Compare commits

...

No commits in common. "c8-stream-10" and "c8s-stream-14" have entirely different histories.

12 changed files with 497 additions and 402 deletions

6
.gitignore vendored
View File

@ -1,2 +1,4 @@
SOURCES/icu4c-64_2-src.tgz SOURCES/cjs-module-lexer-1.2.2.tar.gz
SOURCES/node-v10.24.0-stripped.tar.gz SOURCES/icu4c-70_1-src.tgz
SOURCES/node-v14.21.3-stripped.tar.gz
SOURCES/wasi-sdk-wasi-sdk-11.tar.gz

View File

@ -1,2 +1,4 @@
3127155ecf2b75ab4835f501b7478e39c07bb852 SOURCES/icu4c-64_2-src.tgz 6976e77068429bd0b47b573793289e065ceb6b27 SOURCES/cjs-module-lexer-1.2.2.tar.gz
be0e0b385a852c376f452b3d94727492e05407e4 SOURCES/node-v10.24.0-stripped.tar.gz f7c1363edee6be7de8b624ffbb801892b3417d4e SOURCES/icu4c-70_1-src.tgz
9929bfc056f9689ee30a088e923a81db640e39be SOURCES/node-v14.21.3-stripped.tar.gz
8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz

View File

@ -1,31 +1,26 @@
From 2cd4c12776af3da588231d3eb498e6451c30eae5 Mon Sep 17 00:00:00 2001 From 0daef8b47290ffa866f321173a0a45f7c131f172 Mon Sep 17 00:00:00 2001
From: Zuzana Svetlikova <zsvetlik@redhat.com> From: Zuzana Svetlikova <zsvetlik@redhat.com>
Date: Thu, 27 Apr 2017 14:25:42 +0200 Date: Fri, 17 Apr 2020 12:59:44 +0200
Subject: [PATCH] Disable running gyp on shared deps Subject: [PATCH] Disable running gyp on shared deps
Signed-off-by: rpm-build <rpm-build> Signed-off-by: rpm-build <rpm-build>
--- ---
Makefile | 7 +++---- Makefile | 2 +-
1 file changed, 3 insertions(+), 4 deletions(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile diff --git a/Makefile b/Makefile
index 73feb4c..45bbceb 100644 index 82281b5..9e65fc4 100644
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@@ -123,10 +123,9 @@ with-code-cache: @@ -143,7 +143,7 @@ with-code-cache test-code-cache:
test-code-cache: with-code-cache $(warning '$@' target is a noop)
$(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache
-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \ out/Makefile: config.gypi common.gypi node.gyp \
- deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \ - deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
- deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \ + deps/llhttp/llhttp.gyp \
- config.gypi tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
+out/Makefile: common.gypi deps/http_parser/http_parser.gyp \ tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
+ deps/v8/gypfiles/toolchain.gypi deps/v8/gypfiles/features.gypi \
+ deps/v8/gypfiles/v8.gyp node.gyp config.gypi
$(PYTHON) tools/gyp_node.py -f make $(PYTHON) tools/gyp_node.py -f make
config.gypi: configure configure.py
-- --
2.26.2 2.38.1

View File

@ -1,84 +0,0 @@
From e7afb2d6e2a6c8f9c9c32e12a10c3c5c4902a251 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 1 May 2018 08:05:30 -0400
Subject: [PATCH] Suppress NPM message to run global update
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Signed-off-by: rpm-build <rpm-build>
---
deps/npm/bin/npm-cli.js | 54 -----------------------------------------
1 file changed, 54 deletions(-)
diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js
index c0d9be0..0f0892e 100755
--- a/deps/npm/bin/npm-cli.js
+++ b/deps/npm/bin/npm-cli.js
@@ -71,65 +71,11 @@
npm.command = 'help'
}
- var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')
-
// now actually fire up npm and run the command.
// this is how to use npm programmatically:
conf._exit = true
npm.load(conf, function (er) {
if (er) return errorHandler(er)
- if (
- !isGlobalNpmUpdate &&
- npm.config.get('update-notifier') &&
- !unsupported.checkVersion(process.version).unsupported
- ) {
- const pkg = require('../package.json')
- let notifier = require('update-notifier')({pkg})
- const isCI = require('ci-info').isCI
- if (
- notifier.update &&
- notifier.update.latest !== pkg.version &&
- !isCI
- ) {
- const color = require('ansicolors')
- const useColor = npm.config.get('color')
- const useUnicode = npm.config.get('unicode')
- const old = notifier.update.current
- const latest = notifier.update.latest
- let type = notifier.update.type
- if (useColor) {
- switch (type) {
- case 'major':
- type = color.red(type)
- break
- case 'minor':
- type = color.yellow(type)
- break
- case 'patch':
- type = color.green(type)
- break
- }
- }
- const changelog = `https://github.com/npm/cli/releases/tag/v${latest}`
- notifier.notify({
- message: `New ${type} version of ${pkg.name} available! ${
- useColor ? color.red(old) : old
- } ${useUnicode ? '→' : '->'} ${
- useColor ? color.green(latest) : latest
- }\n` +
- `${
- useColor ? color.yellow('Changelog:') : 'Changelog:'
- } ${
- useColor ? color.cyan(changelog) : changelog
- }\n` +
- `Run ${
- useColor
- ? color.green(`npm install -g ${pkg.name}`)
- : `npm i -g ${pkg.name}`
- } to update!`
- })
- }
- }
npm.commands[npm.command](npm.argv, function (err) {
// https://genius.com/Lin-manuel-miranda-your-obedient-servant-lyrics
if (
--
2.26.2

