mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-04-11 00:31:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
aports/main/nodejs/APKBUILD
psykose 73168da094 main/nodejs: security upgrade to 18.16.1 
the release itself already marks cves as fixed-in-this-version, so there
is no point to add entries to secfixes redundantly since we are not
backporting specific patches onto an older version, and they are already
marked as fixed in secdb from upgrade alone.
2023-06-20 22:49:34 +02:00

220 lines
5.8 KiB
Plaintext
Raw Blame History

# Contributor: Jose-Luis Rivas <ghostbar@riseup.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Dave Esaias <dave@containership.io>
# Contributor: Tadahisa Kamijo <kamijin@live.jp>
# Contributor: Eivind Uggedal <eu@eju.no>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
# 18.14.1-r0:
# - CVE-2023-23918
# - CVE-2023-23919
# - CVE-2023-23920
# - CVE-2023-23936
# - CVE-2023-24807
# 18.12.1-r0:
# - CVE-2022-3602
# - CVE-2022-3786
# - CVE-2022-43548
# 16.17.1-r0:
# - CVE-2022-32213
# - CVE-2022-32214
# - CVE-2022-32215
# - CVE-2022-35255
# - CVE-2022-35256
# 16.13.2-r0:
# - CVE-2021-44531
# - CVE-2021-44532
# - CVE-2021-44533
# - CVE-2022-21824
# 14.18.1-r0:
# - CVE-2021-22959
# - CVE-2021-22960
# 14.17.6-r0:
# - CVE-2021-37701
# - CVE-2021-37712
# - CVE-2021-37713
# - CVE-2021-39134
# - CVE-2021-39135
# 14.17.5-r0:
# - CVE-2021-3672
# - CVE-2021-22931
# - CVE-2021-22939
# 14.17.4-r0:
# - CVE-2021-22930
# 14.16.1-r0:
# - CVE-2020-7774
# 14.16.0-r0:
# - CVE-2021-22883
# - CVE-2021-22884
# 14.15.5-r0:
# - CVE-2021-21148
# 14.15.4-r0:
# - CVE-2020-8265
# - CVE-2020-8287
# 14.15.1-r0:
# - CVE-2020-8277
# 12.18.4-r0:
# - CVE-2020-8201
# - CVE-2020-8252
# 12.18.0-r0:
# - CVE-2020-8172
# - CVE-2020-11080
# - CVE-2020-8174
# 12.15.0-r0:
# - CVE-2019-15606
# - CVE-2019-15605
# - CVE-2019-15604
# 10.16.3-r0:
# - CVE-2019-9511
# - CVE-2019-9512
# - CVE-2019-9513
# - CVE-2019-9514
# - CVE-2019-9515
# - CVE-2019-9516
# - CVE-2019-9517
# - CVE-2019-9518
# 10.15.3-r0:
# - CVE-2019-5737
# 10.14.0-r0:
# - CVE-2018-12121
# - CVE-2018-12122
# - CVE-2018-12123
# - CVE-2018-0735
# - CVE-2018-0734
# 8.11.4-r0:
# - CVE-2018-12115
# 8.11.3-r0:
# - CVE-2018-7167
# - CVE-2018-7161
# - CVE-2018-1000168
# 8.11.0-r0:
# - CVE-2018-7158
# - CVE-2018-7159
# - CVE-2018-7160
# 8.9.3-r0:
# - CVE-2017-15896
# - CVE-2017-15897
# 6.11.5-r0:
# - CVE-2017-14919
# 6.11.1-r0:
# - CVE-2017-1000381
# 0:
# - CVE-2021-43803
# - CVE-2022-32212
pkgname=nodejs
# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
# Odd-numbered versions are supported only for 9 months by upstream.
pkgver=18.16.1
pkgrel=0
pkgdesc="JavaScript runtime built on V8 engine - LTS version"
url="https://nodejs.org/"
arch="all"
license="MIT"
depends="ca-certificates"
makedepends="
brotli-dev
c-ares-dev
icu-dev
linux-headers
nghttp2-dev
openssl-dev
py3-jinja2
python3
samurai
zlib-dev
"
install="$pkgname.post-upgrade"
subpackages="$pkgname-dev $pkgname-doc"
provider_priority=100 # highest priority (other provider is nodejs-current)
