@ -1,11 +1,3 @@
%bcond_with debug
# PowerPC, s390x and aarch64 segfault during Debug builds
# https://github.com/nodejs/node/issues/20642
%ifarch %{power64} s390x aarch64
%bcond_with debug
%endif
# The following macros control the usage of dependencies bundled from upstream.
#
# When to use what:
@ -19,11 +11,7 @@
%bcond_with bootstrap
# bundle dependencies that are not available in CentOS
# currently hardcoded to bundle; see Fedora spec on how to make this dependent on bootstrap
%if %{with bootstrap}
%bcond_without bundled
%else
%bcond_with bundled
%endif
%if 0%{?rhel} && 0%{?rhel} < 9
%bcond_without python3_fixup
@ -31,11 +19,18 @@
%bcond_with python3_fixup
%endif
# LTO is currently broken on Node.js builds
%define _lto_cflags %{nil}
# Heavy-handed approach to avoiding issues with python
# bytecompiling files in the node_modules/ directory
%global __python %{__python3}
# == Master Relase ==
# This is used by both the nodejs package and the npm subpackage that
# has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end.
%global baserelease 4
%global baserelease 8
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -77,16 +72,10 @@
%global llhttp_version 6.0.11
# libuv - from deps/uv/include/uv/version.h
%global libuv_major 1
%global libuv_minor 43
%global libuv_patch 0
%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
%global libuv_version 1.43.0
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
%global nghttp2_major 1
%global nghttp2_minor 57
%global nghttp2_patch 0
%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
%global nghttp2_version 1.57.0
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
%global nghttp3_major 0
@ -125,10 +114,7 @@
# punycode - from lib/punycode.js
# Note: this was merged into the mainline since 0.6.x
# Note: this will be unmerged in an upcoming major release
%global punycode_major 2
%global punycode_minor 1
%global punycode_patch 0
%global punycode_version %{punycode_major}.%{punycode_minor}.%{punycode_patch}
%global punycode_version 2.1.0
# npm - from deps/npm/package.json
%global npm_epoch 1
@ -141,17 +127,10 @@
%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
# uvwasi - from deps/uvwasi/include/uvwasi.h
%global uvwasi_major 0
%global uvwasi_minor 0
%global uvwasi_patch 13
%global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}
%global uvwasi_version 0.0.13
# histogram_c - assumed from timestamps
%global histogram_major 0
%global histogram_minor 11
%global histogram_patch 2
%global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch}
%global histogram_version 0.11.2
Name: nodejs
Epoch: %{nodejs_epoch}
@ -203,8 +182,21 @@ Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-
# Disable running gyp on bundled deps we don't use
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
Patch2: 0002-disable-fips-options.patch
Patch3: 0003-deps-nghttp2-update-to-1.57.0.patch
Patch4: nodejs-CVE-2024-22019.patch
Patch4: 0004-Fix-CVE-2024-22019.patch
# CVE-2025-27983
Patch5: 0005-src-ensure-to-close-stream-when-destroying-session.patch
# CVE-2024-28182
Patch6: 0006-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch
# CVE-2024-28182
Patch7: 0007-Add-nghttp2_option_set_max_continuations.patch
# CVE-2024-22025
Patch8: 0008-zlib-pause-stream-if-outgoing-buffer-is-full.patch
# CVE-2024-25629
Patch9: 0009-Address-CVE-2024-25629.patch
# CVE-2024-27982
Patch10: 0010-http-do-not-allow-OBS-fold-in-headers-by-default.patch
BuildRequires: make
BuildRequires: python3-devel
@ -252,6 +244,8 @@ Requires: openssl >= %{openssl_minimum}
# we need the system certificate store
Requires: ca-certificates
Requires: nodejs-libs%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
# Pull in the full-icu data by default
Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
@ -304,6 +298,11 @@ Provides: bundled(icu) = %{icu_version}
Provides: bundled(uvwasi) = %{uvwasi_version}
Provides: bundled(histogram) = %{histogram_version}
%if 0%{?fedora}
# Make sure to pull in the appropriate packaging macros when building RPMs
Requires: (nodejs-packaging if rpm-build)
%endif
# Make sure we keep NPM up to date when we update Node.js
Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
@ -332,6 +331,29 @@ Requires: libuv-devel%{?_isa}
Development headers for the Node.js JavaScript runtime.