View File

@ -0,0 +1,45 @@
From 8fc20d21cd7861ecc4f034ae82234a05227c2c12 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 9 Dec 2021 15:48:46 +0100
Subject: [PATCH] deps(ansi-regex): fix potential ReDoS
This is the upstream fix [1] applied to all applicable bundled deps.
[1]: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
Fixes: CVE-2021-3807
Signed-off-by: rpm-build <rpm-build>
---
.../node_modules/string-width/node_modules/ansi-regex/index.js | 2 +-
deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
index c4aaecf..7d32201 100644
--- a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
+++ b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
@@ -2,7 +2,7 @@
module.exports = () => {
const pattern = [
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\\u0007)',
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))'
].join('|');
diff --git a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
index c254480..9e37ec3 100644
--- a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
+++ b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
@@ -6,7 +6,7 @@ module.exports = options => {
}, options);
const pattern = [
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
].join('|');
--
2.38.1

View File

@ -1,122 +0,0 @@
From 0028cc74dac4dd24b8599ade85cb49fdafa9f559 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 6 Dec 2019 16:40:25 -0500
Subject: [PATCH] build: auto-load ICU data from --with-icu-default-data-dir
When compiled with `--with-intl=small` and
`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
fallback location for the ICU data.
We will first perform an access check using fopen(PATH, 'r') to
ensure that the file is readable. If it is, we'll set the
icu_data_directory and proceed. There's a slight overhead for the
fopen() check, but it should be barely measurable.
This will be useful for Linux distribution packagers who want to
be able to ship a minimal node binary in a container image but
also be able to add on the full i18n support where needed. With
this patch, it becomes possible to ship the interpreter as
/usr/bin/node in one package for the distribution and to ship the
data files in another package (without a strict dependency
between the two). This means that users of the distribution will
not need to explicitly direct Node.js to locate the ICU data. It
also means that in environments where full internationalization is
not required, they do not need to carry the extra content (with
the associated storage costs).
Refs: https://github.com/nodejs/node/issues/3460
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Signed-off-by: rpm-build <rpm-build>
---
configure.py | 9 +++++++++
node.gypi | 7 +++++++
src/node.cc | 20 ++++++++++++++++++++
3 files changed, 36 insertions(+)
diff --git a/configure.py b/configure.py
index 89f7bf5..d611a88 100755
--- a/configure.py
+++ b/configure.py
@@ -433,6 +433,14 @@ intl_optgroup.add_option('--with-icu-source',
'the icu4c source archive. '
'v%d.x or later recommended.' % icu_versions['minimum_icu'])
+intl_optgroup.add_option('--with-icu-default-data-dir',
+ action='store',
+ dest='with_icu_default_data_dir',
+ help='Path to the icuXXdt{lb}.dat file. If unspecified, ICU data will '
+ 'only be read if the NODE_ICU_DATA environment variable or the '
+ '--icu-data-dir runtime argument is used. This option has effect '
+ 'only when Node.js is built with --with-intl=small-icu.')
+
parser.add_option('--with-ltcg',
action='store_true',
dest='with_ltcg',
@@ -1359,6 +1367,7 @@ def configure_intl(o):
locs.add('root') # must have root
o['variables']['icu_locales'] = string.join(locs,',')
# We will check a bit later if we can use the canned deps/icu-small
+ o['variables']['icu_default_data'] = options.with_icu_default_data_dir or ''
elif with_intl == 'full-icu':
# full ICU
o['variables']['v8_enable_i18n_support'] = 1
diff --git a/node.gypi b/node.gypi
index 466a174..65b97d6 100644
--- a/node.gypi
+++ b/node.gypi
@@ -113,6 +113,13 @@
'conditions': [
[ 'icu_small=="true"', {
'defines': [ 'NODE_HAVE_SMALL_ICU=1' ],
+ 'conditions': [
+ [ 'icu_default_data!=""', {
+ 'defines': [
+ 'NODE_ICU_DEFAULT_DATA_DIR="<(icu_default_data)"',
+ ],
+ }],
+ ],
}]],
}],
[ 'node_use_bundled_v8=="true" and \
diff --git a/src/node.cc b/src/node.cc
index 7c01187..c9840e3 100644
--- a/src/node.cc
+++ b/src/node.cc
@@ -92,6 +92,7 @@
#if defined(NODE_HAVE_I18N_SUPPORT)
#include <unicode/uvernum.h>
+#include <unicode/utypes.h>
#endif
#if defined(LEAK_SANITIZER)
@@ -2643,6 +2644,25 @@ void Init(std::vector<std::string>* argv,
// If the parameter isn't given, use the env variable.
if (per_process_opts->icu_data_dir.empty())
SafeGetenv("NODE_ICU_DATA", &per_process_opts->icu_data_dir);
+
+#ifdef NODE_ICU_DEFAULT_DATA_DIR
+ // If neither the CLI option nor the environment variable was specified,
+ // fall back to the configured default
+ if (per_process_opts->icu_data_dir.empty()) {
+ // Check whether the NODE_ICU_DEFAULT_DATA_DIR contains the right data
+ // file and can be read.
+ static const char full_path[] =
+ NODE_ICU_DEFAULT_DATA_DIR "/" U_ICUDATA_NAME ".dat";
+
+ FILE* f = fopen(full_path, "rb");
+
+ if (f != nullptr) {
+ fclose(f);
+ per_process_opts->icu_data_dir = NODE_ICU_DEFAULT_DATA_DIR;
+ }
+ }
+#endif // NODE_ICU_DEFAULT_DATA_DIR
+
// Initialize ICU.
// If icu_data_dir is empty here, it will load the 'minimal' data.
if (!i18n::InitializeICUDirectory(per_process_opts->icu_data_dir)) {
--
2.26.2

