import CS nodejs-20.11.0-1.module_el9+825+ff71e88c
This commit is contained in:
parent
67ce51be93
commit
415e0f97b9
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,6 +1,6 @@
|
|||||||
SOURCES/cjs-module-lexer-1.2.2.tar.gz
|
SOURCES/cjs-module-lexer-1.2.2.tar.gz
|
||||||
SOURCES/icu4c-73_2-src.tgz
|
SOURCES/icu4c-73_2-src.tgz
|
||||||
SOURCES/node-v20.5.1-stripped.tar.gz
|
SOURCES/node-v20.11.0-stripped.tar.gz
|
||||||
SOURCES/undici-5.22.1.tar.gz
|
SOURCES/undici-5.27.2.tar.gz
|
||||||
SOURCES/wasi-sdk-11.0-linux.tar.gz
|
SOURCES/wasi-sdk-11.0-linux.tar.gz
|
||||||
SOURCES/wasi-sdk-14.0-linux.tar.gz
|
SOURCES/wasi-sdk-16.0-linux.tar.gz
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz
|
b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz
|
||||||
3d94969b097189bf5479c312d9593d2d252f5a73 SOURCES/icu4c-73_2-src.tgz
|
3d94969b097189bf5479c312d9593d2d252f5a73 SOURCES/icu4c-73_2-src.tgz
|
||||||
ff25b892461bb3d6b359dec449e9ef86dd87115c SOURCES/node-v20.5.1-stripped.tar.gz
|
8b62ac9e63c605f9942a0bee294c8a98c1ca63ba SOURCES/node-v20.11.0-stripped.tar.gz
|
||||||
616384b209d651b7cb7b41a8a7752eb2e923806a SOURCES/undici-5.22.1.tar.gz
|
af3eca3508a818ea8e5829b2a4104f5ef7ddd5e2 SOURCES/undici-5.27.2.tar.gz
|
||||||
ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz
|
ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz
|
||||||
c29e21be754c26cac4bf99848c5b1f4e8564e248 SOURCES/wasi-sdk-14.0-linux.tar.gz
|
fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-16.0-linux.tar.gz
|
||||||
|
|||||||
20
SOURCES/nodejs-fips-disable-options.patch
Normal file
20
SOURCES/nodejs-fips-disable-options.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
FIPS related options cause a segfault, let's end sooner
|
||||||
|
|
||||||
|
Upstream report: https://github.com/nodejs/node/pull/48950
|
||||||
|
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
|
||||||
|
|
||||||
|
This patch makes the part of the code that processes cmd-line options for
|
||||||
|
FIPS to end sooner before the code gets to the problematic part of the code.
|
||||||
|
|
||||||
|
diff -up node-v18.16.1/src/crypto/crypto_util.cc.origfips node-v18.16.1/src/crypto/crypto_util.cc
|
||||||
|
--- node-v18.16.1/src/crypto/crypto_util.cc.origfips 2023-07-31 12:09:46.603683081 +0200
|
||||||
|
+++ node-v18.16.1/src/crypto/crypto_util.cc 2023-07-31 12:16:16.906617914 +0200
|
||||||
|
@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
|
||||||
|
/* Override FIPS settings in configuration file, if needed. */
|
||||||
|
if (per_process::cli_options->enable_fips_crypto ||
|
||||||
|
per_process::cli_options->force_fips_crypto) {
|
||||||
|
+ fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
|
||||||
|
+ return false;
|
||||||
|
#if OPENSSL_VERSION_MAJOR >= 3
|
||||||
|
OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
|
||||||
|
if (fips_provider == nullptr)
