import nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2

c8-stream-20 imports/c8-stream-20/nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2
MSVSphere Packaging Team 6 months ago
parent b2060f61b4
commit 3943f18980

6
.gitignore vendored

@ -1,6 +1,6 @@
SOURCES/cjs-module-lexer-1.2.2.tar.gz SOURCES/cjs-module-lexer-1.2.2.tar.gz
SOURCES/icu4c-73_2-src.tgz SOURCES/icu4c-74_2-src.tgz
SOURCES/node-v20.11.0-stripped.tar.gz SOURCES/node-v20.12.2-stripped.tar.gz
SOURCES/undici-5.27.2.tar.gz SOURCES/undici-5.28.4.tar.gz
SOURCES/wasi-sdk-wasi-sdk-11.tar.gz SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
SOURCES/wasi-sdk-wasi-sdk-16.tar.gz SOURCES/wasi-sdk-wasi-sdk-16.tar.gz

@ -1,6 +1,6 @@
36854f5860acf4b3f8ef8a08cd4240c81c8ae013 SOURCES/cjs-module-lexer-1.2.2.tar.gz 164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz
3d94969b097189bf5479c312d9593d2d252f5a73 SOURCES/icu4c-73_2-src.tgz 43a8d688a3a6bc8f0f8c5e699d0ef7a905d24314 SOURCES/icu4c-74_2-src.tgz
77fb048d100d9663d417274bc38c3f53a9e58f9e SOURCES/node-v20.11.0-stripped.tar.gz f25c352600b72849a7241017ffc64bb0fe339d4d SOURCES/node-v20.12.2-stripped.tar.gz
6ae4fbe44f94670fdd1c1f0072ac7d6ed106d402 SOURCES/undici-5.27.2.tar.gz 2be9cb115c2832e1fda9e730fa92e0bf725b6f3d SOURCES/undici-5.28.4.tar.gz
8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-wasi-sdk-16.tar.gz fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-wasi-sdk-16.tar.gz

@ -1,4 +1,4 @@
From c73e0892eb1d0aa2df805618c019dc5c96b79705 Mon Sep 17 00:00:00 2001 From 2da7f25d9311bdea702b4b435830c02ce78b3ab9 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build> From: rpm-build <rpm-build>
Date: Tue, 30 May 2023 13:12:35 +0200 Date: Tue, 30 May 2023 13:12:35 +0200
Subject: [PATCH] Disable running gyp on shared deps Subject: [PATCH] Disable running gyp on shared deps
@ -10,7 +10,7 @@ Signed-off-by: rpm-build <rpm-build>
2 files changed, 1 insertion(+), 18 deletions(-) 2 files changed, 1 insertion(+), 18 deletions(-)
diff --git a/Makefile b/Makefile diff --git a/Makefile b/Makefile
index 0be0659..3c44201 100644 index 7bd80d0..c43a50f 100644
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@@ -169,7 +169,7 @@ with-code-cache test-code-cache: @@ -169,7 +169,7 @@ with-code-cache test-code-cache:
@ -23,10 +23,10 @@ index 0be0659..3c44201 100644
tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \ tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
diff --git a/node.gyp b/node.gyp diff --git a/node.gyp b/node.gyp
index cf52281..c33b57b 100644 index 4aac640..aa0ba88 100644
--- a/node.gyp --- a/node.gyp
+++ b/node.gyp +++ b/node.gyp
@@ -430,23 +430,6 @@ @@ -775,23 +775,6 @@
], ],
}, },
], ],
@ -51,5 +51,5 @@ index cf52281..c33b57b 100644
], ],
}, # node_core_target_name }, # node_core_target_name
-- --
2.41.0 2.44.0

