From ff9422b100568b240a01b0f38c5fa6558726a4ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
Date: Tue, 27 Sep 2022 16:15:25 +0200
Subject: [PATCH] Rebase to version 16.17.1

---
 0001-Disable-running-gyp-on-shared-deps.patch | 15 ++--
 ...Install-both-binaries-and-use-libdir.patch | 69 +++++++++++--------
 nodejs.spec                                   | 39 +++++++++--
 sources                                       |  8 ++-
 4 files changed, 84 insertions(+), 47 deletions(-)

diff --git a/0001-Disable-running-gyp-on-shared-deps.patch b/0001-Disable-running-gyp-on-shared-deps.patch
index 361ea08..48202ba 100644
--- a/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/0001-Disable-running-gyp-on-shared-deps.patch
@@ -1,19 +1,18 @@
-From b0b4d1ddbc720db73fb8ab13cdbbf1ce6524eebd Mon Sep 17 00:00:00 2001
+From 61fd3e74ff223cd59476ef8a69880c57e3312af7 Mon Sep 17 00:00:00 2001
 From: Zuzana Svetlikova <zsvetlik@redhat.com>
 Date: Fri, 17 Apr 2020 12:59:44 +0200
-Subject: [PATCH 1/2] Disable running gyp on shared deps
+Subject: [PATCH] Disable running gyp on shared deps
 
+Signed-off-by: rpm-build <rpm-build>
 ---
  Makefile | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 93d63110ae2e3928a95d24036b86d11885ab240f..79caaec2112cefa8f6a1c947375b517e9676f176 100644
+index dc6f08b..c865e72 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -136,11 +136,11 @@ endif
- .PHONY: test-code-cache
- with-code-cache test-code-cache:
+@@ -147,7 +147,7 @@ with-code-cache test-code-cache:
  	$(warning '$@' target is a noop)
  
  out/Makefile: config.gypi common.gypi node.gyp \
@@ -22,8 +21,6 @@ index 93d63110ae2e3928a95d24036b86d11885ab240f..79caaec2112cefa8f6a1c947375b517e
  	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
  	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
  	$(PYTHON) tools/gyp_node.py -f make
- 
- # node_version.h is listed because the N-API version is taken from there
 -- 
-2.29.2
+2.37.3
 
diff --git a/0002-Install-both-binaries-and-use-libdir.patch b/0002-Install-both-binaries-and-use-libdir.patch
index 4abfc3e..ed89d0d 100644
--- a/0002-Install-both-binaries-and-use-libdir.patch
+++ b/0002-Install-both-binaries-and-use-libdir.patch
@@ -1,8 +1,19 @@
+From e2ff0fc92ddbaa5535d684e353c55cefe99eb081 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 27 Sep 2022 13:48:12 +0200
+Subject: [PATCH] Install both binaries and use libdir
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ configure.py     | 7 +++++++
+ tools/install.py | 8 +++++---
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
 diff --git a/configure.py b/configure.py
-index 895a0869cb..791c3e4a62 100755
+index 1a7023d..b16db0c 100755
 --- a/configure.py
 +++ b/configure.py
-@@ -722,6 +722,12 @@ parser.add_argument('--shared',
+@@ -739,6 +739,12 @@ parser.add_argument('--shared',
      help='compile shared library for embedding node in another project. ' +
           '(This mode is not officially supported for regular applications)')
  
@@ -15,7 +26,7 @@ index 895a0869cb..791c3e4a62 100755
  parser.add_argument('--without-v8-platform',
      action='store_true',
      dest='without_v8_platform',
-@@ -1293,6 +1299,7 @@ def configure_node(o):
+@@ -1368,6 +1374,7 @@ def configure_node(o):
    o['variables']['node_no_browser_globals'] = b(options.no_browser_globals)
  
    o['variables']['node_shared'] = b(options.shared)
@@ -24,38 +35,38 @@ index 895a0869cb..791c3e4a62 100755
  
    if options.dest_os == 'android':
 diff --git a/tools/install.py b/tools/install.py
-index 045d406d84..b3ef454199 100755
+index a6d1f8b..e3ef9d7 100755
 --- a/tools/install.py
 +++ b/tools/install.py
-@@ -121,22 +121,19 @@ def subdir_files(path, dest, action):
- 
- def files(action):
+@@ -144,6 +144,7 @@ def files(action):
    is_windows = sys.platform == 'win32'
--  output_file = 'node'
+   output_file = 'node'
    output_prefix = 'out/Release/'
 +  output_libprefix = output_prefix
  
--  if 'false' == variables.get('node_shared'):
--    if is_windows:
--      output_file += '.exe'
-+  if is_windows:
-+    output_bin = 'node.exe'
-+    output_lib = 'node.dll'
-   else:
--    if is_windows:
--      output_file += '.dll'
--    else:
--      output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix')
-+    output_bin = 'node'
-+    output_lib = 'libnode.' + variables.get('shlib_suffix')
- 
--  if 'false' == variables.get('node_shared'):
--    action([output_prefix + output_file], 'bin/' + output_file)
--  else:
--    action([output_prefix + output_file], 'lib/' + output_file)
-+  action([output_prefix + output_bin], 'bin/' + output_bin)
-+  if 'true' == variables.get('node_shared'):
-+    action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib)
+   if is_windows:
+     output_file += '.exe'
+@@ -151,8 +152,8 @@ def files(action):
  
