure.py \ + --prefix="${EPREFIX}"/usr \ + --dest-cpu=${myarch} \ + $(use_with systemtap dtrace) \ + "${myconf[@]}" || die +} + +src_compile() { + emake -C out mksnapshot + pax-mark m "out/${BUILDTYPE}/mksnapshot" + emake -C out +} + +src_install() { + local LIBDIR="${ED}/usr/$(get_libdir)" + default + + pax-mark -m "${ED}"/usr/bin/node + + # set up a symlink structure that node-gyp expects.. + dodir /usr/include/node/deps/{v8,uv} + dosym . /usr/include/node/src + for var in deps/{uv,v8}/include; do + dosym ../.. /usr/include/node/${var} + done + + if use doc; then + docinto html + dodoc -r "${S}"/doc/* + fi + + if use npm; then + dodir /etc/npm + + # Install bash completion for `npm` + # We need to temporarily replace default config path since + # npm otherwise tries to write outside of the sandbox + local npm_config="usr/$(get_libdir)/node_modules/npm/lib/config/core.js" + sed -i -e "s|'/etc'|'${ED}/etc'|g" "${ED}/${npm_config}" || die + local tmp_npm_completion_file="$(TMPDIR="${T}" mktemp -t npm.XXXXXXXXXX)" + "${ED}/usr/bin/npm" completion > "${tmp_npm_completion_file}" + newbashcomp "${tmp_npm_completion_file}" npm + sed -i -e "s|'${ED}/etc'|'/etc'|g" "${ED}/${npm_config}" || die + + # Move man pages + doman "${LIBDIR}"/node_modules/npm/man/man{1,5,7}/* + + # Clean up + rm "${LIBDIR}"/node_modules/npm/{.mailmap,.npmignore,Makefile} || die + rm -rf "${LIBDIR}"/node_modules/npm/{doc,html,man} || die + + local find_exp="-or -name" + local find_name=() + for match in "AUTHORS*" "CHANGELOG*" "CONTRIBUT*" "README*" \ + ".travis.yml" ".eslint*" ".wercker.yml" ".npmignore" \ + "*.md" "*.markdown" "*.bat" "*.cmd"; do + find_name+=( ${find_exp} "${match}" ) + done + + # Remove various development and/or inappropriate files and + # useless docs of dependend packages. + find "${LIBDIR}"/node_modules \ + \( -type d -name examples \) -or \( -type f \( \ + -iname "LICEN?E*" \ + "${find_name[@]}" \ + \) \) -exec rm -rf "{}" \; + fi + + mv "${ED}"/usr/share/doc/node "${ED}"/usr/share/doc/${PF} || die +} + +src_test() { + out/${BUILDTYPE}/cctest || die + "${PYTHON}" tools/test.py --mode=${BUILDTYPE,,} -J message parallel sequential || die +} + +pkg_postinst() { + elog "The global npm config lives in /etc/npm. This deviates slightly" + elog "from upstream which otherwise would have it live in /usr/etc/." + elog "" + elog "Protip: When using node-gyp to install native modules, you can" + elog "avoid having to download extras by doing the following:" + elog "$ node-gyp --nodedir /usr/include/node <command>" +}
