Compare commits

...

No commits in common. 'c9' and 'i8c-stream-16' have entirely different histories.

@ -1,6 +1,6 @@
b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz
406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz 406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz
0024086ed6090aaea422fb2bd329f898bf924df6 SOURCES/node-v16.20.2-stripped.tar.gz f50d6a8dfc8d24c29091a8cf39221e6b4d21b0d8 SOURCES/node-v16.20.2-stripped.tar.gz
0b3e890fd45200fb3a2fdc14408cc51e23990480 SOURCES/undici-5.20.0.tar.gz a96c780a67c578c31e9c8d291e357b2ae98a0ce5 SOURCES/undici-5.20.0.tar.gz
8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz 900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz

@ -1,4 +1,4 @@
From 6c80c1956373978489a297a630f4f50222c47775 Mon Sep 17 00:00:00 2001 From 39f761838b5fc10af995642bd44e6bb4c79085f1 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build> From: rpm-build <rpm-build>
Date: Tue, 30 May 2023 13:12:35 +0200 Date: Tue, 30 May 2023 13:12:35 +0200
Subject: [PATCH] Disable running gyp on shared deps Subject: [PATCH] Disable running gyp on shared deps
@ -22,5 +22,5 @@ index ef3eda2..8b52a4f 100644
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
$(PYTHON) tools/gyp_node.py -f make $(PYTHON) tools/gyp_node.py -f make
-- --
2.44.0 2.41.0

@ -1,26 +0,0 @@
From b7d979b5f7d28114050d1cdc43f39e6e83bd80d5 Mon Sep 17 00:00:00 2001
From: Honza Horak <hhorak@redhat.com>
Date: Thu, 12 Oct 2023 13:52:59 +0200
Subject: [PATCH] disable fips options
Signed-off-by: rpm-build <rpm-build>
---
src/crypto/crypto_util.cc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
index 59ae7f8..7343396 100644
--- a/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
/* Override FIPS settings in configuration file, if needed. */
if (per_process::cli_options->enable_fips_crypto ||
per_process::cli_options->force_fips_crypto) {
+ fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
+ return false;
#if OPENSSL_VERSION_MAJOR >= 3
OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
if (fips_provider == nullptr)
--
2.44.0

@ -1,4 +1,4 @@
From de21a714db98bade7a0438af0a0351a9f53f2fb8 Mon Sep 17 00:00:00 2001 From 3cdb8a61ff25e4d299d9d47284da5134bc5f1072 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build> From: rpm-build <rpm-build>
Date: Thu, 12 Oct 2023 14:18:12 +0200 Date: Thu, 12 Oct 2023 14:18:12 +0200
Subject: [PATCH] deps(nghttp2): update to 1.57.0 Subject: [PATCH] deps(nghttp2): update to 1.57.0
@ -5798,5 +5798,5 @@ index 0dcd034..7b02f39 100644
} }
] ]
-- --
2.44.0 2.41.0

@ -1,42 +0,0 @@
From 2df9af7073929ab94b6dda040df08bc3ff7d8ab1 Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Tue, 26 Mar 2024 15:55:13 -0300
Subject: [PATCH] src: ensure to close stream when destroying session
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Co-Authored-By: Anna Henningsen <anna@addaleax.net>
PR-URL: https://github.com/nodejs-private/node-private/pull/561
Fixes: https://hackerone.com/reports/2319584
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
CVE-ID: CVE-2024-27983
Signed-off-by: Jan Staněk <jstanek@redhat.com>
Signed-off-by: rpm-build <rpm-build>
---
src/node_http2.cc | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/node_http2.cc b/src/node_http2.cc
index 53216dc..9a6d63d 100644
--- a/src/node_http2.cc
+++ b/src/node_http2.cc
@@ -529,6 +529,12 @@ Http2Session::Http2Session(Http2State* http2_state,
Http2Session::~Http2Session() {
CHECK(!is_in_scope());
Debug(this, "freeing nghttp2 session");
+ // Ensure that all `Http2Stream` instances and the memory they hold
+ // on to are destroyed before the nghttp2 session is.
+ for (const auto& [id, stream] : streams_) {
+ stream->Detach();
+ }
+ streams_.clear();
// Explicitly reset session_ so the subsequent
// current_nghttp2_memory_ check passes.
session_.reset();
--
2.44.0

@ -1,112 +0,0 @@
From 132ad9e8a8f8e246e59744a7fed995ed396f6cb4 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:26:42 +0900
Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Jan Staněk <jstanek@redhat.com>
Fixes: CVE-2024-28182
Signed-off-by: rpm-build <rpm-build>
---
deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 7 ++++++-
deps/nghttp2/lib/nghttp2_helper.c | 2 ++
deps/nghttp2/lib/nghttp2_session.c | 7 +++++++
deps/nghttp2/lib/nghttp2_session.h | 10 ++++++++++
4 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
index fa22081..b394bde 100644
--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
@@ -440,7 +440,12 @@ typedef enum {
* exhaustion on server side to send these frames forever and does
* not read network.
*/
- NGHTTP2_ERR_FLOODED = -904
+ NGHTTP2_ERR_FLOODED = -904,
+ /**
+ * When a local endpoint receives too many CONTINUATION frames
+ * following a HEADER frame.
+ */
+ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
} nghttp2_error;
/**
diff --git a/deps/nghttp2/lib/nghttp2_helper.c b/deps/nghttp2/lib/nghttp2_helper.c
index 93dd475..b3563d9 100644
--- a/deps/nghttp2/lib/nghttp2_helper.c
+++ b/deps/nghttp2/lib/nghttp2_helper.c
@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) {
"closed";
case NGHTTP2_ERR_TOO_MANY_SETTINGS:
return "SETTINGS frame contained more than the maximum allowed entries";
+ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
+ return "Too many CONTINUATION frames following a HEADER frame";
default:
return "Unknown error code";
}
diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
index ec5024d..8e4d2e7 100644
--- a/deps/nghttp2/lib/nghttp2_session.c
+++ b/deps/nghttp2/lib/nghttp2_session.c
@@ -496,6 +496,7 @@ static int session_new(nghttp2_session **session_ptr,
(*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
(*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
(*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
+ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
if (option) {
if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
@@ -6778,6 +6779,8 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
}
}
session_inbound_frame_reset(session);
+
+ session->num_continuations = 0;
}
break;
}
@@ -6899,6 +6902,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
}
#endif /* DEBUGBUILD */
+ if (++session->num_continuations > session->max_continuations) {
+ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
+ }
+
readlen = inbound_frame_buf_read(iframe, in, last);
in += readlen;
diff --git a/deps/nghttp2/lib/nghttp2_session.h b/deps/nghttp2/lib/nghttp2_session.h
index b119329..ef8f7b2 100644
--- a/deps/nghttp2/lib/nghttp2_session.h
+++ b/deps/nghttp2/lib/nghttp2_session.h
@@ -110,6 +110,10 @@ typedef struct {
#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
+/* The default max number of CONTINUATION frames following an incoming
+ HEADER frame. */
+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
+
/* Internal state when receiving incoming frame */
typedef enum {
/* Receiving frame header */
@@ -290,6 +294,12 @@ struct nghttp2_session {
size_t max_send_header_block_length;
/* The maximum number of settings accepted per SETTINGS frame. */
size_t max_settings;
+ /* The maximum number of CONTINUATION frames following an incoming
+ HEADER frame. */
+ size_t max_continuations;
+ /* The number of CONTINUATION frames following an incoming HEADER
+ frame. This variable is reset when END_HEADERS flag is seen. */
+ size_t num_continuations;
/* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
uint32_t next_stream_id;
/* The last stream ID this session initiated. For client session,
--
2.44.0

@ -1,94 +0,0 @@
From 625b03149d2ec68cdbcfe3f2801d6f0420d917cb Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:48:10 +0900
Subject: [PATCH] Add nghttp2_option_set_max_continuations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Jan Staněk <jstanek@redhat.com>
Related: CVE-2024-28182
Signed-off-by: rpm-build <rpm-build>
---
deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
deps/nghttp2/lib/nghttp2_option.c | 5 +++++
deps/nghttp2/lib/nghttp2_option.h | 5 +++++
deps/nghttp2/lib/nghttp2_session.c | 4 ++++
4 files changed, 25 insertions(+)
diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
index b394bde..4d3339b 100644
--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
@@ -2778,6 +2778,17 @@ NGHTTP2_EXTERN void
nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
uint64_t burst, uint64_t rate);
+/**
+ * @function
+ *
+ * This function sets the maximum number of CONTINUATION frames
+ * following an incoming HEADER frame. If more than those frames are
+ * received, the remote endpoint is considered to be misbehaving and
+ * session will be closed. The default value is 8.
