From 2c0f4d005ef7ed542dc4b35f7d61948daa9c5a02 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 8 Nov 2023 07:32:20 +0000 Subject: [PATCH] import UBI nodejs-20.8.1-1.module+el9.3.0.z+20478+84a9f781 --- .gitignore | 8 +- .nodejs.metadata | 8 +- ...1-Disable-running-gyp-on-shared-deps.patch | 64 +- ...ess-NPM-message-to-run-global-update.patch | 84 --- ...ICU-data-from-with-icu-default-data-.patch | 122 ---- ...8n-prototype-pollution-vulnerability.patch | 13 - SOURCES/nodejs-fips-disable-options.patch | 20 + SOURCES/nodejs-tarball.sh | 24 +- SOURCES/npmrc | 1 + SOURCES/npmrc.builtin.in | 5 + SPECS/nodejs.spec | 633 +++++++++++------- 11 files changed, 501 insertions(+), 481 deletions(-) delete mode 100644 SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch delete mode 100644 SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch delete mode 100644 SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch create mode 100644 SOURCES/nodejs-fips-disable-options.patch create mode 100644 SOURCES/npmrc.builtin.in diff --git a/.gitignore b/.gitignore index eb6e49f..c5ebf5c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ -SOURCES/icu4c-64_2-src.tgz -SOURCES/node-v10.24.0-stripped.tar.gz +SOURCES/cjs-module-lexer-1.2.2.tar.gz +SOURCES/icu4c-73_2-src.tgz +SOURCES/node-v20.8.1-stripped.tar.gz +SOURCES/undici-5.26.3.tar.gz +SOURCES/wasi-sdk-11.0-linux.tar.gz +SOURCES/wasi-sdk-14.0-linux.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index fac6a06..e5ac42a 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,2 +1,6 @@ -3127155ecf2b75ab4835f501b7478e39c07bb852 SOURCES/icu4c-64_2-src.tgz -be0e0b385a852c376f452b3d94727492e05407e4 SOURCES/node-v10.24.0-stripped.tar.gz +b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz +3d94969b097189bf5479c312d9593d2d252f5a73 SOURCES/icu4c-73_2-src.tgz +b3edea244cd33d60c4a632020fc059062c075cb0 SOURCES/node-v20.8.1-stripped.tar.gz +edb9aa7012424bfe24514b5ea5b99ef3733651ab SOURCES/undici-5.26.3.tar.gz +ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz +c29e21be754c26cac4bf99848c5b1f4e8564e248 SOURCES/wasi-sdk-14.0-linux.tar.gz diff --git a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch index 51d360f..87acfb9 100644 --- a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch +++ b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch @@ -1,31 +1,55 @@ -From 2cd4c12776af3da588231d3eb498e6451c30eae5 Mon Sep 17 00:00:00 2001 -From: Zuzana Svetlikova -Date: Thu, 27 Apr 2017 14:25:42 +0200 +From c73e0892eb1d0aa2df805618c019dc5c96b79705 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 30 May 2023 13:12:35 +0200 Subject: [PATCH] Disable running gyp on shared deps Signed-off-by: rpm-build --- - Makefile | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) + Makefile | 2 +- + node.gyp | 17 ----------------- + 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/Makefile b/Makefile -index 73feb4c..45bbceb 100644 +index 0be0659..3c44201 100644 --- a/Makefile +++ b/Makefile -@@ -123,10 +123,9 @@ with-code-cache: - test-code-cache: with-code-cache - $(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache +@@ -169,7 +169,7 @@ with-code-cache test-code-cache: + $(warning '$@' target is a noop) --out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \ -- deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \ -- deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \ -- config.gypi -+out/Makefile: common.gypi deps/http_parser/http_parser.gyp \ -+ deps/v8/gypfiles/toolchain.gypi deps/v8/gypfiles/features.gypi \ -+ deps/v8/gypfiles/v8.gyp node.gyp config.gypi - $(PYTHON) tools/gyp_node.py -f make - - config.gypi: configure configure.py + out/Makefile: config.gypi common.gypi node.gyp \ +- deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \ ++ deps/llhttp/llhttp.gyp \ + deps/simdutf/simdutf.gyp deps/ada/ada.gyp \ + tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \ + tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp +diff --git a/node.gyp b/node.gyp +index cf52281..c33b57b 100644 +--- a/node.gyp ++++ b/node.gyp +@@ -430,23 +430,6 @@ + ], + }, + ], +- }, { +- 'variables': { +- 'opensslconfig_internal': '<(obj_dir)/deps/openssl/openssl.cnf', +- 'opensslconfig': './deps/openssl/nodejs-openssl.cnf', +- }, +- 'actions': [ +- { +- 'action_name': 'reset_openssl_cnf', +- 'inputs': [ '<(opensslconfig)', ], +- 'outputs': [ '<(opensslconfig_internal)', ], +- 'action': [ +- '<(python)', 'tools/copyfile.py', +- '<(opensslconfig)', +- '<(opensslconfig_internal)', +- ], +- }, +- ], + }], + ], + }, # node_core_target_name -- -2.26.2 +2.41.0 diff --git a/SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch b/SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch deleted file mode 100644 index e1b721f..0000000 --- a/SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch +++ /dev/null @@ -1,84 +0,0 @@ -From e7afb2d6e2a6c8f9c9c32e12a10c3c5c4902a251 Mon Sep 17 00:00:00 2001 -From: Stephen Gallagher -Date: Tue, 1 May 2018 08:05:30 -0400 -Subject: [PATCH] Suppress NPM message to run global update - -Signed-off-by: Stephen Gallagher -Signed-off-by: rpm-build ---- - deps/npm/bin/npm-cli.js | 54 ----------------------------------------- - 1 file changed, 54 deletions(-) - -diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js -index c0d9be0..0f0892e 100755 ---- a/deps/npm/bin/npm-cli.js -+++ b/deps/npm/bin/npm-cli.js -@@ -71,65 +71,11 @@ - npm.command = 'help' - } - -- var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm') -- - // now actually fire up npm and run the command. - // this is how to use npm programmatically: - conf._exit = true - npm.load(conf, function (er) { - if (er) return errorHandler(er) -- if ( -- !isGlobalNpmUpdate && -- npm.config.get('update-notifier') && -- !unsupported.checkVersion(process.version).unsupported -- ) { -- const pkg = require('../package.json') -- let notifier = require('update-notifier')({pkg}) -- const isCI = require('ci-info').isCI -- if ( -- notifier.update && -- notifier.update.latest !