From 2dd0bf54bbb69aa3d2b834fac7fa3b53f25876d9 Mon Sep 17 00:00:00 2001 From: Renbo Date: Mon, 26 Aug 2024 16:19:28 +0800 Subject: [PATCH 1/2] import nodejs-20.12.2-2.src.rpm Signed-off-by: Renbo --- 0001-Disable-running-gyp-on-shared-deps.patch | 55 + 0002-Disable-FIPS-options.patch | 85 ++ ...ON-frames-following-an-incoming-HEAD.patch | 107 ++ ...nghttp2_option_set_max_continuations.patch | 89 ++ README.md | 11 - btest402.js | 151 +++ download | 6 + nodejs-tarball.sh | 203 +++ nodejs.spec | 1155 +++++++++++++++++ nodejs_native.attr | 2 + npmrc | 2 + npmrc.builtin.in | 5 + 12 files changed, 1860 insertions(+), 11 deletions(-) create mode 100644 0001-Disable-running-gyp-on-shared-deps.patch create mode 100644 0002-Disable-FIPS-options.patch create mode 100644 0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch create mode 100644 0004-Add-nghttp2_option_set_max_continuations.patch delete mode 100644 README.md create mode 100644 btest402.js create mode 100644 download create mode 100755 nodejs-tarball.sh create mode 100644 nodejs.spec create mode 100644 nodejs_native.attr create mode 100644 npmrc create mode 100644 npmrc.builtin.in diff --git a/0001-Disable-running-gyp-on-shared-deps.patch b/0001-Disable-running-gyp-on-shared-deps.patch new file mode 100644 index 0000000..39eb75f --- /dev/null +++ b/0001-Disable-running-gyp-on-shared-deps.patch @@ -0,0 +1,55 @@ +From 2da7f25d9311bdea702b4b435830c02ce78b3ab9 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 30 May 2023 13:12:35 +0200 +Subject: [PATCH] Disable running gyp on shared deps + +Signed-off-by: rpm-build +--- + Makefile | 2 +- + node.gyp | 17 ----------------- + 2 files changed, 1 insertion(+), 18 deletions(-) + +diff --git a/Makefile b/Makefile +index 7bd80d0..c43a50f 100644 +--- a/Makefile ++++ b/Makefile +@@ -169,7 +169,7 @@ with-code-cache test-code-cache: + $(warning '$@' target is a noop) + + out/Makefile: config.gypi common.gypi node.gyp \ +- deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \ ++ deps/llhttp/llhttp.gyp \ + deps/simdutf/simdutf.gyp deps/ada/ada.gyp \ + tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \ + tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp +diff --git a/node.gyp b/node.gyp +index 4aac640..aa0ba88 100644 +--- a/node.gyp ++++ b/node.gyp +@@ -775,23 +775,6 @@ + ], + }, + ], +- }, { +- 'variables': { +- 'opensslconfig_internal': '<(obj_dir)/deps/openssl/openssl.cnf', +- 'opensslconfig': './deps/openssl/nodejs-openssl.cnf', +- }, +- 'actions': [ +- { +- 'action_name': 'reset_openssl_cnf', +- 'inputs': [ '<(opensslconfig)', ], +- 'outputs': [ '<(opensslconfig_internal)', ], +- 'action': [ +- '<(python)', 'tools/copyfile.py', +- '<(opensslconfig)', +- '<(opensslconfig_internal)', +- ], +- }, +- ], + }], + ], + }, # node_core_target_name +-- +2.44.0 + diff --git a/0002-Disable-FIPS-options.patch b/0002-Disable-FIPS-options.patch new file mode 100644 index 0000000..49331ef --- /dev/null +++ b/0002-Disable-FIPS-options.patch @@ -0,0 +1,85 @@ +From 4caaf9c19d3c058f5b89ecd9fc721ee49370651a Mon Sep 17 00:00:00 2001 +From: Michael Dawson +Date: Fri, 23 Feb 2024 13:43:56 +0100 +Subject: [PATCH] Disable FIPS options + +On RHEL, FIPS should be configured only on system level. +Additionally, the related options may cause segfault when used on RHEL. + +This patch causes the option processing to end sooner +than the problematic code gets executed. +Additionally, the JS-level options to mess with FIPS settings +are similarly disabled. + +Upstream report: https://github.com/nodejs/node/pull/48950 +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726 +Customer case: https://access.redhat.com/support/cases/#/case/03711488 + +Signed-off-by: rpm-build +--- + lib/crypto.js | 10 ++++++++++ + lib/internal/errors.js | 6 ++++++ + src/crypto/crypto_util.cc | 2 ++ + 3 files changed, 18 insertions(+) + +diff --git a/lib/crypto.js b/lib/crypto.js +index 1216f3a..fbfcb26 100644 +--- a/lib/crypto.js ++++ b/lib/crypto.js +@@ -36,6 +36,9 @@ const { + assertCrypto(); + + const { ++ // RHEL specific error ++ ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED, ++ + ERR_CRYPTO_FIPS_FORCED, + ERR_WORKER_UNSUPPORTED_OPERATION, + } = require('internal/errors').codes; +@@ -253,6 +256,13 @@ function getFips() { + } + + function setFips(val) { ++ // in RHEL FIPS enable/disable should only be done at system level ++ if (getFips() != val) { ++ throw new ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED(); ++ } else { ++ return; ++ } ++ + if (getOptionValue('--force-fips')) { + if (val) return; + throw new ERR_CRYPTO_FIPS_FORCED(); +diff --git a/lib/internal/errors.js b/lib/internal/errors.js +index def4949..580ca7a 100644 +--- a/lib/internal/errors.js ++++ b/lib/internal/errors.js +@@ -1112,6 +1112,12 @@ module.exports = { + // + // Note: Node.js specific errors must begin with the prefix ERR_ + ++// insert RHEL specific erro ++E('ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED', ++ 'Cannot set FIPS mode. FIPS should be enabled/disabled at system level. See' + ++ 'https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n', ++ Error); ++ + E('ERR_ACCESS_DENIED', + 'Access to this API has been restricted. Permission: %s', + Error); +diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc +index 5734d8f..ef9d1b1 100644 +--- a/src/crypto/crypto_util.cc ++++ b/src/crypto/crypto_util.cc +@@ -121,6 +121,8 @@ bool ProcessFipsOptions() { + /* Override FIPS settings in configuration file, if needed. */ + if (per_process::cli_options->enable_fips_crypto || + per_process::cli_options->force_fips_crypto) { ++ fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n"); ++ return false; + #if OPENSSL_VERSION_MAJOR >= 3 + OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips"); + if (fips_provider == nullptr) +-- +2.44.0 + diff --git a/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch b/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch new file mode 100644 index 0000000..257705d --- /dev/null +++ b/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch @@ -0,0 +1,107 @@ +From d9a06fe94439d9f103aeffe597441c0a2c0a4eb3 Mon Sep 17 00:00:00 2001 +From: Tatsuhiro Tsujikawa +Date: Sat, 9 Mar 2024 16:26:42 +0900 +Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame + +Signed-off-by: rpm-build +--- + deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 7 ++++++- + deps/nghttp2/lib/nghttp2_helper.c | 2 ++ + deps/nghttp2/lib/nghttp2_session.c | 7 +++++++ + deps/nghttp2/lib/nghttp2_session.h | 10 ++++++++++ + 4 files changed, 25 insertions(+), 1 deletion(-) + +diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h +index 8891760..a9629c7 100644 +--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h ++++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h +@@ -466,7 +466,12 @@ typedef enum { + * exhaustion on server side to send these frames forever and does + * not read network. + */ +- NGHTTP2_ERR_FLOODED = -904 ++ NGHTTP2_ERR_FLOODED = -904, ++ /** ++ * When a local endpoint receives too many CONTINUATION frames ++ * following a HEADER frame. ++ */ ++ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905, + } nghttp2_error; + + /** +diff --git a/deps/nghttp2/lib/nghttp2_helper.c b/deps/nghttp2/lib/nghttp2_helper.c +index 93dd475..b3563d9 100644 +--- a/deps/nghttp2/lib/nghttp2_helper.c ++++ b/deps/nghttp2/lib/nghttp2_helper.c +@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) { + "closed"; + case NGHTTP2_ERR_TOO_MANY_SETTINGS: + return "SETTINGS frame contained more than the maximum allowed entries"; ++ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS: ++ return "Too many CONTINUATION frames following a HEADER frame"; + default: + return "Unknown error code"; + } +diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c +index 226cdd5..e343365 100644 +--- a/deps/nghttp2/lib/nghttp2_session.c ++++ b/deps/nghttp2/lib/nghttp2_session.c +@@ -497,6 +497,7 @@ static int session_new(nghttp2_session **session_ptr, + (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN; + (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM; + (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS; ++ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS; + + if (option) { + if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) && +@@ -6812,6 +6813,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, + } + } + session_inbound_frame_reset(session); ++ ++ session->num_continuations = 0; + } + break; + } +@@ -6933,6 +6936,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, + } + #endif /* DEBUGBUILD */ + ++ if (++session->num_continuations > session->max_continuations) { ++ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS; ++ } ++ + readlen = inbound_frame_buf_read(iframe, in, last); + in += readlen; + +diff --git a/deps/nghttp2/lib/nghttp2_session.h b/deps/nghttp2/lib/nghttp2_session.h +index b119329..ef8f7b2 100644 +--- a/deps/nghttp2/lib/nghttp2_session.h ++++ b/deps/nghttp2/lib/nghttp2_session.h +@@ -110,6 +110,10 @@ typedef struct { + #define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000 + #define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33 + ++/* The default max number of CONTINUATION frames following an incoming ++ HEADER frame. */ ++#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8 ++ + /* Internal state when receiving incoming frame */ + typedef enum { + /* Receiving frame header */ +@@ -290,6 +294,12 @@ struct nghttp2_session { + size_t max_send_header_block_length; + /* The maximum number of settings accepted per SETTINGS frame. */ + size_t max_settings; ++ /* The maximum number of CONTINUATION frames following an incoming ++ HEADER frame. */ ++ size_t max_continuations; ++ /* The number of CONTINUATION frames following an incoming HEADER ++ frame. This variable is reset when END_HEADERS flag is seen. */ ++ size_t num_continuations; + /* Next Stream ID. Made unsigned int to detect >= (1 << 31). */ + uint32_t next_stream_id; + /* The last stream ID this session initiated. For client session, +-- +2.44.0 + diff --git a/0004-Add-nghttp2_option_set_max_continuations.patch b/0004-Add-nghttp2_option_set_max_continuations.patch new file mode 100644 index 0000000..87b490f --- /dev/null +++ b/0004-Add-nghttp2_option_set_max_continuations.patch @@ -0,0 +1,89 @@ +From ca0a0b02da4db1d65eca8169c6e27bb635924dfb Mon Sep 17 00:00:00 2001 +From: Tatsuhiro Tsujikawa +Date: Sat, 9 Mar 2024 16:48:10 +0900 +Subject: [PATCH] Add nghttp2_option_set_max_continuations + +Signed-off-by: rpm-build +--- + deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 11 +++++++++++ + deps/nghttp2/lib/nghttp2_option.c | 5 +++++ + deps/nghttp2/lib/nghttp2_option.h | 5 +++++ + deps/nghttp2/lib/nghttp2_session.c | 4 ++++ + 4 files changed, 25 