summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarek Szuba <marecki@gentoo.org>2021-04-16 17:51:36 +0200
committerMarek Szuba <marecki@gentoo.org>2021-04-16 20:24:21 +0200
commit5e41eaca605e84e0f641f09f1f5c4ac1826e1e28 (patch)
tree338dcfd0af59408922ceeffe09cc72c745298b45
parentdev-python/pytest-env: new package (diff)
downloadgentoo-5e41eaca605e84e0f641f09f1f5c4ac1826e1e28.tar.gz
gentoo-5e41eaca605e84e0f641f09f1f5c4ac1826e1e28.tar.bz2
gentoo-5e41eaca605e84e0f641f09f1f5c4ac1826e1e28.zip
net-libs/nodejs: bump v12 to 12.22.1
Addresses CVE-2021-3450, CVE-2021-3449 and CVE-2020-7774. Bug: https://bugs.gentoo.org/781704 Signed-off-by: Marek Szuba <marecki@gentoo.org>
-rw-r--r--net-libs/nodejs/Manifest1
-rw-r--r--net-libs/nodejs/nodejs-12.22.1.ebuild220
2 files changed, 221 insertions, 0 deletions
diff --git a/net-libs/nodejs/Manifest b/net-libs/nodejs/Manifest
index c3a81d6c7951..61cd8df79f04 100644
--- a/net-libs/nodejs/Manifest
+++ b/net-libs/nodejs/Manifest
@@ -1,3 +1,4 @@
DIST node-v12.21.0.tar.xz 23650552 BLAKE2B 532eef3e77d78aa1b6f30ebdc1dee88ed95280c86e44db525ce369cb1c2d9707a30a1a4ec2d8e699f7c1a14ada036fc4d62d0f0c7fa017e72768662768bbbf18 SHA512 48df48a12657e3a2366cd80a1a7040365b7a90053676230f1f93f253a1fcdafc5bc1df5b5ec5c13f616277b5feb7e7653cd145ab9c23222bf7702d7cd1fa74eb
+DIST node-v12.22.1.tar.xz 23650180 BLAKE2B 90b0a8ab3842483fea0c776e0245e63539a986c18f55abd8c7cd22ec399ccde22fa5b008d3e07c0f07713b5a45a1ee2a0bc370c04408800db2ee59cd92fcb5be SHA512 eaead633611bda04ab9be200aeddf3b4004b8104e9c6af246023b8008003dd3a7103e1508ea690443e59c6591521b04a2d71c7344343f2a20d1c935ef51c66a0
DIST node-v14.16.0.tar.xz 33301140 BLAKE2B faf380e8f02ea2e6084601fece1e9d3119aeabcebc844fd22a79c18e27cf54f0cd470971cc5a86277a226e59950f511e1173828565bdda1c1f06c52b144cba6f SHA512 ac6f7408df35e2bae8bcad3f461d8e260a2762c77f78d737b0339a592724ff1a98ba171a95e44366e731accfb3208e7cfd6d3edd0f646ddc26a01cfbdbbb655b
DIST node-v15.11.0.tar.xz 33285300 BLAKE2B 50f38e46faa7a7c206bf6f82827643c4f6c06ed3e1bc8a12f06badc024b88e801e749524123134146547e7af3403110db11a5d1717a2a91c0ccd875ef91de457 SHA512 e6c7d6fb2f7008d911a63c120cf7f82fb78eff2b57a934f57e6c8294be3b16f0ab982b828989772f04199e609d2dc0c90067ec517ec1e27991f1275e0ced204a
diff --git a/net-libs/nodejs/nodejs-12.22.1.ebuild b/net-libs/nodejs/nodejs-12.22.1.ebuild
new file mode 100644
index 000000000000..bd8f3dcec30a
--- /dev/null
+++ b/net-libs/nodejs/nodejs-12.22.1.ebuild
@@ -0,0 +1,220 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..9} )
+PYTHON_REQ_USE="threads(+)"
+
+inherit bash-completion-r1 flag-o-matic pax-utils python-any-r1 toolchain-funcs xdg-utils
