Commit Graph

44 Commits

Author SHA1 Message Date
Jan Staněk
8ceb521afe
Backport patch for CVE-2024-27982
Resolves: RHEL-33015
2024-04-24 14:13:14 +02:00
Jan Staněk
dfa48aa719
Use system OpenSSL configuration
Resolves: RHEL-30829
2024-04-16 10:29:26 +02:00
Jan Staněk
53b27311ea
Backport patches for several CVEs
Resolves: RHEL-26530 RHEL-29879 RHEL-29871 RHEL-31269
2024-04-16 10:28:30 +02:00
Honza Horak
30f3643e07 Fix CVE-2024-22019
Resolves: RHEL-25924

This is a combination of the upstream commit from v18:
911cb33cda

and necessary rebase of llhttp from 6.0.11 to 6.1.0 that has the needed
chunk features.
2024-03-05 07:08:18 +01:00
Jan Staněk
de11d6bcbe
Update nghttp2 version in spec file
Related: RHEL-12606
2023-10-13 11:25:18 +02:00
Jan Staněk
3cb8b0c43c
Update bundled nghttp2 to 1.57.0
Resolves: RHEL-12606
2023-10-12 17:33:43 +02:00
Zuzana Svetlikova
d5f5f15a5c
Rebase to 16.20.2
Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559
2023-10-12 13:47:44 +02:00
Honza Horak
6d1f346cb0 FIPS related options cause a segfault, let's end sooner
Upstream report: https://github.com/nodejs/node/pull/48950
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2227796

This patch makes the part of the code that processes cmd-line options for
FIPS to end sooner before the code gets to the problematic part of the code.
2023-07-31 16:34:28 +02:00
Jan Staněk
01be108fb0
Replace /usr/etc/npmrc symlink with builtin configuration
We want to have the system-level npmrc located at /etc/npmrc.
By default, npm looks for it in /usr/etc/npmrc,
so we placed a symlink to /etc/npmrc there.
However, we are the only known package that has anything in /usr/etc,
which confuses and/or breaks various tooling (see related bug).

This gets rid of the symlink,
and instead uses "builtin"-level configuration of npm
to cause it to load the system-level configuration from /etc/npmrc.
2023-07-13 14:38:48 +02:00
Jan Staněk
b24a92e302
Rebase to 16.20.1 2023-07-13 14:38:48 +02:00
Jan Staněk
59aab539ea
deps(cares): update to 1.19.1 2023-05-31 15:07:05 +02:00
Zuzana Svetlikova
c0fd38de1e Rebase to 16.19.1 2023-03-28 11:29:34 +02:00
Jan Staněk
07c6206905
Update bundled sources of undici to 5.10.0
Resolves: rhbz#2151617
2022-12-07 17:18:49 +01:00
Jan Staněk
66c5ba25aa
Check bundled WASM sources for version mismatch
Related: rhbz#2151617
2022-12-07 17:18:41 +01:00
Zuzana Svetlikova
342dd00fff Add back lib and v8-devel subpackages
These were previously removed in error.
Related: rhbz#2121126

Record already fixed CVE
Resolves: CVE-2021-44906
2022-12-06 16:04:56 +01:00
zsvetlik
eaec3dd901 Rebase + CVEs 2022-11-16 18:16:28 +00:00
Jan Staněk
ff9422b100
Rebase to version 16.17.1 2022-10-03 13:35:36 +02:00
Jan Staněk
c2428cf90c
record resolving of CVE-2022-29244 2022-09-13 10:16:38 +02:00
Jan Staněk
630d92b40e
Rebase to 16.16.0
Resolves: RHBZ#2106290
Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215
2022-08-23 13:29:47 +02:00
Jan Staněk
9014bf6071
Decouple dependency bundling from bootstrapping
We probably should stop (ab)using the bootstrap macro for module builds
with bundled dependencies. This patch decouples one from the other;
use --with=bundled for just bundling
and --with=bootstrap for full bootstrapping.

