diff --git a/.llhttp.metadata b/.llhttp.metadata
new file mode 100644
index 0000000..2e4d7aa
--- /dev/null
+++ b/.llhttp.metadata
@@ -0,0 +1 @@
+a9bc2288b1fbb830bb4f454ea9803fe317472375 SOURCES/llhttp-9.2.1.tar.gz
diff --git a/SOURCES/audited-null-licenses.toml b/SOURCES/audited-null-licenses.toml
new file mode 100644
index 0000000..4af45e9
--- /dev/null
+++ b/SOURCES/audited-null-licenses.toml
@@ -0,0 +1,56 @@
+[any]
+
+[prod]
+
+[dev]
+
+# Just a module wrapper around the code in tslib, which does have a proper
+# license (0BSD) in its package.json:
+# tslib/modules
+modules = "<unknown version>"
+# A “dummy” module in the tests for tslib
+# tslib/test/validateModuleExportsMatchCommonJS
+validateModuleExportsMatchCommonJS = "<unknown version>"
+
+# Similarly, these are all just ES6 module (mjs) or CommonJS (cjs) module
+# wrappers in packages that do have proper license information:
+# node_modules_dev/@ungap/structured-clone/cjs
+# node_modules_dev/@typescript-eslint/utils/node_modules/minimatch/dist/cjs
+# node_modules_dev/@typescript-eslint/utils/node_modules/minimatch/dist/mjs
+# node_modules_dev/@typescript-eslint/parser/node_modules/minimatch/dist/cjs
+# node_modules_dev/@typescript-eslint/parser/node_modules/minimatch/dist/mjs
+# node_modules_dev/@typescript-eslint/type-utils/node_modules/minimatch/dist/cjs
+# node_modules_dev/@typescript-eslint/type-utils/node_modules/minimatch/dist/mjs
+# node_modules_dev/flatted/cjs
+cjs = "<unknown version>"
+mjs = "<unknown version>"
+
+# These are all “dummy” modules in the tests for resolve:
+# resolve/test/module_dir/zmodules/bbb
+bbb = "<unknown version>"
+# resolve/test/resolver/invalid_main
+"invalid main" = "<unknown version>"
+# resolve/test/resolver/incorrect_main
+incorrect_main = "<unknown version>"
+# resolve/test/resolver/dot_slash_main
+dot_slash_main = "<unknown version>"
+# resolve/test/resolver/dot_main
+dot_main = "<unknown version>"
+# resolve/test/resolver/baz
+baz = "<unknown version>"
+# resolve/test/resolver/browser_field
+browser_field = "<unknown version>"
+# resolve/test/resolver/symlinked/package
+package = "<unknown version>"
+
+# These are all part of nanoid, which is MIT-licensed.
+# nanoid/url-alphabet
+url-alphabet = "<unknown version>"
+# nanoid/non-secure
+non-secure = "<unknown version>"
+# nanoid/async
+async = "<unknown version>"
+
+# This is part of yargs, which is MIT-licensed.
