.gitignore

@@ -1,2 +1,9 @@
-SOURCES/icu4c-64_2-src.tgz
-SOURCES/node-v10.24.0-stripped.tar.gz
+*~
+*.swp
+/*.tar.gz
+/*.src.rpm
+/*.tgz
+/node-*/*
+/.build-*.log
+/noarch
+/x86_64

.nodejs.metadata

@@ -1,2 +0,0 @@
-3127155ecf2b75ab4835f501b7478e39c07bb852 SOURCES/icu4c-64_2-src.tgz
-be0e0b385a852c376f452b3d94727492e05407e4 SOURCES/node-v10.24.0-stripped.tar.gz

0001-Disable-running-gyp-on-shared-deps.patch

@@ -0,0 +1,26 @@
+From 39f761838b5fc10af995642bd44e6bb4c79085f1 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 30 May 2023 13:12:35 +0200
+Subject: [PATCH] Disable running gyp on shared deps
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index ef3eda2..8b52a4f 100644
+--- a/Makefile
++++ b/Makefile
+@@ -148,7 +148,7 @@ with-code-cache test-code-cache:
+ 	$(warning '$@' target is a noop)
+ 
+ out/Makefile: config.gypi common.gypi node.gyp \
+-	deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
++	deps/llhttp/llhttp.gyp \
+ 	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
+ 	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
+ 	$(PYTHON) tools/gyp_node.py -f make
+-- 
+2.41.0
+

0002-disable-fips-options.patch

@@ -0,0 +1,26 @@
+From b9370dcfba759c63e894f12abcf49699f1e8f0dc Mon Sep 17 00:00:00 2001
+From: Honza Horak <hhorak@redhat.com>
+Date: Thu, 12 Oct 2023 13:52:59 +0200
+Subject: [PATCH] disable fips options
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ src/crypto/crypto_util.cc | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 59ae7f8..7343396 100644
+--- a/src/crypto/crypto_util.cc
++++ b/src/crypto/crypto_util.cc
+@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
+   /* Override FIPS settings in configuration file, if needed. */
+   if (per_process::cli_options->enable_fips_crypto ||
+       per_process::cli_options->force_fips_crypto) {
++      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
++      return false;
+ #if OPENSSL_VERSION_MAJOR >= 3
+     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
+     if (fips_provider == nullptr)
+-- 
+2.41.0
+

SOURCES/0001-Disable-running-gyp-on-shared-deps.patch

@@ -1,31 +0,0 @@
-From 2cd4c12776af3da588231d3eb498e6451c30eae5 Mon Sep 17 00:00:00 2001
-From: Zuzana Svetlikova <zsvetlik@redhat.com>
-Date: Thu, 27 Apr 2017 14:25:42 +0200
-Subject: [PATCH] Disable running gyp on shared deps
-
-Signed-off-by: rpm-build <rpm-build>
----
- Makefile | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 73feb4c..45bbceb 100644
---- a/Makefile
-+++ b/Makefile
-@@ -123,10 +123,9 @@ with-code-cache:
- test-code-cache: with-code-cache
- 	$(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache
- 
--out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \
--              deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \
--              deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \
--              config.gypi
-+out/Makefile: common.gypi deps/http_parser/http_parser.gyp \
-+              deps/v8/gypfiles/toolchain.gypi deps/v8/gypfiles/features.gypi \
-+			  deps/v8/gypfiles/v8.gyp node.gyp config.gypi
- 	$(PYTHON) tools/gyp_node.py -f make
- 
- config.gypi: configure configure.py
--- 
-2.26.2
-

SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch

@@ -1,84 +0,0 @@
-From e7afb2d6e2a6c8f9c9c32e12a10c3c5c4902a251 Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Tue, 1 May 2018 08:05:30 -0400
-Subject: [PATCH] Suppress NPM message to run global update
-
-Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
-Signed-off-by: rpm-build <rpm-build>
----
- deps/npm/bin/npm-cli.js | 54 -----------------------------------------
- 1 file changed, 54 deletions(-)
-
-diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js
-index c0d9be0..0f0892e 100755
---- a/deps/npm/bin/npm-cli.js
-+++ b/deps/npm/bin/npm-cli.js
-@@ -71,65 +71,11 @@
-     npm.command = 'help'
-   }
- 
--  var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')
--
-   // now actually fire up npm and run the command.
-   // this is how to use npm programmatically:
-   conf._exit = true
-   npm.load(conf, function (er) {
-     if (er) return errorHandler(er)
--    if (
--      !isGlobalNpmUpdate &&
--      npm.config.get('update-notifier') &&
--      !unsupported.checkVersion(process.version).unsupported
--    ) {
--      const pkg = require('../package.json')
--      let notifier = require('update-notifier')({pkg})
--      const isCI = require('ci-info').isCI
--      if (
--        notifier.update &&
--        notifier.update.latest !== pkg.version &&
--        !isCI
--      ) {
--        const color = require('ansicolors')
--        const useColor = npm.config.get('color')
--        const useUnicode = npm.config.get('unicode')
--        const old = notifier.update.current
--        const latest = notifier.update.latest
--        let type = notifier.update.type
--        if (useColor) {
--          switch (type) {
--            case 'major':
--              type = color.red(type)
--              break
--            case 'minor':
--              type = color.yellow(type)
--              break
--            case 'patch':
--              type = color.green(type)
--              break
--          }
--        }
--        const changelog = `https://github.com/npm/cli/releases/tag/v${latest}`
--        notifier.notify({
--          message: `New ${type} version of ${pkg.name} available! ${
--            useColor ? color.red(old) : old
--          } ${useUnicode ? '→' : '->'} ${
--            useColor ? color.green(latest) : latest
--          }\n` +
--          `${
--            useColor ? color.yellow('Changelog:') : 'Changelog:'
--          } ${
--            useColor ? color.cyan(changelog) : changelog
--          }\n` +
--          `Run ${
--            useColor
--              ? color.green(`npm install -g ${pkg.name}`)
--              : `npm i -g ${pkg.name}`
--          } to update!`
--        })
--      }
--    }
-     npm.commands[npm.command](npm.argv, function (err) {
-       // https://genius.com/Lin-manuel-miranda-your-obedient-servant-lyrics
-       if (
--- 
-2.26.2
-

SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch

@@ -1,122 +0,0 @@
-From 0028cc74dac4dd24b8599ade85cb49fdafa9f559 Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Fri, 6 Dec 2019 16:40:25 -0500
-Subject: [PATCH] build: auto-load ICU data from --with-icu-default-data-dir
-
-When compiled with `--with-intl=small` and
-`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
-fallback location for the ICU data.
-
-We will first perform an access check using fopen(PATH, 'r') to
-ensure that the file is readable. If it is, we'll set the
-icu_data_directory and proceed. There's a slight overhead for the
-fopen() check, but it should be barely measurable.
-
-This will be useful for Linux distribution packagers who want to
-be able to ship a minimal node binary in a container image but
-also be able to add on the full i18n support where needed. With
-this patch, it becomes possible to ship the interpreter as
-/usr/bin/node in one package for the distribution and to ship the
-data files in another package (without a strict dependency
-between the two). This means that users of the distribution will
-not need to explicitly direct Node.js to locate the ICU data. It
-also means that in environments where full internationalization is
-not required, they do not need to carry the extra content (with
-the associated storage costs).
-
-Refs: https://github.com/nodejs/node/issues/3460
-
-Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
-Signed-off-by: rpm-build <rpm-build>
----
- configure.py |  9 +++++++++
- node.gypi    |  7 +++++++
- src/node.cc  | 20 ++++++++++++++++++++
- 3 files changed, 36 insertions(+)
-
-diff --git a/configure.py b/configure.py
-index 89f7bf5..d611a88 100755
---- a/configure.py
-+++ b/configure.py
-@@ -433,6 +433,14 @@ intl_optgroup.add_option('--with-icu-source',
-         'the icu4c source archive. '
-         'v%d.x or later recommended.' % icu_versions['minimum_icu'])
- 
-+intl_optgroup.add_option('--with-icu-default-data-dir',
-+    action='store',
-+    dest='with_icu_default_data_dir',
-+    help='Path to the icuXXdt{lb}.dat file. If unspecified, ICU data will '
-+         'only be read if the NODE_ICU_DATA environment variable or the '
-+         '--icu-data-dir runtime argument is used. This option has effect '
-+         'only when Node.js is built with --with-intl=small-icu.')
-+
- parser.add_option('--with-ltcg',
-     action='store_true',
-     dest='with_ltcg',
-@@ -1359,6 +1367,7 @@ def configure_intl(o):
-     locs.add('root')  # must have root
-     o['variables']['icu_locales'] = string.join(locs,',')
-     # We will check a bit later if we can use the canned deps/icu-small
-+    o['variables']['icu_default_data'] = options.with_icu_default_data_dir or ''
-   elif with_intl == 'full-icu':
-     # full ICU
-     o['variables']['v8_enable_i18n_support'] = 1
-diff --git a/node.gypi b/node.gypi
-index 466a174..65b97d6 100644
---- a/node.gypi
-+++ b/node.gypi
-@@ -113,6 +113,13 @@
-       'conditions': [
-         [ 'icu_small=="true"', {
-           'defines': [ 'NODE_HAVE_SMALL_ICU=1' ],
-+          'conditions': [
-+            [ 'icu_default_data!=""', {
-+              'defines': [
-+                'NODE_ICU_DEFAULT_DATA_DIR="<(icu_default_data)"',
-+              ],
-+            }],
-+          ],
-       }]],
-     }],
-     [ 'node_use_bundled_v8=="true" and \
-diff --git a/src/node.cc b/src/node.cc
-index 7c01187..c9840e3 100644
---- a/src/node.cc
-+++ b/src/node.cc
-@@ -92,6 +92,7 @@
- 
- #if defined(NODE_HAVE_I18N_SUPPORT)
- #include <unicode/uvernum.h>
-+#include <unicode/utypes.h>
- #endif
- 
- #if defined(LEAK_SANITIZER)
-@@ -2643,6 +2644,25 @@ void Init(std::vector<std::string>* argv,
-   // If the parameter isn't given, use the env variable.
-   if (per_process_opts->icu_data_dir.empty())
-     SafeGetenv("NODE_ICU_DATA", &per_process_opts->icu_data_dir);
-+
-+#ifdef NODE_ICU_DEFAULT_DATA_DIR
-+  // If neither the CLI option nor the environment variable was specified,
-+  // fall back to the configured default
-+  if (per_process_opts->icu_data_dir.empty()) {
-+    // Check whether the NODE_ICU_DEFAULT_DATA_DIR contains the right data
-+    // file and can be read.
-+    static const char full_path[] =
-+        NODE_ICU_DEFAULT_DATA_DIR "/" U_ICUDATA_NAME ".dat";
-+
-+    FILE* f = fopen(full_path, "rb");
-+
-+    if (f != nullptr) {
-+      fclose(f);
-+      per_process_opts->icu_data_dir = NODE_ICU_DEFAULT_DATA_DIR;
-+    }
-+  }
-+#endif  // NODE_ICU_DEFAULT_DATA_DIR
-+
-   // Initialize ICU.
-   // If icu_data_dir is empty here, it will load the 'minimal' data.
-   if (!i18n::InitializeICUDirectory(per_process_opts->icu_data_dir)) {
--- 
-2.26.2
-

SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch

@@ -1,13 +0,0 @@
-diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
-index d720681628..727362aac0 100644
---- a/deps/npm/node_modules/y18n/index.js
-+++ b/deps/npm/node_modules/y18n/index.js
-@@ -11,7 +11,7 @@ function Y18N (opts) {
-   this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
- 
-   // internal stuff.
--  this.cache = {}
-+  this.cache = Object.create(null)
-   this.writeQueue = []
- }
- 

