import nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2

4 months ago · 3943f18980
parent b2060f61b4
commit 3943f18980
8 changed files with 325 additions and 50 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,6 @@
 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-SOURCES/icu4c-73_2-src.tgz
+SOURCES/icu4c-74_2-src.tgz
-SOURCES/node-v20.11.0-stripped.tar.gz
+SOURCES/node-v20.12.2-stripped.tar.gz
-SOURCES/undici-5.27.2.tar.gz
+SOURCES/undici-5.28.4.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-16.tar.gz
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@ -1,6 +1,6 @@
-36854f5860acf4b3f8ef8a08cd4240c81c8ae013 SOURCES/cjs-module-lexer-1.2.2.tar.gz
+164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz
-3d94969b097189bf5479c312d9593d2d252f5a73 SOURCES/icu4c-73_2-src.tgz
+43a8d688a3a6bc8f0f8c5e699d0ef7a905d24314 SOURCES/icu4c-74_2-src.tgz
-77fb048d100d9663d417274bc38c3f53a9e58f9e SOURCES/node-v20.11.0-stripped.tar.gz
+f25c352600b72849a7241017ffc64bb0fe339d4d SOURCES/node-v20.12.2-stripped.tar.gz
-6ae4fbe44f94670fdd1c1f0072ac7d6ed106d402 SOURCES/undici-5.27.2.tar.gz
+2be9cb115c2832e1fda9e730fa92e0bf725b6f3d SOURCES/undici-5.28.4.tar.gz
 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-wasi-sdk-16.tar.gz
--- a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
@ -1,4 +1,4 @@
-From c73e0892eb1d0aa2df805618c019dc5c96b79705 Mon Sep 17 00:00:00 2001
+From 2da7f25d9311bdea702b4b435830c02ce78b3ab9 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Tue, 30 May 2023 13:12:35 +0200
 Subject: [PATCH] Disable running gyp on shared deps
@ -10,7 +10,7 @@ Signed-off-by: rpm-build <rpm-build>
 2 files changed, 1 insertion(+), 18 deletions(-)
 diff --git a/Makefile b/Makefile
-index 0be0659..3c44201 100644
+index 7bd80d0..c43a50f 100644
 --- a/Makefile
 +++ b/Makefile
@@ -169,7 +169,7 @@ with-code-cache test-code-cache:
@ -23,10 +23,10 @@ index 0be0659..3c44201 100644
 	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
 	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
 diff --git a/node.gyp b/node.gyp
-index cf52281..c33b57b 100644
+index 4aac640..aa0ba88 100644
 --- a/node.gyp
 +++ b/node.gyp
-@@ -430,23 +430,6 @@
+@@ -775,23 +775,6 @@
               ],
             },
           ],
@ -51,5 +51,5 @@ index cf52281..c33b57b 100644
       ],
     }, # node_core_target_name
 -- 
-2.41.0
+2.44.0
--- a/SOURCES/0002-Disable-FIPS-options.patch
+++ b/SOURCES/0002-Disable-FIPS-options.patch
@ -0,0 +1,85 @@
 From 4caaf9c19d3c058f5b89ecd9fc721ee49370651a Mon Sep 17 00:00:00 2001
 From: Michael Dawson <midawson@redhat.com>
 Date: Fri, 23 Feb 2024 13:43:56 +0100
 Subject: [PATCH] Disable FIPS options
 On RHEL, FIPS should be configured only on system level.
 Additionally, the related options may cause segfault when used on RHEL.
 This patch causes the option processing to end sooner
 than the problematic code gets executed.
 Additionally, the JS-level options to mess with FIPS settings
 are similarly disabled.
