diff --git a/0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch b/0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch index 0b1dec3bf74558d4ee23df1f820383f25d288ebc..18bbb7799e07711d9f7d242eb701019dc7b50637 100644 --- a/0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch +++ b/0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch @@ -28,12 +28,12 @@ index f189ba2bf09..9b2d993bb32 100755 if options.node_snapshot_main is not None: diff --git a/node.gyp b/node.gyp index ff59af6ff76..7d9ec812917 100644 ---- a/node.gyp -+++ b/node.gyp -@@ -468,21 +468,6 @@ - }, - - 'conditions': [ +--- a/node.gyp 2025-01-21 05:28:01.000000000 +0100 ++++ b/node.gyp 2025-02-03 09:26:11.282754397 +0100 +@@ -472,21 +472,6 @@ + ['clang==0 and OS!="win"', { + 'cflags': [ '-Wno-restrict', ], + }], - # Pointer authentication for ARM64. - ['target_arch=="arm64"', { - 'target_conditions': [ @@ -52,6 +52,3 @@ index ff59af6ff76..7d9ec812917 100644 ['OS in "aix os400"', { 'ldflags': [ '-Wl,-bnoerrmsg', --- -2.45.2 - diff --git a/download b/download index a19ca0b69845b6ab502740a24f2a0f1e45168d83..c656319a451aec5029d55cb43c7c6226fbaaf1bc 100644 --- a/download +++ b/download @@ -1,6 +1,5 @@ -5808c204e2942e7bf56d6d7971d4f5d4 cjs-module-lexer-1.2.2.tar.gz -ed994212457a1297c963d0588a1adaac node-v20.16.0-stripped.tar.gz -6e9c6776bbc8354941a77b8520dca4f9 undici-6.19.2.tar.gz +a8c3ddf6348a0e26abc89fab3b47e2fc cjs-module-lexer-1.4.1.tar.gz +eaa45fd75743508defa527b6410ca747 node-v20.18.2-stripped.tar.gz +38db64331795e5e9208a6f6d75bbe4d2 undici-6.21.1.tar.gz 7b6ec4e1c3e39397bdd09087e2437bfd wasi-sdk-wasi-sdk-11.tar.gz 638c8fed7b32bb979c768c310caf4d85 wasi-sdk-wasi-sdk-16.tar.gz -a83c1499e508f73ddbc60002f84ea42a icu4c-75_1-src.tgz diff --git a/icu4c-75_1-src.tgz b/icu4c-75_1-src.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d2f1dce0b27ed618e5d4b005c40f987eb36635a1 Binary files /dev/null and b/icu4c-75_1-src.tgz differ diff --git a/nodejs.spec b/nodejs.spec index ecdc17e92157f2604e851cd0ca9644ff6b378867..6558ad8708cee08e9b41c44e1ea4d84be8055947 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -16,7 +16,7 @@ # use --with=bundled; will bundle deps, but do not add the suffix # # create bootstrapping build with bundled deps and extra release suffix -%bcond_with bootstrap +%bcond_with bootstrap # bundle dependencies that are not available in CentOS %if %{with bootstrap} %bcond_without bundled @@ -44,8 +44,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 20 -%global nodejs_minor 16 -%global nodejs_patch 0 +%global nodejs_minor 18 +%global nodejs_patch 2 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 115 @@ -57,7 +57,7 @@ # == Bundled Dependency Versions == # v8 - from deps/v8/include/v8-version.h # Epoch is set to ensure clean upgrades from the old v8 package -%global v8_epoch 2 +%global v8_epoch 3 %global v8_major 11 %global v8_minor 3 %global v8_build 244 @@ -67,9 +67,10 @@ %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} %global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} + # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_version 1.31.0 +%global c_ares_version 1.33.1 # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_version 8.1.2 @@ -106,10 +107,10 @@ %endif # simduft from deps/simdutf/simdutf.h -%global simduft_version 5.2.8 +%global simduft_version 5.5.0 # ada from deps/ada/ada.h -%global ada_version 2.8.0 +%global ada_version 2.9.0 # OpenSSL minimum version %global openssl_minimum 1:1.1.1 @@ -122,7 +123,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 10.8.1 +%global npm_version 10.8.2 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -132,7 +133,7 @@ # Node.js 16.9.1 and later comes with an experimental package management tool # corepack - from deps/corepack/package.json -%global corepack_version 0.28.1 +%global corepack_version 0.29.4 # uvwasi - from deps/uvwasi/include/uvwasi.h %global uvwasi_version 0.0.21 @@ -173,18 +174,18 @@ Source8: npmrc.builtin.in # Recipes for creating these blobs are included in the sources. # Version: jq '.version' deps/cjs-module-lexer/package.json -# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz -# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm -Source101: cjs-module-lexer-1.2.2.tar.gz +# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.4.1.tar.gz +# Adjustments: rm -f cjs-module-lexer-1.4.1/lib/lexer.wasm +Source101: cjs-module-lexer-1.4.1.tar.gz # The WASM blob was made using wasi-sdk v11; compiler libraries are linked in. # Version source (cjs-module-lexer tarball): Makefile Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v6.13.0.tar.gz -# Adjustments: rm -f undici-6.13.0/lib/llhttp/llhttp*.wasm +# Original: https://github.com/nodejs/undici/archive/refs/tags/v6.21.1.tar.gz +# Adjustments: rm -f undici-6.21.1/lib/llhttp/llhttp*.wasm # wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt -Source111: undici-6.19.2.tar.gz +Source111: undici-6.21.1.tar.gz # The WASM blob was made using wasi-sdk v16; compiler libraries are linked in. # Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt # Also check (undici tarball): lib/llhttp/wasm_build_env.txt @@ -724,6 +725,11 @@ end %changelog +* Thu Jan 30 2025 Tomáš Juhász - 1:20.18.2-1 +- Update to version 20.18.2 + Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 + Resolves: RHEL-76001 RHEL-76146 + * Mon Aug 05 2024 Honza Horak - 1:20.16.0-1 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020