SOURCES/npmrc

@@ -1 +0,0 @@
-prefix=/usr/local

SPECS/nodejs.spec

@@ -1,894 +0,0 @@
-%global with_debug 0
-
-# PowerPC, s390x and aarch64 segfault during Debug builds
-# https://github.com/nodejs/node/issues/20642
-%ifarch %{power64} s390x aarch64
-%global with_debug 0
-%endif
-
-# bundle dependencies that are not available as Fedora modules
-%bcond_with bootstrap
-
-# == Master Relase ==
-# This is used by both the nodejs package and the npm subpackage that
-# has a separate version - the name is special so that rpmdev-bumpspec
-# will bump this rather than adding .1 to the end.
-%global baserelease 1
-
-%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
-
-# == Node.js Version ==
-# Note: Fedora should only ship LTS versions of Node.js (currently expected
-# to be major versions with even numbers). The odd-numbered versions are new
-# feature releases that are only supported for nine months, which is shorter
-# than a Fedora release lifecycle.
-%global nodejs_epoch 1
-%global nodejs_major 10
-%global nodejs_minor 24
-%global nodejs_patch 0
-%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
-# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
-%global nodejs_soversion 64
-%global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
-%global nodejs_release %{baserelease}
-
-%global nodejs_datadir %{_datarootdir}/nodejs
-
-# == Bundled Dependency Versions ==
-# v8 - from deps/v8/include/v8-version.h
-# Epoch is set to ensure clean upgrades from the old v8 package
-%global v8_epoch 1
-%global v8_major 6
-%global v8_minor 8
-%global v8_build 275
-%global v8_patch 32
-# V8 presently breaks ABI at least every x.y release while never bumping SONAME
-%global v8_abi %{v8_major}.%{v8_minor}
-%global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
-%global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
-
-# c-ares - from deps/cares/include/ares_version.h
-# https://github.com/nodejs/node/pull/9332
-%global c_ares_major 1
-%global c_ares_minor 15
-%global c_ares_patch 0
-%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
-
-# http-parser - from deps/http_parser/http_parser.h
-%global http_parser_major 2
-%global http_parser_minor 9
-%global http_parser_patch 4
-%global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}
-
-# libuv - from deps/uv/include/uv/version.h
-%global libuv_major 1
-%global libuv_minor 34
-%global libuv_patch 2
-%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
-
-# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-%global nghttp2_major 1
-%global nghttp2_minor 41
-%global nghttp2_patch 0
-%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
-
-# ICU - from tools/icu/current_ver.dep
-%global icu_major 64
-%global icu_minor 2
-%global icu_version %{icu_major}.%{icu_minor}
-
-%global icudatadir %{nodejs_datadir}/icudata
-%{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
-# " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
-
-
-# punycode - from lib/punycode.js
-# Note: this was merged into the mainline since 0.6.x
-# Note: this will be unmerged in an upcoming major release
-%global punycode_major 2
-%global punycode_minor 1
-%global punycode_patch 0
-%global punycode_version %{punycode_major}.%{punycode_minor}.%{punycode_patch}
-
-# npm - from deps/npm/package.json
-%global npm_epoch 1
-%global npm_major 6
-%global npm_minor 14
-%global npm_patch 11
-%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
-
-# In order to avoid needing to keep incrementing the release version for the
-# main package forever, we will just construct one for npm that is guaranteed
-# to increment safely. Changing this can only be done during an update when the
-# base npm version number is increasing.
-%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
-
-# brotli - from deps/brotli/c/common/version.h
-# v10.x doesn't have --shared-brotli configure option, so we have to bundle it
-%global brotli_major 1
-%global brotli_minor 0
-%global brotli_patch 7
-%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}
-
-Name: nodejs
-Epoch: %{nodejs_epoch}
-Version: %{nodejs_version}
-Release: %{nodejs_release}%{?dist}
-Summary: JavaScript runtime
-License: MIT and ASL 2.0 and ISC and BSD
-Group: Development/Languages
-URL: http://nodejs.org/
-
-ExclusiveArch: %{nodejs_arches}
-
-# nodejs bundles openssl, but we use the system version in Fedora
-# because openssl contains prohibited code, we remove openssl completely from
-# the tarball, using the script in Source100
-Source0: node-v%{nodejs_version}-stripped.tar.gz
-Source1: npmrc
-Source2: btest402.js
-Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz
-Source100: %{name}-tarball.sh
-
-# The native module Requires generator remains in the nodejs SRPM, so it knows
-# the nodejs and v8 versions.  The remainder has migrated to the
-# nodejs-packaging SRPM.
-Source7: nodejs_native.attr
-
-# Disable running gyp on bundled deps we don't use
-Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
-
-# Suppress the message from npm to run `npm -g update npm`
-# This does bad things on an RPM-managed npm.
-Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch
-
-# Upstream patch to enable auto-detection of full ICU data
-# https://github.com/nodejs/node/pull/30825
-Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
-
-# CVE-2020-7774
-Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
-
-BuildRequires: make
-BuildRequires: python2-devel
-BuildRequires: python3-devel
-BuildRequires: zlib-devel
-BuildRequires: gcc >= 6.3.0
-BuildRequires: gcc-c++ >= 6.3.0
-# needed to generate bundled provides for npm dependencies
-# https://src.fedoraproject.org/rpms/nodejs/pull-request/2
-# https://pagure.io/nodejs-packaging/pull-request/10
-BuildRequires: nodejs-packaging
-BuildRequires: chrpath
-BuildRequires: libatomic
-
-%if %{with bootstrap}
-Provides: bundled(http-parser) = %{http_parser_version}
-Provides: bundled(libuv) = %{libuv_version}
-Provides: bundled(nghttp2) = %{nghttp2_version}
-%else
-BuildRequires: systemtap-sdt-devel
-BuildRequires: libuv-devel >= 1:%{libuv_version}
-Requires: libuv >= 1:%{libuv_version}
-BuildRequires: libnghttp2-devel >= %{nghttp2_version}
-Requires: libnghttp2 >= %{nghttp2_version}
-BuildRequires: http-parser-devel >= %{http_parser_version}
-Requires: http-parser >= %{http_parser_version}
-
-%endif
-
-BuildRequires: openssl-devel
-
-# we need the system certificate store
-Requires: ca-certificates
-
-# Pull in the full-icu data by default
-Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
-
-# we need ABI virtual provides where SONAMEs aren't enough/not present so deps
-# break when binary compatibility is broken
-Provides: nodejs(abi) = %{nodejs_abi}
-Provides: nodejs(abi%{nodejs_major}) = %{nodejs_abi}
-Provides: nodejs(v8-abi) = %{v8_abi}
-Provides: nodejs(v8-abi%{v8_major}) = %{v8_abi}
-
-# this corresponds to the "engine" requirement in package.json
-Provides: nodejs(engine) = %{nodejs_version}
-
-# Node.js currently has a conflict with the 'node' package in Fedora
-# The ham-radio group has agreed to rename their binary for us, but
-# in the meantime, we're setting an explicit Conflicts: here
-Conflicts: node <= 0.3.2-12
-
-# The punycode module was absorbed into the standard library in v0.6.
-# It still exists as a seperate package for the benefit of users of older
-# versions.  Since we've never shipped anything older than v0.10 in Fedora,
-# we don't need the seperate nodejs-punycode package, so we Provide it here so
-# dependent packages don't need to override the dependency generator.
-# See also: RHBZ#11511811
-# UPDATE: punycode will be deprecated and so we should unbundle it in Node v8
-# and use upstream module instead
-# https://github.com/nodejs/node/commit/29e49fc286080215031a81effbd59eac092fff2f
-Provides: nodejs-punycode = %{punycode_version}
-Provides: npm(punycode) = %{punycode_version}
-
-# Node.js has forked c-ares from upstream in an incompatible way, so we need
-# to carry the bundled version internally.
-# See https://github.com/nodejs/node/commit/766d063e0578c0f7758c3a965c971763f43fec85
-Provides: bundled(c-ares) = %{c_ares_version}
-
-# Node.js is closely tied to the version of v8 that is used with it. It makes
-# sense to use the bundled version because upstream consistently breaks ABI
-# even in point releases. Node.js upstream has now removed the ability to build
-# against a shared system version entirely.
-# See https://github.com/nodejs/node/commit/d726a177ed59c37cf5306983ed00ecd858cfbbef
-Provides: bundled(v8) = %{v8_version}
-
-# Node.js is bound to a specific version of ICU which may not match the OS
-# We cannot pin the OS to this version of ICU because every update includes
-# an ABI-break, so we'll use the bundled copy.
-Provides: bundled(icu) = %{icu_version}
-
-# Make sure we keep NPM up to date when we update Node.js
-%if 0%{?rhel}
-# EPEL doesn't support Recommends, so make it strict
-Requires: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
-%else
-Recommends: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
-%endif
-
-# Provide bundled brotli until we can build it with system package
-Provides: bundled(brotli) = %{brotli_version}
-
-%description
-Node.js is a platform built on Chrome's JavaScript runtime
-for easily building fast, scalable network applications.
-Node.js uses an event-driven, non-blocking I/O model that
-makes it lightweight and efficient, perfect for data-intensive
-real-time applications that run across distributed devices.
-
-
-%package devel
-Summary: JavaScript runtime - development headers
-Group: Development/Languages
-Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
-Requires: openssl-devel%{?_isa}
-Requires: zlib-devel%{?_isa}
-Requires: nodejs-packaging
-
-%if %{with bootstrap}
-# deps are bundled
-%else
-Requires: http-parser-devel%{?_isa}
-Requires: libuv-devel%{?_isa}
-%endif
-
-%description devel
-Development headers for the Node.js JavaScript runtime.
-
-
-%package full-i18n
-Summary: Non-English locale data for Node.js
-Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
-
-%description full-i18n
-Optional data files to provide full-icu support for Node.js. Remove this
-package to save space if non-English locales are not needed.
-
-
-%package -n npm
-Summary: Node.js Package Manager
-Epoch: %{npm_epoch}
-Version: %{npm_version}