 Upstream report: https://github.com/nodejs/node/pull/48950
 RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
 Customer case: https://access.redhat.com/support/cases/#/case/03711488
 Signed-off-by: rpm-build <rpm-build>
 ---
 lib/crypto.js             | 10 ++++++++++
 lib/internal/errors.js    |  6 ++++++
 src/crypto/crypto_util.cc |  2 ++
 3 files changed, 18 insertions(+)
 diff --git a/lib/crypto.js b/lib/crypto.js
 index 1216f3a..fbfcb26 100644
 --- a/lib/crypto.js
 +++ b/lib/crypto.js
@@ -36,6 +36,9 @@ const {
 assertCrypto();
 const {
 +  // RHEL specific error
 +  ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED,
 +
   ERR_CRYPTO_FIPS_FORCED,
   ERR_WORKER_UNSUPPORTED_OPERATION,
 } = require('internal/errors').codes;
@@ -253,6 +256,13 @@ function getFips() {
 }
 function setFips(val) {
 +  // in RHEL FIPS enable/disable should only be done at system level
 +  if (getFips() != val) {
 +    throw new ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED();
 +  } else {
 +    return;
 +  }
 +
   if (getOptionValue('--force-fips')) {
     if (val) return;
     throw new ERR_CRYPTO_FIPS_FORCED();
 diff --git a/lib/internal/errors.js b/lib/internal/errors.js
 index def4949..580ca7a 100644
 --- a/lib/internal/errors.js
 +++ b/lib/internal/errors.js
@@ -1112,6 +1112,12 @@ module.exports = {
 //
 // Note: Node.js specific errors must begin with the prefix ERR_
 +// insert RHEL specific erro
 +E('ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED',
 +  'Cannot set FIPS mode. FIPS should be enabled/disabled at system level. See' +
 +  'https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n',
 +  Error);
 +
 E('ERR_ACCESS_DENIED',
   'Access to this API has been restricted. Permission: %s',
   Error);
 diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
 index 5734d8f..ef9d1b1 100644
 --- a/src/crypto/crypto_util.cc
 +++ b/src/crypto/crypto_util.cc
@@ -121,6 +121,8 @@ bool ProcessFipsOptions() {
   /* Override FIPS settings in configuration file, if needed. */
   if (per_process::cli_options->enable_fips_crypto ||
       per_process::cli_options->force_fips_crypto) {
 +      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
 +      return false;
 #if OPENSSL_VERSION_MAJOR >= 3
     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
     if (fips_provider == nullptr)
 -- 
 2.44.0
--- a/SOURCES/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch
+++ b/SOURCES/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch
@ -0,0 +1,107 @@
 From d9a06fe94439d9f103aeffe597441c0a2c0a4eb3 Mon Sep 17 00:00:00 2001
 From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
 Date: Sat, 9 Mar 2024 16:26:42 +0900
 Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame
 Signed-off-by: rpm-build <rpm-build>
 ---
 deps/nghttp2/lib/includes/nghttp2/nghttp2.h |  7 ++++++-
 deps/nghttp2/lib/nghttp2_helper.c           |  2 ++
 deps/nghttp2/lib/nghttp2_session.c          |  7 +++++++
 deps/nghttp2/lib/nghttp2_session.h          | 10 ++++++++++
 4 files changed, 25 insertions(+), 1 deletion(-)
 diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
 index 8891760..a9629c7 100644
 --- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
 +++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
@@ -466,7 +466,12 @@ typedef enum {
    * exhaustion on server side to send these frames forever and does
    * not read network.
    */
 -  NGHTTP2_ERR_FLOODED = -904
 +  NGHTTP2_ERR_FLOODED = -904,
 +  /**
 +   * When a local endpoint receives too many CONTINUATION frames
 +   * following a HEADER frame.
 +   */
 +  NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
 } nghttp2_error;
 /**
 diff --git a/deps/nghttp2/lib/nghttp2_helper.c b/deps/nghttp2/lib/nghttp2_helper.c
 index 93dd475..b3563d9 100644
 --- a/deps/nghttp2/lib/nghttp2_helper.c
 +++ b/deps/nghttp2/lib/nghttp2_helper.c
@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) {
            "closed";
   case NGHTTP2_ERR_TOO_MANY_SETTINGS:
     return "SETTINGS frame contained more than the maximum allowed entries";
 +  case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
 +    return "Too many CONTINUATION frames following a HEADER frame";
   default:
     return "Unknown error code";
   }
 diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
 index 226cdd5..e343365 100644
 --- a/deps/nghttp2/lib/nghttp2_session.c
 +++ b/deps/nghttp2/lib/nghttp2_session.c
@@ -497,6 +497,7 @@ static int session_new(nghttp2_session **session_ptr,
   (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
   (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
   (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
 +  (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
   if (option) {
     if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
@@ -6812,6 +6813,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
           }
         }
         session_inbound_frame_reset(session);
 +
 +        session->num_continuations = 0;
       }
       break;
     }
@@ -6933,6 +6936,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
       }
 #endif /* DEBUGBUILD */
 +      if (++session->num_continuations > session->max_continuations) {
