* bug#62177: [PATCH] [WIP] update node to version 16
@ 2023-03-14 6:02 Dr. Arne Babenhauserheide
2023-03-14 10:37 ` Jelle Licht
0 siblings, 1 reply; 3+ messages in thread
From: Dr. Arne Babenhauserheide @ 2023-03-14 6:02 UTC (permalink / raw)
To: 62177
[-- Attachment #1.1: Type: text/plain, Size: 333 bytes --]
Hi,
this is an initial stab at getting node to version 16.
It is far from perfect, but I hope it gives someone a good starting
point to move forward. The llhttp bootstrap fixes are currently
commented out — I’m not sure what these should be doing and how they
interact with node — so this cannot be merged as is.
[-- Attachment #1.2: 0001-WIP-try-to-update-node-to-16.19.0.patch --]
[-- Type: text/x-patch, Size: 5281 bytes --]
From 14d58ab181c9087420a5f955d28d72cb086884fc Mon Sep 17 00:00:00 2001
From: Arne Babenhauserheide <arne_bab@web.de>
Date: Sat, 28 Jan 2023 20:45:16 +0100
Subject: [PATCH] WIP try to update node to 16.19.0
---
gnu/packages/node.scm | 40 +++++++++++++++++++++-------------------
1 file changed, 21 insertions(+), 19 deletions(-)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index be39f3b25a..34d13d849c 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -668,7 +668,7 @@ (define-public node-llparse-bootstrap
(define-public llhttp-bootstrap
(package
(name "llhttp")
- (version "2.1.4")
+ (version "8.1.0")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -677,7 +677,7 @@ (define-public llhttp-bootstrap
(file-name (git-file-name name version))
(sha256
(base32
- "115mwyds9655p76lhglxg2blc1ksgrix6zhigaxnc2q6syy3pa6x"))
+ "1cq3q3jybibppjhhiymdfmnqgbvn77j7b4ks7lil0lrc3vnnp87f"))
(patches (search-patches "llhttp-bootstrap-CVE-2020-8287.patch"))
(modules '((guix build utils)))
(snippet
@@ -738,14 +738,14 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "14.19.3")
+ (version "16.19.0")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
"/node-v" version ".tar.xz"))
(sha256
(base32
- "15691j5zhiikyamiwwd7f282g6d9acfhq91nrwx54xya38gmpx2w"))
+ "01k72p0hp4lhlpz1syd9cbkm2gpfww0hn10xdpmzd4i3x8dfq7sg"))
(modules '((guix build utils)))
(snippet
`(begin
@@ -808,9 +808,12 @@ (define-public node-lts
;; FIXME: These tests fail in the build container, but they don't
;; seem to be indicative of real problems in practice.
(for-each delete-file
- '("test/parallel/test-cluster-master-error.js"
- "test/parallel/test-cluster-master-kill.js"))
+ '("test/parallel/test-cluster-primary-error.js"
+ "test/parallel/test-cluster-primary-kill.js"))
+ ;; requires /bin/sh
+ (delete-file "test/parallel/test-stdin-from-file-spawn.js")
+
;; These require a DNS resolver.
(for-each delete-file
'("test/parallel/test-dns.js"
@@ -818,8 +821,7 @@ (define-public node-lts
;; These tests require networking.
(for-each delete-file
- '("test/parallel/test-https-agent-unref-socket.js"
- "test/parallel/test-corepack-yarn-install.js"))
+ '("test/parallel/test-https-agent-unref-socket.js"))
;; This test is timing-sensitive, and fails sporadically on
;; slow, busy, or even very fast machines.
@@ -847,21 +849,21 @@ (define-public node-lts
;; TLS certificates that are bundled with the source. We want this
;; package to be reproducible forever, so remove those.
;; TODO: Regenerate certs instead.
- (for-each delete-file
+ (for-each (λ(x)(display x)(delete-file x))
'("test/parallel/test-tls-passphrase.js"
"test/parallel/test-tls-server-verify.js"))))
(add-after 'delete-problematic-tests 'replace-llhttp-sources
- (lambda* (#:key inputs #:allow-other-keys)
+ (lambda* (#:key inputs #:allow-other-keys) #f))))))
;; Replace pre-generated llhttp sources
- (let ((llhttp (assoc-ref inputs "llhttp")))
- (copy-file (string-append llhttp "/src/llhttp.c")
- "deps/llhttp/src/llhttp.c")
- (copy-file (string-append llhttp "/src/api.c")
- "deps/llhttp/src/api.c")
- (copy-file (string-append llhttp "/src/http.c")
- "deps/llhttp/src/http.c")
- (copy-file (string-append llhttp "/include/llhttp.h")
- "deps/llhttp/include/llhttp.h"))))))))
+ ;;(let ((llhttp (assoc-ref inputs "llhttp")))
+ ;; (copy-file (string-append llhttp "/src/llhttp.c")
+ ;; "deps/llhttp/src/llhttp.c")
+ ;; (copy-file (string-append llhttp "/src/api.c")
+ ;; "deps/llhttp/src/api.c")
+ ;; (copy-file (string-append llhttp "/src/http.c")
+ ;; "deps/llhttp/src/http.c")
+ ;; (copy-file (string-append llhttp "/include/llhttp.h")
+ ;; "deps/llhttp/include/llhttp.h"))))))))
(native-inputs
(list ;; Runtime dependencies for binaries used as a bootstrap.