+
+DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine"
+HOMEPAGE="https://nodejs.org/"
+SRC_URI="
+ https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz
+"
+
+LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT"
+SLOT="0/$(ver_cut 1)"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86 ~amd64-linux ~x64-macos"
+IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm +snapshot +ssl +system-ssl systemtap test"
+REQUIRED_USE="
+ inspector? ( icu ssl )
+ npm? ( ssl )
+ system-ssl? ( ssl )
+"
+
+RDEPEND="
+ >=app-arch/brotli-1.0.9
+ >=dev-libs/libuv-1.39.0:=
+ >=net-dns/c-ares-1.16.0
+ >=net-libs/http-parser-2.9.3:=
+ >=net-libs/nghttp2-1.40.0
+ sys-libs/zlib
+ icu? ( >=dev-libs/icu-64.2:= )
+ system-ssl? ( >=dev-libs/openssl-1.1.1:0= )
+"
+BDEPEND="
+ ${PYTHON_DEPS}
+ sys-apps/coreutils
+ virtual/pkgconfig
+ systemtap? ( dev-util/systemtap )
+ test? ( net-misc/curl )
+"
+DEPEND="
+ ${RDEPEND}
+"
+PATCHES=(
+ "${FILESDIR}"/${PN}-10.3.0-global-npm-config.patch
+ "${FILESDIR}"/${PN}-12.20.1-fix_ppc64_crashes.patch
+ "${FILESDIR}"/${PN}-99999999-llhttp.patch
+)
+RESTRICT="test"
+S="${WORKDIR}/node-v${PV}"
+
+pkg_pretend() {
+ (use x86 && ! use cpu_flags_x86_sse2) && \
+ die "Your CPU doesn't support the required SSE2 instruction."
+
+ ( [[ ${MERGE_TYPE} != "binary" ]] && ! test-flag-CXX -std=c++11 ) && \
+ die "Your compiler doesn't support C++11. Use GCC 4.8, Clang 3.3 or newer."
+}
+
+src_prepare() {
+ tc-export CC CXX PKG_CONFIG
+ export V=1
+ export BUILDTYPE=Release
+
+ # fix compilation on Darwin
+ # https://code.google.com/p/gyp/issues/detail?id=260
+ sed -i -e "/append('-arch/d" tools/gyp/pylib/gyp/xcode_emulation.py || die
+
+ # less verbose install output (stating the same as portage, basically)
+ sed -i -e "/print/d" tools/install.py || die
+
+ # proper libdir, hat tip @ryanpcmcquen https://github.com/iojs/io.js/issues/504
+ local LIBDIR=$(get_libdir)
+ sed -i -e "s|lib/|${LIBDIR}/|g" tools/install.py || die
+ sed -i -e "s/'lib'/'${LIBDIR}'/" deps/npm/lib/npm.js || die
+
+ # Avoid writing a depfile, not useful
+ sed -i -e "/DEPFLAGS =/d" tools/gyp/pylib/gyp/generator/make.py || die
+
+ sed -i -e "/'-O3'/d" common.gypi node.gypi || die
+
+ # Avoid a test that I've only been able to reproduce from emerge. It doesnt
+ # seem sandbox related either (invoking it from a sandbox works fine).
+ # The issue is that no stdin handle is openened when asked for one.
+ # It doesn't really belong upstream , so it'll just be removed until someone
+ # with more gentoo-knowledge than me (jbergstroem) figures it out.
