import UBI nodejs-20.16.0-1.module+el8.10.0+22203+a88c8310

This commit is contained in:
eabdullin 2024-08-26 12:15:46 +00:00
parent 72eb1c04a1
commit c0f54951f0
8 changed files with 163 additions and 257 deletions

6
.gitignore vendored
View File

@ -1,6 +1,6 @@
SOURCES/cjs-module-lexer-1.2.2.tar.gz
SOURCES/icu4c-74_2-src.tgz
SOURCES/node-v20.12.2-stripped.tar.gz
SOURCES/undici-5.28.4.tar.gz
SOURCES/icu4c-75_1-src.tgz
SOURCES/node-v20.16.0-stripped.tar.gz
SOURCES/undici-6.19.2.tar.gz
SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
SOURCES/wasi-sdk-wasi-sdk-16.tar.gz

View File

@ -1,6 +1,6 @@
164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz
43a8d688a3a6bc8f0f8c5e699d0ef7a905d24314 SOURCES/icu4c-74_2-src.tgz
f25c352600b72849a7241017ffc64bb0fe339d4d SOURCES/node-v20.12.2-stripped.tar.gz
2be9cb115c2832e1fda9e730fa92e0bf725b6f3d SOURCES/undici-5.28.4.tar.gz
da3614aa496c5f0fde12f7aa155f235b5e239f1b SOURCES/icu4c-75_1-src.tgz
f5c3411098f91526d7ce14b14b080e368510ae93 SOURCES/node-v20.16.0-stripped.tar.gz
0653ac16ef498878fffefea0fa1f7e870cdfc249 SOURCES/undici-6.19.2.tar.gz
8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-wasi-sdk-16.tar.gz

View File

@ -0,0 +1,57 @@
gcc available in RHEL-8 does not know -mbranch-protection option and since
it was introduced for cross-compilation purposes in nodejs upstream, it seems
to be save to revert the upstream patch.
Revert "build: fix arm64 cross-compilation bug on non-arm machines"
This reverts upstream commit 6826bbf26755b144a478e51fd0a7dc83aa0c65b8.
Revert "build: fix arm64 cross-compilation"
This reverts upstream commit 297368a1edc48d2bedc58c75f1857276bdcdd578.
---
configure.py | 2 ++
node.gyp | 15 ---------------
2 files changed, 2 insertions(+), 15 deletions(-)
diff --git a/configure.py b/configure.py
index f189ba2bf09..9b2d993bb32 100755
--- a/configure.py
+++ b/configure.py
@@ -1344,7 +1344,9 @@ def configure_node(o):
o['variables']['want_separate_host_toolset'] = int(cross_compiling)
+ # Enable branch protection for arm64
if target_arch == 'arm64':
+ o['cflags']+=['-msign-return-address=all']
o['variables']['arm_fpu'] = options.arm_fpu or 'neon'
if options.node_snapshot_main is not None:
diff --git a/node.gyp b/node.gyp
index ff59af6ff76..7d9ec812917 100644
--- a/node.gyp
+++ b/node.gyp
@@ -468,21 +468,6 @@
},
'conditions': [
- # Pointer authentication for ARM64.
- ['target_arch=="arm64"', {
- 'target_conditions': [
- ['_toolset=="host"', {
- 'conditions': [
- ['host_arch=="arm64"', {
- 'cflags': ['-mbranch-protection=standard'],
- }],
- ],
- }],
- ['_toolset=="target"', {
- 'cflags': ['-mbranch-protection=standard'],
- }],
- ],
- }],
['OS in "aix os400"', {
'ldflags': [
'-Wl,-bnoerrmsg',
--
2.45.2

