import CS nodejs-20.18.1-1.module_el9+1145+0c321386

.gitignore

@@ -1,6 +1,6 @@
-SOURCES/cjs-module-lexer-1.2.2.tar.gz
-SOURCES/icu4c-73_2-src.tgz
-SOURCES/node-v20.11.0-stripped.tar.gz
-SOURCES/undici-5.27.2.tar.gz
-SOURCES/wasi-sdk-11.0-linux.tar.gz
-SOURCES/wasi-sdk-16.0-linux.tar.gz
+SOURCES/cjs-module-lexer-1.4.1.tar.gz
+SOURCES/icu4c-75_1-src.tgz
+SOURCES/node-v20.18.1-stripped.tar.gz
+SOURCES/undici-6.20.0.tar.gz
+SOURCES/wasi-sdk-12.tar.gz
+SOURCES/wasi-sdk-20.tar.gz

.nodejs.metadata

@@ -1,6 +1,6 @@
-b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-3d94969b097189bf5479c312d9593d2d252f5a73 SOURCES/icu4c-73_2-src.tgz
-8b62ac9e63c605f9942a0bee294c8a98c1ca63ba SOURCES/node-v20.11.0-stripped.tar.gz
-af3eca3508a818ea8e5829b2a4104f5ef7ddd5e2 SOURCES/undici-5.27.2.tar.gz
-ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz
-fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-16.0-linux.tar.gz
+bea4d977983331b0e1a981762f83e17d1de824cd SOURCES/cjs-module-lexer-1.4.1.tar.gz
+da3614aa496c5f0fde12f7aa155f235b5e239f1b SOURCES/icu4c-75_1-src.tgz
+d2195b84a5cd236120899925c86f4eecfadb6e2e SOURCES/node-v20.18.1-stripped.tar.gz
+af43a8ef082653c9c0b5d965b48e1994804a9ec1 SOURCES/undici-6.20.0.tar.gz
+5ea3a1deb65a52a36ceb41324da690f54b2a4805 SOURCES/wasi-sdk-12.tar.gz
+da40abcb73a6dddafced6174d24ed49e414cda3c SOURCES/wasi-sdk-20.tar.gz

SOURCES/0001-Disable-running-gyp-on-shared-deps.patch

@@ -1,4 +1,4 @@
-From c73e0892eb1d0aa2df805618c019dc5c96b79705 Mon Sep 17 00:00:00 2001
+From 2da7f25d9311bdea702b4b435830c02ce78b3ab9 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Tue, 30 May 2023 13:12:35 +0200
 Subject: [PATCH] Disable running gyp on shared deps
@@ -10,7 +10,7 @@ Signed-off-by: rpm-build <rpm-build>
  2 files changed, 1 insertion(+), 18 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index 0be0659..3c44201 100644
+index 7bd80d0..c43a50f 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -169,7 +169,7 @@ with-code-cache test-code-cache:
@@ -23,10 +23,10 @@ index 0be0659..3c44201 100644
  	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
  	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
 diff --git a/node.gyp b/node.gyp
-index cf52281..c33b57b 100644
+index 4aac640..aa0ba88 100644
 --- a/node.gyp
 +++ b/node.gyp
-@@ -430,23 +430,6 @@
+@@ -775,23 +775,6 @@
                ],
              },
            ],
@@ -51,5 +51,5 @@ index cf52281..c33b57b 100644
        ],
      }, # node_core_target_name
 -- 
-2.41.0
+2.44.0
 

