rpms/nodejs22
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Updated to version 22.13.1

Browse Source 
Fixes CVE-2025-23083 CVE-2025-23085 CVE-2025-22150
Resolves: RHEL-76035
This commit is contained in:
Tomas Juhasz 2025-01-13 12:12:54 +01:00 committed by Jan Staněk
parent 6cf6adf09f
commit 94b14b879e
No known key found for this signature in database
GPG Key ID: 2972F2037B243B6D
4 changed files with 16 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
0002-build-conditionally-compile-bundled-sqlite.patch
View File

@ -1,128 +0,0 @@
From fb3c0082f561d3e656b1b73c6176a04bc203cacb Mon Sep 17 00:00:00 2001
From: Richard Lau <rlau@redhat.com>
Date: Wed, 16 Oct 2024 17:26:42 +0000
Subject: [PATCH] build: conditionally compile bundled sqlite
Only compile the bundled sqlite in `deps/sqlite` if Node.js was not
configured with `--shared-sqlite`.
`node.gypi` is already correctly adding the sqlite dependency if
`node_shared_sqlite=="false"` so the unconditional entries in `node.gyp`
are not necessary.
Signed-off-by: rpm-build <rpm-build>
---
node.gyp | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/node.gyp b/node.gyp
index da6ea50..9f24b1c 100644
--- a/node.gyp
+++ b/node.gyp
@@ -840,7 +840,6 @@
'dependencies': [
'deps/googletest/googletest.gyp:gtest_prod',
'deps/histogram/histogram.gyp:histogram',
- 'deps/sqlite/sqlite.gyp:sqlite',
'deps/simdjson/simdjson.gyp:simdjson',
'deps/simdutf/simdutf.gyp:simdutf',
'deps/ada/ada.gyp:ada',
@@ -1030,7 +1029,6 @@
'dependencies': [
'<(node_lib_target_name)',
'deps/histogram/histogram.gyp:histogram',
- 'deps/sqlite/sqlite.gyp:sqlite',
],
'includes': [
@@ -1042,7 +1040,6 @@
'deps/v8/include',
'deps/cares/include',
'deps/uv/include',
- 'deps/sqlite',
'test/cctest',
],
@@ -1075,7 +1072,6 @@
'dependencies': [
'<(node_lib_target_name)',
'deps/histogram/histogram.gyp:histogram',
- 'deps/sqlite/sqlite.gyp:sqlite',
'deps/uvwasi/uvwasi.gyp:uvwasi',
],
'includes': [
@@ -1086,7 +1082,6 @@
'tools/msvs/genfiles',
'deps/v8/include',
'deps/cares/include',
- 'deps/sqlite',
'deps/uv/include',
'deps/uvwasi/include',
'test/cctest',
@@ -1121,7 +1116,6 @@
'<(node_lib_target_name)',
'deps/googletest/googletest.gyp:gtest_prod',
'deps/histogram/histogram.gyp:histogram',
- 'deps/sqlite/sqlite.gyp:sqlite',
'deps/uvwasi/uvwasi.gyp:uvwasi',
'deps/ada/ada.gyp:ada',
'deps/nbytes/nbytes.gyp:nbytes',
@@ -1134,7 +1128,6 @@
'tools/msvs/genfiles',
'deps/v8/include',
'deps/cares/include',
- 'deps/sqlite',
'deps/uv/include',
'deps/uvwasi/include',
'test/cctest',
@@ -1171,7 +1164,6 @@
'deps/googletest/googletest.gyp:gtest',
'deps/googletest/googletest.gyp:gtest_main',
'deps/histogram/histogram.gyp:histogram',
- 'deps/sqlite/sqlite.gyp:sqlite',
'deps/simdjson/simdjson.gyp:simdjson',
'deps/simdutf/simdutf.gyp:simdutf',
'deps/ada/ada.gyp:ada',
@@ -1188,7 +1180,6 @@
'deps/v8/include',
'deps/cares/include',
'deps/uv/include',
- 'deps/sqlite',
'test/cctest',
],
@@ -1253,7 +1244,6 @@
'dependencies': [
'<(node_lib_target_name)',
'deps/histogram/histogram.gyp:histogram',
- 'deps/sqlite/sqlite.gyp:sqlite',
'deps/ada/ada.gyp:ada',
'deps/nbytes/nbytes.gyp:nbytes',
],
@@ -1269,7 +1259,6 @@
'deps/v8/include',
'deps/cares/include',
'deps/uv/include',
- 'deps/sqlite',
'test/embedding',
],
@@ -1369,7 +1358,6 @@
'dependencies': [
'<(node_lib_target_name)',
'deps/histogram/histogram.gyp:histogram',
- 'deps/sqlite/sqlite.gyp:sqlite',
'deps/ada/ada.gyp:ada',
'deps/nbytes/nbytes.gyp:nbytes',
'deps/simdjson/simdjson.gyp:simdjson',
@@ -1386,7 +1374,6 @@
'deps/v8/include',
'deps/cares/include',
'deps/uv/include',
- 'deps/sqlite',
],
'defines': [ 'NODE_WANT_INTERNALS=1' ],
--
2.47.0