-Release: %{npm_release}%{?dist}
-
-# We used to ship npm separately, but it is so tightly integrated with Node.js
-# (and expected to be present on all Node.js systems) that we ship it bundled
-# now.
-Obsoletes: npm < 0:3.5.4-6
-Provides: npm = %{npm_epoch}:%{npm_version}
-Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
-
-# Do not add epoch to the virtual NPM provides or it will break
-# the automatic dependency-generation script.
-Provides: npm(npm) = %{npm_version}
-
-%description -n npm
-npm is a package manager for node.js. You can use it to install and publish
-your node programs. It manages dependencies and does other cool stuff.
-
-
-%package docs
-Summary: Node.js API documentation
-Group: Documentation
-BuildArch: noarch
-
-# We don't require that the main package be installed to
-# use the docs, but if it is installed, make sure the
-# version always matches
-Conflicts: %{name} > %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
-Conflicts: %{name} < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
-
-%description docs
-The API documentation for the Node.js JavaScript runtime.
-
-
-%prep
-%autosetup -p1 -n node-v%{nodejs_version}
-
-# remove bundled dependencies that we aren't building
-rm -rf deps/zlib
-
-# Replace any instances of unversioned python' with python2
-pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js")
-find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python2~" {} \;
-find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python2~" {} \;
-sed -i "s~python~python2~" $(find . -type f | grep "gyp$")
-sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py
-sed -i "s~usr\/bin\/python.*$~usr\/bin\/python2~" ./deps/v8/tools/mb/mb_unittest.py
-find . -type f -exec sed -i "s~python -c~python2 -c~" {} \;
-sed -i "s~which('python')~which('python2')~" configure
-
-%build
-
-%ifarch s390 s390x %{arm} %ix86
-# Decrease debuginfo verbosity to reduce memory consumption during final
-# library linking
-%global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
-%endif
-
-export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
-export CC='%{__cc}'
-export CXX='%{__cxx}'
-
-# build with debugging symbols and add defines from libuv (#892601)
-# Node's v8 breaks with GCC 6 because of incorrect usage of methods on
-# NULL objects. We need to pass -fno-delete-null-pointer-checks
-export CFLAGS='%{optflags} \
-               -D_LARGEFILE_SOURCE \
-               -D_FILE_OFFSET_BITS=64 \
-               -DZLIB_CONST \
-               -fno-delete-null-pointer-checks'
-export CXXFLAGS='%{optflags} \
-                 -D_LARGEFILE_SOURCE \
-                 -D_FILE_OFFSET_BITS=64 \
-                 -DZLIB_CONST \
-                 -fno-delete-null-pointer-checks'
-
-# Explicit new lines in C(XX)FLAGS can break naive build scripts
-export CFLAGS="$(echo ${CFLAGS} | tr '\n\\' '  ')"
-export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' '  ')"
-
-export LDFLAGS="%{build_ldflags}"
-
-%if %{with bootstrap}
-./configure --prefix=%{_prefix} \
-           --shared-openssl \
-           --shared-zlib \
-           --without-dtrace \
-           --with-intl=small-icu \
-           --openssl-use-def-ca-store
-%else
-./configure --prefix=%{_prefix} \
-           --shared-openssl \
-           --shared-zlib \
-           --shared-libuv \
-           --shared-http-parser \
-           --shared-nghttp2 \
-           --with-dtrace \
-           --with-intl=small-icu \
-           --with-icu-default-data-dir=%{icudatadir} \
-           --openssl-use-def-ca-store
-%endif
-
-%if %{?with_debug} == 1
-# Setting BUILDTYPE=Debug builds both release and debug binaries
-make BUILDTYPE=Debug %{?_smp_mflags}
-%else
-make BUILDTYPE=Release %{?_smp_mflags}
-%endif
-
-# Extract the ICU data and convert it to the appropriate endianness
-pushd deps/
-tar xfz %SOURCE3
-
-pushd icu/source
-
-mkdir -p converted
-%if 0%{?little_endian}
-# The little endian data file is included in the ICU sources
-install -Dpm0644 data/in/icudt%{icu_major}l.dat converted/
-
-%else
-# For the time being, we need to build ICU and use the included `icupkg` tool
-# to convert the little endian data file into a big-endian one.
-# At some point in the future, ICU releases will start including both data
-# files and we should switch to those.
-mkdir -p data/out/tmp
-
-%configure
-%make_build
-
-icu_root=$(pwd)
-LD_LIBRARY_PATH=./lib ./bin/icupkg -tb data/in/icudt%{icu_major}l.dat \
-                                       converted/icudt%{icu_major}b.dat
-%endif
-
-popd # icu/source
-popd # deps
-
-
-%install
-export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
-
-rm -rf %{buildroot}
-
-./tools/install.py install %{buildroot} %{_prefix}
-
-# Set the binary permissions properly
-chmod 0755 %{buildroot}/%{_bindir}/node
-chrpath --delete %{buildroot}%{_bindir}/node
-
-%if %{?with_debug} == 1
-# Install the debug binary and set its permissions
-install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g
-%endif
-
-# own the sitelib directory
-mkdir -p %{buildroot}%{_prefix}/lib/node_modules
-
-# ensure Requires are added to every native module that match the Provides from
-# the nodejs build in the buildroot
-install -Dpm0644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/fileattrs/nodejs_native.attr
-cat << EOF > %{buildroot}%{_rpmconfigdir}/nodejs_native.req
-#!/bin/sh
-echo 'nodejs(abi%{nodejs_major}) >= %nodejs_abi'
-echo 'nodejs(v8-abi%{v8_major}) >= %v8_abi'
-EOF
-chmod 0755 %{buildroot}%{_rpmconfigdir}/nodejs_native.req
-
-# install documentation
-mkdir -p %{buildroot}%{_pkgdocdir}/html
-cp -pr doc/* %{buildroot}%{_pkgdocdir}/html
-rm -f %{buildroot}%{_pkgdocdir}/html/nodejs.1
-
-# node-gyp needs common.gypi too
-mkdir -p %{buildroot}%{_datadir}/node
-cp -p common.gypi %{buildroot}%{_datadir}/node
-
-# Install the GDB init tool into the documentation directory
-mv %{buildroot}/%{_datadir}/doc/node/gdbinit %{buildroot}/%{_pkgdocdir}/gdbinit
-
-# install NPM docs to mandir
-mkdir -p %{buildroot}%{_mandir} \
-         %{buildroot}%{_pkgdocdir}/npm
-
-cp -pr deps/npm/man/* %{buildroot}%{_mandir}/
-rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man
-ln -sf %{_mandir}  %{buildroot}%{_prefix}/lib/node_modules/npm/man
-
-# Install Gatsby HTML documentation to %{_pkgdocdir}
-cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
-rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
-ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs
-
-# Node tries to install some python files into a documentation directory
-# (and not the proper one). Remove them for now until we figure out what to
-# do with them.
-rm -f %{buildroot}/%{_defaultdocdir}/node/lldb_commands.py \
-      %{buildroot}/%{_defaultdocdir}/node/lldbinit
-
-# Some NPM bundled deps are executable but should not be. This causes
-# unnecessary automatic dependencies to be added. Make them not executable.
-# Skip the npm bin directory or the npm binary will not work.
-find %{buildroot}%{_prefix}/lib/node_modules/npm \
-    -not -path "%{buildroot}%{_prefix}/lib/node_modules/npm/bin/*" \
-    -executable -type f \
-    -exec chmod -x {} \;
-
-# The above command is a little overzealous. Add a few permissions back.
-chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin/node-gyp
-chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js
-
-# Drop the NPM default configuration in place
-mkdir -p %{buildroot}%{_sysconfdir}
-cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc
-
-# NPM upstream expects it to be in /usr/etc/npmrc, so we'll put a symlink here
-# This is done in the interests of keeping /usr read-only.
-mkdir -p %{buildroot}%{_prefix}/etc
-ln -s %{_sysconfdir}/npmrc %{buildroot}%{_prefix}/etc/npmrc
-
-# Install the full-icu data files
-install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
-
-
-%check
-# Fail the build if the versions don't match
-%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
-%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
-%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
-
-# Ensure we have punycode and that the version matches
-%{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
-
-# Ensure we have npm and that the version matches
-NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"
-
-# Make sure i18n support is working
-NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
-
-
-%pretrans -n npm -p <lua>
--- Remove all of the symlinks from the bundled npm node_modules directory
--- This scriptlet can be removed in Fedora 31
-base_path = "%{_prefix}/lib/node_modules/npm/node_modules/"
-d_st = posix.stat(base_path)
-if d_st then
-  for f in posix.files(base_path) do
-    path = base_path..f
-    st = posix.stat(path)
-    if st and st.type == "link" then
-      os.remove(path)
-    end
-  end
-end
-
--- Replace the npm man directory with a symlink
--- Drop this scriptlet when F31 is EOL
-path = "%{_prefix}/lib/node_modules/npm/man"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  status = os.rename(path, path .. ".rpmmoved")
-  if not status then
-    suffix = 0
-    while not status do
-      suffix = suffix + 1
-      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
-    end
-    os.rename(path, path .. ".rpmmoved")
-  end
-end
-
-
-%files
-%{_bindir}/node
-%dir %{_prefix}/lib/node_modules
-%dir %{_datadir}/node
-%dir %{_datadir}/systemtap
-%dir %{_datadir}/systemtap/tapset
-%{_datadir}/systemtap/tapset/node.stp
-
-%if %{with bootstrap}
-# no dtrace
-%else
-%dir %{_usr}/lib/dtrace
-%{_usr}/lib/dtrace/node.d
-%endif
-
-%{_rpmconfigdir}/fileattrs/nodejs_native.attr
-%{_rpmconfigdir}/nodejs_native.req
-%license LICENSE
-%doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md
-%doc %{_mandir}/man1/node.1*
-
-
-%files devel
-%if %{?with_debug} == 1
-%{_bindir}/node_g
-%endif
-%{_includedir}/node
-%{_datadir}/node/common.gypi
-%{_pkgdocdir}/gdbinit
-
-
-%files full-i18n
-%dir %{icudatadir}
-%{icudatadir}/icudt%{icu_major}*.dat
-
-
-%files -n npm
-%{_bindir}/npm
-%{_bindir}/npx
-%{_prefix}/lib/node_modules/npm
-%config(noreplace) %{_sysconfdir}/npmrc
-%{_prefix}/etc/npmrc
-%ghost %{_sysconfdir}/npmignore
-%doc %{_mandir}/man1/npm*.1*
-%doc %{_mandir}/man1/npx.1*
-%doc %{_mandir}/man5/folders.5*
-%doc %{_mandir}/man5/install.5*
-%doc %{_mandir}/man5/npmrc.5*
-%doc %{_mandir}/man5/package-json.5*
-%doc %{_mandir}/man5/package-lock-json.5*
