Commit Graph

743 Commits

Author SHA1 Message Date
Stephen Gallagher
e257c9bd18 Add version note to packaging readme
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-08-28 18:43:55 -04:00
Jan Staněk
61dfae6179 Specify openssl configuration section
By default, node does not use the common openssl configuration section,
relying instead on node-specific `nodejs_conf` section.
Since we want node to use the system configuration, the section name
should be changed (back) to `openssl_conf`.

See discussion in https://github.com/nodejs/node/pull/48950
for the reason this change is suggested.
2023-08-28 18:34:01 -04:00
Stephen Gallagher
fd717eb4cc Update to 20.5.1
** 2023-08-09, Version 20.5.1 (Current), @RafaelGSS

This is a security release.

*** Notable Changes

The following CVEs are fixed in this release:

* [CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002):  Policies can be bypassed via Module.\_load (High)
* [CVE-2023-32558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32558): process.binding() can bypass the permission model through path traversal (High)
* [CVE-2023-32004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32004): Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
* [CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006): Policies can be bypassed by module.constructor.createRequire (Medium)
* [CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559): Policies can be bypassed via process.binding (Medium)
* [CVE-2023-32005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32005): fs.statfs can bypass the permission model (Low)
* [CVE-2023-32003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32003): fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
* OpenSSL Security Releases
  * [OpenSSL security advisory 14th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html).
  * [OpenSSL security advisory 19th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html).
  * [OpenSSL security advisory 31st July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html)

More detailed information on each of the vulnerabilities can be found in [August 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/) blog post.

** 2023-07-18, Version 20.5.0 (Current), @juanarbol

*** Notable Changes

* \[[`45be29d89f`](https://github.com/nodejs/node/commit/45be29d89f)] - **doc**: add atlowChemi to collaborators (atlowChemi) [#48757](https://github.com/nodejs/node/pull/48757)
* \[[`a316808136`](https://github.com/nodejs/node/commit/a316808136)] - **(SEMVER-MINOR)** **events**: allow safely adding listener to abortSignal (Chemi Atlow) [#48596](https://github.com/nodejs/node/pull/48596)
* \[[`986b46a567`](https://github.com/nodejs/node/commit/986b46a567)] - **fs**: add a fast-path for readFileSync utf-8 (Yagiz Nizipli) [#48658](https://github.com/nodejs/node/pull/48658)
* \[[`0ef73ff6f0`](https://github.com/nodejs/node/commit/0ef73ff6f0)] - **(SEMVER-MINOR)** **test\_runner**: add shards support (Raz Luvaton) [#48639](https://github.com/nodejs/node/pull/48639)

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-08-09 16:13:26 -04:00
Fedora Release Engineering
f9d7c9978d Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-20 16:47:45 +00:00
Stephen Gallagher
c311390922 sources: Check for node binary
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-07-12 12:50:47 -04:00
Stephen Gallagher
2dee98da40 Release 20.4.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-07-12 12:50:28 -04:00
Stephen Gallagher
9d9ff2a528 Update to security release 20.3.1
- https://nodejs.org/en/blog/vulnerability/june-2023-security-releases
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.3.1

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-06-22 12:54:46 -04:00
Stephen Gallagher
c8a3601325 sources: install jinja2 if needed
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-06-21 10:26:10 -04:00
Stephen Gallagher
3febae4956 sources: Fix indentation
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-06-21 10:25:49 -04:00
Stephen Gallagher
6fdba8a532
Release Node.js 20.2.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.2.0

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-05-17 09:23:34 -04:00
Stephen Gallagher
6d822b2572
Update to 20.1.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.1.0

Also drop upstreamed patch

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-05-04 16:16:03 -04:00
Stephen Gallagher
d8fdc60e0f
Temporarily reduce optimizations
Something in -O2 is causing segfaults in v8

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-05-02 17:35:20 -04:00
Stephen Gallagher
1a9e720653
Fix up shebangs for npm and npx
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-28 10:43:13 -04:00
Stephen Gallagher
46596a23c9
Add README for packagers
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-27 11:47:47 -04:00
Stephen Gallagher
adbbe46d3c
nodejs-sources.sh: Add --debug flag
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-27 08:57:01 -04:00
Stephen Gallagher
f2b853130c
Apply changes to spec template
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-27 08:28:45 -04:00
Jan Staněk
1827854f11
Replace /usr/etc/npmrc symlink with builtin configuration
We want to have the system-level npmrc located at /etc/npmrc.
By default, npm looks for it in /usr/etc/npmrc,
so we placed a symlink to /etc/npmrc there.
However, we are the only known package that has anything in /usr/etc,
which confuses and/or breaks various tooling (see related bug).