%package libs
Summary: Node.js and v8 libraries
# Compatibility for obsolete v8 package
%if 0%{?__isa_bits} == 64
Provides: libv8.so.%{v8_major}()(64bit)
Provides: libv8_libbase.so.%{v8_major}()(64bit)
Provides: libv8_libplatform.so.%{v8_major}()(64bit)
%else
# 32-bits
Provides: libv8.so.%{v8_major}
Provides: libv8_libbase.so.%{v8_major}
Provides: libv8_libplatform.so.%{v8_major}
%endif
Provides: v8 = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
Provides: v8%{?_isa} = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
Obsoletes: v8 < 1:6.7.17-10
%description libs
Libraries to support Node.js and provide stable v8 interfaces.
%package full-i18n
Summary: Non-English locale data for Node.js
Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
@ -341,6 +363,17 @@ Optional data files to provide full-icu support for Node.js. Remove this
package to save space if non-English locales are not needed.
%package -n v8-devel
Summary: v8 - development headers
Epoch: %{v8_epoch}
Version: %{v8_version}
Release: %{v8_release}%{?dist}
Requires: %{name}-devel%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
%description -n v8-devel
Development headers for the v8 runtime.
%package -n npm
Summary: Node.js Package Manager
Epoch: %{npm_epoch}
@ -353,9 +386,7 @@ Release: %{npm_release}%{?dist}
Obsoletes: npm < 0:3.5.4-6
Provides: npm = %{npm_epoch}:%{npm_version}
Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
%if 0%{?fedora} || 0%{?rhel} >= 8
Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
%endif
# Do not add epoch to the virtual NPM provides or it will break
# the automatic dependency-generation script.
@ -417,6 +448,11 @@ find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
%endif
%build
# When compiled on armv7hl this package generates an out of range
# reference to the literal pool. This is most likely a GCC issue.
%ifarch armv7hl
%define _lto_cflags %{nil}
%endif
%ifarch s390 s390x %{arm} %ix86
# Decrease debuginfo verbosity to reduce memory consumption during final
@ -424,14 +460,13 @@ find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
%global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
%endif
export CC='gcc '
export CXX='g++ '
export CC='%{__cc} '
export CXX='%{__cxx} '
%{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}}
# build with debugging symbols and add defines from libuv (#892601)
# Node's v8 breaks with GCC 6 because of incorrect usage of methods on
# NULL objects. We need to pass -fno-delete-null-pointer-checks
extra_cflags=(
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64
@ -442,6 +477,8 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl
export LDFLAGS="%{build_ldflags}"
%{__python3} configure.py --prefix=%{_prefix} \
--shared \
--libdir=%{_lib} \
--shared-openssl \
--shared-zlib \
--shared-brotli \
@ -451,15 +488,11 @@ export LDFLAGS="%{build_ldflags}"
--with-intl=small-icu \
--with-icu-default-data-dir=%{icudatadir} \
--without-corepack \
--openssl-conf-name=openssl_conf \
--openssl-use-def-ca-store \
--openssl-default-cipher-list=PROFILE=SYSTEM
%if %{with debug}
# Setting BUILDTYPE=Debug builds both release and debug binaries
make BUILDTYPE=Debug %{?_smp_mflags}
%else
make BUILDTYPE=Release %{?_smp_mflags}
%endif
# Extract the ICU data and convert it to the appropriate endianness
pushd deps/
@ -500,10 +533,19 @@ rm -rf %{buildroot}
chmod 0755 %{buildroot}/%{_bindir}/node
chrpath --delete %{buildroot}%{_bindir}/node
%if %{with debug}
# Install the debug binary and set its permissions
install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g
%endif
# Install library symlink
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/libnode.so
