From 94b14b879e6e01df54ff43ef19f06737f56944b7 Mon Sep 17 00:00:00 2001
From: Tomas Juhasz <tjuhasz@redhat.com>
Date: Mon, 13 Jan 2025 12:12:54 +0100
Subject: [PATCH] Updated to version 22.13.1

Fixes CVE-2025-23083 CVE-2025-23085 CVE-2025-22150
Resolves: RHEL-76035
---
 ...conditionally-compile-bundled-sqlite.patch | 128 ------------------
 ...-deps-ncrypto-include-openssl-rand.h.patch |  25 ----
 nodejs22.spec                                 |  28 ++--
 sources                                       |   6 +-
 4 files changed, 16 insertions(+), 171 deletions(-)
 delete mode 100644 0002-build-conditionally-compile-bundled-sqlite.patch
 delete mode 100644 0003-deps-ncrypto-include-openssl-rand.h.patch

diff --git a/0002-build-conditionally-compile-bundled-sqlite.patch b/0002-build-conditionally-compile-bundled-sqlite.patch
deleted file mode 100644
index dd6e113..0000000
--- a/0002-build-conditionally-compile-bundled-sqlite.patch
+++ /dev/null
@@ -1,128 +0,0 @@
-From fb3c0082f561d3e656b1b73c6176a04bc203cacb Mon Sep 17 00:00:00 2001
-From: Richard Lau <rlau@redhat.com>
-Date: Wed, 16 Oct 2024 17:26:42 +0000
-Subject: [PATCH] build: conditionally compile bundled sqlite
-
-Only compile the bundled sqlite in `deps/sqlite` if Node.js was not
-configured with `--shared-sqlite`.
-
-`node.gypi` is already correctly adding the sqlite dependency if
-`node_shared_sqlite=="false"` so the unconditional entries in `node.gyp`
-are not necessary.
-
-Signed-off-by: rpm-build <rpm-build>
----
- node.gyp | 13 -------------
- 1 file changed, 13 deletions(-)
-
-diff --git a/node.gyp b/node.gyp
-index da6ea50..9f24b1c 100644
---- a/node.gyp
-+++ b/node.gyp
-@@ -840,7 +840,6 @@
-       'dependencies': [
-         'deps/googletest/googletest.gyp:gtest_prod',
-         'deps/histogram/histogram.gyp:histogram',
--        'deps/sqlite/sqlite.gyp:sqlite',
-         'deps/simdjson/simdjson.gyp:simdjson',
-         'deps/simdutf/simdutf.gyp:simdutf',
-         'deps/ada/ada.gyp:ada',
-@@ -1030,7 +1029,6 @@
-       'dependencies': [
-         '<(node_lib_target_name)',
-         'deps/histogram/histogram.gyp:histogram',
--        'deps/sqlite/sqlite.gyp:sqlite',
-       ],
- 
-       'includes': [
-@@ -1042,7 +1040,6 @@
-         'deps/v8/include',
-         'deps/cares/include',
-         'deps/uv/include',
--        'deps/sqlite',
-         'test/cctest',
-       ],
- 
-@@ -1075,7 +1072,6 @@
-       'dependencies': [
-         '<(node_lib_target_name)',
-         'deps/histogram/histogram.gyp:histogram',
--        'deps/sqlite/sqlite.gyp:sqlite',
-         'deps/uvwasi/uvwasi.gyp:uvwasi',
-       ],
-       'includes': [
-@@ -1086,7 +1082,6 @@
-         'tools/msvs/genfiles',
-         'deps/v8/include',
-         'deps/cares/include',
--        'deps/sqlite',
-         'deps/uv/include',
-         'deps/uvwasi/include',
-         'test/cctest',
-@@ -1121,7 +1116,6 @@
-         '<(node_lib_target_name)',
-         'deps/googletest/googletest.gyp:gtest_prod',
-         'deps/histogram/histogram.gyp:histogram',
--        'deps/sqlite/sqlite.gyp:sqlite',
-         'deps/uvwasi/uvwasi.gyp:uvwasi',
-         'deps/ada/ada.gyp:ada',
