.gitignore

@@ -1,5 +1,6 @@
 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-SOURCES/icu4c-74_2-src.tgz
-SOURCES/node-v18.20.4-stripped.tar.gz
-SOURCES/undici-5.28.4.tar.gz
-SOURCES/wasi-sdk-11.0-linux.tar.gz
+SOURCES/icu4c-71_1-src.tgz
+SOURCES/node-v16.20.2-stripped.tar.gz
+SOURCES/undici-5.20.0.tar.gz
+SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
+SOURCES/wasi-sdk-wasi-sdk-14.tar.gz

.nodejs.metadata

@@ -1,5 +1,6 @@
-164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz
-43a8d688a3a6bc8f0f8c5e699d0ef7a905d24314 SOURCES/icu4c-74_2-src.tgz
-1865285a5bf26669d5fadbc5eb78e97f4adad612 SOURCES/node-v18.20.4-stripped.tar.gz
-d38d72bec82e3c41a4de73d6ee56d9c9eff5f403 SOURCES/undici-5.28.4.tar.gz
-ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz
+b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz
+406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz
+0024086ed6090aaea422fb2bd329f898bf924df6 SOURCES/node-v16.20.2-stripped.tar.gz
+0b3e890fd45200fb3a2fdc14408cc51e23990480 SOURCES/undici-5.20.0.tar.gz
+8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
+900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz

SOURCES/0001-Disable-running-gyp-on-shared-deps.patch

@@ -1,55 +1,26 @@
-From c73e0892eb1d0aa2df805618c019dc5c96b79705 Mon Sep 17 00:00:00 2001
+From 6c80c1956373978489a297a630f4f50222c47775 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Tue, 30 May 2023 13:12:35 +0200
 Subject: [PATCH] Disable running gyp on shared deps
 
 Signed-off-by: rpm-build <rpm-build>
 ---
- Makefile |  2 +-
- node.gyp | 17 -----------------
- 2 files changed, 1 insertion(+), 18 deletions(-)
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 0be0659..3c44201 100644
+index ef3eda2..8b52a4f 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -169,7 +169,7 @@ with-code-cache test-code-cache:
+@@ -148,7 +148,7 @@ with-code-cache test-code-cache:
  	$(warning '$@' target is a noop)
  
  out/Makefile: config.gypi common.gypi node.gyp \
 -	deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
 +	deps/llhttp/llhttp.gyp \
- 	deps/simdutf/simdutf.gyp deps/ada/ada.gyp \
  	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
  	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
-diff --git a/node.gyp b/node.gyp
-index cf52281..c33b57b 100644
---- a/node.gyp
-+++ b/node.gyp
-@@ -430,23 +430,6 @@
-               ],
-             },
-           ],
--         }, {
--           'variables': {
--              'opensslconfig_internal': '<(obj_dir)/deps/openssl/openssl.cnf',
--              'opensslconfig': './deps/openssl/nodejs-openssl.cnf',
--           },
--           'actions': [
--             {
--               'action_name': 'reset_openssl_cnf',
--               'inputs': [ '<(opensslconfig)', ],
--               'outputs': [ '<(opensslconfig_internal)', ],
--               'action': [
--                 '<(python)', 'tools/copyfile.py',
--                 '<(opensslconfig)',
--                 '<(opensslconfig_internal)',
--               ],
--             },
--           ],
-          }],
-       ],
-     }, # node_core_target_name
+ 	$(PYTHON) tools/gyp_node.py -f make
 -- 
-2.41.0
+2.44.0
 

SOURCES/0002-disable-fips-options.patch

@@ -0,0 +1,26 @@
+From b7d979b5f7d28114050d1cdc43f39e6e83bd80d5 Mon Sep 17 00:00:00 2001
+From: Honza Horak <hhorak@redhat.com>
+Date: Thu, 12 Oct 2023 13:52:59 +0200
+Subject: [PATCH] disable fips options
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ src/crypto/crypto_util.cc | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 59ae7f8..7343396 100644
+--- a/src/crypto/crypto_util.cc
++++ b/src/crypto/crypto_util.cc
+@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
+   /* Override FIPS settings in configuration file, if needed. */
+   if (per_process::cli_options->enable_fips_crypto ||
+       per_process::cli_options->force_fips_crypto) {
++      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
++      return false;
+ #if OPENSSL_VERSION_MAJOR >= 3
+     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
+     if (fips_provider == nullptr)
+-- 
+2.44.0
+

