rpms/nodejs
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI nodejs-20.12.2-2.module+el9.4.0+21731+46b5b8a7

Browse Source
This commit is contained in:
eabdullin 2024-05-15 15:13:12 +00:00
parent 0057e6dce1
commit f57cb77aea
8 changed files with 314 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitignore vendored
View File

@ -1,6 +1,6 @@
SOURCES/cjs-module-lexer-1.2.2.tar.gz SOURCES/cjs-module-lexer-1.2.2.tar.gz
SOURCES/icu4c-73_2-src.tgz SOURCES/icu4c-74_2-src.tgz
SOURCES/node-v20.11.1-stripped.tar.gz SOURCES/node-v20.12.2-stripped.tar.gz
SOURCES/undici-5.28.3.tar.gz SOURCES/undici-5.28.4.tar.gz
SOURCES/wasi-sdk-11.0-linux.tar.gz SOURCES/wasi-sdk-11.0-linux.tar.gz
SOURCES/wasi-sdk-16.0-linux.tar.gz SOURCES/wasi-sdk-16.0-linux.tar.gz

8
.nodejs.metadata
View File

@ -1,6 +1,6 @@
b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz 164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz
3d94969b097189bf5479c312d9593d2d252f5a73 SOURCES/icu4c-73_2-src.tgz 43a8d688a3a6bc8f0f8c5e699d0ef7a905d24314 SOURCES/icu4c-74_2-src.tgz
59aed60100c3d6373c218378ccc8e03eb26cc1e5 SOURCES/node-v20.11.1-stripped.tar.gz f25c352600b72849a7241017ffc64bb0fe339d4d SOURCES/node-v20.12.2-stripped.tar.gz
b598f79f4706fe75c31ff2a214e50acc04c4725a SOURCES/undici-5.28.3.tar.gz 2be9cb115c2832e1fda9e730fa92e0bf725b6f3d SOURCES/undici-5.28.4.tar.gz
ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz
fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-16.0-linux.tar.gz fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-16.0-linux.tar.gz

10
SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
View File

@ -1,4 +1,4 @@
From c73e0892eb1d0aa2df805618c019dc5c96b79705 Mon Sep 17 00:00:00 2001 From 2da7f25d9311bdea702b4b435830c02ce78b3ab9 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build> From: rpm-build <rpm-build>
Date: Tue, 30 May 2023 13:12:35 +0200 Date: Tue, 30 May 2023 13:12:35 +0200
Subject: [PATCH] Disable running gyp on shared deps Subject: [PATCH] Disable running gyp on shared deps
@ -10,7 +10,7 @@ Signed-off-by: rpm-build <rpm-build>
2 files changed, 1 insertion(+), 18 deletions(-) 2 files changed, 1 insertion(+), 18 deletions(-)
diff --git a/Makefile b/Makefile diff --git a/Makefile b/Makefile
index 0be0659..3c44201 100644 index 7bd80d0..c43a50f 100644
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@@ -169,7 +169,7 @@ with-code-cache test-code-cache: @@ -169,7 +169,7 @@ with-code-cache test-code-cache:
@ -23,10 +23,10 @@ index 0be0659..3c44201 100644
tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \ tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
diff --git a/node.gyp b/node.gyp diff --git a/node.gyp b/node.gyp
index cf52281..c33b57b 100644 index 4aac640..aa0ba88 100644
--- a/node.gyp --- a/node.gyp
+++ b/node.gyp +++ b/node.gyp
@@ -430,23 +430,6 @@ @@ -775,23 +775,6 @@
], ],
}, },
], ],
@ -51,5 +51,5 @@ index cf52281..c33b57b 100644
], ],
}, # node_core_target_name }, # node_core_target_name
-- --
2.41.0 2.44.0

