Stephen Gallagher
fd717eb4cc
Update to 20.5.1
...
** 2023-08-09, Version 20.5.1 (Current), @RafaelGSS
This is a security release.
*** Notable Changes
The following CVEs are fixed in this release:
* [CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002 ): Policies can be bypassed via Module.\_load (High)
* [CVE-2023-32558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32558 ): process.binding() can bypass the permission model through path traversal (High)
* [CVE-2023-32004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32004 ): Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
* [CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006 ): Policies can be bypassed by module.constructor.createRequire (Medium)
* [CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559 ): Policies can be bypassed via process.binding (Medium)
* [CVE-2023-32005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32005 ): fs.statfs can bypass the permission model (Low)
* [CVE-2023-32003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32003 ): fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
* OpenSSL Security Releases
* [OpenSSL security advisory 14th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html ).
* [OpenSSL security advisory 19th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html ).
* [OpenSSL security advisory 31st July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html )
More detailed information on each of the vulnerabilities can be found in [August 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/ ) blog post.
** 2023-07-18, Version 20.5.0 (Current), @juanarbol
*** Notable Changes
* \[[`45be29d89f`](https://github.com/nodejs/node/commit/45be29d89f )] - **doc**: add atlowChemi to collaborators (atlowChemi) [#48757 ](https://github.com/nodejs/node/pull/48757 )
* \[[`a316808136`](https://github.com/nodejs/node/commit/a316808136 )] - **(SEMVER-MINOR)** **events**: allow safely adding listener to abortSignal (Chemi Atlow) [#48596 ](https://github.com/nodejs/node/pull/48596 )
* \[[`986b46a567`](https://github.com/nodejs/node/commit/986b46a567 )] - **fs**: add a fast-path for readFileSync utf-8 (Yagiz Nizipli) [#48658 ](https://github.com/nodejs/node/pull/48658 )
* \[[`0ef73ff6f0`](https://github.com/nodejs/node/commit/0ef73ff6f0 )] - **(SEMVER-MINOR)** **test\_runner**: add shards support (Raz Luvaton) [#48639 ](https://github.com/nodejs/node/pull/48639 )
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-08-09 16:13:26 -04:00
Stephen Gallagher
2dee98da40
Release 20.4.0
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-07-12 12:50:28 -04:00
Stephen Gallagher
9d9ff2a528
Update to security release 20.3.1
...
- https://nodejs.org/en/blog/vulnerability/june-2023-security-releases
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.3.1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-06-22 12:54:46 -04:00
Stephen Gallagher
6fdba8a532
Release Node.js 20.2.0
...
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.2.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-05-17 09:23:34 -04:00
Stephen Gallagher
6d822b2572
Update to 20.1.0
...
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.1.0
Also drop upstreamed patch
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-05-04 16:16:03 -04:00
Stephen Gallagher
d8fdc60e0f
Temporarily reduce optimizations
...
Something in -O2 is causing segfaults in v8
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-05-02 17:35:20 -04:00
Stephen Gallagher
1a9e720653
Fix up shebangs for npm and npx
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-28 10:43:13 -04:00
Jan Staněk
1827854f11
Replace /usr/etc/npmrc symlink with builtin configuration
...
We want to have the system-level npmrc located at /etc/npmrc.
By default, npm looks for it in /usr/etc/npmrc,
so we placed a symlink to /etc/npmrc there.
However, we are the only known package that has anything in /usr/etc,
which confuses and/or breaks various tooling (see related bug).
This gets rid of the symlink,
and instead uses "builtin"-level configuration of npm
to cause it to load the system-level configuration from /etc/npmrc.
Related: rhbz#2177776
2023-04-27 13:23:13 +02:00
Stephen Gallagher
8a6ffdbb6a
Fix npm manpage symlinks
...
Resolves: rhbz#2187978
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 14:54:17 -04:00
Stephen Gallagher
443480e5d2
Fix bug on gcc13
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 14:53:08 -04:00
Stephen Gallagher
1047bf482c
Update to 20.0.0
...
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.0.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 12:02:51 -04:00
Stephen Gallagher
280abb5a74
Apply changes to actual spec
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-12 16:21:09 -04:00
Stephen Gallagher
4443d6afb2
Update to 19.9.0
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-11 10:51:53 -04:00
Stephen Gallagher
64f0989a8d
Adjust nodejs-devel Provides
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-03 09:05:25 -04:00
Stephen Gallagher
a293cec3bf
Add pkg-config files
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-29 18:09:21 -04:00
Stephen Gallagher
7f25939b50
More v8-devel fixes
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-29 13:56:00 -04:00
Stephen Gallagher
559c6e6d44
Drop extraneous endif
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-27 19:06:53 -04:00
Stephen Gallagher
39a633e36e
Fix build issue on non-default releases
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-27 19:05:15 -04:00
Stephen Gallagher
2e164bd121
Fix libv8 packaging issue
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-27 14:57:59 -04:00
Stephen Gallagher
7136699056
Update to 19.8.1
...
- Namespace the v8 compatibility libraries
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-16 15:35:05 -04:00
Stephen Gallagher
52e4162484
Update to 19.8.0
...
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V19.md#19.8.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-15 10:51:53 -04:00
Stephen Gallagher
3c0fa670d2
Apply typo fix to specfile
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-01 15:08:44 -05:00
Stephen Gallagher
c4586d42a2
template: Add support for RHEL default version
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-01 14:34:39 -05:00
Stephen Gallagher
0479a8dfd7
Enable dtrace for Node.js < 19
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-01 14:00:26 -05:00
Stephen Gallagher
18ed5c68ec
Drop vestigial bundling bcond
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-01 13:09:42 -05:00
Stephen Gallagher
0b4597e2bc
sources: use jinja2 template to support patches
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-28 22:22:15 -05:00
Stephen Gallagher
7ad58e1a63
Specfile tweaks
...
Make the template more reusable for v18 and v16
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-28 18:38:21 -05:00
Stephen Gallagher
b8c1833746
Drop unneeded patch
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-23 15:19:03 -05:00
Stephen Gallagher
a35607a1c3
Update to 19.7.0
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 14:45:36 -05:00
Stephen Gallagher
ce26a524b5
First Node.js 20 prerelease
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 10:06:35 -05:00