import nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2

6 months ago · 3943f18980
parent b2060f61b4
commit 3943f18980
8 changed files with 325 additions and 50 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,6 @@
 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-SOURCES/icu4c-73_2-src.tgz
-SOURCES/node-v20.11.0-stripped.tar.gz
-SOURCES/undici-5.27.2.tar.gz
+SOURCES/icu4c-74_2-src.tgz
+SOURCES/node-v20.12.2-stripped.tar.gz
+SOURCES/undici-5.28.4.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-16.tar.gz
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@ -1,6 +1,6 @@
-36854f5860acf4b3f8ef8a08cd4240c81c8ae013 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-3d94969b097189bf5479c312d9593d2d252f5a73 SOURCES/icu4c-73_2-src.tgz
-77fb048d100d9663d417274bc38c3f53a9e58f9e SOURCES/node-v20.11.0-stripped.tar.gz
-6ae4fbe44f94670fdd1c1f0072ac7d6ed106d402 SOURCES/undici-5.27.2.tar.gz
+164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz
+43a8d688a3a6bc8f0f8c5e699d0ef7a905d24314 SOURCES/icu4c-74_2-src.tgz
+f25c352600b72849a7241017ffc64bb0fe339d4d SOURCES/node-v20.12.2-stripped.tar.gz
+2be9cb115c2832e1fda9e730fa92e0bf725b6f3d SOURCES/undici-5.28.4.tar.gz
 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-wasi-sdk-16.tar.gz
--- a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
@ -1,4 +1,4 @@
-From c73e0892eb1d0aa2df805618c019dc5c96b79705 Mon Sep 17 00:00:00 2001
+From 2da7f25d9311bdea702b4b435830c02ce78b3ab9 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Tue, 30 May 2023 13:12:35 +0200
 Subject: [PATCH] Disable running gyp on shared deps
@ -10,7 +10,7 @@ Signed-off-by: rpm-build <rpm-build>
 2 files changed, 1 insertion(+), 18 deletions(-)

 diff --git a/Makefile b/Makefile
-index 0be0659..3c44201 100644
+index 7bd80d0..c43a50f 100644
 --- a/Makefile
 +++ b/Makefile
@@ -169,7 +169,7 @@ with-code-cache test-code-cache:
@ -23,10 +23,10 @@ index 0be0659..3c44201 100644
 	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
 	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
 diff --git a/node.gyp b/node.gyp
-index cf52281..c33b57b 100644
+index 4aac640..aa0ba88 100644
 --- a/node.gyp
 +++ b/node.gyp
-@@ -430,23 +430,6 @@
+@@ -775,23 +775,6 @@
               ],
             },
           ],
@ -51,5 +51,5 @@ index cf52281..c33b57b 100644
       ],
     }, # node_core_target_name
 -- 
-2.41.0
+2.44.0

