From a928341c8a9da39fe8103fba165d9e2c6d93eb3e Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 26 Aug 2024 08:23:23 +0000 Subject: [PATCH] import UBI nodejs-20.16.0-1.module+el9.4.0+22197+9e60f127 --- .gitignore | 4 ++-- .nodejs.metadata | 4 ++-- SOURCES/0002-Disable-FIPS-options.patch | 9 ++++----- SPECS/nodejs.spec | 14 +++++++++----- 4 files changed, 17 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index e678a51..6ac0161 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/cjs-module-lexer-1.2.2.tar.gz SOURCES/icu4c-75_1-src.tgz -SOURCES/node-v20.14.0-stripped.tar.gz -SOURCES/undici-6.13.0.tar.gz +SOURCES/node-v20.16.0-stripped.tar.gz +SOURCES/undici-6.19.2.tar.gz SOURCES/wasi-sdk-11.0-linux.tar.gz SOURCES/wasi-sdk-16.0-linux.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 8df6832..bd72efa 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,6 +1,6 @@ 164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz da3614aa496c5f0fde12f7aa155f235b5e239f1b SOURCES/icu4c-75_1-src.tgz -19fcaf5747bfb4680e6f05471c670bf3383ae7b9 SOURCES/node-v20.14.0-stripped.tar.gz -85aca53a0e7dec0305078b256cd2ea5636e3cf7f SOURCES/undici-6.13.0.tar.gz +f5c3411098f91526d7ce14b14b080e368510ae93 SOURCES/node-v20.16.0-stripped.tar.gz +0653ac16ef498878fffefea0fa1f7e870cdfc249 SOURCES/undici-6.19.2.tar.gz ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-16.0-linux.tar.gz diff --git a/SOURCES/0002-Disable-FIPS-options.patch b/SOURCES/0002-Disable-FIPS-options.patch index 4750f3b..31b0634 100644 --- a/SOURCES/0002-Disable-FIPS-options.patch +++ b/SOURCES/0002-Disable-FIPS-options.patch @@ -50,9 +50,8 @@ index 1216f3a..fbfcb26 100644 if (val) return; throw new ERR_CRYPTO_FIPS_FORCED(); diff --git a/lib/internal/errors.js b/lib/internal/errors.js -index def4949..580ca7a 100644 ---- a/lib/internal/errors.js -+++ b/lib/internal/errors.js +--- a/lib/internal/errors.js.patch0002 2024-08-07 15:29:09.366357433 +0200 ++++ b/lib/internal/errors.js 2024-08-07 15:29:14.392366591 +0200 @@ -1112,6 +1112,12 @@ module.exports = { // // Note: Node.js specific errors must begin with the prefix ERR_ @@ -64,8 +63,8 @@ index def4949..580ca7a 100644 + Error); + E('ERR_ACCESS_DENIED', - 'Access to this API has been restricted. Permission: %s', - Error); + function(msg, permission = '', resource = '') { + this.permission = permission; diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc index 5734d8f..ef9d1b1 100644 --- a/src/crypto/crypto_util.cc diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index ad3c80b..bc7aa7a 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -43,7 +43,7 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 20 -%global nodejs_minor 14 +%global nodejs_minor 16 %global nodejs_patch 0 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h @@ -68,7 +68,7 @@ # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_version 1.28.1 +%global c_ares_version 1.31.0 # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_version 8.1.2 @@ -108,7 +108,7 @@ %global simduft_version 5.2.8 # ada from deps/ada/ada.h -%global ada_version 2.7.8 +%global ada_version 2.8.0 # OpenSSL minimum version %global openssl_minimum 1:1.1.1 @@ -121,7 +121,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 10.7.0 +%global npm_version 10.8.1 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -183,7 +183,7 @@ Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk- # Original: https://github.com/nodejs/undici/archive/refs/tags/v6.13.0.tar.gz # Adjustments: rm -f undici-6.13.0/lib/llhttp/llhttp*.wasm # wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt -Source102: undici-6.13.0.tar.gz +Source102: undici-6.19.2.tar.gz Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk-16.0-linux.tar.gz # Disable running gyp on bundled deps we don't use @@ -634,6 +634,10 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod %changelog +* Mon Aug 05 2024 Honza Horak - 1:20.16.0-1 +- Update to 20.16.0 + Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 + * Tue Jun 11 2024 Jan Staněk - 1:20.14.0-1 - Update to version 20.14.0