.gitignore

@@ -1,2 +1,2 @@
-SOURCES/icu4c-67_1-src.tgz
-SOURCES/node-v12.22.12-stripped.tar.gz
+SOURCES/icu4c-64_2-src.tgz
+SOURCES/node-v10.24.0-stripped.tar.gz

.nodejs.metadata

@@ -1,2 +1,2 @@
-6822a4a94324d1ba591b3e8ef084e4491af253c1 SOURCES/icu4c-67_1-src.tgz
-49c907b1445701724914a0571bf6be62a25583af SOURCES/node-v12.22.12-stripped.tar.gz
+3127155ecf2b75ab4835f501b7478e39c07bb852 SOURCES/icu4c-64_2-src.tgz
+be0e0b385a852c376f452b3d94727492e05407e4 SOURCES/node-v10.24.0-stripped.tar.gz

SOURCES/0001-Disable-running-gyp-on-shared-deps.patch

@@ -1,26 +1,31 @@
-From 641730c7d1322dacd8e1020ec0753795d01200f0 Mon Sep 17 00:00:00 2001
+From 2cd4c12776af3da588231d3eb498e6451c30eae5 Mon Sep 17 00:00:00 2001
 From: Zuzana Svetlikova <zsvetlik@redhat.com>
 Date: Thu, 27 Apr 2017 14:25:42 +0200
 Subject: [PATCH] Disable running gyp on shared deps
 
 Signed-off-by: rpm-build <rpm-build>
 ---
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ Makefile | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index 32a8a6c..f44f88a 100644
+index 73feb4c..45bbceb 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -141,7 +141,7 @@ test-code-cache: with-code-cache
- 	echo "'test-code-cache' target is a noop"
+@@ -123,10 +123,9 @@ with-code-cache:
+ test-code-cache: with-code-cache
+ 	$(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache
  
- out/Makefile: config.gypi common.gypi node.gyp \
--	deps/uv/uv.gyp deps/http_parser/http_parser.gyp deps/zlib/zlib.gyp \
-+	deps/http_parser/http_parser.gyp \
- 	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
- 	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
+-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \
+-              deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \
+-              deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \
+-              config.gypi
++out/Makefile: common.gypi deps/http_parser/http_parser.gyp \
++              deps/v8/gypfiles/toolchain.gypi deps/v8/gypfiles/features.gypi \
++			  deps/v8/gypfiles/v8.gyp node.gyp config.gypi
  	$(PYTHON) tools/gyp_node.py -f make
+ 
+ config.gypi: configure configure.py
 -- 
 2.26.2
 

SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch

@@ -0,0 +1,84 @@
+From e7afb2d6e2a6c8f9c9c32e12a10c3c5c4902a251 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Tue, 1 May 2018 08:05:30 -0400
+Subject: [PATCH] Suppress NPM message to run global update
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+Signed-off-by: rpm-build <rpm-build>
+---
+ deps/npm/bin/npm-cli.js | 54 -----------------------------------------
+ 1 file changed, 54 deletions(-)
+
+diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js
+index c0d9be0..0f0892e 100755
+--- a/deps/npm/bin/npm-cli.js
++++ b/deps/npm/bin/npm-cli.js
+@@ -71,65 +71,11 @@
+     npm.command = 'help'
+   }
+ 
+-  var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')
+-
+   // now actually fire up npm and run the command.
+   // this is how to use npm programmatically:
+   conf._exit = true
+   npm.load(conf, function (er) {
+     if (er) return errorHandler(er)
+-    if (
+-      !isGlobalNpmUpdate &&
+-      npm.config.get('update-notifier') &&
+-      !unsupported.checkVersion(process.version).unsupported
+-    ) {
+-      const pkg = require('../package.json')
+-      let notifier = require('update-notifier')({pkg})
+-      const isCI = require('ci-info').isCI
+-      if (
+-        notifier.update &&
+-        notifier.update.latest !== pkg.version &&
+-        !isCI
+-      ) {
+-        const color = require('ansicolors')
+-        const useColor = npm.config.get('color')
+-        const useUnicode = npm.config.get('unicode')
+-        const old = notifier.update.current
+-        const latest = notifier.update.latest
+-        let type = notifier.update.type
+-        if (useColor) {
+-          switch (type) {
+-            case 'major':
+-              type = color.red(type)
+-              break
+-            case 'minor':
+-              type = color.yellow(type)
+-              break
+-            case 'patch':
+-              type = color.green(type)
+-              break
+-          }
+-        }
+-        const changelog = `https://github.com/npm/cli/releases/tag/v${latest}`
+-        notifier.notify({
+-          message: `New ${type} version of ${pkg.name} available! ${
+-            useColor ? color.red(old) : old
+-          } ${useUnicode ? '→' : '->'} ${
+-            useColor ? color.green(latest) : latest
+-          }\n` +
+-          `${
+-            useColor ? color.yellow('Changelog:') : 'Changelog:'
+-          } ${
+-            useColor ? color.cyan(changelog) : changelog
+-          }\n` +
+-          `Run ${
+-            useColor
+-              ? color.green(`npm install -g ${pkg.name}`)
+-              : `npm i -g ${pkg.name}`
+-          } to update!`
+-        })
+-      }
+-    }
+     npm.commands[npm.command](npm.argv, function (err) {
+       // https://genius.com/Lin-manuel-miranda-your-obedient-servant-lyrics
+       if (
+-- 
+2.26.2
+

SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch

@@ -0,0 +1,122 @@
+From 0028cc74dac4dd24b8599ade85cb49fdafa9f559 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Fri, 6 Dec 2019 16:40:25 -0500
+Subject: [PATCH] build: auto-load ICU data from --with-icu-default-data-dir
+
+When compiled with `--with-intl=small` and
+`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
+fallback location for the ICU data.
+
+We will first perform an access check using fopen(PATH, 'r') to
+ensure that the file is readable. If it is, we'll set the
+icu_data_directory and proceed. There's a slight overhead for the
+fopen() check, but it should be barely measurable.
+
+This will be useful for Linux distribution packagers who want to
+be able to ship a minimal node binary in a container image but
+also be able to add on the full i18n support where needed. With
+this patch, it becomes possible to ship the interpreter as
+/usr/bin/node in one package for the distribution and to ship the
+data files in another package (without a strict dependency
+between the two). This means that users of the distribution will
+not need to explicitly direct Node.js to locate the ICU data. It
+also means that in environments where full internationalization is
+not required, they do not need to carry the extra content (with
+the associated storage costs).
+
+Refs: https://github.com/nodejs/node/issues/3460
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+Signed-off-by: rpm-build <rpm-build>
+---
+ configure.py |  9 +++++++++
+ node.gypi    |  7 +++++++
+ src/node.cc  | 20 ++++++++++++++++++++
+ 3 files changed, 36 insertions(+)
+
+diff --git a/configure.py b/configure.py
+index 89f7bf5..d611a88 100755
+--- a/configure.py
++++ b/configure.py
+@@ -433,6 +433,14 @@ intl_optgroup.add_option('--with-icu-source',
+         'the icu4c source archive. '
+         'v%d.x or later recommended.' % icu_versions['minimum_icu'])
+ 
++intl_optgroup.add_option('--with-icu-default-data-dir',
++    action='store',
++    dest='with_icu_default_data_dir',
++    help='Path to the icuXXdt{lb}.dat file. If unspecified, ICU data will '
++         'only be read if the NODE_ICU_DATA environment variable or the '
++         '--icu-data-dir runtime argument is used. This option has effect '
++         'only when Node.js is built with --with-intl=small-icu.')
++
+ parser.add_option('--with-ltcg',
+     action='store_true',
+     dest='with_ltcg',
+@@ -1359,6 +1367,7 @@ def configure_intl(o):
+     locs.add('root')  # must have root
+     o['variables']['icu_locales'] = string.join(locs,',')
+     # We will check a bit later if we can use the canned deps/icu-small
++    o['variables']['icu_default_data'] = options.with_icu_default_data_dir or ''
+   elif with_intl == 'full-icu':
+     # full ICU
+     o['variables']['v8_enable_i18n_support'] = 1
+diff --git a/node.gypi b/node.gypi
+index 466a174..65b97d6 100644
+--- a/node.gypi
++++ b/node.gypi
+@@ -113,6 +113,13 @@
+       'conditions': [
+         [ 'icu_small=="true"', {
+           'defines': [ 'NODE_HAVE_SMALL_ICU=1' ],
++          'conditions': [
++            [ 'icu_default_data!=""', {
++              'defines': [
++                'NODE_ICU_DEFAULT_DATA_DIR="<(icu_default_data)"',
++              ],
++            }],
++          ],
+       }]],
+     }],
+     [ 'node_use_bundled_v8=="true" and \
+diff --git a/src/node.cc b/src/node.cc
+index 7c01187..c9840e3 100644
+--- a/src/node.cc
++++ b/src/node.cc
+@@ -92,6 +92,7 @@
+ 
+ #if defined(NODE_HAVE_I18N_SUPPORT)
+ #include <unicode/uvernum.h>
++#include <unicode/utypes.h>
+ #endif
+ 
+ #if defined(LEAK_SANITIZER)
+@@ -2643,6 +2644,25 @@ void Init(std::vector<std::string>* argv,
+   // If the parameter isn't given, use the env variable.
+   if (per_process_opts->icu_data_dir.empty())
+     SafeGetenv("NODE_ICU_DATA", &per_process_opts->icu_data_dir);
++
++#ifdef NODE_ICU_DEFAULT_DATA_DIR
++  // If neither the CLI option nor the environment variable was specified,
++  // fall back to the configured default
++  if (per_process_opts->icu_data_dir.empty()) {
++    // Check whether the NODE_ICU_DEFAULT_DATA_DIR contains the right data
++    // file and can be read.
++    static const char full_path[] =
++        NODE_ICU_DEFAULT_DATA_DIR "/" U_ICUDATA_NAME ".dat";
++
++    FILE* f = fopen(full_path, "rb");
++
++    if (f != nullptr) {
++      fclose(f);
++      per_process_opts->icu_data_dir = NODE_ICU_DEFAULT_DATA_DIR;
++    }
++  }
++#endif  // NODE_ICU_DEFAULT_DATA_DIR
++
+   // Initialize ICU.
+   // If icu_data_dir is empty here, it will load the 'minimal' data.
+   if (!i18n::InitializeICUDirectory(per_process_opts->icu_data_dir)) {
+-- 
+2.26.2
+

