1 |
commit: 6e708b88a117f819f607b3c48a463532fd5f5837 |
2 |
Author: Marek Szuba <marecki <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Apr 16 15:52:39 2021 +0000 |
4 |
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Apr 16 18:24:25 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e708b88 |
7 |
|
8 |
net-libs/nodejs: bump v14 to 14.16.1 |
9 |
|
10 |
Addresses CVE-2021-3450, CVE-2021-3449 and CVE-2020-7774. |
11 |
|
12 |
Bug: https://bugs.gentoo.org/781704 |
13 |
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org> |
14 |
|
15 |
net-libs/nodejs/Manifest | 1 + |
16 |
net-libs/nodejs/nodejs-14.16.1.ebuild | 209 ++++++++++++++++++++++++++++++++++ |
17 |
2 files changed, 210 insertions(+) |
18 |
|
19 |
diff --git a/net-libs/nodejs/Manifest b/net-libs/nodejs/Manifest |
20 |
index 61cd8df79f0..8e33c85072d 100644 |
21 |
--- a/net-libs/nodejs/Manifest |
22 |
+++ b/net-libs/nodejs/Manifest |
23 |
@@ -1,4 +1,5 @@ |
24 |
DIST node-v12.21.0.tar.xz 23650552 BLAKE2B 532eef3e77d78aa1b6f30ebdc1dee88ed95280c86e44db525ce369cb1c2d9707a30a1a4ec2d8e699f7c1a14ada036fc4d62d0f0c7fa017e72768662768bbbf18 SHA512 48df48a12657e3a2366cd80a1a7040365b7a90053676230f1f93f253a1fcdafc5bc1df5b5ec5c13f616277b5feb7e7653cd145ab9c23222bf7702d7cd1fa74eb |
25 |
DIST node-v12.22.1.tar.xz 23650180 BLAKE2B 90b0a8ab3842483fea0c776e0245e63539a986c18f55abd8c7cd22ec399ccde22fa5b008d3e07c0f07713b5a45a1ee2a0bc370c04408800db2ee59cd92fcb5be SHA512 eaead633611bda04ab9be200aeddf3b4004b8104e9c6af246023b8008003dd3a7103e1508ea690443e59c6591521b04a2d71c7344343f2a20d1c935ef51c66a0 |
26 |
DIST node-v14.16.0.tar.xz 33301140 BLAKE2B faf380e8f02ea2e6084601fece1e9d3119aeabcebc844fd22a79c18e27cf54f0cd470971cc5a86277a226e59950f511e1173828565bdda1c1f06c52b144cba6f SHA512 ac6f7408df35e2bae8bcad3f461d8e260a2762c77f78d737b0339a592724ff1a98ba171a95e44366e731accfb3208e7cfd6d3edd0f646ddc26a01cfbdbbb655b |
27 |
+DIST node-v14.16.1.tar.xz 33297064 BLAKE2B 0927434c63cd248e90a4002b50c7a0fd68a5527a4cd7424b451840ddf0c403ba452979b195e598cc3b323e24233248a74a1274519ce8cd3a2f4e71dc7a8f3dcb SHA512 d4f5fbab69592ae555613b2186090b85a458d2211b6035989aee2617bfd0f6768ca767ec45ce12756a9c452d00af7237edee3b1ae526049e9fcd01f8f67680c0 |
28 |
DIST node-v15.11.0.tar.xz 33285300 BLAKE2B 50f38e46faa7a7c206bf6f82827643c4f6c06ed3e1bc8a12f06badc024b88e801e749524123134146547e7af3403110db11a5d1717a2a91c0ccd875ef91de457 SHA512 e6c7d6fb2f7008d911a63c120cf7f82fb78eff2b57a934f57e6c8294be3b16f0ab982b828989772f04199e609d2dc0c90067ec517ec1e27991f1275e0ced204a |
29 |
|
30 |
diff --git a/net-libs/nodejs/nodejs-14.16.1.ebuild b/net-libs/nodejs/nodejs-14.16.1.ebuild |
31 |
new file mode 100644 |
32 |