SOURCES/0002-Disable-FIPS-options.patch

@@ -0,0 +1,83 @@
+From 4caaf9c19d3c058f5b89ecd9fc721ee49370651a Mon Sep 17 00:00:00 2001
+From: Michael Dawson <midawson@redhat.com>
+Date: Fri, 23 Feb 2024 13:43:56 +0100
+Subject: [PATCH] Disable FIPS options
+
+On RHEL, FIPS should be configured only on system level.
+Additionally, the related options may cause segfault when used on RHEL.
+
+This patch causes the option processing to end sooner
+than the problematic code gets executed.
+Additionally, the JS-level options to mess with FIPS settings
+are similarly disabled.
+
+Upstream report: https://github.com/nodejs/node/pull/48950
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ lib/crypto.js             | 10 ++++++++++
+ lib/internal/errors.js    |  6 ++++++
+ src/crypto/crypto_util.cc |  2 ++
+ 3 files changed, 18 insertions(+)
+
+diff --git a/lib/crypto.js b/lib/crypto.js
+index 1216f3a..fbfcb26 100644
+--- a/lib/crypto.js
++++ b/lib/crypto.js
+@@ -36,6 +36,9 @@ const {
+ assertCrypto();
+ 
+ const {
++  // RHEL specific error
++  ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED,
++
+   ERR_CRYPTO_FIPS_FORCED,
+   ERR_WORKER_UNSUPPORTED_OPERATION,
+ } = require('internal/errors').codes;
+@@ -253,6 +256,13 @@ function getFips() {
+ }
+ 
+ function setFips(val) {
++  // in RHEL FIPS enable/disable should only be done at system level
++  if (getFips() != val) {
++    throw new ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED();
++  } else {
++    return;
++  }
++
+   if (getOptionValue('--force-fips')) {
+     if (val) return;
+     throw new ERR_CRYPTO_FIPS_FORCED();
+diff --git a/lib/internal/errors.js b/lib/internal/errors.js
+--- a/lib/internal/errors.js.patch0002	2024-08-07 15:29:09.366357433 +0200
++++ b/lib/internal/errors.js	2024-08-07 15:29:14.392366591 +0200
+@@ -1112,6 +1112,12 @@ module.exports = {
+ //
+ // Note: Node.js specific errors must begin with the prefix ERR_
+ 
++// insert RHEL specific erro
++E('ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED',
++  'Cannot set FIPS mode. FIPS should be enabled/disabled at system level. See' +
++  'https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n',
++  Error);
++
+ E('ERR_ACCESS_DENIED',
+   function(msg, permission = '', resource = '') {
+     this.permission = permission;
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 5734d8f..ef9d1b1 100644
+--- a/src/crypto/crypto_util.cc
++++ b/src/crypto/crypto_util.cc
+@@ -121,6 +121,8 @@ bool ProcessFipsOptions() {
+   /* Override FIPS settings in configuration file, if needed. */
+   if (per_process::cli_options->enable_fips_crypto ||
+       per_process::cli_options->force_fips_crypto) {
++      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
++      return false;
+ #if OPENSSL_VERSION_MAJOR >= 3
+     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
+     if (fips_provider == nullptr)
+-- 
+2.44.0
+

SOURCES/nodejs-fips-disable-options.patch

@@ -1,20 +0,0 @@
-FIPS related options cause a segfault, let's end sooner
-
-Upstream report: https://github.com/nodejs/node/pull/48950
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
-
-This patch makes the part of the code that processes cmd-line options for
-FIPS to end sooner before the code gets to the problematic part of the code.
-
-diff -up node-v18.16.1/src/crypto/crypto_util.cc.origfips node-v18.16.1/src/crypto/crypto_util.cc
---- node-v18.16.1/src/crypto/crypto_util.cc.origfips	2023-07-31 12:09:46.603683081 +0200
-+++ node-v18.16.1/src/crypto/crypto_util.cc	2023-07-31 12:16:16.906617914 +0200
-@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
-   /* Override FIPS settings in configuration file, if needed. */
-   if (per_process::cli_options->enable_fips_crypto ||
-       per_process::cli_options->force_fips_crypto) {
-+      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
-+      return false;
- #if OPENSSL_VERSION_MAJOR >= 3
-     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
-     if (fips_provider == nullptr)

