diff --git a/.gitignore b/.gitignore index 1026205..30581c1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/icu4c-75_1-data-bin-b.zip -SOURCES/icu4c-75_1-data-bin-l.zip -SOURCES/node-v22.4.1-stripped.tar.gz +SOURCES/icu4c-76_1-data-bin-b.zip +SOURCES/icu4c-76_1-data-bin-l.zip +SOURCES/node-v22.13.1-stripped.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 375ac99..b69b208 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,3 +1,3 @@ -6c7291d88272d84fdadf1395166acd40dd12f623 SOURCES/icu4c-75_1-data-bin-b.zip -ef164aa671780d004e304b4c789b05450e912304 SOURCES/icu4c-75_1-data-bin-l.zip -cd053741b2f50dc3c9c54f5014a0480978f9cb16 SOURCES/node-v22.4.1-stripped.tar.gz +d1c5586e6733b5c4790d05a76d47ad159ff31e9b SOURCES/icu4c-76_1-data-bin-b.zip +547c6ffcb7833b1a14abd6114e0a1722144d410a SOURCES/icu4c-76_1-data-bin-l.zip +20a992fe68e168bd5600ccc2bfe4e315b6db6e4b SOURCES/node-v22.13.1-stripped.tar.gz diff --git a/SOURCES/nodejs-sources.sh b/SOURCES/nodejs-tarball.sh similarity index 56% rename from SOURCES/nodejs-sources.sh rename to SOURCES/nodejs-tarball.sh index c832ca5..a908c63 100755 --- a/SOURCES/nodejs-sources.sh +++ b/SOURCES/nodejs-tarball.sh @@ -3,24 +3,23 @@ # arguments, make sure to call # `argbash nodejs-tarball.sh -o nodejs-tarball.sh` -# ARG_POSITIONAL_SINGLE([version],[Node.js release version]) -# ARG_OPTIONAL_BOOLEAN([push],[],[Whether to upload to the lookaside cache],[on]) -# ARG_OPTIONAL_BOOLEAN([debug],[],[Print all commands],[off]) +# ARG_POSITIONAL_SINGLE([version],[Node.js release version],[""]) # ARG_DEFAULTS_POS([]) # ARG_HELP([Tool to aid in Node.js packaging of new releases]) # ARGBASH_GO() # needed because of Argbash --> m4_ignore([ -### START OF CODE GENERATED BY Argbash v2.10.0 one line above ### +### START OF CODE GENERATED BY Argbash v2.8.1 one line above ### # Argbash is a bash code generator used to get arguments parsing right. # Argbash is FREE SOFTWARE, see https://argbash.io for more info die() { - local _ret="${2:-1}" - test "${_PRINT_HELP:-no}" = yes && print_help >&2 + local _ret=$2 + test -n "$_ret" || _ret=1 + test "$_PRINT_HELP" = yes && print_help >&2 echo "$1" >&2 - exit "${_ret}" + exit ${_ret} } @@ -33,19 +32,15 @@ begins_with_short_option() # THE DEFAULTS INITIALIZATION - POSITIONALS _positionals=() -_arg_version= +_arg_version="" # THE DEFAULTS INITIALIZATION - OPTIONALS -_arg_push="on" -_arg_debug="off" print_help() { printf '%s\n' "Tool to aid in Node.js packaging of new releases" - printf 'Usage: %s [--(no-)push] [--(no-)debug] [-h|--help] \n' "$0" - printf '\t%s\n' ": Node.js release version" - printf '\t%s\n' "--push, --no-push: Whether to upload to the lookaside cache (on by default)" - printf '\t%s\n' "--debug, --no-debug: Print all commands (off by default)" + printf 'Usage: %s [-h|--help] []\n' "$0" + printf '\t%s\n' ": Node.js release version (default: '""')" printf '\t%s\n' "-h, --help: Prints help" } @@ -57,14 +52,6 @@ parse_commandline() do _key="$1" case "$_key" in - --no-push|--push) - _arg_push="on" - test "${1:0:5}" = "--no-" && _arg_push="off" - ;; - --no-debug|--debug) - _arg_debug="on" - test "${1:0:5}" = "--no-" && _arg_debug="off" - ;; -h|--help) print_help exit 0 @@ -86,9 +73,7 @@ parse_commandline() handle_passed_args_count() { - local _required_args_string="'version'" - test "${_positionals_count}" -ge 1 || _PRINT_HELP=yes die "FATAL ERROR: Not enough positional arguments - we require exactly 1 (namely: $_required_args_string), but got only ${_positionals_count}." 1 - test "${_positionals_count}" -le 1 || _PRINT_HELP=yes die "FATAL ERROR: There were spurious positional arguments --- we expect exactly 1 (namely: $_required_args_string), but got ${_positionals_count} (the last one was: '${_last_positional}')." 