diff --git a/0001-Disable-running-gyp-on-shared-deps.patch b/0001-Disable-running-gyp-on-shared-deps.patch index 39eb75f7f5f35ab27dd00a560e8c2400f6b1868c..c506733e85e20ae00f26dfbfb7cb1ee654ece93c 100644 --- a/0001-Disable-running-gyp-on-shared-deps.patch +++ b/0001-Disable-running-gyp-on-shared-deps.patch @@ -1,4 +1,4 @@ -From 2da7f25d9311bdea702b4b435830c02ce78b3ab9 Mon Sep 17 00:00:00 2001 +From 6167666f43da361b2a1eda0a14d42c5b8cb9ae0d Mon Sep 17 00:00:00 2001 From: rpm-build Date: Tue, 30 May 2023 13:12:35 +0200 Subject: [PATCH] Disable running gyp on shared deps @@ -10,10 +10,10 @@ Signed-off-by: rpm-build 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/Makefile b/Makefile -index 7bd80d0..c43a50f 100644 +index 8e09820..fdd951b 100644 --- a/Makefile +++ b/Makefile -@@ -169,7 +169,7 @@ with-code-cache test-code-cache: +@@ -171,7 +171,7 @@ with-code-cache test-code-cache: $(warning '$@' target is a noop) out/Makefile: config.gypi common.gypi node.gyp \ @@ -23,10 +23,10 @@ index 7bd80d0..c43a50f 100644 tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \ tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp diff --git a/node.gyp b/node.gyp -index 4aac640..aa0ba88 100644 +index 33bc7d9..a216c41 100644 --- a/node.gyp +++ b/node.gyp -@@ -775,23 +775,6 @@ +@@ -797,23 +797,6 @@ ], }, ], @@ -51,5 +51,5 @@ index 4aac640..aa0ba88 100644 ], }, # node_core_target_name -- -2.44.0 +2.49.0 diff --git a/0002-Disable-FIPS-options.patch b/0002-Disable-FIPS-options.patch index 31b06345029220ed9b7259053153d5f02e34dd94..379981029e09037af1cefee5a80fffbf02206484 100644 --- a/0002-Disable-FIPS-options.patch +++ b/0002-Disable-FIPS-options.patch @@ -1,4 +1,4 @@ -From 4caaf9c19d3c058f5b89ecd9fc721ee49370651a Mon Sep 17 00:00:00 2001 +From 9ce5049040b915f8274fef3e6a8d7b3833eda6b0 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Fri, 23 Feb 2024 13:43:56 +0100 Subject: [PATCH] Disable FIPS options @@ -50,8 +50,9 @@ index 1216f3a..fbfcb26 100644 if (val) return; throw new ERR_CRYPTO_FIPS_FORCED(); diff --git a/lib/internal/errors.js b/lib/internal/errors.js ---- a/lib/internal/errors.js.patch0002 2024-08-07 15:29:09.366357433 +0200 -+++ b/lib/internal/errors.js 2024-08-07 15:29:14.392366591 +0200 +index c03e285..77830fa 100644 +--- a/lib/internal/errors.js ++++ b/lib/internal/errors.js @@ -1112,6 +1112,12 @@ module.exports = { // // Note: Node.js specific errors must begin with the prefix ERR_ @@ -66,7 +67,7 @@ diff --git a/lib/internal/errors.js b/lib/internal/errors.js function(msg, permission = '', resource = '') { this.permission = permission; diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc -index 5734d8f..ef9d1b1 100644 +index 990638e..51bd1d7 100644 --- a/src/crypto/crypto_util.cc +++ b/src/crypto/crypto_util.cc @@ -121,6 +121,8 @@ bool ProcessFipsOptions() { @@ -79,5 +80,5 @@ index 5734d8f..ef9d1b1 100644 OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips"); if (fips_provider == nullptr) -- -2.44.0 +2.49.0 diff --git a/download b/download index c656319a451aec5029d55cb43c7c6226fbaaf1bc..46cb57e9cf00525fbf4d9b9f13cef4cf491d8207 100644 --- a/download +++ b/download @@ -1,5 +1,5 @@ a8c3ddf6348a0e26abc89fab3b47e2fc cjs-module-lexer-1.4.1.tar.gz -eaa45fd75743508defa527b6410ca747 node-v20.18.2-stripped.tar.gz -38db64331795e5e9208a6f6d75bbe4d2 undici-6.21.1.tar.gz +a8af89213d1b1b73d912a4b89e034392 node-v20.19.1-stripped.tar.gz +aa04c55ac001c9ed4cdb624f3b4b6609 undici-6.21.2.tar.gz 7b6ec4e1c3e39397bdd09087e2437bfd wasi-sdk-wasi-sdk-11.tar.gz 638c8fed7b32bb979c768c310caf4d85 wasi-sdk-wasi-sdk-16.tar.gz diff --git a/icu4c-75_1-src.tgz b/icu4c-76_1-src.tgz similarity index 70% rename from icu4c-75_1-src.tgz rename to icu4c-76_1-src.tgz index d2f1dce0b27ed618e5d4b005c40f987eb36635a1..07043be16bb73c47cd0a5ffaccb73a0dc298d38a 100644 Binary files a/icu4c-75_1-src.tgz and b/icu4c-76_1-src.tgz differ diff --git a/nodejs.spec b/nodejs.spec index 6558ad8708cee08e9b41c44e1ea4d84be8055947..7a2b6ddc9ed42751edabddb6aba6f0cffefb18ef 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -44,8 +44,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 20 -%global nodejs_minor 18 -%global nodejs_patch 2 +%global nodejs_minor 19 +%global nodejs_patch 1 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 115 @@ -70,7 +70,7 @@ # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_version 1.33.1 +%global c_ares_version 1.34.5 # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_version 8.1.2 @@ -82,13 +82,13 @@ %global nghttp2_version 1.61.0 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h -%global nghttp3_version 0.7.0 +%global nghttp3_version 0.11.8 # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h %global ngtcp2_version 1.1.0 # ICU - from tools/icu/current_ver.dep -%global icu_major 75 +%global icu_major 76 %global icu_minor 1 %global icu_version %{icu_major}.