provides="nodejs-lts=$pkgver-r$pkgrel" # for backward compatibility
replaces="nodejs-current nodejs-lts" # nodejs-lts for backward compatibility
source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz
disable-running-gyp-on-shared-deps.patch
fix-build-with-system-c-ares.patch
"
builddir="$srcdir/node-v$pkgver"
prepare() {
default_prepare
# openssl.cnf is required for build.
mv deps/openssl/nodejs-openssl.cnf .
# Remove bundled dependencies that we're not using.
rm -rf deps/brotli \
deps/cares \
deps/corepack \
deps/openssl/* \
deps/v8/third_party/jinja2 \
deps/zlib \
tools/inspector_protocol/jinja2
mv nodejs-openssl.cnf deps/openssl/
# the build system tries to import from the riscv folder for some reason
# the push_registers_asm.cc has definitions fo 64 bit riscv only
cp -r deps/v8/src/heap/base/asm/riscv64 deps/v8/src/heap/base/asm/riscv
}
build() {
# Add defines recommended in libuv readme.
local common_flags="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
# Compiling with O2 instead of Os increases binary size by ~10%
# (53.1 MiB -> 58.6 MiB), but also increases performance by ~20%
# according to v8/web-tooling-benchmark. Node.js is quite huge anyway;
# there are better options for size constrained environments.
export CFLAGS="${CFLAGS/-Os/-O2} $common_flags"
export CXXFLAGS="${CXXFLAGS/-Os/-O2} $common_flags"
export CPPFLAGS="${CPPFLAGS/-Os/-O2} $common_flags"
# NOTE: We use bundled libuv because they don't care much about backward
# compatibility and it has happened several times in past that we
# couldn't upgrade nodejs package in stable branches to fix CVEs due to
# libuv incompatibility.
#
# NOTE: We don't package the bundled npm - it's a separate project with
# its own release cycle and version numbering, so it's better to keep
# it in a standalone aport.
#
# TODO: Fix and enable corepack.
python3 configure.py --prefix=/usr \
--shared-brotli \
--shared-zlib \
--shared-openssl \
--shared-cares \
--shared-nghttp2 \
--ninja \
--openssl-use-def-ca-store \
--with-icu-default-data-dir=$(icu-config --icudatadir) \
--with-intl=system-icu \
--without-corepack \
--without-npm
make BUILDTYPE=Release
}
# TODO Run provided test suite.
check() {
cd "$builddir"/out/Release
./node -e 'console.log("Hello, world!")'
./node -e "require('assert').equal(process.versions.node, '$pkgver')"
}
package() {
make DESTDIR="$pkgdir" install
}
dev() {
provides="nodejs-lts-dev=$pkgver" # for backward compatibility
default_dev
}
sha512sums="
752079767478b2fee4ca4930577120589320429789abec77e4e10f28a8cd196ba97561cc0f3db625369e461f676550ac531f9d6371b744b1d22a9d54833543e7 node-v18.16.1.tar.gz
8c264eefc0bfa9dd57656f9f515e940d5c21b8d836dc549031ee559ba909643f4f2495b8b392ee9976c5eed7c3b4a09db876bbe0f7fcd5b2bf63fafca37bffc2 disable-running-gyp-on-shared-deps.patch
30ca1ce7f9512c943950b8eec98bca99d24c740ebaa14619292fe5ed931dcf603ca90afb1d704ca7f545e421752ba4dde81c0c5bbb5242eb1726739ca627e15f fix-build-with-system-c-ares.patch
"
Reference in New Issue View Git Blame Copy Permalink