From 01262550fb3abf1b3b37892dc39b376bd73ec906 Mon Sep 17 00:00:00 2001 From: Marek Szuba Date: Fri, 16 Apr 2021 22:36:36 +0200 Subject: net-libs/nodejs: bump v15 to 15.14.0 Addresses CVE-2021-3450, CVE-2021-3449 and CVE-2020-7774. Bug: https://bugs.gentoo.org/781704 Signed-off-by: Marek Szuba --- net-libs/nodejs/Manifest | 2 +- net-libs/nodejs/nodejs-15.11.0.ebuild | 203 ---------------------------------- net-libs/nodejs/nodejs-15.14.0.ebuild | 203 ++++++++++++++++++++++++++++++++++ 3 files changed, 204 insertions(+), 204 deletions(-) delete mode 100644 net-libs/nodejs/nodejs-15.11.0.ebuild create mode 100644 net-libs/nodejs/nodejs-15.14.0.ebuild diff --git a/net-libs/nodejs/Manifest b/net-libs/nodejs/Manifest index 8e33c85072d4..f535dbb6a326 100644 --- a/net-libs/nodejs/Manifest +++ b/net-libs/nodejs/Manifest @@ -2,4 +2,4 @@ DIST node-v12.21.0.tar.xz 23650552 BLAKE2B 532eef3e77d78aa1b6f30ebdc1dee88ed9528 DIST node-v12.22.1.tar.xz 23650180 BLAKE2B 90b0a8ab3842483fea0c776e0245e63539a986c18f55abd8c7cd22ec399ccde22fa5b008d3e07c0f07713b5a45a1ee2a0bc370c04408800db2ee59cd92fcb5be SHA512 eaead633611bda04ab9be200aeddf3b4004b8104e9c6af246023b8008003dd3a7103e1508ea690443e59c6591521b04a2d71c7344343f2a20d1c935ef51c66a0 DIST node-v14.16.0.tar.xz 33301140 BLAKE2B faf380e8f02ea2e6084601fece1e9d3119aeabcebc844fd22a79c18e27cf54f0cd470971cc5a86277a226e59950f511e1173828565bdda1c1f06c52b144cba6f SHA512 ac6f7408df35e2bae8bcad3f461d8e260a2762c77f78d737b0339a592724ff1a98ba171a95e44366e731accfb3208e7cfd6d3edd0f646ddc26a01cfbdbbb655b DIST node-v14.16.1.tar.xz 33297064 BLAKE2B 0927434c63cd248e90a4002b50c7a0fd68a5527a4cd7424b451840ddf0c403ba452979b195e598cc3b323e24233248a74a1274519ce8cd3a2f4e71dc7a8f3dcb SHA512 d4f5fbab69592ae555613b2186090b85a458d2211b6035989aee2617bfd0f6768ca767ec45ce12756a9c452d00af7237edee3b1ae526049e9fcd01f8f67680c0 -DIST node-v15.11.0.tar.xz 33285300 BLAKE2B 50f38e46faa7a7c206bf6f82827643c4f6c06ed3e1bc8a12f06badc024b88e801e749524123134146547e7af3403110db11a5d1717a2a91c0ccd875ef91de457 SHA512 e6c7d6fb2f7008d911a63c120cf7f82fb78eff2b57a934f57e6c8294be3b16f0ab982b828989772f04199e609d2dc0c90067ec517ec1e27991f1275e0ced204a +DIST node-v15.14.0.tar.xz 33324232 BLAKE2B 30639a4e87954226de57070457e34caad205d19a4446beb22735383d1576c9e529f7d10fb0da4c808963ae719b00d894cd92838bdd3dbe7ba72e354a22a9455e SHA512 781a18694760b5ef280aa439ac5641ab1bccd3a9ec4733528bd5078bbca4e10da3ebafde9d74580445d193acb7d15d1b9864c0ceee345bc06e956352f59366c4 diff --git a/net-libs/nodejs/nodejs-15.11.0.ebuild b/net-libs/nodejs/nodejs-15.11.0.ebuild deleted file mode 100644 index b6ed53533665..000000000000 --- a/net-libs/nodejs/nodejs-15.11.0.ebuild +++ /dev/null @@ -1,203 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{7..9} ) -PYTHON_REQ_USE="threads(+)" - -inherit bash-completion-r1 flag-o-matic pax-utils python-any-r1 toolchain-funcs xdg-utils - -DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine" -HOMEPAGE="https://nodejs.org/" -SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz" - -LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" -SLOT="0/$(ver_cut 1)" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86 ~amd64-linux ~x64-macos" - -IUSE="cpu_flags_x86_sse2 debug doc +icu inspector +npm pax_kernel +snapshot +ssl system-icu +system-ssl systemtap test" -REQUIRED_USE="inspector? ( icu ssl ) - npm? ( ssl ) - system-icu? ( icu ) - system-ssl? ( ssl )" - -# FIXME: test-fs-mkdir fails with "no such file or directory". Investigate. -RESTRICT="test" - -RDEPEND=">=app-arch/brotli-1.0.9 - >=dev-libs/libuv-1.40.0:= - >=net-dns/c-ares-1.17.0 - >=net-libs/nghttp2-1.41.0 - sys-libs/zlib - system-icu? ( >=dev-libs/icu-67:= ) - system-ssl? ( >=dev-libs/openssl-1.1.1:0= )" -BDEPEND="${PYTHON_DEPS} - sys-apps/coreutils - virtual/pkgconfig - systemtap? ( dev-util/systemtap ) - test? ( net-misc/curl ) - pax_kernel? ( sys-apps/elfix )" -DEPEND="${RDEPEND}" - -PATCHES=( - "${FILESDIR}"/${PN}-15.2.0-global-npm-config.patch -) - -S="${WORKDIR}/node-v${PV}" - -pkg_pretend() { - (use x86 && ! use cpu_flags_x86_sse2) && \ - die "Your CPU doesn't support the required SSE2 instruction." -} - -src_prepare() { - tc-export AR CC CXX PKG_CONFIG - export V=1 - export BUILDTYPE=Release - - # fix compilation on Darwin - # https://code.google.com/p/gyp/issues/detail?id=260 - sed -i -e "/append('-arch/d" tools/gyp/pylib/gyp/xcode_emulation.py || die - - # less verbose install output (stating the same as portage, basically) - sed -i -e "/print/d" tools/install.py || die - - # proper libdir, hat tip @ryanpcmcquen https://github.com/iojs/io.js/issues/504 - local LIBDIR=$(get_libdir) - sed -i -e "s|lib/|${LIBDIR}/|g" tools/install.py || die - sed -i -e "s/'lib'/'${LIBDIR}'/" deps/npm/lib/npm.js || die - - # Avoid writing a depfile, not useful - sed -i -e "/DEPFLAGS =/d" tools/gyp/pylib/gyp/generator/make.py || die - - sed -i -e "/'-O3'/d" common.gypi node.gypi || die - - # Avoid a test that I've only been able to reproduce from emerge. It doesnt - # seem sandbox related either (invoking it from a sandbox works fine). - # The issue is that no stdin handle is openened when asked for one. - # It doesn't really belong upstream , so it'll just be removed until someone - # with more gentoo-knowledge than me (jbergstroem) figures it out. - rm test/parallel/test-stdout-close-unref.js || die - - # debug builds. change install path, remove optimisations and override buildtype - if use debug; then - sed -i -e "s|out/Release/|out/Debug/|g" tools/install.py || die - BUILDTYPE=Debug - fi - - # We need to disable mprotect on two files when it builds Bug 694100. - use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.8.0-paxmarking.patch ) - - default -} - -src_configure() { - xdg_environment_reset - - local myconf=( - --shared-brotli - --shared-cares - --shared-libuv - --shared-nghttp2 - --shared-zlib - ) - use debug && myconf+=( --debug ) - if use system-icu; then - myconf+=( --with-intl=system-icu ) - elif use icu; then - myconf+=( --with-intl=full-icu ) - else - myconf+=( --with-intl=none ) - fi - use inspector || myconf+=( --without-inspector ) - use npm || myconf+=( --without-npm ) - use snapshot || myconf+=( --without-node-snapshot ) - if use ssl; then - use system-ssl && myconf+=( --shared-openssl --openssl-use-def-ca-store ) - else - myconf+=( --without-ssl ) - fi - - local myarch="" - case ${ABI} in - amd64) myarch="x64";; - arm) myarch="arm";; - arm64) myarch="arm64";; - ppc64) myarch="ppc64";; - x32) myarch="x32";; - x86) myarch="ia32";; - *) myarch="${ABI}";; - esac - - GYP_DEFINES="linux_use_gold_flags=0 - linux_use_bundled_binutils=0 - linux_use_bundled_gold=0" \ - "${EPYTHON}" configure.py \ - --prefix="${EPREFIX}"/usr \ - --dest-cpu=${myarch} \ - $(use_with systemtap dtrace) \ - "${myconf[@]}" || die -} - -src_compile() { - emake -C out -} - -src_install() { - local LIBDIR="${ED}/usr/$(get_libdir)" - default - - pax-mark -m "${ED}"/usr/bin/node - - # set up a symlink structure that node-gyp expects.. - dodir /usr/include/node/deps/{v8,uv} - dosym . /usr/include/node/src - for var in deps/{uv,v8}/include; do - dosym ../.. /usr/include/node/${var} - done - - if use doc; then - docinto html - dodoc -r "${S}"/doc/* - fi - - if