From 37b1fde4ecf5f7c97852c2f05e830c9e374c9282 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 31 Mar 2026 11:52:42 +0000
Subject: [PATCH] import CS nodejs-24.13.0-1.module_el9_6+1312+8f77b0ff

---
 .gitignore                              |  2 +-
 .nodejs.metadata                        |  2 +-
 SOURCES/0001-fips-disable-options.patch | 84 +++++++++++++++++++++++++
 SOURCES/test-should-pass.txt            |  5 +-
 SPECS/nodejs.spec                       | 74 +++++++++++++---------
 5 files changed, 134 insertions(+), 33 deletions(-)
 create mode 100644 SOURCES/0001-fips-disable-options.patch

diff --git a/.gitignore b/.gitignore
index 0148a9b..b1f9aa3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
 SOURCES/icu4c-77_1-data-bin-b.zip
 SOURCES/icu4c-77_1-data-bin-l.zip
-SOURCES/node-v24.4.1-stripped.tar.gz
+SOURCES/node-v24.13.0-stripped.tar.gz
 SOURCES/packaging-scripts.tar.gz
diff --git a/.nodejs.metadata b/.nodejs.metadata
index dd1364a..84a926d 100644
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@@ -1,4 +1,4 @@
 c459faa36dedc60af6a0c6d5b9b84b6198389bf0 SOURCES/icu4c-77_1-data-bin-b.zip
 c602459f93a43dfe7440686b46430e93a85dfc06 SOURCES/icu4c-77_1-data-bin-l.zip
-1a7cc2ee75998e4207071e177ed9e870b3c1f2b7 SOURCES/node-v24.4.1-stripped.tar.gz
+94f8cd412f29b9554891a242ee466c2ac5a6a269 SOURCES/node-v24.13.0-stripped.tar.gz
 4dc40674c8b9a94ba977ea7b018f9a92c84b9b53 SOURCES/packaging-scripts.tar.gz
diff --git a/SOURCES/0001-fips-disable-options.patch b/SOURCES/0001-fips-disable-options.patch
new file mode 100644
index 0000000..8492594
--- /dev/null
+++ b/SOURCES/0001-fips-disable-options.patch
@@ -0,0 +1,84 @@
+From 98738d27288bd9ca634e29181ef665e812e7bbd3 Mon Sep 17 00:00:00 2001
+From: Michael Dawson <midawson@redhat.com>
+Date: Fri, 23 Feb 2024 13:43:56 +0100
+Subject: [PATCH] Disable FIPS options
+
+On RHEL, FIPS should be configured only on system level.
+Additionally, the related options may cause segfault when used on RHEL.
+
+This patch causes the option processing to end sooner
+than the problematic code gets executed.
+Additionally, the JS-level options to mess with FIPS settings
+are similarly disabled.
+
+Upstream report: https://github.com/nodejs/node/pull/48950
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
+---
+ lib/crypto.js             | 10 ++++++++++
+ lib/internal/errors.js    |  6 ++++++
+ src/crypto/crypto_util.cc |  2 ++
+ 3 files changed, 18 insertions(+)
+
+diff --git a/lib/crypto.js b/lib/crypto.js
+index 41adecc..b2627ac 100644
+--- a/lib/crypto.js
++++ b/lib/crypto.js
+@@ -36,7 +36,10 @@ const {
+ assertCrypto();
+
+ const {
++  // RHEL specific error
++  ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED,
++
+   ERR_CRYPTO_FIPS_FORCED,
+   ERR_WORKER_UNSUPPORTED_OPERATION,
+ } = require('internal/errors').codes;
+ const constants = internalBinding('constants').crypto;
+@@ -251,6 +254,13 @@ function getFips() {
+ }
+ 