# Install v8 compatibility symlinks
for header in %{buildroot}%{_includedir}/node/libplatform %{buildroot}%{_includedir}/node/v8*.h; do
header=$(basename ${header})
ln -s ./node/${header} %{buildroot}%{_includedir}/${header}
done
ln -s ./node/cppgc %{buildroot}%{_includedir}/cppgc
for soname in libv8 libv8_libbase libv8_libplatform; do
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so.%{v8_major}
done
# own the sitelib directory
mkdir -p %{buildroot}%{_prefix}/lib/node_modules
@ -576,67 +618,21 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
%check
# Fail the build if the versions don't match
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
# Ensure we have punycode and that the version matches
%{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
# Ensure we have npm and that the version matches
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')"
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}%{_bindir}/node %{buildroot}%{_bindir}/npm version --json |jq -e '.npm == "%{npm_version}"'
# Make sure i18n support is working
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
%pretrans -n npm -p <lua>
-- Remove all of the symlinks from the bundled npm node_modules directory
-- This scriptlet can be removed in Fedora 31
base_path = "%{_prefix}/lib/node_modules/npm/node_modules/"
d_st = posix.stat(base_path)
if d_st then
for f in posix.files(base_path) do
path = base_path..f
st = posix.stat(path)
if st and st.type == "link" then
os.remove(path)
end
end
end
-- Replace the npm docs directory with a symlink
-- Drop this scriptlet when F31 is EOL
path = "%{_prefix}/lib/node_modules/npm/doc"
st = posix.stat(path)
if st and st.type == "directory" then
status = os.rename(path, path .. ".rpmmoved")
if not status then
suffix = 0
while not status do
suffix = suffix + 1
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
end
os.rename(path, path .. ".rpmmoved")
end
end
-- Replace the npm docs directory with a symlink
-- Drop this scriptlet when F31 is EOL
path = "%{_prefix}/lib/node_modules/npm/html"
st = posix.stat(path)
if st and st.type == "directory" then
status = os.rename(path, path .. ".rpmmoved")
if not status then
suffix = 0
while not status do
suffix = suffix + 1
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
end
os.rename(path, path .. ".rpmmoved")
end
end
-- Replace the npm man directory with a symlink
-- Drop this scriptlet when F31 is EOL
path = "%{_prefix}/lib/node_modules/npm/man"
@ -675,8 +671,8 @@ end
%files devel
%{?with_debug:%{_bindir}/node_g}
%{_includedir}/node
%{_libdir}/libnode.so
%{_datadir}/node/common.gypi
%{_pkgdocdir}/gdbinit
@ -686,6 +682,24 @@ end
%{icudatadir}/icudt%{icu_major}*.dat
%files libs
%license LICENSE
%{_libdir}/libnode.so.%{nodejs_soversion}
%{_libdir}/libv8.so.%{v8_major}
%{_libdir}/libv8_libbase.so.%{v8_major}
%{_libdir}/libv8_libplatform.so.%{v8_major}
%dir %{nodejs_datadir}/
%files -n v8-devel
%{_includedir}/libplatform
%{_includedir}/v8*.h
%{_includedir}/cppgc
%{_libdir}/libv8.so
%{_libdir}/libv8_libbase.so
%{_libdir}/libv8_libplatform.so
%files -n npm
%{_bindir}/npm
%{_bindir}/npx
@ -723,199 +737,424 @@ end
%changelog
* Tue May 07 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-8
- Actually apply the patch for CVE-2024-27982
* Wed Apr 24 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-7
- Backport patch for CVE-2024-27982
* Tue Apr 09 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-6
- Use system OpenSSL configuration section
* Mon Apr 08 2024 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-5
- Backport patches for several CVEs.