== pkg.version && -- !isCI -- ) { -- const color = require('ansicolors') -- const useColor = npm.config.get('color') -- const useUnicode = npm.config.get('unicode') -- const old = notifier.update.current -- const latest = notifier.update.latest -- let type = notifier.update.type -- if (useColor) { -- switch (type) { -- case 'major': -- type = color.red(type) -- break -- case 'minor': -- type = color.yellow(type) -- break -- case 'patch': -- type = color.green(type) -- break -- } -- } -- const changelog = `https://github.com/npm/cli/releases/tag/v${latest}` -- notifier.notify({ -- message: `New ${type} version of ${pkg.name} available! ${ -- useColor ? color.red(old) : old -- } ${useUnicode ? '→' : '->'} ${ -- useColor ? color.green(latest) : latest -- }\n` + -- `${ -- useColor ? color.yellow('Changelog:') : 'Changelog:' -- } ${ -- useColor ? color.cyan(changelog) : changelog -- }\n` + -- `Run ${ -- useColor -- ? color.green(`npm install -g ${pkg.name}`) -- : `npm i -g ${pkg.name}` -- } to update!` -- }) -- } -- } - npm.commands[npm.command](npm.argv, function (err) { - // https://genius.com/Lin-manuel-miranda-your-obedient-servant-lyrics - if ( --- -2.26.2 - diff --git a/SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch b/SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch deleted file mode 100644 index 14d39ae..0000000 --- a/SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 0028cc74dac4dd24b8599ade85cb49fdafa9f559 Mon Sep 17 00:00:00 2001 -From: Stephen Gallagher -Date: Fri, 6 Dec 2019 16:40:25 -0500 -Subject: [PATCH] build: auto-load ICU data from --with-icu-default-data-dir - -When compiled with `--with-intl=small` and -`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a -fallback location for the ICU data. - -We will first perform an access check using fopen(PATH, 'r') to -ensure that the file is readable. If it is, we'll set the -icu_data_directory and proceed. There's a slight overhead for the -fopen() check, but it should be barely measurable. - -This will be useful for Linux distribution packagers who want to -be able to ship a minimal node binary in a container image but -also be able to add on the full i18n support where needed. With -this patch, it becomes possible to ship the interpreter as -/usr/bin/node in one package for the distribution and to ship the -data files in another package (without a strict dependency -between the two). This means that users of the distribution will -not need to explicitly direct Node.js to locate the ICU data. It -also means that in environments where full internationalization is -not required, they do not need to carry the extra content (with -the associated storage costs). - -Refs: https://github.com/nodejs/node/issues/3460 - -Signed-off-by: Stephen Gallagher -Signed-off-by: rpm-build ---- - configure.py | 9 +++++++++ - node.gypi | 7 +++++++ - src/node.cc | 20 ++++++++++++++++++++ - 3 files changed, 36 insertions(+) - -diff --git a/configure.py b/configure.py -index 89f7bf5..d611a88 100755 ---- a/configure.py -+++ b/configure.py -@@ -433,6 +433,14 @@ intl_optgroup.add_option('--with-icu-source', - 'the icu4c source archive. ' - 'v%d.x or later recommended.' % icu_versions['minimum_icu']) - -+intl_optgroup.add_option('--with-icu-default-data-dir', -+ action='store', -+ dest='with_icu_default_data_dir', -+ help='Path to the icuXXdt{lb}.dat file. If unspecified, ICU data will ' -+ 'only be read if the NODE_ICU_DATA environment variable or the ' -+ '--icu-data-dir runtime argument is used. This option has effect ' -+ 'only when Node.js is built with --with-intl=small-icu.') -+ - parser.add_option('--with-ltcg', - action='store_true', - dest='with_ltcg', -@@ -1359,6 +1367,7 @@ def configure_intl(o): - locs.add('root') # must have root - o['variables']['icu_locales'] = string.join(locs,',') - # We will check a bit later if we can use the canned deps/icu-small -+ o['variables']['icu_default_data'] = options.with_icu_default_data_dir or '' - elif with_intl == 'full-icu': - # full ICU - o['variables']['v8_enable_i18n_support'] = 1 -diff --git a/node.gypi b/node.gypi -index 466a174..65b97d6 100644 ---- a/node.gypi -+++ b/node.gypi -@@ -113,6 +113,13 @@ - 'conditions': [ - [ 'icu_small=="true"', { - 'defines': [ 'NODE_HAVE_SMALL_ICU=1' ], -+ 'conditions': [ -+ [ 'icu_default_data!=""', { -+ 'defines': [ -+ 'NODE_ICU_DEFAULT_DATA_DIR="<(icu_default_data)"', -+ ], -+ }], -+ ], - }]], - }], - [ 'node_use_bundled_v8=="true" and \ -diff --git a/src/node.cc b/src/node.cc -index 7c01187..c9840e3 100644 ---- a/src/node.cc -+++ b/src/node.cc -@@ -92,6 +92,7 @@ - - #if defined(NODE_HAVE_I18N_SUPPORT) - #include -+#include - #endif - - #if defined(LEAK_SANITIZER) -@@ -2643,6 +2644,25 @@ void Init(std::vector* argv, - // If the parameter isn't given, use the env variable. - if (per_process_opts->icu_data_dir.empty()) - SafeGetenv("NODE_ICU_DATA", &per_process_opts->icu_data_dir); -+ -+#ifdef NODE_ICU_DEFAULT_DATA_DIR -+ // If neither the CLI option nor the environment variable was specified, -+ // fall back to the configured default -+ if (per_process_opts->icu_data_dir.empty()) { -+ // Check whether the NODE_ICU_DEFAULT_DATA_DIR