import UBI nodejs-18.20.2-2.module+el9.4.0+21742+692df1ea

This commit is contained in:
eabdullin 2024-05-09 09:27:57 +00:00
parent f5f6ea6550
commit a2d135f341
6 changed files with 262 additions and 58 deletions

6
.gitignore vendored
View File

@ -1,5 +1,5 @@
SOURCES/cjs-module-lexer-1.2.2.tar.gz
SOURCES/icu4c-73_2-src.tgz
SOURCES/node-v18.19.1-stripped.tar.gz
SOURCES/undici-5.28.3.tar.gz
SOURCES/icu4c-74_2-src.tgz
SOURCES/node-v18.20.2-stripped.tar.gz
SOURCES/undici-5.28.4.tar.gz
SOURCES/wasi-sdk-11.0-linux.tar.gz

View File

@ -1,5 +1,5 @@
b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz
3d94969b097189bf5479c312d9593d2d252f5a73 SOURCES/icu4c-73_2-src.tgz
7962d96e7c1517cf7b34395fc582b32b8acebe3a SOURCES/node-v18.19.1-stripped.tar.gz
b598f79f4706fe75c31ff2a214e50acc04c4725a SOURCES/undici-5.28.3.tar.gz
164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz
43a8d688a3a6bc8f0f8c5e699d0ef7a905d24314 SOURCES/icu4c-74_2-src.tgz
09d2d4e4e9984ddb4d89df02465a8fde1917a2a7 SOURCES/node-v18.20.2-stripped.tar.gz
d38d72bec82e3c41a4de73d6ee56d9c9eff5f403 SOURCES/undici-5.28.4.tar.gz
ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz

View File

@ -0,0 +1,157 @@
Backport from upstream commits.
https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0
https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9
diff -ur node-v18.19.1_orig/deps/nghttp2/lib/includes/nghttp2/nghttp2.h node-v18.19.1/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
--- node-v18.19.1_orig/deps/nghttp2/lib/includes/nghttp2/nghttp2.h 2024-04-15 14:38:00.000000000 +0200
+++ node-v18.19.1/deps/nghttp2/lib/includes/nghttp2/nghttp2.h 2024-04-15 14:43:36.000000000 +0200
@@ -440,7 +440,12 @@
* exhaustion on server side to send these frames forever and does
* not read network.
*/
- NGHTTP2_ERR_FLOODED = -904
+ NGHTTP2_ERR_FLOODED = -904,
+ /**
+ * When a local endpoint receives too many CONTINUATION frames
+ * following a HEADER frame.
+ */
+ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
} nghttp2_error;
/**
@@ -2775,6 +2780,17 @@
/**
* @function
+ *
+ * This function sets the maximum number of CONTINUATION frames
+ * following an incoming HEADER frame. If more than those frames are
+ * received, the remote endpoint is considered to be misbehaving and
+ * session will be closed. The default value is 8.
+ */
+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
+ size_t val);
+
+/**
+ * @function
*
* Initializes |*session_ptr| for client use. The all members of
* |callbacks| are copied to |*session_ptr|. Therefore |*session_ptr|
Only in node-v18.19.1/deps/nghttp2/lib/includes/nghttp2: nghttp2.h.orig
diff -ur node-v18.19.1_orig/deps/nghttp2/lib/nghttp2_helper.c node-v18.19.1/deps/nghttp2/lib/nghttp2_helper.c
--- node-v18.19.1_orig/deps/nghttp2/lib/nghttp2_helper.c 2024-04-15 14:38:00.000000000 +0200
+++ node-v18.19.1/deps/nghttp2/lib/nghttp2_helper.c 2024-04-15 14:41:10.000000000 +0200
@@ -336,6 +336,8 @@
"closed";
case NGHTTP2_ERR_TOO_MANY_SETTINGS:
return "SETTINGS frame contained more than the maximum allowed entries";
+ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
+ return "Too many CONTINUATION frames following a HEADER frame";
default:
return "Unknown error code";
}
diff -ur node-v18.19.1_orig/deps/nghttp2/lib/nghttp2_option.c node-v18.19.1/deps/nghttp2/lib/nghttp2_option.c
--- node-v18.19.1_orig/deps/nghttp2/lib/nghttp2_option.c 2024-04-15 14:38:00.000000000 +0200
+++ node-v18.19.1/deps/nghttp2/lib/nghttp2_option.c 2024-04-15 14:43:36.000000000 +0200
@@ -150,3 +150,8 @@
option->stream_reset_burst = burst;
option->stream_reset_rate = rate;
}
+
+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
+ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
+ option->max_continuations = val;
+}
diff -ur node-v18.19.1_orig/deps/nghttp2/lib/nghttp2_option.h node-v18.19.1/deps/nghttp2/lib/nghttp2_option.h
--- node-v18.19.1_orig/deps/nghttp2/lib/nghttp2_option.h 2024-04-15 14:38:00.000000000 +0200
+++ node-v18.19.1/deps/nghttp2/lib/nghttp2_option.h 2024-04-15 14:43:36.000000000 +0200
@@ -71,6 +71,7 @@
NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
+ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
} nghttp2_option_flag;
/**
@@ -99,6 +100,10 @@
*/
size_t max_settings;
/**
+ * NGHTTP2_OPT_MAX_CONTINUATIONS
+ */
+ size_t max_continuations;
+ /**
* Bitwise OR of nghttp2_option_flag to determine that which fields
* are specified.
*/
diff -ur node-v18.19.1_orig/deps/nghttp2/lib/nghttp2_session.c node-v18.19.1/deps/nghttp2/lib/nghttp2_session.c
--- node-v18.19.1_orig/deps/nghttp2/lib/nghttp2_session.c 2024-04-15 14:38:00.000000000 +0200
+++ node-v18.19.1/deps/nghttp2/lib/nghttp2_session.c 2024-04-15 14:43:36.000000000 +0200
@@ -496,6 +496,7 @@
(*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
(*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
(*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
+ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
if (option) {
if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
@@ -584,6 +585,10 @@
option->stream_reset_burst,
option->stream_reset_rate);
}
+
+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
+ (*session_ptr)->max_continuations = option->max_continuations;
+ }
}
rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
@@ -6778,6 +6783,8 @@
}
}
session_inbound_frame_reset(session);
+
+ session->num_continuations = 0;
}
break;
}
@@ -6899,6 +6906,10 @@
}
#endif /* DEBUGBUILD */
+ if (++session->num_continuations > session->max_continuations) {
+ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
+ }
+
readlen = inbound_frame_buf_read(iframe, in, last);
in += readlen;
Only in node-v18.19.1/deps/nghttp2/lib: nghttp2_session.c.orig
diff -ur node-v18.19.1_orig/deps/nghttp2/lib/nghttp2_session.h node-v18.19.1/deps/nghttp2/lib/nghttp2_session.h
--- node-v18.19.1_orig/deps/nghttp2/lib/nghttp2_session.h 2024-04-15 14:38:00.000000000 +0200
+++ node-v18.19.1/deps/nghttp2/lib/nghttp2_session.h 2024-04-15 14:41:10.000000000 +0200
@@ -110,6 +110,10 @@
#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
+/* The default max number of CONTINUATION frames following an incoming
+ HEADER frame. */
+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
+
/* Internal state when receiving incoming frame */
typedef enum {
/* Receiving frame header */
@@ -290,6 +294,12 @@
size_t max_send_header_block_length;
/* The maximum number of settings accepted per SETTINGS frame. */
size_t max_settings;
+ /* The maximum number of CONTINUATION frames following an incoming
+ HEADER frame. */
+ size_t max_continuations;
+ /* The number of CONTINUATION frames following an incoming HEADER
+ frame. This variable is reset when END_HEADERS flag is seen. */
+ size_t num_continuations;
/* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
uint32_t next_stream_id;
/* The last stream ID this session initiated. For client session,

View File

@ -13,7 +13,6 @@ are similarly disabled.
Upstream report: https://github.com/nodejs/node/pull/48950
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
Customer case: https://access.redhat.com/support/cases/#/case/03711488
---
lib/crypto.js | 10 ++++++++++
lib/internal/errors.js | 6 ++++++
@ -80,3 +79,4 @@ index 5734d8f..ef9d1b1 100644
if (fips_provider == nullptr)
--
2.43.2