use npm; then - keepdir /etc/npm - - # Install bash completion for `npm` - local tmp_npm_completion_file="$(TMPDIR="${T}" mktemp -t npm.XXXXXXXXXX)" - "${ED}/usr/bin/npm" completion > "${tmp_npm_completion_file}" - newbashcomp "${tmp_npm_completion_file}" npm - - # Move man pages - doman "${LIBDIR}"/node_modules/npm/man/man{1,5,7}/* - - # Clean up - rm "${LIBDIR}"/node_modules/npm/{.mailmap,.npmignore,Makefile} || die - rm -rf "${LIBDIR}"/node_modules/npm/{doc,html,man} || die - - local find_exp="-or -name" - local find_name=() - for match in "AUTHORS*" "CHANGELOG*" "CONTRIBUT*" "README*" \ - ".travis.yml" ".eslint*" ".wercker.yml" ".npmignore" \ - "*.md" "*.markdown" "*.bat" "*.cmd"; do - find_name+=( ${find_exp} "${match}" ) - done - - # Remove various development and/or inappropriate files and - # useless docs of dependend packages. - find "${LIBDIR}"/node_modules \ - \( -type d -name examples \) -or \( -type f \( \ - -iname "LICEN?E*" \ - "${find_name[@]}" \ - \) \) -exec rm -rf "{}" \; - fi - - mv "${ED}"/usr/share/doc/node "${ED}"/usr/share/doc/${PF} || die -} - -src_test() { - out/${BUILDTYPE}/cctest || die - "${EPYTHON}" tools/test.py --mode=${BUILDTYPE,,} -J message parallel sequential || die -} diff --git a/net-libs/nodejs/nodejs-15.14.0.ebuild b/net-libs/nodejs/nodejs-15.14.0.ebuild new file mode 100644 index 000000000000..3b317ab08c9e --- /dev/null +++ b/net-libs/nodejs/nodejs-15.14.0.ebuild @@ -0,0 +1,203 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7..9} ) +PYTHON_REQ_USE="threads(+)" + +inherit bash-completion-r1 flag-o-matic pax-utils python-any-r1 toolchain-funcs xdg-utils + +DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine" +HOMEPAGE="https://nodejs.org/" +SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz" + +LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" +SLOT="0/$(ver_cut 1)" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86 ~amd64-linux ~x64-macos" + +IUSE="cpu_flags_x86_sse2 debug doc +icu inspector +npm pax_kernel +snapshot +ssl system-icu +system-ssl systemtap test" +REQUIRED_USE="inspector? ( icu ssl ) + npm? ( ssl ) + system-icu? ( icu ) + system-ssl? ( ssl )" + +# FIXME: test-fs-mkdir fails with "no such file or directory". Investigate. +RESTRICT="test" + +RDEPEND=">=app-arch/brotli-1.0.9 + >=dev-libs/libuv-1.40.0:= + >=net-dns/c-ares-1.17.0 + >=net-libs/nghttp2-1.41.0 + sys-libs/zlib + system-icu? ( >=dev-libs/icu-67:= ) + system-ssl? ( >=dev-libs/openssl-1.1.1:0= )" +BDEPEND="${PYTHON_DEPS} + sys-apps/coreutils + virtual/pkgconfig + systemtap? ( dev-util/systemtap ) + test? ( net-misc/curl ) + pax_kernel? ( sys-apps/elfix )" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}"/${PN}-15.2.0-global-npm-config.patch +) + +S="${WORKDIR}/node-v${PV}" + +pkg_pretend() { + (use x86 && ! use cpu_flags_x86_sse2) && \ + die "Your CPU doesn't support the required SSE2 instruction." +} + +src_prepare() { + tc-export AR CC CXX PKG_CONFIG + export V=1 + export BUILDTYPE=Release + + # fix compilation on Darwin + # https://code.google.com/p/gyp/issues/detail?id=260 + sed -i -e "/append('-arch/d" tools/gyp/pylib/gyp/xcode_emulation.py || die + + # less verbose install output (stating the same as portage, basically) + sed -i -e "/print/d" tools/install.py || die + + # proper libdir, hat tip @ryanpcmcquen https://github.com/iojs/io.js/issues/504 + local LIBDIR=$(get_libdir) + sed -i -e "s|lib/|${LIBDIR}/|g" tools/install.py || die + sed -i -e "s/'lib'/'${LIBDIR}'/" deps/npm/lib/npm.js || die + + # Avoid writing a depfile, not useful + sed -i -e "/DEPFLAGS =/d" tools/gyp/pylib/gyp/generator/make.py || die + + sed -i -e "/'-O3'/d" common.gypi node.gypi || die + + # Avoid a test that I've only been able to reproduce from emerge. It doesnt + # seem sandbox related either (invoking it from a sandbox works fine). + # The issue is that no stdin handle is openened when asked for one. + # It doesn't really belong upstream , so it'll just be removed until someone + # with more gentoo-knowledge than me (jbergstroem) figures it out. + rm test/parallel/test-stdout-close-unref.js || die + + # debug builds. change install path, remove optimisations and override buildtype + if use debug; then + sed -i -e "s|out/Release/|out/Debug/|g" tools/install.py || die + BUILDTYPE=Debug + fi + + # We need to disable mprotect on two files when it builds Bug 694100. + use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.8.0-paxmarking.patch ) + + default +} + +src_configure() { + xdg_environment_reset + + local myconf=( + --shared-brotli + --shared-cares + --shared-libuv + --shared-nghttp2 + --shared-zlib + ) + use debug && myconf+=( --debug ) + if use system-icu; then + myconf+=( --with-intl=system-icu ) + elif use icu; then + myconf+=( --with-intl=full-icu ) + else + myconf+=( --with-intl=none ) + fi + use inspector || myconf+=( --without-inspector ) + use npm || myconf+=( --without-npm ) + use snapshot || myconf+=( --without-node-snapshot ) + if use ssl; then + use system-ssl && myconf+=( --shared-openssl --openssl-use-def-ca-store ) + else + myconf+=( --without-ssl ) + fi + + local myarch="" + case ${ABI} in + amd64) myarch="x64";; + arm) myarch="arm";; + arm64) myarch="arm64";; + ppc64) myarch="ppc64";; + x32) myarch="x32";; + x86) myarch="ia32";; + *) myarch="${ABI}";; + esac + + GYP_DEFINES="linux_use_gold_flags=0 + linux_use_bundled_binutils=0 + linux_use_bundled_gold=0" \ + "${EPYTHON}" configure.py \ + --prefix="${EPREFIX}"/usr \ + --dest-cpu=${myarch} \ + $(use_with systemtap dtrace) \ + "${myconf[@]}" || die +} + +src_compile() { + emake -C out +} + +src_install() { + local LIBDIR="${ED}/usr/$(get_libdir)" + default + + pax-mark -m "${ED}"/usr/bin/node + + # set up a symlink structure that node-gyp expects.. + dodir /usr/include/node/deps/{v8,uv} + dosym . /usr/include/node/src + for var in deps/{uv,v8}/include; do + dosym ../.. /usr/include/node/${var} + done + + if use doc; then + docinto html + dodoc -r "${S}"/doc/* + fi + + if use npm; then + keepdir /etc/npm + + # Install bash completion for `npm` + local tmp_npm_completion_file="$(TMPDIR="${T}" mktemp -t npm.XXXXXXXXXX)" + "${ED}/usr/bin/npm" completion > "${tmp_npm_completion_file}" + newbashcomp "${tmp_npm_completion_file}" npm + + # Move man pages + doman "${LIBDIR}"/node_modules/npm/man/man{1,5,7}/* + + # Clean up + rm -f "${LIBDIR}"/node_modules/npm/{.mailmap,.npmignore,Makefile} + rm -rf "${LIBDIR}"/node_modules/npm/{doc,html,man} + + local find_exp="-or -name" + local find_name=() + for match in "AUTHORS*" "CHANGELOG*" "CONTRIBUT*" "README*" \ + ".travis.yml" ".eslint*" ".wercker.yml" ".npmignore" \ + "*.md" "*.markdown" "*.bat" "*.cmd"; do + find_name+=( ${find_exp} "${match}" ) + done + + # Remove various development and/or inappropriate files and + # useless docs of dependend packages. + find "${LIBDIR}"/node_modules \ + \( -type d -name examples \) -or \( -type f \( \ + -iname "LICEN?E*" \ + "${find_name[@]}" \ + \) \) -exec rm -rf "{}" \; + fi + + mv "${ED}"/usr/share/doc/node "${ED}"/usr/share/doc/${PF} || die +} + +src_test() { + out/${BUILDTYPE}/cctest || die + "${EPYTHON}" tools/test.py --mode=${BUILDTYPE,,} -J message parallel sequential || die +} -- cgit v1.2.3-65-gdbad