SOURCES/0003-src-use-getauxval-in-node_main.cc.patch

@@ -1,70 +0,0 @@
-From 63b2d16ea3985b62be372ea1da7987dc32ddcc3b Mon Sep 17 00:00:00 2001
-From: Daniel Bevenius <daniel.bevenius@gmail.com>
-Date: Tue, 2 Jun 2020 05:33:25 +0200
-Subject: [PATCH 3/3] src: use getauxval in node_main.cc
-
-This commit suggests using getauxval in node_main.cc.
-
-The motivation for this is that getauxval was introduced in glibc 2.16
-and looking at BUILDING.md, in the 'Platform list' section, it looks
-like we now support glibc >= 2.17 and perhaps this change would be
-alright now.
-
-PR-URL: https://github.com/nodejs/node/pull/33693
-Refs: https://github.com/nodejs/node/pull/12548
-Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
-Reviewed-By: David Carlier <devnexen@gmail.com>
-Reviewed-By: Anna Henningsen <anna@addaleax.net>
-Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
-Reviewed-By: James M Snell <jasnell@gmail.com>
----
- src/node_main.cc | 18 ++----------------
- 1 file changed, 2 insertions(+), 16 deletions(-)
-
-diff --git a/src/node_main.cc b/src/node_main.cc
-index e92c0df94297e2ece43dbdf71166e555713ef6f2..70be5b83fafcde596e65086b08305aa89702fd52 100644
---- a/src/node_main.cc
-+++ b/src/node_main.cc
-@@ -72,17 +72,11 @@ int wmain(int argc, wchar_t* wargv[]) {
-   return node::Start(argc, argv);
- }
- #else
- // UNIX
- #ifdef __linux__
--#include <elf.h>
--#ifdef __LP64__
--#define Elf_auxv_t Elf64_auxv_t
--#else
--#define Elf_auxv_t Elf32_auxv_t
--#endif  // __LP64__
--extern char** environ;
-+#include <sys/auxv.h>
- #endif  // __linux__
- #if defined(__POSIX__) && defined(NODE_SHARED_MODE)
- #include <string.h>
- #include <signal.h>
- #endif
-@@ -107,19 +101,11 @@ int main(int argc, char* argv[]) {
-     sigaction(SIGPIPE, &act, nullptr);
-   }
- #endif
- 
- #if defined(__linux__)
--  char** envp = environ;
--  while (*envp++ != nullptr) {}
--  Elf_auxv_t* auxv = reinterpret_cast<Elf_auxv_t*>(envp);
--  for (; auxv->a_type != AT_NULL; auxv++) {
--    if (auxv->a_type == AT_SECURE) {
--      node::per_process::linux_at_secure = auxv->a_un.a_val;
--      break;
--    }
--  }
-+  node::per_process::linux_at_secure = getauxval(AT_SECURE);
- #endif
-   // Disable stdio buffering, it interacts poorly with printf()
-   // calls elsewhere in the program (e.g., any logging from V8.)
-   setvbuf(stdout, nullptr, _IONBF, 0);
-   setvbuf(stderr, nullptr, _IONBF, 0);
--- 
-2.30.1
-

SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch

@@ -0,0 +1,13 @@
+diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
+index d720681628..727362aac0 100644
+--- a/deps/npm/node_modules/y18n/index.js
++++ b/deps/npm/node_modules/y18n/index.js
+@@ -11,7 +11,7 @@ function Y18N (opts) {
+   this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
+ 
+   // internal stuff.
+-  this.cache = {}
++  this.cache = Object.create(null)
+   this.writeQueue = []
+ }
+ 