@ -0,0 +1,85 @@
From 4caaf9c19d3c058f5b89ecd9fc721ee49370651a Mon Sep 17 00:00:00 2001
From: Michael Dawson <midawson@redhat.com>
Date: Fri, 23 Feb 2024 13:43:56 +0100
Subject: [PATCH] Disable FIPS options
On RHEL, FIPS should be configured only on system level.
Additionally, the related options may cause segfault when used on RHEL.
This patch causes the option processing to end sooner
than the problematic code gets executed.
Additionally, the JS-level options to mess with FIPS settings
are similarly disabled.
Upstream report: https://github.com/nodejs/node/pull/48950
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
Customer case: https://access.redhat.com/support/cases/#/case/03711488
Signed-off-by: rpm-build <rpm-build>
---
lib/crypto.js | 10 ++++++++++
lib/internal/errors.js | 6 ++++++
src/crypto/crypto_util.cc | 2 ++
3 files changed, 18 insertions(+)
diff --git a/lib/crypto.js b/lib/crypto.js
index 1216f3a..fbfcb26 100644
--- a/lib/crypto.js
+++ b/lib/crypto.js
@@ -36,6 +36,9 @@ const {
assertCrypto();
const {
+ // RHEL specific error
+ ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED,
+
ERR_CRYPTO_FIPS_FORCED,
ERR_WORKER_UNSUPPORTED_OPERATION,
} = require('internal/errors').codes;
@@ -253,6 +256,13 @@ function getFips() {
}
function setFips(val) {
+ // in RHEL FIPS enable/disable should only be done at system level
+ if (getFips() != val) {
+ throw new ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED();
+ } else {
+ return;
+ }
+
if (getOptionValue('--force-fips')) {
if (val) return;
throw new ERR_CRYPTO_FIPS_FORCED();
diff --git a/lib/internal/errors.js b/lib/internal/errors.js
index def4949..580ca7a 100644
--- a/lib/internal/errors.js
+++ b/lib/internal/errors.js
@@ -1112,6 +1112,12 @@ module.exports = {
//
// Note: Node.js specific errors must begin with the prefix ERR_
+// insert RHEL specific erro
+E('ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED',
+ 'Cannot set FIPS mode. FIPS should be enabled/disabled at system level. See' +
+ 'https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n',
+ Error);
+
E('ERR_ACCESS_DENIED',
'Access to this API has been restricted. Permission: %s',
Error);
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
index 5734d8f..ef9d1b1 100644
--- a/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
@@ -121,6 +121,8 @@ bool ProcessFipsOptions() {
/* Override FIPS settings in configuration file, if needed. */
if (per_process::cli_options->enable_fips_crypto ||
per_process::cli_options->force_fips_crypto) {
+ fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
+ return false;
#if OPENSSL_VERSION_MAJOR >= 3
OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
if (fips_provider == nullptr)
--
2.44.0

