diff --git a/download b/download index 407af3e5843ab5ae5dd465457d3c2b3b6dc2830b..1a0300cdf21c1c9351694b5974a69e63432d19cf 100644 --- a/download +++ b/download @@ -1,4 +1,4 @@ -08535247571b2a04e00dc1c8bfdc5606 cjs-module-lexer-1.2.2.tar.gz -c430fc52d7930fe5fa2ff73a087d0a90 node-v18.19.0-stripped.tar.gz -7c8cec0063a7a8a04aaf5c0ebf5d9f0c undici-5.26.4.tar.gz +5808c204e2942e7bf56d6d7971d4f5d4 cjs-module-lexer-1.2.2.tar.gz +728ca188ae8c9d056dfced4f57e1d861 node-v18.20.4-stripped.tar.gz +7aa750dbe225ee4ca9c993d4e904f254 undici-5.28.4.tar.gz d80d3731d039b0944b405044dabd5f93 wasi-sdk-11.0-linux.tar.gz diff --git a/icu4c-73_2-src.tgz b/icu4c-74_2-src.tgz similarity index 71% rename from icu4c-73_2-src.tgz rename to icu4c-74_2-src.tgz index 997d513ef1a9e81771387a0bac1e18d5e8dc980b..b4ffb5f4e793608f9d0a8b6d74158491f00c094f 100644 Binary files a/icu4c-73_2-src.tgz and b/icu4c-74_2-src.tgz differ diff --git a/nodejs-fips-disable-options.patch b/nodejs-fips-disable-options.patch new file mode 100644 index 0000000000000000000000000000000000000000..ada1ce3ab062bf345f154322d9ab8faf24c4fefd --- /dev/null +++ b/nodejs-fips-disable-options.patch @@ -0,0 +1,81 @@ +From 98738d27288bd9ca634e29181ef665e812e7bbd3 Mon Sep 17 00:00:00 2001 +From: Michael Dawson +Date: Fri, 23 Feb 2024 13:43:56 +0100 +Subject: [PATCH] Disable FIPS options + +On RHEL, FIPS should be configured only on system level. +Additionally, the related options may cause segfault when used on RHEL. + +This patch causes the option processing to end sooner +than the problematic code gets executed. +Additionally, the JS-level options to mess with FIPS settings +are similarly disabled. + +Upstream report: https://github.com/nodejs/node/pull/48950 +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726 +--- + lib/crypto.js | 10 ++++++++++ + lib/internal/errors.js | 6 ++++++ + src/crypto/crypto_util.cc | 2 ++ + 3 files changed, 18 insertions(+) + +diff --git a/lib/crypto.js b/lib/crypto.js +index 41adecc..b2627ac 100644 +--- a/lib/crypto.js ++++ b/lib/crypto.js +@@ -36,6 +36,9 @@ const { + assertCrypto(); + + const { ++ // RHEL specific error ++ ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED, ++ + ERR_CRYPTO_FIPS_FORCED, + } = require('internal/errors').codes; + const constants = internalBinding('constants').crypto; +@@ -251,6 +254,13 @@ function getFips() { + } + + function setFips(val) { ++ // in RHEL FIPS enable/disable should only be done at system level ++ if (getFips() != val) { ++ throw new ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED(); ++ } else { ++ return; ++ } ++ + if (getOptionValue('--force-fips')) { + if (val) return; + throw new ERR_CRYPTO_FIPS_FORCED(); +diff --git a/lib/internal/errors.js b/lib/internal/errors.js +index a722360..04d8a53 100644 +--- a/lib/internal/errors.js ++++ b/lib/internal/errors.js +@@ -1060,6 +1060,12 @@ module.exports = { + // + // Note: Node.js specific errors must begin with the prefix ERR_ + ++// insert RHEL specific erro ++E('ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED', ++ 'Cannot set FIPS mode. FIPS should be enabled/disabled at system level. See' + ++ 'https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n', ++ Error); ++ + E('ERR_ACCESS_DENIED', + 'Access to this API has been restricted. Permission: %s', + Error); +diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc +index 5734d8f..ef9d1b1 100644 +--- a/src/crypto/crypto_util.cc ++++ b/src/crypto/crypto_util.cc +@@ -121,6 +121,8 @@ bool ProcessFipsOptions() { + /* Override FIPS settings in configuration file, if needed. */ + if (per_process::cli_options->enable_fips_crypto || + per_process::cli_options->force_fips_crypto) { ++ fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n"); ++ return false; + #if OPENSSL_VERSION_MAJOR >= 3 + OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips"); + if (fips_provider == nullptr) +-- +2.43.2 diff --git a/nodejs-tarball.sh b/nodejs-tarball.sh index f59d5c2823177ee29f2bef4c8ff9a331de201acf..66f5ca2465ae68a18254fe36a0ef5944a0147a60 100755 --- a/nodejs-tarball.sh +++ b/nodejs-tarball.sh @@ -135,67 +135,109 @@ rm -f node-v${version}.tar.gz set +e # Determine the bundled versions of the various packages +echo "Included software versions" +echo "-------------------------" +echo +echo "Node.js version" +echo "=========================" +echo "${version}" +echo echo "Bundled software versions" echo "-------------------------" echo -echo "libnode shared object version" +echo "libnode shared object version (nodejs_soversion)" echo "=========================" -grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h +NODE_SOVERSION=$(grep -oP '(?<=#define NODE_MODULE_VERSION )\d+' node-v${version}/src/node_version.h) +echo "${NODE_SOVERSION}" echo echo "V8" echo "=========================" -grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h -grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h -grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h -grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h +V8_MAJOR=$(grep -oP '(?<=#define V8_MAJOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h) +V8_MINOR=$(grep -oP '(?<=#define V8_MINOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h) +V8_BUILD=$(grep -oP '(?<=#define V8_BUILD_NUMBER )\d+' node-v${version}/deps/v8/include/v8-version.h) +V8_PATCH=$(grep -oP '(?<=#define V8_PATCH_LEVEL )\d+' node-v${version}/deps/v8/include/v8-version.h) +echo "${V8_MAJOR}.${V8_MINOR}.${V8_BUILD}.${V8_PATCH}" echo echo "c-ares" echo "=========================" -grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h -grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h -grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h +C_ARES_VERSION=$(grep -oP '(?<=#define ARES_VERSION_STR ).*\"' node-v${version}/deps/cares/include/ares_version.h |sed -e 's/^"//' -e 's/"$//') +echo $C_ARES_VERSION echo echo "llhttp" echo "=========================" -grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h -grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h -grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h +LLHTTP_MAJOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MAJOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h) +LLHTTP_MINOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MINOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h) +LLHTTP_PATCH=$(grep -oP '(?<=#define LLHTTP_VERSION_PATCH )\d+' node-v${version}/deps/llhttp/include/llhttp.h) +LLHTTP_VERSION="${LLHTTP_MAJOR}.${LLHTTP_MINOR}.${LLHTTP_PATCH}" +echo $LLHTTP_VERSION echo echo "libuv" echo "=========================" -grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h -grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h -grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h +UV_MAJOR=$(grep -oP '(?<=#define UV_VERSION_MAJOR )\d+' node-v${version}/deps/uv/include/uv/version.h) +UV_MINOR=$(grep -oP '(?<=#define UV_VERSION_MINOR )\d+' node-v${version}/deps/uv/include/uv/version.h) +UV_PATCH=$(grep -oP '(?<=#define UV_VERSION_PATCH )\d+' node-v${version}/deps/uv/include/uv/version.h) +LIBUV_VERSION="${UV_MAJOR}.${UV_MINOR}.${UV_PATCH}" +echo $LIBUV_VERSION echo echo "nghttp2" echo "=========================" -grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h +NGHTTP2_VERSION=$(grep -oP '(?<=#define NGHTTP2_VERSION ).*\"' node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h |sed -e 's/^"//' -e 's/"$//') +echo $NGHTTP2_VERSION echo echo "nghttp3" echo "=========================" -grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h +NGHTTP3_VERSION=$(grep -oP '(?