+ */
+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
+ size_t val);
+
/**
* @function
*
diff --git a/deps/nghttp2/lib/nghttp2_option.c b/deps/nghttp2/lib/nghttp2_option.c
index 43d4e95..53144b9 100644
--- a/deps/nghttp2/lib/nghttp2_option.c
+++ b/deps/nghttp2/lib/nghttp2_option.c
@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
option->stream_reset_burst = burst;
option->stream_reset_rate = rate;
}
+
+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
+ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
+ option->max_continuations = val;
+}
diff --git a/deps/nghttp2/lib/nghttp2_option.h b/deps/nghttp2/lib/nghttp2_option.h
index 2259e18..c89cb97 100644
--- a/deps/nghttp2/lib/nghttp2_option.h
+++ b/deps/nghttp2/lib/nghttp2_option.h
@@ -71,6 +71,7 @@ typedef enum {
NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
+ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
} nghttp2_option_flag;
/**
@@ -98,6 +99,10 @@ struct nghttp2_option {
* NGHTTP2_OPT_MAX_SETTINGS
*/
size_t max_settings;
+ /**
+ * NGHTTP2_OPT_MAX_CONTINUATIONS
+ */
+ size_t max_continuations;
/**
* Bitwise OR of nghttp2_option_flag to determine that which fields
* are specified.
diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
index 8e4d2e7..ced7517 100644
--- a/deps/nghttp2/lib/nghttp2_session.c
+++ b/deps/nghttp2/lib/nghttp2_session.c
@@ -585,6 +585,10 @@ static int session_new(nghttp2_session **session_ptr,
option->stream_reset_burst,
option->stream_reset_rate);
}
+
+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
+ (*session_ptr)->max_continuations = option->max_continuations;
+ }
}
rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
--
2.44.0

File diff suppressed because one or more lines are too long

@ -1,39 +0,0 @@
From ec80a9196e2aedfd617d05964725f113000a41ea Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Thu, 22 Feb 2024 16:23:33 -0500
Subject: [PATCH] Address CVE-2024-25629
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Original commit title: Merge pull request from GHSA-mg26-v6qh-x48q
Signed-off-by: Jan Staněk <jstanek@redhat.com>
Fixes: CVE-2024-25629
Signed-off-by: rpm-build <rpm-build>
---
deps/cares/src/lib/ares__read_line.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/deps/cares/src/lib/ares__read_line.c b/deps/cares/src/lib/ares__read_line.c
index c62ad2a..16627e4 100644
--- a/deps/cares/src/lib/ares__read_line.c
+++ b/deps/cares/src/lib/ares__read_line.c
@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
if (!fgets(*buf + offset, bytestoread, fp))
return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
len = offset + strlen(*buf + offset);
+
+ /* Probably means there was an embedded NULL as the first character in
+ * the line, throw away line */
+ if (len == 0) {
+ offset = 0;
+ continue;
+ }
+
if ((*buf)[len - 1] == '\n')
{
(*buf)[len - 1] = 0;
--
2.44.0

@ -1,7 +1,4 @@
From fb8b050abf63459eb83cad4d4bf695c56db2790a Mon Sep 17 00:00:00 2001 Fix CVE-2024-22019
From: Honza Horak <hhorak@redhat.com>
Date: Mon, 15 Apr 2024 15:21:35 +0200
Subject: [PATCH] Fix CVE-2024-22019
Resolves: RHEL-28064 Resolves: RHEL-28064
@ -11,20 +8,17 @@ https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171
and necessary rebase of llhttp from 6.0.11 to 6.1.0 that has the needed and necessary rebase of llhttp from 6.0.11 to 6.1.0 that has the needed
chunk features. chunk features.