--- a/SOURCES/0002-Disable-FIPS-options.patch
+++ b/SOURCES/0002-Disable-FIPS-options.patch
@ -0,0 +1,85 @@
+From 4caaf9c19d3c058f5b89ecd9fc721ee49370651a Mon Sep 17 00:00:00 2001
+From: Michael Dawson <midawson@redhat.com>
+Date: Fri, 23 Feb 2024 13:43:56 +0100
+Subject: [PATCH] Disable FIPS options
+
+On RHEL, FIPS should be configured only on system level.
+Additionally, the related options may cause segfault when used on RHEL.
+
+This patch causes the option processing to end sooner
+than the problematic code gets executed.
+Additionally, the JS-level options to mess with FIPS settings
+are similarly disabled.
+
+Upstream report: https://github.com/nodejs/node/pull/48950
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
+Customer case: https://access.redhat.com/support/cases/#/case/03711488
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ lib/crypto.js             | 10 ++++++++++
+ lib/internal/errors.js    |  6 ++++++
+ src/crypto/crypto_util.cc |  2 ++
+ 3 files changed, 18 insertions(+)
+
+diff --git a/lib/crypto.js b/lib/crypto.js
+index 1216f3a..fbfcb26 100644
+--- a/lib/crypto.js
+++ b/lib/crypto.js
+@@ -36,6 +36,9 @@ const {
+ assertCrypto();
+ 
+ const {
+  // RHEL specific error
+  ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED,
+
+   ERR_CRYPTO_FIPS_FORCED,
+   ERR_WORKER_UNSUPPORTED_OPERATION,
+ } = require('internal/errors').codes;
+@@ -253,6 +256,13 @@ function getFips() {
+ }
+ 
+ function setFips(val) {
+  // in RHEL FIPS enable/disable should only be done at system level
+  if (getFips() != val) {
+    throw new ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED();
+  } else {
+    return;
+  }
+
+   if (getOptionValue('--force-fips')) {
+     if (val) return;
+     throw new ERR_CRYPTO_FIPS_FORCED();
+diff --git a/lib/internal/errors.js b/lib/internal/errors.js
+index def4949..580ca7a 100644
+--- a/lib/internal/errors.js
+++ b/lib/internal/errors.js
+@@ -1112,6 +1112,12 @@ module.exports = {
+ //
+ // Note: Node.js specific errors must begin with the prefix ERR_
+ 
+// insert RHEL specific erro
+E('ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED',
+  'Cannot set FIPS mode. FIPS should be enabled/disabled at system level. See' +
+  'https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n',
+  Error);
+
+ E('ERR_ACCESS_DENIED',
+   'Access to this API has been restricted. Permission: %s',
+   Error);
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 5734d8f..ef9d1b1 100644
+--- a/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
+@@ -121,6 +121,8 @@ bool ProcessFipsOptions() {
+   /* Override FIPS settings in configuration file, if needed. */
+   if (per_process::cli_options->enable_fips_crypto ||
+       per_process::cli_options->force_fips_crypto) {
+      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
+      return false;
+ #if OPENSSL_VERSION_MAJOR >= 3
+     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
+     if (fips_provider == nullptr)
+-- 
+2.44.0
+
--- a/SOURCES/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch
+++ b/SOURCES/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch
@ -0,0 +1,107 @@
+From d9a06fe94439d9f103aeffe597441c0a2c0a4eb3 Mon Sep 17 00:00:00 2001
+From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
+Date: Sat, 9 Mar 2024 16:26:42 +0900
+Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ deps/nghttp2/lib/includes/nghttp2/nghttp2.h |  7 ++++++-
+ deps/nghttp2/lib/nghttp2_helper.c           |  2 ++
+ deps/nghttp2/lib/nghttp2_session.c          |  7 +++++++
+ deps/nghttp2/lib/nghttp2_session.h          | 10 ++++++++++
+ 4 files changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+index 8891760..a9629c7 100644
+--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+@@ -466,7 +466,12 @@ typedef enum {
+    * exhaustion on server side to send these frames forever and does
+    * not read network.
+    */
+-  NGHTTP2_ERR_FLOODED = -904
+  NGHTTP2_ERR_FLOODED = -904,
+  /**
+   * When a local endpoint receives too many CONTINUATION frames
+   * following a HEADER frame.
+   */
+  NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
+ } nghttp2_error;
+ 
+ /**
+diff --git a/deps/nghttp2/lib/nghttp2_helper.c b/deps/nghttp2/lib/nghttp2_helper.c
+index 93dd475..b3563d9 100644
+--- a/deps/nghttp2/lib/nghttp2_helper.c
+++ b/deps/nghttp2/lib/nghttp2_helper.c
+@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) {
+            "closed";
+   case NGHTTP2_ERR_TOO_MANY_SETTINGS:
+     return "SETTINGS frame contained more than the maximum allowed entries";
+  case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
+    return "Too many CONTINUATION frames following a HEADER frame";
+   default:
+     return "Unknown error code";
+   }
+diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
+index 226cdd5..e343365 100644
+--- a/deps/nghttp2/lib/nghttp2_session.c
+++ b/deps/nghttp2/lib/nghttp2_session.c
+@@ -497,6 +497,7 @@ static int session_new(nghttp2_session **session_ptr,
+   (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
+   (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
+   (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
+  (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
+ 
+   if (option) {
+     if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
+@@ -6812,6 +6813,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
+           }
+         }
+         session_inbound_frame_reset(session);
+
+        session->num_continuations = 0;
+       }
+       break;
+     }
+@@ -6933,6 +6936,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
+       }
+ #endif /* DEBUGBUILD */
+ 
+      if (++session->num_continuations > session->max_continuations) {
+        return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
+      }
+
+       readlen = inbound_frame_buf_read(iframe, in, last);
+       in += readlen;