View File

@ -13,7 +13,6 @@ are similarly disabled.
Upstream report: https://github.com/nodejs/node/pull/48950
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
Customer case: https://access.redhat.com/support/cases/#/case/03711488
Signed-off-by: rpm-build <rpm-build>
---
@ -51,9 +50,8 @@ index 1216f3a..fbfcb26 100644
if (val) return;
throw new ERR_CRYPTO_FIPS_FORCED();
diff --git a/lib/internal/errors.js b/lib/internal/errors.js
index def4949..580ca7a 100644
--- a/lib/internal/errors.js
+++ b/lib/internal/errors.js
--- a/lib/internal/errors.js.patch0002 2024-08-07 15:29:09.366357433 +0200
+++ b/lib/internal/errors.js 2024-08-07 15:29:14.392366591 +0200
@@ -1112,6 +1112,12 @@ module.exports = {
//
// Note: Node.js specific errors must begin with the prefix ERR_
@ -65,8 +63,8 @@ index def4949..580ca7a 100644
+ Error);
+
E('ERR_ACCESS_DENIED',
'Access to this API has been restricted. Permission: %s',
Error);
function(msg, permission = '', resource = '') {
this.permission = permission;
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
index 5734d8f..ef9d1b1 100644
--- a/src/crypto/crypto_util.cc

View File

@ -1,107 +0,0 @@
From d9a06fe94439d9f103aeffe597441c0a2c0a4eb3 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:26:42 +0900
Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame
Signed-off-by: rpm-build <rpm-build>
---
deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 7 ++++++-
deps/nghttp2/lib/nghttp2_helper.c | 2 ++
deps/nghttp2/lib/nghttp2_session.c | 7 +++++++
deps/nghttp2/lib/nghttp2_session.h | 10 ++++++++++
4 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
index 8891760..a9629c7 100644
--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
@@ -466,7 +466,12 @@ typedef enum {
* exhaustion on server side to send these frames forever and does
* not read network.
*/
- NGHTTP2_ERR_FLOODED = -904
+ NGHTTP2_ERR_FLOODED = -904,
+ /**
+ * When a local endpoint receives too many CONTINUATION frames
+ * following a HEADER frame.
+ */
+ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
} nghttp2_error;
/**
diff --git a/deps/nghttp2/lib/nghttp2_helper.c b/deps/nghttp2/lib/nghttp2_helper.c
index 93dd475..b3563d9 100644
--- a/deps/nghttp2/lib/nghttp2_helper.c
+++ b/deps/nghttp2/lib/nghttp2_helper.c
@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) {
"closed";
case NGHTTP2_ERR_TOO_MANY_SETTINGS:
return "SETTINGS frame contained more than the maximum allowed entries";
+ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
+ return "Too many CONTINUATION frames following a HEADER frame";
default:
return "Unknown error code";
}
diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
index 226cdd5..e343365 100644
--- a/deps/nghttp2/lib/nghttp2_session.c
+++ b/deps/nghttp2/lib/nghttp2_session.c
@@ -497,6 +497,7 @@ static int session_new(nghttp2_session **session_ptr,
(*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
(*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
(*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
+ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
if (option) {
if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
@@ -6812,6 +6813,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
}
}
session_inbound_frame_reset(session);
+
+ session->num_continuations = 0;
}
break;
}
@@ -6933,6 +6936,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
}
#endif /* DEBUGBUILD */
+ if (++session->num_continuations > session->max_continuations) {
+ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
+ }
+
readlen = inbound_frame_buf_read(iframe, in, last);
in += readlen;
diff --git a/deps/nghttp2/lib/nghttp2_session.h b/deps/nghttp2/lib/nghttp2_session.h
index b119329..ef8f7b2 100644
--- a/deps/nghttp2/lib/nghttp2_session.h
+++ b/deps/nghttp2/lib/nghttp2_session.h
@@ -110,6 +110,10 @@ typedef struct {
#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
+/* The default max number of CONTINUATION frames following an incoming
+ HEADER frame. */
+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
+
/* Internal state when receiving incoming frame */
typedef enum {
/* Receiving frame header */
@@ -290,6 +294,12 @@ struct nghttp2_session {
size_t max_send_header_block_length;
/* The maximum number of settings accepted per SETTINGS frame. */
size_t max_settings;
+ /* The maximum number of CONTINUATION frames following an incoming
+ HEADER frame. */
+ size_t max_continuations;
+ /* The number of CONTINUATION frames following an incoming HEADER
+ frame. This variable is reset when END_HEADERS flag is seen. */
+ size_t num_continuations;
/* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
uint32_t next_stream_id;
/* The last stream ID this session initiated. For client session,
--
2.44.0