@ -0,0 +1,107 @@
From d9a06fe94439d9f103aeffe597441c0a2c0a4eb3 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:26:42 +0900
Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame
Signed-off-by: rpm-build <rpm-build>
---
deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 7 ++++++-
deps/nghttp2/lib/nghttp2_helper.c | 2 ++
deps/nghttp2/lib/nghttp2_session.c | 7 +++++++
deps/nghttp2/lib/nghttp2_session.h | 10 ++++++++++
4 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
index 8891760..a9629c7 100644
--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
@@ -466,7 +466,12 @@ typedef enum {
* exhaustion on server side to send these frames forever and does
* not read network.
*/
- NGHTTP2_ERR_FLOODED = -904
+ NGHTTP2_ERR_FLOODED = -904,
+ /**
+ * When a local endpoint receives too many CONTINUATION frames
+ * following a HEADER frame.
+ */
+ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
} nghttp2_error;
/**
diff --git a/deps/nghttp2/lib/nghttp2_helper.c b/deps/nghttp2/lib/nghttp2_helper.c
index 93dd475..b3563d9 100644
--- a/deps/nghttp2/lib/nghttp2_helper.c
+++ b/deps/nghttp2/lib/nghttp2_helper.c
@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) {
"closed";
case NGHTTP2_ERR_TOO_MANY_SETTINGS:
return "SETTINGS frame contained more than the maximum allowed entries";
+ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
+ return "Too many CONTINUATION frames following a HEADER frame";
default:
return "Unknown error code";
}
diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
index 226cdd5..e343365 100644
--- a/deps/nghttp2/lib/nghttp2_session.c
+++ b/deps/nghttp2/lib/nghttp2_session.c
@@ -497,6 +497,7 @@ static int session_new(nghttp2_session **session_ptr,
(*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
(*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
(*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
+ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
if (option) {
if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
@@ -6812,6 +6813,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
}
}
session_inbound_frame_reset(session);
+
+ session->num_continuations = 0;
}
break;
}
@@ -6933,6 +6936,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
}
#endif /* DEBUGBUILD */
+ if (++session->num_continuations > session->max_continuations) {
+ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
+ }
+
readlen = inbound_frame_buf_read(iframe, in, last);
in += readlen;
diff --git a/deps/nghttp2/lib/nghttp2_session.h b/deps/nghttp2/lib/nghttp2_session.h
index b119329..ef8f7b2 100644
--- a/deps/nghttp2/lib/nghttp2_session.h
+++ b/deps/nghttp2/lib/nghttp2_session.h
@@ -110,6 +110,10 @@ typedef struct {
#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
+/* The default max number of CONTINUATION frames following an incoming
+ HEADER frame. */
+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
+
/* Internal state when receiving incoming frame */
typedef enum {
/* Receiving frame header */
@@ -290,6 +294,12 @@ struct nghttp2_session {
size_t max_send_header_block_length;
/* The maximum number of settings accepted per SETTINGS frame. */
size_t max_settings;
+ /* The maximum number of CONTINUATION frames following an incoming
+ HEADER frame. */
+ size_t max_continuations;
+ /* The number of CONTINUATION frames following an incoming HEADER
+ frame. This variable is reset when END_HEADERS flag is seen. */
+ size_t num_continuations;
/* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
uint32_t next_stream_id;
/* The last stream ID this session initiated. For client session,
--
2.44.0

@ -0,0 +1,89 @@
From ca0a0b02da4db1d65eca8169c6e27bb635924dfb Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:48:10 +0900
Subject: [PATCH] Add nghttp2_option_set_max_continuations
Signed-off-by: rpm-build <rpm-build>
---
deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
deps/nghttp2/lib/nghttp2_option.c | 5 +++++
deps/nghttp2/lib/nghttp2_option.h | 5 +++++
deps/nghttp2/lib/nghttp2_session.c | 4 ++++
4 files changed, 25 insertions(+)
diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
index a9629c7..92c3ccc 100644
--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
@@ -3210,6 +3210,17 @@ NGHTTP2_EXTERN void
nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
uint64_t burst, uint64_t rate);
+/**
+ * @function
+ *
+ * This function sets the maximum number of CONTINUATION frames
+ * following an incoming HEADER frame. If more than those frames are
+ * received, the remote endpoint is considered to be misbehaving and
+ * session will be closed. The default value is 8.
+ */
+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
+ size_t val);
+
/**
* @function
*
diff --git a/deps/nghttp2/lib/nghttp2_option.c b/deps/nghttp2/lib/nghttp2_option.c
index 43d4e95..53144b9 100644
--- a/deps/nghttp2/lib/nghttp2_option.c
+++ b/deps/nghttp2/lib/nghttp2_option.c
@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
option->stream_reset_burst = burst;
option->stream_reset_rate = rate;
}
+
+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
+ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
+ option->max_continuations = val;
+}
diff --git a/deps/nghttp2/lib/nghttp2_option.h b/deps/nghttp2/lib/nghttp2_option.h
index 2259e18..c89cb97 100644
--- a/deps/nghttp2/lib/nghttp2_option.h
+++ b/deps/nghttp2/lib/nghttp2_option.h
@@ -71,6 +71,7 @@ typedef enum {
NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
+ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
} nghttp2_option_flag;
/**
@@ -98,6 +99,10 @@ struct nghttp2_option {
* NGHTTP2_OPT_MAX_SETTINGS
*/
size_t max_settings;
+ /**
+ * NGHTTP2_OPT_MAX_CONTINUATIONS
+ */
+ size_t max_continuations;
/**
* Bitwise OR of nghttp2_option_flag to determine that which fields
* are specified.
diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
index e343365..555032d 100644
--- a/deps/nghttp2/lib/nghttp2_session.c
+++ b/deps/nghttp2/lib/nghttp2_session.c
@@ -586,6 +586,10 @@ static int session_new(nghttp2_session **session_ptr,
option->stream_reset_burst,
option->stream_reset_rate);
}
+
+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
+ (*session_ptr)->max_continuations = option->max_continuations;
+ }
}
rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
--
2.44.0

