From 5d5a5b9467136f8bab17699b9a35a9e7b31111ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
Date: Wed, 23 Aug 2023 15:30:28 +0200
Subject: [PATCH] Rebase to version 18.17.1

---
 .gitignore        |  5 +++++
 nodejs-tarball.sh |  4 ++--
 nodejs.spec       | 36 ++++++++++++++++++++----------------
 sources           | 11 +++++------
 4 files changed, 32 insertions(+), 24 deletions(-)

diff --git a/.gitignore b/.gitignore
index dba2fa0..1067af3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -43,3 +43,8 @@
 /wasi-sdk-wasi-sdk-14.tar.gz
 /node-v18.16.1-stripped.tar.gz
 /undici-5.21.0.tar.gz
+/node-v18.17.1-stripped.tar.gz
+/icu4c-73_1-src.zip
+/undici-5.22.1.tar.gz
+wasi-sdk-11.0-linux.tar.gz
+wasi-sdk-14.0-linux.tar.gz
diff --git a/nodejs-tarball.sh b/nodejs-tarball.sh
index f59d5c2..6a94b29 100755
--- a/nodejs-tarball.sh
+++ b/nodejs-tarball.sh
@@ -120,10 +120,10 @@ rm -rf node-v${version}/deps/openssl
 tar -zcf node-v${version}-stripped.tar.gz node-v${version}
 
 # Download the matching version of ICU
-rm -f icu4c*-src.tgz icu.md5
+rm -f icu4c*-src.zip icu.md5
 ICUMD5=$(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].md5')
 wget $(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].url')
-ICUTARBALL=$(ls -1 icu4c*-src.tgz)
+ICUTARBALL=$(ls -1 icu4c*-src.zip)
 echo "$ICUMD5  $ICUTARBALL" > icu.md5
 md5sum -c icu.md5
 rm -f icu.md5 SHASUMS256.txt
diff --git a/nodejs.spec b/nodejs.spec
index 51d115c..a6c7564 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -41,7 +41,7 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 18
-%global nodejs_minor 16
+%global nodejs_minor 17
 %global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
@@ -93,7 +93,7 @@
 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
 
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 72
+%global icu_major 73
 %global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 
@@ -114,11 +114,11 @@
 # simduft from deps/simdutf/simdutf.h
 %global simduft_major 3
 %global simduft_minor 2
-%global simduft_patch 2
+%global simduft_patch 12
 %global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch}
 
 # ada from deps/ada/ada.h
-%global ada_version 1.0.4
+%global ada_version 2.5.0
 
 # OpenSSL minimum version
 %global openssl_minimum 1:1.1.1
@@ -133,7 +133,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 9.5.1
+%global npm_version 9.6.7
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -145,7 +145,7 @@
 %global corepack_version 0.10.0
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_version 0.0.15
+%global uvwasi_version 0.0.18
 
 # histogram_c - assumed from timestamps
 %global histogram_version 0.11.2
@@ -167,7 +167,7 @@ ExclusiveArch: %{nodejs_arches}
 Source0: node-v%{nodejs_version}-stripped.tar.gz
 Source1: npmrc
 Source2: btest402.js
-Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz
+Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.zip
 Source100: %{name}-tarball.sh
 
 # The native module Requires generator remains in the nodejs SRPM, so it knows
@@ -188,15 +188,13 @@ Source8: npmrc.builtin.in
 Source101: cjs-module-lexer-1.2.2.tar.gz
 # The WASM blob was made using wasi-sdk v11; compiler libraries are linked in.
 # Version source: Makefile
-Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
+Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
 
 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.21.0.tar.gz
-# Adjustments: rm -f undici-5.21.0/lib/llhttp/llhttp*.wasm*
-Source111: undici-5.21.0.tar.gz
-# The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
-# Version source: build/Dockerfile
-Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.22.1.tar.gz
+# Adjustments: rm -f undici-5.22.1/lib/llhttp/llhttp*.wasm
+# Build uses alpine image, see alpine for sources for wasi-sdk
+Source111: undici-5.22.1.tar.gz
 
