9 changed files with 462 additions and 301 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/icu4c-64_2-src.tgz
-SOURCES/node-v10.24.0-stripped.tar.gz
+SOURCES/icu4c-67_1-src.tgz
+SOURCES/node-v12.20.1-stripped.tar.gz
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@ -1,2 +1,2 @@
-3127155ecf2b75ab4835f501b7478e39c07bb852 SOURCES/icu4c-64_2-src.tgz
-be0e0b385a852c376f452b3d94727492e05407e4 SOURCES/node-v10.24.0-stripped.tar.gz
+6822a4a94324d1ba591b3e8ef084e4491af253c1 SOURCES/icu4c-67_1-src.tgz
+f9a9058bbd8557bc0ea564d22f4f0d1d6b7ed896 SOURCES/node-v12.20.1-stripped.tar.gz
--- a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
@ -1,31 +1,26 @@
-From 2cd4c12776af3da588231d3eb498e6451c30eae5 Mon Sep 17 00:00:00 2001
+From 641730c7d1322dacd8e1020ec0753795d01200f0 Mon Sep 17 00:00:00 2001
 From: Zuzana Svetlikova <zsvetlik@redhat.com>
 Date: Thu, 27 Apr 2017 14:25:42 +0200
 Subject: [PATCH] Disable running gyp on shared deps

 Signed-off-by: rpm-build <rpm-build>
 ---
- Makefile | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/Makefile b/Makefile
-index 73feb4c..45bbceb 100644
+index 32a8a6c..f44f88a 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -123,10 +123,9 @@ with-code-cache:
- test-code-cache: with-code-cache
- 	$(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache
+@@ -141,7 +141,7 @@ test-code-cache: with-code-cache
+ 	echo "'test-code-cache' target is a noop"
 
-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \
-              deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \
-              deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \
-              config.gypi
-+out/Makefile: common.gypi deps/http_parser/http_parser.gyp \
-+              deps/v8/gypfiles/toolchain.gypi deps/v8/gypfiles/features.gypi \
-+			  deps/v8/gypfiles/v8.gyp node.gyp config.gypi
+ out/Makefile: config.gypi common.gypi node.gyp \
+-	deps/uv/uv.gyp deps/http_parser/http_parser.gyp deps/zlib/zlib.gyp \
+	deps/http_parser/http_parser.gyp \
+ 	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
+ 	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
 	$(PYTHON) tools/gyp_node.py -f make
- 
- config.gypi: configure configure.py
 -- 
 2.26.2

