From c76f352fe91fbf21cda8052b643c96b3a9a68459 Mon Sep 17 00:00:00 2001
From: Renbo <rb01097748@alibaba-inc.com>
Date: Wed, 21 Feb 2024 16:58:17 +0800
Subject: [PATCH 1/3] update to nodejs-18.19.0-1.src.rpm

Signed-off-by: Renbo <rb01097748@alibaba-inc.com>
---
 download    |  6 +++---
 nodejs.spec | 48 +++++++++++++++++++++++-------------------------
 2 files changed, 26 insertions(+), 28 deletions(-)

diff --git a/download b/download
index 9d710d1..407af3e 100644
--- a/download
+++ b/download
@@ -1,4 +1,4 @@
-202bcb573b72c91238010bec571db597  cjs-module-lexer-1.2.2.tar.gz
-ae54410d48c20be18ac7474d0dc9c451  node-v18.18.2-stripped.tar.gz
-4a2f048ebe5917a52940738d88396e8e  undici-5.26.3.tar.gz
+08535247571b2a04e00dc1c8bfdc5606  cjs-module-lexer-1.2.2.tar.gz
+c430fc52d7930fe5fa2ff73a087d0a90  node-v18.19.0-stripped.tar.gz
+7c8cec0063a7a8a04aaf5c0ebf5d9f0c  undici-5.26.4.tar.gz
 d80d3731d039b0944b405044dabd5f93  wasi-sdk-11.0-linux.tar.gz
diff --git a/nodejs.spec b/nodejs.spec
index b611871..a05b36a 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -1,4 +1,3 @@
-%define anolis_release .0.1
 %global with_debug 0
 
 # PowerPC, s390x and aarch64 segfault during Debug builds
@@ -42,8 +41,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 18
-%global nodejs_minor 18
-%global nodejs_patch 2
+%global nodejs_minor 19
+%global nodejs_patch 0
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 108
@@ -66,8 +65,7 @@
 %global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
 
 # c-ares - from deps/cares/include/ares_version.h
-# https://github.com/nodejs/node/pull/9332
-%global c_ares_version 1.19.1
+%global c_ares_version 1.20.1
 
 # llhttp - from deps/llhttp/include/llhttp.h
 %global llhttp_version 6.0.11
@@ -115,11 +113,11 @@
 # simduft from deps/simdutf/simdutf.h
 %global simduft_major 3
 %global simduft_minor 2
-%global simduft_patch 14
+%global simduft_patch 18
 %global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch}
 
 # ada from deps/ada/ada.h
-%global ada_version 2.6.0
+%global ada_version 2.7.2
 
 # OpenSSL minimum version
 %global openssl_minimum 1:1.1.1
@@ -134,7 +132,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 9.8.1
+%global npm_version 10.2.3
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -146,7 +144,7 @@
 %global corepack_version 0.10.0
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_version 0.0.18
+%global uvwasi_version 0.0.19
 
 # histogram_c - assumed from timestamps
 %global histogram_version 0.11.8
@@ -154,7 +152,7 @@
 Name: nodejs
 Epoch: %{nodejs_epoch}
 Version: %{nodejs_version}
-Release: %{nodejs_release}%{anolis_release}%{?dist}
+Release: %{nodejs_release}%{?dist}
 Summary: JavaScript runtime
 License: MIT and ASL 2.0 and ISC and BSD
 Group: Development/Languages
@@ -192,10 +190,10 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
 Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
 
 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.26.3.tar.gz
-# Adjustments: rm -f undici-5.26.3/lib/llhttp/llhttp*.wasm
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.26.4.tar.gz
+# Adjustments: rm -f undici-5.26.4/lib/llhttp/llhttp*.wasm
 # Build uses alpine image, see alpine for sources for wasi-sdk
-Source111: undici-5.26.3.tar.gz
+Source111: undici-5.26.4.tar.gz
 
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
@@ -304,9 +302,9 @@ Provides: bundled(ada) = %{ada_version}
 # Make sure we keep NPM up to date when we update Node.js
 %if 0%{?rhel} < 8
 # EPEL doesn't support Recommends, so make it strict
-Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{anolis_release}%{?dist}
+Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
 %else
-Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{anolis_release}%{?dist}
+Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
 %endif
 
 %description
@@ -320,7 +318,7 @@ real-time applications that run across distributed devices.
 %package devel
 Summary: JavaScript runtime - development headers
 Group: Development/Languages
-Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
+Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 Requires: openssl-devel%{?_isa}
 Requires: zlib-devel%{?_isa}
 Requires: brotli-devel%{?_isa}
@@ -336,7 +334,7 @@ Development headers for the Node.js JavaScript runtime.
 