14
SOURCES/nodejs-fips-disable-options.patch → SOURCES/0002-Disable-FIPS-options.patch
View File

@ -1,4 +1,4 @@
From 98738d27288bd9ca634e29181ef665e812e7bbd3 Mon Sep 17 00:00:00 2001 From 4caaf9c19d3c058f5b89ecd9fc721ee49370651a Mon Sep 17 00:00:00 2001
From: Michael Dawson <midawson@redhat.com> From: Michael Dawson <midawson@redhat.com>
Date: Fri, 23 Feb 2024 13:43:56 +0100 Date: Fri, 23 Feb 2024 13:43:56 +0100
Subject: [PATCH] Disable FIPS options Subject: [PATCH] Disable FIPS options
@ -13,7 +13,6 @@ are similarly disabled.
Upstream report: https://github.com/nodejs/node/pull/48950 Upstream report: https://github.com/nodejs/node/pull/48950
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726 RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
Customer case: https://access.redhat.com/support/cases/#/case/03711488
Signed-off-by: rpm-build <rpm-build> Signed-off-by: rpm-build <rpm-build>
--- ---
@ -23,7 +22,7 @@ Signed-off-by: rpm-build <rpm-build>
3 files changed, 18 insertions(+) 3 files changed, 18 insertions(+)
diff --git a/lib/crypto.js b/lib/crypto.js diff --git a/lib/crypto.js b/lib/crypto.js
index 41adecc..b2627ac 100644 index 1216f3a..fbfcb26 100644
--- a/lib/crypto.js --- a/lib/crypto.js
+++ b/lib/crypto.js +++ b/lib/crypto.js
@@ -36,6 +36,9 @@ const { @@ -36,6 +36,9 @@ const {
@ -36,7 +35,7 @@ index 41adecc..b2627ac 100644
ERR_CRYPTO_FIPS_FORCED, ERR_CRYPTO_FIPS_FORCED,
ERR_WORKER_UNSUPPORTED_OPERATION, ERR_WORKER_UNSUPPORTED_OPERATION,
} = require('internal/errors').codes; } = require('internal/errors').codes;
@@ -251,6 +254,13 @@ function getFips() { @@ -253,6 +256,13 @@ function getFips() {
} }
function setFips(val) { function setFips(val) {
@ -51,10 +50,10 @@ index 41adecc..b2627ac 100644
if (val) return; if (val) return;
throw new ERR_CRYPTO_FIPS_FORCED(); throw new ERR_CRYPTO_FIPS_FORCED();
diff --git a/lib/internal/errors.js b/lib/internal/errors.js diff --git a/lib/internal/errors.js b/lib/internal/errors.js
index a722360..04d8a53 100644 index def4949..580ca7a 100644
--- a/lib/internal/errors.js --- a/lib/internal/errors.js
+++ b/lib/internal/errors.js +++ b/lib/internal/errors.js
@@ -1060,6 +1060,12 @@ module.exports = { @@ -1112,6 +1112,12 @@ module.exports = {
// //
// Note: Node.js specific errors must begin with the prefix ERR_ // Note: Node.js specific errors must begin with the prefix ERR_
@ -81,4 +80,5 @@ index 5734d8f..ef9d1b1 100644
OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips"); OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
if (fips_provider == nullptr) if (fips_provider == nullptr)
-- --
2.43.2 2.44.0