c-ares-for-node
--
2.39.2
[-- Attachment #1.3: Type: text/plain, Size: 92 bytes --]
Updating llhttp also needs the CVE-2020-8287 patch to be removed (it is
fixed upstream).
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.4: 0001-gnu-do-not-patch-llhttp-bootstrap-CVE-2020-8287-is-f.patch --]
[-- Type: text/x-patch, Size: 6101 bytes --]
From 4e9e7905a9a8792b164e96aa31e0dcf3945283d2 Mon Sep 17 00:00:00 2001
From: Arne Babenhauserheide <arne_bab@web.de>
Date: Tue, 14 Mar 2023 06:48:38 +0100
Subject: [PATCH] gnu: do not patch llhttp-bootstrap: CVE-2020-8287 is fixed in
node 16 upstream.
---
gnu/local.mk | 1 -
gnu/packages/node.scm | 1 -
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ------------------
3 files changed, 102 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 403c5f483e..0efa292322 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1492,7 +1492,6 @@ dist_patch_DATA = \
%D%/packages/patches/linuxdcpp-openssl-1.1.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/lirc-reproducible-build.patch \
- %D%/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch \
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
%D%/packages/patches/llvm-3.6-fix-build-with-gcc-10.patch \
%D%/packages/patches/llvm-3.x.1-fix-build-with-gcc.patch \
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 34d13d849c..774c0b3ae8 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -678,7 +678,6 @@ (define-public llhttp-bootstrap
(sha256
(base32
"1cq3q3jybibppjhhiymdfmnqgbvn77j7b4ks7lil0lrc3vnnp87f"))
- (patches (search-patches "llhttp-bootstrap-CVE-2020-8287.patch"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
deleted file mode 100644
index 215c920e53..0000000000
--- a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-This patch comes from upstream. It corresponds to a patch applied to
-the generated C source code for llhttp included in Node.js 14.16.0
-(see commit 641f786bb1a1f6eb1ff8750782ed939780f2b31a). That commit
-fixes CVE-2020-8287. With this patch, the output of our
-llhttp-bootstrap package matches the files included in Node.js 14.16.0
-exactly.
-
-commit e9b36ea64709c35ca66094d5cf3787f444029601
-Author: Fedor Indutny <fedor@indutny.com>
-Date: Sat Oct 10 19:56:01 2020 -0700
-
- http: unset `F_CHUNKED` on new `Transfer-Encoding`
-
- Duplicate `Transfer-Encoding` header should be a treated as a single,
- but with original header values concatenated with a comma separator. In
- the light of this, even if the past `Transfer-Encoding` ended with
- `chunked`, we should be not let the `F_CHUNKED` to leak into the next
- header, because mere presence of another header indicates that `chunked`
- is not the last transfer-encoding token.
-
-diff --git a/src/llhttp/http.ts b/src/llhttp/http.ts
-index f4f1a6e..0a0c365 100644
---- a/src/llhttp/http.ts
-+++ b/src/llhttp/http.ts
-@@ -460,11 +460,19 @@ export class HTTP {
- .match([ ' ', '\t' ], n('header_value_discard_ws'))
- .otherwise(checkContentLengthEmptiness);
-
-+ // Multiple `Transfer-Encoding` headers should be treated as one, but with
-+ // values separate by a comma.