SOURCES/0004-always-available-fips-options.patch

@@ -1,622 +0,0 @@
-From 7bc4111b770ada25cdd6e1b938ca7a914617ea53 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
-Date: Tue, 25 Aug 2020 14:04:54 +0200
-Subject: [PATCH] crypto: make FIPS related options always awailable
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There is no reason to hide FIPS functionality behind build flags.
-OpenSSL always provide the information about FIPS availability via
-`FIPS_mode()` function.
-
-This makes the user experience more consistent, because the OpenSSL
-library is always queried and the `crypto.getFips()` always returns
-OpenSSL settings.
-
-Fixes #34903
-
-PR-URL: https://github.com/nodejs/node/pull/36341
-Reviewed-By: Anna Henningsen <anna@addaleax.net>
-Reviewed-By: Michael Dawson <midawson@redhat.com>
-Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
-Signed-off-by: Jan Staněk <jstanek@redhat.com>
----
- doc/api/cli.md                                |  8 +--
- lib/crypto.js                                 | 22 ++----
- node.gypi                                     |  3 -
- src/node.cc                                   |  6 +-
- src/node_config.cc                            |  2 -
- src/node_crypto.cc                            | 45 +++++++-----
- src/node_options.cc                           |  2 -
- src/node_options.h                            |  2 -
- test/parallel/test-cli-node-print-help.js     |  7 +-
- test/parallel/test-crypto-fips.js             | 71 +++++++++----------
- ...rocess-env-allowed-flags-are-documented.js | 11 +--
- 11 files changed, 74 insertions(+), 105 deletions(-)
-
-diff --git a/doc/api/cli.md b/doc/api/cli.md
-index 86635f267b..6f14fa6810 100644
---- a/doc/api/cli.md
-+++ b/doc/api/cli.md
-@@ -183,8 +183,8 @@ code from strings throw an exception instead. This does not affect the Node.js
- added: v6.0.0
- -->
- 
--Enable FIPS-compliant crypto at startup. (Requires Node.js to be built with
--`./configure --openssl-fips`.)
-+Enable FIPS-compliant crypto at startup. (Requires Node.js to be built
-+against FIPS-compatible OpenSSL.)
- 
- ### `--enable-source-maps`
- <!-- YAML
-@@ -550,8 +550,8 @@ added: v6.9.0
- -->
- 
- Load an OpenSSL configuration file on startup. Among other uses, this can be
--used to enable FIPS-compliant crypto if Node.js is built with
--`./configure --openssl-fips`.
-+used to enable FIPS-compliant crypto if Node.js is built
-+against FIPS-enabled OpenSSL.
- 
- ### `--pending-deprecation`
- <!-- YAML
-diff --git a/lib/crypto.js b/lib/crypto.js
-index b2bcc4d0a4..93d5e21fa0 100644
---- a/lib/crypto.js
-+++ b/lib/crypto.js
-@@ -37,12 +37,10 @@ assertCrypto();
- 
- const {
-   ERR_CRYPTO_FIPS_FORCED,
--  ERR_CRYPTO_FIPS_UNAVAILABLE
- } = require('internal/errors').codes;
- const constants = internalBinding('constants').crypto;
- const { getOptionValue } = require('internal/options');
- const pendingDeprecation = getOptionValue('--pending-deprecation');
--const { fipsMode } = internalBinding('config');
- const fipsForced = getOptionValue('--force-fips');
- const {
-   getFipsCrypto,
-@@ -191,10 +189,8 @@ module.exports = {
-   sign: signOneShot,
-   setEngine,
-   timingSafeEqual,
--  getFips: !fipsMode ? getFipsDisabled :
--    fipsForced ? getFipsForced : getFipsCrypto,
--  setFips: !fipsMode ? setFipsDisabled :
--    fipsForced ? setFipsForced : setFipsCrypto,
-+  getFips: fipsForced ? getFipsForced : getFipsCrypto,
-+  setFips: fipsForced ? setFipsForced : setFipsCrypto,
-   verify: verifyOneShot,
- 
-   // Classes
-@@ -213,19 +209,11 @@ module.exports = {
-   Verify
- };
- 
--function setFipsDisabled() {
--  throw new ERR_CRYPTO_FIPS_UNAVAILABLE();
--}
--
- function setFipsForced(val) {
-   if (val) return;
-   throw new ERR_CRYPTO_FIPS_FORCED();
- }
- 
--function getFipsDisabled() {
--  return 0;
--}
--
- function getFipsForced() {
-   return 1;
- }
-@@ -247,10 +235,8 @@ ObjectDefineProperties(module.exports, {
-   },
-   // crypto.fips is deprecated. DEP0093. Use crypto.getFips()/crypto.setFips()
-   fips: {
--    get: !fipsMode ? getFipsDisabled :
--      fipsForced ? getFipsForced : getFipsCrypto,
--    set: !fipsMode ? setFipsDisabled :
--      fipsForced ? setFipsForced : setFipsCrypto
-+    get: fipsForced ? getFipsForced : getFipsCrypto,
-+    set: fipsForced ? setFipsForced : setFipsCrypto
-   },
-   DEFAULT_ENCODING: {
-     enumerable: false,
-diff --git a/node.gypi b/node.gypi
-index 116c1c7149..34f385f652 100644
---- a/node.gypi
-+++ b/node.gypi
-@@ -320,9 +320,6 @@
-     [ 'node_use_openssl=="true"', {
-       'defines': [ 'HAVE_OPENSSL=1' ],
-       'conditions': [
--        ['openssl_fips != "" or openssl_is_fips=="true"', {
--          'defines': [ 'NODE_FIPS_MODE' ],
--        }],
-         [ 'node_shared_openssl=="false"', {
-           'dependencies': [
-             './deps/openssl/openssl.gyp:openssl',
-diff --git a/src/node.cc b/src/node.cc
-index 46e8f74cc2..0a5c3ee8ee 100644
---- a/src/node.cc
-+++ b/src/node.cc
-@@ -964,11 +964,11 @@ InitializationResult InitializeOncePerProcess(int argc, char** argv) {
-     if (credentials::SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs))
-       crypto::UseExtraCaCerts(extra_ca_certs);
-   }
--#ifdef NODE_FIPS_MODE
-   // In the case of FIPS builds we should make sure
-   // the random source is properly initialized first.
--  OPENSSL_init();
--#endif  // NODE_FIPS_MODE
-+  if (FIPS_mode()) {
-+    OPENSSL_init();
-+  }
-   // V8 on Windows doesn't have a good source of entropy. Seed it from
-   // OpenSSL's pool.
-   V8::SetEntropySource(crypto::EntropySource);
-diff --git a/src/node_config.cc b/src/node_config.cc
-index 6ee3164a13..e229eee765 100644
---- a/src/node_config.cc
-+++ b/src/node_config.cc
-@@ -42,9 +42,7 @@ static void Initialize(Local<Object> target,
-   READONLY_FALSE_PROPERTY(target, "hasOpenSSL");
- #endif  // HAVE_OPENSSL
- 
--#ifdef NODE_FIPS_MODE
-   READONLY_TRUE_PROPERTY(target, "fipsMode");
--#endif
- 
- #ifdef NODE_HAVE_I18N_SUPPORT
- 
-diff --git a/src/node_crypto.cc b/src/node_crypto.cc
-index 764dcb8720..f142e625ef 100644
---- a/src/node_crypto.cc
-+++ b/src/node_crypto.cc
-@@ -50,6 +50,11 @@
- #include <openssl/hmac.h>
- #include <openssl/rand.h>
- #include <openssl/pkcs12.h>
-+// The FIPS-related functions are only available
-+// when the OpenSSL itself was compiled with FIPS support.
-+#ifdef OPENSSL_FIPS
-+#include <openssl/fips.h>
-+#endif // OPENSSL_FIPS
- 
- #include <cerrno>
- #include <climits>  // INT_MAX
-@@ -97,6 +102,7 @@ using v8::Signature;
- using v8::String;
- using v8::Uint32;
- using v8::Undefined;
-+using v8::TryCatch;
- using v8::Value;
- 
- #ifdef OPENSSL_NO_OCB
-@@ -3595,12 +3601,10 @@ void CipherBase::Init(const char* cipher_type,
-   HandleScope scope(env()->isolate());
-   MarkPopErrorOnReturn mark_pop_error_on_return;
- 
--#ifdef NODE_FIPS_MODE
-   if (FIPS_mode()) {
-     return env()->ThrowError(
-         "crypto.createCipher() is not supported in FIPS mode.");
-   }
--#endif  // NODE_FIPS_MODE
- 
-   const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type);
-   if (cipher == nullptr)
-@@ -3786,13 +3790,11 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len,
-       return false;
-     }
- 
--#ifdef NODE_FIPS_MODE
-     // TODO(tniessen) Support CCM decryption in FIPS mode
-     if (mode == EVP_CIPH_CCM_MODE && kind_ == kDecipher && FIPS_mode()) {