-%doc %{_mandir}/man5/package-locks.5*
-%doc %{_mandir}/man5/shrinkwrap-json.5*
-%doc %{_mandir}/man7/config.7*
-%doc %{_mandir}/man7/developers.7*
-%doc %{_mandir}/man7/disputes.7*
-%doc %{_mandir}/man7/orgs.7*
-%doc %{_mandir}/man7/registry.7*
-%doc %{_mandir}/man7/removal.7*
-%doc %{_mandir}/man7/scope.7*
-%doc %{_mandir}/man7/scripts.7*
-%doc %{_mandir}/man7/semver.7*
-
-
-%files docs
-%dir %{_pkgdocdir}
-%{_pkgdocdir}/html
-%{_pkgdocdir}/npm/docs
-
-
-%changelog
-* Wed Feb 24 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.24.0-1
-- Resolves: RHBZ#1932373, RHBZ#1932426
-- Resolves CVE-2021-22883 and CVE-2021-22884
-- remove -debug-nghttp2 flag (1930775)
-- remove ini patch merged upstream
-
-* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.23.1-1
-- January Security release
-- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
-- Rebase to 10.23.1
-- Resolves: RHBZ#1916461, RHBZ#1914789
-- Resolves: RHBZ#1914783, RHBZ#1916462, RHBZ#1916395, RHBZ#1916459
-- Resolves: RHBZ#1916691, RHBZ#1916689, RHBZ#1916388
-- Remove dot-prop patch, as it is fixed by npm rebase
-
-* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 1:10.22.1-1
-- Security rebase to 10.22.1
-
-* Wed Jun 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-3
-- Resolves: RHBZ#1845307
-- Remove brotli-devel requires from nodejs-devel
-
-* Tue Jun 16 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-2
-- Resolves: RHBZ#1845307
-- Turn off debug builds
-
-* Mon Jun 15 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-1
-- Security update to 10.21.0
-- Resolves: RHBZ#1845307
-- Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531
-- Bundle brotli, because --shared-brotli configure option is missing
-- Add i18n subpackage
-
-* Wed Mar 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.19.0-2
-- Resolves: RHBZ#1811499
-
-* Mon Feb 10 2020 Jan Staněk <jstanek@redhat.com> - 1:10.19.0-1
-- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606
-
-* Tue Sep 10 2019 Jan Staněk <jstanek@redhat.com> - 1:10.16.3-1
-- Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518
-
-* Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
-- move nodejs-packaging BR out of conditional
-
-* Tue Dec 11 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-1
-- Resolves: RHBZ#1644207
-- fixes node-gyp permissions
-- rebase
-
-* Thu Oct 11 2018 Jan Staněk <jstanek@redhat.com> - 1:10.11.0-2
-- BuildRequire nodejs-packaging for proper npm dependency generation
-- Resolves: rhbz#1615947
-
-* Mon Oct 08 2018 Jan Staněk <jstanek@redhat.com> - 1:10.11.0-1
-- Rebase to 10.11.0
-- Import changes from fedora
-- Resolves: rhbz#1621766
-
-* Mon Jul 30 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.7.0-5
-- Import sources from fedora
-- Allow using python2 at %%build and %%install
-- turn off debug for aarch64
-
-* Fri Jul 20 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.7.0-4
-- Fix npm upgrade scriptlet
-- Fix unexpected trailing .1 in npm release field
-
-* Fri Jul 20 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.7.0-3
-- Restore annotations to binaries
-- Fix unexpected trailing .1 in release field
-
-* Thu Jul 19 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.7.0-2
-- Update to 10.7.0
-- https://nodejs.org/en/blog/release/v10.7.0/
-- https://nodejs.org/en/blog/release/v10.6.0/
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:10.5.0-1.1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Thu Jun 21 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.5.0-1
-- Update to 10.5.0
-- https://nodejs.org/en/blog/release/v10.5.0/
-
-* Thu Jun 14 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.4.1-1
-- Update to 10.4.1 to address security issues
-- https://nodejs.org/en/blog/release/v10.4.1/
-- Resolves: rhbz#1590801
-- Resolves: rhbz#1591014
-- Resolves: rhbz#1591019
-
-* Thu Jun 07 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.4.0-1
-- Update to 10.4.0
-- https://nodejs.org/en/blog/release/v10.4.0/
-
-* Wed May 30 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.3.0-1
-- Update to 10.3.0
-- Update npm to 6.1.0
-- https://nodejs.org/en/blog/release/v10.3.0/
-
-* Tue May 29 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.2.1-2
-- Fix up bare 'python' to be python2
-- Drop redundant entry in docs section
-
-* Fri May 25 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.2.1-1
-- Update to 10.2.1
-- https://nodejs.org/en/blog/release/v10.2.1/
-
-* Wed May 23 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.2.0-1
-- Update to 10.2.0
-- https://nodejs.org/en/blog/release/v10.2.0/
-
-* Thu May 10 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.1.0-3
-- Fix incorrect rpm macro
-
-* Thu May 10 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.1.0-2
-- Include upstream v8 fix for ppc64[le]
-- Disable debug build on ppc64[le] and s390x
-
-* Wed May 09 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.1.0-1
-- Update to 10.1.0
-- https://nodejs.org/en/blog/release/v10.1.0/
-- Reenable node_g binary
-
-* Thu Apr 26 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.0.0-1
-- Update to 10.0.0
-- https://nodejs.org/en/blog/release/v10.0.0/
-- Drop workaround patch
-- Temporarily drop node_g binary due to
-  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587
-
-* Fri Apr 13 2018 Rafael dos Santos <rdossant@redhat.com> - 1:9.11.1-2
-- Use standard Fedora linker flags (bug #1543859)
-
-* Thu Apr 05 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.11.1-1
-- Update to 9.11.1
-- https://nodejs.org/en/blog/release/v9.11.0/
-- https://nodejs.org/en/blog/release/v9.11.1/
-
-* Wed Mar 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.10.0-1
-- Update to 9.10.0
-- https://nodejs.org/en/blog/release/v9.10.0/
-
-* Wed Mar 21 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.9.0-1
-- Update to 9.9.0
-- https://nodejs.org/en/blog/release/v9.9.0/
-
-* Thu Mar 08 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.8.0-1
-- Update to 9.8.0
-- https://nodejs.org/en/blog/release/v9.8.0/
-
-* Thu Mar 01 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.7.0-1
-- Update to 9.7.0
-- https://nodejs.org/en/blog/release/v9.7.0/
-- Work around F28 build issue
-
-* Sun Feb 25 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.6.1-1
-- Update to 9.6.1
-- https://nodejs.org/en/blog/release/v9.6.1/
-- https://nodejs.org/en/blog/release/v9.6.0/
-
-* Mon Feb 05 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:9.5.0-1
-- Package Node.js 9.5.0
-
-* Thu Jan 11 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:8.9.4-2
-- Fix incorrect Requires:
-
-* Thu Jan 11 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:8.9.4-1
-- Update to 8.9.4
-- https://nodejs.org/en/blog/release/v8.9.4/
-- Switch to system copy of nghttp2
-
-* Fri Dec 08 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.9.3-2
-- Update to 8.9.3
-- https://nodejs.org/en/blog/release/v8.9.3/
-- https://nodejs.org/en/blog/release/v8.9.2/
-
-* Thu Nov 30 2017 Pete Walter <pwalter@fedoraproject.org> - 1:8.9.1-2
-- Rebuild for ICU 60.1
-
-* Thu Nov 09 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.9.1-1
-- Update to 8.9.1
-
-* Tue Oct 31 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.9.0-1
-- Update to 8.9.0
-- Drop upstreamed patch
-
-* Thu Oct 26 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.8.1-1
-- Update to 8.8.1 to fix a regression
-
-* Wed Oct 25 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.8.0-1
-- Security update to 8.8.0
-- https://nodejs.org/en/blog/release/v8.8.0/
-
-* Sun Oct 15 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.7.0-1
-- Update to 8.7.0
-- https://nodejs.org/en/blog/release/v8.7.0/
-
-* Fri Oct 06 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.6.0-2
-- Use bcond macro instead of bootstrap conditional
-
-* Wed Sep 27 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.6.0-1
-- Fix nghttp2 version
-- Update to 8.6.0
-- https://nodejs.org/en/blog/release/v8.6.0/
-
-* Wed Sep 20 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.5.0-3
-- Build with bootstrap + bundle libuv for modularity
-- backport patch for aarch64 debug build
-
-* Wed Sep 13 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.5.0-2
-- Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395
-
-* Tue Sep 12 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.5.0-1
-- Update to v8.5.0
-- https://nodejs.org/en/blog/release/v8.5.0/
-
-* Thu Sep 07 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.4.0-2
-- Refactor openssl BR
-
-* Wed Aug 16 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.4.0-1
-- Update to v8.4.0
-- https://nodejs.org/en/blog/release/v8.4.0/
-- http2 is now supported, add bundled nghttp2
-- remove openssl 1.0.1 patches, we won't be using them in fedora
-
-* Thu Aug 10 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.3.0-1
-- Update to v8.3.0
-- https://nodejs.org/en/blog/release/v8.3.0/
-- update V8 to 6.0
-- update minimal gcc and g++ requirements to 4.9.4
-
-* Wed Aug 09 2017 Tom Hughes <tom@compton.nu> - 1:8.2.1-2
-- Bump release to fix broken dependencies
-
-* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:8.2.1-1.2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:8.2.1-1.1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Fri Jul 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.2.1-1
-- Update to v8.2.1
-- https://nodejs.org/en/blog/release/v8.2.1/
-
-* Thu Jul 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.2.0-1
-- Update to v8.2.0
-- https://nodejs.org/en/blog/release/v8.2.0/
-- Update npm to 5.3.0
-- Adds npx command
-
-* Tue Jul 18 2017 Igor Gnatenko <ignatenko@redhat.com> - 1:8.1.4-3
-- s/BuildRequires/Requires/ for http-parser-devel%%{?_isa}
-
-* Mon Jul 17 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.1.4-2
-- Rename python-devel to python2-devel
-- own %%{_pkgdocdir}/npm
-
-* Tue Jul 11 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:8.1.4-1
-- Update to v8.1.4
-- https://nodejs.org/en/blog/release/v8.1.4/
-- Drop upstreamed c-ares patch
-
-* Thu Jun 29 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.1.3-1
-- Update to v8.1.3
-- https://nodejs.org/en/blog/release/v8.1.3/
-
-* Wed Jun 28 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:8.1.2-1
-- Update to v8.1.2
-- remove GCC 7 patch, as it is now fixed in node >= 6.12
-