insertions(+) + +diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h +index a9629c7..92c3ccc 100644 +--- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h ++++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h +@@ -3210,6 +3210,17 @@ NGHTTP2_EXTERN void + nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, + uint64_t burst, uint64_t rate); + ++/** ++ * @function ++ * ++ * This function sets the maximum number of CONTINUATION frames ++ * following an incoming HEADER frame. If more than those frames are ++ * received, the remote endpoint is considered to be misbehaving and ++ * session will be closed. The default value is 8. ++ */ ++NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option, ++ size_t val); ++ + /** + * @function + * +diff --git a/deps/nghttp2/lib/nghttp2_option.c b/deps/nghttp2/lib/nghttp2_option.c +index 43d4e95..53144b9 100644 +--- a/deps/nghttp2/lib/nghttp2_option.c ++++ b/deps/nghttp2/lib/nghttp2_option.c +@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, + option->stream_reset_burst = burst; + option->stream_reset_rate = rate; + } ++ ++void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) { ++ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS; ++ option->max_continuations = val; ++} +diff --git a/deps/nghttp2/lib/nghttp2_option.h b/deps/nghttp2/lib/nghttp2_option.h +index 2259e18..c89cb97 100644 +--- a/deps/nghttp2/lib/nghttp2_option.h ++++ b/deps/nghttp2/lib/nghttp2_option.h +@@ -71,6 +71,7 @@ typedef enum { + NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13, + NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14, + NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15, ++ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16, + } nghttp2_option_flag; + + /** +@@ -98,6 +99,10 @@ struct nghttp2_option { + * NGHTTP2_OPT_MAX_SETTINGS + */ + size_t max_settings; ++ /** ++ * NGHTTP2_OPT_MAX_CONTINUATIONS ++ */ ++ size_t max_continuations; + /** + * Bitwise OR of nghttp2_option_flag to determine that which fields + * are specified. +diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c +index e343365..555032d 100644 +--- a/deps/nghttp2/lib/nghttp2_session.c ++++ b/deps/nghttp2/lib/nghttp2_session.c +@@ -586,6 +586,10 @@ static int session_new(nghttp2_session **session_ptr, + option->stream_reset_burst, + option->stream_reset_rate); + } ++ ++ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) { ++ (*session_ptr)->max_continuations = option->max_continuations; ++ } + } + + rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater, +-- +2.44.0 + diff --git a/README.md b/README.md deleted file mode 100644 index 7342728..0000000 --- a/README.md +++ /dev/null @@ -1,11 +0,0 @@ -Anolis OS -======================================= -# 代码仓库说明 -## 分支说明 ->进行代码开发工作时,请注意选择当前版本对应的分支 -* aX分支为对应大版本的主分支,如a8分支对应当前最新版本 -* aX.Y分支为对应小版本的维护分支,如a8.2分支对应8.2版本 -## 开发流程 -1. 首先fork目标分支到自己的namespace -2. 在自己的fork分支上做出修改 -3. 向对应的仓库中提交merge request,源分支为fork分支 diff --git a/btest402.js b/btest402.js new file mode 100644 index 0000000..277319c --- /dev/null +++ b/btest402.js @@ -0,0 +1,151 @@ +// Copyright (C) 2014 IBM Corporation and Others. All Rights Reserved. +// This file is part of the Node.JS ICU enablement work +// https://github.com/joyent/node/pull/7719 +// and is under the same license. +// +// This is a very, very, very basic test of es402 +// +// URL: https://github.com/srl295/btest402 +// Author: Steven R. Loomis +// +// for a complete test, see http://test262.ecmascript.org +// +// Usage: node btest402.js + +try { + console.log("You have console.log."); +} catch(e) { + // this works on d8 + console = { log: print }; + console.log("Now you have console.log."); +} + +function runbtest() { + var summary = {}; + + try { + var i = Intl; + summary.haveIntl = true; + console.log("+ Congrats, you have the Intl object."); + } catch(e) { + console.log("You don't have the Intl object: " + e); + } + + if(summary.haveIntl) { + var locs = [ "en", "mt", "ja","tlh"]; + var d = new Date(196400000); + for ( var n=0; n 0 ) { + lsummary.haveSlo = true; + } + } catch (e) { + console.log("SLO err: " + e); + } + var dstr = "ERR"; + try { + lsummary.dstr = d.toLocaleString(loc,{month: "long",day:"numeric",weekday:"long",year:"numeric"}); + console.log(" date: (supported:"+sl+") " + lsummary.dstr); + } catch (e) { + console.log(" Date Format err: " + e); + } + try { + new Intl.v8BreakIterator(); + console.log(" Intl.v8BreakIterator:" + + Intl.v8BreakIterator.supportedLocalesOf(loc) + " Supported, first()==" + + new Intl.v8BreakIterator(loc).first() ); + lsummary.brkOk = true; + } catch ( e) { + console.log(" Intl.v8BreakIterator error (NOT part of EcmaScript402): " + e); + } + console.log(); + } + } + + // print summary + console.log(); + console.log("--------- Analysis ---------"); + stxt = ""; + if( summary.haveIntl ) { + console.log("* You have the 'Intl' object. Congratulations! You have the possibility of being EcmaScript 402 compliant."); + stxt += "Have Intl, "; + + if ( !summary.en.haveSlo ) { + stxt += "Date:no EN, "; + console.log("* English isn't a supported language by the date formatter. Perhaps the data isn't installed properly?"); + } + if ( !summary.tlh.haveSlo ) { + stxt += "Date:no 'tlh', "; + console.log("* Klingon isn't a supported language by the date formatter. It is without honor!"); + } + // now, what is it actually saying + if( summary.en.dstr.indexOf("1970") == -1) { + stxt += "Date:bad 'en', "; + console.log("* the English date format text looks bad to me. Doesn't even have the year."); + } else { + if( summary.en.dstr.indexOf("Jan") == -1) { + stxt += "Date:bad 'en', "; + console.log("* The English date format text looks bad to me. Doesn't have the right month."); + } + } + + if( summary.mt.dstr == summary.en.dstr ) { + stxt += "Date:'mt'=='en', "; + console.log("* The English and Maltese look the same to me. Probably a 'small' build."); + } else if( summary.mt.dstr.indexOf("1970") == -1) { + stxt += "Date:bad 'mt', "; + console.log("* the Maltese date format text looks bad to me. Doesn't even have the year. (This data is missing from the Chromium ICU build)"); + } else { + if( summary.mt.dstr.indexOf("Jann") == -1) { + stxt += "Date:bad 'mt', "; + console.log("* The Maltese date format text looks bad to me. Doesn't have the right month. (This data is missing from the Chromium ICU build)"); + } + } + + if ( !summary.ja.haveSlo ) { + stxt += "Date:no 'ja', "; + console.log("* Japanese isn't a supported language by the date formatter. Could be a 'small' build."); + } else { + if( summary.ja.dstr.indexOf("1970") == -1) { + stxt += "Date:bad 'ja', "; + console.log("* the Japanese date format text looks bad to me. Doesn't even have the year."); + } else { + if( summary.ja.dstr.indexOf("日") == -1) { + stxt += "Date:bad 'ja', "; + console.log("* The Japanese date format text looks bad to me."); + } + } + } + if ( summary.en.brkOk ) { + stxt += "FYI: v8Brk:have 'en', "; + console.log("* You have Intl.v8BreakIterator support. (Note: not part of ES402.)"); + } + } else { + console.log("* You don't have the 'Intl' object. You aren't EcmaScript 402 compliant."); + stxt += " NO Intl. "; + } + + // 1-liner. + console.log(); + console.log("----------------"); + console.log( "SUMMARY:" + stxt ); +} + +var dorun = true; + +try { + if(btest402_noautorun) { + dorun = false; + } +} catch(e) {} + +if(dorun) { + console.log("Running btest.."); + runbtest(); +} diff --git a/download b/download new file mode 100644 index 0000000..67e329c --- /dev/null +++ b/download @@ -0,0 +1,6 @@ +5808c204e2942e7bf56d6d7971d4f5d4 cjs-module-lexer-1.2.2.tar.gz +ccf2b3d06cd7ac32f629e91f057a7819 node-v20.12.2-stripped.tar.gz +45207dd0ab666159f8b8b9e02532c220 undici-5.28.4.tar.gz +7b6ec4e1c3e39397bdd09087e2437bfd wasi-sdk-wasi-sdk-11.tar.gz +638c8fed7b32bb979c768c310caf4d85 wasi-sdk-wasi-sdk-16.tar.gz +94c0b370f43123ea92b146ebea9c709d icu4c-74_2-src.tgz diff --git a/nodejs-tarball.sh b/nodejs-tarball.sh new file mode 100755 index 0000000..f59d5c2 --- /dev/null +++ b/nodejs-tarball.sh @@ -0,0 +1,203 @@ +#!/bin/sh +# Uses Argbash to generate command argument parsing. To update +# arguments, make sure to call +# `argbash nodejs-tarball.sh -o nodejs-tarball.sh` + +# ARG_POSITIONAL_SINGLE([version],[Node.js release version],[""]) +# ARG_DEFAULTS_POS([]) +# ARG_HELP([Tool to aid in Node.js packaging of new releases]) +# ARGBASH_GO() +# needed because of Argbash --> m4_ignore([ +### START OF CODE GENERATED BY Argbash v2.8.1 one line above ### +# Argbash is a bash code generator used to get arguments parsing right. +# Argbash is FREE SOFTWARE, see https://argbash.io for more info + + +die() +{ + local _ret=$2 + test -n "$_ret" || _ret=1 + test "$_PRINT_HELP" = yes && print_help >&2 + echo "$1" >&2 + exit ${_ret} +} + + +begins_with_short_option() +{ + local first_option all_short_options='h' + first_option="${1:0:1}" + test "$all_short_options" = "${all_short_options/$first_option/}" && return 1 || return 0 +} + +# THE DEFAULTS INITIALIZATION - POSITIONALS +_positionals=() +_arg_version="" +# THE DEFAULTS INITIALIZATION - OPTIONALS + + +print_help() +{ + printf '%s\n' "Tool to aid in Node.js packaging of new releases" + printf 'Usage: %s [-h|--help] []\n' "$0" + printf '\t%s\n' ": Node.js release version (default: '""')" + printf '\t%s\n' "-h, --help: Prints help" +} + + +parse_commandline() +{ + _positionals_count=0 + while test $# -gt 0 + do + _key="$1" + case "$_key" in + -h|--help) + print_help + exit 0 + ;; + -h*) + print_help + exit 0 + ;; + *) + _last_positional="$1" + _positionals+=("$_last_positional") + _positionals_count=$((_positionals_count + 1)) + ;; + esac + shift + done +} + + +handle_passed_args_count() +{ + test "${_positionals_count}" -le 1 || _PRINT_HELP=yes die "FATAL ERROR: There were spurious positional arguments --- we expect between 0 and 1, but got ${_positionals_count} (the last one was: '${_last_positional}')." 