contains the right data -+ // file and can be read. -+ static const char full_path[] = -+ NODE_ICU_DEFAULT_DATA_DIR "/" U_ICUDATA_NAME ".dat"; -+ -+ FILE* f = fopen(full_path, "rb"); -+ -+ if (f != nullptr) { -+ fclose(f); -+ per_process_opts->icu_data_dir = NODE_ICU_DEFAULT_DATA_DIR; -+ } -+ } -+#endif // NODE_ICU_DEFAULT_DATA_DIR -+ - // Initialize ICU. - // If icu_data_dir is empty here, it will load the 'minimal' data. - if (!i18n::InitializeICUDirectory(per_process_opts->icu_data_dir)) { --- -2.26.2 - diff --git a/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch b/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch deleted file mode 100644 index 88a9d75..0000000 --- a/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js -index d720681628..727362aac0 100644 ---- a/deps/npm/node_modules/y18n/index.js -+++ b/deps/npm/node_modules/y18n/index.js -@@ -11,7 +11,7 @@ function Y18N (opts) { - this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true - - // internal stuff. -- this.cache = {} -+ this.cache = Object.create(null) - this.writeQueue = [] - } - diff --git a/SOURCES/nodejs-fips-disable-options.patch b/SOURCES/nodejs-fips-disable-options.patch new file mode 100644 index 0000000..998fb91 --- /dev/null +++ b/SOURCES/nodejs-fips-disable-options.patch @@ -0,0 +1,20 @@ +FIPS related options cause a segfault, let's end sooner + +Upstream report: https://github.com/nodejs/node/pull/48950 +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726 + +This patch makes the part of the code that processes cmd-line options for +FIPS to end sooner before the code gets to the problematic part of the code. + +diff -up node-v18.16.1/src/crypto/crypto_util.cc.origfips node-v18.16.1/src/crypto/crypto_util.cc +--- node-v18.16.1/src/crypto/crypto_util.cc.origfips 2023-07-31 12:09:46.603683081 +0200 ++++ node-v18.16.1/src/crypto/crypto_util.cc 2023-07-31 12:16:16.906617914 +0200 +@@ -111,6 +111,8 @@ bool ProcessFipsOptions() { + /* Override FIPS settings in configuration file, if needed. */ + if (per_process::cli_options->enable_fips_crypto || + per_process::cli_options->force_fips_crypto) { ++ fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n"); ++ return false; + #if OPENSSL_VERSION_MAJOR >= 3 + OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips"); + if (fips_provider == nullptr) diff --git a/SOURCES/nodejs-tarball.sh b/SOURCES/nodejs-tarball.sh index d333607..f59d5c2 100755 --- a/SOURCES/nodejs-tarball.sh +++ b/SOURCES/nodejs-tarball.sh @@ -128,7 +128,7 @@ echo "$ICUMD5 $ICUTARBALL" > icu.md5 md5sum -c icu.md5 rm -f icu.md5 SHASUMS256.txt -rhpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz +#fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz rm -f node-v${version}.tar.gz @@ -155,11 +155,11 @@ grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_versio grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h echo -echo "http-parser" +echo "llhttp" echo "=========================" -grep "define HTTP_PARSER_VERSION_MAJOR" node-v${version}/deps/http_parser/http_parser.h -grep "define HTTP_PARSER_VERSION_MINOR" node-v${version}/deps/http_parser/http_parser.h -grep "define HTTP_PARSER_VERSION_PATCH" node-v${version}/deps/http_parser/http_parser.h +grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h +grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h +grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h echo echo "libuv" echo "=========================" @@ -171,6 +171,14 @@ echo "nghttp2" echo "=========================" grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h echo +echo "nghttp3" +echo "=========================" +grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h +echo +echo "ngtcp2" +echo "=========================" +grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h +echo echo "ICU" echo "=========================" grep "url" node-v${version}/tools/icu/current_ver.dep @@ -179,6 +187,12 @@ echo "punycode" echo "=========================" grep "'version'" node-v${version}/lib/punycode.js echo +echo "uvwasi" +echo "=========================" +grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h +grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h +grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h +echo echo "npm" echo "=========================" grep "\"version\":" node-v${version}/deps/npm/package.json diff --git a/SOURCES/npmrc b/SOURCES/npmrc index 10437ca..50be1d1 100644 --- a/SOURCES/npmrc +++ b/SOURCES/npmrc @@ -1 +1,2 @@ prefix=/usr/local +python=/usr/bin/python3 diff --git a/SOURCES/npmrc.builtin.in b/SOURCES/npmrc.builtin.in new file mode 100644 index 0000000..739a57d --- /dev/null +++ b/SOURCES/npmrc.builtin.in @@ -0,0 +1,5 @@ +# This is the distibution-level configuration file for npm. +# To configure NPM on a system level, use the globalconfig below (defaults to @SYSCONFDIR@/npmrc). +# vim:set filetype=dosini: + +globalconfig=@SYSCONFDIR@/npmrc diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 7021757..51b01e9 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -1,13 +1,32 @@ -%global with_debug 0 - -# PowerPC, s390x and aarch64 segfault during Debug builds -# https://github.com/nodejs/node/issues/20642 -%ifarch %{power64} s390x aarch64 -%global with_debug 0 +# The following macros control the usage of dependencies bundled from upstream. +# +# When to use what: +# - Regular (presumably non-modular) build: use neither (the default in Fedora) +# - Early bootstrapping build that is not intended to be shipped: +# use --with=bootstrap; this will bundle deps and add `~bootstrap` release suffix +# - Build with some dependencies not avalaible in necessary versions (i.e. module build): +# use --with=bundled; will bundle deps, but do not add the suffix +# +# create bootstrapping build with bundled deps and extra release suffix +%bcond_with bootstrap +# bundle dependencies that are not available in CentOS +%if %{with bootstrap} +%bcond_without bundled +%else +%bcond_with bundled %endif -# bundle dependencies that are not available as Fedora modules -%bcond_with bootstrap +%bcond_with python3_fixup + +# LTO is currently broken on Node.js builds +%define _lto_cflags %{nil} + +# Heavy-handed approach to avoiding issues with python +# bytecompiling files in the node_modules/ directory +%global __python %{__python3} + +# This macro serves to provide corepack, which is not provided for now, but might be in the future +%bcond_with corepack # == Master Relase == # This is used by both the nodejs package and the npm subpackage that @@ -23,12 +42,12 @@ # feature releases that are only supported for nine months, which is shorter # than a Fedora release lifecycle. %global nodejs_epoch 1 -%global nodejs_major 10 -%global nodejs_minor 24 -%global nodejs_patch 0 +%global nodejs_major 20 +%global nodejs_minor 8 +%global nodejs_patch 1 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h -%global nodejs_soversion 64 +%global nodejs_soversion 115 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch} %global nodejs_release %{baserelease} @@ -37,11 +56,11 @@ # == Bundled Dependency Versions == # v8 - from deps/v8/include/v8-version.h # Epoch is set to ensure clean upgrades from the old v8 package -%global v8_epoch 1 -%global v8_major 6 -%global v8_minor 8 -%global v8_build 275 -%global v8_patch 32 +%global v8_epoch 2 +%global v8_major 11 +%global v8_minor 3 +%global v8_build 244 +%global v8_patch 8 # V8 presently breaks ABI at least every x.y release while never bumping SONAME %global v8_abi %{v8_major}.%{v8_minor} %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} @@ -49,31 +68,25 @@ # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_major 1 -%global c_ares_minor 15 -%global c_ares_patch 0 -%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch} +%global c_ares_version 1.19.1 -# http-parser - from deps/http_parser/http_parser.h -%global http_parser_major 2 -%global http_parser_minor 9 -%global http_parser_patch 4 -%global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch} +# llhttp - from deps/llhttp/include/llhttp.h +%global llhttp_version 8.1.1 # libuv - from deps/uv/include/uv/version.h -%global libuv_major 1 -%global libuv_minor 34 -%global libuv_patch 2 -%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch} +%global libuv_version 1.46.0 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -%global nghttp2_major 1 -%global nghttp2_minor 41 -%global nghttp2_patch 0 -%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch} +%global nghttp2_version 1.57.0 + +# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h +%global nghttp3_version 0.7.0 + +# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h +%global ngtcp2_version 0.8.1 # ICU - from tools/icu/current_ver.dep -%global icu_major 64 +%global icu_major 73 %global icu_minor 2 %global icu_version %{icu_major}.%{icu_minor} @@ -81,21 +94,34 @@ %{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")} # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal +%global sys_icu_version %(/usr/bin/icu-config --version) + +%if "%{sys_icu_version}" >= "%{icu_version}" +%global bundled_icu 0 +%global icu_flag system-icu +%else +%global bundled_icu 1 +%global icu_flag full-icu +%endif + +# simduft from deps/simdutf/simdutf.h +%global simduft_version 3.2.17 + +# ada from deps/ada/ada.h +%global ada_version 2.6.0 + +# OpenSSL minimum version +%global openssl_minimum 1:1.1.1 # punycode - from lib/punycode.js # Note: this was merged into the mainline since 0.6.x # Note: this will be unmerged in an upcoming major release -%global punycode_major 2 -%global punycode_minor 1 -%global punycode_patch 0 -%global punycode_version %{punycode_major}.%{punycode_minor}.%{punycode_patch} +# Note: Marked as pending deprecation since 18.16.0 +%global punycode_version 2.1.0 # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_major 6 -%global npm_minor 14 -%global npm_patch 11 -%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} +%global npm_version 10.1.0 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -103,12 +129,15 @@ # base npm version number is increasing. %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} -# brotli - from deps/brotli/c/common/version.h -# v10.x doesn't have --shared-brotli configure option, so we have to bundle it -%global brotli_major 1 -%global brotli_minor 0 -%global brotli_patch 7 -%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch} +# Node.js 16.9.1 and later comes with an experimental package management tool +# corepack - from deps/corepack/package.json +%global corepack_version 0.20.0 + +# uvwasi - from deps/uvwasi/include/uvwasi.h +%global uvwasi_version 0.0.18 + +# histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h +%global histogram_version 0.11.8 Name: nodejs Epoch: %{nodejs_epoch} @@ -135,26 +164,45 @@ Source100: %{name}-tarball.sh # nodejs-packaging SRPM. Source7: nodejs_native.attr +# Configure npm to look into /etc for configuration +Source8: npmrc.builtin.in + +# These are full sources for dependencies included as WASM blobs in the source of Node itself. +# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to. +# Recipes for creating these blobs are