Fixes CVE-2024-22025 CVE-2024-25629 CVE-2024-27983 CVE-2024-28182
* Tue Mar 05 2024 Honza Horak <hhorak@redhat.com> - 1:16.20.2-4
- Fix CVE-2024-22019
* Sun Dec 10 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1:16.20.2-3
- Rebuilt for MSVSphere 8.8
* Fri Oct 13 2023 Jan Staněk <jstanek@redhat.com > - 1:16.20.2-3
- Update version of bundled nghttp2 in spec file
* Thu Oct 12 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-3
* Thu Oct 12 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.2-2
- Update bundled nghttp2 to 1.57.0 (CVE-2023-44487)
* Wed Sep 06 2023 Masahiro Matsuya <mmatsuya@redhat.com> - 1:16.20.2-2
- Bump Release. Need to rebuild with the updated nodejs-packaging
Resolves: rhbz#2237393
* Fri Aug 18 2023 Dominik Rehák <drehak@redhat.com> - 1:16.20.2-1
* Wed Aug 30 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.20.2-1
- Rebase to 16.20.2
Resolves: rhbz#2231866
Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559
* Mon Jul 31 2023 Honza Horak <hhorak@redhat.com> - 1:16.20.1-2
- Fix segfault that happens when processing fips-related options
Resolves: BZ#2227796
* Thu Jul 13 2023 Jan Staněk <jstanek@redhat.com> - 1:16.20.1-1
- Rebase to 16.20.1
Resolves: rhbz#2188289
Resolves: rhbz#2188291
Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
- Replace /usr/etc/npmrc symlink with builtin configuration
Resolves: rhbz#2222288
Resolves: rhbz#2177781
* Wed May 31 2023 Jan Staněk <jstanek@redhat.com> - 1:16.19.1-2
- Update bundled c-ares to 1.19.1
Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067
* Mon Feb 27 2023 Jan Staněk <jstane k@redhat.com> - 1:16.19.1-1
* Mon Mar 27 2023 Zuzana Svetlikova <zsvetli k@redhat.com> - 1:16.19.1-1
- Rebase to 16.19.1
Resolves: rhbz#2153713
Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920
Resolves: CVE-2022-25881 CVE-2022-4904
- Resolves: rhbz#2153714
- Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920
- Resolves: CVE-2022-25881 CVE-2022-4904
* Wed Dec 07 2022 Jan Staněk <jstanek@redhat.com> - 1:16.18.1-3
- Update sources of undici WASM blobs
Resolves: rhbz#215154 6
Resolves: rhbz#2151617
* Fri Dec 02 2022 Jan Staněk <jstanek@redhat.com> - 1:16.18.1-2
- Record CVE references already addressed in this or previous upstream versions
Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824
* Mon Dec 05 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.18.1-2
- Add back libs and v8-devel subpackages
- Related: RHBZ#2121126
- Record previously fixed CVE
- Resolves: CVE-2021-44906
* Wed Nov 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.18.1-1
- Rebase + CVE fixe s
- Resolves: #2121024
- Resolves: #2135490, #2140926
- Rebase + CVEs
- Resolves: #2142808
- Resolves: #2142826, #2131745, #2142855
* Fri Oct 07 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1: 16.17.1-1
* Tue Sep 27 2022 Jan Staněk <jstanek@redhat.com> - 16.17.1-1
- Rebase to version 16.17.1
- Resolves: CVE-2022-35255 CVE-2022-35256
Resolves: CVE-2022-35255 CVE-2022-35256
* Tue Aug 23 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1: 16.16.0-1
- Resolves: #2104754, #2108057, #2108062, #2108067, #2108072
- Resolves CVE-2022-29244, CVE-2022-32212/3/4/5
- Resolves: #210628 5
- Rebase to latest release
* Tue Aug 23 2022 Jan Staněk <jstanek@redhat.com> - 16.16.0-1
- Rebase to version 16.16.0
Resolves: RHBZ#2106290
Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-3221 5
Resolves: CVE-2022-29244
* Mon Apr 25 2022 Jan Staněk <jstanek@redhat.com> - 1:16.14.0-5
- Unify configure calls into single command
- Refactor bootstrap-related parts
* Thu Apr 21 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-5
- Decouple dependency bundling from bootstrapping
* Mon Apr 11 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1: 16.14.0-4
* Tue Apr 05 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-4
- Apply lock file validation fixes
- Resolves: CVE-2021-43616
- Resolves: RHBZ#2070013
* Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-3
- Resolves: RHBZ#2026329
- Add corepack to spec
* Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-2
- Resolves: RHBZ#2026329
- Update npm version test
* Thu Dec 02 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-1
- Resolves: RHBZ#2014132, RHBZ#2014126, RHBZ#2013828, RHBZ#2024920
- Resolves: RHBZ#2026329
- Rebase to LTS release and to fix multiple low and medium CVEs
* Mon Sep 13 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.8.0-1
- Resolves CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712
- Resolves: RHBZ#1993948, RHBZ#1993941, RHBZ#2000151, RHBZ#2002176
* Mon Aug 30 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.7.0-2
- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
- fix python3 in gyp
* Wed Aug 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.7.0-1
- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
* Fri Jul 09 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.4.2-1
- Resolves: RHBZ#1979847
- Resolves CVE-2021-22918(libuv)
- Use system cipher list(1842826, 1952915)
* Tue May 11 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.1.0-1
- Resolves: RHBZ#1953991
Resolves: CVE-2021-43616
* Thu Mar 31 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-3
- Refactor bootstap handling and configure script invocation
Resolves: rhbz#2056969
* Sun Feb 13 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.14.0-2
- Build with bootstrap by default due to old versions of dependencies available
- Resolves: #2042995, #2042970, #2042981, #2042989
- Resolves: #2029936, #2024890, #2014499, #2014135
- Resolves: #2013834, #1945299
* Fri Feb 11 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.14.0-1
- Update to latest version
- Use jinja and jq
- Don't fix python3
- Resolves: CVE-2022-21824, CVE-2021-44531, CVE-2021-44532, CVE-2021-44533
- Resolves CVE-2020-15095
- Resolves: CVE-2021-3918, CVE-2021-22959, CVE-2021-22960
- Resolves: CVE-2021-3807, CVE-2021-27290
* Wed Sep 29 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.10.0-1
- Rebase to 16.10.0, add corepack, fix PowerShell dependency
- Resolves: RHBZ#2000539, #2000548, #2000549, #2002177
* Thu Aug 12 2021 Jan Staněk <jstanek@redhat.com> - 1:16.6.2-1
- Rebase to 16.6.2
Resolves: CVE-2021-22931 CVE-2021-22939 CVE-2021-22940
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:16.5.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Jul 22 2021 Zuzana Svetlikova <zsvetlik@redhat.com - 1:16.5.0-2
- Bump for gating
- Resolves: RHBZ#1979926
* Tue Jul 20 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.5.0-1
- Rebase to 16.5.0
- Fixes CVE-2021-22918(libuv)
- Resolves: RHBZ#1979926
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:16.3.0-2
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Tue Jun 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.3.0-1
- Resolves: RHBZ#1953491
- Rebase to 16.3.0
- includes https://github.com/nodejs/node/pull/38732
* Thu May 20 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.2.0-1
- Resolves: RHBZ#1953491
- Rebase to 16.2.0
- includes https://github.com/nodejs/node/pull/38633 (FIPS for OpenSSL 3.0)
* Wed May 19 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.1.0-1
- Resolves: RHBZ#1953491
- Support for OpenSSL 3.0.0
- Rebase to v16.x
- Update version of gcc and gcc-c++ needed
- Remove libs conditionals
- Remove unused patches
- Bundle nghttp3 and ngtcp2
* Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-2
- Resolves RHBZ#1930775
- remove --debug-nghttp2 option
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com>
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Mar 30 2021 Jonathan Wakely <jwakely@redhat.com> - 1:14.16.0-4
- Rebuilt for removed libstdc++ symbol (#1937698)
* Tue Mar 09 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-3
- Only require nodejs-packaging on Fedora
- remove --debug-nghttp2 (#1930775)
- always build with systemtap
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:14.15.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 04 2021 Stephen Gallagher <sgallagh@redhat.com> - 1:14.15.4-1