+   if 'true' == variables.get('node_shared'):
+     if is_windows:
+-      action([output_prefix + 'libnode.dll'], 'bin/libnode.dll')
+-      action([output_prefix + 'libnode.lib'], 'lib/libnode.lib')
++      action([output_libprefix + 'libnode.dll'], 'bin/libnode.dll')
++      action([output_libprefix + 'libnode.lib'], 'lib/libnode.lib')
+     elif sys.platform == 'zos':
+       # GYP will output to lib.target; see _InstallableTargetInstallPath
+       # function in tools/gyp/pylib/gyp/generator/make.py
+@@ -176,7 +177,8 @@ def files(action):
+       try_symlink(so_name, link_path)
+     else:
+       output_lib = 'libnode.' + variables.get('shlib_suffix')
+-      action([output_prefix + output_lib], 'lib/' + output_lib)
++      action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib)
++
    if 'true' == variables.get('node_use_dtrace'):
      action(['out/Release/node.d'], 'lib/dtrace/node.d')
+ 
+-- 
+2.37.3
+
diff --git a/nodejs.spec b/nodejs.spec
index f1c42a0..da6af1c 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -41,8 +41,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 16
-%global nodejs_minor 16
-%global nodejs_patch 0
+%global nodejs_minor 17
+%global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 93
@@ -58,7 +58,7 @@
 %global v8_major 9
 %global v8_minor 4
 %global v8_build 146
-%global v8_patch 24
+%global v8_patch 26
 # V8 presently breaks ABI at least every x.y release while never bumping SONAME
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@@ -69,7 +69,7 @@
 %global c_ares_version 1.18.1
 
 # llhttp - from deps/llhttp/include/llhttp.h
-%global llhttp_version 6.0.7
+%global llhttp_version 6.0.9
 
 # libuv - from deps/uv/include/uv/version.h
 %global libuv_version 1.43.0
@@ -90,7 +90,7 @@
 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
 
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 70
+%global icu_major 71
 %global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 
@@ -118,7 +118,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 8.11.0
+%global npm_version 8.15.0
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -157,6 +157,26 @@ Source100: %{name}-tarball.sh
 # nodejs-packaging SRPM.
 Source7: nodejs_native.attr
 
+# These are full sources for dependencies included as WASM blobs in the source of Node itself.
+# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to.
+# Recipes for creating these blobs are included in the sources.
+
+# Version: jq '.version' deps/cjs-module-lexer/package.json
+# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz
+# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm
+Source101: cjs-module-lexer-1.2.2.tar.gz
+# The WASM blob was made using wasi-sdk v11; compiler libraries are linked in.
+# Version source: Makefile
+Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
+
+# Version: jq '.version' deps/undici/src/package.json
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.8.0.tar.gz
+# Adjustments: rm -f undici-5.8.0/lib/llhttp/llhttp*.wasm*
+Source111: undici-5.8.0.tar.gz
+# The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
+# Version source: build/Dockerfile
+Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
+
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
 
@@ -663,8 +683,9 @@ end
 %doc %{_mandir}/man5/npm-shrinkwrap-json.5*
 %doc %{_mandir}/man7/config.7*
 %doc %{_mandir}/man7/developers.7*
-%doc %{_mandir}/man7/orgs.7*
 %doc %{_mandir}/man7/logging.7*
+%doc %{_mandir}/man7/orgs.7*
+%doc %{_mandir}/man7/package-spec.7*
 %doc %{_mandir}/man7/registry.7*
 %doc %{_mandir}/man7/removal.7*
 %doc %{_mandir}/man7/scope.7*
@@ -680,6 +701,10 @@ end
 
 
 %changelog
+* Tue Sep 27 2022 Jan Staněk <jstanek@redhat.com> - 16.17.1-1
+- Rebase to version 16.17.1
+  Resolves: CVE-2022-35255 CVE-2022-35256
+
 * Tue Aug 23 2022 Jan Staněk <jstanek@redhat.com> - 16.16.0-1
 - Rebase to version 16.16.0
   Resolves: RHBZ#2106290
diff --git a/sources b/sources
index ee3c478..8eda80b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,6 @@
-SHA512 (node-v16.16.0-stripped.tar.gz) = 260e3192dfbc5cebc6a0caceef9d29d57f219302c7ac0fae5ecb7b090d8d8f25eb8470ff77a3c8aa0ca41e90a08655fd5b4626c1b9dfbfad8519092590dec852
-SHA512 (icu4c-70_1-src.tgz) = 0b26ae7207155cb65a8fdb25f7b2fa4431e74b12bccbed0884a17feaae3c96833d12451064dd152197fd6ea5fd3adfd95594284a463e66c82e0d860f645880c9
+SHA512 (node-v16.17.1-stripped.tar.gz) = f7b18b02c23ddb32abb01bc4473fadfe860d8009ab14437951a44fea424312d59d2812f59570fa7dd78a5b53fc7dc892da237ea9f80498da3ffb3d4edd185ba7
+SHA512 (icu4c-71_1-src.tgz) = 1fd2a20aef48369d1f06e2bb74584877b8ad0eb529320b976264ec2db87420bae242715795f372dbc513ea80047bc49077a064e78205cd5e8b33d746fd2a2912
+SHA512 (cjs-module-lexer-1.2.2.tar.gz) = e2134c4541efec2f32d5fa5fd5151511a599ecd08e85fbfc8d56cbd0f3b2a404a9b1c072a601e4237e229ed12859abf6f52201ee0f55fcd0e43f49d0017e7cd1
+SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c
+SHA512 (undici-5.8.0.tar.gz) = 635756eb22e64c67dead202db4768e1e21ea25cda6c2598c619845fad063a600d98a3c9b510b12453ceeb2ac2cbb4949a1dddfebc5c1940c55781a28eb0cced5
+SHA512 (wasi-sdk-wasi-sdk-14.tar.gz) = 4fecb3d9c04b91eb2388a9e51d49fbff6f22b81f9945a07ecdbfe479c96dad1e3b673b8bee24842b0dae5294129a9cb35dcf8e5ecf45437a6d01fb6e0fd13645