+ function setFips(val) {
++  // in RHEL FIPS enable/disable should only be done at system level
++  if (getFips() != val) {
++    throw new ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED();
++  } else {
++    return;
++  }
++
+   if (getOptionValue('--force-fips')) {
+     if (val) return;
+     throw new ERR_CRYPTO_FIPS_FORCED();
+diff --git a/lib/internal/errors.js b/lib/internal/errors.js
+index a722360..04d8a53 100644
+--- a/lib/internal/errors.js
++++ b/lib/internal/errors.js
+@@ -1111,6 +1111,12 @@ module.exports = {
+ //
+ // Note: Node.js specific errors must begin with the prefix ERR_
+ 
++// insert RHEL specific erro
++E('ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED',
++  'Cannot set FIPS mode. FIPS should be enabled/disabled at system level. See' +
++  'https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n',
++  Error);
++
+ E('ERR_ACCESS_DENIED',
+   function(msg, permission = '', resource = '') {
+     this.permission = permission;
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 5734d8f..ef9d1b1 100644
+--- a/src/crypto/crypto_util.cc
++++ b/src/crypto/crypto_util.cc
+@@ -86,6 +86,8 @@ bool ProcessFipsOptions() {
+   /* Override FIPS settings in configuration file, if needed. */
+   if (per_process::cli_options->enable_fips_crypto ||
+       per_process::cli_options->force_fips_crypto) {
++      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
++      return false;
+ #if OPENSSL_VERSION_MAJOR >= 3
+     if (!ncrypto::testFipsEnabled()) return false;
+     return ncrypto::setFipsEnabled(true, nullptr);
+-- 
+2.43.2
+
+
diff --git a/SOURCES/test-should-pass.txt b/SOURCES/test-should-pass.txt
index 16f646f..f103ef2 100644
--- a/SOURCES/test-should-pass.txt
+++ b/SOURCES/test-should-pass.txt
@@ -1190,7 +1190,10 @@ parallel/test-http-max-header-size-per-stream.js
 parallel/test-repl-domain.js
 parallel/test-promise-swallowed-event.js
 parallel/test-sqlite-named-parameters.js
-parallel/test-tls-session-cache.js
+# Disabled on 26-11-2025
+# Test fails as openssl client refuses self-signed certificate
+# This has been tested on all supported RHEL versions (RHEL-8.10,RHEL-9.7/8,RHEL-10)
+#parallel/test-tls-session-cache.js
 parallel/test-dgram-send-callback-multi-buffer-empty-address.js
 parallel/test-worker-cleanexit-with-js.js
 parallel/test-stream2-basic.js
diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec
index ae9925c..8458677 100644
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@@ -2,7 +2,7 @@
 ## (rpmautospec version 0.6.5)
 ## RPMAUTOSPEC: autorelease, autochangelog
 %define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
-    release_number = 6;
+    release_number = 1;
     base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
     print(release_number + base_release_number - 1);
 }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
@@ -13,50 +13,50 @@
 %{load:%{_sourcedir}/nodejs.srpm.macros}
 