 +        return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
 +      }
 +
       readlen = inbound_frame_buf_read(iframe, in, last);
       in += readlen;
 diff --git a/deps/nghttp2/lib/nghttp2_session.h b/deps/nghttp2/lib/nghttp2_session.h
 index b119329..ef8f7b2 100644
 --- a/deps/nghttp2/lib/nghttp2_session.h
 +++ b/deps/nghttp2/lib/nghttp2_session.h
@@ -110,6 +110,10 @@ typedef struct {
 #define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
 #define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
 +/* The default max number of CONTINUATION frames following an incoming
 +   HEADER frame. */
 +#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
 +
 /* Internal state when receiving incoming frame */
 typedef enum {
   /* Receiving frame header */
@@ -290,6 +294,12 @@ struct nghttp2_session {
   size_t max_send_header_block_length;
   /* The maximum number of settings accepted per SETTINGS frame. */
   size_t max_settings;
 +  /* The maximum number of CONTINUATION frames following an incoming
 +     HEADER frame. */
 +  size_t max_continuations;
 +  /* The number of CONTINUATION frames following an incoming HEADER
 +     frame.  This variable is reset when END_HEADERS flag is seen. */
 +  size_t num_continuations;
   /* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
   uint32_t next_stream_id;
   /* The last stream ID this session initiated.  For client session,
 -- 
 2.44.0
--- a/SOURCES/0004-Add-nghttp2_option_set_max_continuations.patch
+++ b/SOURCES/0004-Add-nghttp2_option_set_max_continuations.patch
@ -0,0 +1,89 @@
 From ca0a0b02da4db1d65eca8169c6e27bb635924dfb Mon Sep 17 00:00:00 2001
 From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
 Date: Sat, 9 Mar 2024 16:48:10 +0900
 Subject: [PATCH] Add nghttp2_option_set_max_continuations
 Signed-off-by: rpm-build <rpm-build>
 ---
 deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
 deps/nghttp2/lib/nghttp2_option.c           |  5 +++++
 deps/nghttp2/lib/nghttp2_option.h           |  5 +++++
 deps/nghttp2/lib/nghttp2_session.c          |  4 ++++
 4 files changed, 25 insertions(+)
 diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
 index a9629c7..92c3ccc 100644
 --- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
 +++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
@@ -3210,6 +3210,17 @@ NGHTTP2_EXTERN void
 nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
                                            uint64_t burst, uint64_t rate);
 +/**
 + * @function
 + *
 + * This function sets the maximum number of CONTINUATION frames
 + * following an incoming HEADER frame.  If more than those frames are
 + * received, the remote endpoint is considered to be misbehaving and
 + * session will be closed.  The default value is 8.
 + */
 +NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
 +                                                         size_t val);
 +
 /**
  * @function
  *
 diff --git a/deps/nghttp2/lib/nghttp2_option.c b/deps/nghttp2/lib/nghttp2_option.c
 index 43d4e95..53144b9 100644
 --- a/deps/nghttp2/lib/nghttp2_option.c
 +++ b/deps/nghttp2/lib/nghttp2_option.c
@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
   option->stream_reset_burst = burst;
   option->stream_reset_rate = rate;
 }
 +
 +void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
 +  option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
 +  option->max_continuations = val;
 +}
 diff --git a/deps/nghttp2/lib/nghttp2_option.h b/deps/nghttp2/lib/nghttp2_option.h
 index 2259e18..c89cb97 100644
 --- a/deps/nghttp2/lib/nghttp2_option.h
 +++ b/deps/nghttp2/lib/nghttp2_option.h
@@ -71,6 +71,7 @@ typedef enum {
   NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
   NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
   NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
 +  NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
 } nghttp2_option_flag;
 /**
@@ -98,6 +99,10 @@ struct nghttp2_option {
    * NGHTTP2_OPT_MAX_SETTINGS
    */
   size_t max_settings;
 +  /**
 +   * NGHTTP2_OPT_MAX_CONTINUATIONS
 +   */
 +  size_t max_continuations;
   /**
    * Bitwise OR of nghttp2_option_flag to determine that which fields
    * are specified.
 diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
 index e343365..555032d 100644
 --- a/deps/nghttp2/lib/nghttp2_session.c
 +++ b/deps/nghttp2/lib/nghttp2_session.c
@@ -586,6 +586,10 @@ static int session_new(nghttp2_session **session_ptr,
                            option->stream_reset_burst,
                            option->stream_reset_rate);
     }
 +
 +    if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
 +      (*session_ptr)->max_continuations = option->max_continuations;
 +    }
   }
   rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
 -- 
 2.44.0
--- a/SOURCES/nodejs-fips-disable-options.patch
+++ b/SOURCES/nodejs-fips-disable-options.patch
@ -1,20 +0,0 @@
 FIPS related options cause a segfault, let's end sooner
 Upstream report: https://github.com/nodejs/node/pull/48950
 RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
 This patch makes the part of the code that processes cmd-line options for
 FIPS to end sooner before the code gets to the problematic part of the code.