Original patch: From 11bd886e0a4eadd7e55502758fff6486a3fa3a4e Mon Sep 17 00:00:00 2001
> From 11bd886e0a4eadd7e55502758fff6486a3fa3a4e Mon Sep 17 00:00:00 2001 From: Paolo Insogna <paolo@cowtech.it>
> From: Paolo Insogna <paolo@cowtech.it> Date: Tue, 9 Jan 2024 18:10:04 +0100
> Date: Tue, 9 Jan 2024 18:10:04 +0100 Subject: [PATCH] http: add maximum chunk extension size
> Subject: [PATCH] http: add maximum chunk extension size
>
> Cherry-picked from v18 patch:
> https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171
>
> PR-URL: https://github.com/nodejs-private/node-private/pull/520
> Refs: https://github.com/nodejs-private/node-private/pull/518
> CVE-ID: CVE-2024-22019
Signed-off-by: rpm-build <rpm-build> Cherry-picked from v18 patch:
https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171
PR-URL: https://github.com/nodejs-private/node-private/pull/520
Refs: https://github.com/nodejs-private/node-private/pull/518
CVE-ID: CVE-2024-22019
--- ---
deps/llhttp/.gitignore | 1 + deps/llhttp/.gitignore | 1 +
deps/llhttp/CMakeLists.txt | 2 +- deps/llhttp/CMakeLists.txt | 2 +-
@ -42,13 +36,13 @@ Signed-off-by: rpm-build <rpm-build>
diff --git a/deps/llhttp/.gitignore b/deps/llhttp/.gitignore diff --git a/deps/llhttp/.gitignore b/deps/llhttp/.gitignore
new file mode 100644 new file mode 100644
index 0000000..98438a2 index 0000000000..98438a2cd3
--- /dev/null --- /dev/null
+++ b/deps/llhttp/.gitignore +++ b/deps/llhttp/.gitignore
@@ -0,0 +1 @@ @@ -0,0 +1 @@
+libllhttp.pc +libllhttp.pc
diff --git a/deps/llhttp/CMakeLists.txt b/deps/llhttp/CMakeLists.txt diff --git a/deps/llhttp/CMakeLists.txt b/deps/llhttp/CMakeLists.txt
index d038203..747564a 100644 index d0382038b9..747564a76f 100644
--- a/deps/llhttp/CMakeLists.txt --- a/deps/llhttp/CMakeLists.txt
+++ b/deps/llhttp/CMakeLists.txt +++ b/deps/llhttp/CMakeLists.txt
@@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
@ -61,7 +55,7 @@ index d038203..747564a 100644
set(CMAKE_C_STANDARD 99) set(CMAKE_C_STANDARD 99)
diff --git a/deps/llhttp/include/llhttp.h b/deps/llhttp/include/llhttp.h diff --git a/deps/llhttp/include/llhttp.h b/deps/llhttp/include/llhttp.h
index 2da66f1..78f27ab 100644 index 2da66f15e6..78f27abc03 100644
--- a/deps/llhttp/include/llhttp.h --- a/deps/llhttp/include/llhttp.h
+++ b/deps/llhttp/include/llhttp.h +++ b/deps/llhttp/include/llhttp.h
@@ -2,8 +2,8 @@ @@ -2,8 +2,8 @@
@ -86,7 +80,7 @@ index 2da66f1..78f27ab 100644
llhttp_data_cb on_body; llhttp_data_cb on_body;
diff --git a/deps/llhttp/src/api.c b/deps/llhttp/src/api.c diff --git a/deps/llhttp/src/api.c b/deps/llhttp/src/api.c
index c4ce197..d3065b3 100644 index c4ce197c58..d3065b3664 100644
--- a/deps/llhttp/src/api.c --- a/deps/llhttp/src/api.c
+++ b/deps/llhttp/src/api.c +++ b/deps/llhttp/src/api.c
@@ -355,6 +355,13 @@ int llhttp__on_chunk_header(llhttp_t* s, const char* p, const char* endp) { @@ -355,6 +355,13 @@ int llhttp__on_chunk_header(llhttp_t* s, const char* p, const char* endp) {
@ -104,7 +98,7 @@ index c4ce197..d3065b3 100644
int err; int err;
CALLBACK_MAYBE(s, on_chunk_complete); CALLBACK_MAYBE(s, on_chunk_complete);
diff --git a/deps/llhttp/src/llhttp.c b/deps/llhttp/src/llhttp.c diff --git a/deps/llhttp/src/llhttp.c b/deps/llhttp/src/llhttp.c
index 5e7c5d1..46f86a0 100644 index 5e7c5d1093..e6db6e3188 100644
--- a/deps/llhttp/src/llhttp.c --- a/deps/llhttp/src/llhttp.c
+++ b/deps/llhttp/src/llhttp.c +++ b/deps/llhttp/src/llhttp.c
@@ -340,6 +340,8 @@ enum llparse_state_e { @@ -340,6 +340,8 @@ enum llparse_state_e {
@ -318,7 +312,7 @@ index 5e7c5d1..46f86a0 100644
state->error = 0x2; state->error = 0x2;
state->reason = "Invalid character in chunk parameters"; state->reason = "Invalid character in chunk parameters";
diff --git a/doc/api/errors.md b/doc/api/errors.md diff --git a/doc/api/errors.md b/doc/api/errors.md
index dcf8744..a76bfe5 100644 index dcf8744d8b..a76bfe528d 100644
--- a/doc/api/errors.md --- a/doc/api/errors.md
+++ b/doc/api/errors.md +++ b/doc/api/errors.md
@@ -3043,6 +3043,18 @@ malconfigured clients, if more than 8 KiB of HTTP header data is received then @@ -3043,6 +3043,18 @@ malconfigured clients, if more than 8 KiB of HTTP header data is received then
@ -341,7 +335,7 @@ index dcf8744..a76bfe5 100644
### `HPE_UNEXPECTED_CONTENT_LENGTH` ### `HPE_UNEXPECTED_CONTENT_LENGTH`
diff --git a/lib/_http_server.js b/lib/_http_server.js diff --git a/lib/_http_server.js b/lib/_http_server.js
index 4e23266..325bce6 100644 index 4e23266f63..325bce6f54 100644
--- a/lib/_http_server.js --- a/lib/_http_server.js
+++ b/lib/_http_server.js +++ b/lib/_http_server.js
@@ -706,6 +706,12 @@ const requestHeaderFieldsTooLargeResponse = Buffer.from( @@ -706,6 +706,12 @@ const requestHeaderFieldsTooLargeResponse = Buffer.from(
@ -368,7 +362,7 @@ index 4e23266..325bce6 100644
response = requestTimeoutResponse; response = requestTimeoutResponse;
break; break;
diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc
index 74f3248..b92e848 100644 index 74f32480b9..b92e8486ae 100644
--- a/src/node_http_parser.cc --- a/src/node_http_parser.cc
+++ b/src/node_http_parser.cc +++ b/src/node_http_parser.cc
@@ -79,6 +79,8 @@ const uint32_t kOnExecute = 5; @@ -79,6 +79,8 @@ const uint32_t kOnExecute = 5;
@ -430,7 +424,7 @@ index 74f3248..b92e848 100644
Proxy<Call, &Parser::on_chunk_header>::Raw, Proxy<Call, &Parser::on_chunk_header>::Raw,
diff --git a/test/parallel/test-http-chunk-extensions-limit.js b/test/parallel/test-http-chunk-extensions-limit.js diff --git a/test/parallel/test-http-chunk-extensions-limit.js b/test/parallel/test-http-chunk-extensions-limit.js
new file mode 100644 new file mode 100644
index 0000000..6868b3d index 0000000000..6868b3da6c
--- /dev/null --- /dev/null
+++ b/test/parallel/test-http-chunk-extensions-limit.js +++ b/test/parallel/test-http-chunk-extensions-limit.js
@@ -0,0 +1,131 @@ @@ -0,0 +1,131 @@
@ -566,7 +560,7 @@ index 0000000..6868b3d
+ }); + });
+} +}
diff --git a/tools/update-llhttp.sh b/tools/update-llhttp.sh diff --git a/tools/update-llhttp.sh b/tools/update-llhttp.sh
index 12e2f46..a95eef1 100755 index 12e2f465d7..a95eef1237 100755
--- a/tools/update-llhttp.sh --- a/tools/update-llhttp.sh
+++ b/tools/update-llhttp.sh +++ b/tools/update-llhttp.sh
@@ -59,5 +59,5 @@ echo "" @@ -59,5 +59,5 @@ echo ""
@ -577,5 +571,5 @@ index 12e2f46..a95eef1 100755
+echo "$ git commit -m \"deps: update llhttp to $LLHTTP_VERSION\"" +echo "$ git commit -m \"deps: update llhttp to $LLHTTP_VERSION\""
echo "" echo ""
-- --
2.44.0 2.41.0

@ -1,3 +1,11 @@
%bcond_with debug
# PowerPC, s390x and aarch64 segfault during Debug builds
# https://github.com/nodejs/node/issues/20642
%ifarch %{power64} s390x aarch64
%bcond_with debug
%endif
# The following macros control the usage of dependencies bundled from upstream. # The following macros control the usage of dependencies bundled from upstream.