-       env()->ThrowError("CCM decryption not supported in FIPS mode");
-       return false;
-     }
--#endif
- 
-     // Tell OpenSSL about the desired length.
-     if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_AEAD_SET_TAG, auth_tag_len,
-@@ -4712,7 +4714,6 @@ static AllocatedBuffer Node_SignFinal(Environment* env,
- }
- 
- static inline bool ValidateDSAParameters(EVP_PKEY* key) {
--#ifdef NODE_FIPS_MODE
-   /* Validate DSA2 parameters from FIPS 186-4 */
-   if (FIPS_mode() && EVP_PKEY_DSA == EVP_PKEY_base_id(key)) {
-     DSA* dsa = EVP_PKEY_get0_DSA(key);
-@@ -4728,7 +4729,6 @@ static inline bool ValidateDSAParameters(EVP_PKEY* key) {
-            (L == 2048 && N == 256) ||
-            (L == 3072 && N == 256);
-   }
--#endif  // NODE_FIPS_MODE
- 
-   return true;
- }
-@@ -6889,7 +6889,6 @@ void InitCryptoOnce() {
-   settings = nullptr;
- #endif
- 
--#ifdef NODE_FIPS_MODE
-   /* Override FIPS settings in cnf file, if needed. */
-   unsigned long err = 0;  // NOLINT(runtime/int)
-   if (per_process::cli_options->enable_fips_crypto ||
-@@ -6899,12 +6898,10 @@ void InitCryptoOnce() {
-     }
-   }
-   if (0 != err) {
--    fprintf(stderr,
--            "openssl fips failed: %s\n",
--            ERR_error_string(err, nullptr));
--    UNREACHABLE();
-+      auto* isolate = Isolate::GetCurrent();
-+      auto* env = Environment::GetCurrent(isolate);
-+      return ThrowCryptoError(env, err);
-   }
--#endif  // NODE_FIPS_MODE
- 
- 
-   // Turn off compression. Saves memory and protects against CRIME attacks.
-@@ -6950,7 +6947,6 @@ void SetEngine(const FunctionCallbackInfo<Value>& args) {
- }
- #endif  // !OPENSSL_NO_ENGINE
- 
--#ifdef NODE_FIPS_MODE
- void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
-   args.GetReturnValue().Set(FIPS_mode() ? 1 : 0);
- }
-@@ -6968,17 +6964,33 @@ void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
-     return ThrowCryptoError(env, err);
-   }
- }
--#endif /* NODE_FIPS_MODE */
-+
-+void TestFipsCrypto(const v8::FunctionCallbackInfo<v8::Value>& args) {
-+#ifdef OPENSSL_FIPS
-+  const auto enabled = FIPS_selftest() ? 1 : 0;
-+#else  // OPENSSL_FIPS
-+  const auto enabled = 0;
-+#endif  // OPENSSL_FIPS
-+
-+  args.GetReturnValue().Set(enabled);
-+}
- 
- 
- void Initialize(Local<Object> target,
-                 Local<Value> unused,
-                 Local<Context> context,
-                 void* priv) {
-+  Environment* env = Environment::GetCurrent(context);
-+
-   static uv_once_t init_once = UV_ONCE_INIT;
-+  TryCatch try_catch{env->isolate()};
-   uv_once(&init_once, InitCryptoOnce);
- 
--  Environment* env = Environment::GetCurrent(context);
-+  if (try_catch.HasCaught() && !try_catch.HasTerminated()) {
-+    try_catch.ReThrow();
-+    return;
-+  }
-+
-   SecureContext::Initialize(env, target);
-   target->Set(env->context(),
-             FIXED_ONE_BYTE_STRING(env->isolate(), "KeyObjectHandle"),
-@@ -7007,10 +7019,9 @@ void Initialize(Local<Object> target,
-   env->SetMethod(target, "setEngine", SetEngine);
- #endif  // !OPENSSL_NO_ENGINE
- 
--#ifdef NODE_FIPS_MODE
-   env->SetMethodNoSideEffect(target, "getFipsCrypto", GetFipsCrypto);
-   env->SetMethod(target, "setFipsCrypto", SetFipsCrypto);
--#endif
-+  env->SetMethodNoSideEffect(target, "testFipsCrypto", TestFipsCrypto);
- 
-   env->SetMethod(target, "pbkdf2", PBKDF2);
-   env->SetMethod(target, "generateKeyPairRSA", GenerateKeyPairRSA);
-diff --git a/src/node_options.cc b/src/node_options.cc
-index 0240b2ef58..d1230da1ad 100644
---- a/src/node_options.cc
-+++ b/src/node_options.cc
-@@ -729,7 +729,6 @@ PerProcessOptionsParser::PerProcessOptionsParser(
-             &PerProcessOptions::ssl_openssl_cert_store);
-   Implies("--use-openssl-ca", "[ssl_openssl_cert_store]");
-   ImpliesNot("--use-bundled-ca", "[ssl_openssl_cert_store]");
--#if NODE_FIPS_MODE
-   AddOption("--enable-fips",
-             "enable FIPS crypto at startup",
-             &PerProcessOptions::enable_fips_crypto,
-@@ -738,7 +737,6 @@ PerProcessOptionsParser::PerProcessOptionsParser(
-             "force FIPS crypto (cannot be disabled)",
-             &PerProcessOptions::force_fips_crypto,
-             kAllowedInEnvironment);
--#endif
- #endif
-   AddOption("--use-largepages",
-             "Map the Node.js static code to large pages. Options are "
-diff --git a/src/node_options.h b/src/node_options.h
-index aa138c6970..f5e1e7da57 100644
---- a/src/node_options.h
-+++ b/src/node_options.h
-@@ -236,10 +236,8 @@ class PerProcessOptions : public Options {
- #endif
-   bool use_openssl_ca = false;
-   bool use_bundled_ca = false;
--#if NODE_FIPS_MODE
-   bool enable_fips_crypto = false;
-   bool force_fips_crypto = false;
--#endif
- #endif
- 
-   // Per-process because reports can be triggered outside a known V8 context.
-diff --git a/test/parallel/test-cli-node-print-help.js b/test/parallel/test-cli-node-print-help.js
-index e115124b04..ed58bf085c 100644
---- a/test/parallel/test-cli-node-print-help.js
-+++ b/test/parallel/test-cli-node-print-help.js
-@@ -8,8 +8,6 @@ const common = require('../common');
- 
- const assert = require('assert');
- const { exec } = require('child_process');
--const { internalBinding } = require('internal/test/binding');
--const { fipsMode } = internalBinding('config');
- let stdOut;
- 
- 
-@@ -29,9 +27,8 @@ function validateNodePrintHelp() {
-   const cliHelpOptions = [
-     { compileConstant: HAVE_OPENSSL,
-       flags: [ '--openssl-config=...', '--tls-cipher-list=...',
--               '--use-bundled-ca', '--use-openssl-ca' ] },
--    { compileConstant: fipsMode,
--      flags: [ '--enable-fips', '--force-fips' ] },
-+               '--use-bundled-ca', '--use-openssl-ca',
-+               '--enable-fips', '--force-fips' ] },
-     { compileConstant: NODE_HAVE_I18N_SUPPORT,
-       flags: [ '--icu-data-dir=...', 'NODE_ICU_DATA' ] },
-     { compileConstant: HAVE_INSPECTOR,
-diff --git a/test/parallel/test-crypto-fips.js b/test/parallel/test-crypto-fips.js
-index eae3134402..a1ed645184 100644
---- a/test/parallel/test-crypto-fips.js
-+++ b/test/parallel/test-crypto-fips.js
-@@ -9,27 +9,20 @@ const spawnSync = require('child_process').spawnSync;
- const path = require('path');
- const fixtures = require('../common/fixtures');
- const { internalBinding } = require('internal/test/binding');
--const { fipsMode } = internalBinding('config');
-+const { testFipsCrypto } = internalBinding('crypto');
- 
- const FIPS_ENABLED = 1;
- const FIPS_DISABLED = 0;
--const FIPS_ERROR_STRING =
--  'Error [ERR_CRYPTO_FIPS_UNAVAILABLE]: Cannot set FIPS mode in a ' +
--  'non-FIPS build.';
- const FIPS_ERROR_STRING2 =
-   'Error [ERR_CRYPTO_FIPS_FORCED]: Cannot set FIPS mode, it was forced with ' +
-   '--force-fips at startup.';
--const OPTION_ERROR_STRING = 'bad option';
-+const FIPS_UNSUPPORTED_ERROR_STRING = 'fips mode not supported';
- 
- const CNF_FIPS_ON = fixtures.path('openssl_fips_enabled.cnf');
- const CNF_FIPS_OFF = fixtures.path('openssl_fips_disabled.cnf');
- 
- let num_children_ok = 0;
- 
--function compiledWithFips() {
--  return fipsMode ? true : false;
--}
--
- function sharedOpenSSL() {
-   return process.config.variables.node_shared_openssl;
- }
-@@ -75,17 +68,17 @@ testHelper(
- 
- // --enable-fips should turn FIPS mode on