--- a/SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch
+++ b/SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch
@ -1,84 +0,0 @@
-From e7afb2d6e2a6c8f9c9c32e12a10c3c5c4902a251 Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Tue, 1 May 2018 08:05:30 -0400
-Subject: [PATCH] Suppress NPM message to run global update
-
-Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
-Signed-off-by: rpm-build <rpm-build>
---
- deps/npm/bin/npm-cli.js | 54 -----------------------------------------
- 1 file changed, 54 deletions(-)
-
-diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js
-index c0d9be0..0f0892e 100755
--- a/deps/npm/bin/npm-cli.js
-+++ b/deps/npm/bin/npm-cli.js
-@@ -71,65 +71,11 @@
-     npm.command = 'help'
-   }
- 
-  var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')
-
-   // now actually fire up npm and run the command.
-   // this is how to use npm programmatically:
-   conf._exit = true
-   npm.load(conf, function (er) {
-     if (er) return errorHandler(er)
-    if (
-      !isGlobalNpmUpdate &&
-      npm.config.get('update-notifier') &&
-      !unsupported.checkVersion(process.version).unsupported
-    ) {
-      const pkg = require('../package.json')
-      let notifier = require('update-notifier')({pkg})
-      const isCI = require('ci-info').isCI
-      if (
-        notifier.update &&
-        notifier.update.latest !== pkg.version &&
-        !isCI
-      ) {
-        const color = require('ansicolors')
-        const useColor = npm.config.get('color')
-        const useUnicode = npm.config.get('unicode')
-        const old = notifier.update.current
-        const latest = notifier.update.latest
-        let type = notifier.update.type
-        if (useColor) {
-          switch (type) {
-            case 'major':
-              type = color.red(type)
-              break
-            case 'minor':
-              type = color.yellow(type)
-              break
-            case 'patch':
-              type = color.green(type)
-              break
-          }
-        }
-        const changelog = `https://github.com/npm/cli/releases/tag/v${latest}`
-        notifier.notify({
-          message: `New ${type} version of ${pkg.name} available! ${
-            useColor ? color.red(old) : old
-          } ${useUnicode ? '→' : '->'} ${
-            useColor ? color.green(latest) : latest
-          }\n` +
-          `${
-            useColor ? color.yellow('Changelog:') : 'Changelog:'
-          } ${
-            useColor ? color.cyan(changelog) : changelog
-          }\n` +
-          `Run ${
-            useColor
-              ? color.green(`npm install -g ${pkg.name}`)
-              : `npm i -g ${pkg.name}`
-          } to update!`
-        })
-      }
-    }
-     npm.commands[npm.command](npm.argv, function (err) {
-       // https://genius.com/Lin-manuel-miranda-your-obedient-servant-lyrics
-       if (
-- 
-2.26.2
-
--- a/SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
+++ b/SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
@ -1,122 +0,0 @@
-From 0028cc74dac4dd24b8599ade85cb49fdafa9f559 Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Fri, 6 Dec 2019 16:40:25 -0500
-Subject: [PATCH] build: auto-load ICU data from --with-icu-default-data-dir
-
-When compiled with `--with-intl=small` and
-`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
-fallback location for the ICU data.
-
-We will first perform an access check using fopen(PATH, 'r') to
-ensure that the file is readable. If it is, we'll set the
-icu_data_directory and proceed. There's a slight overhead for the
-fopen() check, but it should be barely measurable.
-
-This will be useful for Linux distribution packagers who want to
-be able to ship a minimal node binary in a container image but
-also be able to add on the full i18n support where needed. With
-this patch, it becomes possible to ship the interpreter as
-/usr/bin/node in one package for the distribution and to ship the
-data files in another package (without a strict dependency
-between the two). This means that users of the distribution will
-not need to explicitly direct Node.js to locate the ICU data. It
-also means that in environments where full internationalization is
-not required, they do not need to carry the extra content (with
-the associated storage costs).
-
-Refs: https://github.com/nodejs/node/issues/3460
-
-Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
-Signed-off-by: rpm-build <rpm-build>
---
- configure.py |  9 +++++++++
- node.gypi    |  7 +++++++
- src/node.cc  | 20 ++++++++++++++++++++
- 3 files changed, 36 insertions(+)
-
-diff --git a/configure.py b/configure.py
-index 89f7bf5..d611a88 100755
--- a/configure.py
-+++ b/configure.py
-@@ -433,6 +433,14 @@ intl_optgroup.add_option('--with-icu-source',
-         'the icu4c source archive. '
-         'v%d.x or later recommended.' % icu_versions['minimum_icu'])
- 
-+intl_optgroup.add_option('--with-icu-default-data-dir',
-+    action='store',
-+    dest='with_icu_default_data_dir',
-+    help='Path to the icuXXdt{lb}.dat file. If unspecified, ICU data will '
-+         'only be read if the NODE_ICU_DATA environment variable or the '
-+         '--icu-data-dir runtime argument is used. This option has effect '
-+         'only when Node.js is built with --with-intl=small-icu.')
-+
- parser.add_option('--with-ltcg',
-     action='store_true',
-     dest='with_ltcg',
-@@ -1359,6 +1367,7 @@ def configure_intl(o):
-     locs.add('root')  # must have root
-     o['variables']['icu_locales'] = string.join(locs,',')
-     # We will check a bit later if we can use the canned deps/icu-small
-+    o['variables']['icu_default_data'] = options.with_icu_default_data_dir or ''
-   elif with_intl == 'full-icu':
-     # full ICU
-     o['variables']['v8_enable_i18n_support'] = 1
-diff --git a/node.gypi b/node.gypi
-index 466a174..65b97d6 100644
--- a/node.gypi
-+++ b/node.gypi
-@@ -113,6 +113,13 @@
-       'conditions': [
-         [ 'icu_small=="true"', {
-           'defines': [ 'NODE_HAVE_SMALL_ICU=1' ],
-+          'conditions': [
