diff --git a/.gitignore b/.gitignore index c361f6c..458d6a2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -SOURCES/icu4c-78.2-data-bin-b.zip -SOURCES/icu4c-78.2-data-bin-l.zip -SOURCES/node-v24.14.1-stripped.tar.gz +SOURCES/icu4c-78.3-data-bin-b.zip +SOURCES/icu4c-78.3-data-bin-l.zip +SOURCES/node-v24.18.0-stripped.tar.gz SOURCES/packaging-scripts.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index 410dee0..5e2c8ea 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,4 +1,4 @@ -7a91e81c4f2c8368d80285a5bbdfe278d68e4a84 SOURCES/icu4c-78.2-data-bin-b.zip -b9f5918e2118ef8531b0ffc04b3d50e951e3a166 SOURCES/icu4c-78.2-data-bin-l.zip -4b8d577fed40b7065f78da8d4257775cb9a56a35 SOURCES/node-v24.14.1-stripped.tar.gz -2399006236317582f75d9525d5aa3b75fcd8a00d SOURCES/packaging-scripts.tar.gz +0a91aee64ba400d52034769301104cc843474a22 SOURCES/icu4c-78.3-data-bin-b.zip +913f6682015287483a035af160ea4d919c0a3ca5 SOURCES/icu4c-78.3-data-bin-l.zip +da316582d493179edd255e531bf75e0b21e48512 SOURCES/node-v24.18.0-stripped.tar.gz +eb3cf16f39f950f185ebf460a279bb27293dabe2 SOURCES/packaging-scripts.tar.gz diff --git a/SOURCES/0003-downstream-update-nghttp2-to-1.68.1.patch b/SOURCES/0003-downstream-update-nghttp2-to-1.68.1.patch deleted file mode 100644 index e445f8f..0000000 --- a/SOURCES/0003-downstream-update-nghttp2-to-1.68.1.patch +++ /dev/null @@ -1,530 +0,0 @@ -From 205baae16ff43539500a6f168d0d27e226bfc4f2 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Wed, 25 Mar 2026 15:36:44 +0100 -Subject: [PATCH] downstream: update nghttp2 to 1.68.1 - -This is done out of sync with upstream node, -in order to address CVE-2026-27135 in a timely manner. - -Should be dropped once upstream addresses the CVE in their own way. - -Signed-off-by: rpm-build ---- - .../nghttp2/lib/includes/nghttp2/nghttp2ver.h | 4 +- - deps/nghttp2/lib/nghttp2_frame.c | 10 + - deps/nghttp2/lib/nghttp2_int.h | 6 +- - deps/nghttp2/lib/nghttp2_session.c | 206 ++++++++++-------- - 4 files changed, 135 insertions(+), 91 deletions(-) - -diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -index 8dfe536..95acef2 100644 ---- a/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -@@ -29,7 +29,7 @@ - * @macro - * Version number of the nghttp2 library release - */ --#define NGHTTP2_VERSION "1.68.0" -+#define NGHTTP2_VERSION "1.68.1" - - /** - * @macro -@@ -37,6 +37,6 @@ - * release. This is a 24 bit number with 8 bits for major number, 8 bits - * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. - */ --#define NGHTTP2_VERSION_NUM 0x014400 -+#define NGHTTP2_VERSION_NUM 0x014401 - - #endif /* NGHTTP2VER_H */ -diff --git a/deps/nghttp2/lib/nghttp2_frame.c b/deps/nghttp2/lib/nghttp2_frame.c -index edc2aaa..264ae9d 100644 ---- a/deps/nghttp2/lib/nghttp2_frame.c -+++ b/deps/nghttp2/lib/nghttp2_frame.c -@@ -750,6 +750,16 @@ void nghttp2_frame_unpack_altsvc_payload(nghttp2_extension *frame, - uint8_t *p; - - altsvc = frame->payload; -+ -+ if (payloadlen == 0) { -+ altsvc->origin = NULL; -+ altsvc->origin_len = 0; -+ altsvc->field_value = NULL; -+ altsvc->field_value_len = 0; -+ -+ return; -+ } -+ - p = payload; - - altsvc->origin = p; -diff --git a/deps/nghttp2/lib/nghttp2_int.h b/deps/nghttp2/lib/nghttp2_int.h -index 4e3b268..d89cf15 