View File

@ -1,89 +0,0 @@
From ca0a0b02da4db1d65eca8169c6e27bb635924dfb Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:48:10 +0900
Subject: [PATCH] Add nghttp2_option_set_max_continuations
Signed-off-by: rpm-build <rpm-build>
---
deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
deps/nghttp2/lib/nghttp2_option.c | 5 +++++
deps/nghttp2/lib/nghttp2_option.h | 5 +++++
deps/nghttp2/lib/nghttp2_session.c | 4 ++++
4 files changed, 25 insertions(+)
diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
index a9629c7..92c3ccc 100644
--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
@@ -3210,6 +3210,17 @@ NGHTTP2_EXTERN void
nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
uint64_t burst, uint64_t rate);
+/**
+ * @function
+ *
+ * This function sets the maximum number of CONTINUATION frames
+ * following an incoming HEADER frame. If more than those frames are
+ * received, the remote endpoint is considered to be misbehaving and
+ * session will be closed. The default value is 8.
+ */
+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
+ size_t val);
+
/**
* @function
*
diff --git a/deps/nghttp2/lib/nghttp2_option.c b/deps/nghttp2/lib/nghttp2_option.c
index 43d4e95..53144b9 100644
--- a/deps/nghttp2/lib/nghttp2_option.c
+++ b/deps/nghttp2/lib/nghttp2_option.c
@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
option->stream_reset_burst = burst;
option->stream_reset_rate = rate;
}
+
+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
+ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
+ option->max_continuations = val;
+}
diff --git a/deps/nghttp2/lib/nghttp2_option.h b/deps/nghttp2/lib/nghttp2_option.h
index 2259e18..c89cb97 100644
--- a/deps/nghttp2/lib/nghttp2_option.h
+++ b/deps/nghttp2/lib/nghttp2_option.h
@@ -71,6 +71,7 @@ typedef enum {
NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
+ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
} nghttp2_option_flag;
/**
@@ -98,6 +99,10 @@ struct nghttp2_option {
* NGHTTP2_OPT_MAX_SETTINGS
*/
size_t max_settings;
+ /**
+ * NGHTTP2_OPT_MAX_CONTINUATIONS
+ */
+ size_t max_continuations;
/**
* Bitwise OR of nghttp2_option_flag to determine that which fields
* are specified.
diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
index e343365..555032d 100644
--- a/deps/nghttp2/lib/nghttp2_session.c
+++ b/deps/nghttp2/lib/nghttp2_session.c
@@ -586,6 +586,10 @@ static int session_new(nghttp2_session **session_ptr,
option->stream_reset_burst,
option->stream_reset_rate);
}
+
+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
+ (*session_ptr)->max_continuations = option->max_continuations;
+ }
}
rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
--
2.44.0

