From b96829ac091c1a47ab40d01a22f63fda7f760fb5 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 17 Feb 2025 12:49:37 +0000 Subject: [PATCH] import UBI nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55 --- .gitignore | 4 ++-- .nodejs.metadata | 4 ++-- SPECS/nodejs.spec | 33 +++++++++++++++++++-------------- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/.gitignore b/.gitignore index bd64a19..43f49fd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ SOURCES/cjs-module-lexer-1.2.2.tar.gz SOURCES/icu4c-74_2-src.tgz -SOURCES/node-v18.20.4-stripped.tar.gz -SOURCES/undici-5.28.4.tar.gz +SOURCES/node-v18.20.6-stripped.tar.gz +SOURCES/undici-5.28.5.tar.gz SOURCES/wasi-sdk-11.0-linux.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index bf14de6..2cbd31a 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,5 +1,5 @@ 164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz 43a8d688a3a6bc8f0f8c5e699d0ef7a905d24314 SOURCES/icu4c-74_2-src.tgz -1865285a5bf26669d5fadbc5eb78e97f4adad612 SOURCES/node-v18.20.4-stripped.tar.gz -d38d72bec82e3c41a4de73d6ee56d9c9eff5f403 SOURCES/undici-5.28.4.tar.gz +838d4f6468dbc644da2f162027daf8f6f02187f0 SOURCES/node-v18.20.6-stripped.tar.gz +ccd4e9c2e825305395469f4a1442eee55d23d54d SOURCES/undici-5.28.5.tar.gz ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index c679774..893a67b 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -42,7 +42,7 @@ %global nodejs_epoch 1 %global nodejs_major 18 %global nodejs_minor 20 -%global nodejs_patch 4 +%global nodejs_patch 6 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 108 @@ -66,16 +66,13 @@ # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_version 1.28.1 +%global c_ares_version 1.29.0 # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_version 6.1.1 # libuv - from deps/uv/include/uv/version.h -%global libuv_major 1 -%global libuv_minor 44 -%global libuv_patch 2 -%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch} +%global libuv_version 1.44.2 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h %global nghttp2_version 1.61.0 @@ -113,12 +110,12 @@ # simduft from deps/simdutf/simdutf.h %global simduft_major 5 -%global simduft_minor 2 -%global simduft_patch 4 +%global simduft_minor 6 +%global simduft_patch 0 %global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch} # ada from deps/ada/ada.h -%global ada_version 2.7.8 +%global ada_version 2.8.0 # OpenSSL minimum version %global openssl_minimum 1:1.1.1 @@ -133,7 +130,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 10.7.0 +%global npm_version 10.8.2 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -185,16 +182,18 @@ Source8: npmrc.builtin.in # Version: jq '.version' deps/cjs-module-lexer/package.json # Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz # Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm +# wasi-sdk version can be found in Makefile +# https://github.com/nodejs/cjs-module-lexer/blob/1.2.2/Makefile Source101: cjs-module-lexer-1.2.2.tar.gz # The WASM blob was made using wasi-sdk v11; compiler libraries are linked in. # Version source: Makefile Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz -# Adjustments: rm -f undici-5.28.3/lib/llhttp/llhttp*.wasm +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.5.tar.gz +# Adjustments: rm -f undici-5.28.5/lib/llhttp/llhttp*.wasm # Build uses alpine image, see alpine for sources for wasi-sdk -Source111: undici-5.28.4.tar.gz +Source111: undici-5.28.5.tar.gz # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch @@ -463,7 +462,7 @@ make BUILDTYPE=Release %{?_smp_mflags} # Extract the ICU data and convert it to the appropriate endianness pushd deps/ -tar xfz %{SOURCE3} +tar -xzf %{SOURCE3} pushd icu/source @@ -739,6 +738,11 @@ end %changelog +* Fri Feb 07 2025 Andrei Radchenko - 1:18.20.6-1 +- Update to version 18.20.6 + Resolves: RHEL-78326 + Fixes: CVE-2025-23085 CVE-2025-22150 + * Mon Aug 05 2024 Honza Horak - 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 @@ -1150,3 +1154,4 @@ end - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 +