107
SOURCES/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch Normal file
View File

@ -0,0 +1,107 @@
From d9a06fe94439d9f103aeffe597441c0a2c0a4eb3 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:26:42 +0900
Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame
Signed-off-by: rpm-build <rpm-build>
---
deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 7 ++++++-
deps/nghttp2/lib/nghttp2_helper.c | 2 ++
deps/nghttp2/lib/nghttp2_session.c | 7 +++++++
deps/nghttp2/lib/nghttp2_session.h | 10 ++++++++++
4 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
index 8891760..a9629c7 100644
--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
@@ -466,7 +466,12 @@ typedef enum {
* exhaustion on server side to send these frames forever and does
* not read network.
*/
- NGHTTP2_ERR_FLOODED = -904
+ NGHTTP2_ERR_FLOODED = -904,
+ /**
+ * When a local endpoint receives too many CONTINUATION frames
+ * following a HEADER frame.
+ */
+ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
} nghttp2_error;
/**
diff --git a/deps/nghttp2/lib/nghttp2_helper.c b/deps/nghttp2/lib/nghttp2_helper.c
index 93dd475..b3563d9 100644
--- a/deps/nghttp2/lib/nghttp2_helper.c
+++ b/deps/nghttp2/lib/nghttp2_helper.c
@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) {
"closed";
case NGHTTP2_ERR_TOO_MANY_SETTINGS:
return "SETTINGS frame contained more than the maximum allowed entries";
+ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
+ return "Too many CONTINUATION frames following a HEADER frame";
default:
return "Unknown error code";
}
diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
index 226cdd5..e343365 100644
--- a/deps/nghttp2/lib/nghttp2_session.c
+++ b/deps/nghttp2/lib/nghttp2_session.c
@@ -497,6 +497,7 @@ static int session_new(nghttp2_session **session_ptr,
(*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
(*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
(*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
+ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
if (option) {
if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
@@ -6812,6 +6813,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
}
}
session_inbound_frame_reset(session);
+
+ session->num_continuations = 0;
}
break;
}
@@ -6933,6 +6936,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
}
#endif /* DEBUGBUILD */
+ if (++session->num_continuations > session->max_continuations) {
+ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
+ }
+
readlen = inbound_frame_buf_read(iframe, in, last);
in += readlen;
diff --git a/deps/nghttp2/lib/nghttp2_session.h b/deps/nghttp2/lib/nghttp2_session.h
index b119329..ef8f7b2 100644
--- a/deps/nghttp2/lib/nghttp2_session.h
+++ b/deps/nghttp2/lib/nghttp2_session.h
@@ -110,6 +110,10 @@ typedef struct {
#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
+/* The default max number of CONTINUATION frames following an incoming
+ HEADER frame. */
+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
+
/* Internal state when receiving incoming frame */
typedef enum {
/* Receiving frame header */
@@ -290,6 +294,12 @@ struct nghttp2_session {
size_t max_send_header_block_length;
/* The maximum number of settings accepted per SETTINGS frame. */
size_t max_settings;
+ /* The maximum number of CONTINUATION frames following an incoming
+ HEADER frame. */
+ size_t max_continuations;
+ /* The number of CONTINUATION frames following an incoming HEADER
+ frame. This variable is reset when END_HEADERS flag is seen. */
+ size_t num_continuations;
/* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
uint32_t next_stream_id;
/* The last stream ID this session initiated. For client session,
--
2.44.0

89
SOURCES/0004-Add-nghttp2_option_set_max_continuations.patch Normal file
View File

@ -0,0 +1,89 @@
From ca0a0b02da4db1d65eca8169c6e27bb635924dfb Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:48:10 +0900
Subject: [PATCH] Add nghttp2_option_set_max_continuations
Signed-off-by: rpm-build <rpm-build>
---
deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
deps/nghttp2/lib/nghttp2_option.c | 5 +++++
deps/nghttp2/lib/nghttp2_option.h | 5 +++++
deps/nghttp2/lib/nghttp2_session.c | 4 ++++
4 files changed, 25 insertions(+)
diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
index a9629c7..92c3ccc 100644
--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
@@ -3210,6 +3210,17 @@ NGHTTP2_EXTERN void
nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
uint64_t burst, uint64_t rate);
+/**
+ * @function
+ *
+ * This function sets the maximum number of CONTINUATION frames
+ * following an incoming HEADER frame. If more than those frames are
+ * received, the remote endpoint is considered to be misbehaving and
+ * session will be closed. The default value is 8.
+ */
+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
+ size_t val);
+
/**
* @function
*
diff --git a/deps/nghttp2/lib/nghttp2_option.c b/deps/nghttp2/lib/nghttp2_option.c
index 43d4e95..53144b9 100644
--- a/deps/nghttp2/lib/nghttp2_option.c
+++ b/deps/nghttp2/lib/nghttp2_option.c
@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
option->stream_reset_burst = burst;
option->stream_reset_rate = rate;
}
+
+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
+ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
+ option->max_continuations = val;
+}
diff --git a/deps/nghttp2/lib/nghttp2_option.h b/deps/nghttp2/lib/nghttp2_option.h
index 2259e18..c89cb97 100644
--- a/deps/nghttp2/lib/nghttp2_option.h
+++ b/deps/nghttp2/lib/nghttp2_option.h
@@ -71,6 +71,7 @@ typedef enum {
NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
+ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
} nghttp2_option_flag;
/**
@@ -98,6 +99,10 @@ struct nghttp2_option {
* NGHTTP2_OPT_MAX_SETTINGS
*/
size_t max_settings;
+ /**
+ * NGHTTP2_OPT_MAX_CONTINUATIONS
+ */
+ size_t max_continuations;
/**
* Bitwise OR of nghttp2_option_flag to determine that which fields
* are specified.
diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
index e343365..555032d 100644
--- a/deps/nghttp2/lib/nghttp2_session.c
+++ b/deps/nghttp2/lib/nghttp2_session.c
@@ -586,6 +586,10 @@ static int session_new(nghttp2_session **session_ptr,
option->stream_reset_burst,
option->stream_reset_rate);
}
+
+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
+ (*session_ptr)->max_continuations = option->max_continuations;
+ }
}
rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
--
2.44.0