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  testFipsCrypto() ? 'stdout' : 'stderr',
-   ['--enable-fips'],
--  compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
-   'require("crypto").getFips()',
-   process.env);
- 
- // --force-fips should turn FIPS mode on
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  testFipsCrypto() ? 'stdout' : 'stderr',
-   ['--force-fips'],
--  compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
-   'require("crypto").getFips()',
-   process.env);
- 
-@@ -106,7 +99,7 @@ if (!sharedOpenSSL()) {
-   testHelper(
-     'stdout',
-     [`--openssl-config=${CNF_FIPS_ON}`],
--    compiledWithFips() ? FIPS_ENABLED : FIPS_DISABLED,
-+    testFipsCrypto() ? FIPS_ENABLED : FIPS_DISABLED,
-     'require("crypto").getFips()',
-     process.env);
- 
-@@ -114,7 +107,7 @@ if (!sharedOpenSSL()) {
-   testHelper(
-     'stdout',
-     [],
--    compiledWithFips() ? FIPS_ENABLED : FIPS_DISABLED,
-+    testFipsCrypto() ? FIPS_ENABLED : FIPS_DISABLED,
-     'require("crypto").getFips()',
-     Object.assign({}, process.env, { 'OPENSSL_CONF': CNF_FIPS_ON }));
- 
-@@ -122,7 +115,7 @@ if (!sharedOpenSSL()) {
-   testHelper(
-     'stdout',
-     [`--openssl-config=${CNF_FIPS_ON}`],
--    compiledWithFips() ? FIPS_ENABLED : FIPS_DISABLED,
-+    testFipsCrypto() ? FIPS_ENABLED : FIPS_DISABLED,
-     'require("crypto").getFips()',
-     Object.assign({}, process.env, { 'OPENSSL_CONF': CNF_FIPS_OFF }));
- }
-@@ -136,50 +129,50 @@ testHelper(
- 
- // --enable-fips should take precedence over OpenSSL config file
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  testFipsCrypto() ? 'stdout' : 'stderr',
-   ['--enable-fips', `--openssl-config=${CNF_FIPS_OFF}`],
--  compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
-   'require("crypto").getFips()',
-   process.env);
- 
- // OPENSSL_CONF should _not_ make a difference to --enable-fips
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  testFipsCrypto() ? 'stdout' : 'stderr',
-   ['--enable-fips'],
--  compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
-   'require("crypto").getFips()',
-   Object.assign({}, process.env, { 'OPENSSL_CONF': CNF_FIPS_OFF }));
- 
- // --force-fips should take precedence over OpenSSL config file
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  testFipsCrypto() ? 'stdout' : 'stderr',
-   ['--force-fips', `--openssl-config=${CNF_FIPS_OFF}`],
--  compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
-   'require("crypto").getFips()',
-   process.env);
- 
- // Using OPENSSL_CONF should not make a difference to --force-fips
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  testFipsCrypto() ? 'stdout' : 'stderr',
-   ['--force-fips'],
--  compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
-   'require("crypto").getFips()',
-   Object.assign({}, process.env, { 'OPENSSL_CONF': CNF_FIPS_OFF }));
- 
- // setFipsCrypto should be able to turn FIPS mode on
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  testFipsCrypto() ? 'stdout' : 'stderr',
-   [],
--  compiledWithFips() ? FIPS_ENABLED : FIPS_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
-   '(require("crypto").setFips(true),' +
-   'require("crypto").getFips())',
-   process.env);
- 
- // setFipsCrypto should be able to turn FIPS mode on and off
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  testFipsCrypto() ? 'stdout' : 'stderr',
-   [],
--  compiledWithFips() ? FIPS_DISABLED : FIPS_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_DISABLED : FIPS_UNSUPPORTED_ERROR_STRING,
-   '(require("crypto").setFips(true),' +
-   'require("crypto").setFips(false),' +
-   'require("crypto").getFips())',
-@@ -187,27 +180,27 @@ testHelper(
- 
- // setFipsCrypto takes precedence over OpenSSL config file, FIPS on
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  testFipsCrypto() ? 'stdout' : 'stderr',
-   [`--openssl-config=${CNF_FIPS_OFF}`],
--  compiledWithFips() ? FIPS_ENABLED : FIPS_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
-   '(require("crypto").setFips(true),' +
-   'require("crypto").getFips())',
-   process.env);
- 
- // setFipsCrypto takes precedence over OpenSSL config file, FIPS off
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  'stdout',
-   [`--openssl-config=${CNF_FIPS_ON}`],
--  compiledWithFips() ? FIPS_DISABLED : FIPS_ERROR_STRING,
-+  FIPS_DISABLED,
-   '(require("crypto").setFips(false),' +
-   'require("crypto").getFips())',
-   process.env);
- 
- // --enable-fips does not prevent use of setFipsCrypto API
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  testFipsCrypto() ? 'stdout' : 'stderr',
-   ['--enable-fips'],
--  compiledWithFips() ? FIPS_DISABLED : OPTION_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_DISABLED : FIPS_UNSUPPORTED_ERROR_STRING,
-   '(require("crypto").setFips(false),' +
-   'require("crypto").getFips())',
-   process.env);
-@@ -216,15 +209,15 @@ testHelper(
- testHelper(
-   'stderr',
-   ['--force-fips'],
--  compiledWithFips() ? FIPS_ERROR_STRING2 : OPTION_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ERROR_STRING2 : FIPS_UNSUPPORTED_ERROR_STRING,
-   'require("crypto").setFips(false)',
-   process.env);
- 
- // --force-fips makes setFipsCrypto enable a no-op (FIPS stays on)
- testHelper(
--  compiledWithFips() ? 'stdout' : 'stderr',
-+  testFipsCrypto() ? 'stdout' : 'stderr',
-   ['--force-fips'],
--  compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
-   '(require("crypto").setFips(true),' +
-   'require("crypto").getFips())',
-   process.env);
-@@ -233,7 +226,7 @@ testHelper(
- testHelper(
-   'stderr',
-   ['--force-fips', '--enable-fips'],
--  compiledWithFips() ? FIPS_ERROR_STRING2 : OPTION_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ERROR_STRING2 : FIPS_UNSUPPORTED_ERROR_STRING,
-   'require("crypto").setFips(false)',
-   process.env);
- 
-@@ -241,6 +234,6 @@ testHelper(
- testHelper(
-   'stderr',
-   ['--enable-fips', '--force-fips'],
--  compiledWithFips() ? FIPS_ERROR_STRING2 : OPTION_ERROR_STRING,
-+  testFipsCrypto() ? FIPS_ERROR_STRING2 : FIPS_UNSUPPORTED_ERROR_STRING,
-   'require("crypto").setFips(false)',
-   process.env);
-diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js
-index 0e0af9471c..af10809634 100644
---- a/test/parallel/test-process-env-allowed-flags-are-documented.js
-+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
-@@ -44,17 +44,8 @@ const conditionalOpts = [
-   { include: common.hasCrypto,
-     filter: (opt) => {
-       return ['--openssl-config', '--tls-cipher-list', '--use-bundled-ca',
--              '--use-openssl-ca' ].includes(opt);
-+              '--use-openssl-ca', '--enable-fips', '--force-fips' ].includes(opt);
-     } },
--  {
--    // We are using openssl_is_fips from the configuration because it could be
--    // the case that OpenSSL is FIPS compatible but fips has not been enabled
--    // (starting node with --enable-fips). If we use common.hasFipsCrypto
--    // that would only tells us if fips has been enabled, but in this case we
--    // want to check options which will be available regardless of whether fips
--    // is enabled at runtime or not.
--    include: process.config.variables.openssl_is_fips,
--    filter: (opt) => opt.includes('-fips') },
-   { include: common.hasIntl,
-     filter: (opt) => opt === '--icu-data-dir' },
-   { include: process.features.inspector,
--- 
-2.31.1
-