# #
# When to use what: # When to use what:
@ -11,7 +19,11 @@
%bcond_with bootstrap %bcond_with bootstrap
# bundle dependencies that are not available in CentOS # bundle dependencies that are not available in CentOS
# currently hardcoded to bundle; see Fedora spec on how to make this dependent on bootstrap # currently hardcoded to bundle; see Fedora spec on how to make this dependent on bootstrap
%if %{with bootstrap}
%bcond_without bundled %bcond_without bundled
%else
%bcond_with bundled
%endif
%if 0%{?rhel} && 0%{?rhel} < 9 %if 0%{?rhel} && 0%{?rhel} < 9
%bcond_without python3_fixup %bcond_without python3_fixup
@ -19,18 +31,11 @@
%bcond_with python3_fixup %bcond_with python3_fixup
%endif %endif
# LTO is currently broken on Node.js builds
%define _lto_cflags %{nil}
# Heavy-handed approach to avoiding issues with python
# bytecompiling files in the node_modules/ directory
%global __python %{__python3}
# == Master Relase == # == Master Relase ==
# This is used by both the nodejs package and the npm subpackage that # This is used by both the nodejs package and the npm subpackage that
# has a separate version - the name is special so that rpmdev-bumpspec # has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end. # will bump this rather than adding .1 to the end.
%global baserelease 8 %global baserelease 4
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -72,10 +77,16 @@
%global llhttp_version 6.0.11 %global llhttp_version 6.0.11
# libuv - from deps/uv/include/uv/version.h # libuv - from deps/uv/include/uv/version.h
%global libuv_version 1.43.0 %global libuv_major 1
%global libuv_minor 43
%global libuv_patch 0
%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
%global nghttp2_version 1.57.0 %global nghttp2_major 1
%global nghttp2_minor 57
%global nghttp2_patch 0
%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
%global nghttp3_major 0 %global nghttp3_major 0
@ -114,7 +125,10 @@
# punycode - from lib/punycode.js # punycode - from lib/punycode.js
# Note: this was merged into the mainline since 0.6.x # Note: this was merged into the mainline since 0.6.x
# Note: this will be unmerged in an upcoming major release # Note: this will be unmerged in an upcoming major release
%global punycode_version 2.1.0 %global punycode_major 2
%global punycode_minor 1
%global punycode_patch 0
%global punycode_version %{punycode_major}.%{punycode_minor}.%{punycode_patch}
# npm - from deps/npm/package.json # npm - from deps/npm/package.json
%global npm_epoch 1 %global npm_epoch 1
@ -127,10 +141,17 @@
%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
# uvwasi - from deps/uvwasi/include/uvwasi.h # uvwasi - from deps/uvwasi/include/uvwasi.h
%global uvwasi_version 0.0.13 %global uvwasi_major 0
%global uvwasi_minor 0
%global uvwasi_patch 13
%global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}
# histogram_c - assumed from timestamps # histogram_c - assumed from timestamps
%global histogram_version 0.11.2 %global histogram_major 0
%global histogram_minor 11
%global histogram_patch 2
%global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch}
Name: nodejs Name: nodejs
Epoch: %{nodejs_epoch} Epoch: %{nodejs_epoch}
@ -182,21 +203,8 @@ Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-
# Disable running gyp on bundled deps we don't use # Disable running gyp on bundled deps we don't use
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
Patch2: 0002-disable-fips-options.patch
Patch3: 0003-deps-nghttp2-update-to-1.57.0.patch Patch3: 0003-deps-nghttp2-update-to-1.57.0.patch
Patch4: 0004-Fix-CVE-2024-22019.patch Patch4: nodejs-CVE-2024-22019.patch
# CVE-2025-27983
Patch5: 0005-src-ensure-to-close-stream-when-destroying-session.patch
# CVE-2024-28182
Patch6: 0006-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch
# CVE-2024-28182
Patch7: 0007-Add-nghttp2_option_set_max_continuations.patch
# CVE-2024-22025
Patch8: 0008-zlib-pause-stream-if-outgoing-buffer-is-full.patch
# CVE-2024-25629
Patch9: 0009-Address-CVE-2024-25629.patch
# CVE-2024-27982
Patch10: 0010-http-do-not-allow-OBS-fold-in-headers-by-default.patch
BuildRequires: make BuildRequires: make
BuildRequires: python3-devel BuildRequires: python3-devel
@ -244,8 +252,6 @@ Requires: openssl >= %{openssl_minimum}
# we need the system certificate store # we need the system certificate store
Requires: ca-certificates Requires: ca-certificates
Requires: nodejs-libs%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
# Pull in the full-icu data by default # Pull in the full-icu data by default
Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release} Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
@ -298,11 +304,6 @@ Provides: bundled(icu) = %{icu_version}
Provides: bundled(uvwasi) = %{uvwasi_version} Provides: bundled(uvwasi) = %{uvwasi_version}
Provides: bundled(histogram) = %{histogram_version} Provides: bundled(histogram) = %{histogram_version}
%if 0%{?fedora}
# Make sure to pull in the appropriate packaging macros when building RPMs
Requires: (nodejs-packaging if rpm-build)
%endif
# Make sure we keep NPM up to date when we update Node.js # Make sure we keep NPM up to date when we update Node.js
Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
@ -331,29 +332,6 @@ Requires: libuv-devel%{?_isa}
Development headers for the Node.js JavaScript runtime. Development headers for the Node.js JavaScript runtime.
%package libs
Summary: Node.js and v8 libraries
# Compatibility for obsolete v8 package
%if 0%{?__isa_bits} == 64
Provides: libv8.so.%{v8_major}()(64bit)
Provides: libv8_libbase.so.%{v8_major}()(64bit)
Provides: libv8_libplatform.so.%{v8_major}()(64bit)
%else
# 32-bits
Provides: libv8.so.%{v8_major}
Provides: libv8_libbase.so.%{v8_major}
Provides: libv8_libplatform.so.%{v8_major}
%endif
Provides: v8 = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
Provides: v8%{?_isa} = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
Obsoletes: v8 < 1:6.7.17-10
%description libs
Libraries to support Node.js and provide stable v8 interfaces.
%package full-i18n %package full-i18n
Summary: Non-English locale data for Node.js Summary: Non-English locale data for Node.js
Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
@ -363,17 +341,6 @@ Optional data files to provide full-icu support for Node.js. Remove this
package to save space if non-English locales are not needed. package to save space if non-English locales are not needed.
%package -n v8-devel
Summary: v8 - development headers
Epoch: %{v8_epoch}
Version: %{v8_version}
Release: %{v8_release}%{?dist}
Requires: %{name}-devel%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
%description -n v8-devel
Development headers for the v8 runtime.