96
SOURCES/nodejs-tarball.sh
View File

@ -135,67 +135,109 @@ rm -f node-v${version}.tar.gz
set +e set +e
# Determine the bundled versions of the various packages # Determine the bundled versions of the various packages
echo "Included software versions"
echo "-------------------------"
echo
echo "Node.js version"
echo "========================="
echo "${version}"
echo
echo "Bundled software versions" echo "Bundled software versions"
echo "-------------------------" echo "-------------------------"
echo echo
echo "libnode shared object version" echo "libnode shared object version (nodejs_soversion)"
echo "=========================" echo "========================="
grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h NODE_SOVERSION=$(grep -oP '(?<=#define NODE_MODULE_VERSION )\d+' node-v${version}/src/node_version.h)
echo "${NODE_SOVERSION}"
echo echo
echo "V8" echo "V8"
echo "=========================" echo "========================="
grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h V8_MAJOR=$(grep -oP '(?<=#define V8_MAJOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h V8_MINOR=$(grep -oP '(?<=#define V8_MINOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h V8_BUILD=$(grep -oP '(?<=#define V8_BUILD_NUMBER )\d+' node-v${version}/deps/v8/include/v8-version.h)
grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h V8_PATCH=$(grep -oP '(?<=#define V8_PATCH_LEVEL )\d+' node-v${version}/deps/v8/include/v8-version.h)
echo "${V8_MAJOR}.${V8_MINOR}.${V8_BUILD}.${V8_PATCH}"
echo echo
echo "c-ares" echo "c-ares"
echo "=========================" echo "========================="
grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h C_ARES_VERSION=$(grep -oP '(?<=#define ARES_VERSION_STR ).*\"' node-v${version}/deps/cares/include/ares_version.h |sed -e 's/^"//' -e 's/"$//')
grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h echo $C_ARES_VERSION
grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
echo echo
echo "llhttp" echo "llhttp"
echo "=========================" echo "========================="
grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h LLHTTP_MAJOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MAJOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h LLHTTP_MINOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MINOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h LLHTTP_PATCH=$(grep -oP '(?<=#define LLHTTP_VERSION_PATCH )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
LLHTTP_VERSION="${LLHTTP_MAJOR}.${LLHTTP_MINOR}.${LLHTTP_PATCH}"
echo $LLHTTP_VERSION
echo echo
echo "libuv" echo "libuv"
echo "=========================" echo "========================="
grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h UV_MAJOR=$(grep -oP '(?<=#define UV_VERSION_MAJOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h UV_MINOR=$(grep -oP '(?<=#define UV_VERSION_MINOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h UV_PATCH=$(grep -oP '(?<=#define UV_VERSION_PATCH )\d+' node-v${version}/deps/uv/include/uv/version.h)
LIBUV_VERSION="${UV_MAJOR}.${UV_MINOR}.${UV_PATCH}"
echo $LIBUV_VERSION
echo echo
echo "nghttp2" echo "nghttp2"
echo "=========================" echo "========================="
grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h NGHTTP2_VERSION=$(grep -oP '(?<=#define NGHTTP2_VERSION ).*\"' node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h |sed -e 's/^"//' -e 's/"$//')
echo $NGHTTP2_VERSION
echo echo
echo "nghttp3" echo "nghttp3"
echo "=========================" echo "========================="
grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h NGHTTP3_VERSION=$(grep -oP '(?<=#define NGHTTP3_VERSION ).*\"' node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h |sed -e 's/^"//' -e 's/"$//')
echo $NGHTTP3_VERSION
echo echo
echo "ngtcp2" echo "ngtcp2"
echo "=========================" echo "========================="
grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h NGTCP2_VERSION=$(grep -oP '(?<=#define NGTCP2_VERSION ).*\"' node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h |sed -e 's/^"//' -e 's/"$//')
echo $NGTCP2_VERSION
echo echo
echo "ICU" echo "ICU"
echo "=========================" echo "========================="
grep "url" node-v${version}/tools/icu/current_ver.dep ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g')
ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g')
echo "${ICU_MAJOR}.${ICU_MINOR}"
echo
echo "simdutf"
echo "========================="
SIMDUTF_VERSION=$(grep -oP '(?<=#define SIMDUTF_VERSION ).*\"' node-v${version}/deps/simdutf/simdutf.h |sed -e 's/^"//' -e 's/"$//')
echo $SIMDUTF_VERSION
echo
echo "ada"
echo "========================="
ADA_VERSION=$(grep -osP '(?<=#define ADA_VERSION ).*\"' node-v${version}/deps/ada/ada.h |sed -e 's/^"//' -e 's/"$//')
ADA_VERSION=${ADA_VERSION:-0}
echo "${ADA_VERSION}"
echo echo
echo "punycode" echo "punycode"
echo "=========================" echo "========================="
grep "'version'" node-v${version}/lib/punycode.js PUNYCODE_VERSION=$(grep -oP "'version': '\K[^']+" ./node-v${version}/lib/punycode.js)
echo echo $PUNYCODE_VERSION
echo "uvwasi"
echo "========================="
grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
echo echo
echo "npm" echo "npm"
echo "=========================" echo "========================="
grep "\"version\":" node-v${version}/deps/npm/package.json NPM_VERSION=$(jq -r .version ./node-v${version}/deps/npm/package.json)
echo $NPM_VERSION
echo
echo "corepack"
echo "========================="
COREPACK_VERSION=$(jq -r .version ./node-v${version}/deps/corepack/package.json)
echo $COREPACK_VERSION
echo
echo "uvwasi"
echo "========================="
UVWASI_MAJOR=$(grep -oP '(?<=#define UVWASI_VERSION_MAJOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
UVWASI_MINOR=$(grep -oP '(?<=#define UVWASI_VERSION_MINOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
UVWASI_PATCH=$(grep -oP '(?<=#define UVWASI_VERSION_PATCH )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
UVWASI_VERSION="${UVWASI_MAJOR}.${UVWASI_MINOR}.${UVWASI_PATCH}"
echo $UVWASI_VERSION
echo
echo "histogram_c"
echo "========================="
HISTOGRAM_VERSION=$(grep -oP '(?<=#define HDR_HISTOGRAM_VERSION ).*\"' node-v${version}/deps/histogram/include/hdr/hdr_histogram_version.h|sed -e 's/^"//' -e 's/"$//')
echo $HISTOGRAM_VERSION
echo echo
echo "Make sure these versions match what is in the RPM spec file" echo "Make sure these versions match what is in the RPM spec file"

