diff --git a/.gitignore b/.gitignore index 333279c..0e0f929 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/cjs-module-lexer-1.2.2.tar.gz -SOURCES/icu4c-74_2-src.tgz -SOURCES/node-v20.12.2-stripped.tar.gz -SOURCES/undici-5.28.4.tar.gz +SOURCES/icu4c-75_1-src.tgz +SOURCES/node-v20.16.0-stripped.tar.gz +SOURCES/undici-6.19.2.tar.gz SOURCES/wasi-sdk-wasi-sdk-11.tar.gz SOURCES/wasi-sdk-wasi-sdk-16.tar.gz diff --git a/.nodejs.metadata b/.nodejs.metadata index df487bb..1824a43 100644 --- a/.nodejs.metadata +++ b/.nodejs.metadata @@ -1,6 +1,6 @@ 164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz -43a8d688a3a6bc8f0f8c5e699d0ef7a905d24314 SOURCES/icu4c-74_2-src.tgz -f25c352600b72849a7241017ffc64bb0fe339d4d SOURCES/node-v20.12.2-stripped.tar.gz -2be9cb115c2832e1fda9e730fa92e0bf725b6f3d SOURCES/undici-5.28.4.tar.gz +da3614aa496c5f0fde12f7aa155f235b5e239f1b SOURCES/icu4c-75_1-src.tgz +f5c3411098f91526d7ce14b14b080e368510ae93 SOURCES/node-v20.16.0-stripped.tar.gz +0653ac16ef498878fffefea0fa1f7e870cdfc249 SOURCES/undici-6.19.2.tar.gz 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-wasi-sdk-16.tar.gz diff --git a/SOURCES/0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch b/SOURCES/0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch new file mode 100644 index 0000000..0b1dec3 --- /dev/null +++ b/SOURCES/0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch @@ -0,0 +1,57 @@ +gcc available in RHEL-8 does not know -mbranch-protection option and since +it was introduced for cross-compilation purposes in nodejs upstream, it seems +to be save to revert the upstream patch. + +Revert "build: fix arm64 cross-compilation bug on non-arm machines" +This reverts upstream commit 6826bbf26755b144a478e51fd0a7dc83aa0c65b8. + +Revert "build: fix arm64 cross-compilation" +This reverts upstream commit 297368a1edc48d2bedc58c75f1857276bdcdd578. +--- + configure.py | 2 ++ + node.gyp | 15 --------------- + 2 files changed, 2 insertions(+), 15 deletions(-) + +diff --git a/configure.py b/configure.py +index f189ba2bf09..9b2d993bb32 100755 +--- a/configure.py ++++ b/configure.py +@@ -1344,7 +1344,9 @@ def configure_node(o): + + o['variables']['want_separate_host_toolset'] = int(cross_compiling) + ++ # Enable branch protection for arm64 + if target_arch == 'arm64': ++ o['cflags']+=['-msign-return-address=all'] + o['variables']['arm_fpu'] = options.arm_fpu or 'neon' + + if options.node_snapshot_main is not None: +diff --git a/node.gyp b/node.gyp +index ff59af6ff76..7d9ec812917 100644 +--- a/node.gyp ++++ b/node.gyp +@@ -468,21 +468,6 @@ + }, + + 'conditions': [ +- # Pointer authentication for ARM64. +- ['target_arch=="arm64"', { +- 'target_conditions': [ +- ['_toolset=="host"', { +- 'conditions': [ +- ['host_arch=="arm64"', { +- 'cflags': ['-mbranch-protection=standard'], +- }], +- ], +- }], +- ['_toolset=="target"', { +- 'cflags': ['-mbranch-protection=standard'], +- }], +- ], +- }], + ['OS in "aix os400"', { + 'ldflags': [ + '-Wl,-bnoerrmsg', +-- +2.45.2 + diff --git a/SOURCES/0002-Disable-FIPS-options.patch b/SOURCES/0002-Disable-FIPS-options.patch index 49331ef..31b0634 100644 --- a/SOURCES/0002-Disable-FIPS-options.patch +++ b/SOURCES/0002-Disable-FIPS-options.patch @@ -13,7 +13,6 @@ are similarly disabled. Upstream report: https://github.com/nodejs/node/pull/48950 RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726 -Customer case: https://access.redhat.com/support/cases/#/case/03711488 Signed-off-by: rpm-build --- @@ -51,9 +50,8 @@ index 1216f3a..fbfcb26 100644 if (val) return; throw new ERR_CRYPTO_FIPS_FORCED(); diff --git a/lib/internal/errors.js b/lib/internal/errors.js -index def4949..580ca7a 100644 ---- a/lib/internal/errors.js -+++ b/lib/internal/errors.js +--- a/lib/internal/errors.js.patch0002 2024-08-07 15:29:09.366357433 +0200 ++++ b/lib/internal/errors.js 2024-08-07 15:29:14.392366591 +0200 @@ -1112,6 +1112,12 @@ module.exports = { // // Note: Node.js specific errors must begin with the prefix ERR_ @@ -65,8 +63,8 @@ index def4949..580ca7a 100644 + Error); + E('ERR_ACCESS_DENIED', - 'Access to this API has been restricted. Permission: %s', - Error); + function(msg, permission = '', resource = '') { + this.permission = permission; diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc index 5734d8f..ef9d1b1 100644 --- a/src/crypto/crypto_util.cc diff --git a/SOURCES/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch b/SOURCES/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch deleted file mode 100644 index 257705d..0000000 --- a/SOURCES/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch +++ /dev/null @@ -1,107 +0,0 @@ -From d9a06fe94439d9f103aeffe597441c0a2c0a4eb3 Mon Sep 17 00:00:00 2001 -From: Tatsuhiro Tsujikawa -Date: Sat, 9 Mar 2024 16:26:42 +0900 -Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame - -Signed-off-by: rpm-build ---- - deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 7 ++++++- - deps/nghttp2/lib/nghttp2_helper.c | 2 ++ - deps/nghttp2/lib/nghttp2_session.c | 7 +++++++ - deps/nghttp2/lib/nghttp2_session.h | 10 ++++++++++ - 4 files changed, 25 insertions(+), 1 deletion(-) - -diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -index 8891760..a9629c7 100644 ---- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -@@ -466,7 +466,12 @@ typedef enum { - * exhaustion on server side to send these frames forever and does - * not read network. - */ -- NGHTTP2_ERR_FLOODED = -904 -+ NGHTTP2_ERR_FLOODED = -904, -+ /** -+ * When a local endpoint receives too many CONTINUATION frames -+ * following a HEADER frame. -+ */ -+ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905, - } nghttp2_error; - - /** -diff --git a/deps/nghttp2/lib/nghttp2_helper.c b/deps/nghttp2/lib/nghttp2_helper.c -index 93dd475..b3563d9 100644 ---- a/deps/nghttp2/lib/nghttp2_helper.c -+++ b/deps/nghttp2/lib/nghttp2_helper.c -@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) { - "closed"; - case NGHTTP2_ERR_TOO_MANY_SETTINGS: - return "SETTINGS frame contained more than the maximum allowed entries"; -+ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS: -+ return "Too many CONTINUATION frames following a HEADER frame"; - default: - return "Unknown error code"; - } -diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c -index 226cdd5..e343365 100644 ---- a/deps/nghttp2/lib/nghttp2_session.c -+++ b/deps/nghttp2/lib/nghttp2_session.c -@@ -497,6 +497,7 @@ static int session_new(nghttp2_session **session_ptr, - (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN; - (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM; - (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS; -+ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS; - - if (option) { - if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) && -@@ -6812,6 +6813,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - } - } - session_inbound_frame_reset(session); -+ -+ session->num_continuations = 0; - } - break; - } -@@ -6933,6 +6936,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - } - #endif /* DEBUGBUILD */ - -+ if (++session->num_continuations > session->max_continuations) { -+ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS; -+ } -+ - readlen = inbound_frame_buf_read(iframe, in, last); - in += readlen; - -diff --git a/deps/nghttp2/lib/nghttp2_session.h b/deps/nghttp2/lib/nghttp2_session.h -index b119329..ef8f7b2 100644 ---- a/deps/nghttp2/lib/nghttp2_session.h -+++ b/deps/nghttp2/lib/nghttp2_session.h -@@ -110,6 +110,10 @@ typedef struct { - #define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000 - #define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33 - -+/* The default max number of CONTINUATION frames following an incoming -+ HEADER frame. */ -+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8 -+ - /* Internal state when receiving incoming frame */ - typedef enum { - /* Receiving frame header */ -@@ -290,6 +294,12 @@ struct nghttp2_session { - size_t max_send_header_block_length; - /* The maximum number of settings accepted per SETTINGS frame. */ - size_t max_settings; -+ /* The maximum number of CONTINUATION frames following an incoming -+ HEADER frame. */ -+ size_t max_continuations; -+ /* The number of CONTINUATION frames following an incoming HEADER -+ frame. This variable is reset when END_HEADERS flag is seen. */ -+ size_t num_continuations; - /* Next Stream ID. Made unsigned int to detect >= (1 << 31). */ - uint32_t next_stream_id; - /* The last stream ID this session initiated. For client session, --- -2.44.0 - diff --git a/SOURCES/0004-Add-nghttp2_option_set_max_continuations.patch b/SOURCES/0004-Add-nghttp2_option_set_max_continuations.patch deleted file mode 100644 index 87b490f..0000000 --- a/SOURCES/0004-Add-nghttp2_option_set_max_continuations.patch +++ /dev/null @@ -1,89 +0,0 @@ -From ca0a0b02da4db1d65eca8169c6e27bb635924dfb Mon Sep 17 00:00:00 2001 -From: Tatsuhiro Tsujikawa -Date: Sat, 9 Mar 2024 16:48:10 +0900 -Subject: [PATCH] Add nghttp2_option_set_max_continuations - -Signed-off-by: rpm-build ---- - deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 11 +++++++++++ - deps/nghttp2/lib/nghttp2_option.c | 5 +++++ - deps/nghttp2/lib/nghttp2_option.h | 5 +++++ - deps/nghttp2/lib/nghttp2_session.c | 4 ++++ - 4 files changed, 25 insertions(+) - -diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -index a9629c7..92c3ccc 100644 ---- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -@@ -3210,6 +3210,17 @@ NGHTTP2_EXTERN void - nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, - uint64_t burst, uint64_t rate); - -+/** -+ * @function -+ * -+ * This function sets the maximum number of CONTINUATION frames -+ * following an incoming HEADER frame. If more than those frames are -+ * received, the remote endpoint is considered to be misbehaving and -+ * session will be closed. The default value is 8. -+ */ -+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option, -+ size_t val); -+ - /** - * @function - * -diff --git a/deps/nghttp2/lib/nghttp2_option.c b/deps/nghttp2/lib/nghttp2_option.c -index 43d4e95..53144b9 100644 ---- a/deps/nghttp2/lib/nghttp2_option.c -+++ b/deps/nghttp2/lib/nghttp2_option.c -@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, - option->stream_reset_burst = burst; - option->stream_reset_rate = rate; - } -+ -+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) { -+ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS; -+ option->max_continuations = val; -+} -diff --git a/deps/nghttp2/lib/nghttp2_option.h b/deps/nghttp2/lib/nghttp2_option.h -index 2259e18..c89cb97 100644 ---- a/deps/nghttp2/lib/nghttp2_option.h -+++ b/deps/nghttp2/lib/nghttp2_option.h -@@ -71,6 +71,7 @@ typedef enum { - NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13, - NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14, - NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15, -+ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16, - } nghttp2_option_flag; - - /** -@@ -98,6 +99,10 @@ struct nghttp2_option { - * NGHTTP2_OPT_MAX_SETTINGS - */ - size_t max_settings; -+ /** -+ * NGHTTP2_OPT_MAX_CONTINUATIONS -+ */ -+ size_t max_continuations; - /** - * Bitwise OR of nghttp2_option_flag to determine that which fields - * are specified. -diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c -index e343365..555032d 100644 ---- a/deps/nghttp2/lib/nghttp2_session.c -+++ b/deps/nghttp2/lib/nghttp2_session.c -@@ -586,6 +586,10 @@ static int session_new(nghttp2_session **session_ptr, - option->stream_reset_burst, - option->stream_reset_rate); - } -+ -+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) { -+ (*session_ptr)->max_continuations = option->max_continuations; -+ } - } - - rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater, --- -2.44.0 - diff --git a/SOURCES/nodejs-tarball.sh b/SOURCES/nodejs-tarball.sh index f59d5c2..66f5ca2 100755 --- a/SOURCES/nodejs-tarball.sh +++ b/SOURCES/nodejs-tarball.sh @@ -135,67 +135,109 @@ rm -f node-v${version}.tar.gz set +e # Determine the bundled versions of the various packages +echo "Included software versions" +echo "-------------------------" +echo +echo "Node.js version" +echo "=========================" +echo "${version}" +echo echo "Bundled software versions" echo "-------------------------" echo -echo "libnode shared object version" +echo "libnode shared object version (nodejs_soversion)" echo "=========================" -grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h +NODE_SOVERSION=$(grep -oP '(?<=#define NODE_MODULE_VERSION )\d+' node-v${version}/src/node_version.h) +echo "${NODE_SOVERSION}" echo echo "V8" echo "=========================" -grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h -grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h -grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h -grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h +V8_MAJOR=$(grep -oP '(?<=#define V8_MAJOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h) +V8_MINOR=$(grep -oP '(?<=#define V8_MINOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h) +V8_BUILD=$(grep -oP '(?<=#define V8_BUILD_NUMBER )\d+' node-v${version}/deps/v8/include/v8-version.h) +V8_PATCH=$(grep -oP '(?<=#define V8_PATCH_LEVEL )\d+' node-v${version}/deps/v8/include/v8-version.h) +echo "${V8_MAJOR}.${V8_MINOR}.${V8_BUILD}.