-         'deps/nbytes/nbytes.gyp:nbytes',
-@@ -1134,7 +1128,6 @@
-         'tools/msvs/genfiles',
-         'deps/v8/include',
-         'deps/cares/include',
--        'deps/sqlite',
-         'deps/uv/include',
-         'deps/uvwasi/include',
-         'test/cctest',
-@@ -1171,7 +1164,6 @@
-         'deps/googletest/googletest.gyp:gtest',
-         'deps/googletest/googletest.gyp:gtest_main',
-         'deps/histogram/histogram.gyp:histogram',
--        'deps/sqlite/sqlite.gyp:sqlite',
-         'deps/simdjson/simdjson.gyp:simdjson',
-         'deps/simdutf/simdutf.gyp:simdutf',
-         'deps/ada/ada.gyp:ada',
-@@ -1188,7 +1180,6 @@
-         'deps/v8/include',
-         'deps/cares/include',
-         'deps/uv/include',
--        'deps/sqlite',
-         'test/cctest',
-       ],
- 
-@@ -1253,7 +1244,6 @@
-       'dependencies': [
-         '<(node_lib_target_name)',
-         'deps/histogram/histogram.gyp:histogram',
--        'deps/sqlite/sqlite.gyp:sqlite',
-         'deps/ada/ada.gyp:ada',
-         'deps/nbytes/nbytes.gyp:nbytes',
-       ],
-@@ -1269,7 +1259,6 @@
-         'deps/v8/include',
-         'deps/cares/include',
-         'deps/uv/include',
--        'deps/sqlite',
-         'test/embedding',
-       ],
- 
-@@ -1369,7 +1358,6 @@
-       'dependencies': [
-         '<(node_lib_target_name)',
-         'deps/histogram/histogram.gyp:histogram',
--        'deps/sqlite/sqlite.gyp:sqlite',
-         'deps/ada/ada.gyp:ada',
-         'deps/nbytes/nbytes.gyp:nbytes',
-         'deps/simdjson/simdjson.gyp:simdjson',
-@@ -1386,7 +1374,6 @@
-         'deps/v8/include',
-         'deps/cares/include',
-         'deps/uv/include',
--        'deps/sqlite',
-       ],
- 
-       'defines': [ 'NODE_WANT_INTERNALS=1' ],
--- 
-2.47.0
-
diff --git a/0003-deps-ncrypto-include-openssl-rand.h.patch b/0003-deps-ncrypto-include-openssl-rand.h.patch
deleted file mode 100644
index c6667fb..0000000
--- a/0003-deps-ncrypto-include-openssl-rand.h.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From e79552fdbebb411b8a6f7bc323525f463c1ee7ad Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 30 Oct 2024 15:48:59 +0100
-Subject: [PATCH] deps(ncrypto): include <openssl/rand.h>
-
-Signed-off-by: rpm-build <rpm-build>
----
- deps/ncrypto/ncrypto.cc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
-index 457bd2f..a38b4a2 100644
---- a/deps/ncrypto/ncrypto.cc
-+++ b/deps/ncrypto/ncrypto.cc
-@@ -5,6 +5,7 @@
- #include <openssl/bn.h>
- #include <openssl/evp.h>
- #include <openssl/hmac.h>
-+#include <openssl/rand.h>
- #include <openssl/pkcs12.h>
- #include <openssl/x509v3.h>
- #if OPENSSL_VERSION_MAJOR >= 3
--- 
-2.47.0
-
diff --git a/nodejs22.spec b/nodejs22.spec
index 96dc5f9..3a0c165 100644
--- a/nodejs22.spec
+++ b/nodejs22.spec
@@ -52,8 +52,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 22
-%global nodejs_minor 11
-%global nodejs_patch 0
+%global nodejs_minor 13
+%global nodejs_patch 1
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 127
 %global nodejs_abi %{nodejs_soversion}
@@ -80,25 +80,25 @@
 
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
-%global c_ares_version 1.33.1
+%global c_ares_version 1.34.4
 