1 +} + + +assign_positional_args() +{ + local _positional_name _shift_for=$1 + _positional_names="_arg_version " + + shift "$_shift_for" + for _positional_name in ${_positional_names} + do + test $# -gt 0 || break + eval "$_positional_name=\${1}" || die "Error during argument parsing, possibly an Argbash bug." 1 + shift + done +} + +parse_commandline "$@" +handle_passed_args_count +assign_positional_args 1 "${_positionals[@]}" + +# OTHER STUFF GENERATED BY Argbash + +### END OF CODE GENERATED BY Argbash (sortof) ### ]) +# [ <-- needed because of Argbash + + +set -e + +echo $_arg_version + +if [ x$_arg_version != x ]; then + version=$_arg_version +else + version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1) +fi + +rm -f node-v${version}.tar.gz node-v${version}-stripped.tar.gz +wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz \ + http://nodejs.org/dist/v${version}/SHASUMS256.txt +sha256sum -c SHASUMS256.txt --ignore-missing +tar -zxf node-v${version}.tar.gz +rm -rf node-v${version}/deps/openssl +tar -zcf node-v${version}-stripped.tar.gz node-v${version} + +# Download the matching version of ICU +rm -f icu4c*-src.tgz icu.md5 +ICUMD5=$(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].md5') +wget $(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].url') +ICUTARBALL=$(ls -1 icu4c*-src.tgz) +echo "$ICUMD5 $ICUTARBALL" > icu.md5 +md5sum -c icu.md5 +rm -f icu.md5 SHASUMS256.txt + +#fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz + +rm -f node-v${version}.tar.gz + +set +e + +# Determine the bundled versions of the various packages +echo "Bundled software versions" +echo "-------------------------" +echo +echo "libnode shared object version" +echo "=========================" +grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h +echo +echo "V8" +echo "=========================" +grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h +grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h +grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h +grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h +echo +echo "c-ares" +echo "=========================" +grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h +grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h +grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h +echo +echo "llhttp" +echo "=========================" +grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h +grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h +grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h +echo +echo "libuv" +echo "=========================" +grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h +grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h +grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h +echo +echo "nghttp2" +echo "=========================" +grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h +echo +echo "nghttp3" +echo "=========================" +grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h +echo +echo "ngtcp2" +echo "=========================" +grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h +echo +echo "ICU" +echo "=========================" +grep "url" node-v${version}/tools/icu/current_ver.dep +echo +echo "punycode" +echo "=========================" +grep "'version'" node-v${version}/lib/punycode.js +echo +echo "uvwasi" +echo "=========================" +grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h +grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h +grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h +echo +echo "npm" +echo "=========================" +grep "\"version\":" node-v${version}/deps/npm/package.json +echo +echo "Make sure these versions match what is in the RPM spec file" + +rm -rf node-v${version} +# ] <-- needed because of Argbash diff --git a/nodejs.spec b/nodejs.spec new file mode 100644 index 0000000..f0fd8d1 --- /dev/null +++ b/nodejs.spec @@ -0,0 +1,1155 @@ +%global with_debug 0 + +# PowerPC, s390x and aarch64 segfault during Debug builds +# https://github.com/nodejs/node/issues/20642 +%ifarch %{power64} s390x aarch64 +%global with_debug 0 +%endif + +# The following macros control the usage of dependencies bundled from upstream. +# +# When to use what: +# - Regular (presumably non-modular) build: use neither (the default in Fedora) +# - Early bootstrapping build that is not intended to be shipped: +# use --with=bootstrap; this will bundle deps and add `~bootstrap` release suffix +# - Build with some dependencies not avalaible in necessary versions (i.e. module build): +# use --with=bundled; will bundle deps, but do not add the suffix +# +# create bootstrapping build with bundled deps and extra release suffix +%bcond_with bootstrap +# bundle dependencies that are not available in CentOS +%if %{with bootstrap} +%bcond_without bundled +%else +%bcond_with bundled +%endif + +%bcond_without python3_fixup + +# This macro serves to provide corepack, which is not provided for now, but might be in the future +%bcond_with corepack + +# == Master Relase == +# This is used by both the nodejs package and the npm subpackage that +# has a separate version - the name is special so that rpmdev-bumpspec +# will bump this rather than adding .1 to the end. +%global baserelease 2 + +%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} + +# == Node.js Version == +# Note: Fedora should only ship LTS versions of Node.js (currently expected +# to be major versions with even numbers). The odd-numbered versions are new +# feature releases that are only supported for nine months, which is shorter +# than a Fedora release lifecycle. +%global nodejs_epoch 1 +%global nodejs_major 20 +%global nodejs_minor 12 +%global nodejs_patch 2 +%global nodejs_abi %{nodejs_major}.%{nodejs_minor} +# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h +%global nodejs_soversion 115 +%global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch} +%global nodejs_release %{baserelease} + +%global nodejs_datadir %{_datarootdir}/nodejs + +# == Bundled Dependency Versions == +# v8 - from deps/v8/include/v8-version.h +# Epoch is set to ensure clean upgrades from the old v8 package +%global v8_epoch 2 +%global v8_major 11 +%global v8_minor 3 +%global v8_build 244 +%global v8_patch 8 +# V8 presently breaks ABI at least every x.y release while never bumping SONAME +%global v8_abi %{v8_major}.%{v8_minor} +%global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} +%global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} + +# c-ares - from deps/cares/include/ares_version.h +# https://github.com/nodejs/node/pull/9332 +%global c_ares_version 1.27.0 + +# llhttp - from deps/llhttp/include/llhttp.h +%global llhttp_version 8.1.2 + +# libuv - from deps/uv/include/uv/version.h +%global libuv_version 1.46.0 + +# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h +%global nghttp2_version 1.60.0 + +# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h +%global nghttp3_version 0.7.0 + +# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h +%global ngtcp2_version 0.8.1 + +# ICU - from tools/icu/current_ver.dep +%global icu_major 74 +%global icu_minor 2 +%global icu_version %{icu_major}.%{icu_minor} + +%global icudatadir %{nodejs_datadir}/icudata +%{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")} +# " this line just fixes syntax highlighting for vim that is confused by the above and continues literal + +%global sys_icu_version %(/usr/bin/icu-config --version) + +%if "%{sys_icu_version}" >= "%{icu_version}" +%global bundled_icu 0 +%global icu_flag system-icu +%else +%global bundled_icu 1 +%global icu_flag full-icu +%endif + +# simduft from deps/simdutf/simdutf.h +%global simduft_version 4.0.8 + +# ada from deps/ada/ada.h +%global ada_version 2.7.6 + +# OpenSSL minimum version +%global openssl_minimum 1:1.1.1 + +# punycode - from lib/punycode.js +# Note: this was merged into the mainline since 0.6.x +# Note: this will be unmerged in an upcoming major release +# Note: Marked as pending deprecation since 18.16.0 +%global punycode_version 2.1.0 + +# npm - from deps/npm/package.json +%global npm_epoch 1 +%global npm_version 10.5.0 + +# In order to avoid needing to keep incrementing the release version for the +# main package forever, we will just construct one for npm that is guaranteed +# to increment safely. Changing this can only be done during an update when the +# base npm version number is increasing. +%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} + +# Node.js 16.9.1 and later comes with an experimental package management tool +# corepack - from deps/corepack/package.json +%global corepack_version 0.25.2 + +# uvwasi - from deps/uvwasi/include/uvwasi.h +%global uvwasi_version 0.0.20 + +# histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h +%global histogram_version 0.11.8 + +Name: nodejs +Epoch: %{nodejs_epoch} +Version: %{nodejs_version} +Release: %{nodejs_release}%{?dist} +Summary: JavaScript runtime +License: MIT and ASL 2.0 and ISC and BSD +Group: Development/Languages +URL: http://nodejs.org/ + +ExclusiveArch: %{nodejs_arches} + +# nodejs bundles openssl, but we use the system version in Fedora +# because openssl contains prohibited code, we remove openssl completely from +# the tarball, using the script in Source100 +Source0: node-v%{nodejs_version}-stripped.tar.gz +Source1: npmrc +Source2: btest402.js +Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz +Source100: %{name}-tarball.sh + +# The native module Requires generator remains in the nodejs SRPM, so it knows +# the nodejs and v8 versions. The remainder has migrated to the +# nodejs-packaging SRPM. +Source7: nodejs_native.attr + +# Configure npm to look into /etc for configuration +Source8: npmrc.builtin.in + +# These are full sources for dependencies included as WASM blobs in the source of Node itself. +# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to. +# Recipes for creating these blobs are included in the sources. + +# Version: jq '.version' deps/cjs-module-lexer/package.json +# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz +# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm +Source101: cjs-module-lexer-1.2.2.tar.gz +# The WASM blob was made using wasi-sdk v11; compiler libraries are linked in. +# Version source (cjs-module-lexer tarball): Makefile +Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz + +# Version: jq '.version' deps/undici/src/package.json +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz +# Adjustments: rm -f undici-5.28.4/lib/llhttp/llhttp*.wasm* +Source111: undici-5.28.4.tar.gz +# The WASM blob was made using wasi-sdk v16; compiler libraries are linked in. +# Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt +# Also check (undici tarball): lib/llhttp/wasm_build_env.txt +Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk-wasi-sdk-16.tar.gz + +# Disable running gyp on bundled deps we don't use +Patch1: 0001-Disable-running-gyp-on-shared-deps.patch +Patch2: 0002-Disable-FIPS-options.patch +Patch3: 0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch +Patch4: 0004-Add-nghttp2_option_set_max_continuations.patch + +BuildRequires: make +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-jinja2 +%if !