diff --git a/download b/download index 1a0300cdf21c1c9351694b5974a69e63432d19cf..3daa12aafa26b0971ef7437d5f3cc6b3946b9bf3 100644 --- a/download +++ b/download @@ -1,4 +1,4 @@ 5808c204e2942e7bf56d6d7971d4f5d4 cjs-module-lexer-1.2.2.tar.gz -728ca188ae8c9d056dfced4f57e1d861 node-v18.20.4-stripped.tar.gz -7aa750dbe225ee4ca9c993d4e904f254 undici-5.28.4.tar.gz +d3e306dae9ceac2800f31f826a54de2d node-v18.20.6-stripped.tar.gz +80659ba6e47d04b803542e853c2a36c3 undici-5.28.5.tar.gz d80d3731d039b0944b405044dabd5f93 wasi-sdk-11.0-linux.tar.gz diff --git a/nodejs.spec b/nodejs.spec index c67977458af9e7c354d517c783199599e160c2aa..893a67b12cd5e33685149eec0885e8d266a75b65 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -42,7 +42,7 @@ %global nodejs_epoch 1 %global nodejs_major 18 %global nodejs_minor 20 -%global nodejs_patch 4 +%global nodejs_patch 6 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 108 @@ -66,16 +66,13 @@ # c-ares - from deps/cares/include/ares_version.h # https://github.com/nodejs/node/pull/9332 -%global c_ares_version 1.28.1 +%global c_ares_version 1.29.0 # llhttp - from deps/llhttp/include/llhttp.h %global llhttp_version 6.1.1 # libuv - from deps/uv/include/uv/version.h -%global libuv_major 1 -%global libuv_minor 44 -%global libuv_patch 2 -%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch} +%global libuv_version 1.44.2 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h %global nghttp2_version 1.61.0 @@ -113,12 +110,12 @@ # simduft from deps/simdutf/simdutf.h %global simduft_major 5 -%global simduft_minor 2 -%global simduft_patch 4 +%global simduft_minor 6 +%global simduft_patch 0 %global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch} # ada from deps/ada/ada.h -%global ada_version 2.7.8 +%global ada_version 2.8.0 # OpenSSL minimum version %global openssl_minimum 1:1.1.1 @@ -133,7 +130,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 10.7.0 +%global npm_version 10.8.2 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -185,16 +182,18 @@ Source8: npmrc.builtin.in # Version: jq '.version' deps/cjs-module-lexer/package.json # Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz # Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm +# wasi-sdk version can be found in Makefile +# https://github.com/nodejs/cjs-module-lexer/blob/1.2.2/Makefile Source101: cjs-module-lexer-1.2.2.tar.gz # The WASM blob was made using wasi-sdk v11; compiler libraries are linked in. # Version source: Makefile Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz -# Adjustments: rm -f undici-5.28.3/lib/llhttp/llhttp*.wasm +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.5.tar.gz +# Adjustments: rm -f undici-5.28.5/lib/llhttp/llhttp*.wasm # Build uses alpine image, see alpine for sources for wasi-sdk -Source111: undici-5.28.4.tar.gz +Source111: undici-5.28.5.tar.gz # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch @@ -463,7 +462,7 @@ make BUILDTYPE=Release %{?_smp_mflags} # Extract the ICU data and convert it to the appropriate endianness pushd deps/ -tar xfz %{SOURCE3} +tar -xzf %{SOURCE3} pushd icu/source @@ -739,6 +738,11 @@ end %changelog +* Fri Feb 07 2025 Andrei Radchenko - 1:18.20.6-1 +- Update to version 18.20.6 + Resolves: RHEL-78326 + Fixes: CVE-2025-23085 CVE-2025-22150 + * Mon Aug 05 2024 Honza Horak - 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 @@ -1150,3 +1154,4 @@ end - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 +