This gets rid of the symlink,
and instead uses "builtin"-level configuration of npm
to cause it to load the system-level configuration from /etc/npmrc.

Related: rhbz#2177776
2023-04-27 13:23:13 +02:00
Stephen Gallagher
8a6ffdbb6a
Fix npm manpage symlinks
Resolves: rhbz#2187978

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 14:54:17 -04:00
Stephen Gallagher
443480e5d2
Fix bug on gcc13
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 14:53:08 -04:00
Stephen Gallagher
1047bf482c
Update to 20.0.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.0.0

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 12:02:51 -04:00
Stephen Gallagher
280abb5a74
Apply changes to actual spec
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-12 16:21:09 -04:00
Stephen Gallagher
92480e0459
Don't 'Provides:npm' on non-default
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-11 10:52:20 -04:00
Stephen Gallagher
4443d6afb2
Update to 19.9.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-11 10:51:53 -04:00
Stephen Gallagher
64f0989a8d
Adjust nodejs-devel Provides
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-03 09:05:25 -04:00
Stephen Gallagher
a293cec3bf
Add pkg-config files
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-29 18:09:21 -04:00
Stephen Gallagher
7f25939b50
More v8-devel fixes
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-29 13:56:00 -04:00
Stephen Gallagher
559c6e6d44
Drop extraneous endif
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-27 19:06:53 -04:00
Stephen Gallagher
39a633e36e
Fix build issue on non-default releases
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-27 19:05:15 -04:00
Stephen Gallagher
2e164bd121
Fix libv8 packaging issue
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-27 14:57:59 -04:00
Stephen Gallagher
7136699056
Update to 19.8.1
- Namespace the v8 compatibility libraries

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-16 15:35:05 -04:00
Stephen Gallagher
52e4162484
Update to 19.8.0
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V19.md#19.8.0

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-15 10:51:53 -04:00
Stephen Gallagher
3c0fa670d2
Apply typo fix to specfile
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-01 15:08:44 -05:00
Stephen Gallagher
62e12d19a0
Fix typo in conditional
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-01 15:07:34 -05:00
Stephen Gallagher
c4586d42a2
template: Add support for RHEL default version
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-01 14:34:39 -05:00
Stephen Gallagher
0479a8dfd7
Enable dtrace for Node.js < 19
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-01 14:00:26 -05:00
Stephen Gallagher
18ed5c68ec
Drop vestigial bundling bcond
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-01 13:09:42 -05:00
Stephen Gallagher
e389610bc2
Add patch to fix OpenSSL shared build
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-28 22:22:16 -05:00
Stephen Gallagher
0b4597e2bc
sources: use jinja2 template to support patches
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-28 22:22:15 -05:00
Stephen Gallagher
c37ef81437
Don't stage sources file if --no-push was passed
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-28 18:47:49 -05:00
Stephen Gallagher
7ad58e1a63
Specfile tweaks
Make the template more reusable for v18 and v16

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-28 18:38:21 -05:00
Stephen Gallagher
b8c1833746
Drop unneeded patch
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-23 15:19:03 -05:00
Stephen Gallagher
3f0c67d5e5
ABI: The ABI version is the same as the soversion
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 15:05:38 -05:00
Stephen Gallagher
13c3d12652
sources: Add missing paren
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 15:04:36 -05:00
Stephen Gallagher
a35607a1c3
Update to 19.7.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 14:45:36 -05:00
Stephen Gallagher
960b2f524d
sources: clean up after itself
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 14:25:31 -05:00
Stephen Gallagher
ce26a524b5
First Node.js 20 prerelease
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 10:06:35 -05:00
Stephen Gallagher
c541b7e256
Set Node.js 18.x as the default for RHEL 10
This will likely change to 20.x closer to release, but we need a
default in place for the time being.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-27 13:36:00 -05:00
Stephen Gallagher
8cfad4cd12
sources: Fix typo preventing upload
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 17:18:47 -05:00
Stephen Gallagher
148cb7de34
sources: Use spec template for ICU URL
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 16:53:27 -05:00
Stephen Gallagher
99e9cbbbe5
Fix important typo
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 15:41:05 -05:00