%{with python3_fixup} +BuildRequires: python-unversioned-command +%endif +BuildRequires: zlib-devel +BuildRequires: brotli-devel +BuildRequires: gcc >= 8.3.0 +BuildRequires: gcc-c++ >= 8.3.0 +BuildRequires: jq +# needed to generate bundled provides for npm dependencies +# https://src.fedoraproject.org/rpms/nodejs/pull-request/2 +# https://pagure.io/nodejs-packaging/pull-request/10 +BuildRequires: nodejs-packaging +BuildRequires: chrpath +BuildRequires: libatomic + +%if %{with bundled} +Provides: bundled(libuv) = %{libuv_version} +%else +BuildRequires: libuv-devel >= 1:%{libuv_version} +Requires: libuv >= 1:%{libuv_version} +%endif + +%if %{with bundled} +Provides: bundled(nghttp2) = %{nghttp2_version} +%else +BuildRequires: libnghttp2-devel >= %{nghttp2_version} +Requires: libnghttp2 >= %{nghttp2_version} +%endif + +# Temporarily bundle llhttp because the upstream doesn't +# provide releases for it. +Provides: bundled(llhttp) = %{llhttp_version} +Provides: bundled(nghttp3) = %{nghttp3_version} +Provides: bundled(ngtcp2) = %{ngtcp2_version} + +BuildRequires: openssl-devel >= %{openssl_minimum} +Requires: openssl >= %{openssl_minimum} + +# we need the system certificate store +Requires: ca-certificates + +# Pull in the full-icu data by default +Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release} + +# we need ABI virtual provides where SONAMEs aren't enough/not present so deps +# break when binary compatibility is broken +Provides: nodejs(abi) = %{nodejs_abi} +Provides: nodejs(abi%{nodejs_major}) = %{nodejs_abi} +Provides: nodejs(v8-abi) = %{v8_abi} +Provides: nodejs(v8-abi%{v8_major}) = %{v8_abi} + +# this corresponds to the "engine" requirement in package.json +Provides: nodejs(engine) = %{nodejs_version} + +# Node.js currently has a conflict with the 'node' package in Fedora +# The ham-radio group has agreed to rename their binary for us, but +# in the meantime, we're setting an explicit Conflicts: here +Conflicts: node <= 0.3.2-12 + +# The punycode module was absorbed into the standard library in v0.6. +# It still exists as a seperate package for the benefit of users of older +# versions. Since we've never shipped anything older than v0.10 in Fedora, +# we don't need the seperate nodejs-punycode package, so we Provide it here so +# dependent packages don't need to override the dependency generator. +# See also: RHBZ#11511811 +# UPDATE: punycode will be deprecated and so we should unbundle it in Node v8 +# and use upstream module instead +# https://github.com/nodejs/node/commit/29e49fc286080215031a81effbd59eac092fff2f +Provides: nodejs-punycode = %{punycode_version} +Provides: npm(punycode) = %{punycode_version} + +# Node.js has forked c-ares from upstream in an incompatible way, so we need +# to carry the bundled version internally. +# See https://github.com/nodejs/node/commit/766d063e0578c0f7758c3a965c971763f43fec85 +Provides: bundled(c-ares) = %{c_ares_version} + +# Node.js is closely tied to the version of v8 that is used with it. It makes +# sense to use the bundled version because upstream consistently breaks ABI +# even in point releases. Node.js upstream has now removed the ability to build +# against a shared system version entirely. +# See https://github.com/nodejs/node/commit/d726a177ed59c37cf5306983ed00ecd858cfbbef +Provides: bundled(v8) = %{v8_version} + +# Node.js is bound to a specific version of ICU which may not match the OS +# We cannot pin the OS to this version of ICU because every update includes +# an ABI-break, so we'll use the bundled copy. +Provides: bundled(icu) = %{icu_version} + +# Upstream added new dependencies, but so far they are not available in Fedora +# or there's no option to built it as a shared dependency, so we bundle them +Provides: bundled(uvwasi) = %{uvwasi_version} +Provides: bundled(histogram) = %{histogram_version} +%if %{with corepack} +Provides: bundled(corepack) = %{corepack_version} +%endif +Provides: bundled(simduft) = %{simduft_version} +Provides: bundled(ada) = %{ada_version} + +# Make sure we keep NPM up to date when we update Node.js +%if 0%{?rhel} < 8 +# EPEL doesn't support Recommends, so make it strict +Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} +%else +Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} +%endif + +%description +Node.js is a platform built on Chrome's JavaScript runtime +for easily building fast, scalable network applications. +Node.js uses an event-driven, non-blocking I/O model that +makes it lightweight and efficient, perfect for data-intensive +real-time applications that run across distributed devices. + + +%package devel +Summary: JavaScript runtime - development headers +Group: Development/Languages +Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} +Requires: openssl-devel%{?_isa} +Requires: zlib-devel%{?_isa} +Requires: brotli-devel%{?_isa} +Requires: nodejs-packaging + +%if %{without bundled} +Requires: libuv-devel%{?_isa} +%endif + +%description devel +Development headers for the Node.js JavaScript runtime. + + +%package full-i18n +Summary: Non-English locale data for Node.js +Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} + +%description full-i18n +Optional data files to provide full-icu support for Node.js. Remove this +package to save space if non-English locales are not needed. + + +%package -n npm +Summary: Node.js Package Manager +Epoch: %{npm_epoch} +Version: %{npm_version} +Release: %{npm_release}%{?dist} + +# We used to ship npm separately, but it is so tightly integrated with Node.js +# (and expected to be present on all Node.js systems) that we ship it bundled +# now. +Obsoletes: npm < 0:3.5.4-6 +Provides: npm = %{npm_epoch}:%{npm_version} +Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} +%if 0%{?fedora} || 0%{?rhel} >= 8 +Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} +%endif + +# Do not add epoch to the virtual NPM provides or it will break +# the automatic dependency-generation script. +Provides: npm(npm) = %{npm_version} + +%description -n npm +npm is a package manager for node.js. You can use it to install and publish +your node programs. It manages dependencies and does other cool stuff. + + +%package docs +Summary: Node.js API documentation +Group: Documentation +BuildArch: noarch + +# We don't require that the main package be installed to +# use the docs, but if it is installed, make sure the +# version always matches +Conflicts: %{name} > %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} +Conflicts: %{name} < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} + +%description docs +The API documentation for the Node.js JavaScript runtime. + + +%prep +%autosetup -p1 -n node-v%{nodejs_version} + +# remove bundled dependencies that we aren't building +rm -rf deps/zlib +rm -rf deps/brotli +rm -rf deps/v8/third_party/jinja2 +rm -rf tools/inspector_protocol/jinja2 + +# Replace any instances of unversioned python' with python3 +# check for correct versions of dependencies we are bundling +check_wasm_dep() { + local -r name="$1" source="$2" packagejson="$3" + local -r expected_version="$(jq -r '.version' "${packagejson}")" + + if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then + printf '%s version matches\n' "${name}" >&2 + else + printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2 + return 1 + fi +} + +check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json +check_wasm_dep undici '%{SOURCE111}' deps/undici/src/package.json + +%if %{with python3_fixup} +pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js") +find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \; +find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \; +sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py +sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_test.py +find . -type f -exec sed -i "s~python -c~python3 -c~" {} \; +%endif + +%build +# Decrease debuginfo verbosity to reduce memory consumption during final +# library linking +%global optflags %(echo %{optflags} | sed 's/-g /-g1 /') + +export CC='gcc' +export CXX='g++' +%{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}} + +# build with debugging symbols and add defines from libuv (#892601) +# Node's v8 breaks with GCC 6 because of incorrect usage of methods on +# NULL objects. We need to pass -fno-delete-null-pointer-checks +extra_cflags=( + -D_LARGEFILE_SOURCE + -D_FILE_OFFSET_BITS=64 + -DZLIB_CONST + -fno-delete-null-pointer-checks +) +export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cflags[*]}" +export LDFLAGS="%{build_ldflags}" + +%{__python3} configure.py --prefix=%{_prefix} --verbose \ + --shared-openssl --openssl-conf-name=openssl_conf \ + --shared-zlib \ + --shared-brotli \ + %{!?with_bundled:--shared-libuv} \ + %{!?with_bundled:--shared-nghttp2} \ + --with-intl=small-icu \ + --with-icu-default-data-dir=%{icudatadir} \ + %{!?with_corepack:--without-corepack} \ + --openssl-use-def-ca-store \ + --openssl-default-cipher-list=PROFILE=SYSTEM + +%if %{?with_debug} == 1 +# Setting BUILDTYPE=Debug builds both release and debug binaries +make BUILDTYPE=Debug %{?_smp_mflags} +%else +make BUILDTYPE=Release %{?_smp_mflags} +%endif + +# Extract the ICU data and convert it to the appropriate endianness +pushd deps/ +tar xfz %{SOURCE3} + +pushd icu/source + +mkdir -p converted +%if 0%{?little_endian} +# The little endian data file is included in the ICU sources +install -Dpm0644 data/in/icudt%{icu_major}l.dat converted/ + +%else +# For the time being, we need to build ICU and use the included `icupkg` tool +# to convert the little endian data file into a big-endian one. +# At some point in the future, ICU releases will start including both data +# files and we should switch to those. +mkdir -p data/out/tmp + +%configure +%make_build + +icu_root=$(pwd) +LD_LIBRARY_PATH=./lib ./bin/icupkg -tb data/in/icudt%{icu_major}l.dat \ + converted/icudt%{icu_major}b.dat +%endif + +popd # icu/source +popd # deps + + +%install +rm -rf %{buildroot} + +./tools/install.py install --dest-dir=%{buildroot} --prefix=%{_prefix} + +# Set the binary permissions properly +chmod 0755 %{buildroot}/%{_bindir}/node +chrpath --delete %{buildroot}%{_bindir}/node + +%if %{?with_debug} == 1 +# Install the debug binary and set its permissions +install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g +%endif + +# own the sitelib directory +mkdir -p %{buildroot}%{_prefix}/lib/node_modules + +# ensure Requires are added to every native module that match the Provides from +# the nodejs build in the buildroot +install -Dpm0644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/fileattrs/nodejs_native.attr +cat << EOF > %{buildroot}%{_rpmconfigdir}/nodejs_native.req +#!