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

macros.nodejs

@@ -0,0 +1,33 @@
+# nodejs binary
+%__nodejs %{_bindir}/node
+
+# nodejs library directory
+%nodejs_sitelib %{_prefix}/lib/node_modules
+
+#arch specific library directory
+#for future-proofing only; we don't do multilib
+%nodejs_sitearch %{nodejs_sitelib}
+
+# currently installed nodejs version
+%nodejs_version %(%{__nodejs} -v | sed s/v//)
+
+# symlink dependencies so `npm link` works
+# this should be run in every module's %%install section
+# pass --check to work in the current directory instead of the buildroot
+# pass --no-devdeps to ignore devDependencies when --check is used
+%nodejs_symlink_deps %{_rpmconfigdir}/nodejs-symlink-deps %{nodejs_sitelib}
+
+# patch package.json to fix a dependency
+# see `man npm-json` for details on writing dependencies for package.json files
+# e.g. `%%nodejs_fixdep frobber` makes any version of frobber do
+#      `%%nodejs_fixdep frobber '>1.0'` requires frobber > 1.0
+#      `%%nodejs_fixdep -r frobber removes the frobber dep
+%nodejs_fixdep %{_rpmconfigdir}/nodejs-fixdep
+
+# macro to filter unwanted provides from Node.js binary native modules
+%nodejs_default_filter %{expand: \
+%global __provides_exclude_from ^%{nodejs_sitearch}/.*\\.node$
+}
+
+# no-op macro to allow spec compatibility with EPEL
+%nodejs_find_provides_and_requires %{nil}