View File

@ -0,0 +1,49 @@
From 201c8b23df7bf986276e62b03f8276e18ef49728 Mon Sep 17 00:00:00 2001
From: Kornel <kornel@geekhood.net>
Date: Fri, 27 Jan 2023 01:20:38 +0000
Subject: [PATCH] deps(http-cache-semantics): Don't use regex to trim
whitespace
upstream-patch: https://github.com/kornelski/http-cache-semantics/commit/560b2d8ef452bbba20ffed69dc155d63ac757b74
Signed-off-by: rpm-build <rpm-build>
---
deps/npm/node_modules/http-cache-semantics/node4/index.js | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/deps/npm/node_modules/http-cache-semantics/node4/index.js b/deps/npm/node_modules/http-cache-semantics/node4/index.js
index bcdaebe..e427106 100644
--- a/deps/npm/node_modules/http-cache-semantics/node4/index.js
+++ b/deps/npm/node_modules/http-cache-semantics/node4/index.js
@@ -21,7 +21,7 @@ function parseCacheControl(header) {
// TODO: When there is more than one value present for a given directive (e.g., two Expires header fields, multiple Cache-Control: max-age directives),
// the directive's value is considered invalid. Caches are encouraged to consider responses that have invalid freshness information to be stale
- var parts = header.trim().split(/\s*,\s*/); // TODO: lame parsing
+ var parts = header.trim().split(/,/);
for (var _iterator = parts, _isArray = Array.isArray(_iterator), _i = 0, _iterator = _isArray ? _iterator : _iterator[Symbol.iterator]();;) {
var _ref;
@@ -36,11 +36,11 @@ function parseCacheControl(header) {
var part = _ref;
- var _part$split = part.split(/\s*=\s*/, 2),
+ var _part$split = part.split(/=/, 2),
k = _part$split[0],
v = _part$split[1];
- cc[k] = v === undefined ? true : v.replace(/^"|"$/g, ''); // TODO: lame unquoting
+ cc[k.trim()] = v === undefined ? true : v.trim().replace(/^"|"$/g, '');
}
return cc;
@@ -556,4 +556,4 @@ module.exports = function () {
};
return CachePolicy;
-}();
\ No newline at end of file
+}();
--
2.39.2

View File

@ -1,13 +0,0 @@
diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
index d720681628..727362aac0 100644
--- a/deps/npm/node_modules/y18n/index.js
+++ b/deps/npm/node_modules/y18n/index.js
@@ -11,7 +11,7 @@ function Y18N (opts) {
this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
// internal stuff.
- this.cache = {}
+ this.cache = Object.create(null)
this.writeQueue = []
}

View File

@ -0,0 +1,52 @@
From 58725d71e4306c83a474d6c3035e72580d0c4592 Mon Sep 17 00:00:00 2001
From: hopper-vul <118949689+hopper-vul@users.noreply.github.com>
Date: Wed, 18 Jan 2023 22:14:26 +0800
Subject: [PATCH] deps(cares): Add str len check in config_sortlist to avoid
stack overflow (#497)
In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse
the input str and initialize a sortlist configuration.
However, ares_set_sortlist has not any checks about the validity of the input str.
It is very easy to create an arbitrary length stack overflow with the unchecked
`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);`
statements in the config_sortlist call, which could potentially cause severe
security impact in practical programs.
This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the
potential stack overflows.
fixes #496
Fix By: @hopper-vul
Signed-off-by: rpm-build <rpm-build>
---
deps/cares/src/lib/ares_init.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/deps/cares/src/lib/ares_init.c b/deps/cares/src/lib/ares_init.c
index de5d86c..d5858f6 100644
--- a/deps/cares/src/lib/ares_init.c
+++ b/deps/cares/src/lib/ares_init.c
@@ -2243,6 +2243,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
q = str;
while (*q && *q != '/' && *q != ';' && !ISSPACE(*q))
q++;
+ if (q-str >= 16)
+ return ARES_EBADSTR;
memcpy(ipbuf, str, q-str);
ipbuf[q-str] = '\0';
/* Find the prefix */
@@ -2251,6 +2253,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
const char *str2 = q+1;
while (*q && *q != ';' && !ISSPACE(*q))
q++;
+ if (q-str >= 32)
+ return ARES_EBADSTR;
memcpy(ipbufpfx, str, q-str);
ipbufpfx[q-str] = '\0';
str = str2;
--
2.39.2

View File

@ -155,11 +155,11 @@ grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_versio
grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
echo echo
echo "http-parser" echo "llhttp"
echo "=========================" echo "========================="
grep "define HTTP_PARSER_VERSION_MAJOR" node-v${version}/deps/http_parser/http_parser.h grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
grep "define HTTP_PARSER_VERSION_MINOR" node-v${version}/deps/http_parser/http_parser.h grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
grep "define HTTP_PARSER_VERSION_PATCH" node-v${version}/deps/http_parser/http_parser.h grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
echo echo
echo "libuv" echo "libuv"
echo "=========================" echo "========================="
@ -179,6 +179,12 @@ echo "punycode"
echo "=========================" echo "========================="
grep "'version'" node-v${version}/lib/punycode.js grep "'version'" node-v${version}/lib/punycode.js
echo echo
echo "uvwasi"
echo "========================="
grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
echo
echo "npm" echo "npm"
echo "=========================" echo "========================="
grep "\"version\":" node-v${version}/deps/npm/package.json grep "\"version\":" node-v${version}/deps/npm/package.json