100644 ---- a/deps/nghttp2/lib/nghttp2_int.h -+++ b/deps/nghttp2/lib/nghttp2_int.h -@@ -52,7 +52,11 @@ typedef enum { - * Unlike NGHTTP2_ERR_IGN_HTTP_HEADER, this does not invoke - * nghttp2_on_invalid_header_callback. - */ -- NGHTTP2_ERR_REMOVE_HTTP_HEADER = -106 -+ NGHTTP2_ERR_REMOVE_HTTP_HEADER = -106, -+ /* -+ * Cancel pushed stream. -+ */ -+ NGHTTP2_ERR_PUSH_CANCEL = -107, - } nghttp2_internal_error; - - #endif /* !defined(NGHTTP2_INT_H) */ -diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c -index 97d7fda..0fbcc93 100644 ---- a/deps/nghttp2/lib/nghttp2_session.c -+++ b/deps/nghttp2/lib/nghttp2_session.c -@@ -3272,7 +3272,9 @@ static int session_call_on_invalid_header(nghttp2_session *session, - session, frame, nv->name->base, nv->name->len, nv->value->base, - nv->value->len, nv->flags, session->user_data); - } else { -- return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; -+ /* If both callbacks are not set, the invalid field nv is -+ ignored. */ -+ return 0; - } - - if (rv == NGHTTP2_ERR_PAUSE || rv == NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE) { -@@ -3357,6 +3359,10 @@ static uint32_t get_error_code_from_lib_error_code(int lib_error_code) { - case NGHTTP2_ERR_HTTP_HEADER: - case NGHTTP2_ERR_HTTP_MESSAGING: - return NGHTTP2_PROTOCOL_ERROR; -+ case NGHTTP2_ERR_INTERNAL: -+ return NGHTTP2_INTERNAL_ERROR; -+ case NGHTTP2_ERR_PUSH_CANCEL: -+ return NGHTTP2_CANCEL; - default: - return NGHTTP2_INTERNAL_ERROR; - } -@@ -3408,7 +3414,7 @@ static int session_handle_invalid_stream2(nghttp2_session *session, - if (rv != 0) { - return rv; - } -- if (session->callbacks.on_invalid_frame_recv_callback) { -+ if (frame && session->callbacks.on_invalid_frame_recv_callback) { - if (session->callbacks.on_invalid_frame_recv_callback( - session, frame, lib_error_code, session->user_data) != 0) { - return NGHTTP2_ERR_CALLBACK_FAILURE; -@@ -3563,7 +3569,29 @@ static int inflate_header_block(nghttp2_session *session, nghttp2_frame *frame, - - rv2 = session_call_on_invalid_header(session, frame, &nv); - if (rv2 == NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE) { -- rv = NGHTTP2_ERR_HTTP_HEADER; -+ DEBUGF("recv: HTTP error: type=%u, id=%d, header %.*s: %.*s\n", -+ frame->hd.type, frame->hd.stream_id, (int)nv.name->len, -+ nv.name->base, (int)nv.value->len, nv.value->base); -+ -+ rv = session_call_error_callback( -+ session, NGHTTP2_ERR_HTTP_HEADER, -+ "Invalid HTTP header field was received: frame type: " -+ "%u, stream: %d, name: [%.*s], value: [%.*s]", -+ frame->hd.type, frame->hd.stream_id, (int)nv.name->len, -+ nv.name->base, (int)nv.value->len, nv.value->base); -+ -+ if (nghttp2_is_fatal(rv)) { -+ return rv; -+ } -+ -+ rv = session_handle_invalid_stream2( -+ session, subject_stream->stream_id, frame, -+ NGHTTP2_ERR_HTTP_HEADER); -+ if (nghttp2_is_fatal(rv)) { -+ return rv; -+ } -+ -+ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; - } else { - if (rv2 != 0) { - return rv2; -@@ -3603,13 +3631,8 @@ static int inflate_header_block(nghttp2_session *session, nghttp2_frame *frame, - return rv; - } - -- rv = -- session_handle_invalid_stream2(session, subject_stream->stream_id, -- frame, NGHTTP2_ERR_HTTP_HEADER); -- if (nghttp2_is_fatal(rv)) { -- return