Commit graph

732 commits

Author SHA1 Message Date
Stephen Gallagher
c51880f29b Bump release to rebuild with newer nodejs-packaging
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-10-26 10:42:28 -04:00
Stephen Gallagher
7b25c0fa39 Rebuild to fix autoprovides
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-10-25 14:57:41 -04:00
Stephen Gallagher
7252990188 Update to 18.18.2
This is a security release.

The following CVEs are fixed in this release:

* [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High)
* [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High)
* [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552):  Integrity checks according to policies can be circumvented (Medium)
* [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low)

More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/) blog post.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-10-16 13:11:30 -04:00
Stephen Gallagher
01f499c7e2 Update to 18.18.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-09-20 13:48:16 -04:00
Stephen Gallagher
0fedb845a0 Fix variable substitution
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-09-07 16:31:03 -04:00
Stephen Gallagher
6b01995d39 Add default Obsoletes: for nodejsXX
This takes its cue from the Python 3.X approach

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-09-07 14:53:33 -04:00
Stephen Gallagher
2e680f9011 Add version note to packaging readme
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-08-28 18:53:11 -04:00
Jan Staněk
d5900da637 Specify openssl configuration section
By default, node does not use the common openssl configuration section,
relying instead on node-specific `nodejs_conf` section.
Since we want node to use the system configuration, the section name
should be changed (back) to `openssl_conf`.

See discussion in https://github.com/nodejs/node/pull/48950
for the reason this change is suggested.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-08-28 18:51:36 -04:00
Stephen Gallagher
7d157a9ac8 Update to 18.17.1
** 2023-08-09, Version 18.17.1 'Hydrogen' (LTS), @RafaelGSS

This is a security release.

*** Notable Changes

The following CVEs are fixed in this release:

* [CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002):  Policies can be bypassed via Module.\_load (High)
* [CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006): Policies can be bypassed by module.constructor.createRequire (Medium)
* [CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559): Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases
  * [OpenSSL security advisory 14th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html).
  * [OpenSSL security advisory 19th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html).
  * [OpenSSL security advisory 31st July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html)

More detailed information on each of the vulnerabilities can be found in [August 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/) blog post.

** 2023-07-18, Version 18.17.0 'Hydrogen' (LTS), @danielleadams

*** Notable Changes

**** Ada 2.0

Node.js v18.17.0 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements
to URL parsing, including enhancements to the url.domainToASCII and url.domainToUnicode functions in node:url.

Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the
improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname parsing.

Contributed by Yagiz Nizipli and Daniel Lemire in [#47339](https://github.com/nodejs/node/pull/47339)

**** Web Crypto API

Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations.
This further improves interoperability with other implementations of Web Crypto API.

Contributed by Filip Skokan in [#46067](https://github.com/nodejs/node/pull/46067)