View File

@ -135,67 +135,109 @@ rm -f node-v${version}.tar.gz
set +e
# Determine the bundled versions of the various packages
echo "Included software versions"
echo "-------------------------"
echo
echo "Node.js version"
echo "========================="
echo "${version}"
echo
echo "Bundled software versions"
echo "-------------------------"
echo
echo "libnode shared object version"
echo "libnode shared object version (nodejs_soversion)"
echo "========================="
grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h
NODE_SOVERSION=$(grep -oP '(?<=#define NODE_MODULE_VERSION )\d+' node-v${version}/src/node_version.h)
echo "${NODE_SOVERSION}"
echo
echo "V8"
echo "========================="
grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h
V8_MAJOR=$(grep -oP '(?<=#define V8_MAJOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
V8_MINOR=$(grep -oP '(?<=#define V8_MINOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
V8_BUILD=$(grep -oP '(?<=#define V8_BUILD_NUMBER )\d+' node-v${version}/deps/v8/include/v8-version.h)
V8_PATCH=$(grep -oP '(?<=#define V8_PATCH_LEVEL )\d+' node-v${version}/deps/v8/include/v8-version.h)
echo "${V8_MAJOR}.${V8_MINOR}.${V8_BUILD}.${V8_PATCH}"
echo
echo "c-ares"
echo "========================="
grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h
grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
C_ARES_VERSION=$(grep -oP '(?<=#define ARES_VERSION_STR ).*\"' node-v${version}/deps/cares/include/ares_version.h |sed -e 's/^"//' -e 's/"$//')
echo $C_ARES_VERSION
echo
echo "llhttp"
echo "========================="
grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
LLHTTP_MAJOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MAJOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
LLHTTP_MINOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MINOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
LLHTTP_PATCH=$(grep -oP '(?<=#define LLHTTP_VERSION_PATCH )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
LLHTTP_VERSION="${LLHTTP_MAJOR}.${LLHTTP_MINOR}.${LLHTTP_PATCH}"
echo $LLHTTP_VERSION
echo
echo "libuv"
echo "========================="
grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h
grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h
grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h
UV_MAJOR=$(grep -oP '(?<=#define UV_VERSION_MAJOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
UV_MINOR=$(grep -oP '(?<=#define UV_VERSION_MINOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
UV_PATCH=$(grep -oP '(?<=#define UV_VERSION_PATCH )\d+' node-v${version}/deps/uv/include/uv/version.h)
LIBUV_VERSION="${UV_MAJOR}.${UV_MINOR}.${UV_PATCH}"
echo $LIBUV_VERSION
echo
echo "nghttp2"
echo "========================="
grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
NGHTTP2_VERSION=$(grep -oP '(?<=#define NGHTTP2_VERSION ).*\"' node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h |sed -e 's/^"//' -e 's/"$//')
echo $NGHTTP2_VERSION
echo
echo "nghttp3"
echo "========================="
grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
NGHTTP3_VERSION=$(grep -oP '(?<=#define NGHTTP3_VERSION ).*\"' node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h |sed -e 's/^"//' -e 's/"$//')
echo $NGHTTP3_VERSION
echo
echo "ngtcp2"
echo "========================="
grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
NGTCP2_VERSION=$(grep -oP '(?<=#define NGTCP2_VERSION ).*\"' node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h |sed -e 's/^"//' -e 's/"$//')
echo $NGTCP2_VERSION
echo
echo "ICU"
echo "========================="
grep "url" node-v${version}/tools/icu/current_ver.dep
ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g')
ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g')
echo "${ICU_MAJOR}.${ICU_MINOR}"
echo
echo "simdutf"
echo "========================="
SIMDUTF_VERSION=$(grep -oP '(?<=#define SIMDUTF_VERSION ).*\"' node-v${version}/deps/simdutf/simdutf.h |sed -e 's/^"//' -e 's/"$//')
echo $SIMDUTF_VERSION
echo
echo "ada"
echo "========================="
ADA_VERSION=$(grep -osP '(?<=#define ADA_VERSION ).*\"' node-v${version}/deps/ada/ada.h |sed -e 's/^"//' -e 's/"$//')
ADA_VERSION=${ADA_VERSION:-0}
echo "${ADA_VERSION}"
echo
echo "punycode"
echo "========================="
grep "'version'" node-v${version}/lib/punycode.js
echo
echo "uvwasi"
echo "========================="
grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
PUNYCODE_VERSION=$(grep -oP "'version': '\K[^']+" ./node-v${version}/lib/punycode.js)
echo $PUNYCODE_VERSION
echo
echo "npm"
echo "========================="
grep "\"version\":" node-v${version}/deps/npm/package.json
NPM_VERSION=$(jq -r .version ./node-v${version}/deps/npm/package.json)
echo $NPM_VERSION
echo
echo "corepack"
echo "========================="
COREPACK_VERSION=$(jq -r .version ./node-v${version}/deps/corepack/package.json)
echo $COREPACK_VERSION
echo
echo "uvwasi"
echo "========================="
UVWASI_MAJOR=$(grep -oP '(?<=#define UVWASI_VERSION_MAJOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
UVWASI_MINOR=$(grep -oP '(?<=#define UVWASI_VERSION_MINOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
UVWASI_PATCH=$(grep -oP '(?<=#define UVWASI_VERSION_PATCH )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
UVWASI_VERSION="${UVWASI_MAJOR}.${UVWASI_MINOR}.${UVWASI_PATCH}"
echo $UVWASI_VERSION
echo
echo "histogram_c"
echo "========================="
HISTOGRAM_VERSION=$(grep -oP '(?<=#define HDR_HISTOGRAM_VERSION ).*\"' node-v${version}/deps/histogram/include/hdr/hdr_histogram_version.h|sed -e 's/^"//' -e 's/"$//')
echo $HISTOGRAM_VERSION
echo
echo "Make sure these versions match what is in the RPM spec file"