- Update to 14.15.4
* Wed Dec 02 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.15.1-1
- Update to 14.15.1
* Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-1
- Resolves CVE-2021-22883 CVE-2021-22884
- Resolves: RHBZ#1934566, RHBZ#1934599
- Rebase, remove ini patch
* Tue Oct 20 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.14.0-2
- Don't build with LTO on aarch64
* Tue Jan 26 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-2
- Add patch for yarn crash
- Resolves: RHBZ#1915296
* Mon Oct 19 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.14.0-1
- Update to 14.14.0
* Tue Jan 19 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-1
- Security rebase to 14.15.4
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
- Resolves: RHBZ#1913001, RHBZ#1912953
- Resolves: RHBZ#1912636, RHBZ#1898602, RHBZ#1898768, RHBZ#1893987, RHBZ#1893184
* Fri Oct 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.13.1-1
- Update to 14.13.1
* Thu Oct 29 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.0-1
- Resolves: RHBZ#1858864
- Update to LTS release
* Thu Oct 01 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.13.0-1
- Update to 14.13.0
* Mon Sep 21 2020 Jan Staněk <jstanek@redhat.com> - 1:14.11.0-1
- Security update to 14.11.0
* Wed Sep 16 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.11.0-1
- Update to 14.11.0
* Tue Sep 08 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.10.0-1
- Update to 14.10.0
* Fri Aug 21 2020 Jeff Law <law@redhat.com> - 1:14.7.0-2
- Narrow LTO opt-out to just armv7hl
* Fri Jul 31 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.7.0-1
- Update to 14.7.0
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:14.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.5.0-1
- Update to 14.5.0
* Tue Jul 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.4.0-3
- Update for new packaging guidelines
* Tue Jun 30 2020 Jeff Law <law@redhat.com> - 1:14.4.0-2
- Disable LTO
* Wed Jun 03 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.4.0-1
- Security update to 14.4.0
- Resolves: RHBZ#1815402
* Thu May 21 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.3.0-1
* Thu May 21 2020 Stephen Gallagher <sgallagh @redhat.com> - 1:14.3.0-1
- Update to 14.3.0
- Fix optflags to save memory
- Resolves: RHBZ#1815402
* Wed May 06 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.2.0-1
* Wed May 06 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.2.0-1
- Update to 14.2.0
- build with python3 only
- some clean up
* Tue Mar 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-2
- Fix CVE-2020-10531
* Wed Apr 29 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:14.1.0-1
- Update to 14.1.0
* Fri Apr 24 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.0.0-2
- Keep the fix scripts for Koji
* Thu Apr 23 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.0.0-1
- Update to 14.0.0
- v14.x should be python3 compatible, so commented out py sed scripts
* Thu Feb 20 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-1
- Rebase to 12.16.1
* Wed Apr 15 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:13.13.0-1
- Update to 13.13.0
- Add bundled uvwasi and histogram_c provides
- Add shared brotli dependency
- Remove icustrip.py patch, which was merged in upstream
* Wed Jan 15 2020 Jan Staněk <jstanek@redhat.com> - 1:12.14.1-1
- Rebase to 12.14.1
* Tue Mar 17 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:13.11.0-2
- Fix python3 issue in icustrip.py
* Fri Nov 29 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.13.1-1
- Resolves: RHBZ# 1773503, update to 12.13.1
- minor clean up and sync with Fedora spec
- turn off debug builds
* Mon Mar 16 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:13.11.0-1
- Update to 13.11.0
* Thu Aug 01 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4 .0-2
- Add condition to libs
* Wed Feb 26 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:13.9.0-2
- Build with python 3 only
* Wed Jun 12 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-1