-+            [ 'icu_default_data!=""', {
-+              'defines': [
-+                'NODE_ICU_DEFAULT_DATA_DIR="<(icu_default_data)"',
-+              ],
-+            }],
-+          ],
-       }]],
-     }],
-     [ 'node_use_bundled_v8=="true" and \
-diff --git a/src/node.cc b/src/node.cc
-index 7c01187..c9840e3 100644
--- a/src/node.cc
-+++ b/src/node.cc
-@@ -92,6 +92,7 @@
- 
- #if defined(NODE_HAVE_I18N_SUPPORT)
- #include <unicode/uvernum.h>
-+#include <unicode/utypes.h>
- #endif
- 
- #if defined(LEAK_SANITIZER)
-@@ -2643,6 +2644,25 @@ void Init(std::vector<std::string>* argv,
-   // If the parameter isn't given, use the env variable.
-   if (per_process_opts->icu_data_dir.empty())
-     SafeGetenv("NODE_ICU_DATA", &per_process_opts->icu_data_dir);
-+
-+#ifdef NODE_ICU_DEFAULT_DATA_DIR
-+  // If neither the CLI option nor the environment variable was specified,
-+  // fall back to the configured default
-+  if (per_process_opts->icu_data_dir.empty()) {
-+    // Check whether the NODE_ICU_DEFAULT_DATA_DIR contains the right data
-+    // file and can be read.
-+    static const char full_path[] =
-+        NODE_ICU_DEFAULT_DATA_DIR "/" U_ICUDATA_NAME ".dat";
-+
-+    FILE* f = fopen(full_path, "rb");
-+
-+    if (f != nullptr) {
-+      fclose(f);
-+      per_process_opts->icu_data_dir = NODE_ICU_DEFAULT_DATA_DIR;
-+    }
-+  }
-+#endif  // NODE_ICU_DEFAULT_DATA_DIR
-+
-   // Initialize ICU.
-   // If icu_data_dir is empty here, it will load the 'minimal' data.
-   if (!i18n::InitializeICUDirectory(per_process_opts->icu_data_dir)) {
-- 
-2.26.2
-
--- a/SOURCES/0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch
+++ b/SOURCES/0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch
@ -0,0 +1,99 @@
+From 3ef951c3e17a56fe7bbb1b9f2c476ad55c52c287 Mon Sep 17 00:00:00 2001
+From: isaacs <i@izs.me>
+Date: Tue, 8 Dec 2020 14:21:50 -0800
+Subject: [PATCH] do not allow invalid hazardous string as section name
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ deps/npm/node_modules/ini/ini.js        |  8 +++++
+ deps/npm/node_modules/ini/test/proto.js | 45 +++++++++++++++++++++++++
+ 2 files changed, 53 insertions(+)
+ create mode 100644 deps/npm/node_modules/ini/test/proto.js
+
+diff --git a/deps/npm/node_modules/ini/ini.js b/deps/npm/node_modules/ini/ini.js
+index 590195d..0401258 100644
+--- a/deps/npm/node_modules/ini/ini.js
+++ b/deps/npm/node_modules/ini/ini.js
+@@ -80,6 +80,12 @@ function decode (str) {
+     if (!match) return
+     if (match[1] !== undefined) {
+       section = unsafe(match[1])
+      if (section === '__proto__') {
+        // not allowed
+        // keep parsing the section, but don't attach it.
+        p = {}
+        return
+      }
+       p = out[section] = out[section] || {}
+       return
+     }
+@@ -94,6 +100,7 @@ function decode (str) {
+     // Convert keys with '[]' suffix to an array
+     if (key.length > 2 && key.slice(-2) === '[]') {
+       key = key.substring(0, key.length - 2)
+      if (key === '__proto__') return
+       if (!p[key]) {
+         p[key] = []
+       } else if (!Array.isArray(p[key])) {
+@@ -125,6 +132,7 @@ function decode (str) {
+     var l = parts.pop()
+     var nl = l.replace(/\\\./g, '.')
+     parts.forEach(function (part, _, __) {
+      if (part === '__proto__') return
+       if (!p[part] || typeof p[part] !== 'object') p[part] = {}
+       p = p[part]
+     })
+diff --git a/deps/npm/node_modules/ini/test/proto.js b/deps/npm/node_modules/ini/test/proto.js
+new file mode 100644
+index 0000000..ab35533
+--- /dev/null
+++ b/deps/npm/node_modules/ini/test/proto.js
+@@ -0,0 +1,45 @@
+var ini = require('../')
+var t = require('tap')
+
+var data = `
+__proto__ = quux
+foo = baz
+[__proto__]
+foo = bar
+[other]
+foo = asdf
+[kid.__proto__.foo]
+foo = kid
+[arrproto]
+hello = snyk
+__proto__[] = you did a good job
+__proto__[] = so you deserve arrays
+thanks = true
+`
+var res = ini.parse(data)
+t.deepEqual(res, {
+  foo: 'baz',
+  other: {
+    foo: 'asdf',
+  },
+  kid: {
+    foo: {
+      foo: 'kid',
+    },
+  },
+  arrproto: {
+    hello: 'snyk',
+    thanks: true,
+  },
+})
+t.equal(res.__proto__, Object.prototype)
+t.equal(res.kid.__proto__, Object.prototype)
+t.equal(res.kid.foo.__proto__, Object.prototype)
+t.equal(res.arrproto.__proto__, Object.prototype)
+t.equal(Object.prototype.foo, undefined)
+t.equal(Object.prototype[0], undefined)
+t.equal(Object.prototype['0'], undefined)
+t.equal(Object.prototype[1], undefined)
+t.equal(Object.prototype['1'], undefined)
+t.equal(Array.prototype[0], undefined)
+t.equal(Array.prototype[1], undefined)
+--
+2.29.2
+
--- a/SOURCES/nodejs-tarball.sh
+++ b/SOURCES/nodejs-tarball.sh
@ -161,6 +161,12 @@ grep "define HTTP_PARSER_VERSION_MAJOR" node-v${version}/deps/http_parser/http_p
 grep "define HTTP_PARSER_VERSION_MINOR" node-v${version}/deps/http_parser/http_parser.h
 grep "define HTTP_PARSER_VERSION_PATCH" node-v${version}/deps/http_parser/http_parser.h
 echo
+echo "llhttp"
+echo "========================="
+grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
+grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
+grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
+echo
 echo "libuv"
 echo "========================="
 grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h
@ -179,6 +185,12 @@ echo "punycode"
 echo "========================="
 grep "'version'" node-v${version}/lib/punycode.js
 echo
+echo "uvwasi"
+echo "========================="
+grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
+grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
+grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
+echo
 echo "npm"
 echo "========================="
 grep "\"version\":" node-v${version}/deps/npm/package.json
--- a/SOURCES/npmrc
+++ b/SOURCES/npmrc
@ -1 +1,2 @@
 prefix=/usr/local
+python=/usr/bin/python3
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@ -1,4 +1,9 @@
 %global with_debug 0
+%global with_libs 0
+
+# set to 1 for RHEL >= 8.3
+# RHBZ#1856776 - brotli needed for nodejs-devel is not available
+%bcond_with shared_brotli

