diff --git a/.gitignore b/.gitignore index cb979df..ac7ecb2 100644 --- a/.gitignore +++ b/.gitignore @@ -51,3 +51,5 @@ /node-v18.19.0-stripped.tar.gz /icu4c-73_2-src.tgz /undici-5.26.4.tar.gz +/node-v18.19.1-stripped.tar.gz +/undici-5.28.3.tar.gz diff --git a/nodejs.spec b/nodejs.spec index 9e9916a..624ed49 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -41,7 +41,7 @@ %global nodejs_epoch 1 %global nodejs_major 18 %global nodejs_minor 19 -%global nodejs_patch 0 +%global nodejs_patch 1 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 108 @@ -68,7 +68,7 @@ %global c_ares_version 1.20.1 # llhttp - from deps/llhttp/include/llhttp.h -%global llhttp_version 6.0.11 +%global llhttp_version 6.1.0 # libuv - from deps/uv/include/uv/version.h %global libuv_version 1.44.2 @@ -126,7 +126,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 10.2.3 +%global npm_version 10.2.4 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -181,10 +181,10 @@ Source101: cjs-module-lexer-1.2.2.tar.gz Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.26.4.tar.gz -# Adjustments: rm -f undici-5.26.4/lib/llhttp/llhttp*.wasm +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz +# Adjustments: rm -f undici-5.28.3/lib/llhttp/llhttp*.wasm # Build uses alpine image, see alpine for sources for wasi-sdk -Source102: undici-5.26.4.tar.gz +Source102: undici-5.28.3.tar.gz # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch @@ -628,6 +628,11 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod %changelog +* Tue Mar 05 2024 Lukas Javorsky - 1:18.19.1-1 +- Rebase to version 18.19.1 +- Fixes: CVE-2024-21892 CVE-2024-22019 (high) +- Fixes: CVE-2023-46809 (medium) + * Thu Jan 18 2024 Jan Staněk - 1:18.19.0-1 - Rebase to version 18.19.0 Resolves: RHEL-21436 diff --git a/sources b/sources index 98ada6d..81874c2 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ -SHA512 (node-v18.19.0-stripped.tar.gz) = 681b7cae685b40828b3f3325d08bf3de78dfa37668c55f7cbfee363187c50bfd1b557d8faf81b5f86c211af7799e04cf550c7748c0acb2d8aab16820ca51e024 +SHA512 (node-v18.19.1-stripped.tar.gz) = 9cba0054d8be1e024f69c1e6d9d6931b4168ca3752fa421154f62243086786837016edd512de8a7839560f01ecad95bd4137521f4a2b52f0466e5a963b6d3e05 SHA512 (icu4c-73_2-src.tgz) = 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62 -SHA512 (undici-5.26.4.tar.gz) = 88849f1c60e594f4e3a1193df60ec5551ec4b51c8efa200f8efab96c507509152627be29bfb8642b1f44ac09e95e4c5aa00e34974d001bd1c390a9b0ca5502b5 -SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb +SHA512 (undici-5.28.3.tar.gz) = 1626128b41411447f519a605c3570c875a4c26b493cc3175b04ec54836450d23635813c93758b229f971a4b26096c0d497e13c91da4a40134536fece964ebb0b +SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 0437378a087a43044b64e6b2e66426e429d87ed3f24a225d20ddc8fedda25917ba7db04a9d41207c59d20f0e6764837dad09393e5b8f92e361941a60ac5edd80 SHA512 (wasi-sdk-11.0-linux.tar.gz) = e3ed4597f7f2290967eef6238e9046f60abbcb8633a4a2a51525d00e7393df8df637a98a5b668217d332dd44fcbf2442ec7efd5e65724e888d90611164451e20