nodejs-CVE-2024-22019.patch

@@ -0,0 +1,575 @@
+Fix CVE-2024-22019
+
+Resolves: RHEL-28064
+
+This is a combination of the upstream commit from v18:
+https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171
+
+and necessary rebase of llhttp from 6.0.11 to 6.1.0 that has the needed
+chunk features.
+
+From 11bd886e0a4eadd7e55502758fff6486a3fa3a4e Mon Sep 17 00:00:00 2001
+From: Paolo Insogna <paolo@cowtech.it>
+Date: Tue, 9 Jan 2024 18:10:04 +0100
+Subject: [PATCH] http: add maximum chunk extension size
+
+Cherry-picked from v18 patch:
+https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171
+
+PR-URL: https://github.com/nodejs-private/node-private/pull/520
+Refs: https://github.com/nodejs-private/node-private/pull/518
+CVE-ID: CVE-2024-22019
+---
+ deps/llhttp/.gitignore                        |   1 +
+ deps/llhttp/CMakeLists.txt                    |   2 +-
+ deps/llhttp/include/llhttp.h                  |   7 +-
+ deps/llhttp/src/api.c                         |   7 +
+ deps/llhttp/src/llhttp.c                      | 122 ++++++++++++++--
+ doc/api/errors.md                             |  12 ++
+ lib/_http_server.js                           |   9 ++
+ src/node_http_parser.cc                       |  20 ++-
+ .../test-http-chunk-extensions-limit.js       | 131 ++++++++++++++++++
+ tools/update-llhttp.sh                        |   2 +-
+ 10 files changed, 294 insertions(+), 19 deletions(-)
+ create mode 100644 deps/llhttp/.gitignore
+ create mode 100644 test/parallel/test-http-chunk-extensions-limit.js
+
+diff --git a/deps/llhttp/.gitignore b/deps/llhttp/.gitignore
+new file mode 100644
+index 0000000000..98438a2cd3
+--- /dev/null
++++ b/deps/llhttp/.gitignore
+@@ -0,0 +1 @@
++libllhttp.pc
+diff --git a/deps/llhttp/CMakeLists.txt b/deps/llhttp/CMakeLists.txt
+index d0382038b9..747564a76f 100644
+--- a/deps/llhttp/CMakeLists.txt
++++ b/deps/llhttp/CMakeLists.txt
+@@ -1,7 +1,7 @@
+ cmake_minimum_required(VERSION 3.5.1)
+ cmake_policy(SET CMP0069 NEW)
+ 
+-project(llhttp VERSION 6.0.11)
++project(llhttp VERSION 6.1.0)
+ include(GNUInstallDirs)
+ 
+ set(CMAKE_C_STANDARD 99)
+diff --git a/deps/llhttp/include/llhttp.h b/deps/llhttp/include/llhttp.h
+index 2da66f15e6..78f27abc03 100644
+--- a/deps/llhttp/include/llhttp.h
++++ b/deps/llhttp/include/llhttp.h
+@@ -2,8 +2,8 @@
+ #define INCLUDE_LLHTTP_H_
+ 
+ #define LLHTTP_VERSION_MAJOR 6
+-#define LLHTTP_VERSION_MINOR 0
+-#define LLHTTP_VERSION_PATCH 11
++#define LLHTTP_VERSION_MINOR 1
++#define LLHTTP_VERSION_PATCH 0
+ 
+ #ifndef LLHTTP_STRICT_MODE
+ # define LLHTTP_STRICT_MODE 0
+@@ -348,6 +348,9 @@ struct llhttp_settings_s {
+    */
+   llhttp_cb      on_headers_complete;
+ 
++  /* Possible return values 0, -1, HPE_USER */
++  llhttp_data_cb on_chunk_parameters;
++
+   /* Possible return values 0, -1, HPE_USER */
+   llhttp_data_cb on_body;
+ 
+diff --git a/deps/llhttp/src/api.c b/deps/llhttp/src/api.c
+index c4ce197c58..d3065b3664 100644
+--- a/deps/llhttp/src/api.c
++++ b/deps/llhttp/src/api.c
+@@ -355,6 +355,13 @@ int llhttp__on_chunk_header(llhttp_t* s, const char* p, const char* endp) {
+ }
+ 
+ 
++int llhttp__on_chunk_parameters(llhttp_t* s, const char* p, const char* endp) {
++  int err;
++  SPAN_CALLBACK_MAYBE(s, on_chunk_parameters, p, endp - p);
++  return err;
++}
++
++
+ int llhttp__on_chunk_complete(llhttp_t* s, const char* p, const char* endp) {
+   int err;
+   CALLBACK_MAYBE(s, on_chunk_complete);
+diff --git a/deps/llhttp/src/llhttp.c b/deps/llhttp/src/llhttp.c
+index 5e7c5d1093..e6db6e3188 100644
+--- a/deps/llhttp/src/llhttp.c
++++ b/deps/llhttp/src/llhttp.c
+@@ -340,6 +340,8 @@ enum llparse_state_e {
+   s_n_llhttp__internal__n_invoke_is_equal_content_length,
+   s_n_llhttp__internal__n_chunk_size_almost_done,
+   s_n_llhttp__internal__n_chunk_parameters,
++  s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters,
++  s_n_llhttp__internal__n_chunk_parameters_ows,
+   s_n_llhttp__internal__n_chunk_size_otherwise,
+   s_n_llhttp__internal__n_chunk_size,
+   s_n_llhttp__internal__n_chunk_size_digit,
+@@ -539,6 +541,10 @@ int llhttp__on_body(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+ 
++int llhttp__on_chunk_parameters(
++    llhttp__internal_t* s, const unsigned char* p,
++    const unsigned char* endp);
++
+ int llhttp__on_status(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+@@ -1226,8 +1232,7 @@ static llparse_state_t llhttp__internal__run(
+           goto s_n_llhttp__internal__n_chunk_parameters;
+         }
+         case 2: {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_size_almost_done;
++          goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_10;
+@@ -1236,6 +1241,34 @@ static llparse_state_t llhttp__internal__run(
+       /* UNREACHABLE */;
+       abort();
+     }
++    case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters:
++    s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++      }
++      state->_span_pos0 = (void*) p;
++      state->_span_cb0 = llhttp__on_chunk_parameters;
++      goto s_n_llhttp__internal__n_chunk_parameters;
++      /* UNREACHABLE */;
++      abort();
++    }
++    case s_n_llhttp__internal__n_chunk_parameters_ows:
++    s_n_llhttp__internal__n_chunk_parameters_ows: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_chunk_parameters_ows;
++      }
++      switch (*p) {
++        case ' ': {
++          p++;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
++        }
++        default: {
++          goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++        }
++      }
++      /* UNREACHABLE */;
++      abort();
++    }
+     case s_n_llhttp__internal__n_chunk_size_otherwise:
+     s_n_llhttp__internal__n_chunk_size_otherwise: {
+       if (p == endp) {
+@@ -1246,13 +1279,9 @@ static llparse_state_t llhttp__internal__run(
+           p++;
+           goto s_n_llhttp__internal__n_chunk_size_almost_done;
+         }
+-        case ' ': {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
+-        }
+         case ';': {
+           p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_11;
+@@ -6074,6 +6103,24 @@ static llparse_state_t llhttp__internal__run(
+     /* UNREACHABLE */;
+     abort();
+   }
++  s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: {
++    const unsigned char* start;
++    int err;
++    
++    start = state->_span_pos0;
++    state->_span_pos0 = NULL;
++    err = llhttp__on_chunk_parameters(state, start, p);
++    if (err != 0) {
++      state->error = err;
++      state->error_pos = (const char*) (p + 1);
++      state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done;
++      return s_error;
++    }
++    p++;
++    goto s_n_llhttp__internal__n_chunk_size_almost_done;
++    /* UNREACHABLE */;
++    abort();
++  }
+   s_n_llhttp__internal__n_error_10: {
+     state->error = 0x2;
+     state->reason = "Invalid character in chunk parameters";
+@@ -8441,6 +8488,8 @@ enum llparse_state_e {
+   s_n_llhttp__internal__n_invoke_is_equal_content_length,
+   s_n_llhttp__internal__n_chunk_size_almost_done,
+   s_n_llhttp__internal__n_chunk_parameters,
++  s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters,
++  s_n_llhttp__internal__n_chunk_parameters_ows,
+   s_n_llhttp__internal__n_chunk_size_otherwise,
+   s_n_llhttp__internal__n_chunk_size,
+   s_n_llhttp__internal__n_chunk_size_digit,
+@@ -8635,6 +8684,10 @@ int llhttp__on_body(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+ 
++int llhttp__on_chunk_parameters(
++    llhttp__internal_t* s, const unsigned char* p,
++    const unsigned char* endp);
++
+ int llhttp__on_status(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+@@ -9299,8 +9352,7 @@ static llparse_state_t llhttp__internal__run(
+           goto s_n_llhttp__internal__n_chunk_parameters;
+         }
+         case 2: {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_size_almost_done;
++          goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_6;
+@@ -9309,6 +9361,34 @@ static llparse_state_t llhttp__internal__run(
+       /* UNREACHABLE */;
+       abort();
+     }
++    case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters:
++    s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++      }
++      state->_span_pos0 = (void*) p;
++      state->_span_cb0 = llhttp__on_chunk_parameters;
++      goto s_n_llhttp__internal__n_chunk_parameters;
++      /* UNREACHABLE */;
++      abort();
++    }
++    case s_n_llhttp__internal__n_chunk_parameters_ows:
++    s_n_llhttp__internal__n_chunk_parameters_ows: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_chunk_parameters_ows;
++      }
++      switch (*p) {
++        case ' ': {
++          p++;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
++        }
++        default: {
++          goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++        }
++      }
++      /* UNREACHABLE */;
++      abort();
++    }
+     case s_n_llhttp__internal__n_chunk_size_otherwise:
+     s_n_llhttp__internal__n_chunk_size_otherwise: {
+       if (p == endp) {
+@@ -9319,13 +9399,9 @@ static llparse_state_t llhttp__internal__run(
+           p++;
+           goto s_n_llhttp__internal__n_chunk_size_almost_done;
+         }
+-        case ' ': {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
+-        }
+         case ';': {
+           p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_7;
+@@ -13951,6 +14027,24 @@ static llparse_state_t llhttp__internal__run(
+     /* UNREACHABLE */;
+     abort();
+   }
++  s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: {
++    const unsigned char* start;
++    int err;
++    
++    start = state->_span_pos0;
++    state->_span_pos0 = NULL;
++    err = llhttp__on_chunk_parameters(state, start, p);
++    if (err != 0) {
++      state->error = err;
++      state->error_pos = (const char*) (p + 1);
++      state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done;
++      return s_error;
++    }
++    p++;
++    goto s_n_llhttp__internal__n_chunk_size_almost_done;
++    /* UNREACHABLE */;
++    abort();
++  }
+   s_n_llhttp__internal__n_error_6: {
+     state->error = 0x2;
+     state->reason = "Invalid character in chunk parameters";
+diff --git a/doc/api/errors.md b/doc/api/errors.md
+index dcf8744d8b..a76bfe528d 100644
+--- a/doc/api/errors.md
++++ b/doc/api/errors.md
+@@ -3043,6 +3043,18 @@ malconfigured clients, if more than 8 KiB of HTTP header data is received then
+ HTTP parsing will abort without a request or response object being created, and
+ an `Error` with this code will be emitted.
+ 
++<a id="HPE_CHUNK_EXTENSIONS_OVERFLOW"></a>
++
++### `HPE_CHUNK_EXTENSIONS_OVERFLOW`
++
++<!-- YAML
++added: REPLACEME
++-->
++
++Too much data was received for a chunk extensions. In order to protect against
++malicious or malconfigured clients, if more than 16 KiB of data is received
++then an `Error` with this code will be emitted.
++
+ <a id="HPE_UNEXPECTED_CONTENT_LENGTH"></a>
+ 
+ ### `HPE_UNEXPECTED_CONTENT_LENGTH`
+diff --git a/lib/_http_server.js b/lib/_http_server.js
+index 4e23266f63..325bce6f54 100644
+--- a/lib/_http_server.js
++++ b/lib/_http_server.js
+@@ -706,6 +706,12 @@ const requestHeaderFieldsTooLargeResponse = Buffer.from(
+   `HTTP/1.1 431 ${STATUS_CODES[431]}\r\n` +
+   'Connection: close\r\n\r\n', 'ascii'
+ );
++
++const requestChunkExtensionsTooLargeResponse = Buffer.from(
++  `HTTP/1.1 413 ${STATUS_CODES[413]}\r\n` +
++  'Connection: close\r\n\r\n', 'ascii',
++);
++
+ function socketOnError(e) {
+   // Ignore further errors
+   this.removeListener('error', socketOnError);
+@@ -719,6 +725,9 @@ function socketOnError(e) {
+         case 'HPE_HEADER_OVERFLOW':
+           response = requestHeaderFieldsTooLargeResponse;
+           break;
++        case 'HPE_CHUNK_EXTENSIONS_OVERFLOW':
++          response = requestChunkExtensionsTooLargeResponse;
++          break;
+         case 'ERR_HTTP_REQUEST_TIMEOUT':
+           response = requestTimeoutResponse;
+           break;
+diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc
+index 74f32480b9..b92e8486ae 100644
+--- a/src/node_http_parser.cc
++++ b/src/node_http_parser.cc
+@@ -79,6 +79,8 @@ const uint32_t kOnExecute = 5;
+ const uint32_t kOnTimeout = 6;
+ // Any more fields than this will be flushed into JS
+ const size_t kMaxHeaderFieldsCount = 32;
++// Maximum size of chunk extensions
++const size_t kMaxChunkExtensionsSize = 16384;
+ 
+ const uint32_t kLenientNone = 0;
+ const uint32_t kLenientHeaders = 1 << 0;
+@@ -206,6 +208,7 @@ class Parser : public AsyncWrap, public StreamListener {
+ 
+   int on_message_begin() {
+     num_fields_ = num_values_ = 0;
++    chunk_extensions_nread_ = 0;
+     url_.Reset();
+     status_message_.Reset();
+     header_parsing_start_time_ = uv_hrtime();
+@@ -443,9 +446,22 @@ class Parser : public AsyncWrap, public StreamListener {
+     return 0;
+   }
+ 
+-  // Reset nread for the next chunk
++  int on_chunk_extension(const char* at, size_t length) {
++    chunk_extensions_nread_ += length;
++
++    if (chunk_extensions_nread_ > kMaxChunkExtensionsSize) {
++      llhttp_set_error_reason(&parser_,
++        "HPE_CHUNK_EXTENSIONS_OVERFLOW:Chunk extensions overflow");
++      return HPE_USER;
++    }
++
++    return 0;
++  }
++
++  // Reset nread for the next chunk and also reset the extensions counter
+   int on_chunk_header() {
+     header_nread_ = 0;
++    chunk_extensions_nread_ = 0;
+     return 0;
+   }
+ 
+@@ -887,6 +903,7 @@ class Parser : public AsyncWrap, public StreamListener {
+   const char* current_buffer_data_;
+   bool pending_pause_ = false;
+   uint64_t header_nread_ = 0;
++  uint64_t chunk_extensions_nread_ = 0;
+   uint64_t max_http_header_size_;
+   uint64_t headers_timeout_;
+   uint64_t header_parsing_start_time_ = 0;
+@@ -921,6 +938,7 @@ const llhttp_settings_t Parser::settings = {
+   Proxy<DataCall, &Parser::on_header_field>::Raw,
+   Proxy<DataCall, &Parser::on_header_value>::Raw,
+   Proxy<Call, &Parser::on_headers_complete>::Raw,
++  Proxy<DataCall, &Parser::on_chunk_extension>::Raw,
+   Proxy<DataCall, &Parser::on_body>::Raw,
+   Proxy<Call, &Parser::on_message_complete>::Raw,
+   Proxy<Call, &Parser::on_chunk_header>::Raw,
+diff --git a/test/parallel/test-http-chunk-extensions-limit.js b/test/parallel/test-http-chunk-extensions-limit.js
+new file mode 100644
+index 0000000000..6868b3da6c
+--- /dev/null
++++ b/test/parallel/test-http-chunk-extensions-limit.js
+@@ -0,0 +1,131 @@
++'use strict';
++
++const common = require('../common');
++const http = require('http');
++const net = require('net');
++const assert = require('assert');
++
++// Verify that chunk extensions are limited in size when sent all together.
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'Content-Type': 'text/plain' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let data = '';
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n');
++      server.close();
++    }));
++
++    sock.end('' +
++      'GET / HTTP/1.1\r\n' +
++      'Host: localhost:8080\r\n' +
++      'Transfer-Encoding: chunked\r\n\r\n' +
++      '2;' + 'A'.repeat(20000) + '=bar\r\nAA\r\n' +
++      '0\r\n\r\n'
++    );
++  });
++}
++
++// Verify that chunk extensions are limited in size when sent in intervals.
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'Content-Type': 'text/plain' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let remaining = 20000;
++    let data = '';
++
++    const interval = setInterval(
++      () => {
++        if (remaining > 0) {
++          sock.write('A'.repeat(1000));
++        } else {
++          sock.write('=bar\r\nAA\r\n0\r\n\r\n');
++          clearInterval(interval);
++        }
++
++        remaining -= 1000;
++      },
++      common.platformTimeout(20),
++    ).unref();
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n');
++      server.close();
++    }));
++
++    sock.write('' +
++    'GET / HTTP/1.1\r\n' +
++    'Host: localhost:8080\r\n' +
++    'Transfer-Encoding: chunked\r\n\r\n' +
++    '2;'
++    );
++  });
++}
++
++// Verify the chunk extensions is correctly reset after a chunk
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'content-type': 'text/plain', 'connection': 'close', 'date': 'now' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let data = '';
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(
++        data,
++        'HTTP/1.1 200 OK\r\n' +
++        'content-type: text/plain\r\n' +
++        'connection: close\r\n' +
++        'date: now\r\n' +
++        'Transfer-Encoding: chunked\r\n' +
++        '\r\n' +
++        '3\r\n' +
++        'bye\r\n' +
++        '0\r\n' +
++        '\r\n',
++      );
++
++      server.close();
++    }));
++
++    sock.end('' +
++      'GET / HTTP/1.1\r\n' +
++      'Host: localhost:8080\r\n' +
++      'Transfer-Encoding: chunked\r\n\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '0\r\n\r\n'
++    );
++  });
++}
+diff --git a/tools/update-llhttp.sh b/tools/update-llhttp.sh
+index 12e2f465d7..a95eef1237 100755
+--- a/tools/update-llhttp.sh
++++ b/tools/update-llhttp.sh
+@@ -59,5 +59,5 @@ echo ""
+ echo "Please git add llhttp, commit the new version:"
+ echo ""
+ echo "$ git add -A deps/llhttp"
+-echo "$ git commit -m \"deps: update nghttp2 to $LLHTTP_VERSION\""
++echo "$ git commit -m \"deps: update llhttp to $LLHTTP_VERSION\""
+ echo ""
+-- 
+2.41.0
+