 # llhttp - from deps/llhttp/include/llhttp.h
 %global llhttp_version 9.2.1
 
 # libuv - from deps/uv/include/uv/version.h
-%global libuv_version 1.48.0
+%global libuv_version 1.49.2
 
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-%global nghttp2_version 1.63.0
+%global nghttp2_version 1.64.0
 
 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
-%global nghttp3_version 0.7.0
+%global nghttp3_version 1.6.0
 
 # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
-%global ngtcp2_version 1.3.0
+%global ngtcp2_version 1.9.1
 
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 75
+%global icu_major 76
 %global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 
@@ -107,7 +107,7 @@
 # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
 
 # simdutf from deps/simdutf/simdutf.h
-%global simdutf_version 5.5.0
+%global simdutf_version 5.6.4
 
 # OpenSSL minimum version
 %global openssl11_minimum 1:1.1.1
@@ -120,7 +120,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 10.9.0
+%global npm_version 10.9.2
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -137,7 +137,7 @@
 %global histogram_version 0.9.7
 
 # sqlite – from deps/sqlite/sqlite3.h
-%global sqlite_version 3.46.1
+%global sqlite_version 3.47.2
 
 
 Name: nodejs%{nodejs_pkg_major}
@@ -167,8 +167,6 @@ Source202: nodejs.pc.in
 Source203: v8.pc.in
 
 Patch: 0001-Remove-unused-OpenSSL-config.patch
-Patch: 0002-build-conditionally-compile-bundled-sqlite.patch
-Patch: 0003-deps-ncrypto-include-openssl-rand.h.patch
 
 %if 0%{?nodejs_default}
 %global pkgname nodejs
@@ -340,7 +338,7 @@ Provides: bundled(simdutf) = %{simdutf_version}
 
 # Upstream has added a new URL parser that has no option to build as a shared
 # library (19.7.0+)
-Provides: bundled(ada) = 2.9.0
+Provides: bundled(ada) = 2.9.2
 
 
 # undici and cjs-module-lexer ship with pre-built WASM binaries.
@@ -352,7 +350,7 @@ Requires: nodejs-cjs-module-lexer
 %endif
 
 %if %{with bundled_undici}
-Provides: bundled(nodejs-undici) = 6.20.0
+Provides: bundled(nodejs-undici) = 6.21.1
 %else
 BuildRequires: nodejs-undici
 Requires: nodejs-undici
diff --git a/sources b/sources
index c9e5eaf..22c26b7 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (node-v22.11.0-stripped.tar.gz) = c113ba85a1722fdea1bb91d67fc2ef6f5b732ba76cfb7f25450d9011a0089f88aa29d617b3716d4fdbafceda59ca0588b2e170797f7974dc51d88502509a2dea
-SHA512 (icu4c-75_1-data-bin-b.zip) = ffec0355c5e0bd210aa7da6e91845979a5f5d893c7703dba4afccfbc80613b728689fbe91d0327542faaae718940f7eb0f842b3cc7c57dddeb22b15c5f79ba2a
-SHA512 (icu4c-75_1-data-bin-l.zip) = b4dbc0986c241e43d66a90c6cf723dd8fd66281416d7d28010c952a895e8f166d980f918754b191a1e2ab468484b7d2ba2d4f6308880ef7f8bc2eecbc94844b9
+SHA512 (node-v22.13.1-stripped.tar.gz) = 0e38b017a4dbc2532287e582d0492eaef6971db987722f5497e1d0875e83f1d0ab00c5d31b6842692f07538e49bdaada8cd997af2b200f4b7f47378fcb81c4ee
+SHA512 (icu4c-76_1-data-bin-b.zip) = 098326fbb0f4a1b70a314985cbe6918f3fec94feb17236dcf8efbc516e139294ec96ae49210e11ee40f4de1ac6977e939cbfd6087009be057b8a60d3ad01daad
+SHA512 (icu4c-76_1-data-bin-l.zip) = 1359ff28bad54f73fe29cc5c4fffb4c11c64399ddcc39bea2ee60b5d3672e7f79546a2255d604474cbd861791c11e62eb50bcecc0cf2cf9a7ece59180e8520fc