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
@@ -444,7 +442,7 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl
 export LDFLAGS="%{build_ldflags}"
 
 %{__python3} configure.py --prefix=%{_prefix} --verbose \
-           --shared-openssl \
+           --shared-openssl --openssl-conf-name=openssl_conf \
            --shared-zlib \
            --shared-brotli \
            %{!?with_bundled:--shared-libuv} \
@@ -464,7 +462,7 @@ make BUILDTYPE=Release %{?_smp_mflags}
 
 # Extract the ICU data and convert it to the appropriate endianness
 pushd deps/
-tar xfz %SOURCE3
+unzip -a %{SOURCE3}
 
 pushd icu/source
 
@@ -734,6 +732,12 @@ end
 
 
 %changelog
+* Wed Aug 23 2023 Jan Staněk <jstanek@redhat.com> - 1:18.17.1-1
+- Rebase to version 18.17.1
+  Resolves: rhbz#2228939
+  Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559
+- Specify proper OpenSSL configuration section build
+
 * Wed Jul 12 2023 Jan Staněk <jstanek@redhat.com> - 1:18.16.1-1
 - Rebase to 18.16.1
   Resolves: rhbz#2188290 rhbz#2166926
diff --git a/sources b/sources
index 379b5d3..e5277c1 100644
--- a/sources
+++ b/sources
@@ -1,6 +1,5 @@
-SHA512 (node-v18.16.1-stripped.tar.gz) = 8548e92504760c8ea3b5d8bf1e745b7577668bd249786247fcbfeafd519c308b7f3974d6692cc98c124482a3e5d6867d4c6e2ad829ada4ec6b7b1b0114194911
-SHA512 (icu4c-72_1-src.tgz) = 848c341b37c0ff077e34a95d92c6200d5aaddd0ee5e06134101a74e04deb08256a5e817c8aefab020986abe810b7827dd7b2169a60dacd250c298870518dcae8
-SHA512 (undici-5.21.0.tar.gz) = 69097b92f7aac8f47207e6e76074b2676ecee8ecbadf8c35e7295cdf550e881e32bce9f0123f612d7a1cb5e7a2c5de798550f5e097ac053e4257e61d025db7d8
-SHA512 (cjs-module-lexer-1.2.2.tar.gz) = e2134c4541efec2f32d5fa5fd5151511a599ecd08e85fbfc8d56cbd0f3b2a404a9b1c072a601e4237e229ed12859abf6f52201ee0f55fcd0e43f49d0017e7cd1
-SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c
-SHA512 (wasi-sdk-wasi-sdk-14.tar.gz) = 4fecb3d9c04b91eb2388a9e51d49fbff6f22b81f9945a07ecdbfe479c96dad1e3b673b8bee24842b0dae5294129a9cb35dcf8e5ecf45437a6d01fb6e0fd13645
+SHA512 (node-v18.17.1-stripped.tar.gz) = cdb879e3a9b5ac7a942092528ef63cddbbbfedde65f0228c8fdd15f5a18c96161db821dc2294447137ec9dd2c91fe5523d385ec35d6f9e7052b86aa92c411f46
+SHA512 (icu4c-73_1-src.zip) = 8f429cf0779742e20236a824d37151d57c94e0c9513a6d78dde30c09d1d45fce689355dfad9bd8429949b86979871efa8dfaefa3f43db46df521658a3b611595
+SHA512 (undici-5.22.1.tar.gz) = 07c9d76390ef5b986b312d313421e27fb0f25f2cea83ba8f1dfa56dd8a6f839b4f34440dc983922a97b1382c2a1aabbe9b1261cd0172d1676d341a0a5dd35f7d
+SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb
+SHA512 (wasi-sdk-11.0-linux.tar.gz) = e3ed4597f7f2290967eef6238e9046f60abbcb8633a4a2a51525d00e7393df8df637a98a5b668217d332dd44fcbf2442ec7efd5e65724e888d90611164451e20