+# mocha/node_modules/yargs/helpers
+helpers = "<unknown version>"
diff --git a/SOURCES/check-null-licenses b/SOURCES/check-null-licenses
new file mode 100755
index 0000000..12108d5
--- /dev/null
+++ b/SOURCES/check-null-licenses
@@ -0,0 +1,182 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+
+import json
+from argparse import ArgumentParser, FileType, RawDescriptionHelpFormatter
+from pathlib import Path
+from sys import exit, stderr
+
+try:
+ import tomllib
+except ImportError:
+ import tomli as tomllib
+
+
+def main():
+ args = parse_args()
+ problem = False
+ if not args.tree.is_dir():
+ return f"Not a directory: {args.tree}"
+ for pjpath in args.tree.glob("**/package.json"):
+ name, version, license = parse(pjpath)
+ identity = f"{name} {version}"
+ if version in args.exceptions.get(name, ()):
+ continue # Do not even check the license
+ elif license is None:
+ problem = True
+ print(f"Missing license in package.json for {identity}", file=stderr)
+ elif isinstance(license, dict):
+ if isinstance(license.get("type"), str):
+ continue
+ print(
+ (
+ "Missing type for (deprecated) license object in "
+ f"package.json for {identity}: {license}"
+ ),
+ file=stderr,
+ )
+ elif isinstance(license, list):
+ if license and all(
+ isinstance(entry, dict) and isinstance(entry.get("type"), str)
+ for entry in license
+ ):
+ continue
+ print(
+ (
+ "Defective (deprecated) licenses array-of objects in "
+ f"package.json for {identity}: {license}"
+ ),
+ file=stderr,
+ )
+ elif isinstance(license, str):
+ continue
+ else:
+ print(
+ (
+ "Weird type for license in "
+ f"package.json for {identity}: {license}"
+ ),
+ file=stderr,
+ )
+ problem = True
+ if problem:
+ return "At least one missing license was found."
+
+
+def parse(package_json_path):
+ with package_json_path.open("rb") as pjfile:
+ pj = json.load(pjfile)
+ try:
+ license = pj["license"]
+ except KeyError:
+ license = pj.get("licenses")
+ try:
+ name = pj["name"]
+ except KeyError:
+ name = package_json_path.parent.name
+ version = pj.get("version", "<unknown version>")
+
+ return name, version, license
+
+
+def parse_args():
+ parser = ArgumentParser(
+ formatter_class=RawDescriptionHelpFormatter,
+ description=("Search for bundled dependencies without declared licenses"),
+ epilog="""
+
+The exceptions file must be a TOML file with zero or more tables. Each table’s
+keys are package names; the corresponding values values are exact version
+number strings, or arrays of version number strings, that have been manually
+audited to determine their license status and should therefore be ignored.
+
+Exceptions in a table called “any” are always applied. Otherwise, exceptions
+are applied only if a corresponding --with TABLENAME argument is given;
+multiple such arguments may be given.
+
+For
+example:
+
+ [any]
+ example-foo = "1.0.0"
+
+ [prod]
+ example-bar = [ "2.0.0", "2.0.1",]
+
+ [dev]
+ example-bat = [ "3.7.4",]
+
+would always ignore version 1.0.0 of example-foo. It would ignore example-bar
+2.0.1 only when called with “--with prod”.
+
+Comments may (and should) be used to describe the manual audits upon which the
+exclusions are based.
+
+Otherwise, any package.json with missing or null license field in the tree is
+considered an error, and the program returns with nonzero status.
+""",
+ )
+ parser.add_argument(
+ "-x",
+ "--exceptions",
+ type=FileType("rb"),