- Update to v12.x
- Add v8-devel and libs subpackages from fedora
* Tue Feb 25 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:13.9.0-1
- Release Node.js 13.9.0
* Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
- move nodejs-packaging BR out of conditional
* Tue Feb 25 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.16.1-1
- Update to 12.16.1
- Fixes six regressions introduced in 12.16.0
* Fri Feb 14 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.16.0-1
- Update to 12.16.0
- Drop upstreamed patch
* Tue Dec 11 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-1
- Resolves RHBZ#1644207
- fixes node-gyp permissions
- rebase
* Thu Feb 06 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.15.0-1
- Update to 12.15.0
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:12.14.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 11 2018 Jan Staněk <jstanek@redhat.com> - 1:10.11.0-2
- BuildRequire nodejs-packaging for proper npm dependency generation
- Resolves: rhbz#1615947
* Mon Jan 13 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-3
- Fix issue with header symlinks in v8-devel
* Mon Oct 08 2018 Jan Staněk <jstanek@redhat.com> - 1:10.11.0-1
- Rebase to 10.11.0
- Import changes from fedora
- Resolves: rhbz#1621766
* Tue Jan 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-2
- Drop unneeded dependency on http-parser-devel
* Mon Jul 30 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.7.0-5
- Import sources from fedora
- Allow using python2 at %%build and %%install
- turn off debug for aarch64
* Tue Jan 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-1
- Update to 12.14.1
- https://github.com/nodejs/node/blob/v12.14.1/doc/changelogs/CHANGELOG_V12.md
* Mon Jan 06 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.0-2
- Update to 12.14.0
- https://github.com/nodejs/node/blob/v12.14.0/doc/changelogs/CHANGELOG_V12.md
- Add new subpackage nodejs-full-i18n to enable optional non-English locale
support
- Update documentation packaging for NPM
* Mon Dec 02 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.1-1
- Update to 12.13.1
- https://github.com/nodejs/node/blob/v12.13.1/doc/changelogs/CHANGELOG_V12.md
* Tue Oct 29 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-6
- Add proper i18n support
* Tue Oct 29 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-5
- Fix issue with NPM docs being replaced with a symlink
* Mon Oct 28 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-2
- Simplify npmrc default configuration
* Mon Oct 28 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-1
- Update to 12.13.0 (LTS)
- https://github.com/nodejs/node/blob/v12.13.0/doc/changelogs/CHANGELOG_V12.md
- NPM no longer clobbers RPM-installed Node.js modules
- Drop no-longer needed patch to suppress `npm update -g npm` message
* Wed Sep 04 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.10.0-1
- Update to 12.10.0
- https://github.com/nodejs/node/blob/v12.10.0/doc/changelogs/CHANGELOG_V12.md#12.10.0
* Wed Aug 21 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.9.0-1
- Update to 12.9.0
- https://github.com/nodejs/node/blob/v12.9.0/doc/changelogs/CHANGELOG_V12.md#12.9.0
* Thu Aug 15 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.8.2-1
- Update to 12.8.1
- Resolves: CVE-2019-9511 "Data Dribble"
- Resolves: CVE-2019-9512 "Ping Flood"
- Resolves: CVE-2019-9513 "Resource Loop"
- Resolves: CVE-2019-9514 "Reset Flood"
- Resolves: CVE-2019-9515 "Settings Flood"
- Resolves: CVE-2019-9516 "0-Length Headers Leak"
- Resolves: CVE-2019-9517 "Internal Data Buffering"
- Resolves: CVE-2019-9518 "Empty Frames Flood"
- https://github.com/nodejs/node/blob/v12.8.1/doc/changelogs/CHANGELOG_V12.md#12.8.1
* Mon Aug 05 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.7.0-3
- Fix epoch dependencies
- Carry data files for ICU
* Fri Aug 02 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.7.0-2
- Change v8-devel release field to avoid duplicated package names
* Thu Aug 01 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.7.0-1