included in the sources. + +# Version: jq '.version' deps/cjs-module-lexer/package.json +# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz +# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm +# wasi-sdk version can be found in Makefile +# https://github.com/nodejs/cjs-module-lexer/blob/1.2.2/Makefile +Source101: cjs-module-lexer-1.2.2.tar.gz +Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz + +# Version: jq '.version' deps/undici/src/package.json +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.26.3.tar.gz +# Adjustments: rm -f undici-5.26.3/lib/llhttp/llhttp*.wasm +# wasi-sdk version can be found in Dockerfile +# https://github.com/nodejs/undici/blob/v5.26.3/build/Dockerfile +Source102: undici-5.26.3.tar.gz +Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-14.0-linux.tar.gz + # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch - -# Suppress the message from npm to run `npm -g update npm` -# This does bad things on an RPM-managed npm. -Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch - -# Upstream patch to enable auto-detection of full ICU data -# https://github.com/nodejs/node/pull/30825 -Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch - -# CVE-2020-7774 -Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch +Patch3: nodejs-fips-disable-options.patch BuildRequires: make -BuildRequires: python2-devel BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-jinja2 +%if !%{with python3_fixup} +BuildRequires: python-unversioned-command +%endif BuildRequires: zlib-devel -BuildRequires: gcc >= 6.3.0 -BuildRequires: gcc-c++ >= 6.3.0 +BuildRequires: brotli-devel +BuildRequires: gcc >= 8.3.0 +BuildRequires: gcc-c++ >= 8.3.0 +BuildRequires: jq # needed to generate bundled provides for npm dependencies # https://src.fedoraproject.org/rpms/nodejs/pull-request/2 # https://pagure.io/nodejs-packaging/pull-request/10 @@ -162,22 +210,28 @@ BuildRequires: nodejs-packaging BuildRequires: chrpath BuildRequires: libatomic -%if %{with bootstrap} -Provides: bundled(http-parser) = %{http_parser_version} -Provides: bundled(libuv) = %{libuv_version} -Provides: bundled(nghttp2) = %{nghttp2_version} +%if %{with bundled} +Provides: bundled(libuv) = %{libuv_version} %else -BuildRequires: systemtap-sdt-devel BuildRequires: libuv-devel >= 1:%{libuv_version} -Requires: libuv >= 1:%{libuv_version} -BuildRequires: libnghttp2-devel >= %{nghttp2_version} -Requires: libnghttp2 >= %{nghttp2_version} -BuildRequires: http-parser-devel >= %{http_parser_version} -Requires: http-parser >= %{http_parser_version} - +Requires: libuv >= 1:%{libuv_version} %endif -BuildRequires: openssl-devel +%if %{with bundled} +Provides: bundled(nghttp2) = %{nghttp2_version} +%else +BuildRequires: libnghttp2-devel >= %{nghttp2_version} +Requires: libnghttp2 >= %{nghttp2_version} +%endif + +# Temporarily bundle llhttp because the upstream doesn't +# provide releases for it. +Provides: bundled(llhttp) = %{llhttp_version} +Provides: bundled(nghttp3) = %{nghttp3_version} +Provides: bundled(ngtcp2) = %{ngtcp2_version} + +BuildRequires: openssl-devel >= %{openssl_minimum} +Requires: openssl >= %{openssl_minimum} # we need the system certificate store Requires: ca-certificates @@ -229,16 +283,18 @@ Provides: bundled(v8) = %{v8_version} # an ABI-break, so we'll use the bundled copy. Provides: bundled(icu) = %{icu_version} -# Make sure we keep NPM up to date when we update Node.js -%if 0%{?rhel} -# EPEL doesn't support Recommends, so make it strict -Requires: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} -%else -Recommends: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} +# Upstream added new dependencies, but so far they are not available in Fedora +# or there's no option to built it as a shared dependency, so we bundle them +Provides: bundled(uvwasi) = %{uvwasi_version} +Provides: bundled(histogram) = %{histogram_version} +%if %{with corepack} +Provides: bundled(corepack) = %{corepack_version} %endif +Provides: bundled(simduft) = %{simduft_version} +Provides: bundled(ada) = %{ada_version} -# Provide bundled brotli until we can build it with system package -Provides: bundled(brotli) = %{brotli_version} +# Make sure we keep NPM up to date when we update Node.js +Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} %description Node.js is a platform built on Chrome's JavaScript runtime @@ -254,12 +310,10 @@ Group: Development/Languages Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} Requires: openssl-devel%{?_isa} Requires: zlib-devel%{?_isa} +Requires: brotli-devel%{?_isa} Requires: nodejs-packaging -%if %{with bootstrap} -# deps are bundled -%else -Requires: http-parser-devel%{?_isa} +%if %{without bundled} Requires: libuv-devel%{?_isa} %endif @@ -288,6 +342,7 @@ Release: %{npm_release}%{?dist} Obsoletes: npm < 0:3.5.4-6 Provides: npm = %{npm_epoch}:%{npm_version} Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} +Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} # Do not add epoch to the virtual NPM provides or it will break # the automatic dependency-generation script. @@ -318,79 +373,74 @@ The API documentation for the Node.js JavaScript runtime. # remove bundled dependencies that we aren't building rm -rf deps/zlib +rm -rf deps/brotli +rm -rf deps/v8/third_party/jinja2 +rm -rf tools/inspector_protocol/jinja2 -# Replace any instances of unversioned python' with python2 -pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js") -find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python2~" {} \; -find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python2~" {} \; -sed -i "s~python~python2~" $(find . -type f | grep "gyp$") +# Replace any instances of unversioned python' with python3 +# check for correct versions of dependencies we are bundling +check_wasm_dep() { + local -r name="$1" source="$2" packagejson="$3" + local -r expected_version="$(jq -r '.version' "${packagejson}")" + + if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then + printf '%s version matches\n' "${name}" >&2 + else + printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2 + return 1 + fi +} + +check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json +check_wasm_dep undici '%{SOURCE102}' deps/undici/src/package.json + +%if %{with python3_fixup} +pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js") +find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \; +find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \; sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py -sed -i "s~usr\/bin\/python.*$~usr\/bin\/python2~" ./deps/v8/tools/mb/mb_unittest.py -find . -type f -exec sed -i "s~python -c~python2 -c~" {} \; -sed -i "s~which('python')~which('python2')~" configure +sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_test.py +find . -type f -exec sed -i "s~python -c~python3 -c~" {} \; +%endif %build - -%ifarch s390 s390x %{arm} %ix86 # Decrease debuginfo verbosity to reduce memory consumption during final # library linking %global optflags %(echo %{optflags} | sed 's/-g /-g1 /') -%endif -export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 export CC='%{__cc}' export CXX='%{__cxx}' +%{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}} # build with debugging symbols and add defines from libuv (#892601) # Node's v8 breaks with GCC 6 because of incorrect usage of methods on # NULL objects. We need to pass -fno-delete-null-pointer-checks -export CFLAGS='%{optflags} \ - -D_LARGEFILE_SOURCE \ - -D_FILE_OFFSET_BITS=64 \ - -DZLIB_CONST \ - -fno-delete-null-pointer-checks' -export CXXFLAGS='%{optflags} \ - -D_LARGEFILE_SOURCE \ - -D_FILE_OFFSET_BITS=64 \ - -DZLIB_CONST \ - -fno-delete-null-pointer-checks' - -# Explicit new lines in C(XX)FLAGS can break naive build scripts -export CFLAGS="$(echo ${CFLAGS} | tr '\n\\' ' ')" -export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' ' ')" - +extra_cflags=( + -D_LARGEFILE_SOURCE + -D_FILE_OFFSET_BITS=64 + -DZLIB_CONST + -fno-delete-null-pointer-checks +) +export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cflags[*]}" export LDFLAGS="%{build_ldflags}" -%if %{with bootstrap} -./configure --prefix=%{_prefix} \ +%{__python3} configure.py --prefix=%{_prefix} --verbose \ --shared-openssl \ --shared-zlib \ - --without-dtrace \ - --with-intl=small-icu \ - --openssl-use-def-ca-store -%else -./configure --prefix=%{_prefix} \ - --shared-openssl \ - --shared-zlib \ - --shared-libuv \ - --shared-http-parser \ - --shared-nghttp2 \ - --with-dtrace \ + --shared-brotli \ + %{!?with_bundled:--shared-libuv} \ + %{!?with_bundled:--shared-nghttp2} \ --with-intl=small-icu \ --with-icu-default-data-dir=%{icudatadir} \ - --openssl-use-def-ca-store -%endif + %{!?with_corepack:--without-corepack} \ + --openssl-use-def-ca-store \ + --openssl-default-cipher-list=PROFILE=SYSTEM -%if %{?with_debug} == 1 -# Setting BUILDTYPE=Debug builds both release and debug binaries -make BUILDTYPE=Debug %{?_smp_mflags} -%else make BUILDTYPE=Release %{?_smp_mflags} -%endif # Extract the ICU data and convert it to the appropriate endianness pushd deps/ -tar xfz %SOURCE3 +tar xfz %{SOURCE3} pushd icu/source @@ -419,8 +469,6 @@ popd # deps %install -export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 - rm -rf %{buildroot} ./tools/install.py install %{buildroot} %{_prefix} @@ -429,11 +477,6 @@ rm -rf %{buildroot} chmod 0755 %{buildroot}/%{_bindir}/node chrpath --delete %{buildroot}%{_bindir}/node -%if %{?with_debug} == 1 -# Install the debug binary and set its permissions -install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g -%endif - # own the sitelib directory mkdir -p %{buildroot}%{_prefix}/lib/node_modules @@ -467,9 +510,10 @@ cp -pr deps/npm/man/* %{buildroot}%{_mandir}/ rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man ln -sf %{_mandir} %{buildroot}%{_prefix}/lib/node_modules/npm/man -# Install Gatsby HTML documentation to %{_pkgdocdir} +# Install Gatsby HTML documentation to %%{_pkgdocdir} cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/ rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs + ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs # Node tries to install some python files into a documentation directory @@ -487,18 +531,24 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \ -exec chmod -x {} \; # The above command is a little overzealous. Add a few permissions back. -chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin/node-gyp +chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js +%if %{with corepack} +# Corepack contains a number of executable"shims", including some for Windows +# PowerShell. Drop the executable bit for those so we don't pick up an +# automatic dependency on /usr/bin/pwsh that we cannot satisfy. +chmod -x %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/*.ps1 +%endif + +# Drop the NPM builtin configuration in place +sed -e 's#@SYSCONFDIR@#%{_sysconfdir}#g' \ + %{SOURCE8} > %{buildroot}%{_prefix}/lib/node_modules/npm/npmrc + # Drop the NPM default configuration in place mkdir -p %{buildroot}%{_sysconfdir} cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc -# NPM upstream expects it to be in /usr/etc/npmrc, so we'll put