View File

@ -29,7 +29,7 @@
# This is used by both the nodejs package and the npm subpackage that
# has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end.
%global baserelease 1
%global baserelease 2
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -40,8 +40,8 @@
# than a Fedora release lifecycle.
%global nodejs_epoch 1
%global nodejs_major 18
%global nodejs_minor 19
%global nodejs_patch 1
%global nodejs_minor 20
%global nodejs_patch 2
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
%global nodejs_soversion 108
@ -65,10 +65,10 @@
# c-ares - from deps/cares/include/ares_version.h
# https://github.com/nodejs/node/pull/9332
%global c_ares_version 1.20.1
%global c_ares_version 1.27.0
# llhttp - from deps/llhttp/include/llhttp.h
%global llhttp_version 6.1.0
%global llhttp_version 6.1.1
# libuv - from deps/uv/include/uv/version.h
%global libuv_version 1.44.2
@ -89,7 +89,7 @@
%global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
# ICU - from tools/icu/current_ver.dep
%global icu_major 73
%global icu_major 74
%global icu_minor 2
%global icu_version %{icu_major}.%{icu_minor}
@ -108,13 +108,13 @@
%endif
# simduft from deps/simdutf/simdutf.h
%global simduft_major 3
%global simduft_minor 2
%global simduft_patch 14
%global simduft_major 4
%global simduft_minor 0
%global simduft_patch 8
%global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch}
# ada from deps/ada/ada.h
%global ada_version 2.6.0
%global ada_version 2.7.6
# OpenSSL minimum version
%global openssl_minimum 1:1.1.1
@ -126,7 +126,7 @@
# npm - from deps/npm/package.json
%global npm_epoch 1
%global npm_version 10.2.4
%global npm_version 10.5.0
# In order to avoid needing to keep incrementing the release version for the
# main package forever, we will just construct one for npm that is guaranteed
@ -181,14 +181,15 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
# Version: jq '.version' deps/undici/src/package.json
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz
# Adjustments: rm -f undici-5.28.3/lib/llhttp/llhttp*.wasm
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.4.tar.gz
# Adjustments: rm -f undici-5.28.4/lib/llhttp/llhttp*.wasm
# Build uses alpine image, see alpine for sources for wasi-sdk
Source102: undici-5.28.3.tar.gz
Source102: undici-5.28.4.tar.gz
# Disable running gyp on bundled deps we don't use
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
Patch3: nodejs-fips-disable-options.patch
Patch4: CVE-2024-28182.patch
BuildRequires: make
BuildRequires: python3-devel
@ -530,6 +531,11 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \
-executable -type f \
-exec chmod -x {} \;
# Remove powwershell files form npm
# it isn't useful for linux systems
# is caused problems - it creates /usr/bin/pwsh requirement
find %{buildroot}%{_prefix}/lib/node_modules/npm/bin/*.ps1 -executable -type f -exec rm {} \;
# The above command is a little overzealous. Add a few permissions back.
chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js
@ -628,19 +634,18 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod
%changelog
* Thu Feb 29 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:18.19.1-1
* Mon Apr 15 2024 Filip Janus <fjanus@redhat.com> - 1:18.20.2-2
- Rebase to 18.20.2
- Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629
* Tue Mar 05 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:18.19.1-1
- Rebase to version 18.19.1
- Fix FIPS handling of the cmd-line options (RHBZ#2226726)
- Resolves: RHEL-26695 RHEL-26009 RHEL-26690
- Fixes: CVE-2024-21892 CVE-2024-22019 (high)
- Fixes: CVE-2023-46809 (medium)
* Thu Jan 18 2024 Jan Staněk <jstanek@redhat.com> - 1:18.19.0-1
- Rebase to version 18.19.0
Resolves: RHEL-21438
* Sat Oct 14 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.18.2-1
- Rebase to 18.18.2 (Security release)
- Switch icu from zip to tgz
- Fixes #2228925, CVE-2023-45143, CVE-2023-44487, CVE-2023-38552, CVE-2023-39333
Resolves: RHEL-21436
* Wed Aug 23 2023 Jan Staněk <jstanek@redhat.com> - 1:18.17.1-1
- Rebase to version 18.17.1