SOURCES/0004-Fix-CVE-2024-22019.patch

@@ -0,0 +1,581 @@
+From fb8b050abf63459eb83cad4d4bf695c56db2790a Mon Sep 17 00:00:00 2001
+From: Honza Horak <hhorak@redhat.com>
+Date: Mon, 15 Apr 2024 15:21:35 +0200
+Subject: [PATCH] Fix CVE-2024-22019
+
+Resolves: RHEL-28064
+
+This is a combination of the upstream commit from v18:
+https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171
+
+and necessary rebase of llhttp from 6.0.11 to 6.1.0 that has the needed
+chunk features.
+
+Original patch:
+> From 11bd886e0a4eadd7e55502758fff6486a3fa3a4e Mon Sep 17 00:00:00 2001
+> From: Paolo Insogna <paolo@cowtech.it>
+> Date: Tue, 9 Jan 2024 18:10:04 +0100
+> Subject: [PATCH] http: add maximum chunk extension size
+>
+> Cherry-picked from v18 patch:
+> https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171
+>
+> PR-URL: https://github.com/nodejs-private/node-private/pull/520
+> Refs: https://github.com/nodejs-private/node-private/pull/518
+> CVE-ID: CVE-2024-22019
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ deps/llhttp/.gitignore                        |   1 +
+ deps/llhttp/CMakeLists.txt                    |   2 +-
+ deps/llhttp/include/llhttp.h                  |   7 +-
+ deps/llhttp/src/api.c                         |   7 +
+ deps/llhttp/src/llhttp.c                      | 122 ++++++++++++++--
+ doc/api/errors.md                             |  12 ++
+ lib/_http_server.js                           |   9 ++
+ src/node_http_parser.cc                       |  20 ++-
+ .../test-http-chunk-extensions-limit.js       | 131 ++++++++++++++++++
+ tools/update-llhttp.sh                        |   2 +-
+ 10 files changed, 294 insertions(+), 19 deletions(-)
+ create mode 100644 deps/llhttp/.gitignore
+ create mode 100644 test/parallel/test-http-chunk-extensions-limit.js
+
+diff --git a/deps/llhttp/.gitignore b/deps/llhttp/.gitignore
+new file mode 100644
+index 0000000..98438a2
+--- /dev/null
++++ b/deps/llhttp/.gitignore
+@@ -0,0 +1 @@
++libllhttp.pc
+diff --git a/deps/llhttp/CMakeLists.txt b/deps/llhttp/CMakeLists.txt
+index d038203..747564a 100644
+--- a/deps/llhttp/CMakeLists.txt
++++ b/deps/llhttp/CMakeLists.txt
+@@ -1,7 +1,7 @@
+ cmake_minimum_required(VERSION 3.5.1)
+ cmake_policy(SET CMP0069 NEW)
+ 
+-project(llhttp VERSION 6.0.11)
++project(llhttp VERSION 6.1.0)
+ include(GNUInstallDirs)
+ 
+ set(CMAKE_C_STANDARD 99)
+diff --git a/deps/llhttp/include/llhttp.h b/deps/llhttp/include/llhttp.h
+index 2da66f1..78f27ab 100644
+--- a/deps/llhttp/include/llhttp.h
++++ b/deps/llhttp/include/llhttp.h
+@@ -2,8 +2,8 @@
+ #define INCLUDE_LLHTTP_H_
+ 
+ #define LLHTTP_VERSION_MAJOR 6
+-#define LLHTTP_VERSION_MINOR 0
+-#define LLHTTP_VERSION_PATCH 11
++#define LLHTTP_VERSION_MINOR 1
++#define LLHTTP_VERSION_PATCH 0
+ 
+ #ifndef LLHTTP_STRICT_MODE
+ # define LLHTTP_STRICT_MODE 0
+@@ -348,6 +348,9 @@ struct llhttp_settings_s {
+    */
+   llhttp_cb      on_headers_complete;
+ 
++  /* Possible return values 0, -1, HPE_USER */
++  llhttp_data_cb on_chunk_parameters;
++
+   /* Possible return values 0, -1, HPE_USER */
+   llhttp_data_cb on_body;
+ 
+diff --git a/deps/llhttp/src/api.c b/deps/llhttp/src/api.c
+index c4ce197..d3065b3 100644
+--- a/deps/llhttp/src/api.c
++++ b/deps/llhttp/src/api.c
+@@ -355,6 +355,13 @@ int llhttp__on_chunk_header(llhttp_t* s, const char* p, const char* endp) {
+ }
+ 
+ 
++int llhttp__on_chunk_parameters(llhttp_t* s, const char* p, const char* endp) {
++  int err;
++  SPAN_CALLBACK_MAYBE(s, on_chunk_parameters, p, endp - p);
++  return err;
++}
++
++
+ int llhttp__on_chunk_complete(llhttp_t* s, const char* p, const char* endp) {
+   int err;
+   CALLBACK_MAYBE(s, on_chunk_complete);
+diff --git a/deps/llhttp/src/llhttp.c b/deps/llhttp/src/llhttp.c
+index 5e7c5d1..46f86a0 100644
+--- a/deps/llhttp/src/llhttp.c
++++ b/deps/llhttp/src/llhttp.c
+@@ -340,6 +340,8 @@ enum llparse_state_e {
+   s_n_llhttp__internal__n_invoke_is_equal_content_length,
+   s_n_llhttp__internal__n_chunk_size_almost_done,
+   s_n_llhttp__internal__n_chunk_parameters,
++  s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters,
++  s_n_llhttp__internal__n_chunk_parameters_ows,
+   s_n_llhttp__internal__n_chunk_size_otherwise,
+   s_n_llhttp__internal__n_chunk_size,
+   s_n_llhttp__internal__n_chunk_size_digit,
+@@ -539,6 +541,10 @@ int llhttp__on_body(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+ 
++int llhttp__on_chunk_parameters(
++    llhttp__internal_t* s, const unsigned char* p,
++    const unsigned char* endp);
++
+ int llhttp__on_status(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+@@ -1226,8 +1232,7 @@ static llparse_state_t llhttp__internal__run(
+           goto s_n_llhttp__internal__n_chunk_parameters;
+         }
+         case 2: {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_size_almost_done;
++          goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_10;
+@@ -1236,6 +1241,34 @@ static llparse_state_t llhttp__internal__run(
+       /* UNREACHABLE */;
+       abort();
+     }
++    case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters:
++    s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++      }
++      state->_span_pos0 = (void*) p;
++      state->_span_cb0 = llhttp__on_chunk_parameters;
++      goto s_n_llhttp__internal__n_chunk_parameters;
++      /* UNREACHABLE */;
++      abort();
++    }
++    case s_n_llhttp__internal__n_chunk_parameters_ows:
++    s_n_llhttp__internal__n_chunk_parameters_ows: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_chunk_parameters_ows;
++      }
++      switch (*p) {
++        case ' ': {
++          p++;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
++        }
++        default: {
++          goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++        }
++      }
++      /* UNREACHABLE */;
++      abort();
++    }