- Update to 12.7.0
- https://nodejs.org/en/blog/release/v12.7.0/
* Tue Jul 30 2019 Tom Hughes <tom@compton.nu> - 1:12.6.0-2
- Bump release to fix dependencies
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:12.6.0-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jun 27 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.6.0-1
- Update to 12.6.0
- https://nodejs.org/en/blog/release/v12.6.0/
- https://nodejs.org/en/blog/release/v12.5.0/
* Tue Jun 04 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.4.0-1
- Update to 12.4.0
- https://nodejs.org/en/blog/release/v12.4.0/
* Fri May 24 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.3.1-1
- Update to 12.3.1
- https://nodejs.org/en/blog/release/v12.3.1/
- https://nodejs.org/en/blog/release/v12.3.0/
* Wed May 15 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.2.0-1
- Update to 12.2.0
- https://nodejs.org/en/blog/release/v12.2.0/
* Tue Apr 30 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.1.0-1
- Update to 12.1.0
- https://nodejs.org/en/blog/release/v12.1.0/
* Wed Apr 24 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.0.0-3
- Fix upgrade bug for v8-devel (BZ #1702609)
* Tue Apr 23 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.0.0-2
- Node.js 12.x requires OpenSSL 1.1.1+
* Tue Apr 23 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.0.0-1
- Release 12.0.0
- https://nodejs.org/en/blog/release/v12.0.0/
* Thu Apr 11 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:11.13.0-1
- Update to 11.13.0
- https://nodejs.org/en/blog/release/v11.13.0/
- https://nodejs.org/en/blog/release/v11.12.0/
- https://nodejs.org/en/blog/release/v11.11.0/
* Fri Mar 01 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:11.10.1-1
- Update to 11.10.1
- https://nodejs.org/en/blog/release/v11.10.1/
- https://nodejs.org/en/blog/release/v11.10.0/
- https://nodejs.org/en/blog/release/v11.9.0/
- https://nodejs.org/en/blog/release/v11.8.0/
* Fri Jan 18 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:11.7.0-1
- Update to 11.7.0
- https://nodejs.org/en/blog/release/v11.7.0/
- https://nodejs.org/en/blog/release/v11.6.0/
- https://nodejs.org/en/blog/release/v11.5.0/
- https://nodejs.org/en/blog/release/v11.4.0/
* Thu Nov 29 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:11.3.0-1
- Update to 11.3.0
- https://nodejs.org/en/blog/release/v11.2.0/
- https://nodejs.org/en/blog/release/v11.3.0/
* Fri Nov 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:11.1.0-1
- Update to 11.1.0
- https://nodejs.org/en/blog/release/v11.1.0/
* Thu Nov 01 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:11.0.0-1
- Update to 11.0.0
- https://nodejs.org/en/blog/release/v11.0.0/
* Thu Nov 01 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.13.0-1
- Update to 10.13.0
- https://nodejs.org/en/blog/release/v10.13.0/
* Thu Oct 11 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.12.0-1
- Update to 10.12.0
- https://nodejs.org/en/blog/release/v10.12.0/
* Wed Oct 10 2018 Jan Staněk <jstanek@redhat.com> - 1:10.11.0-2
- Add non-bootstrap BR for nodejs-packaging
* Thu Sep 20 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.11.0-1
- Update to 10.11.0
- https://nodejs.org/en/blog/release/v10.11.0/
* Wed Sep 19 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.10.0-2
- Really, finally fix npm dep executable permissions
* Tue Sep 11 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.10.0-1
- Update to 10.10.0
- https://nodejs.org/en/blog/release/v10.10.0/
- Fix issue with npm permissions
* Tue Aug 21 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.9.0-2
- Clean up automatic dependencies for npm
* Thu Aug 16 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.9.0-1
- Update to 10.9.0
- https://nodejs.org/en/blog/release/v10.9.0/
* Tue Aug 07 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.8.0-1
- Update to 10.8.0
- https://nodejs.org/en/blog/release/v10.8.0/
* Fri Jul 20 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:10.7.0-4
- Fix npm upgrade scriptlet