View File

@ -135,67 +135,109 @@ rm -f node-v${version}.tar.gz
set +e
# Determine the bundled versions of the various packages
echo "Included software versions"
echo "-------------------------"
echo
echo "Node.js version"
echo "========================="
echo "${version}"
echo
echo "Bundled software versions"
echo "-------------------------"
echo
echo "libnode shared object version"
echo "libnode shared object version (nodejs_soversion)"
echo "========================="
grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h
NODE_SOVERSION=$(grep -oP '(?<=#define NODE_MODULE_VERSION )\d+' node-v${version}/src/node_version.h)
echo "${NODE_SOVERSION}"
echo
echo "V8"
echo "========================="
grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h
V8_MAJOR=$(grep -oP '(?<=#define V8_MAJOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
V8_MINOR=$(grep -oP '(?<=#define V8_MINOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
V8_BUILD=$(grep -oP '(?<=#define V8_BUILD_NUMBER )\d+' node-v${version}/deps/v8/include/v8-version.h)
V8_PATCH=$(grep -oP '(?<=#define V8_PATCH_LEVEL )\d+' node-v${version}/deps/v8/include/v8-version.h)
echo "${V8_MAJOR}.${V8_MINOR}.${V8_BUILD}.${V8_PATCH}"
echo
echo "c-ares"
echo "========================="
grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h
grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
C_ARES_VERSION=$(grep -oP '(?<=#define ARES_VERSION_STR ).*\"' node-v${version}/deps/cares/include/ares_version.h |sed -e 's/^"//' -e 's/"$//')
echo $C_ARES_VERSION
echo
echo "llhttp"
echo "========================="
grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
LLHTTP_MAJOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MAJOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
LLHTTP_MINOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MINOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
LLHTTP_PATCH=$(grep -oP '(?<=#define LLHTTP_VERSION_PATCH )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
LLHTTP_VERSION="${LLHTTP_MAJOR}.${LLHTTP_MINOR}.${LLHTTP_PATCH}"
echo $LLHTTP_VERSION
echo
echo "libuv"
echo "========================="
grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h
grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h
grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h
UV_MAJOR=$(grep -oP '(?<=#define UV_VERSION_MAJOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
UV_MINOR=$(grep -oP '(?<=#define UV_VERSION_MINOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
UV_PATCH=$(grep -oP '(?<=#define UV_VERSION_PATCH )\d+' node-v${version}/deps/uv/include/uv/version.h)
LIBUV_VERSION="${UV_MAJOR}.${UV_MINOR}.${UV_PATCH}"
echo $LIBUV_VERSION
echo
echo "nghttp2"
echo "========================="
grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
NGHTTP2_VERSION=$(grep -oP '(?<=#define NGHTTP2_VERSION ).*\"' node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h |sed -e 's/^"//' -e 's/"$//')
echo $NGHTTP2_VERSION
echo
echo "nghttp3"
echo "========================="
grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
NGHTTP3_VERSION=$(grep -oP '(?<=#define NGHTTP3_VERSION ).*\"' node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h |sed -e 's/^"//' -e 's/"$//')
echo $NGHTTP3_VERSION
echo
echo "ngtcp2"
echo "========================="
grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
NGTCP2_VERSION=$(grep -oP '(?<=#define NGTCP2_VERSION ).*\"' node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h |sed -e 's/^"//' -e 's/"$//')
echo $NGTCP2_VERSION
echo
echo "ICU"
echo "========================="
grep "url" node-v${version}/tools/icu/current_ver.dep
ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g')
ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g')
echo "${ICU_MAJOR}.${ICU_MINOR}"
echo
echo "simdutf"
echo "========================="
SIMDUTF_VERSION=$(grep -oP '(?<=#define SIMDUTF_VERSION ).*\"' node-v${version}/deps/simdutf/simdutf.h |sed -e 's/^"//' -e 's/"$//')
echo $SIMDUTF_VERSION
echo
echo "ada"
echo "========================="
ADA_VERSION=$(grep -osP '(?<=#define ADA_VERSION ).*\"' node-v${version}/deps/ada/ada.h |sed -e 's/^"//' -e 's/"$//')
ADA_VERSION=${ADA_VERSION:-0}
echo "${ADA_VERSION}"
echo
echo "punycode"
echo "========================="
grep "'version'" node-v${version}/lib/punycode.js
echo
echo "uvwasi"
echo "========================="
grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
PUNYCODE_VERSION=$(grep -oP "'version': '\K[^']+" ./node-v${version}/lib/punycode.js)
echo $PUNYCODE_VERSION
echo
echo "npm"
echo "========================="
grep "\"version\":" node-v${version}/deps/npm/package.json
NPM_VERSION=$(jq -r .version ./node-v${version}/deps/npm/package.json)
echo $NPM_VERSION
echo
echo "corepack"
echo "========================="
COREPACK_VERSION=$(jq -r .version ./node-v${version}/deps/corepack/package.json)
echo $COREPACK_VERSION
echo
echo "uvwasi"
echo "========================="
UVWASI_MAJOR=$(grep -oP '(?<=#define UVWASI_VERSION_MAJOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
UVWASI_MINOR=$(grep -oP '(?<=#define UVWASI_VERSION_MINOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
UVWASI_PATCH=$(grep -oP '(?<=#define UVWASI_VERSION_PATCH )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
UVWASI_VERSION="${UVWASI_MAJOR}.${UVWASI_MINOR}.${UVWASI_PATCH}"
echo $UVWASI_VERSION
echo
echo "histogram_c"
echo "========================="
HISTOGRAM_VERSION=$(grep -oP '(?<=#define HDR_HISTOGRAM_VERSION ).*\"' node-v${version}/deps/histogram/include/hdr/hdr_histogram_version.h|sed -e 's/^"//' -e 's/"$//')
echo $HISTOGRAM_VERSION
echo
echo "Make sure these versions match what is in the RPM spec file"