SOURCES/nodejs-tarball.sh

@@ -161,12 +161,6 @@ grep "define HTTP_PARSER_VERSION_MAJOR" node-v${version}/deps/http_parser/http_p
 grep "define HTTP_PARSER_VERSION_MINOR" node-v${version}/deps/http_parser/http_parser.h
 grep "define HTTP_PARSER_VERSION_PATCH" node-v${version}/deps/http_parser/http_parser.h
 echo
-echo "llhttp"
-echo "========================="
-grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
-grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
-grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
-echo
 echo "libuv"
 echo "========================="
 grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h
@@ -189,16 +183,6 @@ echo "npm"
 echo "========================="
 grep "\"version\":" node-v${version}/deps/npm/package.json
 echo
-echo "uvwasi"
-echo "========================="
-grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
-grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
-grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
-echo
-echo "brotli"
-echo "========================="
-grep "#define BROTLI_VERSION" node-v${version}/deps/brotli/c/common/version.h
-echo
 echo "Make sure these versions match what is in the RPM spec file"
 
 rm -rf node-v${version}

SOURCES/npmrc

@@ -1,2 +1 @@
 prefix=/usr/local
-python=/usr/bin/python3

SPECS/nodejs.spec

@@ -1,9 +1,4 @@
 %global with_debug 0
-%global with_libs 0
-
-# set to 1 for RHEL >= 8.3
-# RHBZ#1856776 - brotli needed for nodejs-devel is not available
-%bcond_with shared_brotli
 
 # PowerPC, s390x and aarch64 segfault during Debug builds
 # https://github.com/nodejs/node/issues/20642
@@ -15,7 +10,7 @@
 %bcond_with bootstrap
 
 # == Master Relase ==
-# This is used by both the nodejs package and the npm subpackage thar
+# This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
 %global baserelease 1
@@ -28,14 +23,12 @@
 # feature releases that are only supported for nine months, which is shorter
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
-%global nodejs_major 12
-%global nodejs_minor 22
-%global nodejs_patch 12
+%global nodejs_major 10
+%global nodejs_minor 24
+%global nodejs_patch 0
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
-%if %{?with_libs} == 1
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
-%global nodejs_soversion 72
-%endif
+%global nodejs_soversion 64
 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
 %global nodejs_release %{baserelease}
 
@@ -45,10 +38,10 @@
 # v8 - from deps/v8/include/v8-version.h
 # Epoch is set to ensure clean upgrades from the old v8 package
 %global v8_epoch 1
-%global v8_major 7
+%global v8_major 6
 %global v8_minor 8
-%global v8_build 279
-%global v8_patch 23
+%global v8_build 275
+%global v8_patch 32
 # V8 presently breaks ABI at least every x.y release while never bumping SONAME
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@@ -57,8 +50,8 @@
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
 %global c_ares_major 1
-%global c_ares_minor 18
-%global c_ares_patch 1
+%global c_ares_minor 15
+%global c_ares_patch 0
 %global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
 
 # http-parser - from deps/http_parser/http_parser.h
@@ -67,16 +60,10 @@
 %global http_parser_patch 4
 %global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}
 
-# llhttp - from deps/llhttp/include/llhttp.h
-%global llhttp_major 2
-%global llhttp_minor 1
-%global llhttp_patch 4
-%global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch}
-
 # libuv - from deps/uv/include/uv/version.h
 %global libuv_major 1
-%global libuv_minor 40
-%global libuv_patch 0
+%global libuv_minor 34
+%global libuv_patch 2
 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
 
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
@@ -86,14 +73,15 @@
 %global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
 
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 67
-%global icu_minor 1
+%global icu_major 64
+%global icu_minor 2
 %global icu_version %{icu_major}.%{icu_minor}
 
 %global icudatadir %{nodejs_datadir}/icudata
 %{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
 # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
 
+
 # punycode - from lib/punycode.js
 # Note: this was merged into the mainline since 0.6.x
 # Note: this will be unmerged in an upcoming major release
@@ -106,33 +94,21 @@
 %global npm_epoch 1
 %global npm_major 6
 %global npm_minor 14
-%global npm_patch 16
+%global npm_patch 11
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
 
-# uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_major 0
-%global uvwasi_minor 0
-%global uvwasi_patch 11
-%global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}
-
-# histogram_c - assumed from timestamps
-%global histogram_major 0
-%global histogram_minor 9
-%global histogram_patch 7
-%global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch}
-
-# brotli - from deps/brotli/c/common/version.h
-%global brotli_major 1
-%global brotli_minor 0
-%global brotli_patch 9
-%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}
-
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
 # to increment safely. Changing this can only be done during an update when the
 # base npm version number is increasing.
 %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
 
+# brotli - from deps/brotli/c/common/version.h
+# v10.x doesn't have --shared-brotli configure option, so we have to bundle it
+%global brotli_major 1
+%global brotli_minor 0
+%global brotli_patch 7
+%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}
 
 Name: nodejs
 Epoch: %{nodejs_epoch}
@@ -162,17 +138,16 @@ Source7: nodejs_native.attr
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
 
-%if %{?with_libs} == 1
-# Patch to install both node and libnode.so, using the correct libdir
-Patch2: 0002-Install-both-binaries-and-use-libdir.patch
-%endif
+# Suppress the message from npm to run `npm -g update npm`
+# This does bad things on an RPM-managed npm.
+Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch
 
-# Upstream patch to use getauxval
-Patch3: 0003-src-use-getauxval-in-node_main.cc.patch
+# Upstream patch to enable auto-detection of full ICU data
+# https://github.com/nodejs/node/pull/30825
+Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
 
-# Make FIPS always available
-#  https://github.com/nodejs/node/issues/34903
-Patch4: 0004-always-available-fips-options.patch
+# CVE-2020-7774
+Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
 
 BuildRequires: make
 BuildRequires: python2-devel
@@ -186,29 +161,20 @@ BuildRequires: gcc-c++ >= 6.3.0
 BuildRequires: nodejs-packaging
 BuildRequires: chrpath
 BuildRequires: libatomic
-BuildRequires: systemtap-sdt-devel
 
 %if %{with bootstrap}
 Provides: bundled(http-parser) = %{http_parser_version}
 Provides: bundled(libuv) = %{libuv_version}
 Provides: bundled(nghttp2) = %{nghttp2_version}
 %else
+BuildRequires: systemtap-sdt-devel
 BuildRequires: libuv-devel >= 1:%{libuv_version}
 Requires: libuv >= 1:%{libuv_version}
 BuildRequires: libnghttp2-devel >= %{nghttp2_version}
 Requires: libnghttp2 >= %{nghttp2_version}
-%endif
+BuildRequires: http-parser-devel >= %{http_parser_version}
+Requires: http-parser >= %{http_parser_version}
 
-# Temporarily bundle http-parser and llhttp because the latter
-# isn't packaged yet and they are controlled by the same
-# configure flag.
-Provides: bundled(http-parser) = %{http_parser_version}
-Provides: bundled(llhttp) = %{llhttp_version}
-
-%if %{with shared_brotli}
-BuildRequires: brotli-devel
-%else
-Provides: bundled(brotli) = %{brotli_version}
 %endif
 
 BuildRequires: openssl-devel
@@ -216,10 +182,6 @@ BuildRequires: openssl-devel
 # we need the system certificate store
 Requires: ca-certificates
 
-%if %{?with_libs} == 1
-Requires: nodejs-libs%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
-%endif
-
 # Pull in the full-icu data by default
 Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
 
@@ -267,19 +229,16 @@ Provides: bundled(v8) = %{v8_version}
 # an ABI-break, so we'll use the bundled copy.
 Provides: bundled(icu) = %{icu_version}
 
-# Upstream added new dependencies, but so far they are not available in Fedora
-# or there's no option to built it as a shared dependency, so we bundle them
-Provides: bundled(uvwasi) = %{uvwasi_version}
-Provides: bundled(histogram) = %{histogram_version}
-
 # Make sure we keep NPM up to date when we update Node.js
-%if 0%{?rhel} < 8
+%if 0%{?rhel}
 # EPEL doesn't support Recommends, so make it strict
-Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+Requires: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
 %else
-Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+Recommends: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
 %endif
 
+# Provide bundled brotli until we can build it with system package
+Provides: bundled(brotli) = %{brotli_version}
 
 %description
 Node.js is a platform built on Chrome's JavaScript runtime
@@ -295,14 +254,12 @@ Group: Development/Languages
 Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 Requires: openssl-devel%{?_isa}
 Requires: zlib-devel%{?_isa}
-%if %{with shared_brotli}
-Requires: brotli-devel%{?_isa}
-%endif
 Requires: nodejs-packaging
 
 %if %{with bootstrap}
 # deps are bundled
 %else
+Requires: http-parser-devel%{?_isa}
 Requires: libuv-devel%{?_isa}
 %endif
 
@@ -319,42 +276,6 @@ Optional data files to provide full-icu support for Node.js. Remove this
 package to save space if non-English locales are not needed.
 
