From a737160f258451c5ef308b14e6aed86d49ea678d Mon Sep 17 00:00:00 2001 From: Lukas Javorsky Date: Tue, 5 Mar 2024 11:42:04 +0000 Subject: [PATCH] Rebase to version 18.19.1 Resolves: RHEL-25866 RHEL-25932 RHEL-25922 --- .gitignore | 2 ++ nodejs.spec | 21 +++++++++++++-------- sources | 4 ++-- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index b036f36..6e8c595 100644 --- a/.gitignore +++ b/.gitignore @@ -52,3 +52,5 @@ wasi-sdk-14.0-linux.tar.gz /icu4c-73_2-src.zip /icu4c-73_2-src.tgz /undici-5.26.4.tar.gz +/node-v18.19.1-stripped.tar.gz +/undici-5.28.3.tar.gz diff --git a/nodejs.spec b/nodejs.spec index 9472729..e85af76 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -42,7 +42,7 @@ %global nodejs_epoch 1 %global nodejs_major 18 %global nodejs_minor 19 -%global nodejs_patch 0 +%global nodejs_patch 1 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 108 @@ -68,7 +68,7 @@ %global c_ares_version 1.20.1 # llhttp - from deps/llhttp/include/llhttp.h -%global llhttp_version 6.0.11 +%global llhttp_version 6.1.0 # libuv - from deps/uv/include/uv/version.h %global libuv_major 1 @@ -132,7 +132,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 10.2.3 +%global npm_version 10.2.4 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -141,13 +141,13 @@ %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} # Node.js 16.9.1 and later comes with an experimental package management tool -%global corepack_version 0.10.0 +%global corepack_version 0.22.0 # uvwasi - from deps/uvwasi/include/uvwasi.h %global uvwasi_version 0.0.19 # histogram_c - assumed from timestamps -%global histogram_version 0.11.2 +%global histogram_version 0.11.8 Name: nodejs Epoch: %{nodejs_epoch} @@ -190,10 +190,10 @@ Source101: cjs-module-lexer-1.2.2.tar.gz Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.26.4.tar.gz -# Adjustments: rm -f undici-5.26.4/lib/llhttp/llhttp*.wasm +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz +# Adjustments: rm -f undici-5.28.3/lib/llhttp/llhttp*.wasm # Build uses alpine image, see alpine for sources for wasi-sdk -Source111: undici-5.26.4.tar.gz +Source111: undici-5.28.3.tar.gz # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch @@ -731,6 +731,11 @@ end %changelog +* Wed Feb 21 2024 Lukas Javorsky - 1:18.19.1-1 +- Rebase to version 18.19.1 +- Fixes: CVE-2024-21892 CVE-2024-22019 (high) +- Fixes: CVE-2023-46809 (medium) + * Fri Jan 19 2024 Lukas Javorsky - 1:18.19.0-1 - Rebase to version 18.19.0 - Resolves: RHEL-21439 diff --git a/sources b/sources index 8f7db96..81874c2 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ -SHA512 (node-v18.19.0-stripped.tar.gz) = 9ba7cfea5cecf8ca1e66eda5866a729155c6fb2776f4e809959f15947a439846c784a0b230bca131c609431a995baa043a43b7a87f77c39dbc714bc6bde6dd29 +SHA512 (node-v18.19.1-stripped.tar.gz) = 9cba0054d8be1e024f69c1e6d9d6931b4168ca3752fa421154f62243086786837016edd512de8a7839560f01ecad95bd4137521f4a2b52f0466e5a963b6d3e05 SHA512 (icu4c-73_2-src.tgz) = 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62 -SHA512 (undici-5.26.4.tar.gz) = 4f072b9ca2f18b0533788bb953686af1bba36212d8bc3b165062ac065476dab7a33b3eb07896b9e054520148bc64733eb7d522604da698e83a88e8fcc7507acc +SHA512 (undici-5.28.3.tar.gz) = 1626128b41411447f519a605c3570c875a4c26b493cc3175b04ec54836450d23635813c93758b229f971a4b26096c0d497e13c91da4a40134536fece964ebb0b SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 0437378a087a43044b64e6b2e66426e429d87ed3f24a225d20ddc8fedda25917ba7db04a9d41207c59d20f0e6764837dad09393e5b8f92e361941a60ac5edd80 SHA512 (wasi-sdk-11.0-linux.tar.gz) = e3ed4597f7f2290967eef6238e9046f60abbcb8633a4a2a51525d00e7393df8df637a98a5b668217d332dd44fcbf2442ec7efd5e65724e888d90611164451e20