+ 
+diff --git a/deps/nghttp2/lib/nghttp2_session.h b/deps/nghttp2/lib/nghttp2_session.h
+index b119329..ef8f7b2 100644
+--- a/deps/nghttp2/lib/nghttp2_session.h
+++ b/deps/nghttp2/lib/nghttp2_session.h
+@@ -110,6 +110,10 @@ typedef struct {
+ #define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
+ #define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
+ 
+/* The default max number of CONTINUATION frames following an incoming
+   HEADER frame. */
+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
+
+ /* Internal state when receiving incoming frame */
+ typedef enum {
+   /* Receiving frame header */
+@@ -290,6 +294,12 @@ struct nghttp2_session {
+   size_t max_send_header_block_length;
+   /* The maximum number of settings accepted per SETTINGS frame. */
+   size_t max_settings;
+  /* The maximum number of CONTINUATION frames following an incoming
+     HEADER frame. */
+  size_t max_continuations;
+  /* The number of CONTINUATION frames following an incoming HEADER
+     frame.  This variable is reset when END_HEADERS flag is seen. */
+  size_t num_continuations;
+   /* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
+   uint32_t next_stream_id;
+   /* The last stream ID this session initiated.  For client session,
+-- 
+2.44.0
+
--- a/SOURCES/0004-Add-nghttp2_option_set_max_continuations.patch
+++ b/SOURCES/0004-Add-nghttp2_option_set_max_continuations.patch
@ -0,0 +1,89 @@
+From ca0a0b02da4db1d65eca8169c6e27bb635924dfb Mon Sep 17 00:00:00 2001
+From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
+Date: Sat, 9 Mar 2024 16:48:10 +0900
+Subject: [PATCH] Add nghttp2_option_set_max_continuations
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
+ deps/nghttp2/lib/nghttp2_option.c           |  5 +++++
+ deps/nghttp2/lib/nghttp2_option.h           |  5 +++++
+ deps/nghttp2/lib/nghttp2_session.c          |  4 ++++
+ 4 files changed, 25 insertions(+)
+
+diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+index a9629c7..92c3ccc 100644
+--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+@@ -3210,6 +3210,17 @@ NGHTTP2_EXTERN void
+ nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
+                                            uint64_t burst, uint64_t rate);
+ 
+/**
+ * @function
+ *
+ * This function sets the maximum number of CONTINUATION frames
+ * following an incoming HEADER frame.  If more than those frames are
+ * received, the remote endpoint is considered to be misbehaving and
+ * session will be closed.  The default value is 8.
+ */
+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
+                                                         size_t val);
+
+ /**
+  * @function
+  *
+diff --git a/deps/nghttp2/lib/nghttp2_option.c b/deps/nghttp2/lib/nghttp2_option.c
+index 43d4e95..53144b9 100644
+--- a/deps/nghttp2/lib/nghttp2_option.c
+++ b/deps/nghttp2/lib/nghttp2_option.c
+@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
+   option->stream_reset_burst = burst;
+   option->stream_reset_rate = rate;
+ }
+
+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
+  option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
+  option->max_continuations = val;
+}
+diff --git a/deps/nghttp2/lib/nghttp2_option.h b/deps/nghttp2/lib/nghttp2_option.h
+index 2259e18..c89cb97 100644
+--- a/deps/nghttp2/lib/nghttp2_option.h
+++ b/deps/nghttp2/lib/nghttp2_option.h
+@@ -71,6 +71,7 @@ typedef enum {
+   NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
+   NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
+   NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
+  NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
+ } nghttp2_option_flag;
+ 
+ /**
+@@ -98,6 +99,10 @@ struct nghttp2_option {
+    * NGHTTP2_OPT_MAX_SETTINGS
+    */
+   size_t max_settings;
+  /**
+   * NGHTTP2_OPT_MAX_CONTINUATIONS
+   */
+  size_t max_continuations;
+   /**
+    * Bitwise OR of nghttp2_option_flag to determine that which fields
+    * are specified.
+diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
+index e343365..555032d 100644
+--- a/deps/nghttp2/lib/nghttp2_session.c
+++ b/deps/nghttp2/lib/nghttp2_session.c
+@@ -586,6 +586,10 @@ static int session_new(nghttp2_session **session_ptr,
+                            option->stream_reset_burst,
+                            option->stream_reset_rate);
+     }
+
+    if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
+      (*session_ptr)->max_continuations = option->max_continuations;
+    }
+   }
+ 
+   rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
+-- 
+2.44.0
+
--- a/SOURCES/nodejs-fips-disable-options.patch
+++ b/SOURCES/nodejs-fips-disable-options.patch
@ -1,20 +0,0 @@
-FIPS related options cause a segfault, let's end sooner
-
-Upstream report: https://github.com/nodejs/node/pull/48950
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
-
-This patch makes the part of the code that processes cmd-line options for
-FIPS to end sooner before the code gets to the problematic part of the code.
-
-diff -up node-v18.16.1/src/crypto/crypto_util.cc.origfips node-v18.16.1/src/crypto/crypto_util.cc
--- node-v18.16.1/src/crypto/crypto_util.cc.origfips	2023-07-31 12:09:46.603683081 +0200
-+++ node-v18.16.1/src/crypto/crypto_util.cc	2023-07-31 12:16:16.906617914 +0200
-@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
-   /* Override FIPS settings in configuration file, if needed. */
-   if (per_process::cli_options->enable_fips_crypto ||
-       per_process::cli_options->force_fips_crypto) {
-+      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
-+      return false;
- #if OPENSSL_VERSION_MAJOR >= 3
-     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
-     if (fips_provider == nullptr)
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@ -33,7 +33,7 @@
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 1
+%global baserelease 2