* **crypto**:
  * update root certificates to NSS 3.89 (Node.js GitHub Bot) [#47659](https://github.com/nodejs/node/pull/47659)
* **dns**:
  * **(SEMVER-MINOR)** expose getDefaultResultOrder (btea) [#46973](https://github.com/nodejs/node/pull/46973)
* **doc**:
  * add ovflowd to collaborators (Claudio Wunder) [#47844](https://github.com/nodejs/node/pull/47844)
  * add KhafraDev to collaborators (Matthew Aitken) [#47510](https://github.com/nodejs/node/pull/47510)
* **events**:
  * **(SEMVER-MINOR)** add getMaxListeners method (Matthew Aitken) [#47039](https://github.com/nodejs/node/pull/47039)
* **fs**:
  * **(SEMVER-MINOR)** add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) [#47084](https://github.com/nodejs/node/pull/47084)
  * **(SEMVER-MINOR)** add recursive option to readdir and opendir (Ethan Arrowood) [#41439](https://github.com/nodejs/node/pull/41439)
  * **(SEMVER-MINOR)** add support for mode flag to specify the copy behavior (Tetsuharu Ohzeki) [#47084](https://github.com/nodejs/node/pull/47084)
  * **(SEMVER-MINOR)** implement byob mode for readableWebStream() (Debadree Chatterjee) [#46933](https://github.com/nodejs/node/pull/46933)
* **http**:
  * **(SEMVER-MINOR)** prevent writing to the body when not allowed by HTTP spec (Gerrard Lindsay) [#47732](https://github.com/nodejs/node/pull/47732)
  * **(SEMVER-MINOR)** remove internal error in assignSocket (Matteo Collina) [#47723](https://github.com/nodejs/node/pull/47723)
  * **(SEMVER-MINOR)** add highWaterMark opt in http.createServer (HinataKah0) [#47405](https://github.com/nodejs/node/pull/47405)
* **lib**:
  * **(SEMVER-MINOR)** add webstreams to Duplex.from() (Debadree Chatterjee) [#46190](https://github.com/nodejs/node/pull/46190)
  * **(SEMVER-MINOR)** implement AbortSignal.any() (Chemi Atlow) [#47821](https://github.com/nodejs/node/pull/47821)
* **module**:
  * change default resolver to not throw on unknown scheme (Gil Tayar) [#47824](https://github.com/nodejs/node/pull/47824)
* **node-api**:
  * **(SEMVER-MINOR)** define version 9 (Chengzhong Wu) [#48151](https://github.com/nodejs/node/pull/48151)
  * **(SEMVER-MINOR)** deprecate napi\_module\_register (Vladimir Morozov) [#46319](https://github.com/nodejs/node/pull/46319)
* **stream**:
  * **(SEMVER-MINOR)** preserve object mode in compose (Raz Luvaton) [#47413](https://github.com/nodejs/node/pull/47413)
  * **(SEMVER-MINOR)** add setter & getter for default highWaterMark (#46929) (Robert Nagy) [#46929](https://github.com/nodejs/node/pull/46929)
* **test**:
  * unflake test-vm-timeout-escape-nexttick (Santiago Gimeno) [#48078](https://github.com/nodejs/node/pull/48078)
* **test\_runner**:
  * **(SEMVER-MINOR)** add shorthands to `test` (Chemi Atlow) [#47909](https://github.com/nodejs/node/pull/47909)
  * **(SEMVER-MINOR)** support combining coverage reports (Colin Ihrig) [#47686](https://github.com/nodejs/node/pull/47686)
  * **(SEMVER-MINOR)** execute before hook on test (Chemi Atlow) [#47586](https://github.com/nodejs/node/pull/47586)
  * **(SEMVER-MINOR)** expose reporter for use in run api (Chemi Atlow) [#47238](https://github.com/nodejs/node/pull/47238)
* **tools**:
  * update LICENSE and license-builder.sh (Santiago Gimeno) [#48078](https://github.com/nodejs/node/pull/48078)
* **url**:
  * **(SEMVER-MINOR)** implement URL.canParse (Matthew Aitken) [#47179](https://github.com/nodejs/node/pull/47179)
* **wasi**:
  * **(SEMVER-MINOR)** no longer require flag to enable wasi (Michael Dawson) [#47286](https://github.com/nodejs/node/pull/47286)

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-08-09 16:33:19 -04:00
Fedora Release Engineering
544f76d98b Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-20 16:47:35 +00:00
Stephen Gallagher
d1beeb0f81 Sync to latest nodejs-sources.sh
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-07-12 13:36:15 -04:00
Stephen Gallagher
a955794775 Update to security release 18.16.1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-06-21 10:02:16 -04:00
Stephen Gallagher
8feb3e5509 sources: install jinja2 if needed
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-06-21 09:19:01 -04:00
Stephen Gallagher
dfeab1ea3d
Fix NPM Obsoletes
The version of npm shipped by nodejs20 in the frozen F38 repo is
higher than the version provided by the default nodejs18. This
works around that.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-05-15 09:37:29 -04:00
Stephen Gallagher
14431056f7
Fix up shebangs for npm and npx
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-28 10:46:32 -04:00
Stephen Gallagher
00573643f6
Add README for packagers
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-27 13:51:35 -04:00
Stephen Gallagher
7fac550d3e
nodejs-sources.sh: Add --debug flag
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-27 08:58:13 -04:00
Stephen Gallagher
4e9436a835
Replace /usr/etc/npmrc symlink with builtin configuration
We want to have the system-level npmrc located at /etc/npmrc.
By default, npm looks for it in /usr/etc/npmrc,
so we placed a symlink to /etc/npmrc there.
However, we are the only known package that has anything in /usr/etc,
which confuses and/or breaks various tooling (see related bug).