49
SPECS/nodejs.spec
View File

@ -32,7 +32,7 @@
# This is used by both the nodejs package and the npm subpackage that # This is used by both the nodejs package and the npm subpackage that
# has a separate version - the name is special so that rpmdev-bumpspec # has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end. # will bump this rather than adding .1 to the end.
%global baserelease 1 %global baserelease 2
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -43,8 +43,8 @@
# than a Fedora release lifecycle. # than a Fedora release lifecycle.
%global nodejs_epoch 1 %global nodejs_epoch 1
%global nodejs_major 20 %global nodejs_major 20
%global nodejs_minor 11 %global nodejs_minor 12
%global nodejs_patch 1 %global nodejs_patch 2
%global nodejs_abi %{nodejs_major}.%{nodejs_minor} %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
%global nodejs_soversion 115 %global nodejs_soversion 115
@ -68,16 +68,16 @@
# c-ares - from deps/cares/include/ares_version.h # c-ares - from deps/cares/include/ares_version.h
# https://github.com/nodejs/node/pull/9332 # https://github.com/nodejs/node/pull/9332
%global c_ares_version 1.20.1 %global c_ares_version 1.27.0
# llhttp - from deps/llhttp/include/llhttp.h # llhttp - from deps/llhttp/include/llhttp.h
%global llhttp_version 8.1.1 %global llhttp_version 8.1.2
# libuv - from deps/uv/include/uv/version.h # libuv - from deps/uv/include/uv/version.h
%global libuv_version 1.46.0 %global libuv_version 1.46.0
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
%global nghttp2_version 1.58.0 %global nghttp2_version 1.60.0
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
%global nghttp3_version 0.7.0 %global nghttp3_version 0.7.0
@ -86,7 +86,7 @@
%global ngtcp2_version 0.8.1 %global ngtcp2_version 0.8.1
# ICU - from tools/icu/current_ver.dep # ICU - from tools/icu/current_ver.dep
%global icu_major 73 %global icu_major 74
%global icu_minor 2 %global icu_minor 2
%global icu_version %{icu_major}.%{icu_minor} %global icu_version %{icu_major}.%{icu_minor}
@ -105,10 +105,10 @@
%endif %endif
# simduft from deps/simdutf/simdutf.h # simduft from deps/simdutf/simdutf.h
%global simduft_version 4.0.4 %global simduft_version 4.0.8
# ada from deps/ada/ada.h # ada from deps/ada/ada.h
%global ada_version 2.7.4 %global ada_version 2.7.6
# OpenSSL minimum version # OpenSSL minimum version
%global openssl_minimum 1:1.1.1 %global openssl_minimum 1:1.1.1
@ -121,7 +121,7 @@
# npm - from deps/npm/package.json # npm - from deps/npm/package.json
%global npm_epoch 1 %global npm_epoch 1
%global npm_version 10.2.4 %global npm_version 10.5.0
# In order to avoid needing to keep incrementing the release version for the # In order to avoid needing to keep incrementing the release version for the
# main package forever, we will just construct one for npm that is guaranteed # main package forever, we will just construct one for npm that is guaranteed
@ -131,10 +131,10 @@
# Node.js 16.9.1 and later comes with an experimental package management tool # Node.js 16.9.1 and later comes with an experimental package management tool
# corepack - from deps/corepack/package.json # corepack - from deps/corepack/package.json
%global corepack_version 0.23.0 %global corepack_version 0.25.2
# uvwasi - from deps/uvwasi/include/uvwasi.h # uvwasi - from deps/uvwasi/include/uvwasi.h
%global uvwasi_version 0.0.19 %global uvwasi_version 0.0.20
# histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h # histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h
%global histogram_version 0.11.8 %global histogram_version 0.11.8
@ -181,14 +181,16 @@ Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-
# Version: jq '.version' deps/undici/src/package.json # Version: jq '.version' deps/undici/src/package.json
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz # Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz
# Adjustments: rm -f undici-5.28.3/lib/llhttp/llhttp*.wasm* # Adjustments: rm -f undici-5.28.3/lib/llhttp/llhttp*.wasm
# wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt # wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt
Source102: undici-5.28.3.tar.gz Source102: undici-5.28.4.tar.gz
Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk-16.0-linux.tar.gz Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk-16.0-linux.tar.gz
# Disable running gyp on bundled deps we don't use # Disable running gyp on bundled deps we don't use
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
Patch3: nodejs-fips-disable-options.patch Patch2: 0002-Disable-FIPS-options.patch
Patch3: 0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch
Patch4: 0004-Add-nghttp2_option_set_max_continuations.patch
BuildRequires: make BuildRequires: make
BuildRequires: python3-devel BuildRequires: python3-devel
@ -470,7 +472,7 @@ popd # deps
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
./tools/install.py install %{buildroot} %{_prefix} ./tools/install.py install --dest-dir=%{buildroot} --prefix=%{_prefix}
# Set the binary permissions properly # Set the binary permissions properly
chmod 0755 %{buildroot}/%{_bindir}/node chmod 0755 %{buildroot}/%{_bindir}/node
@ -634,13 +636,22 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod
%changelog %changelog
* Thu Feb 29 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.1-1 * Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-2
- Backport nghttp2 patch for CVE-2024-28182
* Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-1
- Rebase to version 20.12.0
Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node)
Fixes: CVE-2024-25629 (c-ares)
* Tue Mar 05 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.1-1
- Rebase to version 20.11.1 - Rebase to version 20.11.1
- Resolves: RHEL-26694 RHEL-26684 RHEL-26687 RHEL-26010 RHEL-26597 RHEL-26689 RHEL-26022 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high)
- Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium)
* Fri Jan 12 2024 Jan Staněk <jstanek@redhat.com> - 1:20.11.0-1 * Fri Jan 12 2024 Jan Staněk <jstanek@redhat.com> - 1:20.11.0-1
- Rebase to version 20.11.0 - Rebase to version 20.11.0
Resolves: RHEL-21189 Resolves: RHEL-21188
* Thu Nov 09 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:20.9.0-1 * Thu Nov 09 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:20.9.0-1
- Rebase to LTS - Rebase to LTS