 # PowerPC, s390x and aarch64 segfault during Debug builds
 # https://github.com/nodejs/node/issues/20642
@ -10,7 +15,7 @@
 %bcond_with bootstrap

 # == Master Relase ==
-# This is used by both the nodejs package and the npm subpackage that
+# This is used by both the nodejs package and the npm subpackage thar
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
 %global baserelease 1
@ -23,12 +28,14 @@
 # feature releases that are only supported for nine months, which is shorter
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
-%global nodejs_major 10
-%global nodejs_minor 24
-%global nodejs_patch 0
+%global nodejs_major 12
+%global nodejs_minor 20
+%global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
+%if %{?with_libs} == 1
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
-%global nodejs_soversion 64
+%global nodejs_soversion 72
+%endif
 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
 %global nodejs_release %{baserelease}

@ -38,10 +45,10 @@
 # v8 - from deps/v8/include/v8-version.h
 # Epoch is set to ensure clean upgrades from the old v8 package
 %global v8_epoch 1
-%global v8_major 6
+%global v8_major 7
 %global v8_minor 8
-%global v8_build 275
-%global v8_patch 32
+%global v8_build 279
+%global v8_patch 23
 # V8 presently breaks ABI at least every x.y release while never bumping SONAME
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@ -50,8 +57,8 @@
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
 %global c_ares_major 1
-%global c_ares_minor 15
-%global c_ares_patch 0
+%global c_ares_minor 16
+%global c_ares_patch 1
 %global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}

 # http-parser - from deps/http_parser/http_parser.h
@ -60,10 +67,16 @@
 %global http_parser_patch 4
 %global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}

+# llhttp - from deps/llhttp/include/llhttp.h
+%global llhttp_major 2
+%global llhttp_minor 1
+%global llhttp_patch 3
+%global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch}
+
 # libuv - from deps/uv/include/uv/version.h
 %global libuv_major 1
-%global libuv_minor 34
-%global libuv_patch 2
+%global libuv_minor 40
+%global libuv_patch 0
 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}

 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
@ -73,15 +86,14 @@
 %global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}

 # ICU - from tools/icu/current_ver.dep
-%global icu_major 64
-%global icu_minor 2
+%global icu_major 67
+%global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}

 %global icudatadir %{nodejs_datadir}/icudata
 %{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
 # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal

-
 # punycode - from lib/punycode.js
 # Note: this was merged into the mainline since 0.6.x
 # Note: this will be unmerged in an upcoming major release
@ -94,21 +106,33 @@
 %global npm_epoch 1
 %global npm_major 6
 %global npm_minor 14
-%global npm_patch 11
+%global npm_patch 10
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}