 %package full-i18n
 Summary: Non-English locale data for Node.js
-Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
+Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 
 %description full-i18n
 Optional data files to provide full-icu support for Node.js. Remove this
@@ -347,16 +345,16 @@ package to save space if non-English locales are not needed.
 Summary: Node.js Package Manager
 Epoch: %{npm_epoch}
 Version: %{npm_version}
-Release: %{npm_release}%{anolis_release}%{?dist}
+Release: %{npm_release}%{?dist}
 
 # We used to ship npm separately, but it is so tightly integrated with Node.js
 # (and expected to be present on all Node.js systems) that we ship it bundled
 # now.
 Obsoletes: npm < 0:3.5.4-6
 Provides: npm = %{npm_epoch}:%{npm_version}
-Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
+Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 %if 0%{?fedora} || 0%{?rhel} >= 8
-Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
+Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 %endif
 
 # Do not add epoch to the virtual NPM provides or it will break
@@ -376,8 +374,8 @@ BuildArch: noarch
 # We don't require that the main package be installed to
 # use the docs, but if it is installed, make sure the
 # version always matches
-Conflicts: %{name} > %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
-Conflicts: %{name} < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
+Conflicts: %{name} > %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Conflicts: %{name} < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 
 %description docs
 The API documentation for the Node.js JavaScript runtime.
@@ -733,9 +731,9 @@ end
 
 
 %changelog
-* Mon Oct 23 2023 Bo Liu <liubo03@inspur.com> -1:18.18.2-1.0.1
-- Fixes CVE-2022-25883
-- update requires and recommands (wb-zh951434@alibaba-inc.com)
+* Fri Jan 19 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:18.19.0-1
+- Rebase to version 18.19.0
+- Resolves: RHEL-21439
 
 * Sat Oct 14 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.18.2-1
 - Rebase to 18.18.2 (Security release)
-- 
Gitee


From 60042132ddd29a26c815d247753277161562575d Mon Sep 17 00:00:00 2001
From: Bo Liu <liubo03@inspur.com>
Date: Thu, 28 Sep 2023 11:20:51 +0800
Subject: [PATCH 2/3] Fixes CVE-2022-25883

Signed-off-by: Bo Liu <liubo03@inspur.com>
---
 nodejs.spec | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/nodejs.spec b/nodejs.spec
index a05b36a..17d3c8d 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -1,3 +1,4 @@
+%define anolis_release .0.1
 %global with_debug 0
 
 # PowerPC, s390x and aarch64 segfault during Debug builds
@@ -152,7 +153,7 @@
 Name: nodejs
 Epoch: %{nodejs_epoch}
 Version: %{nodejs_version}
-Release: %{nodejs_release}%{?dist}
+Release: %{nodejs_release}%{anolis_release}%{?dist}
 Summary: JavaScript runtime
 License: MIT and ASL 2.0 and ISC and BSD
 Group: Development/Languages
@@ -731,6 +732,9 @@ end
 
 
 %changelog
+* Wed Feb 21 2024 Bo Liu <liubo03@inspur.com> - 1:18.19.0-1.0.1
+- Fixes CVE-2022-25883
+
 * Fri Jan 19 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:18.19.0-1
 - Rebase to version 18.19.0
 - Resolves: RHEL-21439
-- 
Gitee


From 2407ddb95354a7fd7d86ae06ce5450923c02164c Mon Sep 17 00:00:00 2001
From: Zhao Hang <wb-zh951434@alibaba-inc.com>
Date: Sat, 7 Oct 2023 16:47:43 +0800
Subject: [PATCH 3/3] spec: update requires and recommands

Signed-off-by: Zhao Hang <wb-zh951434@alibaba-inc.com>
---
 nodejs.spec | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/nodejs.spec b/nodejs.spec
index 17d3c8d..ec382d2 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -303,9 +303,9 @@ Provides: bundled(ada) = %{ada_version}
 # Make sure we keep NPM up to date when we update Node.js
 %if 0%{?rhel} < 8
 # EPEL doesn't support Recommends, so make it strict
-Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{anolis_release}%{?dist}
 %else
-Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{anolis_release}%{?dist}
 %endif
 
 %description
@@ -319,7 +319,7 @@ real-time applications that run across distributed devices.
 %package devel
 Summary: JavaScript runtime - development headers
 Group: Development/Languages
-Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
 Requires: openssl-devel%{?_isa}
 Requires: zlib-devel%{?_isa}
 Requires: brotli-devel%{?_isa}
@@ -335,7 +335,7 @@ Development headers for the Node.js JavaScript runtime.
 
 %package full-i18n
 Summary: Non-English locale data for Node.js
-Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
 
 %description full-i18n
 Optional data files to provide full-icu support for Node.js. Remove this
@@ -346,16 +346,16 @@ package to save space if non-English locales are not needed.
 Summary: Node.js Package Manager
 Epoch: %{npm_epoch}
 Version: %{npm_version}
-Release: %{npm_release}%{?dist}
+Release: %{npm_release}%{anolis_release}%{?dist}
 
 # We used to ship npm separately, but it is so tightly integrated with Node.js
 # (and expected to be present on all Node.js systems) that we ship it bundled
 # now.
 Obsoletes: npm < 0:3.5.4-6
 Provides: npm = %{npm_epoch}:%{npm_version}
-Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
 %if 0%{?fedora} || 0%{?rhel} >= 8
-Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
 %endif
 
 # Do not add epoch to the virtual NPM provides or it will break
@@ -375,8 +375,8 @@ BuildArch: noarch
 # We don't require that the main package be installed to
 # use the docs, but if it is installed, make sure the
 # version always matches
-Conflicts: %{name} > %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
-Conflicts: %{name} < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Conflicts: %{name} > %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
+Conflicts: %{name} < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist}
 
 %description docs
 The API documentation for the Node.js JavaScript runtime.
@@ -734,6 +734,7 @@ end
 %changelog
 * Wed Feb 21 2024 Bo Liu <liubo03@inspur.com> - 1:18.19.0-1.0.1
 - Fixes CVE-2022-25883
+- update requires and recommands (wb-zh951434@alibaba-inc.com)
 
 * Fri Jan 19 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:18.19.0-1
 - Rebase to version 18.19.0
-- 
Gitee