-+ //
-+ // See: https://tools.ietf.org/html/rfc7230#section-3.2.2
-+ const toTransferEncoding = this.unsetFlag(
-+ FLAGS.CHUNKED,
-+ 'header_value_te_chunked');
-+
- n('header_value_start')
- .otherwise(this.load('header_state', {
- [HEADER_STATE.UPGRADE]: this.setFlag(FLAGS.UPGRADE, fallback),
- [HEADER_STATE.TRANSFER_ENCODING]: this.setFlag(
-- FLAGS.TRANSFER_ENCODING, 'header_value_te_chunked'),
-+ FLAGS.TRANSFER_ENCODING, toTransferEncoding),
- [HEADER_STATE.CONTENT_LENGTH]: n('header_value_content_length_once'),
- [HEADER_STATE.CONNECTION]: n('header_value_connection'),
- }, 'header_value'));
-@@ -847,6 +855,11 @@ export class HTTP {
- return span.start(span.end(this.node(next)));
- }
-
-+ private unsetFlag(flag: FLAGS, next: string | Node): Node {
-+ const p = this.llparse;
-+ return p.invoke(p.code.and('flags', ~flag), this.node(next));
-+ }
-+
- private setFlag(flag: FLAGS, next: string | Node): Node {
- const p = this.llparse;
- return p.invoke(p.code.or('flags', flag), this.node(next));
-diff --git a/test/request/transfer-encoding.md b/test/request/transfer-encoding.md
-index a7d1681..b0891d6 100644
---- a/test/request/transfer-encoding.md
-+++ b/test/request/transfer-encoding.md
-@@ -353,6 +353,38 @@ off=106 headers complete method=3 v=1/1 flags=200 content_length=0
- off=106 error code=15 reason="Request has invalid `Transfer-Encoding`"
- ```
-
-+## POST with `chunked` and duplicate transfer-encoding
-+
-+<!-- meta={"type": "request", "noScan": true} -->
-+```http
-+POST /post_identity_body_world?q=search#hey HTTP/1.1
-+Accept: */*
-+Transfer-Encoding: chunked
-+Transfer-Encoding: deflate
-+
-+World
-+```
-+
-+```log
-+off=0 message begin
-+off=5 len=38 span[url]="/post_identity_body_world?q=search#hey"
-+off=44 url complete
-+off=54 len=6 span[header_field]="Accept"
-+off=61 header_field complete
-+off=62 len=3 span[header_value]="*/*"
-+off=67 header_value complete
-+off=67 len=17 span[header_field]="Transfer-Encoding"
-+off=85 header_field complete
-+off=86 len=7 span[header_value]="chunked"
-+off=95 header_value complete
-+off=95 len=17 span[header_field]="Transfer-Encoding"
-+off=113 header_field complete
-+off=114 len=7 span[header_value]="deflate"
-+off=123 header_value complete
-+off=125 headers complete method=3 v=1/1 flags=200 content_length=0
-+off=125 error code=15 reason="Request has invalid `Transfer-Encoding`"
-+```
-+
- ## POST with `chunked` before other transfer-coding (lenient)
-
- TODO(indutny): should we allow it even in lenient mode? (Consider disabling
--
2.39.2
[-- Attachment #1.5: Type: text/plain, Size: 103 bytes --]
Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 1125 bytes --]
^ permalink raw reply related [flat|nested] 3+ messages in thread
* bug#62177: [PATCH] [WIP] update node to version 16
2023-03-14 6:02 bug#62177: [PATCH] [WIP] update node to version 16 Dr. Arne Babenhauserheide
@ 2023-03-14 10:37 ` Jelle Licht
2023-03-14 16:08 ` Dr. Arne Babenhauserheide
0 siblings, 1 reply; 3+ messages in thread
From: Jelle Licht @ 2023-03-14 10:37 UTC (permalink / raw)
To: Dr. Arne Babenhauserheide, 62177
Hi Dr. Arne,
"Dr. Arne Babenhauserheide" <arne_bab@web.de> writes:
> Hi,
>
>
> this is an initial stab at getting node to version 16.
[snip]
Issue 59188 (https://issues.guix.gnu.org/59188) already updates node to
the 18.X LTS series. Would that version also work for you, or do you
have a specific need for the 16.X series? I ask because the "active" LTS
version is 18, while the 16 "maintenance" LTS window already closes on
2023-09-11, which is (IMHO) pretty soon.
- Jelle
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#62177: [PATCH] [WIP] update node to version 16
2023-03-14 10:37 ` Jelle Licht
@ 2023-03-14 16:08 ` Dr. Arne Babenhauserheide
0 siblings, 0 replies; 3+ messages in thread
From: Dr. Arne Babenhauserheide @ 2023-03-14 16:08 UTC (permalink / raw)
To: Jelle Licht; +Cc: 62177
[-- Attachment #1: Type: text/plain, Size: 541 bytes --]
Hi Jelle,
Jelle Licht <jlicht@fsfe.org> writes:
> Issue 59188 (https://issues.guix.gnu.org/59188) already updates node to
> the 18.X LTS series. Would that version also work for you, or do you
> have a specific need for the 16.X series? I ask because the "active" LTS
> version is 18, while the 16 "maintenance" LTS window already closes on
> 2023-09-11, which is (IMHO) pretty soon.
Version 18 is even better :-)
Thank you!
Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 1125 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-14 16:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-14 6:02 bug#62177: [PATCH] [WIP] update node to version 16 Dr. Arne Babenhauserheide
2023-03-14 10:37 ` Jelle Licht
2023-03-14 16:08 ` Dr. Arne Babenhauserheide
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).