 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}

@ -44,8 +44,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 20
-%global nodejs_minor 11
-%global nodejs_patch 0
+%global nodejs_minor 12
+%global nodejs_patch 2
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 115
@ -69,16 +69,16 @@

 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
-%global c_ares_version 1.20.1
+%global c_ares_version 1.27.0

 # llhttp - from deps/llhttp/include/llhttp.h
-%global llhttp_version 8.1.1
+%global llhttp_version 8.1.2

 # libuv - from deps/uv/include/uv/version.h
 %global libuv_version 1.46.0

 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-%global nghttp2_version 1.58.0
+%global nghttp2_version 1.60.0

 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
 %global nghttp3_version 0.7.0
@ -87,7 +87,7 @@
 %global ngtcp2_version 0.8.1

 # ICU - from tools/icu/current_ver.dep
-%global icu_major 73
+%global icu_major 74
 %global icu_minor 2
 %global icu_version %{icu_major}.%{icu_minor}

@ -106,10 +106,10 @@
 %endif

 # simduft from deps/simdutf/simdutf.h
-%global simduft_version 4.0.4
+%global simduft_version 4.0.8

 # ada from deps/ada/ada.h
-%global ada_version 2.7.4
+%global ada_version 2.7.6

 # OpenSSL minimum version
 %global openssl_minimum 1:1.1.1
@ -122,7 +122,7 @@

 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 10.2.4
+%global npm_version 10.5.0

 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@ -132,10 +132,10 @@

 # Node.js 16.9.1 and later comes with an experimental package management tool
 # corepack - from deps/corepack/package.json
-%global corepack_version 0.23.0
+%global corepack_version 0.25.2

 # uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_version 0.0.19
+%global uvwasi_version 0.0.20

 # histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h
 %global histogram_version 0.11.8
@ -181,9 +181,9 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
 Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz

 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.27.2.tar.gz
-# Adjustments: rm -f undici-5.27.2/lib/llhttp/llhttp*.wasm*
-Source111: undici-5.27.2.tar.gz
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz
+# Adjustments: rm -f undici-5.28.4/lib/llhttp/llhttp*.wasm*
+Source111: undici-5.28.4.tar.gz
 # The WASM blob was made using wasi-sdk v16; compiler libraries are linked in.
 # Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt
 # Also check (undici tarball): lib/llhttp/wasm_build_env.txt
@ -191,7 +191,9 @@ Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk-

 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
-Patch3: nodejs-fips-disable-options.patch
+Patch2: 0002-Disable-FIPS-options.patch
+Patch3: 0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch
+Patch4: 0004-Add-nghttp2_option_set_max_continuations.patch

 BuildRequires: make
 BuildRequires: python3-devel
@ -434,7 +436,7 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl
 export LDFLAGS="%{build_ldflags}"

 %{__python3} configure.py --prefix=%{_prefix} --verbose \
-           --shared-openssl \
+           --shared-openssl --openssl-conf-name=openssl_conf \
           --shared-zlib \
           --shared-brotli \
           %{!?with_bundled:--shared-libuv} \
@ -485,7 +487,7 @@ popd # deps
 %install
 rm -rf %{buildroot}

-./tools/install.py install %{buildroot} %{_prefix}
+./tools/install.py install --dest-dir=%{buildroot} --prefix=%{_prefix}

 # Set the binary permissions properly
 chmod 0755 %{buildroot}/%{_bindir}/node
@ -722,6 +724,18 @@ end


 %changelog
+* Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-2
+- Backport nghttp2 patch for CVE-2024-28182
+
+* Tue Apr 16 2024 Jan Staněk <jstanek@redhat.com> - 1:20.12.2-1
+- Rebase to version 20.12.0
+  Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node)
+  Fixes: CVE-2024-25629 (c-ares)
+
+* Wed Feb 21 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.1-1
+- Rebase to version 20.11.1
+- Resolves: RHEL-26017 RHEL-26266 RHEL-26685 RHEL-26686 RHEL-26004 RHEL-26596 RHEL-26688
+
 * Fri Jan 19 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:20.11.0-1
 - Rebase to version 20.11.0
 - Resolves: RHEL-21435