<=#define NGHTTP3_VERSION ).*\"' node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h |sed -e 's/^"//' -e 's/"$//') +echo $NGHTTP3_VERSION echo echo "ngtcp2" echo "=========================" -grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h +NGTCP2_VERSION=$(grep -oP '(?<=#define NGTCP2_VERSION ).*\"' node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h |sed -e 's/^"//' -e 's/"$//') +echo $NGTCP2_VERSION echo echo "ICU" echo "=========================" -grep "url" node-v${version}/tools/icu/current_ver.dep +ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g') +ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g') +echo "${ICU_MAJOR}.${ICU_MINOR}" +echo +echo "simdutf" +echo "=========================" +SIMDUTF_VERSION=$(grep -oP '(?<=#define SIMDUTF_VERSION ).*\"' node-v${version}/deps/simdutf/simdutf.h |sed -e 's/^"//' -e 's/"$//') +echo $SIMDUTF_VERSION +echo +echo "ada" +echo "=========================" +ADA_VERSION=$(grep -osP '(?<=#define ADA_VERSION ).*\"' node-v${version}/deps/ada/ada.h |sed -e 's/^"//' -e 's/"$//') +ADA_VERSION=${ADA_VERSION:-0} +echo "${ADA_VERSION}" echo echo "punycode" echo "=========================" -grep "'version'" node-v${version}/lib/punycode.js +PUNYCODE_VERSION=$(grep -oP "'version': '\K[^']+" ./node-v${version}/lib/punycode.js) +echo $PUNYCODE_VERSION +echo +echo "npm" +echo "=========================" +NPM_VERSION=$(jq -r .version ./node-v${version}/deps/npm/package.json) +echo $NPM_VERSION +echo +echo "corepack" +echo "=========================" +COREPACK_VERSION=$(jq -r .version ./node-v${version}/deps/corepack/package.json) +echo $COREPACK_VERSION echo echo "uvwasi" echo "=========================" -grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h -grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h -grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h +UVWASI_MAJOR=$(grep -oP '(?<=#define UVWASI_VERSION_MAJOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h) +UVWASI_MINOR=$(grep -oP '(?<=#define UVWASI_VERSION_MINOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h) +UVWASI_PATCH=$(grep -oP '(?<=#define UVWASI_VERSION_PATCH )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h) +UVWASI_VERSION="${UVWASI_MAJOR}.${UVWASI_MINOR}.${UVWASI_PATCH}" +echo $UVWASI_VERSION echo -echo "npm" +echo "histogram_c" echo "=========================" -grep "\"version\":" node-v${version}/deps/npm/package.json +HISTOGRAM_VERSION=$(grep -oP '(?<=#define HDR_HISTOGRAM_VERSION ).*\"' node-v${version}/deps/histogram/include/hdr/hdr_histogram_version.h|sed -e 's/^"//' -e 's/"$//') +echo $HISTOGRAM_VERSION echo echo "Make sure these versions match what is in the RPM spec file" diff --git a/nodejs.spec b/nodejs.spec index ec382d2f1101db687a24a1185515049b9dd61afc..c67977458af9e7c354d517c783199599e160c2aa 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 %global with_debug 0 # PowerPC, s390x and aarch64 segfault during Debug builds @@ -42,8 +41,8 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 18 -%global nodejs_minor 19 -%global nodejs_patch 0 +%global nodejs_minor 20 +%global nodejs_patch 4 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 108 @@ -66,10 +65,11 @@ %global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} # c-ares - from deps/cares/include/ares_version.h -%global c_ares_version 1.20.1 +# https://github.com/nodejs/node/pull/9332 +%global c_ares_version 1.28.1 # llhttp - from deps/llhttp/include/llhttp.h -%global llhttp_version 6.0.11 +%global llhttp_version 6.1.1 # libuv - from deps/uv/include/uv/version.h %global libuv_major 1 @@ -78,7 +78,7 @@ %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch} # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h -%global nghttp2_version 