Related: rhbz#2056969
2022-04-21 15:33:06 +02:00
Jan Staněk
9e882e7dcf
Revert "workaround: do not attach ~bootstrap suffix to release"
This reverts commit 39df61ea81.

Related: rhbz#2056969
2022-04-21 15:32:11 +02:00
Jan Staněk
6618048d4d
apply upstream fix for CVE-2021-43616
Resolves: CVE-2021-43616
2022-04-05 13:32:47 +02:00
Jan Staněk
39df61ea81
workaround: do not attach ~bootstrap suffix to release
Related: rhbz#2070015
2022-04-05 13:17:00 +02:00
Jan “Khardix” Staněk
4d58280f41 use single configure invocation
- refactor configure- and bootstrap-related sections of the specfile

Resolves: rhbz#2056969
2022-04-01 10:05:38 +00:00
zsvetlik
b553ca163d Update to 16.14.0
Resolves: #2042995, #2042970, #2042981, #2042989
Resolves: #2029936, #2024890, #2014499, #2014135
Resolves: #2013834, #1945299
2022-02-14 08:29:39 +00:00
Zuzana Svetlikova
dae20f2a4b Rebase to 16.10.0, add corepack, fix PowerShell dependency
Resolves: RHBZ#2000539, #2000548, #2000549, #2002177

update sources
2021-09-29 13:49:47 +02:00
Jan Staněk
de0701411d
Rebase to 16.6.2
Resolves: CVE-2021-22931 CVE-2021-22939 CVE-2021-22940
2021-08-12 14:44:40 +02:00
Mohan Boddu
94ead171a1 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 22:33:46 +00:00
Zuzana Svetlikova
303ca14023 Bump for gating
Resolves: RHBZ#1979926
2021-07-22 16:12:37 +02:00
Zuzana Svetlikova
8bd0f8a557 Add gating.yaml 2021-07-22 12:40:21 +02:00
zsvetlik
553a390d25 Rebase to 16.5.0 2021-07-21 14:19:35 +00:00
Mohan Boddu
a324994ee1 Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-06-16 03:33:07 +00:00
Zuzana Svetlikova
1b735fbcab Resolves: RHBZ#1953491
Rebase to v16.3.0
2021-06-03 11:05:12 +02:00
Zuzana Svetlikova
6be529b23e Resolves: RHBZ#1953491
Rebase patch
2021-05-21 11:38:02 +02:00
Zuzana Svetlikova
2ee4eb77cd Resolves: RHBZ#1953491
Support for OpenSSL 3.0.0
Rebase to v16.x
2021-05-21 10:25:54 +02:00
Mohan Boddu
cf14f3f995 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 02:27:41 +00:00
DistroBaker
6fb39160f9 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nodejs.git#92241ac4b02450944546440fa2b5661b3637e4ec
2021-04-04 21:56:13 +00:00
DistroBaker
ea424393a6 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nodejs.git#a630cd6af9c313edbebc198215cc87e4e96f9c24
2021-03-11 20:10:06 +00:00
DistroBaker
b8bae0722f Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nodejs.git#44f3bfe9c7a4919bd088aa95b52546960aa030fb
2021-02-03 05:09:18 +00:00
DistroBaker
15921cdf7d Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nodejs.git#9f1a56347d44c7841a0d9615b0cdcbd7c17d66c1
2021-01-04 23:51:11 +00:00
DistroBaker
0e6f0ad6ed Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nodejs.git#d4fae2de5af42fef0048e8ff5290f76df0e9e4ba
2020-12-03 08:39:14 +00:00
DistroBaker
b71eed848d Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nodejs.git#a042b795522128838140f15a3019f0cc42a63781
2020-10-27 17:53:47 +01:00
Petr Šabata
1490ce34db RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/nodejs#52d3230036dd6bdc1c3b16ab7df8007696af8eef
2020-10-15 21:10:09 +02:00
Release Configuration Management
98b4422a84 New branch setup 2020-10-08 18:35:04 +00:00