 
-%if %{?with_libs} == 1
-%package libs
-Summary: Node.js and v8 libraries
-
-# Compatibility for obsolete v8 package
-%if 0%{?__isa_bits} == 64
-Provides: libv8.so.%{v8_major}()(64bit)
-Provides: libv8_libbase.so.%{v8_major}()(64bit)
-Provides: libv8_libplatform.so.%{v8_major}()(64bit)
-%else
-# 32-bits
-Provides: libv8.so.%{v8_major}
-Provides: libv8_libbase.so.%{v8_major}
-Provides: libv8_libplatform.so.%{v8_major}
-%endif
-
-Provides: v8 = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
-Provides: v8%{?_isa} = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
-Obsoletes: v8 < 1:6.7.17-10
-
-%description libs
-Libraries to support Node.js and provide stable v8 interfaces.
-
-
-%package -n v8-devel
-Summary: v8 - development headers
-Epoch: %{v8_epoch}
-Version: %{v8_version}
-Release: %{v8_release}%{?dist}
-Requires: %{name}-devel%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
-
-%description -n v8-devel
-Development headers for the v8 runtime.
-%endif
-
-
 %package -n npm
 Summary: Node.js Package Manager
 Epoch: %{npm_epoch}
@@ -367,7 +288,6 @@ Release: %{npm_release}%{?dist}
 Obsoletes: npm < 0:3.5.4-6
 Provides: npm = %{npm_epoch}:%{npm_version}
 Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
-Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 
 # Do not add epoch to the virtual NPM provides or it will break
 # the automatic dependency-generation script.
@@ -398,9 +318,6 @@ The API documentation for the Node.js JavaScript runtime.
 
 # remove bundled dependencies that we aren't building
 rm -rf deps/zlib
-%if %{with shared_brotli}
-rm -rf deps/brotli
-%endif
 
 # Replace any instances of unversioned python' with python2
 pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js")
@@ -413,7 +330,6 @@ find . -type f -exec sed -i "s~python -c~python2 -c~" {} \;
 sed -i "s~which('python')~which('python2')~" configure
 
 %build
-export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
 
 %ifarch s390 s390x %{arm} %ix86
 # Decrease debuginfo verbosity to reduce memory consumption during final
@@ -421,6 +337,7 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
 %global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
 %endif
 
+export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
 export CC='%{__cc}'
 export CXX='%{__cxx}'
 
@@ -444,83 +361,24 @@ export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' '  ')"
 
 export LDFLAGS="%{build_ldflags}"
 
-# we're not building with libs in RHEL, so let's comment this out
-# for the sake of readability
-#%if %{?with_libs} == 1
-#%if %{with bootstrap}
-#./configure --prefix=%{_prefix} \
-#           --shared \
-#           --libdir=%{_lib} \
-#           --shared-openssl \
-#           --shared-zlib \
-#           --shared-brotli \
-#           --without-dtrace \
-#           --with-intl=small-icu \
-#           --openssl-use-def-ca-store
-#%else
-#./configure --prefix=%{_prefix} \
-#           --shared \
-#           --libdir=%{_lib} \
-#           --shared-openssl \
-#           --shared-zlib \
-#           --shared-brotli \
-#           --shared-libuv \
-#           --shared-nghttp2 \
-#           --with-dtrace \
-#           --with-intl=%{icu_flag} \
-#           --with-icu-default-data-dir=%{icudatadir} \
-#           --debug-nghttp2 \
-#           --openssl-use-def-ca-store
-#%endif
-
-%if %{with shared_brotli}
-
-%if %{with bootstrap}
-./configure --prefix=%{_prefix} \
-           --shared-openssl \
-           --shared-zlib \
-           --shared-brotli \
-           --without-dtrace \
-           --with-intl=small-icu \
-           --openssl-use-def-ca-store \
-           --openssl-default-cipher-list=PROFILE=SYSTEM
-%else
-./configure --prefix=%{_prefix} \
-           --shared-openssl \
-           --shared-zlib \
-           --shared-brotli \
-           --shared-libuv \
-           --shared-nghttp2 \
-           --with-dtrace \
-           --with-intl=%{icu_flag} \
-           --with-icu-default-data-dir=%{icudatadir} \
-           --openssl-use-def-ca-store \
-           --openssl-default-cipher-list=PROFILE=SYSTEM
-%endif
-
-%else
-
 %if %{with bootstrap}
 ./configure --prefix=%{_prefix} \
            --shared-openssl \
            --shared-zlib \
            --without-dtrace \
            --with-intl=small-icu \
-           --openssl-use-def-ca-store \
-           --openssl-default-cipher-list=PROFILE=SYSTEM
+           --openssl-use-def-ca-store
 %else
 ./configure --prefix=%{_prefix} \
            --shared-openssl \
            --shared-zlib \
            --shared-libuv \
+           --shared-http-parser \
            --shared-nghttp2 \
            --with-dtrace \
-           --with-intl=%{icu_flag} \
+           --with-intl=small-icu \
            --with-icu-default-data-dir=%{icudatadir} \
-           --openssl-use-def-ca-store \
-           --openssl-default-cipher-list=PROFILE=SYSTEM
-%endif
-
+           --openssl-use-def-ca-store
 %endif
 
 %if %{?with_debug} == 1
@@ -576,21 +434,6 @@ chrpath --delete %{buildroot}%{_bindir}/node
 install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g
 %endif
 
-%if %{?with_libs} == 1
-# Install library symlink
-ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/libnode.so
-
-# Install v8 compatibility symlinks
-for header in %{buildroot}%{_includedir}/node/libplatform %{buildroot}%{_includedir}/node/v8*.h; do
-    header=$(basename ${header})
-    ln -s %{_includedir}/node/${header} %{buildroot}%{_includedir}/${header}
-done
-for soname in libv8 libv8_libbase libv8_libplatform; do
-    ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so
-    ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so.%{v8_major}
-done
-%endif
-
 # own the sitelib directory
 mkdir -p %{buildroot}%{_prefix}/lib/node_modules
 
@@ -627,7 +470,6 @@ ln -sf %{_mandir}  %{buildroot}%{_prefix}/lib/node_modules/npm/man
 # Install Gatsby HTML documentation to %{_pkgdocdir}
 cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
 rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
-
 ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs
 
 # Node tries to install some python files into a documentation directory
@@ -662,23 +504,6 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
 
 
 %check
-%if %{?with_libs} == 1
-# Fail the build if the versions don't match
-LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
-LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
-LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
-
-# Ensure we have punycode and that the version matches
-LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
-
-# Ensure we have npm and that the version matches
-NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"
-
-# Make sure i18n support is working
-NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
-
-%else
-
 # Fail the build if the versions don't match
 %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
 %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
@@ -692,7 +517,6 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod
 
