blob: d163530c6e62e1d22dde8059ad55cd649bdb2ead (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
|
# Contributor: Jose-Luis Rivas <ghostbar@riseup.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Dave Esaias <dave@containership.io>
# Contributor: Tadahisa Kamijo <kamijin@live.jp>
# Contributor: Eivind Uggedal <eu@eju.no>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
# 20.12.1-r0:
# - CVE-2024-27982
# - CVE-2024-27983
# 18.18.2-r0:
# - CVE-2023-45143
# - CVE-2023-38552
# - CVE-2023-39333
# 18.17.1-r0:
# - CVE-2023-32002
# - CVE-2023-32006
# - CVE-2023-32559
# 18.14.1-r0:
# - CVE-2023-23918
# - CVE-2023-23919
# - CVE-2023-23920
# - CVE-2023-23936
# - CVE-2023-24807
# 18.12.1-r0:
# - CVE-2022-3602
# - CVE-2022-3786
# - CVE-2022-43548
# 16.17.1-r0:
# - CVE-2022-32213
# - CVE-2022-32214
# - CVE-2022-32215
# - CVE-2022-35255
# - CVE-2022-35256
# 16.13.2-r0:
# - CVE-2021-44531
# - CVE-2021-44532
# - CVE-2021-44533
# - CVE-2022-21824
# 14.18.1-r0:
# - CVE-2021-22959
# - CVE-2021-22960
# 14.17.6-r0:
# - CVE-2021-37701
# - CVE-2021-37712
# - CVE-2021-37713
# - CVE-2021-39134
# - CVE-2021-39135
# 14.17.5-r0:
# - CVE-2021-3672
# - CVE-2021-22931
# - CVE-2021-22939
# 14.17.4-r0:
# - CVE-2021-22930
# 14.16.1-r0:
# - CVE-2020-7774
# 14.16.0-r0:
# - CVE-2021-22883
# - CVE-2021-22884
# 14.15.5-r0:
# - CVE-2021-21148
# 14.15.4-r0:
# - CVE-2020-8265
# - CVE-2020-8287
# 14.15.1-r0:
# - CVE-2020-8277
# 12.18.4-r0:
# - CVE-2020-8201
# - CVE-2020-8252
# 12.18.0-r0:
# - CVE-2020-8172
# - CVE-2020-11080
# - CVE-2020-8174
# 12.15.0-r0:
# - CVE-2019-15606
# - CVE-2019-15605
# - CVE-2019-15604
# 10.16.3-r0:
# - CVE-2019-9511
# - CVE-2019-9512
# - CVE-2019-9513
# - CVE-2019-9514
# - CVE-2019-9515
# - CVE-2019-9516
# - CVE-2019-9517
# - CVE-2019-9518
# 10.15.3-r0:
# - CVE-2019-5737
# 10.14.0-r0:
# - CVE-2018-12121
# - CVE-2018-12122
# - CVE-2018-12123
# - CVE-2018-0735
# - CVE-2018-0734
# 8.11.4-r0:
# - CVE-2018-12115
# 8.11.3-r0:
# - CVE-2018-7167
# - CVE-2018-7161
# - CVE-2018-1000168
# 8.11.0-r0:
# - CVE-2018-7158
# - CVE-2018-7159
# - CVE-2018-7160
# 8.9.3-r0:
# - CVE-2017-15896
# - CVE-2017-15897
# 6.11.5-r0:
# - CVE-2017-14919
# 6.11.1-r0:
# - CVE-2017-1000381
# 0:
# - CVE-2021-43803
# - CVE-2022-32212
# - CVE-2023-44487
pkgname=nodejs
# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
# Odd-numbered versions are supported only for 9 months by upstream.
pkgver=20.12.2
pkgrel=0
pkgdesc="JavaScript runtime built on V8 engine - LTS version"
url="https://nodejs.org/"
arch="all"
license="MIT"
depends="ca-certificates"
makedepends="
ada-dev
base64-dev
brotli-dev
c-ares-dev
icu-dev
linux-headers
nghttp2-dev
openssl-dev
py3-jinja2
python3
samurai
zlib-dev
"
install="$pkgname.post-upgrade"
subpackages="
$pkgname-dev
$pkgname-libs
$pkgname-doc
"
provider_priority=100 # highest priority (other provider is nodejs-current)
provides="nodejs-lts=$pkgver-r$pkgrel" # for backward compatibility
replaces="nodejs-current nodejs-lts" # nodejs-lts for backward compatibility
source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz
disable-running-gyp-on-shared-deps.patch
system-ada.patch
system-base64.patch
base64.gyp
$pkgname.pc.in
"
builddir="$srcdir/node-v$pkgver"
prepare() {
default_prepare
# openssl.cnf is required for build.
mv deps/openssl/nodejs-openssl.cnf .
