import UBI nodejs-18.17.1-1.module+el9.2.0.z+19753+58118bc0

.gitignore

@@ -1,6 +1,5 @@
 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-SOURCES/icu4c-72_1-src.tgz
-SOURCES/node-v18.16.1-stripped.tar.gz
-SOURCES/undici-5.21.0.tar.gz
+SOURCES/icu4c-73_1-src.zip
+SOURCES/node-v18.17.1-stripped.tar.gz
+SOURCES/undici-5.22.1.tar.gz
 SOURCES/wasi-sdk-11.0-linux.tar.gz
-SOURCES/wasi-sdk-14.0-linux.tar.gz

.nodejs.metadata

@@ -1,6 +1,5 @@
 b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-a97546f0119c37a3526143bc29fb573a4417ff84 SOURCES/icu4c-72_1-src.tgz
-e5c7cb54ade307bf4fb282796322bf65be20a5c7 SOURCES/node-v18.16.1-stripped.tar.gz
-a3c9593ddf15f83a48135641b1985adad4f2a669 SOURCES/undici-5.21.0.tar.gz
+7ef13722e78a6a7eeda293e3bccc006651d50d83 SOURCES/icu4c-73_1-src.zip
+0638f527de54888935ae3ef469eb1f01cf3d3475 SOURCES/node-v18.17.1-stripped.tar.gz
+bcb2ceaa999c98df652d4fd5e571294cd560013b SOURCES/undici-5.22.1.tar.gz
 ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz
-c29e21be754c26cac4bf99848c5b1f4e8564e248 SOURCES/wasi-sdk-14.0-linux.tar.gz

SOURCES/nodejs-tarball.sh

@@ -120,10 +120,10 @@ rm -rf node-v${version}/deps/openssl
 tar -zcf node-v${version}-stripped.tar.gz node-v${version}
 
 # Download the matching version of ICU
-rm -f icu4c*-src.tgz icu.md5
+rm -f icu4c*-src.zip icu.md5
 ICUMD5=$(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].md5')
 wget $(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].url')
-ICUTARBALL=$(ls -1 icu4c*-src.tgz)
+ICUTARBALL=$(ls -1 icu4c*-src.zip)
 echo "$ICUMD5  $ICUTARBALL" > icu.md5
 md5sum -c icu.md5
 rm -f icu.md5 SHASUMS256.txt

SPECS/nodejs.spec

@@ -29,7 +29,7 @@
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 2
+%global baserelease 1
 
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
 
@@ -40,7 +40,7 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 18
-%global nodejs_minor 16
+%global nodejs_minor 17
 %global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
@@ -89,7 +89,7 @@
 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
 
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 72
+%global icu_major 73
 %global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 
@@ -110,11 +110,11 @@
 # simduft from deps/simdutf/simdutf.h
 %global simduft_major 3
 %global simduft_minor 2
-%global simduft_patch 2
+%global simduft_patch 12
 %global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch}
 
 # ada from deps/ada/ada.h
-%global ada_version 1.0.4
+%global ada_version 2.5.0
 
 # OpenSSL minimum version
 %global openssl_minimum 1:1.1.1
@@ -126,7 +126,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 9.5.1
+%global npm_version 9.6.7
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -135,7 +135,7 @@
 %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_version 0.0.15
+%global uvwasi_version 0.0.18
 
 # histogram_c - assumed from timestamps
 %global histogram_version 0.11.2
@@ -157,7 +157,7 @@ ExclusiveArch: %{nodejs_arches}
 Source0: node-v%{nodejs_version}-stripped.tar.gz
 Source1: npmrc
 Source2: btest402.js
-Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz
+Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.zip
 Source100: %{name}-tarball.sh
 
 # The native module Requires generator remains in the nodejs SRPM, so it knows
@@ -181,12 +181,10 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
 Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
 
 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.21.0.tar.gz
-# Adjustments: rm -f undici-5.20.0/lib/llhttp/llhttp*.wasm
-# wasi-sdk version can be found in Dockerfile
-# https://github.com/nodejs/undici/blob/v5.21.0/build/Dockerfile
-Source102: undici-5.21.0.tar.gz
-Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-14.0-linux.tar.gz
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.22.1.tar.gz
+# Adjustments: rm -f undici-5.22.1/lib/llhttp/llhttp*.wasm
+# Build uses alpine image, see alpine for sources for wasi-sdk
+Source102: undici-5.22.1.tar.gz
 
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
@@ -426,7 +424,7 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl
 export LDFLAGS="%{build_ldflags}"
 
 %{__python3} configure.py --prefix=%{_prefix} --verbose \
-           --shared-openssl \
+           --shared-openssl --openssl-conf-name=openssl_conf \
            --shared-zlib \
            --shared-brotli \
            %{!?with_bundled:--shared-libuv} \
@@ -442,7 +440,7 @@ make BUILDTYPE=Release %{?_smp_mflags}
 
 # Extract the ICU data and convert it to the appropriate endianness
 pushd deps/
-tar xfz %SOURCE3
+unzip -a %{SOURCE3}
 
 pushd icu/source
 
@@ -630,6 +628,13 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod
 
 
 %changelog
+* Wed Aug 23 2023 Jan Staněk <jstanek@redhat.com> - 1:18.17.1-1
+- Rebase to version 18.17.1
+  Resolves: rhbz#2228940
+  Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559
+- Specify proper OpenSSL configuration section build
+  Related: rhbz#2226726
+
 * Mon Jul 31 2023 Honza Horak <hhorak@redhat.com> - 1:18.16.1-2
 - Fix segfault that happens when processing fips-related options
   Resolves: BZ#2226726