${V8_PATCH}" echo echo "c-ares" echo "=========================" -grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h -grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h -grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h +C_ARES_VERSION=$(grep -oP '(?<=#define ARES_VERSION_STR ).*\"' node-v${version}/deps/cares/include/ares_version.h |sed -e 's/^"//' -e 's/"$//') +echo $C_ARES_VERSION echo echo "llhttp" echo "=========================" -grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h -grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h -grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h +LLHTTP_MAJOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MAJOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h) +LLHTTP_MINOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MINOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h) +LLHTTP_PATCH=$(grep -oP '(?<=#define LLHTTP_VERSION_PATCH )\d+' node-v${version}/deps/llhttp/include/llhttp.h) +LLHTTP_VERSION="${LLHTTP_MAJOR}.${LLHTTP_MINOR}.${LLHTTP_PATCH}" +echo $LLHTTP_VERSION echo echo "libuv" echo "=========================" -grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h -grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h -grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h +UV_MAJOR=$(grep -oP '(?<=#define UV_VERSION_MAJOR )\d+' node-v${version}/deps/uv/include/uv/version.h) +UV_MINOR=$(grep -oP '(?<=#define UV_VERSION_MINOR )\d+' node-v${version}/deps/uv/include/uv/version.h) +UV_PATCH=$(grep -oP '(?<=#define UV_VERSION_PATCH )\d+' node-v${version}/deps/uv/include/uv/version.h) +LIBUV_VERSION="${UV_MAJOR}.${UV_MINOR}.${UV_PATCH}" +echo $LIBUV_VERSION echo echo "nghttp2" echo "=========================" -grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h +NGHTTP2_VERSION=$(grep -oP '(?<=#define NGHTTP2_VERSION ).*\"' node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h |sed -e 's/^"//' -e 's/"$//') +echo $NGHTTP2_VERSION echo echo "nghttp3" echo "=========================" -grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h +NGHTTP3_VERSION=$(grep -oP '(?<=#define NGHTTP3_VERSION ).*\"' node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h |sed -e 's/^"//' -e 's/"$//') +echo $NGHTTP3_VERSION echo echo "ngtcp2" echo "=========================" -grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h +NGTCP2_VERSION=$(grep -oP '(?<=#define NGTCP2_VERSION ).*\"' node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h |sed -e 's/^"//' -e 's/"$//') +echo $NGTCP2_VERSION echo echo "ICU" echo "=========================" -grep "url" node-v${version}/tools/icu/current_ver.dep +ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g') +ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g') +echo "${ICU_MAJOR}.${ICU_MINOR}" +echo +echo "simdutf" +echo "=========================" +SIMDUTF_VERSION=$(grep -oP '(?<=#define SIMDUTF_VERSION ).*\"' node-v${version}/deps/simdutf/simdutf.h |sed -e 's/^"//' -e 's/"$//') +echo $SIMDUTF_VERSION +echo +echo "ada" +echo "=========================" +ADA_VERSION=$(grep -osP '(?<=#define ADA_VERSION ).*\"' node-v${version}/deps/ada/ada.h |sed -e 's/^"//' -e 's/"$//') +ADA_VERSION=${ADA_VERSION:-0} +echo "${ADA_VERSION}" echo echo "punycode" echo "=========================" -grep "'version'" node-v${version}/lib/punycode.js +PUNYCODE_VERSION=$(grep -oP "'version': '\K[^']+" ./node-v${version}/lib/punycode.js) +echo $PUNYCODE_VERSION +echo +echo "npm" +echo "=========================" +NPM_VERSION=$(jq -r .version ./node-v${version}/deps/npm/package.json) +echo $NPM_VERSION +echo +echo "corepack" +echo "=========================" +COREPACK_VERSION=$(jq -r .version ./node-v${version}/deps/corepack/package.json) +echo $COREPACK_VERSION echo echo "uvwasi" echo "=========================" -grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h -grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h -grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h +UVWASI_MAJOR=$(grep -oP '(?<=#define UVWASI_VERSION_MAJOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h) +UVWASI_MINOR=$(grep -oP '(?<=#define UVWASI_VERSION_MINOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h) +UVWASI_PATCH=$(grep -oP '(?<=#define UVWASI_VERSION_PATCH )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h) +UVWASI_VERSION="${UVWASI_MAJOR}.${UVWASI_MINOR}.${UVWASI_PATCH}" +echo $UVWASI_VERSION echo -echo "npm" +echo "histogram_c" echo "=========================" -grep "\"version\":" node-v${version}/deps/npm/package.json +HISTOGRAM_VERSION=$(grep -oP '(?