+ help="Manually audited package versions file",
+ )
+ parser.add_argument(
+ "-w",
+ "--with",
+ action="append",
+ default=[],
+ help="Enable a table in the exceptions file",
+ )
+ parser.add_argument(
+ "tree",
+ metavar="node_modules_dir",
+ type=Path,
+ help="Path to search recursively",
+ default=".",
+ )
+ args = parser.parse_args()
+
+ if args.exceptions is None:
+ args.exceptions = {}
+ xname = None
+ else:
+ with args.exceptions as xfile:
+ xname = getattr(xfile, "name", "<exceptions>")
+ args.exceptions = tomllib.load(args.exceptions)
+ if not isinstance(args.exceptions, dict):
+ parser.error(f"Invalid format in {xname}: not an object")
+ for tablename, table in args.exceptions.items():
+ if not isinstance(table, dict):
+ parser.error(f"Non-table entry in {xname}: {tablename} = {table!r}")
+ overlay = {}
+ for key, value in table.items():
+ if isinstance(value, str):
+ overlay[key] = [value]
+ elif not isinstance(value, list) or not all(
+ isinstance(entry, str) for entry in value
+ ):
+ parser.error(
+ f"Invalid format in {xname} in [{tablename}]: "
+ f"{key!r} = {value!r}"
+ )
+ table.update(overlay)
+
+ x = args.exceptions.get("any", {})
+ for add in getattr(args, "with"):
+ try:
+ x.update(args.exceptions[add])
+ except KeyError:
+ if xname is None:
+ parser.error(f"No table {add}, as no exceptions file was given")
+ else:
+ parser.error(f"No table {add} in {xname}")
+ # Store the merged dictionary
+ args.exceptions = x
+
+ return args
+
+
+if __name__ == "__main__":
+ exit(main())
diff --git a/SOURCES/llhttp-9.2.1-nm-dev.tar.zst b/SOURCES/llhttp-9.2.1-nm-dev.tar.zst
new file mode 100644
index 0000000..8e278a5
Binary files /dev/null and b/SOURCES/llhttp-9.2.1-nm-dev.tar.zst differ
diff --git a/SOURCES/llhttp-packaging-bundler b/SOURCES/llhttp-packaging-bundler
new file mode 100755
index 0000000..e0cb8ef
--- /dev/null
+++ b/SOURCES/llhttp-packaging-bundler
@@ -0,0 +1,110 @@
+#!/bin/bash
+set -o nounset
+set -o errexit
+
+OUTPUT_DIR="$(rpm -E '%{_sourcedir}')"
+SPEC_FILE="${PWD}/llhttp.spec"
+
+usage() {
+ cat 1>&2 <<EOF
+Usage: $(basename "$0")
+
+Given llhttp.spec in the working directory, download the source and the prod
+and dev dependencies, each in their own tarball.
+
+Also finds licenses for prod dependencies.
+
+All three tarballs and the license list are copied to
+${OUTPUT_DIR}.
+EOF
+ exit 1
+}
+
+if ! [[ -f /usr/bin/npm ]]
+then
+ cat 1>&2 <<EOF
+$(basename "${0}") requires npm to run
+
+Run the following to fix this:
+ sudo dnf install npm
+
+EOF
+ exit 2
+fi
+
+if [[ $# -gt 0 ]]; then
+ usage
+fi
+
+TMP_DIR="$(mktemp -d -t ci-XXXXXXXXXX)"
+trap "cd /; rm -rf '${TMP_DIR}'" INT TERM EXIT
+cd "${TMP_DIR}"
+
+echo "Reading ${SPEC_FILE}; downloading source archive" 1>&2
+VERSION="$(awk '$1 == "Version:" { print $2; exit }' "${SPEC_FILE}")"
+echo "Version is ${VERSION}" 1>&2
+echo "Downloading source archive" 1>&2
+spectool -g "${SPEC_FILE}"
+
+ARCHIVE="$(
+ find . -mindepth 1 -maxdepth 1 -type f -name '*.tar.gz' -print -quit
+)"
+echo "Downloaded $(basename "${ARCHIVE}")" 1>&2
+
+tar -xzf "${ARCHIVE}"
+XDIR="$(find . -mindepth 1 -maxdepth 1 -type d -print -quit)"
+echo "Extracted to $(basename "${XDIR}")" 1>&2
+
+cd "${XDIR}"
+
+echo "Downloading prod dependencies" 1>&2
+# Compared to nodejs-packaging-bundler, we must add --ignore-scripts or npm
+# unsuccessfully attempts to build the package.