%package -n npm %package -n npm
Summary: Node.js Package Manager Summary: Node.js Package Manager
Epoch: %{npm_epoch} Epoch: %{npm_epoch}
@ -386,7 +353,9 @@ Release: %{npm_release}%{?dist}
Obsoletes: npm < 0:3.5.4-6 Obsoletes: npm < 0:3.5.4-6
Provides: npm = %{npm_epoch}:%{npm_version} Provides: npm = %{npm_epoch}:%{npm_version}
Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
%if 0%{?fedora} || 0%{?rhel} >= 8
Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
%endif
# Do not add epoch to the virtual NPM provides or it will break # Do not add epoch to the virtual NPM provides or it will break
# the automatic dependency-generation script. # the automatic dependency-generation script.
@ -448,11 +417,6 @@ find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
%endif %endif
%build %build
# When compiled on armv7hl this package generates an out of range
# reference to the literal pool. This is most likely a GCC issue.
%ifarch armv7hl
%define _lto_cflags %{nil}
%endif
%ifarch s390 s390x %{arm} %ix86 %ifarch s390 s390x %{arm} %ix86
# Decrease debuginfo verbosity to reduce memory consumption during final # Decrease debuginfo verbosity to reduce memory consumption during final
@ -460,13 +424,14 @@ find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
%global optflags %(echo %{optflags} | sed 's/-g /-g1 /') %global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
%endif %endif
export CC='%{__cc}' export CC='gcc'
export CXX='%{__cxx}' export CXX='g++'
%{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}} %{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}}
# build with debugging symbols and add defines from libuv (#892601) # build with debugging symbols and add defines from libuv (#892601)
# Node's v8 breaks with GCC 6 because of incorrect usage of methods on # Node's v8 breaks with GCC 6 because of incorrect usage of methods on
# NULL objects. We need to pass -fno-delete-null-pointer-checks # NULL objects. We need to pass -fno-delete-null-pointer-checks
extra_cflags=( extra_cflags=(
-D_LARGEFILE_SOURCE -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_FILE_OFFSET_BITS=64
@ -477,8 +442,6 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl
export LDFLAGS="%{build_ldflags}" export LDFLAGS="%{build_ldflags}"
%{__python3} configure.py --prefix=%{_prefix} \ %{__python3} configure.py --prefix=%{_prefix} \
--shared \
--libdir=%{_lib} \
--shared-openssl \ --shared-openssl \
--shared-zlib \ --shared-zlib \
--shared-brotli \ --shared-brotli \
@ -488,11 +451,15 @@ export LDFLAGS="%{build_ldflags}"
--with-intl=small-icu \ --with-intl=small-icu \
--with-icu-default-data-dir=%{icudatadir} \ --with-icu-default-data-dir=%{icudatadir} \
--without-corepack \ --without-corepack \
--openssl-conf-name=openssl_conf \
--openssl-use-def-ca-store \ --openssl-use-def-ca-store \
--openssl-default-cipher-list=PROFILE=SYSTEM --openssl-default-cipher-list=PROFILE=SYSTEM
%if %{with debug}
# Setting BUILDTYPE=Debug builds both release and debug binaries
make BUILDTYPE=Debug %{?_smp_mflags}
%else
make BUILDTYPE=Release %{?_smp_mflags} make BUILDTYPE=Release %{?_smp_mflags}
%endif
# Extract the ICU data and convert it to the appropriate endianness # Extract the ICU data and convert it to the appropriate endianness
pushd deps/ pushd deps/
@ -533,19 +500,10 @@ rm -rf %{buildroot}
chmod 0755 %{buildroot}/%{_bindir}/node chmod 0755 %{buildroot}/%{_bindir}/node
chrpath --delete %{buildroot}%{_bindir}/node chrpath --delete %{buildroot}%{_bindir}/node
# Install library symlink %if %{with debug}
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/libnode.so # Install the debug binary and set its permissions
install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g
# Install v8 compatibility symlinks %endif
for header in %{buildroot}%{_includedir}/node/libplatform %{buildroot}%{_includedir}/node/v8*.h; do
header=$(basename ${header})
ln -s ./node/${header} %{buildroot}%{_includedir}/${header}
done
ln -s ./node/cppgc %{buildroot}%{_includedir}/cppgc
for soname in libv8 libv8_libbase libv8_libplatform; do
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so.%{v8_major}
done
# own the sitelib directory # own the sitelib directory
mkdir -p %{buildroot}%{_prefix}/lib/node_modules mkdir -p %{buildroot}%{_prefix}/lib/node_modules
@ -618,21 +576,67 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
%check %check
# Fail the build if the versions don't match # Fail the build if the versions don't match
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')" %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')" %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')" %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
# Ensure we have punycode and that the version matches # Ensure we have punycode and that the version matches
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')" %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
# Ensure we have npm and that the version matches # Ensure we have npm and that the version matches
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}%{_bindir}/node %{buildroot}%{_bindir}/npm version --json |jq -e '.npm == "%{npm_version}"' NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')"
# Make sure i18n support is working # Make sure i18n support is working
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2} NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
%pretrans -n npm -p <lua> %pretrans -n npm -p <lua>
-- Remove all of the symlinks from the bundled npm node_modules directory
-- This scriptlet can be removed in Fedora 31
base_path = "%{_prefix}/lib/node_modules/npm/node_modules/"
d_st = posix.stat(base_path)
if d_st then
for f in posix.files(base_path) do
path = base_path..f
st = posix.stat(path)
if st and st.type == "link" then
os.remove(path)
end
end
end
-- Replace the npm docs directory with a symlink
-- Drop this scriptlet when F31 is EOL
path = "%{_prefix}/lib/node_modules/npm/doc"
st = posix.stat(path)
if st and st.type == "directory" then
status = os.rename(path, path .. ".rpmmoved")
if not status then
suffix = 0
while not status do
suffix = suffix + 1
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
end
os.rename(path, path .. ".rpmmoved")
end
end
-- Replace the npm docs directory with a symlink
-- Drop this scriptlet when F31 is EOL
path = "%{_prefix}/lib/node_modules/npm/html"
st = posix.stat(path)
if st and st.type == "directory" then
status = os.rename(path, path .. ".rpmmoved")
if not status then
suffix = 0
while not status do
suffix = suffix + 1
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
end
os.rename(path, path .. ".rpmmoved")
end
end
-- Replace the npm man directory with a symlink -- Replace the npm man directory with a symlink
-- Drop this scriptlet when F31 is EOL -- Drop this scriptlet when F31 is EOL
path = "%{_prefix}/lib/node_modules/npm/man" path = "%{_prefix}/lib/node_modules/npm/man"
@ -671,8 +675,8 @@ end
%files devel %files devel
%{?with_debug:%{_bindir}/node_g}
%{_includedir}/node %{_includedir}/node
%{_libdir}/libnode.so
%{_datadir}/node/common.gypi %{_datadir}/node/common.gypi
%{_pkgdocdir}/gdbinit %{_pkgdocdir}/gdbinit
@ -682,24 +686,6 @@ end
%{icudatadir}/icudt%{icu_major}*.dat %{icudatadir}/icudt%{icu_major}*.dat
%files libs
%license LICENSE
%{_libdir}/libnode.so.%{nodejs_soversion}
%{_libdir}/libv8.so.%{v8_major}
%{_libdir}/libv8_libbase.so.%{v8_major}
%{_libdir}/libv8_libplatform.so.%{v8_major}
%dir %{nodejs_datadir}/
%files -n v8-devel
%{_includedir}/libplatform
%{_includedir}/v8*.h
%{_includedir}/cppgc
%{_libdir}/libv8.so
%{_libdir}/libv8_libbase.so
%{_libdir}/libv8_libplatform.so
%files -n npm %files -n npm
%{_bindir}/npm %{_bindir}/npm
%{_bindir}/npx %{_bindir}/npx
@ -737,424 +723,199 @@ end
%changelog %changelog
* Tue May 07 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-8
- Actually apply the patch for CVE-2024-27982
* Wed Apr 24 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-7
- Backport patch for CVE-2024-27982
* Tue Apr 09 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-6
- Use system OpenSSL configuration section
* Mon Apr 08 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-5
- Backport patches for several CVEs.