<=#define HDR_HISTOGRAM_VERSION ).*\"' node-v${version}/deps/histogram/include/hdr/hdr_histogram_version.h|sed -e 's/^"//' -e 's/"$//') +echo $HISTOGRAM_VERSION echo echo "Make sure these versions match what is in the RPM spec file" diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index f0fd8d1..ecdc17e 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -33,7 +33,7 @@ # This is used by both the nodejs package and the npm subpackage that # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. -%global baserelease 2 +%global baserelease 1 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -44,8 +44,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 20 -%global nodejs_minor 12 -%global nodejs_patch 2 +%global nodejs_minor 16 +%global nodejs_patch 0 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 115 @@ -69,7 +69,7 @@ # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_version 1.27.0 +%global c_ares_version 1.31.0 # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_version 8.1.2 @@ -78,17 +78,17 @@ %global libuv_version 1.46.0 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -%global nghttp2_version 1.60.0 +%global nghttp2_version 1.61.0 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h %global nghttp3_version 0.7.0 # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h -%global ngtcp2_version 0.8.1 +%global ngtcp2_version 1.1.0 # ICU - from tools/icu/current_ver.dep -%global icu_major 74 -%global icu_minor 2 +%global icu_major 75 +%global icu_minor 1 %global icu_version %{icu_major}.%{icu_minor} %global icudatadir %{nodejs_datadir}/icudata @@ -106,10 +106,10 @@ %endif # simduft from deps/simdutf/simdutf.h -%global simduft_version 4.0.8 +%global simduft_version 5.2.8 # ada from deps/ada/ada.h -%global ada_version 2.7.6 +%global ada_version 2.8.0 # OpenSSL minimum version %global openssl_minimum 1:1.1.1 @@ -122,7 +122,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 10.5.0 +%global npm_version 10.8.1 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -132,10 +132,10 @@ # Node.js 16.9.1 and later comes with an experimental package management tool # corepack - from deps/corepack/package.json -%global corepack_version 0.25.2 +%global corepack_version 0.28.1 # uvwasi - from deps/uvwasi/include/uvwasi.h -%global uvwasi_version 0.0.20 +%global uvwasi_version 0.0.21 # histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h %global histogram_version 0.11.8 @@ -181,9 +181,10 @@ Source101: cjs-module-lexer-1.2.2.tar.gz Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz -# Adjustments: rm -f undici-5.28.4/lib/llhttp/llhttp*.wasm* -Source111: undici-5.28.4.tar.gz +# Original: https://github.com/nodejs/undici/archive/refs/tags/v6.13.0.tar.gz +# Adjustments: rm -f undici-6.13.0/lib/llhttp/llhttp*.wasm +# wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt +Source111: undici-6.19.2.tar.gz # The WASM blob was made using wasi-sdk v16; compiler libraries are linked in. # Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt # Also check (undici tarball): lib/llhttp/wasm_build_env.txt @@ -192,8 +193,7 @@ Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk- # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch Patch2: 0002-Disable-FIPS-options.patch -Patch3: 0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch -Patch4: 0004-Add-nghttp2_option_set_max_continuations.patch +Patch3: 0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch BuildRequires: make BuildRequires: python3-devel @@ -724,21 +724,26 @@ end %changelog +* Mon Aug 05 2024 Honza Horak - 1:20.16.0-1 +- Update to 20.16.0 + Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 + * Tue Apr 16 2024 Jan Staněk - 1:20.12.2-2 - Backport nghttp2 patch for CVE-2024-28182 * Tue Apr 16 2024 Jan Staněk - 1:20.12.2-1 - Rebase to version 20.12.0 - Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) - Fixes: CVE-2024-25629 (c-ares) + Addresses CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) + Addresses CVE-2024-25629 (c-ares) * Wed Feb 21 2024 Lukas Javorsky - 1:20.11.1-1 - Rebase to version 20.11.1 -- Resolves: RHEL-26017 RHEL-26266 RHEL-26685 RHEL-26686 RHEL-26004 RHEL-26596 RHEL-26688 +- Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high) +- Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium) * Fri Jan 19 2024 Lukas Javorsky - 1:20.11.0-1 - Rebase to version 20.11.0 -- Resolves: RHEL-21435 +- Resolves: RHEL-21434 * Thu Nov 09 2023 Zuzana Svetlikova - 1:20.9.0-1 - Rebase to LTS