View File

@ -1 +1,2 @@
prefix=/usr/local prefix=/usr/local
python=/usr/bin/python3

View File

@ -1,13 +1,30 @@
%global with_debug 0 %bcond_with debug
# PowerPC, s390x and aarch64 segfault during Debug builds # PowerPC, s390x and aarch64 segfault during Debug builds
# https://github.com/nodejs/node/issues/20642 # https://github.com/nodejs/node/issues/20642
%ifarch %{power64} s390x aarch64 %ifarch %{power64} s390x aarch64
%global with_debug 0 %bcond_with debug
%endif %endif
# bundle dependencies that are not available as Fedora modules # The following macros control the usage of dependencies bundled from upstream.
#
# When to use what:
# - Regular (presumably non-modular) build: use neither (the default in Fedora)
# - Early bootstrapping build that is not intended to be shipped:
# use --with=bootstrap; this will bundle deps and add `~bootstrap` release suffix
# - Build with some dependencies not avalaible in necessary versions (i.e. module build):
# use --with=bundled; will bundle deps, but do not add the suffix
#
# create bootstrapping build with bundled deps and extra release suffix
%bcond_with bootstrap %bcond_with bootstrap
# bundle dependencies that are not available as Fedora modules
%if %{with bootstrap}
%bcond_without bundled
%else
%bcond_with bundled
%endif
%bcond_without python3_fixup
# == Master Relase == # == Master Relase ==
# This is used by both the nodejs package and the npm subpackage that # This is used by both the nodejs package and the npm subpackage that
@ -23,12 +40,10 @@
# feature releases that are only supported for nine months, which is shorter # feature releases that are only supported for nine months, which is shorter
# than a Fedora release lifecycle. # than a Fedora release lifecycle.
%global nodejs_epoch 1 %global nodejs_epoch 1
%global nodejs_major 10 %global nodejs_major 14
%global nodejs_minor 24 %global nodejs_minor 21
%global nodejs_patch 0 %global nodejs_patch 3
%global nodejs_abi %{nodejs_major}.%{nodejs_minor} %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
%global nodejs_soversion 64
%global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch} %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
%global nodejs_release %{baserelease} %global nodejs_release %{baserelease}
@ -37,11 +52,11 @@
# == Bundled Dependency Versions == # == Bundled Dependency Versions ==
# v8 - from deps/v8/include/v8-version.h # v8 - from deps/v8/include/v8-version.h
# Epoch is set to ensure clean upgrades from the old v8 package # Epoch is set to ensure clean upgrades from the old v8 package
%global v8_epoch 1 %global v8_epoch 2
%global v8_major 6 %global v8_major 8
%global v8_minor 8 %global v8_minor 4
%global v8_build 275 %global v8_build 371
%global v8_patch 32 %global v8_patch 23
# V8 presently breaks ABI at least every x.y release while never bumping SONAME # V8 presently breaks ABI at least every x.y release while never bumping SONAME
%global v8_abi %{v8_major}.%{v8_minor} %global v8_abi %{v8_major}.%{v8_minor}
%global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@ -50,37 +65,49 @@
# c-ares - from deps/cares/include/ares_version.h # c-ares - from deps/cares/include/ares_version.h
# https://github.com/nodejs/node/pull/9332 # https://github.com/nodejs/node/pull/9332
%global c_ares_major 1 %global c_ares_major 1
%global c_ares_minor 15 %global c_ares_minor 18
%global c_ares_patch 0 %global c_ares_patch 1
%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch} %global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
# http-parser - from deps/http_parser/http_parser.h # llhttp - from deps/llhttp/include/llhttp.h
%global http_parser_major 2 %global llhttp_major 2
%global http_parser_minor 9 %global llhttp_minor 1
%global http_parser_patch 4 %global llhttp_patch 6
%global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch} %global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch}
# libuv - from deps/uv/include/uv/version.h # libuv - from deps/uv/include/uv/version.h
%global libuv_major 1 %global libuv_major 1
%global libuv_minor 34 %global libuv_minor 42
%global libuv_patch 2 %global libuv_patch 0
%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch} %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
%global nghttp2_major 1 %global nghttp2_major 1
%global nghttp2_minor 41 %global nghttp2_minor 42
%global nghttp2_patch 0 %global nghttp2_patch 0
%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch} %global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
# ICU - from tools/icu/current_ver.dep # ICU - from tools/icu/current_ver.dep
%global icu_major 64 %global icu_major 70
%global icu_minor 2 %global icu_minor 1
%global icu_version %{icu_major}.%{icu_minor} %global icu_version %{icu_major}.%{icu_minor}
%global icudatadir %{nodejs_datadir}/icudata %global icudatadir %{nodejs_datadir}/icudata
%{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")} %{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
# " this line just fixes syntax highlighting for vim that is confused by the above and continues literal # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
%global sys_icu_version %(/usr/bin/icu-config --version)
%if "%{sys_icu_version}" >= "%{icu_version}"
%global bundled_icu 0
%global icu_flag system-icu
%else
%global bundled_icu 1
%global icu_flag full-icu
%endif
# OpenSSL minimum version
%global openssl_minimum 1:1.1.1
# punycode - from lib/punycode.js # punycode - from lib/punycode.js
# Note: this was merged into the mainline since 0.6.x # Note: this was merged into the mainline since 0.6.x
@ -94,21 +121,27 @@
%global npm_epoch 1 %global npm_epoch 1