+ rm test/parallel/test-stdout-close-unref.js || die
+
+ # debug builds. change install path, remove optimisations and override buildtype
+ if use debug; then
+ sed -i -e "s|out/Release/|out/Debug/|g" tools/install.py || die
+ BUILDTYPE=Debug
+ fi
+
+ default
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myconf=(
+ --shared-brotli
+ --shared-cares
+ --shared-http-parser
+ --shared-libuv
+ --shared-nghttp2
+ --shared-zlib
+ )
+ use debug && myconf+=( --debug )
+ use icu && myconf+=( --with-intl=system-icu ) || myconf+=( --with-intl=none )
+ use inspector || myconf+=( --without-inspector )
+ use npm || myconf+=( --without-npm )
+ use snapshot || myconf+=( --without-node-snapshot )
+ if use ssl; then
+ use system-ssl && myconf+=( --shared-openssl --openssl-use-def-ca-store )
+ else
+ myconf+=( --without-ssl )
+ fi
+
+ local myarch=""
+ case ${ABI} in
+ amd64) myarch="x64";;
+ arm) myarch="arm";;
+ arm64) myarch="arm64";;
+ ppc64) myarch="ppc64";;
+ x32) myarch="x32";;
+ x86) myarch="ia32";;
+ *) myarch="${ABI}";;
+ esac
+
+ GYP_DEFINES="linux_use_gold_flags=0
+ linux_use_bundled_binutils=0
+ linux_use_bundled_gold=0" \
+ "${EPYTHON}" configure.py \
+ --prefix="${EPREFIX}"/usr \
+ --dest-cpu=${myarch} \
+ $(use_with systemtap dtrace) \
+ "${myconf[@]}" || die
+}
+
+src_compile() {
+ emake -C out mksnapshot
+ pax-mark m "out/${BUILDTYPE}/mksnapshot"
+ emake -C out
+}
+
+src_install() {
+ local LIBDIR="${ED}/usr/$(get_libdir)"
+ default
+
+ pax-mark -m "${ED}"/usr/bin/node
+
+ # set up a symlink structure that node-gyp expects..
+ dodir /usr/include/node/deps/{v8,uv}
+ dosym . /usr/include/node/src
+ for var in deps/{uv,v8}/include; do
+ dosym ../.. /usr/include/node/${var}
+ done
+
+ if use doc; then
+ docinto html
+ dodoc -r "${S}"/doc/*
+ fi
+
+ if use npm; then
+ dodir /etc/npm
+
+ # Install bash completion for `npm`
+ # We need to temporarily replace default config path since
+ # npm otherwise tries to write outside of the sandbox
+ local npm_config="usr/$(get_libdir)/node_modules/npm/lib/config/core.js"
+ sed -i -e "s|'/etc'|'${ED}/etc'|g" "${ED}/${npm_config}" || die
+ local tmp_npm_completion_file="$(TMPDIR="${T}" mktemp -t npm.XXXXXXXXXX)"
+ "${ED}/usr/bin/npm" completion > "${tmp_npm_completion_file}"
+ newbashcomp "${tmp_npm_completion_file}" npm
+ sed -i -e "s|'${ED}/etc'|'/etc'|g" "${ED}/${npm_config}" || die
+
+ # Move man pages
+ doman "${LIBDIR}"/node_modules/npm/man/man{1,5,7}/*
+
+ # Clean up
+ rm "${LIBDIR}"/node_modules/npm/{.mailmap,.npmignore,Makefile} || die
+ rm -rf "${LIBDIR}"/node_modules/npm/{doc,html,man} || die
+
+ local find_exp="-or -name"
+ local find_name=()
+ for match in "AUTHORS*" "CHANGELOG*" "CONTRIBUT*" "README*" \
+ ".travis.yml" ".eslint*" ".wercker.yml" ".npmignore" \
+ "*.md" "*.markdown" "*.bat" "*.cmd"; do
+ find_name+=( ${find_exp} "${match}" )
+ done
+
+ # Remove various development and/or inappropriate files and
+ # useless docs of dependend packages.
+ find "${LIBDIR}"/node_modules \
+ \( -type d -name examples \) -or \( -type f \( \
+ -iname "LICEN?E*" \
+ "${find_name[@]}" \
+ \) \) -exec rm -rf "{}" \;
+ fi
+
+ mv "${ED}"/usr/share/doc/node "${ED}"/usr/share/doc/${PF} || die
+}
+
+src_test() {
+ out/${BUILDTYPE}/cctest || die
+ "${PYTHON}" tools/test.py --mode=${BUILDTYPE,,} -J message parallel sequential || die
+}
+
+pkg_postinst() {
+ elog "The global npm config lives in /etc/npm. This deviates slightly"
+ elog "from upstream which otherwise would have it live in /usr/etc/."
+ elog ""
+ elog "Protip: When using node-gyp to install native modules, you can"
+ elog "avoid having to download extras by doing the following:"
+ elog "$ node-gyp --nodedir /usr/include/node <command>"
+}