+npm install --no-optional --only=prod --ignore-scripts
+echo "Successful prod dependencies download" 1>&2
+mv node_modules/ node_modules_prod
+
+echo "LICENSES IN BUNDLE:"
+LICENSE_FILE="${TMP_DIR}/llhttp-${VERSION}-bundled-licenses.txt"
+find . -name 'package.json' -exec jq '.license | strings' '{}' ';' \
+ >> "${LICENSE_FILE}"
+for what in '.license | objects | .type' '.licenses[] .type'
+do
+ find . -name 'package.json' -exec jq "${what}" '{}' ';' \
+ >> "${LICENSE_FILE}" 2>/dev/null
+done
+sort -u -o "${LICENSE_FILE}" "${LICENSE_FILE}"
+
+# Locate any dependencies without a provided license
+find . -type f -name 'package.json' -execdir jq \
+ 'if .license==null and .licenses==null then .name else null end' '{}' '+' |
+ grep -vE '^null$' |
+ sort -u > "${TMP_DIR}/nolicense.txt"
+
+if [[ -s "${TMP_DIR}/nolicense.txt" ]]
+then
+ echo -e "\e[5m\e[41mSome dependencies do not list a license. Manual verification required!\e[0m"
+ cat "${TMP_DIR}/nolicense.txt"
+ echo -e "\e[5m\e[41m======================================================================\e[0m"
+fi
+
+echo "Downloading dev dependencies" 1>&2
+# Compared to nodejs-packaging-bundler, we must add --ignore-scripts or npm
+# unsuccessfully attempts to build the package.
+npm install --no-optional --only=dev --ignore-scripts
+echo "Successful dev dependencies download" 1>&2
+mv node_modules/ node_modules_dev
+
+if [[ -d node_modules_prod ]]
+then
+ tar -cf "../llhttp-${VERSION}-nm-prod.tar" node_modules_prod
+fi
+if [[ -d node_modules_dev ]]
+then
+ tar -cf "../llhttp-${VERSION}-nm-dev.tar" node_modules_dev
+fi
+zstdmt --ultra -22 "../llhttp-${VERSION}-nm-prod.tar" "../llhttp-${VERSION}-nm-dev.tar"
+
+cd ..
+find . -mindepth 1 -maxdepth 1 -type f \( -name "$(basename "${ARCHIVE}")" \
+ -o -name "llhttp-${VERSION}*" \) -exec cp -vp '{}' "${OUTPUT_DIR}" ';'
diff --git a/SPECS/llhttp.spec b/SPECS/llhttp.spec
new file mode 100644
index 0000000..2be40de
--- /dev/null
+++ b/SPECS/llhttp.spec
@@ -0,0 +1,265 @@
+## START: Set by rpmautospec
+## (rpmautospec version 0.6.3)
+## RPMAUTOSPEC: autorelease, autochangelog
+%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
+ release_number = 1;
+ base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
+ print(release_number + base_release_number - 1);
+}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
+## END: Set by rpmautospec
+
+# This package is rather exotic. The compiled library is a typical shared
+# library with a C API. However, it has only a tiny bit of C source code. Most
+# of the library is written in TypeScript, which is transpiled to C, via LLVM
+# IR, using llparse (https://github.com/nodejs/llparse)—all of which happens
+# within the NodeJS ecosystem.
+#
+# The package therefore “builds like” a NodeJS package, and to the extent they
+# are relevant we apply the NodeJS packaging guidelines. However, the result of
+# the build “installs like” a traditional C library package and has no NodeJS
+# dependencies, including bundled ones.
+#
+# Furthermore, the package is registered with npm as “llhttp”, but current
+# releases are not published there, so we use the GitHub archive as the
+# canonical source and use a custom bundler script based on
+# nodejs-packaging-bundler to fetch NodeJS build dependencies.
+#
+# Overall, we cherry-pick from the standard and NodeJS packaging guidelines as
+# each seems to best apply, understanding that this package does not fit well
+# into any of the usual patterns or templates.
+#
+# Note that there is now a “release” tarball, e.g.
+# https://github.com/nodejs/llhttp/archive/refs/tags/release/v%%{version}tar.gz,
+# that allows this package to be built without the NodeJS/TypeScript machinery.
+# However, the release archive lacks the original TypeScript source code for
+# the generated C code, which we would need to include in the source RPM as an
+# additional source even if we do not do the re-generation ourselves.