Fixes CVE-2024-22025 CVE-2024-25629 CVE-2024-27983 CVE-2024-28182
* Tue Mar 05 2024 Honza Horak <hhorak@redhat.com> - 1:16.20.2-4 * Tue Mar 05 2024 Honza Horak <hhorak@redhat.com> - 1:16.20.2-4
- Fix CVE-2024-22019 - Fix CVE-2024-22019
* Fri Oct 13 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-3 * Sun Dec 10 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1:16.20.2-3
- Update version of bundled nghttp2 in spec file - Rebuilt for MSVSphere 8.8
* Thu Oct 12 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-2 * Thu Oct 12 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-3
- Update bundled nghttp2 to 1.57.0 (CVE-2023-44487) - Update bundled nghttp2 to 1.57.0 (CVE-2023-44487)
* Wed Aug 30 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.20.2-1 * Wed Sep 06 2023 Masahiro Matsuya <mmatsuya@redhat.com> - 1:16.20.2-2
- Bump Release. Need to rebuild with the updated nodejs-packaging
Resolves: rhbz#2237393
* Fri Aug 18 2023 Dominik Rehák <drehak@redhat.com> - 1:16.20.2-1
- Rebase to 16.20.2 - Rebase to 16.20.2
Resolves: rhbz#2231866
Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559
* Mon Jul 31 2023 Honza Horak <hhorak@redhat.com> - 1:16.20.1-2
- Fix segfault that happens when processing fips-related options
Resolves: BZ#2227796
* Thu Jul 13 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.1-1 * Thu Jul 13 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.1-1
- Rebase to 16.20.1 - Rebase to 16.20.1
Resolves: rhbz#2188291 Resolves: rhbz#2188289
Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
- Replace /usr/etc/npmrc symlink with builtin configuration - Replace /usr/etc/npmrc symlink with builtin configuration
Resolves: rhbz#2177781 Resolves: rhbz#2222288
* Wed May 31 2023 Jan Staněk <jstanek@redhat.com> - 1:16.19.1-2 * Wed May 31 2023 Jan Staněk <jstanek@redhat.com> - 1:16.19.1-2
- Update bundled c-ares to 1.19.1 - Update bundled c-ares to 1.19.1
Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067
* Mon Mar 27 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.19.1-1 * Mon Feb 27 2023 Jan Staněk <jstanek@redhat.com> - 1:16.19.1-1
- Rebase to 16.19.1 - Rebase to 16.19.1
- Resolves: rhbz#2153714 Resolves: rhbz#2153713
- Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920
- Resolves: CVE-2022-25881 CVE-2022-4904 Resolves: CVE-2022-25881 CVE-2022-4904
* Wed Dec 07 2022 Jan Staněk <jstanek@redhat.com> - 1:16.18.1-3 * Wed Dec 07 2022 Jan Staněk <jstanek@redhat.com> - 1:16.18.1-3
- Update sources of undici WASM blobs - Update sources of undici WASM blobs
Resolves: rhbz#2151617 Resolves: rhbz#2151546
* Mon Dec 05 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.18.1-2 * Fri Dec 02 2022 Jan Staněk <jstanek@redhat.com> - 1:16.18.1-2
- Add back libs and v8-devel subpackages - Record CVE references already addressed in this or previous upstream versions
- Related: RHBZ#2121126 Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824
- Record previously fixed CVE
- Resolves: CVE-2021-44906
* Wed Nov 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.18.1-1 * Wed Nov 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.18.1-1
- Rebase + CVEs - Rebase + CVE fixes
- Resolves: #2142808 - Resolves: #2121024
- Resolves: #2142826, #2131745, #2142855 - Resolves: #2135490, #2140926
* Tue Sep 27 2022 Jan Staněk <jstanek@redhat.com> - 16.17.1-1 * Fri Oct 07 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.17.1-1
- Rebase to version 16.17.1 - Rebase to version 16.17.1
Resolves: CVE-2022-35255 CVE-2022-35256 - Resolves: CVE-2022-35255 CVE-2022-35256
* Tue Aug 23 2022 Jan Staněk <jstanek@redhat.com> - 16.16.0-1 * Tue Aug 23 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.16.0-1
- Rebase to version 16.16.0 - Resolves: #2104754, #2108057, #2108062, #2108067, #2108072
Resolves: RHBZ#2106290 - Resolves CVE-2022-29244, CVE-2022-32212/3/4/5
Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 - Resolves: #2106285
Resolves: CVE-2022-29244 - Rebase to latest release
* Thu Apr 21 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-5 * Mon Apr 25 2022 Jan Staněk <jstanek@redhat.com> - 1:16.14.0-5
- Unify configure calls into single command
- Refactor bootstrap-related parts
- Decouple dependency bundling from bootstrapping - Decouple dependency bundling from bootstrapping
* Tue Apr 05 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-4 * Mon Apr 11 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.14.0-4
- Apply lock file validation fixes - Apply lock file validation fixes
Resolves: CVE-2021-43616 - Resolves: CVE-2021-43616
- Resolves: RHBZ#2070013
* Thu Mar 31 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-3
- Refactor bootstap handling and configure script invocation * Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-3
Resolves: rhbz#2056969 - Resolves: RHBZ#2026329
- Add corepack to spec
* Sun Feb 13 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.14.0-2
- Build with bootstrap by default due to old versions of dependencies available * Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-2
- Resolves: #2042995, #2042970, #2042981, #2042989 - Resolves: RHBZ#2026329
- Resolves: #2029936, #2024890, #2014499, #2014135 - Update npm version test
- Resolves: #2013834, #1945299
* Thu Dec 02 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-1
* Fri Feb 11 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.14.0-1 - Resolves: RHBZ#2014132, RHBZ#2014126, RHBZ#2013828, RHBZ#2024920
- Update to latest version - Resolves: RHBZ#2026329
- Use jinja and jq - Rebase to LTS release and to fix multiple low and medium CVEs
- Don't fix python3
- Resolves: CVE-2022-21824, CVE-2021-44531, CVE-2021-44532, CVE-2021-44533 * Mon Sep 13 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.8.0-1
- Resolves CVE-2020-15095 - Resolves CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712
- Resolves: CVE-2021-3918, CVE-2021-22959, CVE-2021-22960 - Resolves: RHBZ#1993948, RHBZ#1993941, RHBZ#2000151, RHBZ#2002176
- Resolves: CVE-2021-3807, CVE-2021-27290
* Mon Aug 30 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.7.0-2
* Wed Sep 29 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.10.0-1 - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
- Rebase to 16.10.0, add corepack, fix PowerShell dependency - CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
- Resolves: RHBZ#2000539, #2000548, #2000549, #2002177 - Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
* Thu Aug 12 2021 Jan Staněk <jstanek@redhat.com> - 1:16.6.2-1 - fix python3 in gyp
- Rebase to 16.6.2
Resolves: CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 * Wed Aug 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.7.0-1
- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:16.5.0-3 - CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
Related: rhbz#1991688 - Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
* Thu Jul 22 2021 Zuzana Svetlikova <zsvetlik@redhat.com - 1:16.5.0-2 * Fri Jul 09 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.4.2-1
- Bump for gating - Resolves: RHBZ#1979847