index 00000000000..0b891cc59ac |
33 |
--- /dev/null |
34 |
+++ b/net-libs/nodejs/nodejs-14.16.1.ebuild |
35 |
@@ -0,0 +1,209 @@ |
36 |
+# Copyright 1999-2021 Gentoo Authors |
37 |
+# Distributed under the terms of the GNU General Public License v2 |
38 |
+ |
39 |
+EAPI=7 |
40 |
+ |
41 |
+PYTHON_COMPAT=( python3_{7..9} ) |
42 |
+PYTHON_REQ_USE="threads(+)" |
43 |
+ |
44 |
+inherit bash-completion-r1 flag-o-matic pax-utils python-any-r1 toolchain-funcs xdg-utils |
45 |
+ |
46 |
+DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine" |
47 |
+HOMEPAGE="https://nodejs.org/" |
48 |
+SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz" |
49 |
+ |
50 |
+LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" |
51 |
+SLOT="0/$(ver_cut 1)" |
52 |
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86 ~amd64-linux ~x64-macos" |
53 |
+ |
54 |
+IUSE="cpu_flags_x86_sse2 debug doc +icu inspector +npm pax_kernel +snapshot +ssl system-icu +system-ssl systemtap test" |
55 |
+REQUIRED_USE="inspector? ( icu ssl ) |
56 |
+ npm? ( ssl ) |
57 |
+ system-icu? ( icu ) |
58 |
+ system-ssl? ( ssl )" |
59 |
+ |
60 |
+# FIXME: test-fs-mkdir fails with "no such file or directory". Investigate. |
61 |
+RESTRICT="test" |
62 |
+ |
63 |
+RDEPEND=">=app-arch/brotli-1.0.9 |
64 |
+ >=dev-libs/libuv-1.40.0:= |
65 |
+ >=net-dns/c-ares-1.16.1 |
66 |
+ >=net-libs/nghttp2-1.41.0 |
67 |
+ sys-libs/zlib |
68 |
+ system-icu? ( >=dev-libs/icu-67:= ) |
69 |
+ system-ssl? ( >=dev-libs/openssl-1.1.1:0= )" |
70 |
+BDEPEND="${PYTHON_DEPS} |
71 |
+ sys-apps/coreutils |
72 |
+ virtual/pkgconfig |
73 |
+ systemtap? ( dev-util/systemtap ) |
74 |
+ test? ( net-misc/curl ) |
75 |
+ pax_kernel? ( sys-apps/elfix )" |
76 |
+DEPEND="${RDEPEND}" |
77 |
+ |
78 |
+PATCHES=( |
79 |
+ "${FILESDIR}"/${PN}-10.3.0-global-npm-config.patch |
80 |
+ "${FILESDIR}"/${PN}-14.15.0-fix_ppc64_crashes.patch |
81 |
+) |
82 |
+ |
83 |
+S="${WORKDIR}/node-v${PV}" |
84 |
+ |
85 |
+pkg_pretend() { |
86 |
+ (use x86 && ! use cpu_flags_x86_sse2) && \ |
87 |
+ die "Your CPU doesn't support the required SSE2 instruction." |
88 |
+} |
89 |
+ |
90 |
+src_prepare() { |
91 |
+ tc-export AR CC CXX PKG_CONFIG |
92 |
+ export V=1 |
93 |
+ export BUILDTYPE=Release |
94 |
+ |
95 |
+ # fix compilation on Darwin |
96 |
+ # https://code.google.com/p/gyp/issues/detail?id=260 |
97 |
+ sed -i -e "/append('-arch/d" tools/gyp/pylib/gyp/xcode_emulation.py || die |
98 |
+ |
99 |
+ # less verbose install output (stating the same as portage, basically) |
100 |
+ sed -i -e "/print/d" tools/install.py || die |
101 |
+ |
102 |
+ # proper libdir, hat tip @ryanpcmcquen https://github.com/iojs/io.js/issues/504 |