+
+Name: llhttp
+Version: 9.2.1
+%global so_version 9.2
+Release: %autorelease
+Summary: Port of http_parser to llparse
+
+# License of llhttp is (SPDX) MIT; nothing from the NodeJS dependency bundle is
+# installed, so its contents do not contribute to the license of the binary
+# RPMs, and we do not need a file llhttp-%%{version}-bundled-licenses.txt.
+License: MIT
+URL: https://github.com/nodejs/llhttp
+Source0: %{url}/archive/v%{version}/llhttp-%{version}.tar.gz
+
+# Based closely on nodejs-packaging-bundler, except:
+#
+# - The GitHub source tarball specified in this spec file is used since the
+# current version is not typically published on npm
+# - No production dependency bundle is generated, since none is needed—and
+# therefore, no bundled licenses text file is generated either
+Source1: llhttp-packaging-bundler
+# Created with llhttp-packaging-bundler (Source1):
+Source2: llhttp-%{version}-nm-dev.tar.zst
+
+# While nothing in the dev bundle is installed, we still choose to audit for
+# null licenses at build time and to keep manually-approved exceptions in a
+# file.
+Source3: check-null-licenses
+Source4: audited-null-licenses.toml
+
+# The compiled RPM does not depend on NodeJS at all, but we cannot *build* it
+# on architectures without NodeJS.
+ExclusiveArch: %{nodejs_arches}
+
+# For generating the C source “release” from TypeScript:
+BuildRequires: nodejs-devel
+BuildRequires: make
+
+# For compiling the C library
+BuildRequires: cmake
+BuildRequires: gcc
+
+# For tests
+BuildRequires: gcc-c++
+
+# For check-null-licenses
+BuildRequires: python3-devel
+BuildRequires: (python3dist(tomli) if python3 < 3.11)
+
+%description
+This project is a port of http_parser to TypeScript. llparse is used to
+generate the output C source file, which could be compiled and linked with the
+embedder's program (like Node.js).
+
+
+%package devel
+Summary: Development files for llhttp
+
+Requires: llhttp%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
+
+%description devel
+The llhttp-devel package contains libraries and header files for
+developing applications that use llhttp.
+
+
+%prep
+%autosetup
+
+# Remove build flags specifying ISA extensions not in the architectural
+# baseline from the test fixture setup.
+sed -r -i 's@([[:blank:]]*)(.*-m(sse4))@\1// \2@' test/fixtures/index.ts
+
+# We build the library that we install via release/CMakeLists.txt, but the
+# tests are built via Makefile targets. Don’t apply non-default optimization or
+# debug flags to the test executables.
+sed -r -i 's@ -[Og].\b@@g' Makefile
+
+# Set up bundled (dev) node modules required to generate the C sources from the
+# TypeScript sources.
+tar --zstd --extract --file='%{SOURCE2}'
+mkdir -p node_modules
+pushd node_modules
+ln -s ../node_modules_dev/* .
+ln -s ../node_modules_dev/.bin .
+popd
+
+# We run ts-node out of node_modules/.bin rather than using npx (which we will
+# not have available).
+sed -r -i 's@\bnpx[[:blank:]](ts-node)\b@node_modules/.bin/\1@' Makefile
+
+
+%build
+# Generate the C source “release” from TypeScript using the “node_modules_dev”
+# bundle.
+%make_build release RELEASE='%{version}'
+
+# To help prove that nothing from the bundled NodeJS dev dependencies is
+# included in the binary packages, remove the “node_modules” symlinks.
+rm -rvf node_modules
+
+cd release
+%cmake
+%cmake_build
+
+
+%install
+cd release
+%cmake_install
+
+
+%check
+# Symlink the NodeJS bundle again so that we can test with Mocha
+mkdir -p node_modules
+pushd node_modules
+ln -s ../node_modules_dev/* .
+ln -s ../node_modules_dev/.bin .