+# uvwasi - from deps/uvwasi/include/uvwasi.h
+%global uvwasi_major 0
+%global uvwasi_minor 0
+%global uvwasi_patch 11
+%global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}
+
+# histogram_c - assumed from timestamps
+%global histogram_major 0
+%global histogram_minor 9
+%global histogram_patch 7
+%global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch}
+
+# brotli - from deps/brotli/c/common/version.h
+%global brotli_major 1
+%global brotli_minor 0
+%global brotli_patch 9
+%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}
+
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
 # to increment safely. Changing this can only be done during an update when the
 # base npm version number is increasing.
 %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}

-# brotli - from deps/brotli/c/common/version.h
-# v10.x doesn't have --shared-brotli configure option, so we have to bundle it
-%global brotli_major 1
-%global brotli_minor 0
-%global brotli_patch 7
-%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}

 Name: nodejs
 Epoch: %{nodejs_epoch}
@ -138,18 +162,17 @@ Source7: nodejs_native.attr
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch

-# Suppress the message from npm to run `npm -g update npm`
-# This does bad things on an RPM-managed npm.
-Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch
-
-# Upstream patch to enable auto-detection of full ICU data
-# https://github.com/nodejs/node/pull/30825
-Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
+%if %{?with_libs} == 1
+# Patch to install both node and libnode.so, using the correct libdir
+Patch2: 0002-Install-both-binaries-and-use-libdir.patch
+%endif

 # CVE-2020-7774
 Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch

-BuildRequires: make
+# CVE-2020-7788
+Patch5: 0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch
+
 BuildRequires: python2-devel
 BuildRequires: python3-devel
 BuildRequires: zlib-devel
@ -172,9 +195,18 @@ BuildRequires: libuv-devel >= 1:%{libuv_version}
 Requires: libuv >= 1:%{libuv_version}
 BuildRequires: libnghttp2-devel >= %{nghttp2_version}
 Requires: libnghttp2 >= %{nghttp2_version}
-BuildRequires: http-parser-devel >= %{http_parser_version}
-Requires: http-parser >= %{http_parser_version}
+%endif

+# Temporarily bundle http-parser and llhttp because the latter
+# isn't packaged yet and they are controlled by the same
+# configure flag.
+Provides: bundled(http-parser) = %{http_parser_version}
+Provides: bundled(llhttp) = %{llhttp_version}
+
+%if %{with shared_brotli}
+BuildRequires: brotli-devel
+%else
+Provides: bundled(brotli) = %{brotli_version}
 %endif

 BuildRequires: openssl-devel
@ -182,6 +214,10 @@ BuildRequires: openssl-devel
 # we need the system certificate store
 Requires: ca-certificates

+%if %{?with_libs} == 1
+Requires: nodejs-libs%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
+%endif
+
 # Pull in the full-icu data by default
 Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release}

@ -229,16 +265,19 @@ Provides: bundled(v8) = %{v8_version}
 # an ABI-break, so we'll use the bundled copy.
 Provides: bundled(icu) = %{icu_version}

+# Upstream added new dependencies, but so far they are not available in Fedora
+# or there's no option to built it as a shared dependency, so we bundle them
+Provides: bundled(uvwasi) = %{uvwasi_version}
+Provides: bundled(histogram) = %{histogram_version}
+
 # Make sure we keep NPM up to date when we update Node.js
-%if 0%{?rhel}
+%if 0%{?rhel} < 8
 # EPEL doesn't support Recommends, so make it strict
-Requires: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
 %else
-Recommends: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
 %endif

-# Provide bundled brotli until we can build it with system package
-Provides: bundled(brotli) = %{brotli_version}

 %description
 Node.js is a platform built on Chrome's JavaScript runtime
@ -254,12 +293,14 @@ Group: Development/Languages
 Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 Requires: openssl-devel%{?_isa}
 Requires: zlib-devel%{?_isa}
+%if %{with shared_brotli}
+Requires: brotli-devel%{?_isa}
+%endif
 Requires: nodejs-packaging

 %if %{with bootstrap}
 # deps are bundled
 %else
-Requires: http-parser-devel%{?_isa}
 Requires: libuv-devel%{?_isa}
 %endif

@ -276,6 +317,42 @@ Optional data files to provide full-icu support for Node.js. Remove this
 package to save space if non-English locales are not needed.


