%{?scl:%scl_package nodejs}

%{!?scl:%global pkg_name %{name}}

# Enable debug build

%bcond_with debug

# Enable bootstrapping – enabled by default

%bcond_without bootstrap

# When running parallel build, ld tends to run out of memory/be killed by signal 9

# Put parallel compilation behind bcond for now

%bcond_with parallel_build

# ARM builds currently break on the Debug builds, so we'll just

# build the standard runtime until that gets sorted out.

%ifarch %{arm} aarch64 %{power64}

%undefine with_debug

%endif

# == Node.js Version ==

# Note: Fedora should only ship LTS versions of Node.js (currently expected

# to be major versions with even numbers). The odd-numbered versions are new

# feature releases that are only supported for nine months, which is shorter

# than a Fedora release lifecycle.

%global nodejs_major 14

%global nodejs_minor 21

%global nodejs_patch 1

%global nodejs_abi %{nodejs_major}.%{nodejs_minor}

%global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}

%global nodejs_release 3

%global nodejs_datadir %{_datarootdir}/nodejs

# == Bundled Dependency Versions ==

# v8 - from deps/v8/include/v8-version.h

%global v8_major 8

%global v8_minor 4

%global v8_build 371

%global v8_patch 23

# V8 presently breaks ABI at least every x.y release while never bumping SONAME

%global v8_abi %{v8_major}.%{v8_minor}

%global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}

# c-ares - from deps/cares/include/ares_version.h

%global c_ares_major 1

%global c_ares_minor 18

%global c_ares_patch 1

%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}

# llhttp - from deps/llhttp/include/llhttp.h

%global llhttp_major 2

%global llhttp_minor 1

%global llhttp_patch 6

%global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch}

# libuv - from deps/uv/include/uv/version.h

%global libuv_major 1

%global libuv_minor 42

%global libuv_patch 0

%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}

# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h

%global nghttp2_major 1

%global nghttp2_minor 42

%global nghttp2_patch 0

%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}

# ICU – from tools/icu/current_ver.dep

%global icu_major 70

%global icu_minor 1

%global icu_version %{icu_major}.%{icu_minor}

%global icudatadir %{nodejs_datadir}/icudata

%{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print(0 if sys.byteorder=='big' else 1)")}

# " this line just fixes syntax highlighting for vim that is confused by the above and continues literal

%global sys_icu_version %(/usr/bin/icu-config --version)

%if "%{sys_icu_version}" >= "%{icu_version}"

%global bundled_icu 0

%global icu_flag system-icu

%else

%global bundled_icu 1

%global icu_flag full-icu

%endif

# punycode - from lib/punycode.js

%global punycode_major 2

%global punycode_minor 1

%global punycode_patch 0

%global punycode_version %{punycode_major}.%{punycode_minor}.%{punycode_patch}

# npm - from deps/npm/package.json

%global npm_major 6

%global npm_minor 14

%global npm_patch 17

%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}

# uvwasi - from deps/uvwasi/include/uvwasi.h

%global uvwasi_major 0

%global uvwasi_minor 0

%global uvwasi_patch 11

%global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}

# zlib version - from deps/zlib/zlib.h

# Note: Only required/bundled on RHEL-7

%global zlib_major 1

%global zlib_minor 2

%global zlib_patch 11

%global zlib_version %{zlib_major}.%{zlib_minor}.%{zlib_patch}

# histogram_c - assumed from timestamps

%global histogram_major 0

%global histogram_minor 9

%global histogram_patch 7

%global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch}

# In order to avoid needing to keep incrementing the release version for the

# main package forever, we will just construct one for npm that is guaranteed

# to increment safely. Changing this can only be done during an update when the

# base npm version number is increasing.

%global npm_release %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}

# Filter out the NPM bundled dependencies so we aren't providing them

%global __provides_exclude_from ^%{nodejs_sitelib}/npm/node_modules.*$

%global __requires_exclude_from ^%{nodejs_sitelib}/npm/node_modules.*$

Name: %{?scl_prefix}nodejs

Version: %{nodejs_version}

Release: %{nodejs_release}%{?dist}

Summary: JavaScript runtime

License: MIT and ASL 2.0 and ISC and BSD

Group: Development/Languages

URL: http://nodejs.org/

# nodejs bundles openssl, but we use the system version in Fedora

# because openssl contains prohibited code, we remove openssl completely from

# the tarball, using the script in Source100

Source0: node-v%{nodejs_version}-stripped.tar.gz

Source100: %{pkg_name}-tarball.sh

# Use separate shim library to smooth the rough edges of API incompatibility

# between OpenSSL versions

Source1: https://github.com/sclorg/node-ssl-shim/archive/70e39fdc1db4525191acc765f9d524ddb58a1756/node-ssl-shim-70e39fd.tar.gz

Source2: btest402.js

Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz

# These are full sources for dependencies included as WASM blobs in the source of Node itself.

# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to.