@ -1,20 +0,0 @@
FIPS related options cause a segfault, let's end sooner
Upstream report: https://github.com/nodejs/node/pull/48950
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
This patch makes the part of the code that processes cmd-line options for
FIPS to end sooner before the code gets to the problematic part of the code.
diff -up node-v18.16.1/src/crypto/crypto_util.cc.origfips node-v18.16.1/src/crypto/crypto_util.cc
--- node-v18.16.1/src/crypto/crypto_util.cc.origfips 2023-07-31 12:09:46.603683081 +0200
+++ node-v18.16.1/src/crypto/crypto_util.cc 2023-07-31 12:16:16.906617914 +0200
@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
/* Override FIPS settings in configuration file, if needed. */
if (per_process::cli_options->enable_fips_crypto ||
per_process::cli_options->force_fips_crypto) {
+ fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
+ return false;
#if OPENSSL_VERSION_MAJOR >= 3
OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
if (fips_provider == nullptr)

@ -33,7 +33,7 @@
# This is used by both the nodejs package and the npm subpackage that # This is used by both the nodejs package and the npm subpackage that
# has a separate version - the name is special so that rpmdev-bumpspec # has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end. # will bump this rather than adding .1 to the end.
%global baserelease 1 %global baserelease 2
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -44,8 +44,8 @@
# than a Fedora release lifecycle. # than a Fedora release lifecycle.
%global nodejs_epoch 1 %global nodejs_epoch 1
%global nodejs_major 20 %global nodejs_major 20
%global nodejs_minor 11 %global nodejs_minor 12
%global nodejs_patch 0 %global nodejs_patch 2
%global nodejs_abi %{nodejs_major}.%{nodejs_minor} %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
%global nodejs_soversion 115 %global nodejs_soversion 115
@ -69,16 +69,16 @@
# c-ares - from deps/cares/include/ares_version.h # c-ares - from deps/cares/include/ares_version.h
# https://github.com/nodejs/node/pull/9332 # https://github.com/nodejs/node/pull/9332
%global c_ares_version 1.20.1 %global c_ares_version 1.27.0
# llhttp - from deps/llhttp/include/llhttp.h # llhttp - from deps/llhttp/include/llhttp.h
%global llhttp_version 8.1.1 %global llhttp_version 8.1.2
# libuv - from deps/uv/include/uv/version.h # libuv - from deps/uv/include/uv/version.h
%global libuv_version 1.46.0 %global libuv_version 1.46.0
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
%global nghttp2_version 1.58.0 %global nghttp2_version 1.60.0
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
%global nghttp3_version 0.7.0 %global nghttp3_version 0.7.0
@ -87,7 +87,7 @@
%global ngtcp2_version 0.8.1 %global ngtcp2_version 0.8.1
# ICU - from tools/icu/current_ver.dep # ICU - from tools/icu/current_ver.dep
%global icu_major 73 %global icu_major 74
%global icu_minor 2 %global icu_minor 2
%global icu_version %{icu_major}.%{icu_minor} %global icu_version %{icu_major}.%{icu_minor}
@ -106,10 +106,10 @@
%endif %endif
# simduft from deps/simdutf/simdutf.h # simduft from deps/simdutf/simdutf.h
%global simduft_version 4.0.4 %global simduft_version 4.0.8
# ada from deps/ada/ada.h # ada from deps/ada/ada.h
%global ada_version 2.7.4 %global ada_version 2.7.6
# OpenSSL minimum version # OpenSSL minimum version
%global openssl_minimum 1:1.1.1 %global openssl_minimum 1:1.1.1
@ -122,7 +122,7 @@
# npm - from deps/npm/package.json # npm - from deps/npm/package.json
%global npm_epoch 1 %global npm_epoch 1
%global npm_version 10.2.4 %global npm_version 10.5.0
# In order to avoid needing to keep incrementing the release version for the # In order to avoid needing to keep incrementing the release version for the
# main package forever, we will just construct one for npm that is guaranteed # main package forever, we will just construct one for npm that is guaranteed
@ -132,10 +132,10 @@