View File

@ -33,7 +33,7 @@
# This is used by both the nodejs package and the npm subpackage that
# has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end.
%global baserelease 2
%global baserelease 1
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -44,8 +44,8 @@
# than a Fedora release lifecycle.
%global nodejs_epoch 1
%global nodejs_major 20
%global nodejs_minor 12
%global nodejs_patch 2
%global nodejs_minor 16
%global nodejs_patch 0
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
%global nodejs_soversion 115
@ -69,7 +69,7 @@
# c-ares - from deps/cares/include/ares_version.h
# https://github.com/nodejs/node/pull/9332
%global c_ares_version 1.27.0
%global c_ares_version 1.31.0
# llhttp - from deps/llhttp/include/llhttp.h
%global llhttp_version 8.1.2
@ -78,17 +78,17 @@
%global libuv_version 1.46.0
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
%global nghttp2_version 1.60.0
%global nghttp2_version 1.61.0
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
%global nghttp3_version 0.7.0
# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
%global ngtcp2_version 0.8.1
%global ngtcp2_version 1.1.0
# ICU - from tools/icu/current_ver.dep
%global icu_major 74
%global icu_minor 2
%global icu_major 75
%global icu_minor 1
%global icu_version %{icu_major}.%{icu_minor}
%global icudatadir %{nodejs_datadir}/icudata
@ -106,10 +106,10 @@
%endif
# simduft from deps/simdutf/simdutf.h
%global simduft_version 4.0.8
%global simduft_version 5.2.8
# ada from deps/ada/ada.h
%global ada_version 2.7.6
%global ada_version 2.8.0
# OpenSSL minimum version
%global openssl_minimum 1:1.1.1
@ -122,7 +122,7 @@
# npm - from deps/npm/package.json
%global npm_epoch 1
%global npm_version 10.5.0
%global npm_version 10.8.1
# In order to avoid needing to keep incrementing the release version for the
# main package forever, we will just construct one for npm that is guaranteed
@ -132,10 +132,10 @@
# Node.js 16.9.1 and later comes with an experimental package management tool
# corepack - from deps/corepack/package.json
%global corepack_version 0.25.2
%global corepack_version 0.28.1
# uvwasi - from deps/uvwasi/include/uvwasi.h
%global uvwasi_version 0.0.20
%global uvwasi_version 0.0.21
# histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h
%global histogram_version 0.11.8
@ -181,9 +181,10 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
# Version: jq '.version' deps/undici/src/package.json
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz
# Adjustments: rm -f undici-5.28.4/lib/llhttp/llhttp*.wasm*
Source111: undici-5.28.4.tar.gz
# Original: https://github.com/nodejs/undici/archive/refs/tags/v6.13.0.tar.gz
# Adjustments: rm -f undici-6.13.0/lib/llhttp/llhttp*.wasm
# wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt
Source111: undici-6.19.2.tar.gz
# The WASM blob was made using wasi-sdk v16; compiler libraries are linked in.
# Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt
# Also check (undici tarball): lib/llhttp/wasm_build_env.txt
@ -192,8 +193,7 @@ Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk-
# Disable running gyp on bundled deps we don't use
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
Patch2: 0002-Disable-FIPS-options.patch
Patch3: 0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch
Patch4: 0004-Add-nghttp2_option_set_max_continuations.patch
Patch3: 0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch
BuildRequires: make
BuildRequires: python3-devel
@ -724,21 +724,26 @@ end
%changelog
* Mon Aug 05 2024 Honza Horak <hhorak@redhat.com> - 1:20.16.0-1
- Update to 20.16.0
Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020
* Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-2
- Backport nghttp2 patch for CVE-2024-28182
* Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-1
- Rebase to version 20.12.0
Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node)
Fixes: CVE-2024-25629 (c-ares)
Addresses CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node)
Addresses CVE-2024-25629 (c-ares)
* Wed Feb 21 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.1-1
- Rebase to version 20.11.1
- Resolves: RHEL-26017 RHEL-26266 RHEL-26685 RHEL-26686 RHEL-26004 RHEL-26596 RHEL-26688
- Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high)
- Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium)
* Fri Jan 19 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.0-1
- Rebase to version 20.11.0
- Resolves: RHEL-21435
- Resolves: RHEL-21434
* Thu Nov 09 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:20.9.0-1
- Rebase to LTS