# Recipes for creating these blobs are included in the sources.

# Version: jq '.version' deps/cjs-module-lexer/package.json

# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz

# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm

Source101: cjs-module-lexer-1.2.2.tar.gz

# The WASM blob was made using wasi-sdk v11; compiler libraries are linked in.

# Version source: Makefile

Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz

# Patches for making nodejs compatible with older openssl

# Squashed and exported from https://gitlab.cee.redhat.com/nodejs/node

# – please submit changes to the appropriate branch there (redhat/%%{version}).

Patch1: 0001-Link-with-ssl-shim.patch

Patch2: 0002-Use-OpenSSL-1.0-API.patch

Patch3: 0003-Backport-necessary-OpenSSL-features.patch

Patch4: 0004-Disable-unsupported-OpenSSL-features.patch

Patch5: 0005-Adjust-tests-expectations.patch

Patch6: 0006-Disable-tests-for-unsupported-features.patch

Patch7: 0007-Disable-tests-for-known-issues.patch

# Remove libuv attempts to use statx syscall – rhbz#1760184

Patch10: deps-Remove-statx-from-libuv.patch

# Make icutrim work with python 2

Patch11: Make-icutrim.py-Python-2-compatible.patch

# Address various CVEs in bundled deps

Patch21: deps-ansi-regex-fix-potential-ReDoS.patch

Patch22: deps-node-fetch-npm-backport-CVE-2022-0235-fix.patch

Patch23: deps-qs-parse-ignore-__proto__-keys.patch

Patch24: deps-minimist-improve-redos-protection.patch

%{?scl:Requires: %{scl}-runtime}

%{?scl:BuildRequires: %{scl}-runtime}

BuildRequires: python-devel

#BuildRequires: libicu-devel

BuildRequires: zlib-devel

BuildRequires: devtoolset-9-gcc

BuildRequires: devtoolset-9-gcc-c++

# needed for tests

BuildRequires: procps-ng

BuildRequires: systemtap-sdt-devel

BuildRequires: chrpath

BuildRequires: devtoolset-9-libatomic-devel

BuildRequires: openssl-devel >= 1:1.0.2

Requires: ca-certificates

#we need ABI virtual provides where SONAMEs aren't enough/not present so deps

#break when binary compatibility is broken

Provides: %{?scl_prefix}nodejs(abi) = %{nodejs_abi}

Provides: %{?scl_prefix}nodejs(abi%{nodejs_major}) = %{nodejs_abi}

Provides: %{?scl_prefix}nodejs(v8-abi) = %{v8_abi}

Provides: %{?scl_prefix}nodejs(v8-abi%{v8_major}) = %{v8_abi}

#this corresponds to the "engine" requirement in package.json

Provides: %{?scl_prefix}nodejs(engine) = %{nodejs_version}

# Node.js currently has a conflict with the 'node' package in Fedora

# The ham-radio group has agreed to rename their binary for us, but

# in the meantime, we're setting an explicit Conflicts: here

Conflicts: node <= 0.3.2-12

# The punycode module was absorbed into the standard library in v0.6.

# It still exists as a seperate package for the benefit of users of older

# versions.  Since we've never shipped anything older than v0.10 in Fedora,

# we don't need the seperate nodejs-punycode package, so we Provide it here so

# dependent packages don't need to override the dependency generator.

# See also: RHBZ#11511811

# UPDATE: punycode will be deprecated and so we should unbundle it in Node v8

# and use upstream module instead

# https://github.com/nodejs/node/commit/29e49fc286080215031a81effbd59eac092fff2f

Provides: %{?scl_prefix}nodejs-punycode = %{punycode_version}

Provides: %{?scl_prefix}npm(punycode) = %{punycode_version}

# Node.js has forked c-ares from upstream in an incompatible way, so we need

# to carry the bundled version internally.

# See https://github.com/nodejs/node/commit/766d063e0578c0f7758c3a965c971763f43fec85

Provides: bundled(%{?scl_prefix}c-ares) = %{c_ares_version}

# Node.js is closely tied to the version of v8 that is used with it. It makes

# sense to use the bundled version because upstream consistently breaks ABI

# even in point releases. Node.js upstream has now removed the ability to build

# against a shared system version entirely.

# See https://github.com/nodejs/node/commit/d726a177ed59c37cf5306983ed00ecd858cfbbef

Provides: bundled(%{?scl_prefix}v8) = %{v8_version}