# Node.js 16.9.1 and later comes with an experimental package management tool # Node.js 16.9.1 and later comes with an experimental package management tool
# corepack - from deps/corepack/package.json # corepack - from deps/corepack/package.json
%global corepack_version 0.23.0 %global corepack_version 0.25.2
# uvwasi - from deps/uvwasi/include/uvwasi.h # uvwasi - from deps/uvwasi/include/uvwasi.h
%global uvwasi_version 0.0.19 %global uvwasi_version 0.0.20
# histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h # histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h
%global histogram_version 0.11.8 %global histogram_version 0.11.8
@ -181,9 +181,9 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
# Version: jq '.version' deps/undici/src/package.json # Version: jq '.version' deps/undici/src/package.json
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.27.2.tar.gz # Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz
# Adjustments: rm -f undici-5.27.2/lib/llhttp/llhttp*.wasm* # Adjustments: rm -f undici-5.28.4/lib/llhttp/llhttp*.wasm*
Source111: undici-5.27.2.tar.gz Source111: undici-5.28.4.tar.gz
# The WASM blob was made using wasi-sdk v16; compiler libraries are linked in. # The WASM blob was made using wasi-sdk v16; compiler libraries are linked in.
# Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt # Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt
# Also check (undici tarball): lib/llhttp/wasm_build_env.txt # Also check (undici tarball): lib/llhttp/wasm_build_env.txt
@ -191,7 +191,9 @@ Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk-
# Disable running gyp on bundled deps we don't use # Disable running gyp on bundled deps we don't use
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
Patch3: nodejs-fips-disable-options.patch Patch2: 0002-Disable-FIPS-options.patch
Patch3: 0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch
Patch4: 0004-Add-nghttp2_option_set_max_continuations.patch
BuildRequires: make BuildRequires: make
BuildRequires: python3-devel BuildRequires: python3-devel
@ -434,7 +436,7 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl
export LDFLAGS="%{build_ldflags}" export LDFLAGS="%{build_ldflags}"
%{__python3} configure.py --prefix=%{_prefix} --verbose \ %{__python3} configure.py --prefix=%{_prefix} --verbose \
--shared-openssl \ --shared-openssl --openssl-conf-name=openssl_conf \
--shared-zlib \ --shared-zlib \
--shared-brotli \ --shared-brotli \
%{!?with_bundled:--shared-libuv} \ %{!?with_bundled:--shared-libuv} \
@ -485,7 +487,7 @@ popd # deps
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
./tools/install.py install %{buildroot} %{_prefix} ./tools/install.py install --dest-dir=%{buildroot} --prefix=%{_prefix}
# Set the binary permissions properly # Set the binary permissions properly
chmod 0755 %{buildroot}/%{_bindir}/node chmod 0755 %{buildroot}/%{_bindir}/node
@ -722,6 +724,18 @@ end
%changelog %changelog
* Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-2
- Backport nghttp2 patch for CVE-2024-28182
* Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-1
- Rebase to version 20.12.0
Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node)
Fixes: CVE-2024-25629 (c-ares)
* Wed Feb 21 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.1-1
- Rebase to version 20.11.1
- Resolves: RHEL-26017 RHEL-26266 RHEL-26685 RHEL-26686 RHEL-26004 RHEL-26596 RHEL-26688
* Fri Jan 19 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.0-1 * Fri Jan 19 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.0-1
- Rebase to version 20.11.0 - Rebase to version 20.11.0
- Resolves: RHEL-21435 - Resolves: RHEL-21435

Loading…
Cancel
Save