+     case s_n_llhttp__internal__n_chunk_size_otherwise:
+     s_n_llhttp__internal__n_chunk_size_otherwise: {
+       if (p == endp) {
+@@ -1246,13 +1279,9 @@ static llparse_state_t llhttp__internal__run(
+           p++;
+           goto s_n_llhttp__internal__n_chunk_size_almost_done;
+         }
+-        case ' ': {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
+-        }
+         case ';': {
+           p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_11;
+@@ -6074,6 +6103,24 @@ static llparse_state_t llhttp__internal__run(
+     /* UNREACHABLE */;
+     abort();
+   }
++  s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: {
++    const unsigned char* start;
++    int err;
++
++    start = state->_span_pos0;
++    state->_span_pos0 = NULL;
++    err = llhttp__on_chunk_parameters(state, start, p);
++    if (err != 0) {
++      state->error = err;
++      state->error_pos = (const char*) (p + 1);
++      state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done;
++      return s_error;
++    }
++    p++;
++    goto s_n_llhttp__internal__n_chunk_size_almost_done;
++    /* UNREACHABLE */;
++    abort();
++  }
+   s_n_llhttp__internal__n_error_10: {
+     state->error = 0x2;
+     state->reason = "Invalid character in chunk parameters";
+@@ -8441,6 +8488,8 @@ enum llparse_state_e {
+   s_n_llhttp__internal__n_invoke_is_equal_content_length,
+   s_n_llhttp__internal__n_chunk_size_almost_done,
+   s_n_llhttp__internal__n_chunk_parameters,
++  s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters,
++  s_n_llhttp__internal__n_chunk_parameters_ows,
+   s_n_llhttp__internal__n_chunk_size_otherwise,
+   s_n_llhttp__internal__n_chunk_size,
+   s_n_llhttp__internal__n_chunk_size_digit,
+@@ -8635,6 +8684,10 @@ int llhttp__on_body(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+ 
++int llhttp__on_chunk_parameters(
++    llhttp__internal_t* s, const unsigned char* p,
++    const unsigned char* endp);
++
+ int llhttp__on_status(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+@@ -9299,8 +9352,7 @@ static llparse_state_t llhttp__internal__run(
+           goto s_n_llhttp__internal__n_chunk_parameters;
+         }
+         case 2: {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_size_almost_done;
++          goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_6;
+@@ -9309,6 +9361,34 @@ static llparse_state_t llhttp__internal__run(
+       /* UNREACHABLE */;
+       abort();
+     }
++    case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters:
++    s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++      }
++      state->_span_pos0 = (void*) p;
++      state->_span_cb0 = llhttp__on_chunk_parameters;
++      goto s_n_llhttp__internal__n_chunk_parameters;
++      /* UNREACHABLE */;
++      abort();
++    }
++    case s_n_llhttp__internal__n_chunk_parameters_ows:
++    s_n_llhttp__internal__n_chunk_parameters_ows: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_chunk_parameters_ows;
++      }
++      switch (*p) {
++        case ' ': {
++          p++;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
++        }
++        default: {
++          goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++        }
++      }
++      /* UNREACHABLE */;
++      abort();
++    }
+     case s_n_llhttp__internal__n_chunk_size_otherwise:
+     s_n_llhttp__internal__n_chunk_size_otherwise: {
+       if (p == endp) {
+@@ -9319,13 +9399,9 @@ static llparse_state_t llhttp__internal__run(
+           p++;
+           goto s_n_llhttp__internal__n_chunk_size_almost_done;
+         }
+-        case ' ': {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
+-        }
+         case ';': {
+           p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_7;
+@@ -13951,6 +14027,24 @@ static llparse_state_t llhttp__internal__run(
+     /* UNREACHABLE */;
+     abort();
+   }
++  s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: {
++    const unsigned char* start;
++    int err;
++
++    start = state->_span_pos0;
++    state->_span_pos0 = NULL;
++    err = llhttp__on_chunk_parameters(state, start, p);
++    if (err != 0) {
++      state->error = err;
++      state->error_pos = (const char*) (p + 1);
++      state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done;
++      return s_error;
++    }
++    p++;
++    goto s_n_llhttp__internal__n_chunk_size_almost_done;
++    /* UNREACHABLE */;
++    abort();
++  }
+   s_n_llhttp__internal__n_error_6: {
+     state->error = 0x2;
+     state->reason = "Invalid character in chunk parameters";
+diff --git a/doc/api/errors.md b/doc/api/errors.md
+index dcf8744..a76bfe5 100644
+--- a/doc/api/errors.md
++++ b/doc/api/errors.md
+@@ -3043,6 +3043,18 @@ malconfigured clients, if more than 8 KiB of HTTP header data is received then
+ HTTP parsing will abort without a request or response object being created, and
+ an `Error` with this code will be emitted.
+ 
++<a id="HPE_CHUNK_EXTENSIONS_OVERFLOW"></a>
++
++### `HPE_CHUNK_EXTENSIONS_OVERFLOW`
++
++<!-- YAML
++added: REPLACEME
++-->
++
++Too much data was received for a chunk extensions. In order to protect against
++malicious or malconfigured clients, if more than 16 KiB of data is received
++then an `Error` with this code will be emitted.
++
+ <a id="HPE_UNEXPECTED_CONTENT_LENGTH"></a>
+ 
+ ### `HPE_UNEXPECTED_CONTENT_LENGTH`
+diff --git a/lib/_http_server.js b/lib/_http_server.js
+index 4e23266..325bce6 100644
+--- a/lib/_http_server.js
++++ b/lib/_http_server.js
+@@ -706,6 +706,12 @@ const requestHeaderFieldsTooLargeResponse = Buffer.from(
+   `HTTP/1.1 431 ${STATUS_CODES[431]}\r\n` +
+   'Connection: close\r\n\r\n', 'ascii'
+ );
++
++const requestChunkExtensionsTooLargeResponse = Buffer.from(
++  `HTTP/1.1 413 ${STATUS_CODES[413]}\r\n` +
++  'Connection: close\r\n\r\n', 'ascii',
++);
++
+ function socketOnError(e) {