This gets rid of the symlink,
and instead uses "builtin"-level configuration of npm
to cause it to load the system-level configuration from /etc/npmrc.

Related: rhbz#2177776

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-27 08:50:37 -04:00
Stephen Gallagher
7559b10a65
Apply to spec also
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 15:14:32 -04:00
Stephen Gallagher
bca6ea5ea2
Fix manpage symlinks
Resolves: rhbz#2187978

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 15:13:29 -04:00
Stephen Gallagher
a7bb99ba07
Rebase Fedora patches
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 12:37:19 -04:00
Stephen Gallagher
a98d03435c
Update to 18.16.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.16.0

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-26 12:31:13 -04:00
Stephen Gallagher
0362f42fb0
Don't 'Provides: npm' on non-default
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-11 15:23:07 -04:00
Stephen Gallagher
7000efe305
Adjust nodejs-devel Provides
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-04-03 09:07:15 -04:00
Stephen Gallagher
4ffd58b121
Pull in changes from nodejs20
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-30 08:50:27 -04:00
Stephen Gallagher
4aadc166bf
Fix build issue on non-default releases
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-27 19:10:34 -04:00
Stephen Gallagher
c2b89a7006
Fix libv8 packaging issue
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-27 14:55:11 -04:00
Stephen Gallagher
580f45bab6
Namespace the v8 compat libraries
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-16 15:37:40 -04:00
Stephen Gallagher
6e5a66a778
Update to 18.15.0
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.15.0

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-09 10:28:50 -05:00
Stephen Gallagher
b77028c109
template: Re-sync from nodejs20
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-03-01 15:08:30 -05:00
Stephen Gallagher
dc374d2c11
Also drop patch from specfile
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-23 15:17:55 -05:00
Stephen Gallagher
18c023f26e
Drop unneeded patch
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-23 15:16:26 -05:00
Stephen Gallagher
b1efdc3f55
Update to latest version of nodejs-sources.sh
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 14:59:23 -05:00
Stephen Gallagher
2193e314cf
Update to 18.14.2
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-21 14:47:39 -05:00
Stephen Gallagher
2ec1a0503b
Update to v18.14.1
- https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.14.1
- packaging: Drop vestigial package.cfg file.
- packaging: Fix spec template
- packaging: Make nodejs-sources.sh clean up after itself

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-02-17 11:10:30 -05:00
Stephen Gallagher
c541b7e256
Set Node.js 18.x as the default for RHEL 10
This will likely change to 20.x closer to release, but we need a
default in place for the time being.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-27 13:36:00 -05:00
Stephen Gallagher
8cfad4cd12
sources: Fix typo preventing upload
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 17:18:47 -05:00
Stephen Gallagher
148cb7de34
sources: Use spec template for ICU URL
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 16:53:27 -05:00
Stephen Gallagher
99e9cbbbe5
Fix important typo
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 15:41:05 -05:00
Stephen Gallagher
443d608e13
Fix v8 symlinks
Resolves: rhbz#2163346

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 15:32:31 -05:00
Stephen Gallagher
bd35f75e9f
Rework nodejs-sources.sh
This will now automatically update the specfile from the
.packaging/nodejs.spec.in template.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-23 15:27:59 -05:00
Fedora Release Engineering
c2526cc511 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 21:42:59 +00:00
Stephen Gallagher
679308e617
Update to 18.13.0
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-16 11:29:51 -05:00
Stephen Gallagher
35ce6bd08e
Disable gating for now
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-13 14:26:58 -05:00
Stephen Gallagher
2851ac84ca
Use requires instead of conflicts for -docs
Conflicts causes issues with parallel-installation of non-default
Node.js versions.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-12 15:11:19 -05:00
Stephen Gallagher
e518e262b3
Add pretrans scriptlet for node_modules
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-12 15:11:19 -05:00
Stephen Gallagher
cc73e226d4
Add proper npm obsoletes
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-12 15:11:18 -05:00
Stephen Gallagher
592c8cae25
Drop redundant default definition
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-12 15:11:17 -05:00
Stephen Gallagher
ee9d5d135c
Enable parallel-installation
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2022-12-12 15:11:11 -05:00
Jan Staněk
a3c7fd02a8
Check bundled WASM sources for version mismatch 2022-12-12 14:42:28 +01:00