nodejs-tarball.sh

@@ -128,7 +128,7 @@ echo "$ICUMD5  $ICUTARBALL" > icu.md5
 md5sum -c icu.md5
 rm -f icu.md5 SHASUMS256.txt
 
-rhpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
+#fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
 
 rm -f node-v${version}.tar.gz
 
@@ -155,11 +155,11 @@ grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_versio
 grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
 grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
 echo
-echo "http-parser"
+echo "llhttp"
 echo "========================="
-grep "define HTTP_PARSER_VERSION_MAJOR" node-v${version}/deps/http_parser/http_parser.h
-grep "define HTTP_PARSER_VERSION_MINOR" node-v${version}/deps/http_parser/http_parser.h
-grep "define HTTP_PARSER_VERSION_PATCH" node-v${version}/deps/http_parser/http_parser.h
+grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
+grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
+grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
 echo
 echo "libuv"
 echo "========================="
@@ -171,6 +171,14 @@ echo "nghttp2"
 echo "========================="
 grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
 echo
+echo "nghttp3"
+echo "========================="
+grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
+echo
+echo "ngtcp2"
+echo "========================="
+grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
+echo
 echo "ICU"
 echo "========================="
 grep "url" node-v${version}/tools/icu/current_ver.dep
@@ -179,6 +187,12 @@ echo "punycode"
 echo "========================="
 grep "'version'" node-v${version}/lib/punycode.js
 echo
+echo "uvwasi"
+echo "========================="
+grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
+grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
+grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
+echo
 echo "npm"
 echo "========================="
 grep "\"version\":" node-v${version}/deps/npm/package.json

npmrc

@@ -0,0 +1,2 @@
+prefix=/usr/local
+python=/usr/bin/python3

npmrc.builtin.in

@@ -0,0 +1,5 @@
+# This is the distibution-level configuration file for npm.
+# To configure NPM on a system level, use the globalconfig below (defaults to @SYSCONFDIR@/npmrc).
+# vim:set filetype=dosini:
+
+globalconfig=@SYSCONFDIR@/npmrc

package.cfg

@@ -0,0 +1,2 @@
+[koji]
+targets = master f34 f33

sources

@@ -0,0 +1,6 @@
+SHA512 (node-v16.20.2-stripped.tar.gz) = 9ab65824a56382a72075533274ba5a86dc1fc2adb0215c81c6c9084c6dea45c3107630c0d203557cac867e00caf1c5449a97445cd5914c3e870d9055d2c409de
+SHA512 (icu4c-71_1-src.tgz) = 1fd2a20aef48369d1f06e2bb74584877b8ad0eb529320b976264ec2db87420bae242715795f372dbc513ea80047bc49077a064e78205cd5e8b33d746fd2a2912
+SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb
+SHA512 (undici-5.20.0.tar.gz) = 75a4c164081bbc8114aceeb48680db003cb014d7f92f157d03e9a36c775606a4bede5dbba236ba1722a651ab91968cb192eeae671ec1024f826c4b452d4e20ff
+SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c
+SHA512 (wasi-sdk-wasi-sdk-14.tar.gz) = 4fecb3d9c04b91eb2388a9e51d49fbff6f22b81f9945a07ecdbfe479c96dad1e3b673b8bee24842b0dae5294129a9cb35dcf8e5ecf45437a6d01fb6e0fd13645