%global npm_major 6 %global npm_major 6
%global npm_minor 14 %global npm_minor 14
%global npm_patch 11 %global npm_patch 18
%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
# uvwasi - from deps/uvwasi/include/uvwasi.h
%global uvwasi_major 0
%global uvwasi_minor 0
%global uvwasi_patch 11
%global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}
# histogram_c - assumed from timestamps
%global histogram_major 0
%global histogram_minor 9
%global histogram_patch 7
%global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch}
# In order to avoid needing to keep incrementing the release version for the # In order to avoid needing to keep incrementing the release version for the
# main package forever, we will just construct one for npm that is guaranteed # main package forever, we will just construct one for npm that is guaranteed
# to increment safely. Changing this can only be done during an update when the # to increment safely. Changing this can only be done during an update when the
# base npm version number is increasing. # base npm version number is increasing.
%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
# brotli - from deps/brotli/c/common/version.h
# v10.x doesn't have --shared-brotli configure option, so we have to bundle it
%global brotli_major 1
%global brotli_minor 0
%global brotli_patch 7
%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}
Name: nodejs Name: nodejs
Epoch: %{nodejs_epoch} Epoch: %{nodejs_epoch}
@ -135,24 +168,29 @@ Source100: %{name}-tarball.sh
# nodejs-packaging SRPM. # nodejs-packaging SRPM.
Source7: nodejs_native.attr Source7: nodejs_native.attr
# These are full sources for dependencies included as WASM blobs in the source of Node itself.
# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to.
# Recipes for creating these blobs are included in the sources.
# Version: jq '.version' deps/cjs-module-lexer/package.json
# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz
# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm
Source101: cjs-module-lexer-1.2.2.tar.gz
# The WASM blob was made using wasi-sdk v11; compiler libraries are linked in.
# Version source: Makefile
Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
# Disable running gyp on bundled deps we don't use # Disable running gyp on bundled deps we don't use
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
# Dependency vulnerabilities
# Suppress the message from npm to run `npm -g update npm` Patch2: 0002-deps-ansi-regex-fix-potential-ReDoS.patch
# This does bad things on an RPM-managed npm. Patch3: 0003-deps-http-cache-semantics-Don-t-use-regex-to-trim-wh.patch
Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch Patch4: 0004-deps-cares-Add-str-len-check-in-config_sortlist-to-a.patch
# Upstream patch to enable auto-detection of full ICU data
# https://github.com/nodejs/node/pull/30825
Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
# CVE-2020-7774
Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
BuildRequires: make BuildRequires: make
BuildRequires: python2-devel
BuildRequires: python3-devel BuildRequires: python3-devel
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: brotli-devel
BuildRequires: gcc >= 6.3.0 BuildRequires: gcc >= 6.3.0
BuildRequires: gcc-c++ >= 6.3.0 BuildRequires: gcc-c++ >= 6.3.0
# needed to generate bundled provides for npm dependencies # needed to generate bundled provides for npm dependencies
@ -161,23 +199,28 @@ BuildRequires: gcc-c++ >= 6.3.0
BuildRequires: nodejs-packaging BuildRequires: nodejs-packaging
BuildRequires: chrpath BuildRequires: chrpath
BuildRequires: libatomic BuildRequires: libatomic
%if %{with bootstrap}
Provides: bundled(http-parser) = %{http_parser_version}
Provides: bundled(libuv) = %{libuv_version}
Provides: bundled(nghttp2) = %{nghttp2_version}
%else
BuildRequires: systemtap-sdt-devel BuildRequires: systemtap-sdt-devel
%if %{with bundled}
Provides: bundled(libuv) = %{libuv_version}
%else
BuildRequires: libuv-devel >= 1:%{libuv_version} BuildRequires: libuv-devel >= 1:%{libuv_version}
Requires: libuv >= 1:%{libuv_version} Requires: libuv >= 1:%{libuv_version}
BuildRequires: libnghttp2-devel >= %{nghttp2_version}
Requires: libnghttp2 >= %{nghttp2_version}
BuildRequires: http-parser-devel >= %{http_parser_version}
Requires: http-parser >= %{http_parser_version}
%endif %endif
BuildRequires: openssl-devel %if %{with bundled}
Provides: bundled(nghttp2) = %{nghttp2_version}
%else
BuildRequires: libnghttp2-devel >= %{nghttp2_version}
Requires: libnghttp2 >= %{nghttp2_version}
%endif
# Temporarily bundle llhttp because the upstream doesn't
# provide releases for it.
Provides: bundled(llhttp) = %{llhttp_version}
BuildRequires: openssl-devel >= %{openssl_minimum}
Requires: openssl >= %{openssl_minimum}
# we need the system certificate store # we need the system certificate store
Requires: ca-certificates Requires: ca-certificates
@ -229,16 +272,18 @@ Provides: bundled(v8) = %{v8_version}
# an ABI-break, so we'll use the bundled copy. # an ABI-break, so we'll use the bundled copy.
Provides: bundled(icu) = %{icu_version} Provides: bundled(icu) = %{icu_version}
# Make sure we keep NPM up to date when we update Node.js # Upstream added new dependencies, but so far they are not available in Fedora
%if 0%{?rhel} # or there's no option to built it as a shared dependency, so we bundle them
# EPEL doesn't support Recommends, so make it strict Provides: bundled(uvwasi) = %{uvwasi_version}
Requires: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} Provides: bundled(histogram) = %{histogram_version}
%else
Recommends: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