SOURCES/nodejs-tarball.sh

@@ -135,67 +135,109 @@ rm -f node-v${version}.tar.gz
 set +e
 
 # Determine the bundled versions of the various packages
+echo "Included software versions"
+echo "-------------------------"
+echo
+echo "Node.js version"
+echo "========================="
+echo "${version}"
+echo
 echo "Bundled software versions"
 echo "-------------------------"
 echo
-echo "libnode shared object version"
+echo "libnode shared object version (nodejs_soversion)"
 echo "========================="
-grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h
+NODE_SOVERSION=$(grep -oP '(?<=#define NODE_MODULE_VERSION )\d+' node-v${version}/src/node_version.h)
+echo "${NODE_SOVERSION}"
 echo
 echo "V8"
 echo "========================="
-grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
-grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
-grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h
-grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h
+V8_MAJOR=$(grep -oP '(?<=#define V8_MAJOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
+V8_MINOR=$(grep -oP '(?<=#define V8_MINOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
+V8_BUILD=$(grep -oP '(?<=#define V8_BUILD_NUMBER )\d+' node-v${version}/deps/v8/include/v8-version.h)
+V8_PATCH=$(grep -oP '(?<=#define V8_PATCH_LEVEL )\d+' node-v${version}/deps/v8/include/v8-version.h)
+echo "${V8_MAJOR}.${V8_MINOR}.${V8_BUILD}.${V8_PATCH}"
 echo
 echo "c-ares"
 echo "========================="
-grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h
-grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
-grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
+C_ARES_VERSION=$(grep -oP '(?<=#define ARES_VERSION_STR ).*\"' node-v${version}/deps/cares/include/ares_version.h |sed -e 's/^"//' -e 's/"$//')
+echo $C_ARES_VERSION
 echo
 echo "llhttp"
 echo "========================="
-grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
-grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
-grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
+LLHTTP_MAJOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MAJOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
+LLHTTP_MINOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MINOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
+LLHTTP_PATCH=$(grep -oP '(?<=#define LLHTTP_VERSION_PATCH )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
+LLHTTP_VERSION="${LLHTTP_MAJOR}.${LLHTTP_MINOR}.${LLHTTP_PATCH}"
+echo $LLHTTP_VERSION
 echo
 echo "libuv"
 echo "========================="
-grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h
-grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h
-grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h
+UV_MAJOR=$(grep -oP '(?<=#define UV_VERSION_MAJOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
+UV_MINOR=$(grep -oP '(?<=#define UV_VERSION_MINOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
+UV_PATCH=$(grep -oP '(?<=#define UV_VERSION_PATCH )\d+' node-v${version}/deps/uv/include/uv/version.h)
+LIBUV_VERSION="${UV_MAJOR}.${UV_MINOR}.${UV_PATCH}"
+echo $LIBUV_VERSION
 echo
 echo "nghttp2"
 echo "========================="
-grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
+NGHTTP2_VERSION=$(grep -oP '(?<=#define NGHTTP2_VERSION ).*\"' node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h |sed -e 's/^"//' -e 's/"$//')
+echo $NGHTTP2_VERSION
 echo
 echo "nghttp3"
 echo "========================="
-grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
+NGHTTP3_VERSION=$(grep -oP '(?<=#define NGHTTP3_VERSION ).*\"' node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h |sed -e 's/^"//' -e 's/"$//')
+echo $NGHTTP3_VERSION
 echo
 echo "ngtcp2"
 echo "========================="
-grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
+NGTCP2_VERSION=$(grep -oP '(?<=#define NGTCP2_VERSION ).*\"' node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h |sed -e 's/^"//' -e 's/"$//')
+echo $NGTCP2_VERSION
 echo
 echo "ICU"
 echo "========================="
-grep "url" node-v${version}/tools/icu/current_ver.dep
+ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g')
+ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g')
+echo "${ICU_MAJOR}.${ICU_MINOR}"
+echo
+echo "simdutf"
+echo "========================="
+SIMDUTF_VERSION=$(grep -oP '(?<=#define SIMDUTF_VERSION ).*\"' node-v${version}/deps/simdutf/simdutf.h |sed -e 's/^"//' -e 's/"$//')
+echo $SIMDUTF_VERSION
+echo
+echo "ada"
+echo "========================="
+ADA_VERSION=$(grep -osP '(?<=#define ADA_VERSION ).*\"' node-v${version}/deps/ada/ada.h |sed -e 's/^"//' -e 's/"$//')
+ADA_VERSION=${ADA_VERSION:-0}
+echo "${ADA_VERSION}"
 echo
 echo "punycode"
 echo "========================="
-grep "'version'" node-v${version}/lib/punycode.js
-echo
-echo "uvwasi"
-echo "========================="
-grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
-grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
-grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
+PUNYCODE_VERSION=$(grep -oP "'version': '\K[^']+" ./node-v${version}/lib/punycode.js)
+echo $PUNYCODE_VERSION
 echo
 echo "npm"
 echo "========================="
-grep "\"version\":" node-v${version}/deps/npm/package.json
+NPM_VERSION=$(jq -r .version ./node-v${version}/deps/npm/package.json)
+echo $NPM_VERSION
+echo
+echo "corepack"
+echo "========================="
+COREPACK_VERSION=$(jq -r .version ./node-v${version}/deps/corepack/package.json)
+echo $COREPACK_VERSION
+echo
+echo "uvwasi"
+echo "========================="
+UVWASI_MAJOR=$(grep -oP '(?<=#define UVWASI_VERSION_MAJOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
+UVWASI_MINOR=$(grep -oP '(?<=#define UVWASI_VERSION_MINOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
+UVWASI_PATCH=$(grep -oP '(?<=#define UVWASI_VERSION_PATCH )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
+UVWASI_VERSION="${UVWASI_MAJOR}.${UVWASI_MINOR}.${UVWASI_PATCH}"
+echo $UVWASI_VERSION
+echo
+echo "histogram_c"
+echo "========================="
+HISTOGRAM_VERSION=$(grep -oP '(?<=#define HDR_HISTOGRAM_VERSION ).*\"' node-v${version}/deps/histogram/include/hdr/hdr_histogram_version.h|sed -e 's/^"//' -e 's/"$//')
+echo $HISTOGRAM_VERSION
 echo
 echo "Make sure these versions match what is in the RPM spec file"
 