25
0003-deps-ncrypto-include-openssl-rand.h.patch
View File

@ -1,25 +0,0 @@
From e79552fdbebb411b8a6f7bc323525f463c1ee7ad Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 30 Oct 2024 15:48:59 +0100
Subject: [PATCH] deps(ncrypto): include <openssl/rand.h>
Signed-off-by: rpm-build <rpm-build>
---
deps/ncrypto/ncrypto.cc | 1 +
1 file changed, 1 insertion(+)
diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
index 457bd2f..a38b4a2 100644
--- a/deps/ncrypto/ncrypto.cc
+++ b/deps/ncrypto/ncrypto.cc
@@ -5,6 +5,7 @@
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
+#include <openssl/rand.h>
#include <openssl/pkcs12.h>
#include <openssl/x509v3.h>
#if OPENSSL_VERSION_MAJOR >= 3
--
2.47.0

28
nodejs22.spec
View File

@ -52,8 +52,8 @@
# than a Fedora release lifecycle. # than a Fedora release lifecycle.
%global nodejs_epoch 1 %global nodejs_epoch 1
%global nodejs_major 22 %global nodejs_major 22
%global nodejs_minor 11 %global nodejs_minor 13
%global nodejs_patch 0 %global nodejs_patch 1
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
%global nodejs_soversion 127 %global nodejs_soversion 127
%global nodejs_abi %{nodejs_soversion} %global nodejs_abi %{nodejs_soversion}
@ -80,25 +80,25 @@
# c-ares - from deps/cares/include/ares_version.h # c-ares - from deps/cares/include/ares_version.h
# https://github.com/nodejs/node/pull/9332 # https://github.com/nodejs/node/pull/9332
%global c_ares_version 1.33.1 %global c_ares_version 1.34.4
# llhttp - from deps/llhttp/include/llhttp.h # llhttp - from deps/llhttp/include/llhttp.h
%global llhttp_version 9.2.1 %global llhttp_version 9.2.1
# libuv - from deps/uv/include/uv/version.h # libuv - from deps/uv/include/uv/version.h
%global libuv_version 1.48.0 %global libuv_version 1.49.2
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
%global nghttp2_version 1.63.0 %global nghttp2_version 1.64.0
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
%global nghttp3_version 0.7.0 %global nghttp3_version 1.6.0
# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
%global ngtcp2_version 1.3.0 %global ngtcp2_version 1.9.1
# ICU - from tools/icu/current_ver.dep # ICU - from tools/icu/current_ver.dep
%global icu_major 75 %global icu_major 76
%global icu_minor 1 %global icu_minor 1
%global icu_version %{icu_major}.%{icu_minor} %global icu_version %{icu_major}.%{icu_minor}
@ -107,7 +107,7 @@
# " this line just fixes syntax highlighting for vim that is confused by the above and continues literal # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
# simdutf from deps/simdutf/simdutf.h # simdutf from deps/simdutf/simdutf.h
%global simdutf_version 5.5.0 %global simdutf_version 5.6.4
# OpenSSL minimum version # OpenSSL minimum version
%global openssl11_minimum 1:1.1.1 %global openssl11_minimum 1:1.1.1
@ -120,7 +120,7 @@
# npm - from deps/npm/package.json # npm - from deps/npm/package.json
%global npm_epoch 1 %global npm_epoch 1