+   // Ignore further errors
+   this.removeListener('error', socketOnError);
+@@ -719,6 +725,9 @@ function socketOnError(e) {
+         case 'HPE_HEADER_OVERFLOW':
+           response = requestHeaderFieldsTooLargeResponse;
+           break;
++        case 'HPE_CHUNK_EXTENSIONS_OVERFLOW':
++          response = requestChunkExtensionsTooLargeResponse;
++          break;
+         case 'ERR_HTTP_REQUEST_TIMEOUT':
+           response = requestTimeoutResponse;
+           break;
+diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc
+index 74f3248..b92e848 100644
+--- a/src/node_http_parser.cc
++++ b/src/node_http_parser.cc
+@@ -79,6 +79,8 @@ const uint32_t kOnExecute = 5;
+ const uint32_t kOnTimeout = 6;
+ // Any more fields than this will be flushed into JS
+ const size_t kMaxHeaderFieldsCount = 32;
++// Maximum size of chunk extensions
++const size_t kMaxChunkExtensionsSize = 16384;
+ 
+ const uint32_t kLenientNone = 0;
+ const uint32_t kLenientHeaders = 1 << 0;
+@@ -206,6 +208,7 @@ class Parser : public AsyncWrap, public StreamListener {
+ 
+   int on_message_begin() {
+     num_fields_ = num_values_ = 0;
++    chunk_extensions_nread_ = 0;
+     url_.Reset();
+     status_message_.Reset();
+     header_parsing_start_time_ = uv_hrtime();
+@@ -443,9 +446,22 @@ class Parser : public AsyncWrap, public StreamListener {
+     return 0;
+   }
+ 
+-  // Reset nread for the next chunk
++  int on_chunk_extension(const char* at, size_t length) {
++    chunk_extensions_nread_ += length;
++
++    if (chunk_extensions_nread_ > kMaxChunkExtensionsSize) {
++      llhttp_set_error_reason(&parser_,
++        "HPE_CHUNK_EXTENSIONS_OVERFLOW:Chunk extensions overflow");
++      return HPE_USER;
++    }
++
++    return 0;
++  }
++
++  // Reset nread for the next chunk and also reset the extensions counter
+   int on_chunk_header() {
+     header_nread_ = 0;
++    chunk_extensions_nread_ = 0;
+     return 0;
+   }
+ 
+@@ -887,6 +903,7 @@ class Parser : public AsyncWrap, public StreamListener {
+   const char* current_buffer_data_;
+   bool pending_pause_ = false;
+   uint64_t header_nread_ = 0;
++  uint64_t chunk_extensions_nread_ = 0;
+   uint64_t max_http_header_size_;
+   uint64_t headers_timeout_;
+   uint64_t header_parsing_start_time_ = 0;
+@@ -921,6 +938,7 @@ const llhttp_settings_t Parser::settings = {
+   Proxy<DataCall, &Parser::on_header_field>::Raw,
+   Proxy<DataCall, &Parser::on_header_value>::Raw,
+   Proxy<Call, &Parser::on_headers_complete>::Raw,
++  Proxy<DataCall, &Parser::on_chunk_extension>::Raw,
+   Proxy<DataCall, &Parser::on_body>::Raw,
+   Proxy<Call, &Parser::on_message_complete>::Raw,
+   Proxy<Call, &Parser::on_chunk_header>::Raw,
+diff --git a/test/parallel/test-http-chunk-extensions-limit.js b/test/parallel/test-http-chunk-extensions-limit.js
+new file mode 100644
+index 0000000..6868b3d
+--- /dev/null
++++ b/test/parallel/test-http-chunk-extensions-limit.js
+@@ -0,0 +1,131 @@
++'use strict';
++
++const common = require('../common');
++const http = require('http');
++const net = require('net');
++const assert = require('assert');
++
++// Verify that chunk extensions are limited in size when sent all together.
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'Content-Type': 'text/plain' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let data = '';
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n');
++      server.close();
++    }));
++
++    sock.end('' +
++      'GET / HTTP/1.1\r\n' +
++      'Host: localhost:8080\r\n' +
++      'Transfer-Encoding: chunked\r\n\r\n' +
++      '2;' + 'A'.repeat(20000) + '=bar\r\nAA\r\n' +
++      '0\r\n\r\n'
++    );
++  });
++}
++
++// Verify that chunk extensions are limited in size when sent in intervals.
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'Content-Type': 'text/plain' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let remaining = 20000;
++    let data = '';
++
++    const interval = setInterval(
++      () => {
++        if (remaining > 0) {
++          sock.write('A'.repeat(1000));
++        } else {
++          sock.write('=bar\r\nAA\r\n0\r\n\r\n');
++          clearInterval(interval);
++        }
++
++        remaining -= 1000;
++      },
++      common.platformTimeout(20),
++    ).unref();
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n');
++      server.close();
++    }));
++
++    sock.write('' +
++    'GET / HTTP/1.1\r\n' +
++    'Host: localhost:8080\r\n' +
++    'Transfer-Encoding: chunked\r\n\r\n' +
++    '2;'
++    );
++  });
++}
++
++// Verify the chunk extensions is correctly reset after a chunk
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'content-type': 'text/plain', 'connection': 'close', 'date': 'now' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let data = '';
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(
++        data,
++        'HTTP/1.1 200 OK\r\n' +
++        'content-type: text/plain\r\n' +
++        'connection: close\r\n' +
++        'date: now\r\n' +
++        'Transfer-Encoding: chunked\r\n' +
++        '\r\n' +
++        '3\r\n' +
++        'bye\r\n' +
++        '0\r\n' +
++        '\r\n',
++      );
++
++      server.close();
++    }));
++
++    sock.end('' +
++      'GET / HTTP/1.1\r\n' +
++      'Host: localhost:8080\r\n' +
++      'Transfer-Encoding: chunked\r\n\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '0\r\n\r\n'
++    );
++  });
++}
+diff --git a/tools/update-llhttp.sh b/tools/update-llhttp.sh
+index 12e2f46..a95eef1 100755
+--- a/tools/update-llhttp.sh
++++ b/tools/update-llhttp.sh
+@@ -59,5 +59,5 @@ echo ""
+ echo "Please git add llhttp, commit the new version:"
+ echo ""
+ echo "$ git add -A deps/llhttp"
+-echo "$ git commit -m \"deps: update nghttp2 to $LLHTTP_VERSION\""
++echo "$ git commit -m \"deps: update llhttp to $LLHTTP_VERSION\""
+ echo ""
+-- 
+2.44.0
+