+%if %{?with_libs} == 1
+%package libs
+Summary: Node.js and v8 libraries
+
+# Compatibility for obsolete v8 package
+%if 0%{?__isa_bits} == 64
+Provides: libv8.so.%{v8_major}()(64bit)
+Provides: libv8_libbase.so.%{v8_major}()(64bit)
+Provides: libv8_libplatform.so.%{v8_major}()(64bit)
+%else
+# 32-bits
+Provides: libv8.so.%{v8_major}
+Provides: libv8_libbase.so.%{v8_major}
+Provides: libv8_libplatform.so.%{v8_major}
+%endif
+
+Provides: v8 = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
+Provides: v8%{?_isa} = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
+Obsoletes: v8 < 1:6.7.17-10
+
+%description libs
+Libraries to support Node.js and provide stable v8 interfaces.
+
+
+%package -n v8-devel
+Summary: v8 - development headers
+Epoch: %{v8_epoch}
+Version: %{v8_version}
+Release: %{v8_release}%{?dist}
+Requires: %{name}-devel%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+
+%description -n v8-devel
+Development headers for the v8 runtime.
+%endif
+
+
 %package -n npm
 Summary: Node.js Package Manager
 Epoch: %{npm_epoch}
@ -288,6 +365,7 @@ Release: %{npm_release}%{?dist}
 Obsoletes: npm < 0:3.5.4-6
 Provides: npm = %{npm_epoch}:%{npm_version}
 Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}

 # Do not add epoch to the virtual NPM provides or it will break
 # the automatic dependency-generation script.
@ -318,6 +396,9 @@ The API documentation for the Node.js JavaScript runtime.

 # remove bundled dependencies that we aren't building
 rm -rf deps/zlib
+%if %{with shared_brotli}
+rm -rf deps/brotli
+%endif

 # Replace any instances of unversioned python' with python2
 pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js")
@ -330,6 +411,7 @@ find . -type f -exec sed -i "s~python -c~python2 -c~" {} \;
 sed -i "s~which('python')~which('python2')~" configure

 %build
+export RHEL_ALLOW_PYTHON2_FOR_BUILD=1

 %ifarch s390 s390x %{arm} %ix86
 # Decrease debuginfo verbosity to reduce memory consumption during final
@ -337,7 +419,6 @@ sed -i "s~which('python')~which('python2')~" configure
 %global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
 %endif

-export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
 export CC='%{__cc}'
 export CXX='%{__cxx}'

@ -361,26 +442,86 @@ export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' '  ')"

 export LDFLAGS="%{build_ldflags}"

+# we're not building with libs in RHEL, so let's comment this out
+# for the sake of readability
+#%if %{?with_libs} == 1
+#%if %{with bootstrap}
+#./configure --prefix=%{_prefix} \
+#           --shared \
+#           --libdir=%{_lib} \
+#           --shared-openssl \
+#           --shared-zlib \
+#           --shared-brotli \
+#           --without-dtrace \
+#           --with-intl=small-icu \
+#           --debug-nghttp2 \
+#           --openssl-use-def-ca-store
+#%else
+#./configure --prefix=%{_prefix} \
+#           --shared \
+#           --libdir=%{_lib} \
+#           --shared-openssl \
+#           --shared-zlib \
+#           --shared-brotli \
+#           --shared-libuv \
+#           --shared-nghttp2 \
+#           --with-dtrace \
+#           --with-intl=%{icu_flag} \
+#           --with-icu-default-data-dir=%{icudatadir} \
+#           --debug-nghttp2 \
+#           --openssl-use-def-ca-store
+#%endif
+
+%if %{with shared_brotli}
+
+%if %{with bootstrap}
+./configure --prefix=%{_prefix} \
+           --shared-openssl \
+           --shared-zlib \
+           --shared-brotli \
+           --without-dtrace \
+           --with-intl=small-icu \
+           --debug-nghttp2 \
+           --openssl-use-def-ca-store
+%else
+./configure --prefix=%{_prefix} \
+           --shared-openssl \
+           --shared-zlib \
+           --shared-brotli \
+           --shared-libuv \
+           --shared-nghttp2 \
+           --with-dtrace \
+           --with-intl=%{icu_flag} \
+           --with-icu-default-data-dir=%{icudatadir} \
+           --debug-nghttp2 \
+           --openssl-use-def-ca-store
+%endif
+
+%else
+
 %if %{with bootstrap}
 ./configure --prefix=%{_prefix} \
           --shared-openssl \
           --shared-zlib \
           --without-dtrace \
           --with-intl=small-icu \
+           --debug-nghttp2 \
           --openssl-use-def-ca-store
 %else
 ./configure --prefix=%{_prefix} \
           --shared-openssl \
           --shared-zlib \
           --shared-libuv \
-           --shared-http-parser \
           --shared-nghttp2 \
           --with-dtrace \
-           --with-intl=small-icu \
+           --with-intl=%{icu_flag} \
           --with-icu-default-data-dir=%{icudatadir} \
+           --debug-nghttp2 \
           --openssl-use-def-ca-store
 %endif

