summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2020-06-10 15:16:55 -0500
committerMax Rees <maxcrees@me.com>2020-06-15 23:20:08 -0500
commitbe8dcd2c36de5df914fa4608e41d70be4b48711a (patch)
tree758074827d68fe7fdc91c249e88f988835931244
parent58a870ecf6ad95286465981d19022c3d25e8a8da (diff)
downloadpackages-be8dcd2c36de5df914fa4608e41d70be4b48711a.tar.gz
packages-be8dcd2c36de5df914fa4608e41d70be4b48711a.tar.bz2
packages-be8dcd2c36de5df914fa4608e41d70be4b48711a.tar.xz
packages-be8dcd2c36de5df914fa4608e41d70be4b48711a.zip
user/node: [CVE] bump to 10.21.0 (#300), unvendor openssl
-rw-r--r--user/node/APKBUILD27
1 files changed, 20 insertions, 7 deletions
diff --git a/user/node/APKBUILD b/user/node/APKBUILD
index d60a359af..c74516b71 100644
--- a/user/node/APKBUILD
+++ b/user/node/APKBUILD
@@ -1,15 +1,16 @@
# Contributor: A. Wilcox <awilfox@adelielinux.org>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=node
-pkgver=10.19.0
+pkgver=10.21.0
pkgrel=0
pkgdesc="JavaScript runtime"
url="https://nodejs.org/"
arch="all"
-license="MIT AND ICU AND BSD-3-Clause AND BSD-2-Clause AND ISC AND OpenSSL AND Public-Domain AND Zlib AND Artistic-2.0 AND Apache-2.0 AND CC0-1.0"
+options="net" # Required in check()
+license="MIT AND ICU AND BSD-3-Clause AND BSD-2-Clause AND ISC AND Public-Domain AND Zlib AND Artistic-2.0 AND Apache-2.0 AND CC0-1.0"
depends=""
makedepends="c-ares-dev http-parser-dev icu-dev libexecinfo-dev libuv-dev
- nghttp2-dev python3 zlib-dev"
+ nghttp2-dev>=1.41 openssl-dev python3 zlib-dev"
subpackages="$pkgname-dev $pkgname-doc"
source="https://nodejs.org/download/release/v$pkgver/node-v$pkgver.tar.xz
https://www.python.org/ftp/python/2.7.15/Python-2.7.15.tar.xz
@@ -30,11 +31,15 @@ builddir="$srcdir/$pkgname-v$pkgver"
# - CVE-2019-9516
# - CVE-2019-9517
# - CVE-2019-9518
+# 10.21.0-r0:
+# - CVE-2020-7598
+# - CVE-2020-8174
unpack() {
default_unpack
[ -z $SKIP_PYTHON ] || return 0
+ # TODO: when bumping to 12.x, python3 should be usable
msg "Killing all remaining hope for humanity and building Python 2..."
cd "$srcdir/Python-2.7.15"
[ -d ../python ] && rm -r ../python
@@ -47,7 +52,6 @@ unpack() {
build() {
export PATH="$srcdir/python/bin:$PATH"
- # We can't use --shared-openssl until 1.1 is available.
python ./configure.py \
--prefix=/usr \
--with-intl=system-icu \
@@ -55,15 +59,24 @@ build() {
--shared-http-parser \
--shared-libuv \
--shared-nghttp2 \
- --openssl-no-asm \
+ --shared-openssl \
+ --openssl-use-def-ca-store \
--shared-zlib
# keep DESTDIR set, to avoid a full rebuild in package()
make DESTDIR="$pkgdir"
}
check() {
+ case "$CARCH" in
+ pmmx)
+ # https://bts.adelielinux.org/show_bug.cgi?id=306
+ _skip="parallel/test-http-invalid-te,parallel/test-worker-stdio"
+ ;;
+ esac
+
export PATH="$srcdir/python/bin:$PATH"
- make DESTDIR="$pkgdir" test-only
+ make DESTDIR="$pkgdir" test-only \
+ ${_skip:+CI_SKIP_TESTS="$_skip"}
}
package() {
@@ -71,7 +84,7 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="512efc58415ed789938c434af131d76bdd51772cac9f7e380afaa79d83cc9c433a979068fc7272adba6ba6551d195267978e1fc819236926b0d1fd6cf91c5eee node-v10.19.0.tar.xz
+sha512sums="613d3c1bca79ea5f127dc6793de2b5cfdfa056c01ec092e3b7ee79205894b21ca5ec4a367265122641dd1d360c675cfb36a4f7892894194ddd18abd1b2206544 node-v10.21.0.tar.xz
27ea43eb45fc68f3d2469d5f07636e10801dee11635a430ec8ec922ed790bb426b072da94df885e4dfa1ea8b7a24f2f56dd92f9b0f51e162330f161216bd6de6 Python-2.7.15.tar.xz
8f64922d586bce9d82c83042a989739cc55ecc5e015778cdfbda21c257aa50527ddb18740985bcb2068e4a749b71eb8a135d9a8152b374d361589df7f33c9b60 libatomic.patch
6d37794c7c78ef92ebb845852af780e22dc8c14653b63a8609c21ab6860877b9dffc5cf856a8516b7978ec704f312c0627075c6440ace55d039f95bdc4c85add ppc32.patch