diff --git a/.gitignore b/.gitignore index ad5e8b1..f1ac6cf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,5 @@ SOURCES/cjs-module-lexer-1.2.2.tar.gz -SOURCES/icu4c-72_1-src.tgz -SOURCES/node-v18.16.1-stripped.tar.gz -SOURCES/undici-5.21.0.tar.gz +SOURCES/icu4c-73_1-src.zip +SOURCES/node-v18.17.1-stripped.tar.gz +SOURCES/undici-5.22.1.tar.gz SOURCES/wasi-sdk-11.0-linux.tar.gz -SOURCES/wasi-sdk-14.0-linux.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index bd98761..b834780 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,6 +1,5 @@ b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz -a97546f0119c37a3526143bc29fb573a4417ff84 SOURCES/icu4c-72_1-src.tgz -e5c7cb54ade307bf4fb282796322bf65be20a5c7 SOURCES/node-v18.16.1-stripped.tar.gz -a3c9593ddf15f83a48135641b1985adad4f2a669 SOURCES/undici-5.21.0.tar.gz +7ef13722e78a6a7eeda293e3bccc006651d50d83 SOURCES/icu4c-73_1-src.zip +0638f527de54888935ae3ef469eb1f01cf3d3475 SOURCES/node-v18.17.1-stripped.tar.gz +bcb2ceaa999c98df652d4fd5e571294cd560013b SOURCES/undici-5.22.1.tar.gz ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz -c29e21be754c26cac4bf99848c5b1f4e8564e248 SOURCES/wasi-sdk-14.0-linux.tar.gz diff --git a/SOURCES/nodejs-tarball.sh b/SOURCES/nodejs-tarball.sh index f59d5c2..6a94b29 100755 --- a/SOURCES/nodejs-tarball.sh +++ b/SOURCES/nodejs-tarball.sh @@ -120,10 +120,10 @@ rm -rf node-v${version}/deps/openssl tar -zcf node-v${version}-stripped.tar.gz node-v${version} # Download the matching version of ICU -rm -f icu4c*-src.tgz icu.md5 +rm -f icu4c*-src.zip icu.md5 ICUMD5=$(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].md5') wget $(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].url') -ICUTARBALL=$(ls -1 icu4c*-src.tgz) +ICUTARBALL=$(ls -1 icu4c*-src.zip) echo "$ICUMD5 $ICUTARBALL" > icu.md5 md5sum -c icu.md5 rm -f icu.md5 SHASUMS256.txt diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 98d88c5..9ce2364 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -29,7 +29,7 @@ # This is used by both the nodejs package and the npm subpackage that # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. -%global baserelease 2 +%global baserelease 1 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -40,7 +40,7 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 18 -%global nodejs_minor 16 +%global nodejs_minor 17 %global nodejs_patch 1 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h @@ -89,7 +89,7 @@ %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch} # ICU - from tools/icu/current_ver.dep -%global icu_major 72 +%global icu_major 73 %global icu_minor 1 %global icu_version %{icu_major}.%{icu_minor} @@ -110,11 +110,11 @@ # simduft from deps/simdutf/simdutf.h %global simduft_major 3 %global simduft_minor 2 -%global simduft_patch 2 +%global simduft_patch 12 %global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch} # ada from deps/ada/ada.h -%global ada_version 1.0.4 +%global ada_version 2.5.0 # OpenSSL minimum version %global openssl_minimum 1:1.1.1 @@ -126,7 +126,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 9.5.1 +%global npm_version 9.6.7 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -135,7 +135,7 @@ %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} # uvwasi - from deps/uvwasi/include/uvwasi.h -%global uvwasi_version 0.0.15 +%global uvwasi_version 0.0.18 # histogram_c - assumed from timestamps %global histogram_version 0.11.2 @@ -157,7 +157,7 @@ ExclusiveArch: %{nodejs_arches} Source0: node-v%{nodejs_version}-stripped.tar.gz Source1: npmrc Source2: btest402.js -Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz +Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.zip Source100: %{name}-tarball.sh # The native module Requires generator remains in the nodejs SRPM, so it knows @@ -181,12 +181,10 @@ Source101: cjs-module-lexer-1.2.2.tar.gz Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.21.0.tar.gz -# Adjustments: rm -f undici-5.20.0/lib/llhttp/llhttp*.wasm -# wasi-sdk version can be found in Dockerfile -# https://github.com/nodejs/undici/blob/v5.21.0/build/Dockerfile -Source102: undici-5.21.0.tar.gz -Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-14.0-linux.tar.gz +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.22.1.tar.gz +# Adjustments: rm -f undici-5.22.1/lib/llhttp/llhttp*.wasm +# Build uses alpine image, see alpine for sources for wasi-sdk +Source102: undici-5.22.1.tar.gz # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch @@ -426,7 +424,7 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl export LDFLAGS="%{build_ldflags}" %{__python3} configure.py --prefix=%{_prefix} --verbose \ - --shared-openssl \ + --shared-openssl --openssl-conf-name=openssl_conf \ --shared-zlib \ --shared-brotli \ %{!?with_bundled:--shared-libuv} \ @@ -442,7 +440,7 @@ make BUILDTYPE=Release %{?_smp_mflags} # Extract the ICU data and convert it to the appropriate endianness pushd deps/ -tar xfz %SOURCE3 +unzip -a %{SOURCE3} pushd icu/source @@ -630,6 +628,13 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod %changelog +* Wed Aug 23 2023 Jan Staněk - 1:18.17.1-1 +- Rebase to version 18.17.1 + Resolves: rhbz#2228940 + Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 +- Specify proper OpenSSL configuration section build + Related: rhbz#2226726 + * Mon Jul 31 2023 Honza Horak - 1:18.16.1-2 - Fix segfault that happens when processing fips-related options Resolves: BZ#2226726