a symlink here -# This is done in the interests of keeping /usr read-only. -mkdir -p %{buildroot}%{_prefix}/etc -ln -s %{_sysconfdir}/npmrc %{buildroot}%{_prefix}/etc/npmrc - # Install the full-icu data files install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/* @@ -513,70 +563,31 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/* %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')" # Ensure we have npm and that the version matches -NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')" +NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')" # Make sure i18n support is working -NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2} - - -%pretrans -n npm -p --- Remove all of the symlinks from the bundled npm node_modules directory --- This scriptlet can be removed in Fedora 31 -base_path = "%{_prefix}/lib/node_modules/npm/node_modules/" -d_st = posix.stat(base_path) -if d_st then - for f in posix.files(base_path) do - path = base_path..f - st = posix.stat(path) - if st and st.type == "link" then - os.remove(path) - end - end -end - --- Replace the npm man directory with a symlink --- Drop this scriptlet when F31 is EOL -path = "%{_prefix}/lib/node_modules/npm/man" -st = posix.stat(path) -if st and st.type == "directory" then - status = os.rename(path, path .. ".rpmmoved") - if not status then - suffix = 0 - while not status do - suffix = suffix + 1 - status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) - end - os.rename(path, path .. ".rpmmoved") - end -end +NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2} %files %{_bindir}/node %dir %{_prefix}/lib/node_modules %dir %{_datadir}/node -%dir %{_datadir}/systemtap -%dir %{_datadir}/systemtap/tapset -%{_datadir}/systemtap/tapset/node.stp -%if %{with bootstrap} -# no dtrace -%else -%dir %{_usr}/lib/dtrace -%{_usr}/lib/dtrace/node.d +%if %{with corepack} +# corepack +%{_bindir}/corepack +%{_prefix}/lib/node_modules/corepack %endif %{_rpmconfigdir}/fileattrs/nodejs_native.attr %{_rpmconfigdir}/nodejs_native.req %license LICENSE -%doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md +%doc CHANGELOG.md onboarding.md GOVERNANCE.md README.md %doc %{_mandir}/man1/node.1* %files devel -%if %{?with_debug} == 1 -%{_bindir}/node_g -%endif %{_includedir}/node %{_datadir}/node/common.gypi %{_pkgdocdir}/gdbinit @@ -592,7 +603,6 @@ end %{_bindir}/npx %{_prefix}/lib/node_modules/npm %config(noreplace) %{_sysconfdir}/npmrc -%{_prefix}/etc/npmrc %ghost %{_sysconfdir}/npmignore %doc %{_mandir}/man1/npm*.1* %doc %{_mandir}/man1/npx.1* @@ -601,73 +611,230 @@ end %doc %{_mandir}/man5/npmrc.5* %doc %{_mandir}/man5/package-json.5* %doc %{_mandir}/man5/package-lock-json.5* -%doc %{_mandir}/man5/package-locks.5* -%doc %{_mandir}/man5/shrinkwrap-json.5* +%doc %{_mandir}/man5/npm-shrinkwrap-json.5* +%doc %{_mandir}/man5/npm-global.5.* +%doc %{_mandir}/man5/npm-json.5.* %doc %{_mandir}/man7/config.7* +%doc %{_mandir}/man7/dependency-selectors.7* %doc %{_mandir}/man7/developers.7* -%doc %{_mandir}/man7/disputes.7* +%doc %{_mandir}/man7/logging.7* %doc %{_mandir}/man7/orgs.7* +%doc %{_mandir}/man7/package-spec.7* %doc %{_mandir}/man7/registry.7* %doc %{_mandir}/man7/removal.7* %doc %{_mandir}/man7/scope.7* %doc %{_mandir}/man7/scripts.7* -%doc %{_mandir}/man7/semver.7* +%doc %{_mandir}/man7/workspaces.7* %files docs +%doc doc %dir %{_pkgdocdir} %{_pkgdocdir}/html %{_pkgdocdir}/npm/docs %changelog -* Wed Feb 24 2021 Zuzana Svetlikova - 1:10.24.0-1 -- Resolves: RHBZ#1932373, RHBZ#1932426 -- Resolves CVE-2021-22883 and CVE-2021-22884 -- remove -debug-nghttp2 flag (1930775) -- remove ini patch merged upstream +* Wed Oct 18 2023 Zuzana Svetlikova - 1:20.8.1-1 +- Update node and nghttp +- Add fips patch +- Fixes CVE-2023-44487 (nghttp) +- Fixes CVE-2023-45143, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333 -* Mon Jan 18 2021 Zuzana Svetlikova - 1:10.23.1-1 -- January Security release +* Thu Aug 10 2023 Zuzana Svetlikova - 1:20.5.1-1 +- Rebase to new security release +- Address CVE-2023-32002, CVE-2023-32004, CVE-2023-32558 (high) +- Address CVE-2023-32006, CVE-2023-32559 (medium) +- Address CVE-2023-32005, CVE-2023-32003 (low) +- Resolves: #2186717 +- Resolves RHELPLAN-155639 + +* Thu Jul 27 2023 Zuzana Svetlikova - 1:20.5.0-1 +- Update to v20.5.0 +- Remove dtrace support +- bcond corepack, so we don't provide it by default +- Decrease debuginfo verbosity for all arches +- Resolves: #2186717 +- Resolves RHELPLAN-155639 + +* Wed Jul 12 2023 Jan Staněk - 1:18.16.1-1 +- Rebase to 18.16.1 + Resolves: rhbz#2188292 rhbz#2187683 + Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 +- Replace /usr/etc/npmrc symlink with builtin configuration + Resolves: rhbz#2222285 + +* Tue May 30 2023 Jan Staněk - 1:18.14.2-3 +- Update bundled c-ares to 1.19.1 + Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 + +* Tue Mar 21 2023 Zuzana Svetlikova - 1:18.14.2-2 +- Provide simduft +- Resolves: #2159389 + +* Mon Mar 20 2023 Zuzana Svetlikova - 1:18.14.2-1 +- Rebase to 18.14.2 +- Resolves: #2159389 +- Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 +- Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 + +* Wed Nov 16 2022 Zuzana Svetlikova - 1:18.12.1-1 +- Rebase + CVEs +- Resolves: #2142809 +- Resolves: #2142830, #2142856 + +* Sun Oct 09 2022 Zuzana Svetlikova - 1:18.10.0-3 +- Resolves: #2111861 +- Add proper sources for undici + +* Fri Oct 07 2022 Zuzana Svetlikova - 1:18.10.0-2 +- Resolves: #2130565 +- Add missing file + +* Thu Oct 06 2022 Zuzana Svetlikova - 1:18.10.0-1 +- Update to latest release +- Resolves: #2130565 +- Resolves #2111009, #2111861, #2132732 + +* Fri Aug 26 2022 Zuzana Svetlikova - 1:18.8.0-1 +- Update to latest release +- Resolves: RHBZ#2111009 +- Provide undici and cjs-module-lexer + wasi-sdk sources +- Resolves: RBHZ#2111861 + +* Mon Aug 08 2022 Zuzana Svetlikova - 1:18.7.0-1 +- Update to latest release +- Resolves CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 +- Resolves CVE-2022-29244 +- Resolves: RHBZ#2111009 + +* Mon Jun 20 2022 Zuzana Svetlikova - 1:18.2.0-2 +- Disable LTO +- Related: #1990096 +- Build without python3 fixup by default + +* Tue May 31 2022 Jan Staněk - 1:18.2.0-1 +- Rebase to version 18.2.0 + +* Mon Apr 25 2022 Jan Staněk - 1:16.14.0-5 +- Unify configure calls into single command +- Refactor bootstrap-related parts +- Decouple dependency bundling from bootstrapping + +* Mon Apr 11 2022 Zuzana Svetlikova - 1:16.14.0-4 +- Apply lock file validation fixes +- Resolves: CVE-2021-43616 +- Resolves: RHBZ#2070013 + +* Mon Dec 06 2021 Zuzana Svetlikova - 1:16.13.1-3 +- Resolves: RHBZ#2026329 +- Add corepack to spec + +* Mon Dec 06 2021 Zuzana Svetlikova - 1:16.13.1-2 +- Resolves: RHBZ#2026329 +- Update npm version test + +* Thu Dec 02 2021 Zuzana Svetlikova - 1:16.13.1-1 +- Resolves: RHBZ#2014132, RHBZ#2014126, RHBZ#2013828, RHBZ#2024920 +- Resolves: RHBZ#2026329 +- Rebase to LTS release and to fix multiple low and medium CVEs + +* Mon Sep 13 2021 Zuzana Svetlikova - 1:16.8.0-1 +- Resolves CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712 +- Resolves: RHBZ#1993948, RHBZ#1993941, RHBZ#2000151, RHBZ#2002176 + +* Mon Aug 30 2021 Zuzana Svetlikova - 1:16.7.0-2 +- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, +- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 +- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810 +- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963 +- fix python3 in gyp + +* Wed Aug 18 2021 Zuzana Svetlikova - 1:16.7.0-1 +- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, +- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 +- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810 +- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963 + +* Fri Jul 09 2021 Zuzana Svetlikova - 1:16.4.2-1 +- Resolves: RHBZ#1979847 +- Resolves CVE-2021-22918(libuv) +- Use system cipher list(1842826, 1952915) + +* Tue May 11 2021 Zuzana Svetlikova - 1:16.1.0-1 +- Resolves: RHBZ#1953991 +- Rebase to v16.x +- Update version of gcc and gcc-c++ needed +- Remove libs conditionals +- Remove unused patches +- Bundle nghttp3 and ngtcp2 + +* Mon Mar 01 2021 Zuzana Svetlikova - 1:14.16.0-2 +- Resolves RHBZ#1930775 +- remove --debug-nghttp2 option + +* Mon Mar 01 2021 Zuzana Svetlikova - 1:14.16.0-1 +- Resolves CVE-2021-22883 CVE-2021-22884 +- Resolves: RHBZ#1934566, RHBZ#1934599 +- Rebase, remove ini patch + +* Tue Jan 26 2021 Zuzana Svetlikova - 1:14.15.4-2 +- Add patch for yarn crash +- Resolves: RHBZ#1915296 + +* Tue Jan 19 2021 Zuzana Svetlikova - 1:14.15.4-1 +- Security rebase to 14.15.4 - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/ -- Rebase to 10.23.1 -- Resolves: RHBZ#1916461, RHBZ#1914789 -- Resolves: RHBZ#1914783, RHBZ#1916462, RHBZ#1916395, RHBZ#1916459 -- Resolves: RHBZ#1916691, RHBZ#1916689, RHBZ#1916388 -- Remove dot-prop patch, as it is fixed by npm rebase +- Resolves: RHBZ#1913001, RHBZ#1912953 +- Resolves: RHBZ#1912636, RHBZ#1898602, RHBZ#1898768, RHBZ#1893987, RHBZ#1893184 -* Tue Sep 22 2020 Jan Staněk - 1:10.22.1-1 -- Security rebase to 10.22.1 +* Thu Oct 29 2020 Zuzana Svetlikova - 1:14.15.0-1 +- Resolves: RHBZ#1858864 +- Update to LTS release -* Wed Jun 17 2020 Zuzana Svetlikova - 1:10.21.0-3 -- Resolves: RHBZ#1845307 -- Remove brotli-devel requires from nodejs-devel +* Mon Sep 21 2020 Jan Staněk - 1:14.11.0-1 +- Security update to 14.11.0 -* Tue Jun 16 2020 Zuzana Svetlikova - 1:10.21.0-2 -- Resolves: RHBZ#1845307 -- Turn off debug builds +* Wed Jun 03 2020 Zuzana Svetlikova - 1:14.4.0-1 +- Security update to 14.4.0 +- Resolves: RHBZ#1815402 -* Mon Jun 15 2020 Zuzana Svetlikova - 1:10.21.0-1 -- Security update to 10.21.0 -- Resolves: RHBZ#1845307 -- Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531 -- Bundle brotli, because --shared-brotli configure option is missing -- Add i18n subpackage +* Thu May 21 2020 Zuzana Svetlikova - 1:14.3.0-1 +- Update to 14.3.0 +- Fix optflags to save memory +- Resolves: RHBZ#1815402 -* Wed Mar 18 2020 Zuzana Svetlikova - 1:10.19.0-2 -- Resolves: RHBZ#1811499 +* Wed May 06 2020 Zuzana Svetlikova - 1:14.2.0-1 +- Update to 14.2.0 +- build with python3 only +- some clean up -* Mon Feb 10 2020 Jan Staněk - 1:10.19.0-1 -- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 +* Tue Mar 17 2020 Zuzana Svetlikova - 1:12.16.1-2 +- Fix CVE-2020-10531 -* Tue Sep 10 2019 Jan Staněk - 1:10.16.3-1 -- Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 +* Thu Feb 20 2020 Zuzana Svetlikova - 1:12.16.1-1 +- Rebase to 12.16.1 + +* Wed Jan 15 2020 Jan Staněk - 1:12.14.1-1 +- Rebase to 12.14.1 + +* Fri Nov 29 2019 Zuzana Svetlikova - 1:12.13.1-1 +- Resolves: RHBZ# 1773503, update to 12.13.1 +- minor clean up and sync with Fedora spec +- turn off debug builds + +* Thu Aug 01 2019 Zuzana Svetlikova - 1:12.4.0-2 +- Add condition to libs + +* Wed Jun 12 2019 Zuzana Svetlikova - 1:12.4.0-1 +- Update to v12.x +- Add v8-devel and libs subpackages from fedora * Thu Mar 14 2019 Zuzana Svetlikova - 1:10.14.1-2 - move nodejs-packaging BR out of conditional * Tue Dec 11 2018 Zuzana Svetlikova - 1:10.14.1-1 -- Resolves: RHBZ#1644207 +- Resolves RHBZ#1644207 - fixes node-gyp permissions - rebase