SOURCES/0005-src-ensure-to-close-stream-when-destroying-session.patch

@@ -0,0 +1,42 @@
+From 2df9af7073929ab94b6dda040df08bc3ff7d8ab1 Mon Sep 17 00:00:00 2001
+From: RafaelGSS <rafael.nunu@hotmail.com>
+Date: Tue, 26 Mar 2024 15:55:13 -0300
+Subject: [PATCH] src: ensure to close stream when destroying session
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Co-Authored-By: Anna Henningsen <anna@addaleax.net>
+PR-URL: https://github.com/nodejs-private/node-private/pull/561
+Fixes: https://hackerone.com/reports/2319584
+Reviewed-By: Michael Dawson <midawson@redhat.com>
+Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
+Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
+Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
+CVE-ID: CVE-2024-27983
+Signed-off-by: Jan Staněk <jstanek@redhat.com>
+Signed-off-by: rpm-build <rpm-build>
+---
+ src/node_http2.cc | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/node_http2.cc b/src/node_http2.cc
+index 53216dc..9a6d63d 100644
+--- a/src/node_http2.cc
++++ b/src/node_http2.cc
+@@ -529,6 +529,12 @@ Http2Session::Http2Session(Http2State* http2_state,
+ Http2Session::~Http2Session() {
+   CHECK(!is_in_scope());
+   Debug(this, "freeing nghttp2 session");
++  // Ensure that all `Http2Stream` instances and the memory they hold
++  // on to are destroyed before the nghttp2 session is.
++  for (const auto& [id, stream] : streams_) {
++    stream->Detach();
++  }
++  streams_.clear();
+   // Explicitly reset session_ so the subsequent
+   // current_nghttp2_memory_ check passes.
+   session_.reset();
+-- 
+2.44.0
+