%{icu_minor} @@ -182,10 +182,10 @@ Source101: cjs-module-lexer-1.4.1.tar.gz Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v6.21.1.tar.gz -# Adjustments: rm -f undici-6.21.1/lib/llhttp/llhttp*.wasm +# Original: https://github.com/nodejs/undici/archive/refs/tags/v6.21.2.tar.gz +# Adjustments: rm -f undici-6.21.2/lib/llhttp/llhttp*.wasm # wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt -Source111: undici-6.21.1.tar.gz +Source111: undici-6.21.2.tar.gz # The WASM blob was made using wasi-sdk v16; compiler libraries are linked in. # Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt # Also check (undici tarball): lib/llhttp/wasm_build_env.txt @@ -591,69 +591,11 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod # Make sure i18n support is working NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2} - -%pretrans -n npm -p --- Remove all of the symlinks from the bundled npm node_modules directory --- This scriptlet can be removed in Fedora 31 -base_path = "%{_prefix}/lib/node_modules/npm/node_modules/" -d_st = posix.stat(base_path) -if d_st then - for f in posix.files(base_path) do - path = base_path..f - st = posix.stat(path) - if st and st.type == "link" then - os.remove(path) - end - end -end - --- Replace the npm docs directory with a symlink --- Drop this scriptlet when F31 is EOL -path = "%{_prefix}/lib/node_modules/npm/doc" -st = posix.stat(path) -if st and st.type == "directory" then - status = os.rename(path, path .. ".rpmmoved") - if not status then - suffix = 0 - while not status do - suffix = suffix + 1 - status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) - end - os.rename(path, path .. ".rpmmoved") - end -end - --- Replace the npm docs directory with a symlink --- Drop this scriptlet when F31 is EOL -path = "%{_prefix}/lib/node_modules/npm/html" -st = posix.stat(path) -if st and st.type == "directory" then - status = os.rename(path, path .. ".rpmmoved") - if not status then - suffix = 0 - while not status do - suffix = suffix + 1 - status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) - end - os.rename(path, path .. ".rpmmoved") - end -end - --- Replace the npm man directory with a symlink --- Drop this scriptlet when F31 is EOL -path = "%{_prefix}/lib/node_modules/npm/man" -st = posix.stat(path) -if st and st.type == "directory" then - status = os.rename(path, path .. ".rpmmoved") - if not status then - suffix = 0 - while not status do - suffix = suffix + 1 - status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) - end - os.rename(path, path .. ".rpmmoved") - end -end +# Ensure npm's update notifier has been disabled +LD_LIBRARY_PATH=%{buildroot}%{_libdir} \ +%{buildroot}%{_bindir}/node \ +%{buildroot}%{_bindir}/npm \ +--globalconfig=%{buildroot}$(LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}%{_bindir}/node %{buildroot}%{_bindir}/npm config get globalconfig) config ls -l --json | jq -e '.["update-notifier"] == false' %files @@ -725,6 +667,21 @@ end %changelog +* Thu Apr 24 2025 Andrei Radchenko - 1:20.19.1-1 +- Update to version 20.19.1 + Resolves: RHEL-78763 + +* Tue Apr 15 2025 Andrei Radchenko - 1:20.18.2-4 +- Update c-ares to 1.34.5 to address CVE-2025-31498 + +* Thu Mar 20 2025 Andrei Radchenko - 1:20.18.2-3 +- Remove obsolete lua pretransaction script from spec file + Resolves: RHEL-81125 + +* Wed Mar 05 2025 Andrei Radchenko - 1:20.18.2-2 +- Disable npm's update-notifier + Resolves: RHEL-81077 + * Thu Jan 30 2025 Tomáš Juhász - 1:20.18.2-1 - Update to version 20.18.2 Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 diff --git a/npmrc b/npmrc index 50be1d148dc1cb9dd7f10043d60456842d508730..30b238d68f9d32cd2e67996bc0b01ab7416a7d1b 100644 --- a/npmrc +++ b/npmrc @@ -1,2 +1,4 @@ prefix=/usr/local python=/usr/bin/python3 +update-notifier=false +