103 |
+ local LIBDIR=$(get_libdir) |
104 |
+ sed -i -e "s|lib/|${LIBDIR}/|g" tools/install.py || die |
105 |
+ sed -i -e "s/'lib'/'${LIBDIR}'/" deps/npm/lib/npm.js || die |
106 |
+ |
107 |
+ # Avoid writing a depfile, not useful |
108 |
+ sed -i -e "/DEPFLAGS =/d" tools/gyp/pylib/gyp/generator/make.py || die |
109 |
+ |
110 |
+ sed -i -e "/'-O3'/d" common.gypi node.gypi || die |
111 |
+ |
112 |
+ # Avoid a test that I've only been able to reproduce from emerge. It doesnt |
113 |
+ # seem sandbox related either (invoking it from a sandbox works fine). |
114 |
+ # The issue is that no stdin handle is openened when asked for one. |
115 |
+ # It doesn't really belong upstream , so it'll just be removed until someone |
116 |
+ # with more gentoo-knowledge than me (jbergstroem) figures it out. |
117 |
+ rm test/parallel/test-stdout-close-unref.js || die |
118 |
+ |
119 |
+ # debug builds. change install path, remove optimisations and override buildtype |
120 |
+ if use debug; then |
121 |
+ sed -i -e "s|out/Release/|out/Debug/|g" tools/install.py || die |
122 |
+ BUILDTYPE=Debug |
123 |
+ fi |
124 |
+ |
125 |
+ # We need to disable mprotect on two files when it builds Bug 694100. |
126 |
+ use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.8.0-paxmarking.patch ) |
127 |
+ |
128 |
+ default |
129 |
+} |
130 |
+ |
131 |
+src_configure() { |
132 |
+ xdg_environment_reset |
133 |
+ |
134 |
+ local myconf=( |
135 |
+ --shared-brotli |
136 |
+ --shared-cares |
137 |
+ --shared-libuv |
138 |
+ --shared-nghttp2 |
139 |
+ --shared-zlib |
140 |
+ ) |
141 |
+ use debug && myconf+=( --debug ) |
142 |
+ if use system-icu; then |
143 |
+ myconf+=( --with-intl=system-icu ) |
144 |
+ elif use icu; then |
145 |
+ myconf+=( --with-intl=full-icu ) |
146 |
+ else |
147 |
+ myconf+=( --with-intl=none ) |
148 |
+ fi |
149 |
+ use inspector || myconf+=( --without-inspector ) |
150 |
+ use npm || myconf+=( --without-npm ) |
151 |
+ use snapshot || myconf+=( --without-node-snapshot ) |
152 |
+ if use ssl; then |
153 |
+ use system-ssl && myconf+=( --shared-openssl --openssl-use-def-ca-store ) |
154 |
+ else |
155 |
+ myconf+=( --without-ssl ) |
156 |
+ fi |
157 |
+ |
158 |
+ local myarch="" |
159 |
+ case ${ABI} in |
160 |
+ amd64) myarch="x64";; |
161 |
+ arm) myarch="arm";; |
162 |
+ arm64) myarch="arm64";; |
163 |
+ ppc64) myarch="ppc64";; |
164 |
+ x32) myarch="x32";; |
165 |
+ x86) myarch="ia32";; |
166 |
+ *) myarch="${ABI}";; |
167 |
+ esac |
168 |
+ |
169 |
+ GYP_DEFINES="linux_use_gold_flags=0 |
170 |
+ linux_use_bundled_binutils=0 |
171 |
+ linux_use_bundled_gold=0" \ |
172 |
+ "${EPYTHON}" configure.py \ |
173 |