+popd
+
+# Verify that no bundled dev dependency has a null license field, unless we
+# already audited it by hand. This reduces the chance of accidentally including
+# code with license problems in the source RPM.
+%{python3} '%{SOURCE3}' --exceptions '%{SOURCE4}' --with dev node_modules_dev
+
+%set_build_flags
+# http-loose-request.c:7205:20: error: invalid conversion from 'void*' to
+# 'const unsigned char*' [-fpermissive]
+# 7205 | start = state->_span_pos0;
+# | ~~~~~~~^~~~~~~~~~
+# | |
+# | void*
+export CXXFLAGS="${CXXFLAGS-} -fpermissive"
+export CFLAGS="${CFLAGS-} -fpermissive"
+export CLANG=gcc
+# See scripts.test in package.json:
+NODE_ENV=test node -r ts-node/register/type-check ./test/md-test.ts
+
+
+%files
+%license release/LICENSE-MIT
+%{_libdir}/libllhttp.so.%{so_version}{,.*}
+
+
+%files devel
+%doc release/README.md
+%{_includedir}/llhttp.h
+%{_libdir}/libllhttp.so
+%{_libdir}/pkgconfig/libllhttp.pc
+%{_libdir}/cmake/llhttp/
+
+
+%changelog
+## START: Generated by rpmautospec
+* Thu Apr 11 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.2.1-1
+- Update to 9.2.1 (close RHBZ#2273352, fix CVE-2024-27982)
+- Switch from xz to zstd compression for the “dev” bundle archive
+
+* Thu Apr 11 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.2.0-4
+- Format check-null-licenses with “ruff format”
+
+* Thu Apr 11 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.2.0-1
+- Update to 9.2.0 (close RHBZ#2263250)
+
+* Thu Apr 11 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.3-2
+- Compress the dev dependency bundle with xz instead of gzip
+
+* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.3-1
+- Update to 9.1.3 (close RHBZ#2242220)
+
+* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.2-1
+- Update to 9.1.2
+
+* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.1-1
+- Update to 9.1.1
+
+* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.0-1
+- Update to 9.1.0
+
+* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.0.1-1
+- Update to 9.0.1 (close RHBZ#2228290)
+
+* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.0.0-1
+- Update to 9.0.0
+
+* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.1-1
+- Update to 8.1.1 (close RHBZ#2216591)
+
+* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.0-3
+- Fix test compiling/execution
+
+* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.0-2
+- Indicate dirs. in files list with trailing slashes
+
+* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.0-1
+- Update to 8.1.0 (close RHBZ#2131175)
+
+* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.0.0-1
+- Update to 8.0.0 (close RHBZ#2131175)
+
+* Sat Jul 29 2023 Stephen Gallagher <sgallagh@redhat.com> - 6.0.10-1
+- Update to v6.0.10
+
+* Sat Jul 29 2023 Miro Hrončok <miro@hroncok.cz> - 6.0.9-2
+- Use tomllib/python-tomli instead of dead upstream python-toml
+
+* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.9-1
+- Update to 6.0.9 (close RHBZ#2116231)
+- Bumped .so version from downstream 0.1 to upstream 6.0
+- Better upstream support for building and installing a shared library
+- The -devel package now contains a .pc file
+- Tests are now built with gcc and fully respect distro flags
+
+* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.6-6
+- Drop “forge” macros, which aren’t really doing much here
+
+* Fri Dec 24 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.6-5
+- Add a note about LLHTTP_STRICT_MODE to the package description
+
+* Fri Dec 24 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.6-4
+- Revert "Build with LLHTTP_STRICT_MODE enabled"
+
+* Wed Dec 22 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.6-3
+- Build with LLHTTP_STRICT_MODE enabled
+
+* Tue Dec 14 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.6-2
+- Dep. on cmake-filesystem is now auto-generated
+
+* Mon Dec 06 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.6-1
+- Initial package (close RHBZ#2029461)
+## END: Generated by rpmautospec