|
||||||
@ -43,8 +43,8 @@
|
|||||||
# than a Fedora release lifecycle.
|
# than a Fedora release lifecycle.
|
||||||
%global nodejs_epoch 1
|
%global nodejs_epoch 1
|
||||||
%global nodejs_major 20
|
%global nodejs_major 20
|
||||||
%global nodejs_minor 5
|
%global nodejs_minor 11
|
||||||
%global nodejs_patch 1
|
%global nodejs_patch 0
|
||||||
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
|
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
|
||||||
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
|
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
|
||||||
%global nodejs_soversion 115
|
%global nodejs_soversion 115
|
||||||
@ -68,7 +68,7 @@
|
|||||||
|
|
||||||
# c-ares - from deps/cares/include/ares_version.h
|
# c-ares - from deps/cares/include/ares_version.h
|
||||||
# https://github.com/nodejs/node/pull/9332
|
# https://github.com/nodejs/node/pull/9332
|
||||||
%global c_ares_version 1.19.1
|
%global c_ares_version 1.20.1
|
||||||
|
|
||||||
# llhttp - from deps/llhttp/include/llhttp.h
|
# llhttp - from deps/llhttp/include/llhttp.h
|
||||||
%global llhttp_version 8.1.1
|
%global llhttp_version 8.1.1
|
||||||
@ -77,7 +77,7 @@
|
|||||||
%global libuv_version 1.46.0
|
%global libuv_version 1.46.0
|
||||||
|
|
||||||
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
|
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
|
||||||
%global nghttp2_version 1.55.1
|
%global nghttp2_version 1.58.0
|
||||||
|
|
||||||
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
|
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
|
||||||
%global nghttp3_version 0.7.0
|
%global nghttp3_version 0.7.0
|
||||||
@ -105,10 +105,10 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
# simduft from deps/simdutf/simdutf.h
|
# simduft from deps/simdutf/simdutf.h
|
||||||
%global simduft_version 3.2.14
|
%global simduft_version 4.0.4
|
||||||
|
|
||||||
# ada from deps/ada/ada.h
|
# ada from deps/ada/ada.h
|
||||||
%global ada_version 2.5.1
|
%global ada_version 2.7.4
|
||||||
|
|
||||||
# OpenSSL minimum version
|
# OpenSSL minimum version
|
||||||
%global openssl_minimum 1:1.1.1
|
%global openssl_minimum 1:1.1.1
|
||||||
@ -121,7 +121,7 @@
|
|||||||
|
|
||||||
# npm - from deps/npm/package.json
|
# npm - from deps/npm/package.json
|
||||||
%global npm_epoch 1
|
%global npm_epoch 1
|
||||||
%global npm_version 9.8.0
|
%global npm_version 10.2.4
|
||||||
|
|
||||||
# In order to avoid needing to keep incrementing the release version for the
|
# In order to avoid needing to keep incrementing the release version for the
|
||||||
# main package forever, we will just construct one for npm that is guaranteed
|
# main package forever, we will just construct one for npm that is guaranteed
|
||||||
@ -131,10 +131,10 @@
|
|||||||
|
|
||||||
# Node.js 16.9.1 and later comes with an experimental package management tool
|
# Node.js 16.9.1 and later comes with an experimental package management tool
|
||||||
# corepack - from deps/corepack/package.json
|
# corepack - from deps/corepack/package.json
|
||||||
%global corepack_version 0.19.0
|
%global corepack_version 0.23.0
|
||||||
|
|
||||||
# uvwasi - from deps/uvwasi/include/uvwasi.h
|
# uvwasi - from deps/uvwasi/include/uvwasi.h
|
||||||
%global uvwasi_version 0.0.18
|
%global uvwasi_version 0.0.19
|
||||||
|
|
||||||
# histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h
|
# histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h
|
||||||
%global histogram_version 0.11.8
|
%global histogram_version 0.11.8
|
||||||
@ -180,15 +180,15 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
|
|||||||
Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
|
Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
|
||||||
|
|
||||||
# Version: jq '.version' deps/undici/src/package.json
|
# Version: jq '.version' deps/undici/src/package.json
|
||||||
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.22.1.tar.gz
|
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.27.2.tar.gz
|
||||||
# Adjustments: rm -f undici-5.22.1/lib/llhttp/llhttp*.wasm
|
# Adjustments: rm -f undici-5.27.2/lib/llhttp/llhttp*.wasm
|
||||||
# wasi-sdk version can be found in Dockerfile
|
# wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt
|
||||||
# https://github.com/nodejs/undici/blob/v5.22.1/build/Dockerfile
|
Source102: undici-5.27.2.tar.gz
|
||||||
Source102: undici-5.22.1.tar.gz
|
Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk-16.0-linux.tar.gz
|
||||||
Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-14.0-linux.tar.gz
|
|
||||||
|
|
||||||
# Disable running gyp on bundled deps we don't use
|
# Disable running gyp on bundled deps we don't use
|
||||||
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
||||||
|
Patch3: nodejs-fips-disable-options.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
@ -439,7 +439,7 @@ make BUILDTYPE=Release %{?_smp_mflags}
|
|||||||
|
|
||||||
# Extract the ICU data and convert it to the appropriate endianness
|
# Extract the ICU data and convert it to the appropriate endianness
|
||||||
pushd deps/
|
pushd deps/
|
||||||
tar xfz %SOURCE3
|
tar xfz %{SOURCE3}
|
||||||
|
|
||||||
pushd icu/source
|
pushd icu/source
|
||||||
|
|
||||||
@ -634,6 +634,20 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 12 2024 Jan Staněk <jstanek@redhat.com> - 1:20.11.0-1
|
||||||
|
- Rebase to version 20.11.0
|
||||||
|
Resolves: RHEL-21188
|
||||||
|
|
||||||
|
* Thu Nov 09 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:20.9.0-1
|
||||||
|
- Rebase to LTS
|
||||||
|
- Resolves: RHEL-16161
|
||||||
|
|
||||||
|
* Wed Oct 18 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:20.8.1-1
|
||||||
|
- Update node and nghttp
|
||||||
|
- Add fips patch
|
||||||
|
- Fixes CVE-2023-44487 (nghttp)
|
||||||
|
- Fixes CVE-2023-45143, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333
|
||||||
|
|
||||||
* Thu Aug 10 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:20.5.1-1
|
* Thu Aug 10 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:20.5.1-1
|
||||||
- Rebase to new security release
|
- Rebase to new security release
|
||||||
- Address CVE-2023-32002, CVE-2023-32004, CVE-2023-32558 (high)
|
- Address CVE-2023-32002, CVE-2023-32004, CVE-2023-32558 (high)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user