SOURCES/0006-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch

@@ -0,0 +1,112 @@
+From 132ad9e8a8f8e246e59744a7fed995ed396f6cb4 Mon Sep 17 00:00:00 2001
+From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
+Date: Sat, 9 Mar 2024 16:26:42 +0900
+Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Jan Staněk <jstanek@redhat.com>
+Fixes: CVE-2024-28182
+Signed-off-by: rpm-build <rpm-build>
+---
+ deps/nghttp2/lib/includes/nghttp2/nghttp2.h |  7 ++++++-
+ deps/nghttp2/lib/nghttp2_helper.c           |  2 ++
+ deps/nghttp2/lib/nghttp2_session.c          |  7 +++++++
+ deps/nghttp2/lib/nghttp2_session.h          | 10 ++++++++++
+ 4 files changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+index fa22081..b394bde 100644
+--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
++++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+@@ -440,7 +440,12 @@ typedef enum {
+    * exhaustion on server side to send these frames forever and does
+    * not read network.
+    */
+-  NGHTTP2_ERR_FLOODED = -904
++  NGHTTP2_ERR_FLOODED = -904,
++  /**
++   * When a local endpoint receives too many CONTINUATION frames
++   * following a HEADER frame.
++   */
++  NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
+ } nghttp2_error;
+ 
+ /**
+diff --git a/deps/nghttp2/lib/nghttp2_helper.c b/deps/nghttp2/lib/nghttp2_helper.c
+index 93dd475..b3563d9 100644
+--- a/deps/nghttp2/lib/nghttp2_helper.c
++++ b/deps/nghttp2/lib/nghttp2_helper.c
+@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) {
+            "closed";
+   case NGHTTP2_ERR_TOO_MANY_SETTINGS:
+     return "SETTINGS frame contained more than the maximum allowed entries";
++  case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
++    return "Too many CONTINUATION frames following a HEADER frame";
+   default:
+     return "Unknown error code";
+   }
+diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
+index ec5024d..8e4d2e7 100644
+--- a/deps/nghttp2/lib/nghttp2_session.c
++++ b/deps/nghttp2/lib/nghttp2_session.c
+@@ -496,6 +496,7 @@ static int session_new(nghttp2_session **session_ptr,
+   (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
+   (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
+   (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
++  (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
+ 
+   if (option) {
+     if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
+@@ -6778,6 +6779,8 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+           }
+         }
+         session_inbound_frame_reset(session);
++
++        session->num_continuations = 0;
+       }
+       break;
+     }
+@@ -6899,6 +6902,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+       }
+ #endif /* DEBUGBUILD */
+ 
++      if (++session->num_continuations > session->max_continuations) {
++        return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
++      }
++
+       readlen = inbound_frame_buf_read(iframe, in, last);
+       in += readlen;
+ 
+diff --git a/deps/nghttp2/lib/nghttp2_session.h b/deps/nghttp2/lib/nghttp2_session.h
+index b119329..ef8f7b2 100644
+--- a/deps/nghttp2/lib/nghttp2_session.h
++++ b/deps/nghttp2/lib/nghttp2_session.h
+@@ -110,6 +110,10 @@ typedef struct {
+ #define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
+ #define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
+ 
++/* The default max number of CONTINUATION frames following an incoming
++   HEADER frame. */
++#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
++
+ /* Internal state when receiving incoming frame */
+ typedef enum {
+   /* Receiving frame header */
+@@ -290,6 +294,12 @@ struct nghttp2_session {
+   size_t max_send_header_block_length;
+   /* The maximum number of settings accepted per SETTINGS frame. */
+   size_t max_settings;
++  /* The maximum number of CONTINUATION frames following an incoming
++     HEADER frame. */
++  size_t max_continuations;
++  /* The number of CONTINUATION frames following an incoming HEADER
++     frame.  This variable is reset when END_HEADERS flag is seen. */
++  size_t num_continuations;
+   /* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
+   uint32_t next_stream_id;
+   /* The last stream ID this session initiated.  For client session,
+-- 
+2.44.0
+

SOURCES/0007-Add-nghttp2_option_set_max_continuations.patch

@@ -0,0 +1,94 @@
+From 625b03149d2ec68cdbcfe3f2801d6f0420d917cb Mon Sep 17 00:00:00 2001
+From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
+Date: Sat, 9 Mar 2024 16:48:10 +0900
+Subject: [PATCH] Add nghttp2_option_set_max_continuations
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Jan Staněk <jstanek@redhat.com>
+Related: CVE-2024-28182
+Signed-off-by: rpm-build <rpm-build>
+---
+ deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
+ deps/nghttp2/lib/nghttp2_option.c           |  5 +++++
+ deps/nghttp2/lib/nghttp2_option.h           |  5 +++++
+ deps/nghttp2/lib/nghttp2_session.c          |  4 ++++
+ 4 files changed, 25 insertions(+)
+
+diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+index b394bde..4d3339b 100644
+--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
++++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h
+@@ -2778,6 +2778,17 @@ NGHTTP2_EXTERN void
+ nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
+                                            uint64_t burst, uint64_t rate);
+ 
++/**
++ * @function
++ *
++ * This function sets the maximum number of CONTINUATION frames
++ * following an incoming HEADER frame.  If more than those frames are
++ * received, the remote endpoint is considered to be misbehaving and
++ * session will be closed.  The default value is 8.
++ */
++NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
++                                                         size_t val);
++
+ /**
+  * @function
+  *
+diff --git a/deps/nghttp2/lib/nghttp2_option.c b/deps/nghttp2/lib/nghttp2_option.c
+index 43d4e95..53144b9 100644
+--- a/deps/nghttp2/lib/nghttp2_option.c
++++ b/deps/nghttp2/lib/nghttp2_option.c
+@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
+   option->stream_reset_burst = burst;
+   option->stream_reset_rate = rate;
+ }
++
++void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
++  option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
++  option->max_continuations = val;
++}
+diff --git a/deps/nghttp2/lib/nghttp2_option.h b/deps/nghttp2/lib/nghttp2_option.h
+index 2259e18..c89cb97 100644
+--- a/deps/nghttp2/lib/nghttp2_option.h
++++ b/deps/nghttp2/lib/nghttp2_option.h
+@@ -71,6 +71,7 @@ typedef enum {
+   NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
+   NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
+   NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
++  NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
+ } nghttp2_option_flag;
+ 
+ /**
+@@ -98,6 +99,10 @@ struct nghttp2_option {
+    * NGHTTP2_OPT_MAX_SETTINGS
+    */
+   size_t max_settings;
++  /**
++   * NGHTTP2_OPT_MAX_CONTINUATIONS
++   */
++  size_t max_continuations;
+   /**
+    * Bitwise OR of nghttp2_option_flag to determine that which fields
+    * are specified.
+diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c
+index 8e4d2e7..ced7517 100644
+--- a/deps/nghttp2/lib/nghttp2_session.c
++++ b/deps/nghttp2/lib/nghttp2_session.c
+@@ -585,6 +585,10 @@ static int session_new(nghttp2_session **session_ptr,
+                            option->stream_reset_burst,
+                            option->stream_reset_rate);
+     }
++
++    if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
++      (*session_ptr)->max_continuations = option->max_continuations;
++    }
+   }
+ 
+   rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
+-- 
+2.44.0
+

