From 77f080bba357fd613ccd6104c1ee4a738f48ab57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= Date: Tue, 16 Apr 2024 15:37:01 +0200 Subject: [PATCH] Rebase to version 20.12.2 Resolves: RHEL-31265 RHEL-29878 RHEL-26528 RHEL-33014 --- .gitignore | 3 +++ nodejs.spec | 33 +++++++++++++++++++-------------- sources | 8 ++++---- 3 files changed, 26 insertions(+), 18 deletions(-) diff --git a/.gitignore b/.gitignore index 5a48e99..3a93d9d 100644 --- a/.gitignore +++ b/.gitignore @@ -57,3 +57,6 @@ /wasi-sdk-wasi-sdk-16.tar.gz /node-v20.11.1-stripped.tar.gz /undici-5.28.3.tar.gz +/node-v20.12.2-stripped.tar.gz +/icu4c-74_2-src.tgz +/undici-5.28.4.tar.gz diff --git a/nodejs.spec b/nodejs.spec index e17e4de..e3e8d16 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -44,8 +44,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 20 -%global nodejs_minor 11 -%global nodejs_patch 1 +%global nodejs_minor 12 +%global nodejs_patch 2 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 115 @@ -69,16 +69,16 @@ # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_version 1.20.1 +%global c_ares_version 1.27.0 # llhttp - from deps/llhttp/include/llhttp.h -%global llhttp_version 8.1.1 +%global llhttp_version 8.1.2 # libuv - from deps/uv/include/uv/version.h %global libuv_version 1.46.0 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -%global nghttp2_version 1.58.0 +%global nghttp2_version 1.60.0 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h %global nghttp3_version 0.7.0 @@ -87,7 +87,7 @@ %global ngtcp2_version 0.8.1 # ICU - from tools/icu/current_ver.dep -%global icu_major 73 +%global icu_major 74 %global icu_minor 2 %global icu_version %{icu_major}.%{icu_minor} @@ -106,10 +106,10 @@ %endif # simduft from deps/simdutf/simdutf.h -%global simduft_version 4.0.4 +%global simduft_version 4.0.8 # ada from deps/ada/ada.h -%global ada_version 2.7.4 +%global ada_version 2.7.6 # OpenSSL minimum version %global openssl_minimum 1:1.1.1 @@ -122,7 +122,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 10.2.4 +%global npm_version 10.5.0 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -132,10 +132,10 @@ # Node.js 16.9.1 and later comes with an experimental package management tool # corepack - from deps/corepack/package.json -%global corepack_version 0.23.0 +%global corepack_version 0.25.2 # uvwasi - from deps/uvwasi/include/uvwasi.h -%global uvwasi_version 0.0.19 +%global uvwasi_version 0.0.20 # histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h %global histogram_version 0.11.8 @@ -182,8 +182,8 @@ Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk- # Version: jq '.version' deps/undici/src/package.json # Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz -# Adjustments: rm -f undici-5.28.3/lib/llhttp/llhttp*.wasm* -Source111: undici-5.28.3.tar.gz +# Adjustments: rm -f undici-5.28.4/lib/llhttp/llhttp*.wasm* +Source111: undici-5.28.4.tar.gz # The WASM blob was made using wasi-sdk v16; compiler libraries are linked in. # Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt # Also check (undici tarball): lib/llhttp/wasm_build_env.txt @@ -485,7 +485,7 @@ popd # deps %install rm -rf %{buildroot} -./tools/install.py install %{buildroot} %{_prefix} +./tools/install.py install --dest-dir=%{buildroot} --prefix=%{_prefix} # Set the binary permissions properly chmod 0755 %{buildroot}/%{_bindir}/node @@ -722,6 +722,11 @@ end %changelog +* Tue Apr 16 2024 Jan Staněk - 1:20.12.2-1 +- Rebase to version 20.12.0 + Addresses CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) + Addresses CVE-2024-25629 (c-ares) + * Wed Feb 21 2024 Lukas Javorsky - 1:20.11.1-1 - Rebase to version 20.11.1 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high) diff --git a/sources b/sources index 5864adb..224801d 100644 --- a/sources +++ b/sources @@ -1,6 +1,6 @@ -SHA512 (node-v20.11.1-stripped.tar.gz) = 6c1566d894c559043df690cd945518ed62f3d7a075bd5e319e40f5632a3fa1d1ebe55a3c47970678fa0164f9f7a5afa50b47174d6d4b8db59e467b617332f243 -SHA512 (icu4c-73_2-src.tgz) = 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62 -SHA512 (undici-5.28.3.tar.gz) = 1626128b41411447f519a605c3570c875a4c26b493cc3175b04ec54836450d23635813c93758b229f971a4b26096c0d497e13c91da4a40134536fece964ebb0b -SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 96bbd11da026f13cbfdf5e524dd94c16fd2b7ae13790de3eae5cd55e91e08d09cdf38f00797b99ab8e742aeb86418ce42808aba19224bde7875402cf8c14d110 +SHA512 (node-v20.12.2-stripped.tar.gz) = bff24d8b3e6443aaab139cbea51978b2bcaf763aa31b304456f471187d1ef5eced8fe68737ee075ea802f1ff2a5b686d38e42fb5c5824b24b9f472337589e8a5 +SHA512 (icu4c-74_2-src.tgz) = e6c7876c0f3d756f3a6969cad9a8909e535eeaac352f3a721338b9cbd56864bf7414469d29ec843462997815d2ca9d0dab06d38c37cdd4d8feb28ad04d8781b0 +SHA512 (undici-5.28.4.tar.gz) = a0ebe329141f82c6d1073f089b0fef436abbd0cea5323e24e288aabcb165ac98fc21b8da472d8b52f5c38b47451392072c80d1a1dbfa073612842408934cf966 +SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 0437378a087a43044b64e6b2e66426e429d87ed3f24a225d20ddc8fedda25917ba7db04a9d41207c59d20f0e6764837dad09393e5b8f92e361941a60ac5edd80 SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c SHA512 (wasi-sdk-wasi-sdk-16.tar.gz) = 501467cb04ee85ab2ccc3d8ab1beb5dd8957ca71cc51c86fd357991ddccb1a8c2656e24b947ea3a5acfaafd8c762f5ba20458c22b58a5a5c85ef8ecb7a76db65