+%endif
+
 %if %{?with_debug} == 1
 # Setting BUILDTYPE=Debug builds both release and debug binaries
 make BUILDTYPE=Debug %{?_smp_mflags}
@ -434,6 +575,21 @@ chrpath --delete %{buildroot}%{_bindir}/node
 install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g
 %endif

+%if %{?with_libs} == 1
+# Install library symlink
+ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/libnode.so
+
+# Install v8 compatibility symlinks
+for header in %{buildroot}%{_includedir}/node/libplatform %{buildroot}%{_includedir}/node/v8*.h; do
+    header=$(basename ${header})
+    ln -s %{_includedir}/node/${header} %{buildroot}%{_includedir}/${header}
+done
+for soname in libv8 libv8_libbase libv8_libplatform; do
+    ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so
+    ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so.%{v8_major}
+done
+%endif
+
 # own the sitelib directory
 mkdir -p %{buildroot}%{_prefix}/lib/node_modules

@ -470,6 +626,7 @@ ln -sf %{_mandir}  %{buildroot}%{_prefix}/lib/node_modules/npm/man
 # Install Gatsby HTML documentation to %{_pkgdocdir}
 cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
 rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
+
 ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs

 # Node tries to install some python files into a documentation directory
@ -504,6 +661,23 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*


 %check
+%if %{?with_libs} == 1
+# Fail the build if the versions don't match
+LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
+LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
+LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
+
+# Ensure we have punycode and that the version matches
+LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
+
+# Ensure we have npm and that the version matches
+NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"
+
+# Make sure i18n support is working
+NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
+
+%else
+
 # Fail the build if the versions don't match
 %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
 %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
@ -517,6 +691,7 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod

 # Make sure i18n support is working
 NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
+%endif


 %pretrans -n npm -p <lua>
@ -534,6 +709,38 @@ if d_st then
  end
 end

+-- Replace the npm docs directory with a symlink
+-- Drop this scriptlet when F31 is EOL
+path = "%{_prefix}/lib/node_modules/npm/doc"
+st = posix.stat(path)
+if st and st.type == "directory" then
+  status = os.rename(path, path .. ".rpmmoved")
+  if not status then
+    suffix = 0
+    while not status do
+      suffix = suffix + 1
+      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
+    end
+    os.rename(path, path .. ".rpmmoved")
+  end
+end
+
+-- Replace the npm HTML docs directory with a symlink
+-- Drop this scriptlet when F31 is EOL
+path = "%{_prefix}/lib/node_modules/npm/html"
+st = posix.stat(path)
+if st and st.type == "directory" then
+  status = os.rename(path, path .. ".rpmmoved")
+  if not status then
+    suffix = 0
+    while not status do
+      suffix = suffix + 1
+      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
+    end
+    os.rename(path, path .. ".rpmmoved")
+  end
+end
+
 -- Replace the npm man directory with a symlink
 -- Drop this scriptlet when F31 is EOL
 path = "%{_prefix}/lib/node_modules/npm/man"
@ -551,6 +758,26 @@ if st and st.type == "directory" then
 end


+%if %{?with_libs} == 1
+%pretrans -n v8-devel -p <lua>
+-- Replace the v8 libplatform include directory with a symlink
+-- Drop this scriptlet when F30 is EOL
+path = "%{_includedir}/libplatform"
+st = posix.stat(path)
+if st and st.type == "directory" then
+  status = os.rename(path, path .. ".rpmmoved")
+  if not status then
+    suffix = 0
+    while not status do
+      suffix = suffix + 1
+      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
+    end
+    os.rename(path, path .. ".rpmmoved")
+  end
+end
+%endif
+
+
 %files
 %{_bindir}/node
 %dir %{_prefix}/lib/node_modules
@ -569,7 +796,7 @@ end
 %{_rpmconfigdir}/fileattrs/nodejs_native.attr
 %{_rpmconfigdir}/nodejs_native.req
 %license LICENSE
-%doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md
+%doc AUTHORS CHANGELOG.md onboarding.md GOVERNANCE.md README.md
 %doc %{_mandir}/man1/node.1*