/bin/sh +echo 'nodejs(abi%{nodejs_major}) >= %nodejs_abi' +echo 'nodejs(v8-abi%{v8_major}) >= %v8_abi' +EOF +chmod 0755 %{buildroot}%{_rpmconfigdir}/nodejs_native.req + +# install documentation +mkdir -p %{buildroot}%{_pkgdocdir}/html +cp -pr doc/* %{buildroot}%{_pkgdocdir}/html +rm -f %{buildroot}%{_pkgdocdir}/html/nodejs.1 + +# node-gyp needs common.gypi too +mkdir -p %{buildroot}%{_datadir}/node +cp -p common.gypi %{buildroot}%{_datadir}/node + +# Install the GDB init tool into the documentation directory +mv %{buildroot}/%{_datadir}/doc/node/gdbinit %{buildroot}/%{_pkgdocdir}/gdbinit + +# install NPM docs to mandir +mkdir -p %{buildroot}%{_mandir} \ + %{buildroot}%{_pkgdocdir}/npm + +cp -pr deps/npm/man/* %{buildroot}%{_mandir}/ +rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man +ln -sf %{_mandir} %{buildroot}%{_prefix}/lib/node_modules/npm/man + +# Install Gatsby HTML documentation to %%{_pkgdocdir} +cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/ +rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs + +ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs + +# Node tries to install some python files into a documentation directory +# (and not the proper one). Remove them for now until we figure out what to +# do with them. +rm -f %{buildroot}/%{_defaultdocdir}/node/lldb_commands.py \ + %{buildroot}/%{_defaultdocdir}/node/lldbinit + +# Some NPM bundled deps are executable but should not be. This causes +# unnecessary automatic dependencies to be added. Make them not executable. +# Skip the npm bin directory or the npm binary will not work. +find %{buildroot}%{_prefix}/lib/node_modules/npm \ + -not -path "%{buildroot}%{_prefix}/lib/node_modules/npm/bin/*" \ + -executable -type f \ + -exec chmod -x {} \; + +# The above command is a little overzealous. Add a few permissions back. +chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp +chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js + +%if %{with corepack} +# Corepack contains a number of executable"shims", including some for Windows +# PowerShell. Drop the executable bit for those so we don't pick up an +# automatic dependency on /usr/bin/pwsh that we cannot satisfy. +chmod -x %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/*.ps1 +%endif + +# Drop the NPM builtin configuration in place +sed -e 's#@SYSCONFDIR@#%{_sysconfdir}#g' \ + %{SOURCE8} > %{buildroot}%{_prefix}/lib/node_modules/npm/npmrc + +# Drop the NPM default configuration in place +mkdir -p %{buildroot}%{_sysconfdir} +cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc + +# Install the full-icu data files +install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/* + + +%check +# Fail the build if the versions don't match +%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')" +%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')" +%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')" + +# Ensure we have punycode and that the version matches +%{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')" + +# Ensure we have npm and that the version matches +# NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')" +NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')" + +# Make sure i18n support is working +NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2} + + +%pretrans -n npm -p +-- Remove all of the symlinks from the bundled npm node_modules directory +-- This scriptlet can be removed in Fedora 31 +base_path = "%{_prefix}/lib/node_modules/npm/node_modules/" +d_st = posix.stat(base_path) +if d_st then + for f in posix.files(base_path) do + path = base_path..f + st = posix.stat(path) + if st and st.type == "link" then + os.remove(path) + end + end +end + +-- Replace the npm docs directory with a symlink +-- Drop this scriptlet when F31 is EOL +path = "%{_prefix}/lib/node_modules/npm/doc" +st = posix.stat(path) +if st and st.type == "directory" then + status = os.rename(path, path .. ".rpmmoved") + if not status then + suffix = 0 + while not status do + suffix = suffix + 1 + status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) + end + os.rename(path, path .. ".rpmmoved") + end +end + +-- Replace the npm docs directory with a symlink +-- Drop this scriptlet when F31 is EOL +path = "%{_prefix}/lib/node_modules/npm/html" +st = posix.stat(path) +if st and st.type == "directory" then + status = os.rename(path, path .. ".rpmmoved") + if not status then + suffix = 0 + while not status do + suffix = suffix + 1 + status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) + end + os.rename(path, path .. ".rpmmoved") + end +end + +-- Replace the npm man directory with a symlink +-- Drop this scriptlet when F31 is EOL +path = "%{_prefix}/lib/node_modules/npm/man" +st = posix.stat(path) +if st and st.type == "directory" then + status = os.rename(path, path .. ".rpmmoved") + if not status then + suffix = 0 + while not status do + suffix = suffix + 1 + status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) + end + os.rename(path, path .. ".rpmmoved") + end +end + + +%files +%{_bindir}/node +%dir %{_prefix}/lib/node_modules +%dir %{_datadir}/node + +%if %{with corepack} +# corepack +%{_bindir}/corepack +%{_prefix}/lib/node_modules/corepack +%endif + +%{_rpmconfigdir}/fileattrs/nodejs_native.attr +%{_rpmconfigdir}/nodejs_native.req +%license LICENSE +%doc CHANGELOG.md onboarding.md GOVERNANCE.md README.md +%doc %{_mandir}/man1/node.1* + + +%files devel +%if %{?with_debug} == 1 +%{_bindir}/node_g +%endif +%{_includedir}/node +%{_datadir}/node/common.gypi +%{_pkgdocdir}/gdbinit + + +%files full-i18n +%dir %{icudatadir} +%{icudatadir}/icudt%{icu_major}*.dat + + +%files -n npm +%{_bindir}/npm +%{_bindir}/npx +%{_prefix}/lib/node_modules/npm +%config(noreplace) %{_sysconfdir}/npmrc +%ghost %{_sysconfdir}/npmignore +%doc %{_mandir}/man1/npm*.1* +%doc %{_mandir}/man1/npx.1* +%doc %{_mandir}/man5/folders.5* +%doc %{_mandir}/man5/install.5* +%doc %{_mandir}/man5/npmrc.5* +%doc %{_mandir}/man5/package-json.5* +%doc %{_mandir}/man5/package-lock-json.5* +%doc %{_mandir}/man5/npm-shrinkwrap-json.5* +%doc %{_mandir}/man5/npm-global.5.* +%doc %{_mandir}/man5/npm-json.5.* +%doc %{_mandir}/man7/config.7* +%doc %{_mandir}/man7/dependency-selectors.7* +%doc %{_mandir}/man7/developers.7* +%doc %{_mandir}/man7/logging.7* +%doc %{_mandir}/man7/orgs.7* +%doc %{_mandir}/man7/package-spec.7* +%doc %{_mandir}/man7/registry.7* +%doc %{_mandir}/man7/removal.7* +%doc %{_mandir}/man7/scope.7* +%doc %{_mandir}/man7/scripts.7* +%doc %{_mandir}/man7/workspaces.7* + + +%files docs +%doc doc +%dir %{_pkgdocdir} +%{_pkgdocdir}/html +%{_pkgdocdir}/npm/docs + + +%changelog +* Tue Apr 16 2024 Jan Staněk - 1:20.12.2-2 +- Backport nghttp2 patch for CVE-2024-28182 + +* Tue Apr 16 2024 Jan Staněk - 1:20.12.2-1 +- Rebase to version 20.12.0 + Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) + Fixes: CVE-2024-25629 (c-ares) + +* Wed Feb 21 2024 Lukas Javorsky - 1:20.11.1-1 +- Rebase to version 20.11.1 +- Resolves: RHEL-26017 RHEL-26266 RHEL-26685 RHEL-26686 RHEL-26004 RHEL-26596 RHEL-26688 + +* Fri Jan 19 2024 Lukas Javorsky - 1:20.11.0-1 +- Rebase to version 20.11.0 +- Resolves: RHEL-21435 + +* Thu Nov 09 2023 Zuzana Svetlikova - 1:20.9.0-1 +- Rebase to LTS +- Resolves: RHEL-16159 + +* Wed Oct 18 2023 Zuzana Svetlikova - 1:20.8.1-1 +- Update node and nghttp +- Add fips patch +- Fixes CVE-2023-44487 (nghttp) +- Fixes CVE-2023-45143, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333 + +* Thu Aug 10 2023 Zuzana Svetlikova - 1:20.5.1-1 +- Rebase to new security release +- Address CVE-2023-32002, CVE-2023-32004, CVE-2023-32558 (high) +- Address CVE-2023-32006, CVE-2023-32559 (medium) +- Address CVE-2023-32005, CVE-2023-32003 (low) +- Resolves: #2186718 +- Resolves RHELPLAN-155624 + +* Thu Jul 27 2023 Zuzana Svetlikova - 1:20.5.0-1 +- Update to v20.5.0 +- Remove dtrace support +- bcond corepack, so we don't provide it by default +- Decrease debuginfo verbosity for all arches +- Resolves: #2186718 +- Resolves RHELPLAN-155624 + +* Wed Jul 12 2023 Jan Staněk - 1:18.16.1-1 +- Rebase to 18.16.1 + Resolves: rhbz#2188290 rhbz#2166926 + Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 +- Replace /usr/etc/npmrc symlink with builtin configuration + Resolves: rhbz#2222287 + +* Tue May 30 2023 Jan Staněk - 1:18.14.2-3 +- Update bundled c-ares to 1.19.1 + Resolves: CVE-2022-4904 + Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 + +* Tue Mar 21 2023 Zuzana Svetlikova - 1:18.14.2-2 +- Provide simduft + +* Tue Mar 21 2023 Zuzana Svetlikova - 1:18.14.2-1 +- Rebase to 18.14.2 +- Resolves: #2178086 +- Resolves: CVE-2022-25881, CVE-2023-23936, CVE-2023-24807 +- Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 + +* Fri Nov 18 2022 Jan Staněk - 1:18.12.1-2 +- Update version of bundled histogram + +* Wed Nov 09 2022 Jan Staněk - 1:18.12.1-1 +- Rebase to version 18.12.1 + Resolves: rhbz#2125580 CVE-2022-43548 CVE-2022-3517 + +* Tue Sep 27 2022 Jan Staněk - 1:18.9.1-1 +- Rebase to version 18.9.1 + Resolves: CVE-2022-35255 CVE-2022-35256 + +* Fri Aug 26 2022 Jan Staněk - 1:18.8.0-1 +- Rebase to version 18.8.0 +- Include sources for WASM blobs + +* Fri Jul 15 2022 Jan Staněk - 1:18.6.0-1 +- Rebase to version 18.6.0 + Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 + Resolves: CVE-2022-29244 + +* Tue May 31 2022 Jan Staněk - 1:18.2.0-1 +- Rebase to version 18.2.0 + +* Mon Apr 25 2022 Jan Staněk - 1:16.14.0-5 +- Unify configure calls into single command +- Refactor bootstrap-related parts +- Decouple dependency bundling from bootstrapping + +* Mon Apr 11 2022 Zuzana Svetlikova - 1:16.14.0-4 +- Apply lock file validation fixes +- Resolves: CVE-2021-43616 +- Resolves: RHBZ#2070013 + +* Mon Dec 06 2021 Zuzana Svetlikova - 1:16.13.1-3 +- Resolves: RHBZ#2026329 +- Add corepack to spec + +* Mon Dec 06 2021 Zuzana Svetlikova - 1:16.13.1-2 +- Resolves: RHBZ#2026329 +- Update npm version test + +* Thu Dec 02 2021 Zuzana Svetlikova - 1:16.13.1-1 +- Resolves: RHBZ#2014132, RHBZ#2014126, RHBZ#2013828, RHBZ#2024920 +- Resolves: RHBZ#2026329 +- Rebase to LTS release and to fix multiple low and medium CVEs + +* Mon Sep 13 2021 Zuzana Svetlikova - 1:16.8.0-1 +- Resolves CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712 +- Resolves: RHBZ#1993948, RHBZ#1993941, RHBZ#2000151, RHBZ#2002176 + +* Mon Aug 30 2021 Zuzana Svetlikova - 1:16.7.0-2 +- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, +- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 +- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810 +- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963 +- fix python3 in gyp + +* Wed Aug 18 2021 Zuzana Svetlikova - 1:16.7.0-1 +- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, +- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 +- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810 +- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963 + +* Fri Jul 09 2021 Zuzana Svetlikova - 1:16.4.2-1 +- Resolves: RHBZ#1979847 +- Resolves CVE-2021-22918(libuv) +- Use system cipher list(1842826, 1952915) + +* Tue May 11 2021 Zuzana Svetlikova - 1:16.1.0-1 +- Resolves: RHBZ#1953991 +- Rebase to v16.x +- Update version of gcc and gcc-c++ needed +- Remove libs conditionals +- Remove