SOURCES/0009-Address-CVE-2024-25629.patch

@@ -0,0 +1,39 @@
+From ec80a9196e2aedfd617d05964725f113000a41ea Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Thu, 22 Feb 2024 16:23:33 -0500
+Subject: [PATCH] Address CVE-2024-25629
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Original commit title: Merge pull request from GHSA-mg26-v6qh-x48q
+
+Signed-off-by: Jan Staněk <jstanek@redhat.com>
+Fixes: CVE-2024-25629
+Signed-off-by: rpm-build <rpm-build>
+---
+ deps/cares/src/lib/ares__read_line.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/deps/cares/src/lib/ares__read_line.c b/deps/cares/src/lib/ares__read_line.c
+index c62ad2a..16627e4 100644
+--- a/deps/cares/src/lib/ares__read_line.c
++++ b/deps/cares/src/lib/ares__read_line.c
+@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
+       if (!fgets(*buf + offset, bytestoread, fp))
+         return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
+       len = offset + strlen(*buf + offset);
++
++      /* Probably means there was an embedded NULL as the first character in
++      * the line, throw away line */
++      if (len == 0) {
++        offset = 0;
++        continue;
++      }
++
+       if ((*buf)[len - 1] == '\n')
+         {
+           (*buf)[len - 1] = 0;
+-- 
+2.44.0
+

SOURCES/nodejs-fips-disable-options.patch

@@ -1,81 +0,0 @@
-From 98738d27288bd9ca634e29181ef665e812e7bbd3 Mon Sep 17 00:00:00 2001
-From: Michael Dawson <midawson@redhat.com>
-Date: Fri, 23 Feb 2024 13:43:56 +0100
-Subject: [PATCH] Disable FIPS options
-
-On RHEL, FIPS should be configured only on system level.
-Additionally, the related options may cause segfault when used on RHEL.
-
-This patch causes the option processing to end sooner
-than the problematic code gets executed.
-Additionally, the JS-level options to mess with FIPS settings
-are similarly disabled.
-
-Upstream report: https://github.com/nodejs/node/pull/48950
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
----
- lib/crypto.js             | 10 ++++++++++
- lib/internal/errors.js    |  6 ++++++
- src/crypto/crypto_util.cc |  2 ++
- 3 files changed, 18 insertions(+)
-
-diff --git a/lib/crypto.js b/lib/crypto.js
-index 41adecc..b2627ac 100644
---- a/lib/crypto.js
-+++ b/lib/crypto.js
-@@ -36,6 +36,9 @@ const {
- assertCrypto();
-
- const {
-+  // RHEL specific error
-+  ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED,
-+
-   ERR_CRYPTO_FIPS_FORCED,
- } = require('internal/errors').codes;
- const constants = internalBinding('constants').crypto;
-@@ -251,6 +254,13 @@ function getFips() {
- }
- 
- function setFips(val) {
-+  // in RHEL FIPS enable/disable should only be done at system level
-+  if (getFips() != val) {
-+    throw new ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED();
-+  } else {
-+    return;
-+  }
-+
-   if (getOptionValue('--force-fips')) {
-     if (val) return;
-     throw new ERR_CRYPTO_FIPS_FORCED();
-diff --git a/lib/internal/errors.js b/lib/internal/errors.js
-index a722360..04d8a53 100644
---- a/lib/internal/errors.js
-+++ b/lib/internal/errors.js
-@@ -1060,6 +1060,12 @@ module.exports = {
- //
- // Note: Node.js specific errors must begin with the prefix ERR_
- 
-+// insert RHEL specific erro
-+E('ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED',
-+  'Cannot set FIPS mode. FIPS should be enabled/disabled at system level. See' +
-+  'https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n',
-+  Error);
-+
- E('ERR_ACCESS_DENIED',
-   'Access to this API has been restricted. Permission: %s',
-   Error);
-diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
-index 5734d8f..ef9d1b1 100644
---- a/src/crypto/crypto_util.cc
-+++ b/src/crypto/crypto_util.cc
-@@ -121,6 +121,8 @@ bool ProcessFipsOptions() {
-   /* Override FIPS settings in configuration file, if needed. */
-   if (per_process::cli_options->enable_fips_crypto ||
-       per_process::cli_options->force_fips_crypto) {
-+      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
-+      return false;
- #if OPENSSL_VERSION_MAJOR >= 3
-     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
-     if (fips_provider == nullptr)
--- 
-2.43.2