1.57.0 +%global nghttp2_version 1.61.0 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h %global nghttp3_major 0 @@ -87,13 +87,13 @@ %global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch} # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h -%global ngtcp2_major 0 -%global ngtcp2_minor 8 -%global ngtcp2_patch 1 +%global ngtcp2_major 1 +%global ngtcp2_minor 3 +%global ngtcp2_patch 0 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch} # ICU - from tools/icu/current_ver.dep -%global icu_major 73 +%global icu_major 74 %global icu_minor 2 %global icu_version %{icu_major}.%{icu_minor} @@ -112,13 +112,13 @@ %endif # simduft from deps/simdutf/simdutf.h -%global simduft_major 3 +%global simduft_major 5 %global simduft_minor 2 -%global simduft_patch 18 +%global simduft_patch 4 %global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch} # ada from deps/ada/ada.h -%global ada_version 2.7.2 +%global ada_version 2.7.8 # OpenSSL minimum version %global openssl_minimum 1:1.1.1 @@ -133,7 +133,7 @@ # npm - from deps/npm/package.json %global npm_epoch 1 -%global npm_version 10.2.3 +%global npm_version 10.7.0 # In order to avoid needing to keep incrementing the release version for the # main package forever, we will just construct one for npm that is guaranteed @@ -142,7 +142,7 @@ %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} # Node.js 16.9.1 and later comes with an experimental package management tool -%global corepack_version 0.10.0 +%global corepack_version 0.22.0 # uvwasi - from deps/uvwasi/include/uvwasi.h %global uvwasi_version 0.0.19 @@ -153,7 +153,7 @@ Name: nodejs Epoch: %{nodejs_epoch} Version: %{nodejs_version} -Release: %{nodejs_release}%{anolis_release}%{?dist} +Release: %{nodejs_release}%{?dist} Summary: JavaScript runtime License: MIT and ASL 2.0 and ISC and BSD Group: Development/Languages @@ -191,13 +191,14 @@ Source101: cjs-module-lexer-1.2.2.tar.gz Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz # Version: jq '.version' deps/undici/src/package.json -# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.26.4.tar.gz -# Adjustments: rm -f undici-5.26.4/lib/llhttp/llhttp*.wasm +# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz +# Adjustments: rm -f undici-5.28.3/lib/llhttp/llhttp*.wasm # Build uses alpine image, see alpine for sources for wasi-sdk -Source111: undici-5.26.4.tar.gz +Source111: undici-5.28.4.tar.gz # Disable running gyp on bundled deps we don't use Patch1: 0001-Disable-running-gyp-on-shared-deps.patch +Patch2: nodejs-fips-disable-options.patch BuildRequires: make BuildRequires: python3-devel @@ -303,9 +304,9 @@ Provides: bundled(ada) = %{ada_version} # Make sure we keep NPM up to date when we update Node.js %if 0%{?rhel} < 8 # EPEL doesn't support Recommends, so make it strict -Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{anolis_release}%{?dist} +Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} %else -Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{anolis_release}%{?dist} +Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist} %endif %description @@ -319,7 +320,7 @@ real-time applications that run across distributed devices. %package devel Summary: JavaScript runtime - development headers Group: Development/Languages -Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist} +Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} Requires: openssl-devel%{?_isa} Requires: zlib-devel%{?_isa} Requires: brotli-devel%{?