+ --prefix="${EPREFIX}"/usr \ |
174 |
+ --dest-cpu=${myarch} \ |
175 |
+ $(use_with systemtap dtrace) \ |
176 |
+ "${myconf[@]}" || die |
177 |
+} |
178 |
+ |
179 |
+src_compile() { |
180 |
+ emake -C out |
181 |
+} |
182 |
+ |
183 |
+src_install() { |
184 |
+ local LIBDIR="${ED}/usr/$(get_libdir)" |
185 |
+ default |
186 |
+ |
187 |
+ pax-mark -m "${ED}"/usr/bin/node |
188 |
+ |
189 |
+ # set up a symlink structure that node-gyp expects.. |
190 |
+ dodir /usr/include/node/deps/{v8,uv} |
191 |
+ dosym . /usr/include/node/src |
192 |
+ for var in deps/{uv,v8}/include; do |
193 |
+ dosym ../.. /usr/include/node/${var} |
194 |
+ done |
195 |
+ |
196 |
+ if use doc; then |
197 |
+ docinto html |
198 |
+ dodoc -r "${S}"/doc/* |
199 |
+ fi |
200 |
+ |
201 |
+ if use npm; then |
202 |
+ dodir /etc/npm |
203 |
+ |
204 |
+ # Install bash completion for `npm` |
205 |
+ # We need to temporarily replace default config path since |
206 |
+ # npm otherwise tries to write outside of the sandbox |
207 |
+ local npm_config="usr/$(get_libdir)/node_modules/npm/lib/config/core.js" |
208 |
+ sed -i -e "s|'/etc'|'${ED}/etc'|g" "${ED}/${npm_config}" || die |
209 |
+ local tmp_npm_completion_file="$(TMPDIR="${T}" mktemp -t npm.XXXXXXXXXX)" |
210 |
+ "${ED}/usr/bin/npm" completion > "${tmp_npm_completion_file}" |
211 |
+ newbashcomp "${tmp_npm_completion_file}" npm |
212 |
+ sed -i -e "s|'${ED}/etc'|'/etc'|g" "${ED}/${npm_config}" || die |
213 |
+ |
214 |
+ # Move man pages |
215 |
+ doman "${LIBDIR}"/node_modules/npm/man/man{1,5,7}/* |
216 |
+ |
217 |
+ # Clean up |
218 |
+ rm "${LIBDIR}"/node_modules/npm/{.mailmap,.npmignore,Makefile} || die |
219 |
+ rm -rf "${LIBDIR}"/node_modules/npm/{doc,html,man} || die |
220 |
+ |
221 |
+ local find_exp="-or -name" |
222 |
+ local find_name=() |
223 |
+ for match in "AUTHORS*" "CHANGELOG*" "CONTRIBUT*" "README*" \ |
224 |
+ ".travis.yml" ".eslint*" ".wercker.yml" ".npmignore" \ |
225 |
+ "*.md" "*.markdown" "*.bat" "*.cmd"; do |
226 |
+ find_name+=( ${find_exp} "${match}" ) |
227 |
+ done |
228 |
+ |
229 |
+ # Remove various development and/or inappropriate files and |
230 |
+ # useless docs of dependend packages. |
231 |
+ find "${LIBDIR}"/node_modules \ |
232 |
+ \( -type d -name examples \) -or \( -type f \( \ |
233 |
+ -iname "LICEN?E*" \ |
234 |
+ "${find_name[@]}" \ |
235 |
+ \) \) -exec rm -rf "{}" \; |
236 |
+ fi |
237 |
+ |
238 |
+ mv "${ED}"/usr/share/doc/node "${ED}"/usr/share/doc/${PF} || die |
239 |
+} |
240 |
+ |
241 |
+src_test() { |
242 |
+ out/${BUILDTYPE}/cctest || die |
243 |
+ "${EPYTHON}" tools/test.py --mode=${BUILDTYPE,,} -J message parallel sequential || die |
244 |
+} |