1 + test "${_positionals_count}" -le 1 || _PRINT_HELP=yes die "FATAL ERROR: There were spurious positional arguments --- we expect between 0 and 1, but got ${_positionals_count} (the last one was: '${_last_positional}')." 1 } @@ -115,78 +100,33 @@ assign_positional_args 1 "${_positionals[@]}" ### END OF CODE GENERATED BY Argbash (sortof) ### ]) # [ <-- needed because of Argbash -if [ $_arg_debug = 'on' ]; then - set -x -fi - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - -alias wget='wget --quiet' - -packages=("jq" "wget" "tar" "fedpkg" "grep" "sed" "python3-jinja2-cli" "nodejs") - -rpm -q ${packages[@]} >/dev/null -if [ $? -ne 0 ]; then - sudo dnf -y install ${packages[@]} -fi set -e -version=$_arg_version +echo $_arg_version -NODE_MAJOR=$(echo $version | cut -d. -f1) -NODE_MINOR=$(echo $version | cut -d. -f2) -NODE_PATCH=$(echo $version | cut -d. -f3) - -# Treat odd-numbered major releases as pre-releases for the -# next LTS release. -if [[ $((NODE_MAJOR % 2)) -eq 0 ]]; - then NODE_PKG_MAJOR=${NODE_MAJOR}; - else NODE_PKG_MAJOR=$((NODE_MAJOR + 1)); +if [ x$_arg_version != x ]; then + version=$_arg_version +else + version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1) fi -FEDORA_DEFAULT_RELEASE_LOW=$((NODE_PKG_MAJOR + 19)) -FEDORA_DEFAULT_RELEASE_HIGH=$((NODE_PKG_MAJOR + 20)) - -if [[ $((NODE_PKG_MAJOR)) -eq 20 ]] - then RHEL_DEFAULT_RELEASE=" || 0%{?rhel} == 10" -elif [[ $((NODE_PKG_MAJOR)) -eq 22 ]]; - then RHEL_DEFAULT_RELEASE=" || 0%{?rhel} == 11" -fi - -rm -rf node-v${version}.tar.gz \ - node-v${version}-stripped.tar.gz \ - node-v${version}/ \ - wasi-sdk-* \ - cjs-module-lexer* \ - undici* \ - SHASUMS256.txt -echo Downloading node-v${version}.tar.gz +rm -f node-v${version}.tar.gz node-v${version}-stripped.tar.gz wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz \ http://nodejs.org/dist/v${version}/SHASUMS256.txt -echo Validating sha256sum sha256sum -c SHASUMS256.txt --ignore-missing -rm -f SHASUMS256.txt tar -zxf node-v${version}.tar.gz - -# Remove bundled OpenSSL -# We will link to the system version rm -rf node-v${version}/deps/openssl tar -zcf node-v${version}-stripped.tar.gz node-v${version} -# Record the bundled cjs-module-lexer version -LEXER_VERSION=$(jq -r '.version' node-v${version}/deps/cjs-module-lexer/package.json) - -# Record the bundled undici version -UNDICI_VERSION=$(jq -r '.version' node-v${version}/deps/undici/src/package.json) - +# Download the ICU binary data files ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g') ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g') - -# Download the ICU binary data files rm -Rf icu4c-${ICU_MAJOR}_${ICU_MINOR}-data-bin-*.zip -wget $(grep Source3 packaging/nodejs.spec.j2 | sed --expression="s/.*http/http/g" --expression="s/\(\%{icu_major}\)/${ICU_MAJOR}/g" --expression="s/\(\%{icu_minor}\)/${ICU_MINOR}/g") -wget $(grep Source4 packaging/nodejs.spec.j2 | sed --expression="s/.*http/http/g" --expression="s/\(\%{icu_major}\)/${ICU_MAJOR}/g" --expression="s/\(\%{icu_minor}\)/${ICU_MINOR}/g") +wget $(grep Source3 nodejs.spec | sed --expression="s/.*http/http/g" --expression="s/\(\%{icu_major}\)/${ICU_MAJOR}/g" --expression="s/\(\%{icu_minor}\)/${ICU_MINOR}/g") +wget $(grep Source4 nodejs.spec | sed --expression="s/.*http/http/g" --expression="s/\(\%{icu_major}\)/${ICU_MAJOR}/g" --expression="s/\(\%{icu_minor}\)/${ICU_MINOR}/g") + +#fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz rm -f node-v${version}.tar.gz @@ -200,7 +140,10 @@ echo "Node.js version" echo "=========================" echo "${version}" echo -echo "libnode shared object version" +echo "Bundled software versions" +echo "-------------------------" +echo +echo "libnode shared object version (nodejs_soversion)" echo "=========================" NODE_SOVERSION=$(grep -oP '(?