%endif
# Provide bundled brotli until we can build it with system package # Make sure we keep NPM up to date when we update Node.js
Provides: bundled(brotli) = %{brotli_version} %if 0%{?rhel} < 8
# EPEL doesn't support Recommends, so make it strict
Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
%else
Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
%endif
%description %description
Node.js is a platform built on Chrome's JavaScript runtime Node.js is a platform built on Chrome's JavaScript runtime
@ -254,12 +299,10 @@ Group: Development/Languages
Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
Requires: openssl-devel%{?_isa} Requires: openssl-devel%{?_isa}
Requires: zlib-devel%{?_isa} Requires: zlib-devel%{?_isa}
Requires: brotli-devel%{?_isa}
Requires: nodejs-packaging Requires: nodejs-packaging
%if %{with bootstrap} %if %{without bundled}
# deps are bundled
%else
Requires: http-parser-devel%{?_isa}
Requires: libuv-devel%{?_isa} Requires: libuv-devel%{?_isa}
%endif %endif
@ -288,6 +331,9 @@ Release: %{npm_release}%{?dist}
Obsoletes: npm < 0:3.5.4-6 Obsoletes: npm < 0:3.5.4-6
Provides: npm = %{npm_epoch}:%{npm_version} Provides: npm = %{npm_epoch}:%{npm_version}
Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
%if 0%{?fedora} || 0%{?rhel} >= 8
Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
%endif
# Do not add epoch to the virtual NPM provides or it will break # Do not add epoch to the virtual NPM provides or it will break
# the automatic dependency-generation script. # the automatic dependency-generation script.
@ -318,16 +364,32 @@ The API documentation for the Node.js JavaScript runtime.
# remove bundled dependencies that we aren't building # remove bundled dependencies that we aren't building
rm -rf deps/zlib rm -rf deps/zlib
rm -rf deps/brotli
# Replace any instances of unversioned python' with python2 # check for correct versions of dependencies we are bundling
pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js") check_wasm_dep() {
find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python2~" {} \; local -r name="$1" source="$2" packagejson="$3"
find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python2~" {} \; local -r expected_version="$(jq -r '.version' "${packagejson}")"
sed -i "s~python~python2~" $(find . -type f | grep "gyp$")
if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then
printf '%s version matches\n' "${name}" >&2
else
printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2
return 1
fi
}
check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json
# Replace any instances of unversioned python' with python3
%if %{with python3_fixup}
pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js")
find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \;
find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \;
sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py
sed -i "s~usr\/bin\/python.*$~usr\/bin\/python2~" ./deps/v8/tools/mb/mb_unittest.py sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_unittest.py
find . -type f -exec sed -i "s~python -c~python2 -c~" {} \; find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
sed -i "s~which('python')~which('python2')~" configure %endif
%build %build
@ -337,51 +399,37 @@ sed -i "s~which('python')~which('python2')~" configure
%global optflags %(echo %{optflags} | sed 's/-g /-g1 /') %global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
%endif %endif
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 export CC='gcc'
export CC='%{__cc}' export CXX='g++'
export CXX='%{__cxx}' %{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}}
# build with debugging symbols and add defines from libuv (#892601) # build with debugging symbols and add defines from libuv (#892601)
# Node's v8 breaks with GCC 6 because of incorrect usage of methods on # Node's v8 breaks with GCC 6 because of incorrect usage of methods on
# NULL objects. We need to pass -fno-delete-null-pointer-checks # NULL objects. We need to pass -fno-delete-null-pointer-checks
export CFLAGS='%{optflags} \
-D_LARGEFILE_SOURCE \
-D_FILE_OFFSET_BITS=64 \
-DZLIB_CONST \
-fno-delete-null-pointer-checks'
export CXXFLAGS='%{optflags} \
-D_LARGEFILE_SOURCE \
-D_FILE_OFFSET_BITS=64 \
-DZLIB_CONST \
-fno-delete-null-pointer-checks'
# Explicit new lines in C(XX)FLAGS can break naive build scripts
export CFLAGS="$(echo ${CFLAGS} | tr '\n\\' ' ')"
export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' ' ')"
extra_cflags=(
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64
-DZLIB_CONST
-fno-delete-null-pointer-checks
)
export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cflags[*]}"
export LDFLAGS="%{build_ldflags}" export LDFLAGS="%{build_ldflags}"
%if %{with bootstrap} %{__python3} configure.py --prefix=%{_prefix} \
./configure --prefix=%{_prefix} \
--shared-openssl \ --shared-openssl \
--shared-zlib \ --shared-zlib \
--without-dtrace \ --shared-brotli \
--with-intl=small-icu \ %{!?with_bundled:--shared-libuv} \
--openssl-use-def-ca-store %{!?with_bundled:--shared-nghttp2} \
%else %{?with_bundled:--without-dtrace}%{!?with_bundled:--with-dtrace} \
./configure --prefix=%{_prefix} \
--shared-openssl \
--shared-zlib \
--shared-libuv \
--shared-http-parser \
--shared-nghttp2 \
--with-dtrace \
--with-intl=small-icu \ --with-intl=small-icu \
--with-icu-default-data-dir=%{icudatadir} \ --with-icu-default-data-dir=%{icudatadir} \
--openssl-use-def-ca-store --without-corepack \
%endif --openssl-use-def-ca-store \
--openssl-default-cipher-list=PROFILE=SYSTEM
%if %{?with_debug} == 1 %if %{with debug}