# Remove bundled dependencies that we're not using.
#
# NOTE: nghttp3 and ngtcp2 are only used when building with OpenSSL
# that supports QUIC. After the QUIC support is added to openssl, add
# options --shared-nghttp3 and --shared-ngtcp2.
rm -rf deps/ada/*.cpp \
deps/base64/* \
deps/brotli \
deps/cares \
deps/corepack \
deps/nghttp2 \
deps/nghttp3 \
deps/ngtcp2 \
deps/openssl/* \
deps/v8/third_party/jinja2 \
deps/zlib \
tools/inspector_protocol/jinja2
mv nodejs-openssl.cnf deps/openssl/
cp "$srcdir"/base64.gyp deps/base64/
}
build() {
# Add defines recommended in libuv readme.
local common_flags="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
# -Os overwrites the optimizations enabled by BUILDTYPE=Release.
# Compiling with O2 instead of Os increases binary size by ~10%
# (53.1 MiB -> 58.6 MiB), but also increases performance by ~20%
# according to v8/web-tooling-benchmark. Node.js is quite huge anyway;
# there are better options for size constrained environments.
export CFLAGS="${CFLAGS/-Os} $common_flags"
export CXXFLAGS="${CXXFLAGS/-Os} $common_flags"
export CPPFLAGS="${CPPFLAGS/-Os} $common_flags"
# When building shared libnode.so, the resulting package size is +15 %
# (~8 MiB), so we rather build it twice to keep the node binary smaller
# (there are currently no packages using libnode.so).
msg 'Building node binary'
_build
cp out/Release/node out/
msg 'Building libnode.so'
_build --shared
cp out/Release/lib/libnode.so* out/Release/
sed "s/@VERSION@/$pkgver/" "$srcdir"/$pkgname.pc.in > out/Release/$pkgname.pc
}
_build() {
# NOTE: We use bundled libuv because they don't care much about backward
# compatibility and it has happened several times in past that we
# couldn't upgrade nodejs package in stable branches to fix CVEs due to
# libuv incompatibility.
#
# NOTE: We don't package the bundled npm - it's a separate project with
# its own release cycle and version numbering, so it's better to keep
# it in a standalone aport.
#
# TODO: Fix and enable corepack.
python3 configure.py \
--prefix=/usr \
--ninja \
--enable-lto \
--shared-brotli \
--shared-zlib \
--shared-openssl \
--shared-cares \
--shared-nghttp2 \
--openssl-use-def-ca-store \
--with-icu-default-data-dir=$(icu-config --icudatadir) \
--with-intl=system-icu \
--without-corepack \
--without-npm \
"$@"
make BUILDTYPE=Release
}
# TODO Run provided test suite.
check() {
cd "$builddir"/out/Release
./node -e 'console.log("Hello, world!")'
./node -e "require('assert').equal(process.versions.node, '$pkgver')"
./node -e 'require("assert").equal(
Buffer.from(Buffer.from("foo").toString("base64"), "base64").toString("ascii"),
"foo")'
}
package() {
make DESTDIR="$pkgdir" install
# node binary built without libnode.so.
install -D -m755 out/node -t "$pkgdir"/usr/bin/
install -D -m644 out/Release/$pkgname.pc -t "$pkgdir"/usr/lib/pkgconfig/
(cd "$pkgdir"/usr/lib; ln -sf libnode.so.* libnode.so)
}
dev() {
provides="nodejs-lts-dev=$pkgver" # for backward compatibility
default_dev
}
sha512sums="
25d35c0be251e557ba8b3115b75f38aa20000e2abcabcfd40143528c64d4db8a1eba338847f90be539e4918e62fb52840ff0ae9a8f5224f03335fc28d575cb36 node-v20.12.2.tar.gz
8c264eefc0bfa9dd57656f9f515e940d5c21b8d836dc549031ee559ba909643f4f2495b8b392ee9976c5eed7c3b4a09db876bbe0f7fcd5b2bf63fafca37bffc2 disable-running-gyp-on-shared-deps.patch
4fc09500212ebc178801e7419c840ccebc239ff06edcb28910315e39bfc772a3967f5ff2abff03845269e730643be161134ac95bab899069fa57dd64be98defa system-ada.patch
94db1f150cb962bf19f42e0ef7cec2c0e007d1909611d03a393095720cc8db58322e638ea3c3280b4412f47615963c88e69c71b4c5adf84292b9fc7f3be3b110 system-base64.patch
bb0f74d8fb1ef07fd457670b9073a3cecadb3ac7d4fea008e8f17c091a62d15ef50646be457a50ac24c4129085d4da21beedd03af0739dded5d636916482f082 base64.gyp
f908fa93f6194ec4f6c5e9d76ed7c918721c7f5d46afcc12de1f84683c185401a27a174b7a7c6a76085a4d0826f964e7088bf5596d4e6901a15bf751846299a6 nodejs.pc.in
"
|