unused patches +- Bundle nghttp3 and ngtcp2 + +* Mon Mar 01 2021 Zuzana Svetlikova - 1:14.16.0-2 +- Resolves RHBZ#1930775 +- remove --debug-nghttp2 option + +* Mon Mar 01 2021 Zuzana Svetlikova - 1:14.16.0-1 +- Resolves CVE-2021-22883 CVE-2021-22884 +- Resolves: RHBZ#1934566, RHBZ#1934599 +- Rebase, remove ini patch + +* Tue Jan 26 2021 Zuzana Svetlikova - 1:14.15.4-2 +- Add patch for yarn crash +- Resolves: RHBZ#1915296 + +* Tue Jan 19 2021 Zuzana Svetlikova - 1:14.15.4-1 +- Security rebase to 14.15.4 +- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/ +- Resolves: RHBZ#1913001, RHBZ#1912953 +- Resolves: RHBZ#1912636, RHBZ#1898602, RHBZ#1898768, RHBZ#1893987, RHBZ#1893184 + +* Thu Oct 29 2020 Zuzana Svetlikova - 1:14.15.0-1 +- Resolves: RHBZ#1858864 +- Update to LTS release + +* Mon Sep 21 2020 Jan Staněk - 1:14.11.0-1 +- Security update to 14.11.0 + +* Wed Jun 03 2020 Zuzana Svetlikova - 1:14.4.0-1 +- Security update to 14.4.0 +- Resolves: RHBZ#1815402 + +* Thu May 21 2020 Zuzana Svetlikova - 1:14.3.0-1 +- Update to 14.3.0 +- Fix optflags to save memory +- Resolves: RHBZ#1815402 + +* Wed May 06 2020 Zuzana Svetlikova - 1:14.2.0-1 +- Update to 14.2.0 +- build with python3 only +- some clean up + +* Tue Mar 17 2020 Zuzana Svetlikova - 1:12.16.1-2 +- Fix CVE-2020-10531 + +* Thu Feb 20 2020 Zuzana Svetlikova - 1:12.16.1-1 +- Rebase to 12.16.1 + +* Wed Jan 15 2020 Jan Staněk - 1:12.14.1-1 +- Rebase to 12.14.1 + +* Fri Nov 29 2019 Zuzana Svetlikova - 1:12.13.1-1 +- Resolves: RHBZ# 1773503, update to 12.13.1 +- minor clean up and sync with Fedora spec +- turn off debug builds + +* Thu Aug 01 2019 Zuzana Svetlikova - 1:12.4.0-2 +- Add condition to libs + +* Wed Jun 12 2019 Zuzana Svetlikova - 1:12.4.0-1 +- Update to v12.x +- Add v8-devel and libs subpackages from fedora + +* Thu Mar 14 2019 Zuzana Svetlikova - 1:10.14.1-2 +- move nodejs-packaging BR out of conditional + +* Tue Dec 11 2018 Zuzana Svetlikova - 1:10.14.1-1 +- Resolves RHBZ#1644207 +- fixes node-gyp permissions +- rebase + +* Thu Oct 11 2018 Jan Staněk - 1:10.11.0-2 +- BuildRequire nodejs-packaging for proper npm dependency generation +- Resolves: rhbz#1615947 + +* Mon Oct 08 2018 Jan Staněk - 1:10.11.0-1 +- Rebase to 10.11.0 +- Import changes from fedora +- Resolves: rhbz#1621766 + +* Mon Jul 30 2018 Zuzana Svetlikova - 1:10.7.0-5 +- Import sources from fedora +- Allow using python2 at %%build and %%install +- turn off debug for aarch64 + +* Fri Jul 20 2018 Stephen Gallagher - 1:10.7.0-4 +- Fix npm upgrade scriptlet +- Fix unexpected trailing .1 in npm release field + +* Fri Jul 20 2018 Stephen Gallagher - 1:10.7.0-3 +- Restore annotations to binaries +- Fix unexpected trailing .1 in release field + +* Thu Jul 19 2018 Stephen Gallagher - 1:10.7.0-2 +- Update to 10.7.0 +- https://nodejs.org/en/blog/release/v10.7.0/ +- https://nodejs.org/en/blog/release/v10.6.0/ + +* Fri Jul 13 2018 Fedora Release Engineering - 1:10.5.0-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Jun 21 2018 Stephen Gallagher - 1:10.5.0-1 +- Update to 10.5.0 +- https://nodejs.org/en/blog/release/v10.5.0/ + +* Thu Jun 14 2018 Stephen Gallagher - 1:10.4.1-1 +- Update to 10.4.1 to address security issues +- https://nodejs.org/en/blog/release/v10.4.1/ +- Resolves: rhbz#1590801 +- Resolves: rhbz#1591014 +- Resolves: rhbz#1591019 + +* Thu Jun 07 2018 Stephen Gallagher - 1:10.4.0-1 +- Update to 10.4.0 +- https://nodejs.org/en/blog/release/v10.4.0/ + +* Wed May 30 2018 Stephen Gallagher - 1:10.3.0-1 +- Update to 10.3.0 +- Update npm to 6.1.0 +- https://nodejs.org/en/blog/release/v10.3.0/ + +* Tue May 29 2018 Stephen Gallagher - 1:10.2.1-2 +- Fix up bare 'python' to be python2 +- Drop redundant entry in docs section + +* Fri May 25 2018 Stephen Gallagher - 1:10.2.1-1 +- Update to 10.2.1 +- https://nodejs.org/en/blog/release/v10.2.1/ + +* Wed May 23 2018 Stephen Gallagher - 1:10.2.0-1 +- Update to 10.2.0 +- https://nodejs.org/en/blog/release/v10.2.0/ + +* Thu May 10 2018 Stephen Gallagher - 1:10.1.0-3 +- Fix incorrect rpm macro + +* Thu May 10 2018 Stephen Gallagher - 1:10.1.0-2 +- Include upstream v8 fix for ppc64[le] +- Disable debug build on ppc64[le] and s390x + +* Wed May 09 2018 Stephen Gallagher - 1:10.1.0-1 +- Update to 10.1.0 +- https://nodejs.org/en/blog/release/v10.1.0/ +- Reenable node_g binary + +* Thu Apr 26 2018 Stephen Gallagher - 1:10.0.0-1 +- Update to 10.0.0 +- https://nodejs.org/en/blog/release/v10.0.0/ +- Drop workaround patch +- Temporarily drop node_g binary due to + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587 + +* Fri Apr 13 2018 Rafael dos Santos - 1:9.11.1-2 +- Use standard Fedora linker flags (bug #1543859) + +* Thu Apr 05 2018 Stephen Gallagher - 1:9.11.1-1 +- Update to 9.11.1 +- https://nodejs.org/en/blog/release/v9.11.0/ +- https://nodejs.org/en/blog/release/v9.11.1/ + +* Wed Mar 28 2018 Stephen Gallagher - 1:9.10.0-1 +- Update to 9.10.0 +- https://nodejs.org/en/blog/release/v9.10.0/ + +* Wed Mar 21 2018 Stephen Gallagher - 1:9.9.0-1 +- Update to 9.9.0 +- https://nodejs.org/en/blog/release/v9.9.0/ + +* Thu Mar 08 2018 Stephen Gallagher - 1:9.8.0-1 +- Update to 9.8.0 +- https://nodejs.org/en/blog/release/v9.8.0/ + +* Thu Mar 01 2018 Stephen Gallagher - 1:9.7.0-1 +- Update to 9.7.0 +- https://nodejs.org/en/blog/release/v9.7.0/ +- Work around F28 build issue + +* Sun Feb 25 2018 Stephen Gallagher - 1:9.6.1-1 +- Update to 9.6.1 +- https://nodejs.org/en/blog/release/v9.6.1/ +- https://nodejs.org/en/blog/release/v9.6.0/ + +* Mon Feb 05 2018 Stephen Gallagher - 1:9.5.0-1 +- Package Node.js 9.5.0 + +* Thu Jan 11 2018 Stephen Gallagher - 1:8.9.4-2 +- Fix incorrect Requires: + +* Thu Jan 11 2018 Stephen Gallagher - 1:8.9.4-1 +- Update to 8.9.4 +- https://nodejs.org/en/blog/release/v8.9.4/ +- Switch to system copy of nghttp2 + +* Fri Dec 08 2017 Stephen Gallagher - 1:8.9.3-2 +- Update to 8.9.3 +- https://nodejs.org/en/blog/release/v8.9.3/ +- https://nodejs.org/en/blog/release/v8.9.2/ + +* Thu Nov 30 2017 Pete Walter - 1:8.9.1-2 +- Rebuild for ICU 60.1 + +* Thu Nov 09 2017 Zuzana Svetlikova - 1:8.9.1-1 +- Update to 8.9.1 + +* Tue Oct 31 2017 Stephen Gallagher - 1:8.9.0-1 +- Update to 8.9.0 +- Drop upstreamed patch + +* Thu Oct 26 2017 Stephen Gallagher - 1:8.8.1-1 +- Update to 8.8.1 to fix a regression + +* Wed Oct 25 2017 Zuzana Svetlikova - 1:8.8.0-1 +- Security update to 8.8.0 +- https://nodejs.org/en/blog/release/v8.8.0/ + +* Sun Oct 15 2017 Zuzana Svetlikova - 1:8.7.0-1 +- Update to 8.7.0 +- https://nodejs.org/en/blog/release/v8.7.0/ + +* Fri Oct 06 2017 Zuzana Svetlikova - 1:8.6.0-2 +- Use bcond macro instead of bootstrap conditional + +* Wed Sep 27 2017 Zuzana Svetlikova - 1:8.6.0-1 +- Fix nghttp2 version +- Update to 8.6.0 +- https://nodejs.org/en/blog/release/v8.6.0/ + +* Wed Sep 20 2017 Zuzana Svetlikova - 1:8.5.0-3 +- Build with bootstrap + bundle libuv for modularity +- backport patch for aarch64 debug build + +* Wed Sep 13 2017 Stephen Gallagher - 1:8.5.0-2 +- Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395 + +* Tue Sep 12 2017 Stephen Gallagher - 1:8.5.0-1 +- Update to v8.5.0 +- https://nodejs.org/en/blog/release/v8.5.0/ + +* Thu Sep 07 2017 Zuzana Svetlikova - 1:8.4.0-2 +- Refactor openssl BR + +* Wed Aug 16 2017 Zuzana Svetlikova - 1:8.4.0-1 +- Update to v8.4.0 +- https://nodejs.org/en/blog/release/v8.4.0/ +- http2 is now supported, add bundled nghttp2 +- remove openssl 1.0.1 patches, we won't be using them in fedora + +* Thu Aug 10 2017 Zuzana Svetlikova - 1:8.3.0-1 +- Update to v8.3.0 +- https://nodejs.org/en/blog/release/v8.3.0/ +- update V8 to 6.0 +- update minimal gcc and g++ requirements to 4.9.4 + +* Wed Aug 09 2017 Tom Hughes - 1:8.2.1-2 +- Bump release to fix broken dependencies + +* Thu Aug 03 2017 Fedora Release Engineering - 1:8.2.1-1.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1:8.2.1-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Jul 21 2017 Stephen Gallagher - 1:8.2.1-1 +- Update to v8.2.1 +- https://nodejs.org/en/blog/release/v8.2.1/ + +* Thu Jul 20 2017 Stephen Gallagher - 1:8.2.0-1 +- Update to v8.2.0 +- https://nodejs.org/en/blog/release/v8.2.0/ +- Update npm to 5.3.0 +- Adds npx command + +* Tue Jul 18 2017 Igor Gnatenko - 1:8.1.4-3 +- s/BuildRequires/Requires/ for http-parser-devel%%{?_isa} + +* Mon Jul 17 2017 Zuzana Svetlikova - 1:8.1.4-2 +- Rename python-devel to python2-devel +- own %%{_pkgdocdir}/npm + +* Tue Jul 11 2017 Stephen Gallagher - 1:8.1.4-1 +- Update to v8.1.4 +- https://nodejs.org/en/blog/release/v8.1.4/ +- Drop upstreamed c-ares patch + +* Thu Jun 29 2017 Zuzana Svetlikova - 1:8.1.3-1 +- Update to v8.1.3 +- https://nodejs.org/en/blog/release/v8.1.3/ + +* Wed Jun 28 2017 Zuzana Svetlikova - 1:8.1.2-1 +- Update to v8.1.2 +- remove GCC 7 patch, as it is now fixed in node >= 6.12 + diff --git a/nodejs_native.attr b/nodejs_native.attr new file mode 100644 index 0000000..0527af6 --- /dev/null +++ b/nodejs_native.attr @@ -0,0 +1,2 @@ +%__nodejs_native_requires %{_rpmconfigdir}/nodejs_native.req +%__nodejs_native_path ^/usr/lib.*/node_modules/.*\\.node$ diff --git a/npmrc b/npmrc new file mode 100644 index 0000000..50be1d1 --- /dev/null +++ b/npmrc @@ -0,0 +1,2 @@ +prefix=/usr/local +python=/usr/bin/python3 diff --git a/npmrc.builtin.in b/npmrc.builtin.in new file mode 100644 index 0000000..739a57d --- /dev/null +++ b/npmrc.builtin.in @@ -0,0 +1,5 @@ +# This is the distibution-level configuration file for npm. +# To configure NPM on a system level, use the globalconfig below (defaults to @SYSCONFDIR@/npmrc). +# vim:set filetype=dosini: + +globalconfig=@SYSCONFDIR@/npmrc -- Gitee From 04d03b784856c1300f632c83234200df35e351dd Mon Sep 17 00:00:00 2001 From: Renbo Date: Tue, 27 Aug 2024 10:25:54 +0800 Subject: [PATCH 2/2] update to nodejs-20.16.0-1.src.rpm Signed-off-by: Renbo --- ...