%global npm_version 10.9.0 %global npm_version 10.9.2
# In order to avoid needing to keep incrementing the release version for the # In order to avoid needing to keep incrementing the release version for the
# main package forever, we will just construct one for npm that is guaranteed # main package forever, we will just construct one for npm that is guaranteed
@ -137,7 +137,7 @@
%global histogram_version 0.9.7 %global histogram_version 0.9.7
# sqlite from deps/sqlite/sqlite3.h # sqlite from deps/sqlite/sqlite3.h
%global sqlite_version 3.46.1 %global sqlite_version 3.47.2
Name: nodejs%{nodejs_pkg_major} Name: nodejs%{nodejs_pkg_major}
@ -167,8 +167,6 @@ Source202: nodejs.pc.in
Source203: v8.pc.in Source203: v8.pc.in
Patch: 0001-Remove-unused-OpenSSL-config.patch Patch: 0001-Remove-unused-OpenSSL-config.patch
Patch: 0002-build-conditionally-compile-bundled-sqlite.patch
Patch: 0003-deps-ncrypto-include-openssl-rand.h.patch
%if 0%{?nodejs_default} %if 0%{?nodejs_default}
%global pkgname nodejs %global pkgname nodejs
@ -340,7 +338,7 @@ Provides: bundled(simdutf) = %{simdutf_version}
# Upstream has added a new URL parser that has no option to build as a shared # Upstream has added a new URL parser that has no option to build as a shared
# library (19.7.0+) # library (19.7.0+)
Provides: bundled(ada) = 2.9.0 Provides: bundled(ada) = 2.9.2
# undici and cjs-module-lexer ship with pre-built WASM binaries. # undici and cjs-module-lexer ship with pre-built WASM binaries.
@ -352,7 +350,7 @@ Requires: nodejs-cjs-module-lexer
%endif %endif
%if %{with bundled_undici} %if %{with bundled_undici}
Provides: bundled(nodejs-undici) = 6.20.0 Provides: bundled(nodejs-undici) = 6.21.1
%else %else
BuildRequires: nodejs-undici BuildRequires: nodejs-undici
Requires: nodejs-undici Requires: nodejs-undici

6
sources
View File

@ -1,3 +1,3 @@
SHA512 (node-v22.11.0-stripped.tar.gz) = c113ba85a1722fdea1bb91d67fc2ef6f5b732ba76cfb7f25450d9011a0089f88aa29d617b3716d4fdbafceda59ca0588b2e170797f7974dc51d88502509a2dea SHA512 (node-v22.13.1-stripped.tar.gz) = 0e38b017a4dbc2532287e582d0492eaef6971db987722f5497e1d0875e83f1d0ab00c5d31b6842692f07538e49bdaada8cd997af2b200f4b7f47378fcb81c4ee
SHA512 (icu4c-75_1-data-bin-b.zip) = ffec0355c5e0bd210aa7da6e91845979a5f5d893c7703dba4afccfbc80613b728689fbe91d0327542faaae718940f7eb0f842b3cc7c57dddeb22b15c5f79ba2a SHA512 (icu4c-76_1-data-bin-b.zip) = 098326fbb0f4a1b70a314985cbe6918f3fec94feb17236dcf8efbc516e139294ec96ae49210e11ee40f4de1ac6977e939cbfd6087009be057b8a60d3ad01daad
SHA512 (icu4c-75_1-data-bin-l.zip) = b4dbc0986c241e43d66a90c6cf723dd8fd66281416d7d28010c952a895e8f166d980f918754b191a1e2ab468484b7d2ba2d4f6308880ef7f8bc2eecbc94844b9 SHA512 (icu4c-76_1-data-bin-l.zip) = 1359ff28bad54f73fe29cc5c4fffb4c11c64399ddcc39bea2ee60b5d3672e7f79546a2255d604474cbd861791c11e62eb50bcecc0cf2cf9a7ece59180e8520fc