# Setting BUILDTYPE=Debug builds both release and debug binaries # Setting BUILDTYPE=Debug builds both release and debug binaries
make BUILDTYPE=Debug %{?_smp_mflags} make BUILDTYPE=Debug %{?_smp_mflags}
%else %else
@ -419,8 +467,6 @@ popd # deps
%install %install
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
rm -rf %{buildroot} rm -rf %{buildroot}
./tools/install.py install %{buildroot} %{_prefix} ./tools/install.py install %{buildroot} %{_prefix}
@ -429,7 +475,7 @@ rm -rf %{buildroot}
chmod 0755 %{buildroot}/%{_bindir}/node chmod 0755 %{buildroot}/%{_bindir}/node
chrpath --delete %{buildroot}%{_bindir}/node chrpath --delete %{buildroot}%{_bindir}/node
%if %{?with_debug} == 1 %if %{with debug}
# Install the debug binary and set its permissions # Install the debug binary and set its permissions
install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g
%endif %endif
@ -467,9 +513,10 @@ cp -pr deps/npm/man/* %{buildroot}%{_mandir}/
rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man
ln -sf %{_mandir} %{buildroot}%{_prefix}/lib/node_modules/npm/man ln -sf %{_mandir} %{buildroot}%{_prefix}/lib/node_modules/npm/man
# Install Gatsby HTML documentation to %{_pkgdocdir} # Install Gatsby HTML documentation to %%{_pkgdocdir}
cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/ cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs
# Node tries to install some python files into a documentation directory # Node tries to install some python files into a documentation directory
@ -516,7 +563,7 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')" NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"
# Make sure i18n support is working # Make sure i18n support is working
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2} NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
%pretrans -n npm -p <lua> %pretrans -n npm -p <lua>
@ -534,6 +581,38 @@ if d_st then
end end
end end
-- Replace the npm docs directory with a symlink
-- Drop this scriptlet when F31 is EOL
path = "%{_prefix}/lib/node_modules/npm/doc"
st = posix.stat(path)
if st and st.type == "directory" then
status = os.rename(path, path .. ".rpmmoved")
if not status then
suffix = 0
while not status do
suffix = suffix + 1
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
end
os.rename(path, path .. ".rpmmoved")
end
end
-- Replace the npm docs directory with a symlink
-- Drop this scriptlet when F31 is EOL
path = "%{_prefix}/lib/node_modules/npm/html"
st = posix.stat(path)
if st and st.type == "directory" then
status = os.rename(path, path .. ".rpmmoved")
if not status then
suffix = 0
while not status do
suffix = suffix + 1
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
end
os.rename(path, path .. ".rpmmoved")
end
end
-- Replace the npm man directory with a symlink -- Replace the npm man directory with a symlink
-- Drop this scriptlet when F31 is EOL -- Drop this scriptlet when F31 is EOL
path = "%{_prefix}/lib/node_modules/npm/man" path = "%{_prefix}/lib/node_modules/npm/man"
@ -559,9 +638,7 @@ end
%dir %{_datadir}/systemtap/tapset %dir %{_datadir}/systemtap/tapset
%{_datadir}/systemtap/tapset/node.stp %{_datadir}/systemtap/tapset/node.stp
%if %{with bootstrap} %if %{without bundled}
# no dtrace
%else
%dir %{_usr}/lib/dtrace %dir %{_usr}/lib/dtrace
%{_usr}/lib/dtrace/node.d %{_usr}/lib/dtrace/node.d
%endif %endif
@ -569,14 +646,12 @@ end
%{_rpmconfigdir}/fileattrs/nodejs_native.attr %{_rpmconfigdir}/fileattrs/nodejs_native.attr
%{_rpmconfigdir}/nodejs_native.req %{_rpmconfigdir}/nodejs_native.req
%license LICENSE %license LICENSE
%doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md %doc AUTHORS CHANGELOG.md onboarding.md GOVERNANCE.md README.md
%doc %{_mandir}/man1/node.1* %doc %{_mandir}/man1/node.1*
%files devel %files devel
%if %{?with_debug} == 1 %{?with_debug:%{_bindir}/node_g}
%{_bindir}/node_g
%endif
%{_includedir}/node %{_includedir}/node
%{_datadir}/node/common.gypi %{_datadir}/node/common.gypi
%{_pkgdocdir}/gdbinit %{_pkgdocdir}/gdbinit
@ -605,7 +680,6 @@ end
%doc %{_mandir}/man5/shrinkwrap-json.5* %doc %{_mandir}/man5/shrinkwrap-json.5*
%doc %{_mandir}/man7/config.7* %doc %{_mandir}/man7/config.7*
%doc %{_mandir}/man7/developers.7* %doc %{_mandir}/man7/developers.7*
%doc %{_mandir}/man7/disputes.7*
%doc %{_mandir}/man7/orgs.7* %doc %{_mandir}/man7/orgs.7*
%doc %{_mandir}/man7/registry.7* %doc %{_mandir}/man7/registry.7*
%doc %{_mandir}/man7/removal.7* %doc %{_mandir}/man7/removal.7*
@ -615,59 +689,147 @@ end
%files docs %files docs
%doc doc
%dir %{_pkgdocdir} %dir %{_pkgdocdir}
%{_pkgdocdir}/html %{_pkgdocdir}/html
%{_pkgdocdir}/npm/docs %{_pkgdocdir}/npm/docs
%changelog %changelog
* Wed Feb 24 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.24.0-1 * Mon Mar 06 2023 Jan Staněk <jstanek@redhat.com> - 1:14.21.3-1
- Resolves: RHBZ#1932373, RHBZ#1932426 - Rebase to 14.21.3
- Resolves CVE-2021-22883 and CVE-2021-22884 Resolves: rhbz#2153712
- remove -debug-nghttp2 flag (1930775) Resolves: CVE-2022-25881 CVE-2023-23918 CVE-2023-23920 CVE-2022-38900
- remove ini patch merged upstream Resolves: CVE-2022-4904
* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.23.1-1 * Thu Dec 08 2022 Jan Staněk <jstanek@redhat.com> - 1:14.21.1-2
- January Security release - Apply upstream fix for CVE-2022-24999
Resolves: CVE-2022-24999
- Record CVEs fixed by current or previous upstream releases
Resolves: CVE-2021-44906
* Wed Nov 16 2022 Jan Staněk <jstanek@redhat.com> - 1:14.21.1-1
- Rebase to version 14.21.1
Resolves: rhbz#2129805 CVE-2022-43548
* Fri Oct 07 2022 Jan Staněk <jstanek@redhat.com> - 1:14.20.1-2
- Record issues fixed in the current version
Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824
* Thu Sep 29 2022 Jan Staněk <jstanek@redhat.com> - 1:14.20.1-1
- Rebase to version 14.20.1
Resolves: CVE-2022-35256
* Mon Aug 22 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.20.0-1
- Rebase to latest release
- Resolves: #2106281, #2108056, #2108061, #2108066, #2108071, #2108139
- Remove libs patch
- Build without corepack
* Wed May 25 2022 Jan Staněk <jstanek@redhat.com> - 1:14.18.2-2
- Replace with_* macros with RPM confitionals
- Unify configure calls into single command
- Refactor bootstrap-related parts
- Decouple dependency bundling from bootstrapping
* Wed Dec 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.18.2-1
- Resolves: RHBZ#2026325
- Resolves: RHBZ#2014130, RHBZ#2014124, RHBZ#2013826, RHBZ#2024921
- Rebase to new version to fix CVEs
* Tue Aug 17 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.17.5-1
- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940,
- CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
- Resolves RHBZ#1847529 (make FIPS always available)
- Resolves: RHBZ#1988600, RHBZ#1993815, RHBZ#1993809, RHBZ#1993096
- Resolves: RHBZ#1986743, RHBZ#1993947, RHBZ#1993940, RHBZ#1989427
- Resolves: RHBZ#1951620 (make FIPS always available)
* Mon Aug 09 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.17.3-3
- Resolves: RHBZ#1945513, RHBZ#1945287
- Resolves CVE-2021-23362 CVE-2021-27290
- Bump for missing mentions of CVEs
* Thu Jul 08 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.17.3-2
- Resolves: RHBZ#1979844, RHBZ#1977829
- Resolves: RHBZ#1842826
- Don't use patch3
* Thu Jul 08 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.17.3-1
- Resolves: RHBZ#1979844, RHBZ#1977829
- Resolves: RHBZ#1842826
- Resolves CVE-2021-22918(libuv), use system cipher list
* Wed Mar 10 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-3
- Resolves: RHBZ#1930775
- Always build with systemtap
* Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-2
- Resolves RHBZ#1930775
- remove --debug-nghttp2 option
* Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-1
- Resolves CVE-2021-22883 CVE-2021-22884
- Resolves: RHBZ#1934566, RHBZ#1934599
- Rebase, remove ini patch
* Tue Jan 26 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-2
- Add patch for yarn crash
- Resolves: RHBZ#1915296
* Tue Jan 19 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-1
- Security rebase to 14.15.4
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/ - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
- Rebase to 10.23.1 - Resolves: RHBZ#1913001, RHBZ#1912953
- Resolves: RHBZ#1916461, RHBZ#1914789 - Resolves: RHBZ#1912636, RHBZ#1898602, RHBZ#1898768, RHBZ#1893987, RHBZ#1893184
- Resolves: RHBZ#1914783, RHBZ#1916462, RHBZ#1916395, RHBZ#1916459
- Resolves: RHBZ#1916691, RHBZ#1916689, RHBZ#1916388
- Remove dot-prop patch, as it is fixed by npm rebase
* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 1:10.22.1-1 * Thu Oct 29 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.0-1
- Security rebase to 10.22.1 - Resolves: RHBZ#1858864
- Update to LTS release
* Wed Jun 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-3 * Mon Sep 21 2020 Jan Staněk <jstanek@redhat.com> - 1:14.11.0-1
- Resolves: RHBZ#1845307 - Security update to 14.11.0
- Remove brotli-devel requires from nodejs-devel
* Tue Jun 16 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-2 * Wed Jun 03 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.4.0-1
- Resolves: RHBZ#1845307 - Security update to 14.4.0
- Turn off debug builds - Resolves: RHBZ#1815402
* Mon Jun 15 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-1 * Thu May 21 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.3.0-1
- Security update to 10.21.0 - Update to 14.3.0
- Resolves: RHBZ#1845307 - Fix optflags to save memory
- Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531 - Resolves: RHBZ#1815402
- Bundle brotli, because --shared-brotli configure option is missing
- Add i18n subpackage
* Wed Mar 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.19.0-2 * Wed May 06 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.2.0-1
- Resolves: RHBZ#1811499 - Update to 14.2.0
- build with python3 only
- some clean up
* Mon Feb 10 2020 Jan Staněk <jstanek@redhat.com> - 1:10.19.0-1 * Tue Mar 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-2
- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 - Fix CVE-2020-10531
* Tue Sep 10 2019 Jan Staněk <jstanek@redhat.com> - 1:10.16.3-1 * Thu Feb 20 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-1
- Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 - Rebase to 12.16.1
* Wed Jan 15 2020 Jan Staněk <jstanek@redhat.com> - 1:12.14.1-1
- Rebase to 12.14.1
* Fri Nov 29 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.13.1-1
- Resolves: RHBZ# 1773503, update to 12.13.1
- minor clean up and sync with Fedora spec
- turn off debug builds
* Thu Aug 01 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-2
- Add condition to libs
* Wed Jun 12 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-1
- Update to v12.x
- Add v8-devel and libs subpackages from fedora
* Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2 * Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
- move nodejs-packaging BR out of conditional - move nodejs-packaging BR out of conditional
* Tue Dec 11 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-1 * Tue Dec 11 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-1
- Resolves: RHBZ#1644207 - Resolves RHBZ#1644207
- fixes node-gyp permissions - fixes node-gyp permissions
- rebase - rebase