 diff -up node-v18.16.1/src/crypto/crypto_util.cc.origfips node-v18.16.1/src/crypto/crypto_util.cc
 --- node-v18.16.1/src/crypto/crypto_util.cc.origfips	2023-07-31 12:09:46.603683081 +0200
 +++ node-v18.16.1/src/crypto/crypto_util.cc	2023-07-31 12:16:16.906617914 +0200
@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
   /* Override FIPS settings in configuration file, if needed. */
   if (per_process::cli_options->enable_fips_crypto ||
       per_process::cli_options->force_fips_crypto) {
 +      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
 +      return false;
 #if OPENSSL_VERSION_MAJOR >= 3
     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
     if (fips_provider == nullptr)
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@ -33,7 +33,7 @@
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 1
+%global baserelease 2
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -44,8 +44,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 20
-%global nodejs_minor 11
+%global nodejs_minor 12
-%global nodejs_patch 0
+%global nodejs_patch 2
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 115
@ -69,16 +69,16 @@
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
-%global c_ares_version 1.20.1
+%global c_ares_version 1.27.0
 # llhttp - from deps/llhttp/include/llhttp.h
-%global llhttp_version 8.1.1
+%global llhttp_version 8.1.2
 # libuv - from deps/uv/include/uv/version.h
 %global libuv_version 1.46.0
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-%global nghttp2_version 1.58.0
+%global nghttp2_version 1.60.0
 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
 %global nghttp3_version 0.7.0
@ -87,7 +87,7 @@
 %global ngtcp2_version 0.8.1
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 73
+%global icu_major 74
 %global icu_minor 2
 %global icu_version %{icu_major}.%{icu_minor}
@ -106,10 +106,10 @@
 %endif
 # simduft from deps/simdutf/simdutf.h
-%global simduft_version 4.0.4
+%global simduft_version 4.0.8
 # ada from deps/ada/ada.h
-%global ada_version 2.7.4
+%global ada_version 2.7.6
 # OpenSSL minimum version
 %global openssl_minimum 1:1.1.1
@ -122,7 +122,7 @@
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 10.2.4
+%global npm_version 10.5.0
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@ -132,10 +132,10 @@
 # Node.js 16.9.1 and later comes with an experimental package management tool
 # corepack - from deps/corepack/package.json
-%global corepack_version 0.23.0
+%global corepack_version 0.25.2
 # uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_version 0.0.19
+%global uvwasi_version 0.0.20
 # histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h
 %global histogram_version 0.11.8
@ -181,9 +181,9 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
 Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.27.2.tar.gz
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz
-# Adjustments: rm -f undici-5.27.2/lib/llhttp/llhttp*.wasm*
+# Adjustments: rm -f undici-5.28.4/lib/llhttp/llhttp*.wasm*
-Source111: undici-5.27.2.tar.gz
+Source111: undici-5.28.4.tar.gz
 # The WASM blob was made using wasi-sdk v16; compiler libraries are linked in.
 # Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt
 # Also check (undici tarball): lib/llhttp/wasm_build_env.txt
@ -191,7 +191,9 @@ Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk-
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
-Patch3: nodejs-fips-disable-options.patch
+Patch2: 0002-Disable-FIPS-options.patch
 Patch3: 0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch
 Patch4: 0004-Add-nghttp2_option_set_max_continuations.patch
 BuildRequires: make
 BuildRequires: python3-devel
@ -434,7 +436,7 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl
 export LDFLAGS="%{build_ldflags}"
 %{__python3} configure.py --prefix=%{_prefix} --verbose \
-           --shared-openssl \
+           --shared-openssl --openssl-conf-name=openssl_conf \
           --shared-zlib \
           --shared-brotli \
           %{!?with_bundled:--shared-libuv} \
@ -485,7 +487,7 @@ popd # deps
 %install
 rm -rf %{buildroot}
-./tools/install.py install %{buildroot} %{_prefix}
+./tools/install.py install --dest-dir=%{buildroot} --prefix=%{_prefix}
 # Set the binary permissions properly
 chmod 0755 %{buildroot}/%{_bindir}/node
@ -722,6 +724,18 @@ end
 %changelog
 * Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-2
 - Backport nghttp2 patch for CVE-2024-28182
 * Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-1
 - Rebase to version 20.12.0
  Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node)
  Fixes: CVE-2024-25629 (c-ares)
 * Wed Feb 21 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.1-1
 - Rebase to version 20.11.1
 - Resolves: RHEL-26017 RHEL-26266 RHEL-26685 RHEL-26686 RHEL-26004 RHEL-26596 RHEL-26688
 * Fri Jan 19 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.0-1
 - Rebase to version 20.11.0
 - Resolves: RHEL-21435