SOURCES/nodejs-tarball.sh

@@ -135,109 +135,67 @@ rm -f node-v${version}.tar.gz
 set +e
 
 # Determine the bundled versions of the various packages
-echo "Included software versions"
-echo "-------------------------"
-echo
-echo "Node.js version"
-echo "========================="
-echo "${version}"
-echo
 echo "Bundled software versions"
 echo "-------------------------"
 echo
-echo "libnode shared object version (nodejs_soversion)"
+echo "libnode shared object version"
 echo "========================="
-NODE_SOVERSION=$(grep -oP '(?<=#define NODE_MODULE_VERSION )\d+' node-v${version}/src/node_version.h)
-echo "${NODE_SOVERSION}"
+grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h
 echo
 echo "V8"
 echo "========================="
-V8_MAJOR=$(grep -oP '(?<=#define V8_MAJOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
-V8_MINOR=$(grep -oP '(?<=#define V8_MINOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
-V8_BUILD=$(grep -oP '(?<=#define V8_BUILD_NUMBER )\d+' node-v${version}/deps/v8/include/v8-version.h)
-V8_PATCH=$(grep -oP '(?<=#define V8_PATCH_LEVEL )\d+' node-v${version}/deps/v8/include/v8-version.h)
-echo "${V8_MAJOR}.${V8_MINOR}.${V8_BUILD}.${V8_PATCH}"
+grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
+grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
+grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h
+grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h
 echo
 echo "c-ares"
 echo "========================="
-C_ARES_VERSION=$(grep -oP '(?<=#define ARES_VERSION_STR ).*\"' node-v${version}/deps/cares/include/ares_version.h |sed -e 's/^"//' -e 's/"$//')
-echo $C_ARES_VERSION
+grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h
+grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
+grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
 echo
 echo "llhttp"
 echo "========================="
-LLHTTP_MAJOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MAJOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
-LLHTTP_MINOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MINOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
-LLHTTP_PATCH=$(grep -oP '(?<=#define LLHTTP_VERSION_PATCH )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
-LLHTTP_VERSION="${LLHTTP_MAJOR}.${LLHTTP_MINOR}.${LLHTTP_PATCH}"
-echo $LLHTTP_VERSION
+grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
+grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
+grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
 echo
 echo "libuv"
 echo "========================="
-UV_MAJOR=$(grep -oP '(?<=#define UV_VERSION_MAJOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
-UV_MINOR=$(grep -oP '(?<=#define UV_VERSION_MINOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
-UV_PATCH=$(grep -oP '(?<=#define UV_VERSION_PATCH )\d+' node-v${version}/deps/uv/include/uv/version.h)
-LIBUV_VERSION="${UV_MAJOR}.${UV_MINOR}.${UV_PATCH}"
-echo $LIBUV_VERSION
+grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h
+grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h
+grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h
 echo
 echo "nghttp2"
 echo "========================="
-NGHTTP2_VERSION=$(grep -oP '(?<=#define NGHTTP2_VERSION ).*\"' node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h |sed -e 's/^"//' -e 's/"$//')
-echo $NGHTTP2_VERSION
+grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
 echo
 echo "nghttp3"
 echo "========================="
-NGHTTP3_VERSION=$(grep -oP '(?<=#define NGHTTP3_VERSION ).*\"' node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h |sed -e 's/^"//' -e 's/"$//')
-echo $NGHTTP3_VERSION
+grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
 echo
 echo "ngtcp2"
 echo "========================="
-NGTCP2_VERSION=$(grep -oP '(?<=#define NGTCP2_VERSION ).*\"' node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h |sed -e 's/^"//' -e 's/"$//')
-echo $NGTCP2_VERSION
+grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
 echo
 echo "ICU"
 echo "========================="
-ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g')
-ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g')
-echo "${ICU_MAJOR}.${ICU_MINOR}"
-echo
-echo "simdutf"
-echo "========================="
-SIMDUTF_VERSION=$(grep -oP '(?<=#define SIMDUTF_VERSION ).*\"' node-v${version}/deps/simdutf/simdutf.h |sed -e 's/^"//' -e 's/"$//')
-echo $SIMDUTF_VERSION
-echo
-echo "ada"
-echo "========================="
-ADA_VERSION=$(grep -osP '(?<=#define ADA_VERSION ).*\"' node-v${version}/deps/ada/ada.h |sed -e 's/^"//' -e 's/"$//')
-ADA_VERSION=${ADA_VERSION:-0}
-echo "${ADA_VERSION}"
+grep "url" node-v${version}/tools/icu/current_ver.dep
 echo
 echo "punycode"
 echo "========================="
-PUNYCODE_VERSION=$(grep -oP "'version': '\K[^']+" ./node-v${version}/lib/punycode.js)
-echo $PUNYCODE_VERSION
-echo
-echo "npm"
-echo "========================="
-NPM_VERSION=$(jq -r .version ./node-v${version}/deps/npm/package.json)
-echo $NPM_VERSION
-echo
-echo "corepack"
-echo "========================="
-COREPACK_VERSION=$(jq -r .version ./node-v${version}/deps/corepack/package.json)
-echo $COREPACK_VERSION
+grep "'version'" node-v${version}/lib/punycode.js
 echo
 echo "uvwasi"
 echo "========================="
-UVWASI_MAJOR=$(grep -oP '(?<=#define UVWASI_VERSION_MAJOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
-UVWASI_MINOR=$(grep -oP '(?<=#define UVWASI_VERSION_MINOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
-UVWASI_PATCH=$(grep -oP '(?<=#define UVWASI_VERSION_PATCH )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
-UVWASI_VERSION="${UVWASI_MAJOR}.${UVWASI_MINOR}.${UVWASI_PATCH}"
-echo $UVWASI_VERSION
+grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
+grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
+grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
 echo
-echo "histogram_c"
+echo "npm"
 echo "========================="
-HISTOGRAM_VERSION=$(grep -oP '(?<=#define HDR_HISTOGRAM_VERSION ).*\"' node-v${version}/deps/histogram/include/hdr/hdr_histogram_version.h|sed -e 's/^"//' -e 's/"$//')
-echo $HISTOGRAM_VERSION
+grep "\"version\":" node-v${version}/deps/npm/package.json
 echo
 echo "Make sure these versions match what is in the RPM spec file"