-arm64-cross-compilation-bug-on-non-.patch | 57 ++++++++++ 0002-Disable-FIPS-options.patch | 10 +- ...ON-frames-following-an-incoming-HEAD.patch | 107 ------------------ ...nghttp2_option_set_max_continuations.patch | 89 --------------- download | 6 +- nodejs-tarball.sh | 92 +++++++++++---- nodejs.spec | 49 ++++---- 7 files changed, 158 insertions(+), 252 deletions(-) create mode 100644 0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch delete mode 100644 0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch delete mode 100644 0004-Add-nghttp2_option_set_max_continuations.patch diff --git a/0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch b/0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch new file mode 100644 index 0000000..0b1dec3 --- /dev/null +++ b/0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch @@ -0,0 +1,57 @@ +gcc available in RHEL-8 does not know -mbranch-protection option and since +it was introduced for cross-compilation purposes in nodejs upstream, it seems +to be save to revert the upstream patch. + +Revert "build: fix arm64 cross-compilation bug on non-arm machines" +This reverts upstream commit 6826bbf26755b144a478e51fd0a7dc83aa0c65b8. + +Revert "build: fix arm64 cross-compilation" +This reverts upstream commit 297368a1edc48d2bedc58c75f1857276bdcdd578. +--- + configure.py | 2 ++ + node.gyp | 15 --------------- + 2 files changed, 2 insertions(+), 15 deletions(-) + +diff --git a/configure.py b/configure.py +index f189ba2bf09..9b2d993bb32 100755 +--- a/configure.py ++++ b/configure.py +@@ -1344,7 +1344,9 @@ def configure_node(o): + + o['variables']['want_separate_host_toolset'] = int(cross_compiling) + ++ # Enable branch protection for arm64 + if target_arch == 'arm64': ++ o['cflags']+=['-msign-return-address=all'] + o['variables']['arm_fpu'] = options.arm_fpu or 'neon' + + if options.node_snapshot_main is not None: +diff --git a/node.gyp b/node.gyp +index ff59af6ff76..7d9ec812917 100644 +--- a/node.gyp ++++ b/node.gyp +@@ -468,21 +468,6 @@ + }, + + 'conditions': [ +- # Pointer authentication for ARM64. +- ['target_arch=="arm64"', { +- 'target_conditions': [ +- ['_toolset=="host"', { +- 'conditions': [ +- ['host_arch=="arm64"', { +- 'cflags': ['-mbranch-protection=standard'], +- }], +- ], +- }], +- ['_toolset=="target"', { +- 'cflags': ['-mbranch-protection=standard'], +- }], +- ], +- }], + ['OS in "aix os400"', { + 'ldflags': [ + '-Wl,-bnoerrmsg', +-- +2.45.2 + diff --git a/0002-Disable-FIPS-options.patch b/0002-Disable-FIPS-options.patch index 49331ef..31b0634 100644 --- a/0002-Disable-FIPS-options.patch +++ b/0002-Disable-FIPS-options.patch @@ -13,7 +13,6 @@ are similarly disabled. Upstream report: https://github.com/nodejs/node/pull/48950 RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726 -Customer case: https://access.redhat.com/support/cases/#/case/03711488 Signed-off-by: rpm-build --- @@ -51,9 +50,8 @@ index 1216f3a..fbfcb26 100644 if (val) return; throw new ERR_CRYPTO_FIPS_FORCED(); diff --git a/lib/internal/errors.js b/lib/internal/errors.js -index def4949..580ca7a 100644 ---- a/lib/internal/errors.js -+++ b/lib/internal/errors.js +--- a/lib/internal/errors.js.patch0002 2024-08-07 15:29:09.366357433 +0200 ++++ b/lib/internal/errors.js 2024-08-07 15:29:14.392366591 +0200 @@ -1112,6 +1112,12 @@ module.exports = { // // Note: Node.js specific errors must begin with the prefix ERR_ @@ -65,8 +63,8 @@ index def4949..580ca7a 100644 + Error); + E('ERR_ACCESS_DENIED', - 'Access to this API has been restricted. Permission: %s', - Error); + function(msg, permission = '', resource = '') { + this.permission = permission; diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc index 5734d8f..ef9d1b1 100644 --- a/src/crypto/crypto_util.cc diff --git a/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch b/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch deleted file mode 100644 index 257705d..0000000 --- a/0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch +++ /dev/null @@ -1,107 +0,0 @@ -From d9a06fe94439d9f103aeffe597441c0a2c0a4eb3 Mon Sep 17 00:00:00 2001 -From: Tatsuhiro Tsujikawa -Date: Sat, 9 Mar 2024 16:26:42 +0900 -Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame - -Signed-off-by: rpm-build ---- - deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 7 ++++++- - deps/nghttp2/lib/nghttp2_helper.c | 2 ++ - deps/nghttp2/lib/nghttp2_session.c | 7 +++++++ - deps/nghttp2/lib/nghttp2_session.h | 10 ++++++++++ - 4 files changed, 25 insertions(+), 1 deletion(-) - -diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -index 8891760..a9629c7 100644 ---- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -@@ -466,7 +466,12 @@ typedef enum { - * exhaustion on server side to send these frames forever and does - * not read network. - */ -- NGHTTP2_ERR_FLOODED = -904 -+ NGHTTP2_ERR_FLOODED = -904, -+ /** -+ * When a local endpoint receives too many CONTINUATION frames -+ * following a HEADER frame. -+ */ -+ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905, - } nghttp2_error; - - /** -diff --git a/deps/nghttp2/lib/nghttp2_helper.c b/deps/nghttp2/lib/nghttp2_helper.c -index 93dd475..b3563d9 100644 ---- a/deps/nghttp2/lib/nghttp2_helper.c -+++ b/deps/nghttp2/lib/nghttp2_helper.c -@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) { - "closed"; - case NGHTTP2_ERR_TOO_MANY_SETTINGS: - return "SETTINGS frame contained more than the maximum allowed entries"; -+ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS: -+ return "Too many CONTINUATION frames following a HEADER frame"; - default: - return "Unknown error code"; - } -diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c -index 226cdd5..e343365 100644 ---- a/deps/nghttp2/lib/nghttp2_session.c -+++ b/deps/nghttp2/lib/nghttp2_session.c -@@ -497,6 +497,7 @@ static int session_new(nghttp2_session **session_ptr, - (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN; - (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM; - (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS; -+ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS; - - if (option) { - if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) && -@@ -6812,6 +6813,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - } - } - session_inbound_frame_reset(session); -+ -+ session->num_continuations = 0; - } - break; - } -@@ -6933,6 +6936,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, - } - #endif /* DEBUGBUILD */ - -+ if (++session->num_continuations > session->max_continuations) { -+ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS; -+ } -+ - readlen = inbound_frame_buf_read(iframe, in, last); - in += readlen; - -diff --git a/deps/nghttp2/lib/nghttp2_session.h b/deps/nghttp2/lib/nghttp2_session.h -index b119329..ef8f7b2 100644 ---- a/deps/nghttp2/lib/nghttp2_session.h -+++ b/deps/nghttp2/lib/nghttp2_session.h -@@ -110,6 +110,10 @@ typedef struct { - #define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000 - #define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33 - -+/* The default max number of CONTINUATION frames following an incoming -+ HEADER frame. */ -+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8 -+ - /* Internal state when receiving incoming frame */ - typedef enum { - /* Receiving frame header */ -@@ -290,6 +294,12 @@ struct nghttp2_session { - size_t max_send_header_block_length; - /* The maximum number of settings accepted per SETTINGS frame. */ - size_t max_settings; -+ /* The maximum number of CONTINUATION frames following an incoming -+ HEADER frame. */ -+ size_t max_continuations; -+ /* The number of CONTINUATION frames following an incoming HEADER -+ frame. This variable is reset when END_HEADERS flag is seen. */ -+ size_t num_continuations; - /* Next Stream ID. Made unsigned int to detect >= (1 << 31). */ - uint32_t next_stream_id; - /* The last stream ID this session initiated. For client session, --- -2.44.0 - diff --git a/0004-Add-nghttp2_option_set_max_continuations.patch b/0004-Add-nghttp2_option_set_max_continuations.patch deleted file mode 100644 index 87b490f..0000000 --- a/0004-Add-nghttp2_option_set_max_continuations.patch +++ /dev/null @@ -1,89 +0,0 @@ -From ca0a0b02da4db1d65eca8169c6e27bb635924dfb Mon Sep 17 00:00:00 2001 -From: Tatsuhiro Tsujikawa -Date: Sat, 9 Mar 2024 16:48:10 +0900 -Subject: [PATCH] Add nghttp2_option_set_max_continuations - -Signed-off-by: rpm-build ---- - deps/nghttp2/lib/includes/nghttp2/nghttp2.h | 11 +++++++++++ - deps/nghttp2/lib/nghttp2_option.c | 5 +++++ - deps/nghttp2/lib/nghttp2_option.h | 5 +++++ - deps/nghttp2/lib/nghttp2_session.c | 4 ++++ - 4 files changed, 25 insertions(+) - -diff --git a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -index a9629c7..92c3ccc 100644 ---- a/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -+++ b/deps/nghttp2/lib/includes/nghttp2/nghttp2.h -@@ -3210,6 +3210,17 @@ NGHTTP2_EXTERN void - nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, - uint64_t burst, uint64_t rate); - -+/** -+ * @function -+ * -+ * This function sets the maximum number of CONTINUATION frames -+ * following an incoming HEADER frame. If more than those frames are -+ * received, the remote endpoint is considered to be misbehaving and -+ * session will be closed. The default value is 8. -+ */ -+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option, -+ size_t val); -+ - /** - * @function - * -diff --git a/deps/nghttp2/lib/nghttp2_option.c b/deps/nghttp2/lib/nghttp2_option.c -index 43d4e95..53144b9 100644 ---- a/deps/nghttp2/lib/nghttp2_option.c -+++ b/deps/nghttp2/lib/nghttp2_option.c -@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, - option->stream_reset_burst = burst; - option->stream_reset_rate = rate; - } -+ -+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) { -+ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS; -+ option->max_continuations = val; -+} -diff --git a/deps/nghttp2/lib/nghttp2_option.h b/deps/nghttp2/lib/nghttp2_option.h -index 2259e18..c89cb97 100644 ---- a/deps/nghttp2/lib/nghttp2_option.h -+++ b/deps/nghttp2/lib/nghttp2_option.h -@@ -71,6 +71,7 @@ typedef enum { - NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13, - NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14, - NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15, -+ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16, - } nghttp2_option_flag; - - /** -@@ -98,6 +99,10 @@ struct nghttp2_option { - * NGHTTP2_OPT_MAX_SETTINGS - */ - size_t max_settings; -+ /** -+ * NGHTTP2_OPT_MAX_CONTINUATIONS -+ */ -+ size_t max_continuations; - /** - * Bitwise OR of nghttp2_option_flag to determine that which fields - * are specified. -diff --git a/deps/nghttp2/lib/nghttp2_session.c b/deps/nghttp2/lib/nghttp2_session.c -index e343365..555032d 100644 ---- a/deps/nghttp2/lib/nghttp2_session.c -+++ b/deps/nghttp2/lib/nghttp2_session.c -@@ -586,6 +586,10 @@ static int session_new(nghttp2_session **session_ptr, - option->stream_reset_burst, - option->stream_reset_rate); - } -+ -+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) { -+ (*session_ptr)->max_continuations = option->max_continuations; -+ } - } - - rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater, --- -2.44.0 - diff --git a/download b/download index 67e329c..a19ca0b 100644 --- a/download +++ b/download @@ -1,6 +1,6 @@ 5808c204e2942e7bf56d6d7971d4f5d4 cjs-module-lexer-1.2.2.tar.gz -ccf2b3d06cd7ac32f629e91f057a7819 node-v20.12.2-stripped.tar.gz -45207dd0ab666159f8b8b9e02532c220 undici-5.28.4.tar.gz +ed994212457a1297c963d0588a1adaac node-v20.16.0-stripped.tar.gz +6e9c6776bbc8354941a77b8520dca4f9 undici-6.19.2.tar.gz 7b6ec4e1c3e39397bdd09087e2437bfd wasi-sdk-wasi-sdk-11.tar.gz 638c8fed7b32bb979c768c310caf4d85 wasi-sdk-wasi-sdk-16.tar.gz -94c0b370f43123ea92b146ebea9c709d icu4c-74_2-src.tgz +a83c1499e508f73ddbc60002f84ea42a icu4c-75_1-src.tgz diff --git a/nodejs-tarball.sh b/nodejs-tarball.sh index f59d5c2..66f5ca2 100755 --- a/nodejs-tarball.sh +++ b/nodejs-tarball.sh @@ -135,67 +135,109 @@ rm -f node-v${version}.tar.gz set +e # Determine the bundled versions of the various packages +echo "Included software versions" +echo "-------------------------" +echo +echo "Node.js version" +echo "=========================" +echo "${version}" +echo echo "Bundled software versions" echo "-------------------------" echo -echo "libnode shared object version" +echo "libnode shared object version (nodejs_soversion)" echo "=========================" -grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h +NODE_SOVERSION=$(grep -oP '(?