- Resolves: RHBZ#1979926 - Resolves CVE-2021-22918(libuv)
- Use system cipher list(1842826, 1952915)
* Tue Jul 20 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.5.0-1
- Rebase to 16.5.0 * Tue May 11 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.1.0-1
- Fixes CVE-2021-22918(libuv) - Resolves: RHBZ#1953991
- Resolves: RHBZ#1979926
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:16.3.0-2
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Tue Jun 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.3.0-1
- Resolves: RHBZ#1953491
- Rebase to 16.3.0
- includes https://github.com/nodejs/node/pull/38732
* Thu May 20 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.2.0-1
- Resolves: RHBZ#1953491
- Rebase to 16.2.0
- includes https://github.com/nodejs/node/pull/38633 (FIPS for OpenSSL 3.0)
* Wed May 19 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.1.0-1
- Resolves: RHBZ#1953491
- Support for OpenSSL 3.0.0
- Rebase to v16.x - Rebase to v16.x
- Update version of gcc and gcc-c++ needed - Update version of gcc and gcc-c++ needed
- Remove libs conditionals
- Remove unused patches
- Bundle nghttp3 and ngtcp2 - Bundle nghttp3 and ngtcp2
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> * Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Resolves RHBZ#1930775
- remove --debug-nghttp2 option
* Tue Mar 30 2021 Jonathan Wakely <jwakely@redhat.com> - 1:14.16.0-4
- Rebuilt for removed libstdc++ symbol (#1937698)
* Tue Mar 09 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-3
- Only require nodejs-packaging on Fedora
- remove --debug-nghttp2 (#1930775)
- always build with systemtap
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:14.15.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 04 2021 Stephen Gallagher <sgallagh@redhat.com> - 1:14.15.4-1
- Update to 14.15.4
* Wed Dec 02 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.15.1-1
- Update to 14.15.1
* Tue Oct 20 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.14.0-2 * Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-1
- Don't build with LTO on aarch64 - Resolves CVE-2021-22883 CVE-2021-22884
- Resolves: RHBZ#1934566, RHBZ#1934599
- Rebase, remove ini patch
* Mon Oct 19 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.14.0-1 * Tue Jan 26 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-2
- Update to 14.14.0 - Add patch for yarn crash
- Resolves: RHBZ#1915296
* Fri Oct 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.13.1-1 * Tue Jan 19 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-1
- Update to 14.13.1 - Security rebase to 14.15.4
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
- Resolves: RHBZ#1913001, RHBZ#1912953
- Resolves: RHBZ#1912636, RHBZ#1898602, RHBZ#1898768, RHBZ#1893987, RHBZ#1893184
* Thu Oct 01 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.13.0-1 * Thu Oct 29 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.0-1
- Update to 14.13.0 - Resolves: RHBZ#1858864
- Update to LTS release
* Wed Sep 16 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.11.0-1 * Mon Sep 21 2020 Jan Staněk <jstanek@redhat.com> - 1:14.11.0-1
- Update to 14.11.0 - Security update to 14.11.0
* Tue Sep 08 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.10.0-1
- Update to 14.10.0
* Fri Aug 21 2020 Jeff Law <law@redhat.com> - 1:14.7.0-2
- Narrow LTO opt-out to just armv7hl
* Fri Jul 31 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.7.0-1
- Update to 14.7.0
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:14.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.5.0-1
- Update to 14.5.0
* Tue Jul 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.4.0-3
- Update for new packaging guidelines
* Tue Jun 30 2020 Jeff Law <law@redhat.com> - 1:14.4.0-2
- Disable LTO
* Wed Jun 03 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.4.0-1 * Wed Jun 03 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.4.0-1
- Security update to 14.4.0 - Security update to 14.4.0
- Resolves: RHBZ#1815402
* Thu May 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.3.0-1 * Thu May 21 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.3.0-1
- Update to 14.3.0 - Update to 14.3.0
- Fix optflags to save memory
- Resolves: RHBZ#1815402
* Wed May 06 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.2.0-1 * Wed May 06 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.2.0-1
- Update to 14.2.0 - Update to 14.2.0
- build with python3 only
- some clean up
* Wed Apr 29 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.1.0-1 * Tue Mar 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-2
- Update to 14.1.0 - Fix CVE-2020-10531
* Fri Apr 24 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.0.0-2
- Keep the fix scripts for Koji
* Thu Apr 23 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.0.0-1
- Update to 14.0.0
- v14.x should be python3 compatible, so commented out py sed scripts
* Wed Apr 15 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:13.13.0-1 * Thu Feb 20 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-1
- Update to 13.13.0 - Rebase to 12.16.1
- Add bundled uvwasi and histogram_c provides
- Add shared brotli dependency
- Remove icustrip.py patch, which was merged in upstream
* Tue Mar 17 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:13.11.0-2 * Wed Jan 15 2020 Jan Staněk <jstanek@redhat.com> - 1:12.14.1-1
- Fix python3 issue in icustrip.py - Rebase to 12.14.1
* Mon Mar 16 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:13.11.0-1 * Fri Nov 29 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.13.1-1
- Update to 13.11.0 - Resolves: RHBZ# 1773503, update to 12.13.1
- minor clean up and sync with Fedora spec
- turn off debug builds
* Wed Feb 26 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:13.9.0-2 * Thu Aug 01 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-2
- Build with python 3 only - Add condition to libs
* Tue Feb 25 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:13.9.0-1 * Wed Jun 12 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-1
- Release Node.js 13.9.0 - Update to v12.x
- Add v8-devel and libs subpackages from fedora
* Tue Feb 25 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.16.1-1 * Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
- Update to 12.16.1 - move nodejs-packaging BR out of conditional
- Fixes six regressions introduced in 12.16.0
* Fri Feb 14 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.16.0-1
- Update to 12.16.0
- Drop upstreamed patch
* Thu Feb 06 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.15.0-1 * Tue Dec 11 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-1
- Update to 12.15.0 - Resolves RHBZ#1644207
- fixes node-gyp permissions
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:12.14.1-4 - rebase
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 13 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-3 * Thu Oct 11 2018 Jan Staněk <jstanek@redhat.com> - 1:10.11.0-2
- Fix issue with header symlinks in v8-devel - BuildRequire nodejs-packaging for proper npm dependency generation