_isa} @@ -335,7 +336,7 @@ Development headers for the Node.js JavaScript runtime. %package full-i18n Summary: Non-English locale data for Node.js -Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist} +Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} %description full-i18n Optional data files to provide full-icu support for Node.js. Remove this @@ -346,16 +347,16 @@ package to save space if non-English locales are not needed. Summary: Node.js Package Manager Epoch: %{npm_epoch} Version: %{npm_version} -Release: %{npm_release}%{anolis_release}%{?dist} +Release: %{npm_release}%{?dist} # We used to ship npm separately, but it is so tightly integrated with Node.js # (and expected to be present on all Node.js systems) that we ship it bundled # now. Obsoletes: npm < 0:3.5.4-6 Provides: npm = %{npm_epoch}:%{npm_version} -Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist} +Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} %if 0%{?fedora} || 0%{?rhel} >= 8 -Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist} +Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} %endif # Do not add epoch to the virtual NPM provides or it will break @@ -375,8 +376,8 @@ BuildArch: noarch # We don't require that the main package be installed to # use the docs, but if it is installed, make sure the # version always matches -Conflicts: %{name} > %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist} -Conflicts: %{name} < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{anolis_release}%{?dist} +Conflicts: %{name} > %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} +Conflicts: %{name} < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist} %description docs The API documentation for the Node.js JavaScript runtime. @@ -462,7 +463,7 @@ make BUILDTYPE=Release %{?_smp_mflags} # Extract the ICU data and convert it to the appropriate endianness pushd deps/ -tar xzf %{SOURCE3} +tar xfz %{SOURCE3} pushd icu/source @@ -557,6 +558,11 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \ -executable -type f \ -exec chmod -x {} \; +# NPM bundle dep contain powershell files +# These files are not useful for linux +# systems and create /usr/bin/pwsh requirement, so the files are deleted +find %{buildroot}%{_prefix}/lib/node_modules/npm/bin/*.ps1 -executable -type f -exec rm {} \; + # The above command is a little overzealous. Add a few permissions back. chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js @@ -564,7 +570,8 @@ chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin # Corepack contains a number of executable"shims", including some for Windows # PowerShell. Drop the executable bit for those so we don't pick up an # automatic dependency on /usr/bin/pwsh that we cannot satisfy. -chmod -x %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/*.ps1 +find %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/*.ps1 -executable -type f -exec rm {} \; +find %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/nodewin/*.ps1 -executable -type f -exec rm {} \; # Drop the NPM builtin configuration in place sed -e 's#@SYSCONFDIR@#%{_sysconfdir}#g' \ @@ -732,19 +739,24 @@ end %changelog -* Wed Feb 21 2024 Bo Liu - 1:18.19.0-1.0.1 -- Fixes CVE-2022-25883 -- update requires and recommands (wb-zh951434@alibaba-inc.com) +* Mon Aug 05 2024 Honza Horak - 1:18.20.4-1 +- Update to 18.20.4 + Fixes: CVE-2024-22020 CVE-2024-28863 + +* Wed Apr 24 2024 Filip Janus - 1:18.20.2-1 +- Removes .ps1 files +- Rebase to 18.20.2 +- Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 + +* Wed Feb 21 2024 Lukas Javorsky - 1:18.19.1-1 +- Rebase to version 18.19.1 +- Fixes: CVE-2024-21892 CVE-2024-22019 (high) +- Fixes: CVE-2023-46809 (medium) * Fri Jan 19 2024 Lukas Javorsky - 1:18.19.0-1 - Rebase to version 18.19.0 - Resolves: RHEL-21439 -* Sat Oct 14 2023 Zuzana Svetlikova - 1:18.18.2-1 -- Rebase to 18.18.2 (Security release) -- Switch icu from zip to tgz -- Fixes #2228925, CVE-2023-45143, CVE-2023-44487, CVE-2023-38552, CVE-2023-39333 - * Wed Aug 23 2023 Jan Staněk - 1:18.17.1-1 - Rebase to version 18.17.1 Resolves: rhbz#2228939