<=#define NODE_MODULE_VERSION )\d+' node-v${version}/src/node_version.h) +echo "${NODE_SOVERSION}" echo echo "V8" echo "=========================" -grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h -grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h -grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h -grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h +V8_MAJOR=$(grep -oP '(?<=#define V8_MAJOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h) +V8_MINOR=$(grep -oP '(?<=#define V8_MINOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h) +V8_BUILD=$(grep -oP '(?<=#define V8_BUILD_NUMBER )\d+' node-v${version}/deps/v8/include/v8-version.h) +V8_PATCH=$(grep -oP '(?<=#define V8_PATCH_LEVEL )\d+' node-v${version}/deps/v8/include/v8-version.h) +echo "${V8_MAJOR}.${V8_MINOR}.${V8_BUILD}.${V8_PATCH}" echo echo "c-ares" echo "=========================" -grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h -grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h -grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h +C_ARES_VERSION=$(grep -oP '(?<=#define ARES_VERSION_STR ).*\"' node-v${version}/deps/cares/include/ares_version.h |sed -e 's/^"//' -e 's/"$//') +echo $C_ARES_VERSION echo echo "llhttp" echo "=========================" -grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h -grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h -grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h +LLHTTP_MAJOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MAJOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h) +LLHTTP_MINOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MINOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h) +LLHTTP_PATCH=$(grep -oP '(?<=#define LLHTTP_VERSION_PATCH )\d+' node-v${version}/deps/llhttp/include/llhttp.h) +LLHTTP_VERSION="${LLHTTP_MAJOR}.${LLHTTP_MINOR}.${LLHTTP_PATCH}" +echo $LLHTTP_VERSION echo echo "libuv" echo "=========================" -grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h -grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h -grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h +UV_MAJOR=$(grep -oP '(?<=#define UV_VERSION_MAJOR )\d+' node-v${version}/deps/uv/include/uv/version.h) +UV_MINOR=$(grep -oP '(?<=#define UV_VERSION_MINOR )\d+' node-v${version}/deps/uv/include/uv/version.h) +UV_PATCH=$(grep -oP '(?<=#define UV_VERSION_PATCH )\d+' node-v${version}/deps/uv/include/uv/version.h) +LIBUV_VERSION="${UV_MAJOR}.${UV_MINOR}.${UV_PATCH}" +echo $LIBUV_VERSION echo echo "nghttp2" echo "=========================" -grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h +NGHTTP2_VERSION=$(grep -oP '(?<=#define NGHTTP2_VERSION ).*\"' node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h |sed -e 's/^"//' -e 's/"$//') +echo $NGHTTP2_VERSION echo echo "nghttp3" echo "=========================" -grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h +NGHTTP3_VERSION=$(grep -oP '(?<=#define NGHTTP3_VERSION ).*\"' node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h |sed -e 's/^"//' -e 's/"$//') +echo $NGHTTP3_VERSION echo echo "ngtcp2" echo "=========================" -grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h +NGTCP2_VERSION=$(grep -oP '(?<=#define NGTCP2_VERSION ).*\"' node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h |sed -e 's/^"//' -e 's/"$//') +echo $NGTCP2_VERSION echo echo "ICU" echo "=========================" -grep "url" node-v${version}/tools/icu/current_ver.dep +ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g') +ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g') +echo "${ICU_MAJOR}.${ICU_MINOR}" +echo +echo "simdutf" +echo "=========================" +SIMDUTF_VERSION=$(grep -oP '(?<=#define SIMDUTF_VERSION ).*\"' node-v${version}/deps/simdutf/simdutf.h |sed -e 's/^"//' -e 's/"$//') +echo $SIMDUTF_VERSION +echo +echo "ada" +echo "=========================" +ADA_VERSION=$(grep -osP '(?<=#define ADA_VERSION ).*\"' node-v${version}/deps/ada/ada.h |sed -e 's/^"//' -e 's/"$//') +ADA_VERSION=${ADA_VERSION:-0} +echo "${ADA_VERSION}" echo echo "punycode" echo "=========================" -grep "'version'" node-v${version}/lib/punycode.js +PUNYCODE_VERSION=$(grep -oP "'version': '\K[^']+" ./node-v${version}/lib/punycode.js) +echo $PUNYCODE_VERSION +echo +echo "npm" +echo "=========================" +NPM_VERSION=$(jq -r .version ./node-v${version}/deps/npm/package.json) +echo $NPM_VERSION +echo +echo "corepack" +echo "=========================" +COREPACK_VERSION=$(jq -r .version ./node-v${version}/deps/corepack/package.json) +echo $COREPACK_VERSION echo echo "uvwasi" echo "=========================" -grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h -grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h -grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h +UVWASI_MAJOR=$(grep -oP '(?<=#define UVWASI_VERSION_MAJOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h) +UVWASI_MINOR=$(grep -oP '(?<=#define UVWASI_VERSION_MINOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h) +UVWASI_PATCH=$(grep -oP '(?<=#define UVWASI_VERSION_PATCH )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h) +UVWASI_VERSION="${UVWASI_MAJOR}.${UVWASI_MINOR}.${UVWASI_PATCH}" +echo $UVWASI_VERSION echo -echo "npm" +echo "histogram_c" echo "=========================" -grep "\"version\":" node-v${version}/deps/npm/package.json +HISTOGRAM_VERSION=$(grep -oP '(?<=#define HDR_HISTOGRAM_VERSION ).*\"' node-v${version}/deps/histogram/include/hdr/hdr_histogram_version.h|sed -e 's/^"//' -e 's/"$//') +echo $HISTOGRAM_VERSION echo echo "Make sure these versions match what is in the RPM spec file" diff --git a/nodejs.spec b/nodejs.spec index f0fd8d1..ecdc17e 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -33,7 +33,7 @@ # This is used by both the nodejs package and the npm subpackage that # has a separate version - the name is special so that rpmdev-bumpspec # will bump this rather than adding .1 to the end. -%global baserelease 2 +%global baserelease 1 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -44,8 +44,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 20 -%global nodejs_minor 12 -%global nodejs_patch 2 +%global nodejs_minor 16 +%global nodejs_patch 0 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 115 @@ -69,7 +69,7 @@ # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_version 1.27.0 +%global c_ares_version 1.31.0 # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_version 8.1.2 @@ -78,17 +78,17 @@ %global libuv_version 1.46.0 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -%global nghttp2_version 1.60.0 +%global nghttp2_version 1.61.0 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h %global nghttp3_version 0.7.0 # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h -%global ngtcp2_version 0.8.1 +%global ngtcp2_version 1.1.0 # ICU - from tools/icu/current_ver.dep -%global icu_major 74 -%global icu_minor 2 +%global icu_major 75 +%global icu_minor 1 %global icu_version %{icu_major}.%{icu_minor} %global icudatadir %{nodejs_datadir}/icudata @@ -106,10 +106,10 @@ %endif # simduft from deps/simdutf/simdutf.h -%global simduft_version 4.0.8 +%global simduft_version 5.2.8 # ada from deps/ada/ada.h -%global ada_version 2.7.6 +%global ada_version 2.8.0 # OpenSSL minimum version %global openssl_minimum 1:1.1.1 @@ -122,7 +122,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 10.5.0 +%global npm_version 10.8.1 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -132,10 +132,10 @@ # Node.js 16.9.1 and later comes with an experimental package management tool # corepack - from deps/corepack/package.json -%global corepack_version 0.25.2 +%global corepack_version 0.28.1 # uvwasi - from deps/uvwasi/include/uvwasi.h -%global uvwasi_version 0.0.20 +%global uvwasi_version 0.0.21 # histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h %global histogram_version 0.11.8 @@ -181,9 +181,10 @@ Source101: cjs-module-lexer-1.2.2.tar.gz Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz -# Adjustments: rm -f undici-5.28.4/lib/llhttp/llhttp*.wasm* -Source111: undici-5.28.4.tar.gz +# Original: https://github.com/nodejs/undici/archive/refs/tags/v6.13.0.tar.gz +# Adjustments: rm -f undici-6.13.0/lib/llhttp/llhttp*.wasm +# wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt +Source111: undici-6.19.2.tar.gz # The WASM blob was made using wasi-sdk v16; compiler libraries are linked in. # Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt # Also check (undici tarball): lib/llhttp/wasm_build_env.txt @@ -192,8 +193,7 @@ Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk- # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch Patch2: 0002-Disable-FIPS-options.patch -Patch3: 0003-Limit-CONTINUATION-frames-following-an-incoming-HEAD.patch -Patch4: 0004-Add-nghttp2_option_set_max_continuations.patch +Patch3: 0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch BuildRequires: make BuildRequires: python3-devel @@ -724,21 +724,26 @@ end %changelog +* Mon Aug 05 2024 Honza Horak - 1:20.16.0-1 +- Update to 20.16.0 + Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 + * Tue Apr 16 2024 Jan Staněk - 1:20.12.2-2 - Backport nghttp2 patch for CVE-2024-28182 * Tue Apr 16 2024 Jan Staněk - 1:20.12.2-1 - Rebase to version 20.12.0 - Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) - Fixes: CVE-2024-25629 (c-ares) + Addresses CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) + Addresses CVE-2024-25629 (c-ares) * Wed Feb 21 2024 Lukas Javorsky - 1:20.11.1-1 - Rebase to version 20.11.1 -- Resolves: RHEL-26017 RHEL-26266 RHEL-26685 RHEL-26686 RHEL-26004 RHEL-26596 RHEL-26688 +- Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high) +- Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium) * Fri Jan 19 2024 Lukas Javorsky - 1:20.11.0-1 - Rebase to version 20.11.0 -- Resolves: RHEL-21435 +- Resolves: RHEL-21434 * Thu Nov 09 2023 Zuzana Svetlikova - 1:20.9.0-1 - Rebase to LTS -- Gitee