Update npm to 8.3.1 (CVE-2021-43616)
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
This commit is contained in:
parent
56f025de66
commit
b699bdb677
1
.gitignore
vendored
1
.gitignore
vendored
@ -7,3 +7,4 @@
|
|||||||
/.build-*.log
|
/.build-*.log
|
||||||
/noarch
|
/noarch
|
||||||
/x86_64
|
/x86_64
|
||||||
|
/0003-deps-upgrade-npm-to-8.3.1.patch
|
||||||
|
@ -1,14 +1,14 @@
|
|||||||
From 51f31ab027934c3e7aead556752911e6dee1ea69 Mon Sep 17 00:00:00 2001
|
From b65f81f25d060b048e788e846f9332a70fa953f1 Mon Sep 17 00:00:00 2001
|
||||||
From: Zuzana Svetlikova <zsvetlik@redhat.com>
|
From: Zuzana Svetlikova <zsvetlik@redhat.com>
|
||||||
Date: Fri, 17 Apr 2020 12:59:44 +0200
|
Date: Fri, 17 Apr 2020 12:59:44 +0200
|
||||||
Subject: [PATCH 1/2] Disable running gyp on shared deps
|
Subject: [PATCH 1/3] Disable running gyp on shared deps
|
||||||
|
|
||||||
---
|
---
|
||||||
Makefile | 2 +-
|
Makefile | 2 +-
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/Makefile b/Makefile
|
diff --git a/Makefile b/Makefile
|
||||||
index e55bd8d70242ace659fa9c7945708156e7770f9d..2959b0a436b10c9ff9b104de5130b751d19cb3a9 100644
|
index 7671bb804fa6a4f9c4bed07fa97b353e823d42cc..e0b7803710c539d7b291b24708d8a077cd5fb40d 100644
|
||||||
--- a/Makefile
|
--- a/Makefile
|
||||||
+++ b/Makefile
|
+++ b/Makefile
|
||||||
@@ -142,11 +142,11 @@ endif
|
@@ -142,11 +142,11 @@ endif
|
||||||
@ -25,5 +25,5 @@ index e55bd8d70242ace659fa9c7945708156e7770f9d..2959b0a436b10c9ff9b104de5130b751
|
|||||||
|
|
||||||
# node_version.h is listed because the N-API version is taken from there
|
# node_version.h is listed because the N-API version is taken from there
|
||||||
--
|
--
|
||||||
2.33.0
|
2.34.1
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 2001
|
From 73033dbc74778f7bee49f77716968bbac1e80c28 Mon Sep 17 00:00:00 2001
|
||||||
From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
|
From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
|
||||||
Date: Tue, 19 Mar 2019 23:22:40 -0400
|
Date: Tue, 19 Mar 2019 23:22:40 -0400
|
||||||
Subject: [PATCH 2/2] Install both binaries and use libdir.
|
Subject: [PATCH 2/3] Install both binaries and use libdir.
|
||||||
|
|
||||||
This allows us to build with a shared library for other users while
|
This allows us to build with a shared library for other users while
|
||||||
still providing the normal executable.
|
still providing the normal executable.
|
||||||
@ -87,5 +87,5 @@ index 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c23
|
|||||||
|
|
||||||
# behave similarly for systemtap
|
# behave similarly for systemtap
|
||||||
--
|
--
|
||||||
2.33.0
|
2.34.1
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@
|
|||||||
# This is used by both the nodejs package and the npm subpackage that
|
# This is used by both the nodejs package and the npm subpackage that
|
||||||
# has a separate version - the name is special so that rpmdev-bumpspec
|
# has a separate version - the name is special so that rpmdev-bumpspec
|
||||||
# will bump this rather than adding .1 to the end.
|
# will bump this rather than adding .1 to the end.
|
||||||
%global baserelease 7
|
%global baserelease 8
|
||||||
|
|
||||||
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
||||||
|
|
||||||
@ -141,6 +141,10 @@ Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
|||||||
# Patch to install both node and libnode.so, using the correct libdir
|
# Patch to install both node and libnode.so, using the correct libdir
|
||||||
Patch2: 0002-Install-both-binaries-and-use-libdir.patch
|
Patch2: 0002-Install-both-binaries-and-use-libdir.patch
|
||||||
|
|
||||||
|
# Upstream patch to rebase npm to 8.3.1
|
||||||
|
# Carrying it until 16.14.0 is released due to CVE-2021-43616
|
||||||
|
Patch3: 0003-deps-upgrade-npm-to-8.3.1.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: python%{python3_pkgversion}-devel
|
BuildRequires: python%{python3_pkgversion}-devel
|
||||||
BuildRequires: python%{python3_pkgversion}-setuptools
|
BuildRequires: python%{python3_pkgversion}-setuptools
|
||||||
@ -729,6 +733,9 @@ end
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 03 2022 Stephen Gallagher <sgallagh@redhat.com> - 1:16.13.2-8
|
||||||
|
- Update npm to 8.3.1 (CVE-2021-43616)
|
||||||
|
|
||||||
* Wed Feb 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 1:16.13.2-7
|
* Wed Feb 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 1:16.13.2-7
|
||||||
- Fix incorrect version Provides: for npm (bz#2049873)
|
- Fix incorrect version Provides: for npm (bz#2049873)
|
||||||
|
|
||||||
|
1
sources
1
sources
@ -1,2 +1,3 @@
|
|||||||
SHA512 (node-v16.13.2-stripped.tar.gz) = 2e55952b95681cb18d8ca3ee096105d3076d3c79a92b707e7f580141a5def6e6a45971bc32ecf47307e90fc51de71039dcb00697487fe83d4eb7af01b0ff40b5
|
SHA512 (node-v16.13.2-stripped.tar.gz) = 2e55952b95681cb18d8ca3ee096105d3076d3c79a92b707e7f580141a5def6e6a45971bc32ecf47307e90fc51de71039dcb00697487fe83d4eb7af01b0ff40b5
|
||||||
SHA512 (icu4c-69_1-src.tgz) = d4aeb781715144ea6e3c6b98df5bbe0490bfa3175221a1d667f3e6851b7bd4a638fa4a37d4a921ccb31f02b5d15a6dded9464d98051964a86f7b1cde0ff0aab7
|
SHA512 (icu4c-69_1-src.tgz) = d4aeb781715144ea6e3c6b98df5bbe0490bfa3175221a1d667f3e6851b7bd4a638fa4a37d4a921ccb31f02b5d15a6dded9464d98051964a86f7b1cde0ff0aab7
|
||||||
|
SHA512 (0003-deps-upgrade-npm-to-8.3.1.patch) = 756b8b77a11b08cfc57054b809b2d70d7c5a3ce72afa179efff548ebb814747135bcbd051c4d1c86ee045fa0d1fedbe4f1c6268a8b2610e44bf8a2e07be8d656
|
||||||
|
Loading…
Reference in New Issue
Block a user