SPECS/nodejs.spec

@@ -43,8 +43,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 20
-%global nodejs_minor 11
-%global nodejs_patch 0
+%global nodejs_minor 18
+%global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 115
@@ -68,26 +68,26 @@
 
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
-%global c_ares_version 1.20.1
+%global c_ares_version 1.33.1
 
 # llhttp - from deps/llhttp/include/llhttp.h
-%global llhttp_version 8.1.1
+%global llhttp_version 8.1.2
 
 # libuv - from deps/uv/include/uv/version.h
 %global libuv_version 1.46.0
 
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-%global nghttp2_version 1.58.0
+%global nghttp2_version 1.61.0
 
 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
 %global nghttp3_version 0.7.0
 
 # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
-%global ngtcp2_version 0.8.1
+%global ngtcp2_version 1.1.0
 
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 73
-%global icu_minor 2
+%global icu_major 75
+%global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 
 %global icudatadir %{nodejs_datadir}/icudata
@@ -105,10 +105,10 @@
 %endif
 
 # simduft from deps/simdutf/simdutf.h
-%global simduft_version 4.0.4
+%global simduft_version 5.5.0
 
 # ada from deps/ada/ada.h
-%global ada_version 2.7.4
+%global ada_version 2.9.0
 
 # OpenSSL minimum version
 %global openssl_minimum 1:1.1.1
@@ -121,7 +121,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 10.2.4
+%global npm_version 10.8.2
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -131,10 +131,10 @@
 
 # Node.js 16.9.1 and later comes with an experimental package management tool
 # corepack - from deps/corepack/package.json
-%global corepack_version 0.23.0
+%global corepack_version 0.28.1
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_version 0.0.19
+%global uvwasi_version 0.0.21
 
 # histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h
 %global histogram_version 0.11.8
@@ -172,23 +172,23 @@ Source8: npmrc.builtin.in
 # Recipes for creating these blobs are included in the sources.
 