 # === Versions of any software shipped in the main nodejs tarball
-%nodejs_define_version node 1:24.4.1-%{autorelease} -p
+%nodejs_define_version node 1:24.13.0-%{autorelease} -p
 
 # The following ones are generated via script;
 # expect anything between the markers to be overwritten on any update.
 
 # BEGIN automatic-version-macros  # DO NOT REMOVE THIS LINE!
-# Version from node-v24.4.1/src/node_version.h
+# Version from node-v24.13.0/src/node_version.h
 %global node_soversion 137
 
-# Version from node-v24.4.1/deps/ada/ada.h
-%nodejs_define_version ada 3.2.4
-# Version from node-v24.4.1/deps/brotli/c/common/version.h
+# Version from node-v24.13.0/deps/ada/ada.h
+%nodejs_define_version ada 3.3.0
+# Version from node-v24.13.0/deps/brotli/c/common/version.h
 %nodejs_define_version brotli 1.1.0
-# Version from node-v24.4.1/deps/cares/include/ares_version.h
-%nodejs_define_version c_ares 1.34.5
-# Version from node-v24.4.1/deps/histogram/include/hdr/hdr_histogram_version.h
-%nodejs_define_version histogram 0.11.8
-# Version from node-v24.4.1/tools/icu/current_ver.dep
+# Version from node-v24.13.0/deps/cares/include/ares_version.h
+%nodejs_define_version c_ares 1.34.6
+# Version from node-v24.13.0/deps/histogram/include/hdr/hdr_histogram_version.h
+%nodejs_define_version histogram 0.11.9
+# Version from node-v24.13.0/tools/icu/current_ver.dep
 %nodejs_define_version icu 77.1 -p
-# Version from node-v24.4.1/deps/uv/include/uv/version.h
+# Version from node-v24.13.0/deps/uv/include/uv/version.h
 %nodejs_define_version libuv 1.51.0
-# Version from node-v24.4.1/deps/llhttp/include/llhttp.h
+# Version from node-v24.13.0/deps/llhttp/include/llhttp.h
 %nodejs_define_version llhttp 9.3.0
-# Version from node-v24.4.1/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-%nodejs_define_version nghttp2 1.66.0
-# Version from node-v24.4.1/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
+# Version from node-v24.13.0/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
+%nodejs_define_version nghttp2 1.67.1
+# Version from node-v24.13.0/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
 %nodejs_define_version nghttp3 1.6.0
-# Version from node-v24.4.1/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
+# Version from node-v24.13.0/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
 %nodejs_define_version ngtcp2 1.11.0
-# Version from node-v24.4.1/deps/cjs-module-lexer/src/package.json
+# Version from node-v24.13.0/deps/cjs-module-lexer/src/package.json
 %nodejs_define_version nodejs-cjs-module-lexer 2.1.0
-# Version from node-v24.4.1/lib/punycode.js
+# Version from node-v24.13.0/lib/punycode.js
 %nodejs_define_version nodejs-punycode 2.1.0
-# Version from node-v24.4.1/deps/undici/src/package.json
-%nodejs_define_version nodejs-undici 7.11.0
-# Version from node-v24.4.1/deps/npm/package.json
-%nodejs_define_version npm 1:11.4.2
-# Version from node-v24.4.1/deps/sqlite/sqlite3.h
-%nodejs_define_version sqlite 3.50.2
-# Version from node-v24.4.1/deps/uvwasi/include/uvwasi.h
-%nodejs_define_version uvwasi 0.0.21
-# Version from node-v24.4.1/deps/v8/include/v8-version.h
-%nodejs_define_version v8 3:13.6.233.10 -p
-# Version from node-v24.4.1/deps/zlib/zlib.h
+# Version from node-v24.13.0/deps/undici/src/package.json
+%nodejs_define_version nodejs-undici 7.18.2
+# Version from node-v24.13.0/deps/npm/package.json
+%nodejs_define_version npm 1:11.6.2
+# Version from node-v24.13.0/deps/sqlite/sqlite3.h
+%nodejs_define_version sqlite 3.50.4
+# Version from node-v24.13.0/deps/uvwasi/include/uvwasi.h
+%nodejs_define_version uvwasi 0.0.23
+# Version from node-v24.13.0/deps/v8/include/v8-version.h
+%nodejs_define_version v8 3:13.6.233.17 -p
+# Version from node-v24.13.0/deps/zlib/zlib.h
 %nodejs_define_version zlib 1.3.1
 # END automatic-version-macros  # DO NOT REMOVE THIS LINE!
 
@@ -163,6 +163,7 @@ Source101:      nodejs.srpm.macros
 %patchlist
 0001-Remove-unused-OpenSSL-config.patch
 0005-v8-highway-Fix-for-GCC-15-compiler-error-on-PPC8-PPC.patch
+0001-fips-disable-options.patch
 
 %description
 Node.js is a platform built on Chrome's JavaScript runtime
@@ -536,6 +537,19 @@ bash '%{SOURCE10}' "${RPM_BUILD_ROOT}%{_bindir}/node" test/ '%{SOURCE11}'
 
 %changelog
 ## START: Generated by rpmautospec
+* Tue Jan 13 2026 tjuhasz <tjuhasz@redhat.com> - 1:24.13.0-1
+- Update to version 24.13.0
+
+* Wed Nov 26 2025 tjuhasz <tjuhasz@redhat.com> - 1:24.11.1-2
+- Disable test-tls-session-cache.js as its not currently compatiable with
+  RHEL environment
+
+* Wed Nov 12 2025 tjuhasz <tjuhasz@redhat.com> - 1:24.11.1-1
+- Update to version 24.11.1
+
+* Mon Oct 06 2025 tjuhasz <tjuhasz@redhat.com> - 1:24.4.1-7
+- Add patch to prevent fips usage segfault
+
 * Thu Aug 21 2025 Jan Staněk <jstanek@redhat.com> - 1:24.4.1-6
 - Rename nodejs-npm back to npm