<=#define NODE_MODULE_VERSION )\d+' node-v${version}/src/node_version.h) echo "${NODE_SOVERSION}" @@ -251,6 +194,8 @@ echo $NGTCP2_VERSION echo echo "ICU" echo "=========================" +ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g') +ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g') echo "${ICU_MAJOR}.${ICU_MINOR}" echo echo "simdutf" @@ -258,11 +203,27 @@ echo "=========================" SIMDUTF_VERSION=$(grep -oP '(?<=#define SIMDUTF_VERSION ).*\"' node-v${version}/deps/simdutf/simdutf.h |sed -e 's/^"//' -e 's/"$//') echo $SIMDUTF_VERSION echo +echo "ada" +echo "=========================" +ADA_VERSION=$(grep -osP '(?<=#define ADA_VERSION ).*\"' node-v${version}/deps/ada/ada.h |sed -e 's/^"//' -e 's/"$//') +ADA_VERSION=${ADA_VERSION:-0} +echo "${ADA_VERSION}" +echo echo "punycode" echo "=========================" -PUNYCODE_VERSION=$(/usr/bin/node -e "console.log(require('punycode').version)") +PUNYCODE_VERSION=$(grep -oP "'version': '\K[^']+" ./node-v${version}/lib/punycode.js) echo $PUNYCODE_VERSION echo +echo "npm" +echo "=========================" +NPM_VERSION=$(jq -r .version ./node-v${version}/deps/npm/package.json) +echo $NPM_VERSION +echo +echo "corepack" +echo "=========================" +COREPACK_VERSION=$(jq -r .version ./node-v${version}/deps/corepack/package.json) +echo $COREPACK_VERSION +echo echo "uvwasi" echo "=========================" UVWASI_MAJOR=$(grep -oP '(?<=#define UVWASI_VERSION_MAJOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h) @@ -271,77 +232,17 @@ UVWASI_PATCH=$(grep -oP '(?<=#define UVWASI_VERSION_PATCH )\d+' node-v${version} UVWASI_VERSION="${UVWASI_MAJOR}.${UVWASI_MINOR}.${UVWASI_PATCH}" echo $UVWASI_VERSION echo -echo "npm" +echo "histogram_c" echo "=========================" -NPM_VERSION=$(jq -r .version ./node-v${version}/deps/npm/package.json) -echo $NPM_VERSION +HISTOGRAM_VERSION=$(grep -oP '(?<=#define HDR_HISTOGRAM_VERSION ).*\"' node-v${version}/deps/histogram/include/hdr/hdr_histogram_version.h|sed -e 's/^"//' -e 's/"$//') +echo $HISTOGRAM_VERSION echo -echo "zlib" +echo "sqlite" echo "=========================" -ZLIB_VERSION=$(grep -oP '(?<=#define ZLIB_VERSION ).*\"' node-v${version}/deps/zlib/zlib.h |sed -e 's/^"//' -e 's/"$//') -echo $ZLIB_VERSION +SQLITE_VERSION="$(grep -osP '(?<=#define SQLITE_VERSION ).*\"' node-v${version}/deps/sqlite/sqlite3.h |sed -e 's/^\s*"//' -e 's/"\s*$//')" +echo "${SQLITE_VERSION}" echo -echo "cjs-module-lexer" -echo "=========================" -echo "${LEXER_VERSION}" -echo -echo "undici" -echo "=========================" -echo "${UNDICI_VERSION}" -echo -echo "ada" -echo "=========================" -ADA_VERSION=$(grep -osP '(?<=#define ADA_VERSION ).*\"' node-v${version}/deps/ada/ada.h |sed -e 's/^"//' -e 's/"$//') -ADA_VERSION=${ADA_VERSION:-0} -echo "${ADA_VERSION}" -echo -echo "Applying versions to spec template" - -# Get the list of patches we need to add to the specfile -readarray -t patchlist < <(git ls-files |grep '^[0-9]\{4\}-.*\.patch') -json_patchlist=$(jq --compact-output --null-input '$ARGS.positional' --args -- "${patchlist[@]}") - -IFS='' read -r -d '' template_json < ${SCRIPT_DIR}/nodejs${NODE_PKG_MAJOR}.spec - -if [ $_arg_push = 'on' ]; then - fedpkg new-sources node-v${version}-stripped.tar.gz \ - icu4c-${ICU_MAJOR}_${ICU_MINOR}-data-bin-*.zip -fi +echo "Make sure these versions match what is in the RPM spec file" rm -rf node-v${version} # ] <-- needed because of Argbash diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 0583254..6b53c45 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -32,6 +32,9 @@ %bcond_with bundled_zlib %endif +# System SQLite is too old in any RHEL <= 10 +%bcond_without bundled_sqlite + # LTO is currently broken on Node.js builds %define _lto_cflags %{nil} @@ -43,7 +46,7 @@ # This is used by both the nodejs package and the npm subpackage that # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. -%global baserelease 4 +%global baserelease 1 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -54,7 +57,7 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 22 -%global nodejs_minor 4 +%global nodejs_minor 13 %global nodejs_patch 1 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 127 @@ -82,25 +85,25 @@ # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_version 1.31.0 +%global c_ares_version 1.34.4 # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_version 9.2.1 # libuv - from deps/uv/include/uv/version.h -%global libuv_version 1.48.0 +%global libuv_version 1.49.2 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -%global nghttp2_version 1.62.1 +%global nghttp2_version 1.64.0 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h -%global nghttp3_version 0.7.0 +%global nghttp3_version 1.6.0 # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h -%global ngtcp2_version 1.3.0 +%global ngtcp2_version 1.9.1 # ICU - from tools/icu/current_ver.dep -%global icu_major 75 +%global icu_major 76 %global icu_minor 1 %global icu_version %{icu_major}.%{icu_minor} @@ -109,7 +112,7 @@ # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal # simdutf from deps/simdutf/simdutf.h -%global simdutf_version 5.2.8 +%global simdutf_version 5.6.4 # OpenSSL minimum version %global openssl11_minimum 1:1.1.1 @@ -122,7 +125,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 10.8.1 +%global npm_version 10.9.2 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -136,7 +139,10 @@ %global uvwasi_version 0.0.21 # histogram_c - assumed from timestamps -%global histogram_version 0.9.7 +%global histogram_version 0.11.8 + +# sqlite - from deps/sqlite/sqlite3.h +%global sqlite_version 3.47.2 Name: nodejs @@ -160,7 +166,7 @@ Source2: btest402.js # The binary data that icu-small can use to get icu-full capability Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-data-bin-b.zip Source4: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-data-bin-l.zip -Source200: nodejs-sources.sh +Source200: nodejs-tarball.sh Source201: npmrc.builtin.in Source202: nodejs.pc.in Source203: v8.pc.in @@ -331,6 +337,11 @@ BuildRequires: nodejs-undici Requires: nodejs-undici %endif +%if %{with bundled_sqlite} +Provides: bundled(sqlite) = %{sqlite_version} +%else +BuildRequires: pkgconfig(sqlite3) >= 3.45 +%endif @@ -409,7 +420,7 @@ package to save space if non-English locales are not needed. Summary: v8 - development headers Epoch: %{v8_epoch} Version: %{v8_version} -Release: %{v8_release} +Release: %{v8_release}%{?dist} Requires: %{pkgname}-devel%{?_isa} = %{nodejs_envr} Requires: %{pkgname}-libs%{?_isa} = %{nodejs_envr} Provides: v8-devel = %{v8_epoch}:%{v8_version}-%{v8_release} @@ -488,6 +499,10 @@ rm -rf deps/cjs-module-lexer rm -rf deps/undici %endif +%if %{without bundled_sqlite} +rm -rf deps/sqlite +%endif + # Replace any instances of unversioned python with python3 pfiles=( $(grep -rl python) ) %py3_shebang_fix ${pfiles[@]} @@ -551,6 +566,7 @@ export PATH="${cwd}/.bin:$PATH" %{!?with_bundled_undici:--shared-builtin-undici/undici-path %{nodejs_private_sitelib}/undici/loader.js} \ --shared-brotli \ %{!?with_bundled_libuv:--shared-libuv} \ + %{!?with_bundled_sqlite:--shared-sqlite} \ --with-intl=small-icu \ --with-icu-default-data-dir=%{icudatadir} \ --without-corepack \ @@ -878,5 +894,13 @@ end %changelog +* Thu Jan 30 2025 Jan Staněk - 1:22.13.1-1 +- Update to version 22.13.1 + Fixes CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 + Resolves: RHEL-76354 + +* Mon Nov 04 2024 Jan Staněk - 1:22.11.0-1 +- Update to version 22.11.0 + * Thu Aug 15 2024 Filip Janus - 22.4.1-4 - Initial import of nodeJS 22