- Resolves: rhbz#1615947
* Tue Jan 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-2 * Mon Oct 08 2018 Jan Staněk <jstanek@redhat.com> - 1:10.11.0-1
- Drop unneeded dependency on http-parser-devel - Rebase to 10.11.0
- Import changes from fedora
- Resolves: rhbz#1621766
* Tue Jan 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-1 * Mon Jul 30 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.7.0-5
- Update to 12.14.1 - Import sources from fedora
- https://github.com/nodejs/node/blob/v12.14.1/doc/changelogs/CHANGELOG_V12.md - Allow using python2 at %%build and %%install
- turn off debug for aarch64
* Mon Jan 06 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.0-2
- Update to 12.14.0
- https://github.com/nodejs/node/blob/v12.14.0/doc/changelogs/CHANGELOG_V12.md
- Add new subpackage nodejs-full-i18n to enable optional non-English locale
support
- Update documentation packaging for NPM
* Mon Dec 02 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.1-1
- Update to 12.13.1
- https://github.com/nodejs/node/blob/v12.13.1/doc/changelogs/CHANGELOG_V12.md
* Tue Oct 29 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-6
- Add proper i18n support
* Tue Oct 29 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-5
- Fix issue with NPM docs being replaced with a symlink
* Mon Oct 28 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-2
- Simplify npmrc default configuration
* Mon Oct 28 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-1
- Update to 12.13.0 (LTS)
- https://github.com/nodejs/node/blob/v12.13.0/doc/changelogs/CHANGELOG_V12.md
- NPM no longer clobbers RPM-installed Node.js modules
- Drop no-longer needed patch to suppress `npm update -g npm` message
* Wed Sep 04 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.10.0-1
- Update to 12.10.0
- https://github.com/nodejs/node/blob/v12.10.0/doc/changelogs/CHANGELOG_V12.md#12.10.0
* Wed Aug 21 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.9.0-1
- Update to 12.9.0
- https://github.com/nodejs/node/blob/v12.9.0/doc/changelogs/CHANGELOG_V12.md#12.9.0
* Thu Aug 15 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.8.2-1
- Update to 12.8.1
- Resolves: CVE-2019-9511 "Data Dribble"
- Resolves: CVE-2019-9512 "Ping Flood"
- Resolves: CVE-2019-9513 "Resource Loop"
- Resolves: CVE-2019-9514 "Reset Flood"
- Resolves: CVE-2019-9515 "Settings Flood"
- Resolves: CVE-2019-9516 "0-Length Headers Leak"
- Resolves: CVE-2019-9517 "Internal Data Buffering"
- Resolves: CVE-2019-9518 "Empty Frames Flood"
- https://github.com/nodejs/node/blob/v12.8.1/doc/changelogs/CHANGELOG_V12.md#12.8.1
* Mon Aug 05 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.7.0-3
- Fix epoch dependencies
- Carry data files for ICU
* Fri Aug 02 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.7.0-2
- Change v8-devel release field to avoid duplicated package names
* Thu Aug 01 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.7.0-1
- Update to 12.7.0
- https://nodejs.org/en/blog/release/v12.7.0/
* Tue Jul 30 2019 Tom Hughes <tom@compton.nu> - 1:12.6.0-2
- Bump release to fix dependencies
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:12.6.0-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jun 27 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.6.0-1
- Update to 12.6.0
- https://nodejs.org/en/blog/release/v12.6.0/
- https://nodejs.org/en/blog/release/v12.5.0/
* Tue Jun 04 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.4.0-1
- Update to 12.4.0
- https://nodejs.org/en/blog/release/v12.4.0/
* Fri May 24 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.3.1-1
- Update to 12.3.1
- https://nodejs.org/en/blog/release/v12.3.1/
- https://nodejs.org/en/blog/release/v12.3.0/
* Wed May 15 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.2.0-1
- Update to 12.2.0
- https://nodejs.org/en/blog/release/v12.2.0/
* Tue Apr 30 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.1.0-1
- Update to 12.1.0
- https://nodejs.org/en/blog/release/v12.1.0/
* Wed Apr 24 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.0.0-3
- Fix upgrade bug for v8-devel (BZ #1702609)
* Tue Apr 23 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.0.0-2
- Node.js 12.x requires OpenSSL 1.1.1+
* Tue Apr 23 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.0.0-1
- Release 12.0.0
- https://nodejs.org/en/blog/release/v12.0.0/
* Thu Apr 11 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:11.13.0-1
- Update to 11.13.0
- https://nodejs.org/en/blog/release/v11.13.0/
- https://nodejs.org/en/blog/release/v11.12.0/
- https://nodejs.org/en/blog/release/v11.11.0/
* Fri Mar 01 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:11.10.1-1
- Update to 11.10.1
- https://nodejs.org/en/blog/release/v11.10.1/
- https://nodejs.org/en/blog/release/v11.10.0/
- https://nodejs.org/en/blog/release/v11.9.0/
- https://nodejs.org/en/blog/release/v11.8.0/
* Fri Jan 18 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:11.7.0-1
- Update to 11.7.0
- https://nodejs.org/en/blog/release/v11.7.0/
- https://nodejs.org/en/blog/release/v11.6.0/
- https://nodejs.org/en/blog/release/v11.5.0/
- https://nodejs.org/en/blog/release/v11.4.0/
* Thu Nov 29 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:11.3.0-1
- Update to 11.3.0
- https://nodejs.org/en/blog/release/v11.2.0/
- https://nodejs.org/en/blog/release/v11.3.0/
* Fri Nov 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:11.1.0-1
- Update to 11.1.0
- https://nodejs.org/en/blog/release/v11.1.0/
* Thu Nov 01 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:11.0.0-1
- Update to 11.0.0
- https://nodejs.org/en/blog/release/v11.0.0/
* Thu Nov 01 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.13.0-1
- Update to 10.13.0
- https://nodejs.org/en/blog/release/v10.13.0/
* Thu Oct 11 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.12.0-1
- Update to 10.12.0
- https://nodejs.org/en/blog/release/v10.12.0/
* Wed Oct 10 2018 Jan Staněk <jstanek@redhat.com> - 1:10.11.0-2
- Add non-bootstrap BR for nodejs-packaging
* Thu Sep 20 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.11.0-1
- Update to 10.11.0
- https://nodejs.org/en/blog/release/v10.11.0/
* Wed Sep 19 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.10.0-2
- Really, finally fix npm dep executable permissions
* Tue Sep 11 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.10.0-1
- Update to 10.10.0
- https://nodejs.org/en/blog/release/v10.10.0/
- Fix issue with npm permissions
* Tue Aug 21 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.9.0-2
- Clean up automatic dependencies for npm
* Thu Aug 16 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.9.0-1
- Update to 10.9.0
- https://nodejs.org/en/blog/release/v10.9.0/
* Tue Aug 07 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.8.0-1
- Update to 10.8.0
- https://nodejs.org/en/blog/release/v10.8.0/
* Fri Jul 20 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.7.0-4 * Fri Jul 20 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.7.0-4
- Fix npm upgrade scriptlet - Fix npm upgrade scriptlet

Loading…
Cancel
Save