 # Version: jq '.version' deps/cjs-module-lexer/package.json
-# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz
-# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm
+# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.4.1.tar.gz
+# Adjustments: rm -f cjs-module-lexer-1.4.1/lib/lexer.wasm
 # wasi-sdk version can be found in Makefile
-# https://github.com/nodejs/cjs-module-lexer/blob/1.2.2/Makefile
-Source101: cjs-module-lexer-1.2.2.tar.gz
-Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
+# https://github.com/nodejs/cjs-module-lexer/blob/1.4.1/Makefile
+Source101: cjs-module-lexer-1.4.1.tar.gz
+Source111: https://github.com/WebAssembly/wasi-sdk/archive/refs/tags/wasi-sdk-12.tar.gz
 
 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.27.2.tar.gz
-# Adjustments: rm -f undici-5.27.2/lib/llhttp/llhttp*.wasm
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v6.20.0.tar.gz
+# Adjustments: rm -f undici-6.20.0/lib/llhttp/llhttp*.wasm
 # wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt
-Source102: undici-5.27.2.tar.gz
-Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk-16.0-linux.tar.gz
+Source102: undici-6.20.0.tar.gz
+Source112: https://github.com/WebAssembly/wasi-sdk/archive/refs/tags/wasi-sdk-20.tar.gz
 
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
-Patch3: nodejs-fips-disable-options.patch
+Patch2: 0002-Disable-FIPS-options.patch
 
 BuildRequires: make
 BuildRequires: python3-devel
@@ -424,7 +424,7 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl
 export LDFLAGS="%{build_ldflags}"
 
 %{__python3} configure.py --prefix=%{_prefix} --verbose \
-           --shared-openssl \
+           --shared-openssl --openssl-conf-name=openssl_conf \
            --shared-zlib \
            --shared-brotli \
            %{!?with_bundled:--shared-libuv} \
@@ -470,7 +470,7 @@ popd # deps
 %install
 rm -rf %{buildroot}
 
-./tools/install.py install %{buildroot} %{_prefix}
+./tools/install.py install --dest-dir=%{buildroot} --prefix=%{_prefix}
 
 # Set the binary permissions properly
 chmod 0755 %{buildroot}/%{_bindir}/node
@@ -634,6 +634,33 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod
 
 
 %changelog
+* Wed Dec 04 2024 Jan Staněk <jstanek@redhat.com> - 1:20.18.1-1
+- Update to version 20.18.1
+
+* Mon Sep 23 2024 Jan Staněk <jstanek@redhat.com> - 1:20.17.0-1
+- Update to 20.17.0
+  Resolves: RHEL-58721
+
+* Mon Aug 05 2024 Honza Horak <hhorak@redhat.com> - 1:20.16.0-1
+- Update to 20.16.0
+  Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020
+
+* Tue Jun 11 2024 Jan Staněk <jstanek@redhat.com> - 1:20.14.0-1
+- Update to version 20.14.0
+
+* Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-2
+- Backport nghttp2 patch for CVE-2024-28182
+
+* Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-1
+- Rebase to version 20.12.0
+  Fixes CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node)
+  Fixes CVE-2024-25629 (c-ares)
+
+* Tue Mar 05 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.1-1
+- Rebase to version 20.11.1
+- Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high)
+- Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium)
+
 * Fri Jan 12 2024 Jan Staněk <jstanek@redhat.com> - 1:20.11.0-1
 - Rebase to version 20.11.0
   Resolves: RHEL-21188