 # Make sure i18n support is working
 NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
-%endif
 
 
 %pretrans -n npm -p <lua>
@@ -710,38 +534,6 @@ if d_st then
   end
 end
 
--- Replace the npm docs directory with a symlink
--- Drop this scriptlet when F31 is EOL
-path = "%{_prefix}/lib/node_modules/npm/doc"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  status = os.rename(path, path .. ".rpmmoved")
-  if not status then
-    suffix = 0
-    while not status do
-      suffix = suffix + 1
-      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
-    end
-    os.rename(path, path .. ".rpmmoved")
-  end
-end
-
--- Replace the npm HTML docs directory with a symlink
--- Drop this scriptlet when F31 is EOL
-path = "%{_prefix}/lib/node_modules/npm/html"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  status = os.rename(path, path .. ".rpmmoved")
-  if not status then
-    suffix = 0
-    while not status do
-      suffix = suffix + 1
-      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
-    end
-    os.rename(path, path .. ".rpmmoved")
-  end
-end
-
 -- Replace the npm man directory with a symlink
 -- Drop this scriptlet when F31 is EOL
 path = "%{_prefix}/lib/node_modules/npm/man"
@@ -759,26 +551,6 @@ if st and st.type == "directory" then
 end
 
 
-%if %{?with_libs} == 1
-%pretrans -n v8-devel -p <lua>
--- Replace the v8 libplatform include directory with a symlink
--- Drop this scriptlet when F30 is EOL
-path = "%{_includedir}/libplatform"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  status = os.rename(path, path .. ".rpmmoved")
-  if not status then
-    suffix = 0
-    while not status do
-      suffix = suffix + 1
-      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
-    end
-    os.rename(path, path .. ".rpmmoved")
-  end
-end
-%endif
-
-
 %files
 %{_bindir}/node
 %dir %{_prefix}/lib/node_modules
@@ -797,7 +569,7 @@ end
 %{_rpmconfigdir}/fileattrs/nodejs_native.attr
 %{_rpmconfigdir}/nodejs_native.req
 %license LICENSE
-%doc AUTHORS CHANGELOG.md onboarding.md GOVERNANCE.md README.md
+%doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md
 %doc %{_mandir}/man1/node.1*
 
 
@@ -806,9 +578,6 @@ end
 %{_bindir}/node_g
 %endif
 %{_includedir}/node
-%if %{?with_libs} == 1
-%{_libdir}/libnode.so
-%endif
 %{_datadir}/node/common.gypi
 %{_pkgdocdir}/gdbinit
 
@@ -818,25 +587,6 @@ end
 %{icudatadir}/icudt%{icu_major}*.dat
 
 
-%if %{?with_libs} == 1
-%files libs
-%{_libdir}/libnode.so.%{nodejs_soversion}
-%{_libdir}/libv8.so.%{v8_major}
-%{_libdir}/libv8_libbase.so.%{v8_major}
-%{_libdir}/libv8_libplatform.so.%{v8_major}
-%dir %{nodejs_datadir}/
-
-
-%files -n v8-devel
-%{_includedir}/libplatform
-%{_includedir}/v8*.h
-%{_libdir}/libv8.so
-%{_libdir}/libv8_libbase.so
-%{_libdir}/libv8_libplatform.so
-%ghost %{_includedir}/libplatform.rpmmoved
-%endif
-
-
 %files -n npm
 %{_bindir}/npm
 %{_bindir}/npx
@@ -871,93 +621,47 @@ end
 
 
 %changelog
-* Mon May 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.12-1
-- Resolves: RHBZ#2084651
-- Resolves: #2086773, #2086777, #2086781, #2086786, #2086790
-- Resolves: #2086795, #2086799, #2086804, #2086809, #2086813
-- Rebase to last v12.x release
-- Remove patch for CVE-2021-23343
+* Wed Feb 24 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.24.0-1
+- Resolves: RHBZ#1932373, RHBZ#1932426
+- Resolves CVE-2021-22883 and CVE-2021-22884
+- remove -debug-nghttp2 flag (1930775)
+- remove ini patch merged upstream
 
-* Mon Aug 16 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.5-1
-- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940,
-- Resolves CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
-- Resolves: RHBZ#1951621 (make FIPS always available)
-- Resolves: RHBZ#1988596, RHBZ#1993814, RHBZ#1993808, RHBZ#1993094
-- Resolves: RHBZ#1986742, RHBZ#1993946, RHBZ#1993939, RHBZ#1989426
-
-* Mon Aug 09 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.3-3
-- Resolves CVE-2021-23362 CVE-2021-27290
-- Resolves: RHBZ#1945512, RHBZ#1945286
-- Add missing CVE trackers
-
-* Thu Jul 08 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.3-2
-- Resolves: RHBZ#1979843, RHBZ#1977759
-- Resolves: RHBz#1952915
-- Fix typo, BR systemtap-sdt-level always, remove y18n patch
-
-* Wed Jul 07 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.3-1
-- Resolves: RHBZ#1979843, RHBZ#1977759
-- Resolves: RHBz#1952915
-- Resolves CVE-2021-22918(libuv), use system cipher list
-
-* Tue Mar 02 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.21.0-1
-- Resolves: RHBZ#1934566, RHBZ#1934598
-- remove --debug-nghttp2 option
-- remove ini patch
-- Backport patch to use getauxval
-
-* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.20.1-1
-- Security rebase for January security release
+* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.23.1-1
+- January Security release
 - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
-- Resolves: RHBZ#1913000, RHBZ#1912952
-- Resolves: RHBZ#1912635, RHBZ#1893984
+- Rebase to 10.23.1
+- Resolves: RHBZ#1916461, RHBZ#1914789
+- Resolves: RHBZ#1914783, RHBZ#1916462, RHBZ#1916395, RHBZ#1916459
+- Resolves: RHBZ#1916691, RHBZ#1916689, RHBZ#1916388
+- Remove dot-prop patch, as it is fixed by npm rebase
 
-* Tue Nov 24 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.19.1-1
-- Resolves: RHBZ#1861602, #1874302, #1898598, #1898765
-- c-ares, ajv and y18n CVEs and yarn installability issues
+* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 1:10.22.1-1
+- Security rebase to 10.22.1
 
-* Mon Oct 05 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.18.4-2
-- Fix RHBZ#1856776 - nodejs-devel not installable due to missing brotli
-- Some spec fixes
+* Wed Jun 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-3
+- Resolves: RHBZ#1845307
+- Remove brotli-devel requires from nodejs-devel
 
-* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 12.18.4-1
-- Rebase to 12.18.4
+* Tue Jun 16 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-2
+- Resolves: RHBZ#1845307
+- Turn off debug builds
 
-* Tue Jun 30 2020 Jan Staněk <jstanek@redhat.com> - 12.18.2-1
-- Rebase to 12.18.2
+* Mon Jun 15 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-1
+- Security update to 10.21.0
+- Resolves: RHBZ#1845307
+- Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531
+- Bundle brotli, because --shared-brotli configure option is missing
+- Add i18n subpackage
 
-* Thu Jun 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.18.1-1
-- Rebase
-- Spec clean up
-- Provide i18n package, bundle icu
-- Resolves: RHBZ#1845311, RHBZ#1845692
+* Wed Mar 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.19.0-2
+- Resolves: RHBZ#1811499
 
-* Thu Jun 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.18.0-1
-- Security update to 12.18.0
-- Resolves: RHBZ#1845311, RHBZ#1845692
+* Mon Feb 10 2020 Jan Staněk <jstanek@redhat.com> - 1:10.19.0-1
+- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606
 
-* Tue Mar 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-2
-- Fix CVE-2020-10531
-
-* Thu Feb 20 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-1
-- Resolves: RHBZ#1800395, RHBZ#1800396, RHBZ#1800381
-- Rebase to 12.16.1
-
-* Wed Jan 15 2020 Jan Staněk <jstanek@redhat.com> - 1:12.14.1-1
-- Rebase to 12.14.1
-
-* Fri Nov 29 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.13.1-1
-- Resolves: RHBZ# 1773503, update to 12.13.1
-- minor clean up and sync with Fedora spec
-- turn off debug builds
-
-* Thu Aug 01 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-2
-- Resolves:RHBZ#1685191
-- Add condition to libs
-
-* Wed Jun 12 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-1
-- Update to v12.x
-- Add v8-devel and libs subpackages from fedora
+* Tue Sep 10 2019 Jan Staněk <jstanek@redhat.com> - 1:10.16.3-1
+- Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518
 
 * Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
 - move nodejs-packaging BR out of conditional