@ -578,6 +805,9 @@ end
 %{_bindir}/node_g
 %endif
 %{_includedir}/node
+%if %{?with_libs} == 1
+%{_libdir}/libnode.so
+%endif
 %{_datadir}/node/common.gypi
 %{_pkgdocdir}/gdbinit

@ -587,6 +817,25 @@ end
 %{icudatadir}/icudt%{icu_major}*.dat


+%if %{?with_libs} == 1
+%files libs
+%{_libdir}/libnode.so.%{nodejs_soversion}
+%{_libdir}/libv8.so.%{v8_major}
+%{_libdir}/libv8_libbase.so.%{v8_major}
+%{_libdir}/libv8_libplatform.so.%{v8_major}
+%dir %{nodejs_datadir}/
+
+
+%files -n v8-devel
+%{_includedir}/libplatform
+%{_includedir}/v8*.h
+%{_libdir}/libv8.so
+%{_libdir}/libv8_libbase.so
+%{_libdir}/libv8_libplatform.so
+%ghost %{_includedir}/libplatform.rpmmoved
+%endif
+
+
 %files -n npm
 %{_bindir}/npm
 %{_bindir}/npx
@ -621,47 +870,58 @@ end


 %changelog
-* Wed Feb 24 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.24.0-1
- Resolves: RHBZ#1932373, RHBZ#1932426
- Resolves CVE-2021-22883 and CVE-2021-22884
- remove -debug-nghttp2 flag (1930775)
- remove ini patch merged upstream
-
-* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.23.1-1
- January Security release
+* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.20.1-1
+- Security rebase for January security release
 - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
- Rebase to 10.23.1
- Resolves: RHBZ#1916461, RHBZ#1914789
- Resolves: RHBZ#1914783, RHBZ#1916462, RHBZ#1916395, RHBZ#1916459
- Resolves: RHBZ#1916691, RHBZ#1916689, RHBZ#1916388
- Remove dot-prop patch, as it is fixed by npm rebase
+- Resolves: RHBZ#1916460, RHBZ#1914786
+- Resolves: RHBZ#1914784, RHBZ#1916396

-* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 1:10.22.1-1
- Security rebase to 10.22.1
+* Tue Nov 24 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.19.1-1
+- Resolves: RHBZ#1901044, #1901045, #1901046, #1901047
+- c-ares, ajv and y18n CVEs and yarn installability issues

-* Wed Jun 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-3
- Resolves: RHBZ#1845307
- Remove brotli-devel requires from nodejs-devel
+* Mon Oct 05 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.18.4-2
+- Fix RHBZ#1856776 - nodejs-devel not installable due to missing brotli
+- Some spec fixes

-* Tue Jun 16 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-2
- Resolves: RHBZ#1845307
- Turn off debug builds
+* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 12.18.4-1
+- Rebase to 12.18.4

-* Mon Jun 15 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-1
- Security update to 10.21.0
- Resolves: RHBZ#1845307
- Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531
- Bundle brotli, because --shared-brotli configure option is missing
- Add i18n subpackage
+* Tue Jun 30 2020 Jan Staněk <jstanek@redhat.com> - 12.18.2-1
+- Rebase to 12.18.2

-* Wed Mar 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.19.0-2
- Resolves: RHBZ#1811499
+* Thu Jun 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.18.1-1
+- Rebase
+- Spec clean up
+- Provide i18n package, bundle icu
+- Resolves: RHBZ#1845311, RHBZ#1845692

-* Mon Feb 10 2020 Jan Staněk <jstanek@redhat.com> - 1:10.19.0-1
- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606
+* Thu Jun 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.18.0-1
+- Security update to 12.18.0
+- Resolves: RHBZ#1845311, RHBZ#1845692

-* Tue Sep 10 2019 Jan Staněk <jstanek@redhat.com> - 1:10.16.3-1
- Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518
+* Tue Mar 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-2
+- Fix CVE-2020-10531
+
+* Thu Feb 20 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-1
+- Resolves: RHBZ#1800395, RHBZ#1800396, RHBZ#1800381
+- Rebase to 12.16.1
+
+* Wed Jan 15 2020 Jan Staněk <jstanek@redhat.com> - 1:12.14.1-1
+- Rebase to 12.14.1
+
+* Fri Nov 29 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.13.1-1
+- Resolves: RHBZ# 1773503, update to 12.13.1
+- minor clean up and sync with Fedora spec
+- turn off debug builds
+
+* Thu Aug 01 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-2
+- Resolves:RHBZ#1685191
+- Add condition to libs
+
+* Wed Jun 12 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-1
+- Update to v12.x
+- Add v8-devel and libs subpackages from fedora

 * Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
 - move nodejs-packaging BR out of conditional