# Contributor: Jose-Luis Rivas # Contributor: Jakub Jirutka # Contributor: Dave Esaias # Contributor: Tadahisa Kamijo # Contributor: Eivind Uggedal # Maintainer: Jakub Jirutka # # secfixes: # 18.14.1-r0: # - CVE-2023-23918 # - CVE-2023-23919 # - CVE-2023-23920 # - CVE-2023-23936 # - CVE-2023-24807 # 18.12.1-r0: # - CVE-2022-3602 # - CVE-2022-3786 # - CVE-2022-43548 # 16.17.1-r0: # - CVE-2022-32213 # - CVE-2022-32214 # - CVE-2022-32215 # - CVE-2022-35255 # - CVE-2022-35256 # 16.13.2-r0: # - CVE-2021-44531 # - CVE-2021-44532 # - CVE-2021-44533 # - CVE-2022-21824 # 14.18.1-r0: # - CVE-2021-22959 # - CVE-2021-22960 # 14.17.6-r0: # - CVE-2021-37701 # - CVE-2021-37712 # - CVE-2021-37713 # - CVE-2021-39134 # - CVE-2021-39135 # 14.17.5-r0: # - CVE-2021-3672 # - CVE-2021-22931 # - CVE-2021-22939 # 14.17.4-r0: # - CVE-2021-22930 # 14.16.1-r0: # - CVE-2020-7774 # 14.16.0-r0: # - CVE-2021-22883 # - CVE-2021-22884 # 14.15.5-r0: # - CVE-2021-21148 # 14.15.4-r0: # - CVE-2020-8265 # - CVE-2020-8287 # 14.15.1-r0: # - CVE-2020-8277 # 12.18.4-r0: # - CVE-2020-8201 # - CVE-2020-8252 # 12.18.0-r0: # - CVE-2020-8172 # - CVE-2020-11080 # - CVE-2020-8174 # 12.15.0-r0: # - CVE-2019-15606 # - CVE-2019-15605 # - CVE-2019-15604 # 10.16.3-r0: # - CVE-2019-9511 # - CVE-2019-9512 # - CVE-2019-9513 # - CVE-2019-9514 # - CVE-2019-9515 # - CVE-2019-9516 # - CVE-2019-9517 # - CVE-2019-9518 # 10.15.3-r0: # - CVE-2019-5737 # 10.14.0-r0: # - CVE-2018-12121 # - CVE-2018-12122 # - CVE-2018-12123 # - CVE-2018-0735 # - CVE-2018-0734 # 8.11.4-r0: # - CVE-2018-12115 # 8.11.3-r0: # - CVE-2018-7167 # - CVE-2018-7161 # - CVE-2018-1000168 # 8.11.0-r0: # - CVE-2018-7158 # - CVE-2018-7159 # - CVE-2018-7160 # 8.9.3-r0: # - CVE-2017-15896 # - CVE-2017-15897 # 6.11.5-r0: # - CVE-2017-14919 # 6.11.1-r0: # - CVE-2017-1000381 # 0: # - CVE-2021-43803 # - CVE-2022-32212 pkgname=nodejs # Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)! # Odd-numbered versions are supported only for 9 months by upstream. pkgver=18.17.0 pkgrel=0 pkgdesc="JavaScript runtime built on V8 engine - LTS version" url="https://nodejs.org/" arch="all" license="MIT" depends="ca-certificates" makedepends=" brotli-dev c-ares-dev icu-dev linux-headers nghttp2-dev openssl-dev py3-jinja2 python3 samurai zlib-dev " install="$pkgname.post-upgrade" subpackages="$pkgname-dev $pkgname-doc" provider_priority=100 # highest priority (other provider is nodejs-current) provides="nodejs-lts=$pkgver-r$pkgrel" # for backward compatibility replaces="nodejs-current nodejs-lts" # nodejs-lts for backward compatibility source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz disable-running-gyp-on-shared-deps.patch fix-build-with-system-c-ares.patch " builddir="$srcdir/node-v$pkgver" prepare() { default_prepare # openssl.cnf is required for build. mv deps/openssl/nodejs-openssl.cnf . # Remove bundled dependencies that we're not using. rm -rf deps/brotli \ deps/cares \ deps/corepack \ deps/openssl/* \ deps/v8/third_party/jinja2 \ deps/zlib \ tools/inspector_protocol/jinja2 mv nodejs-openssl.cnf deps/openssl/ # the build system tries to import from the riscv folder for some reason # the push_registers_asm.cc has definitions fo 64 bit riscv only cp -r deps/v8/src/heap/base/asm/riscv64 deps/v8/src/heap/base/asm/riscv } build() { # Add defines recommended in libuv readme. local common_flags="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" # Compiling with O2 instead of Os increases binary size by ~10% # (53.1 MiB -> 58.6 MiB), but also increases performance by ~20% # according to v8/web-tooling-benchmark. Node.js is quite huge anyway; # there are better options for size constrained environments. export CFLAGS="${CFLAGS/-Os/-O2} $common_flags" export CXXFLAGS="${CXXFLAGS/-Os/-O2} $common_flags" export CPPFLAGS="${CPPFLAGS/-Os/-O2} $common_flags" # NOTE: We use bundled libuv because they don't care much about backward # compatibility and it has happened several times in past that we # couldn't upgrade nodejs package in stable branches to fix CVEs due to # libuv incompatibility. # # NOTE: We don't package the bundled npm - it's a separate project with # its own release cycle and version numbering, so it's better to keep # it in a standalone aport. # # TODO: Fix and enable corepack. python3 configure.py --prefix=/usr \ --shared-brotli \ --shared-zlib \ --shared-openssl \ --shared-cares \ --shared-nghttp2 \ --ninja \ --openssl-use-def-ca-store \ --with-icu-default-data-dir=$(icu-config --icudatadir) \ --with-intl=system-icu \ --without-corepack \ --without-npm make BUILDTYPE=Release } # TODO Run provided test suite. check() { cd "$builddir"/out/Release ./node -e 'console.log("Hello, world!")' ./node -e "require('assert').equal(process.versions.node, '$pkgver')" } package() { make DESTDIR="$pkgdir" install } dev() { provides="nodejs-lts-dev=$pkgver" # for backward compatibility default_dev } sha512sums=" c8484881bfab3362e606e5e3cfd82de998c8232de07d563c62cae145b04e0acd2e9f9f40fa6e426f0c09b89769a8480ff8d17c99f03c3a444bf5972bd3b70961 node-v18.17.0.tar.gz 8c264eefc0bfa9dd57656f9f515e940d5c21b8d836dc549031ee559ba909643f4f2495b8b392ee9976c5eed7c3b4a09db876bbe0f7fcd5b2bf63fafca37bffc2 disable-running-gyp-on-shared-deps.patch 30ca1ce7f9512c943950b8eec98bca99d24c740ebaa14619292fe5ed931dcf603ca90afb1d704ca7f545e421752ba4dde81c0c5bbb5242eb1726739ca627e15f fix-build-with-system-c-ares.patch "