rv; -- } -- return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; -+ return nghttp2_session_terminate_session(session, -+ NGHTTP2_PROTOCOL_ERROR); - } - } - if (rv == 0) { -@@ -3722,27 +3745,7 @@ static int session_after_header_block_received(nghttp2_session *session) { - } - } - if (rv != 0) { -- int32_t stream_id; -- -- if (frame->hd.type == NGHTTP2_PUSH_PROMISE) { -- stream_id = frame->push_promise.promised_stream_id; -- } else { -- stream_id = frame->hd.stream_id; -- } -- -- rv = session_handle_invalid_stream2(session, stream_id, frame, -- NGHTTP2_ERR_HTTP_MESSAGING); -- if (nghttp2_is_fatal(rv)) { -- return rv; -- } -- -- if (frame->hd.type == NGHTTP2_HEADERS && -- (frame->hd.flags & NGHTTP2_FLAG_END_STREAM)) { -- nghttp2_stream_shutdown(stream, NGHTTP2_SHUT_RD); -- /* Don't call nghttp2_session_close_stream_if_shut_rdwr -- because RST_STREAM has been submitted. */ -- } -- return 0; -+ return nghttp2_session_terminate_session(session, NGHTTP2_PROTOCOL_ERROR); - } - } - -@@ -4078,8 +4081,7 @@ static int update_remote_initial_window_size_func(void *entry, void *ptr) { - rv = nghttp2_stream_update_remote_initial_window_size( - stream, arg->new_window_size, arg->old_window_size); - if (rv != 0) { -- return nghttp2_session_add_rst_stream(arg->session, stream->stream_id, -- NGHTTP2_FLOW_CONTROL_ERROR); -+ return NGHTTP2_ERR_FLOW_CONTROL; - } - - /* If window size gets positive, push deferred DATA frame to -@@ -4105,6 +4107,8 @@ static int update_remote_initial_window_size_func(void *entry, void *ptr) { - * - * NGHTTP2_ERR_NOMEM - * Out of memory. -+ * NGHTTP2_ERR_FLOW_CONTROL -+ * Window size gets out of range. - */ - static int - session_update_remote_initial_window_size(nghttp2_session *session, -@@ -4128,8 +4132,7 @@ static int update_local_initial_window_size_func(void *entry, void *ptr) { - rv = nghttp2_stream_update_local_initial_window_size( - stream, arg->new_window_size, arg->old_window_size); - if (rv != 0) { -- return nghttp2_session_add_rst_stream(arg->session, stream->stream_id, -- NGHTTP2_FLOW_CONTROL_ERROR); -+ return NGHTTP2_ERR_FLOW_CONTROL; - } - - if (stream->window_update_queued) { -@@ -4163,6 +4166,8 @@ static int update_local_initial_window_size_func(void *entry, void *ptr) { - * - * NGHTTP2_ERR_NOMEM - * Out of memory. -+ * NGHTTP2_ERR_FLOW_CONTROL -+ * Window size gets out of range. - */ - static int - session_update_local_initial_window_size(nghttp2_session *session, -@@ -4549,9 +4554,9 @@ int nghttp2_session_on_push_promise_received(nghttp2_session *session, - session->max_incoming_reserved_streams) { - /* Currently, client does not retain closed stream, so we don't - check NGHTTP2_SHUT_RD condition here. */ -- -- rv = nghttp2_session_add_rst_stream( -- session, frame->push_promise.promised_stream_id, NGHTTP2_CANCEL); -+ rv = session_handle_invalid_stream2(session, -+ frame->push_promise.promised_stream_id, -+ NULL, NGHTTP2_ERR_PUSH_CANCEL); - if (rv != 0) { - return rv; - } -@@ -4708,8 +4713,9 @@ static int session_on_stream_window_update_received(nghttp2_session *session, - } - if (NGHTTP2_MAX_WINDOW_SIZE - frame->window_update.window_size_increment < - stream->remote_window_size) { -- return session_handle_invalid_stream(session, frame, -- NGHTTP2_ERR_FLOW_CONTROL); -+ return session_handle_invalid_connection( -+ session, frame, NGHTTP2_ERR_FLOW_CONTROL, -+ "WINDOW_UPDATE: window size overflow"); - } - stream->remote_window_size += frame->window_update.window_size_increment; - -@@ -4939,16 +4945,7 @@ int nghttp2_session_on_data_received(nghttp2_session *session, - if (session_enforce_http_messaging(session) && - (frame->hd.flags & NGHTTP2_FLAG_END_STREAM)) { - if (nghttp2_http_on_remote_end_stream(stream) != 0) { -- rv = nghttp2_session_add_rst_stream(session, stream->stream_id, -- NGHTTP2_PROTOCOL_ERROR); -- if (nghttp2_is_fatal(rv)) { -- return rv; -- } -- -- nghttp2_stream_shutdown(stream, NGHTTP2_SHUT_RD); -- /* Don't call nghttp2_session_close_stream_if_shut_rdwr because -- RST_STREAM has been submitted. */ -- return 0; -+ return nghttp2_session_terminate_session(session, NGHTTP2_PROTOCOL_ERROR); - } - } - -@@ -5006,8 +5003,8 @@ int nghttp2_session_update_recv_stream_window_size(nghttp2_session *session, - rv = adjust_recv_window_size(&stream->recv_window_size, delta_size, - stream->local_window_size); - if (rv != 0) { -- return nghttp2_session_add_rst_stream(session, stream->stream_id, -- NGHTTP2_FLOW_CONTROL_ERROR); -+ return nghttp2_session_terminate_session(session, -+ NGHTTP2_FLOW_CONTROL_ERROR); - } - /* We don't have to send WINDOW_UPDATE if the data received is the - last chunk in the incoming stream. */ -@@ -5469,6 +5466,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - busy = 1; - - rv = session_on_data_received_fail_fast(session); -+ if (nghttp2_is_fatal(rv)) { -+ return rv; -+ } -+ - if (iframe->state == NGHTTP2_IB_IGN_ALL) { - return (nghttp2_ssize)inlen; - } -@@ -5489,10 +5490,6 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - break; - } - -- if (nghttp2_is_fatal(rv)) { -- return rv; -- } -- - rv = inbound_frame_handle_pad(iframe, &iframe->frame.hd); - if (rv < 0) { - rv = nghttp2_session_terminate_session_with_reason( -@@ -5576,6 +5573,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - return rv; - } - -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } -+ - on_begin_frame_called = 1; - - rv = session_process_headers_frame(session); -@@ -5590,8 +5591,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - } - - if (rv == NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE) { -- rv = nghttp2_session_add_rst_stream( -- session, iframe->frame.hd.stream_id, NGHTTP2_INTERNAL_ERROR); -+ rv = session_handle_invalid_stream2( -+ session, iframe->frame.hd.stream_id, NULL, NGHTTP2_ERR_INTERNAL); - if (nghttp2_is_fatal(rv)) { - return rv; - } -@@ -6044,6 +6045,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - if (nghttp2_is_fatal(rv)) { - return rv; - } -+ -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } - } - } - -@@ -6107,8 +6112,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - } - - if (rv == NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE) { -- rv = nghttp2_session_add_rst_stream( -- session, iframe->frame.hd.stream_id, NGHTTP2_INTERNAL_ERROR); -+ rv = session_handle_invalid_stream2( -+ session, iframe->frame.hd.stream_id, NULL, NGHTTP2_ERR_INTERNAL); - if (nghttp2_is_fatal(rv)) { - return rv; - } -@@ -6191,9 +6196,9 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - } - - if (rv == NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE) { -- rv = nghttp2_session_add_rst_stream( -- session, iframe->frame.push_promise.promised_stream_id, -- NGHTTP2_INTERNAL_ERROR); -+ rv = session_handle_invalid_stream2( -+ session, iframe->frame.push_promise.promised_stream_id, NULL, -+ NGHTTP2_ERR_INTERNAL); - if (nghttp2_is_fatal(rv)) { - return rv; - } -@@ -6296,6 +6301,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - return rv; - } - -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } -+ - session_inbound_frame_reset(session); - - break; -@@ -6371,12 +6380,12 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - iframe->payloadleft -= hd_proclen; - - /* Use promised stream ID for PUSH_PROMISE */ -- rv = nghttp2_session_add_rst_stream( -+ rv = session_handle_invalid_stream2( - session, - iframe->frame.hd.type == NGHTTP2_PUSH_PROMISE - ? iframe->frame.push_promise.promised_stream_id - : iframe->frame.hd.stream_id, -- NGHTTP2_INTERNAL_ERROR); -+ NULL, NGHTTP2_ERR_INTERNAL); - if (nghttp2_is_fatal(rv)) { - return rv; - } -@@ -6423,6 +6432,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - if (nghttp2_is_fatal(rv)) { - return rv; - } -+ -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } - } - session_inbound_frame_reset(session); - -@@ -6598,6 +6611,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - if (nghttp2_is_fatal(rv)) { - return rv; - } -+ -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } - } else { - iframe->state = NGHTTP2_IB_IGN_HEADER_BLOCK; - } -@@ -6648,6 +6665,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - if (nghttp2_is_fatal(rv)) { - return rv; - } -+ -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } - } - - busy = 1; -@@ -6720,6 +6741,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - return rv; - } - -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } -+ - data_readlen = - inbound_frame_effective_readlen(iframe, iframe->payloadleft, readlen); - -@@ -6749,41 +6774,30 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - if (data_readlen > 0) { - if (session_enforce_http_messaging(session)) { - if (nghttp2_http_on_data_chunk(stream, (size_t)data_readlen) != 0) { -- if (session->opt_flags & NGHTTP2_OPTMASK_NO_AUTO_WINDOW_UPDATE) { -- /* Consume all data for connection immediately here */ -- rv = session_update_connection_consumed_size( -- session, (size_t)data_readlen); -- -- if (nghttp2_is_fatal(rv)) { -- return rv; -- } -- -- if (iframe->state == NGHTTP2_IB_IGN_DATA) { -- return (nghttp2_ssize)inlen; -- } -- } -- -- rv = nghttp2_session_add_rst_stream( -- session, iframe->frame.hd.stream_id, NGHTTP2_PROTOCOL_ERROR); -+ rv = nghttp2_session_terminate_session(session, -+ NGHTTP2_PROTOCOL_ERROR); - if (nghttp2_is_fatal(rv)) { - return rv; - } -- busy = 1; -- iframe->state = NGHTTP2_IB_IGN_DATA; -- break; -+ -+ return (nghttp2_ssize)inlen; - } - } - if (session->callbacks.on_data_chunk_recv_callback) { - rv = session->callbacks.on_data_chunk_recv_callback( - session, iframe->frame.hd.flags, iframe->frame.hd.stream_id, - in - readlen, (size_t)data_readlen, session->user_data); -- if (rv == NGHTTP2_ERR_PAUSE) { -- return (nghttp2_ssize)(in - first); -- } -- - if (nghttp2_is_fatal(rv)) { - return NGHTTP2_ERR_CALLBACK_FAILURE; - } -+ -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } -+ -+ if (rv == NGHTTP2_ERR_PAUSE) { -+ return (nghttp2_ssize)(in - first); -+ } - } - } - } -@@ -6797,6 +6811,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - return rv; - } - -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } -+ - session_inbound_frame_reset(session); - - break; -@@ -6863,6 +6881,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - return rv; - } - -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } -+ - if (rv != 0) { - busy = 1; - -@@ -6881,6 +6903,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - return rv; - } - -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } -+ - session_inbound_frame_reset(session); - - break; -@@ -6909,6 +6935,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - return rv; - } - -+ if (iframe->state == NGHTTP2_IB_IGN_ALL) { -+ return (nghttp2_ssize)inlen; -+ } -+ - session_inbound_frame_reset(session); - - break; --- -2.53.0 - diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index bbac700..816538b 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -2,7 +2,7 @@ ## (rpmautospec version 0.6.5) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: - release_number = 2; + release_number = 1; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} @@ -13,50 +13,50 @@ %{load:%{_sourcedir}/nodejs.srpm.macros} # === Versions of any software shipped in the main nodejs tarball -%nodejs_define_version node 1:24.14.1-%{autorelease} -p +%nodejs_define_version node 1:24.18.0-%{autorelease} -p # The following ones are generated via script; # expect anything between the markers to be overwritten on any update. # BEGIN automatic-version-macros # DO NOT REMOVE THIS LINE! -# Version from node-v24.14.1/src/node_version.h +# Version from node-v24.18.0/src/node_version.h %global node_soversion 137 -# Version from node-v24.14.1/deps/ada/ada.h -%nodejs_define_version ada 3.4.2 -# Version from node-v24.14.1/deps/brotli/c/common/version.h +# Version from node-v24.18.0/deps/ada/ada.h +%nodejs_define_version ada 3.4.4 +# Version from node-v24.18.0/deps/brotli/c/common/version.h %nodejs_define_version brotli 1.2.0 -# Version from node-v24.14.1/deps/cares/include/ares_version.h +# Version from node-v24.18.0/deps/cares/include/ares_version.h %nodejs_define_version c_ares 1.34.6 -# Version from node-v24.14.1/deps/histogram/include/hdr/hdr_histogram_version.h +# Version from node-v24.18.0/deps/histogram/include/hdr/hdr_histogram_version.h %nodejs_define_version histogram 0.11.9 -# Version from node-v24.14.1/tools/icu/current_ver.dep -%nodejs_define_version icu 78.2 -p -# Version from node-v24.14.1/deps/uv/include/uv/version.h -%nodejs_define_version libuv 1.51.0 -# Version from node-v24.14.1/deps/llhttp/include/llhttp.h -%nodejs_define_version llhttp 9.3.0 -# Version from node-v24.14.1/deps/merve/merve.h -%nodejs_define_version merve 1.0.0 -# Version from node-v24.14.1/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -%nodejs_define_version nghttp2 1.68.1 -# Version from node-v24.14.1/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h -%nodejs_define_version nghttp3 1.6.0 -# Version from node-v24.14.1/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h -%nodejs_define_version ngtcp2 1.11.0 -# Version from node-v24.14.1/lib/punycode.js +# Version from node-v24.18.0/tools/icu/current_ver.dep +%nodejs_define_version icu 78.3 -p +# Version from node-v24.18.0/deps/uv/include/uv/version.h +%nodejs_define_version libuv 1.52.1 +# Version from node-v24.18.0/deps/llhttp/include/llhttp.h +%nodejs_define_version llhttp 9.4.2 +# Version from node-v24.18.0/deps/merve/merve.h +%nodejs_define_version merve 1.2.2 +# Version from node-v24.18.0/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h +%nodejs_define_version nghttp2 1.69.0 +# Version from node-v24.18.0/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h +%nodejs_define_version nghttp3 1.14.0 +# Version from node-v24.18.0/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h +%nodejs_define_version ngtcp2 1.15.1 +# Version from node-v24.18.0/lib/punycode.js %nodejs_define_version nodejs-punycode 2.1.0 -# Version from node-v24.14.1/deps/undici/src/package.json -%nodejs_define_version nodejs-undici 7.24.4 -# Version from node-v24.14.1/deps/npm/package.json -%nodejs_define_version npm 1:11.11.0 -# Version from node-v24.14.1/deps/sqlite/sqlite3.h -%nodejs_define_version sqlite 3.51.2 -# Version from node-v24.14.1/deps/uvwasi/include/uvwasi.h +# Version from node-v24.18.0/deps/undici/src/package.json +%nodejs_define_version nodejs-undici 7.28.0 +# Version from node-v24.18.0/deps/npm/package.json +%nodejs_define_version npm 1:11.16.0 +# Version from node-v24.18.0/deps/sqlite/sqlite3.h +%nodejs_define_version sqlite 3.53.1 +# Version from node-v24.18.0/deps/uvwasi/include/uvwasi.h %nodejs_define_version uvwasi 0.0.23 -# Version from node-v24.14.1/deps/v8/include/v8-version.h +# Version from node-v24.18.0/deps/v8/include/v8-version.h %nodejs_define_version v8 3:13.6.233.17 -p -# Version from node-v24.14.1/deps/zlib/zlib.h +# Version from node-v24.18.0/deps/zlib/zlib.h %nodejs_define_version zlib 1.3.1 # END automatic-version-macros # DO NOT REMOVE THIS LINE! @@ -163,7 +163,6 @@ Source101: nodejs.srpm.macros %patchlist 0001-Remove-unused-OpenSSL-config.patch 0001-fips-disable-options.patch -0003-downstream-update-nghttp2-to-1.68.1.patch %description Node.js is a platform built on Chrome's JavaScript runtime @@ -541,23 +540,26 @@ bash '%{SOURCE10}' "${RPM_BUILD_ROOT}%{_bindir}/node" test/ '%{SOURCE11}' %changelog ## START: Generated by rpmautospec -* Thu Apr 02 2026 Jan Staněk - 1:24.14.1-2 +* Fri Jun 26 2026 tjuhasz - 1:24.18.0-1 +- Update to version 24.18.0 + +* Wed Apr 01 2026 Jan Staněk - 1:24.14.1-2 - Update bundled nghttp2 to 1.68.1 -* Thu Apr 02 2026 Jan Staněk - 1:24.14.1-1 +* Wed Apr 01 2026 Jan Staněk - 1:24.14.1-1 - Update to version 24.14.1 -* Fri Jan 16 2026 tjuhasz - 1:24.13.0-1 +* Tue Jan 13 2026 tjuhasz - 1:24.13.0-1 - Update to version 24.13.0 -* Thu Nov 27 2025 tjuhasz - 1:24.11.1-2 +* Wed Nov 26 2025 tjuhasz - 1:24.11.1-2 - Disable test-tls-session-cache.js as its not currently compatiable with RHEL environment -* Thu Nov 27 2025 tjuhasz - 1:24.11.1-1 +* Wed Nov 12 2025 tjuhasz - 1:24.11.1-1 - Update to version 24.11.1 -* Tue Sep 02 2025 tjuhasz - 1:24.4.1-7 +* Mon Oct 06 2025 tjuhasz - 1:24.4.1-7 - Add patch to prevent fips usage segfault * Thu Aug 21 2025 Jan Staněk - 1:24.4.1-6