# Node.js and http-parser share an upstream. The http-parser upstream does not

# do releases often and is almost always far behind the bundled version

Provides: bundled(%{?scl_prefix}llhttp) = %{llhttp_version}

# We now bundle libuv in SCL too

Provides: bundled(%{?scl_prefix}libuv) = %{libuv_version}

# Node.js provides http2 support, but shared option is not yet available

Provides: bundled(%{?scl_prefix}nghttp2) = %{nghttp2_version}

# Bundle zlib on RHEL7, as the system version is too old

Provides: bundled(%{?scl_prefix}zlib) = %{zlib_version}

# Bundle icu if not using the system one

%if "%{icu_flag}" != "system-icu"

Provides: bundled(%{?scl_prefix}icu) = %{icu_version}

%endif

# Bundle uvwasi, since it is not available on RHEL7

Provides: bundled(%{?scl_prefix}uvwasi) = %{uvwasi_version}

Provides: bundled(%{?scl_prefix}histogram) = %{histogram_version}

# Make sure we keep NPM up to date when we update Node.js

Requires: %{?scl_prefix}npm = %{npm_version}-%{npm_release}%{?dist}

%description

Node.js is a platform built on Chrome's JavaScript runtime

for easily building fast, scalable network applications.

Node.js uses an event-driven, non-blocking I/O model that

makes it lightweight and efficient, perfect for data-intensive

real-time applications that run across distributed devices.

%package devel

Summary: JavaScript runtime - development headers

Group: Development/Languages

Requires: %{?scl_prefix}%{pkg_name}%{?_isa} = %{nodejs_version}-%{nodejs_release}%{?dist}

Requires: openssl-devel%{?_isa}

Requires: zlib-devel%{?_isa}

Requires: %{?scl_prefix}runtime

%if !%{with bootstrap}

Requires: %{?scl_prefix}http-parser-devel%{?_isa}

%endif

%description devel

Development headers for the Node.js JavaScript runtime.

%package full-i18n

Summary: Non-English locale data for Node.js

Requires: %{name}%{?_isa} = %{nodejs_version}-%{nodejs_release}%{?dist}

%description full-i18n

Optional data files to provide full-icu support for Node.js. Remove this

package to save space if non-English locales are not needed.

%package -n %{?scl_prefix}npm

Summary: Node.js Package Manager

Version: %{npm_version}

Release: %{npm_release}%{?dist}

# We used to ship npm separately, but it is so tightly integrated with Node.js

# (and expected to be present on all Node.js systems) that we ship it bundled

# now.

Provides: %{?scl_prefix}npm = %{npm_version}

Requires: %{?scl_prefix}nodejs = %{nodejs_version}-%{nodejs_release}%{?dist}

%description -n %{?scl_prefix}npm

npm is a package manager for node.js. You can use it to install and publish

your node programs. It manages dependencies and does other cool stuff.

%package docs

Summary: Node.js API documentation

Group: Documentation

BuildArch: noarch

%description docs

The API documentation for the Node.js JavaScript runtime.

%prep

%autosetup -p1 -n node-v%{nodejs_version}

# Add SSL shim files to dependencies

tar -C deps/ -xzf "%{SOURCE1}" && mv deps/node-ssl-shim* deps/node-ssl-shim

# fix file permissions on source and header files

find deps/ -name '*.c' -o -name '*.h' -exec chmod 0644 '{}' +

%build

%{?scl:scl enable %{scl} devtoolset-9 - << \EOF}

# _pkgdocdir does not support subpackage with different version

%{?rhel7:%global _pkgdocdir %{_docdir}/%{name}-%{nodejs_version}}

set -ex

# Install ssl shim as bundled dependency

%{make_install} -C deps/node-ssl-shim prefix=.

# build with debugging symbols and add defines from libuv (#892601)

# Node's v8 breaks with GCC 6 because of incorrect usage of methods on

# NULL objects. We need to pass -fno-delete-null-pointer-checks

extra_cflags=(

    -g

    -D_LARGEFILE_SOURCE

    -D_FILE_OFFSET_BITS=64

    -DZLIB_CONST

    -fno-delete-null-pointer-checks

)

export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cflags[*]}"

# This is not autotools, even if it resembles it

./configure --prefix=%{_prefix} \

    %{?with_debug:--debug} \

    --with-dtrace \

    --with-intl=%{icu_flag} --with-icu-default-data-dir=%{icudatadir} \

    --shared-openssl --openssl-use-def-ca-store --openssl-is-fips \

    --without-corepack \

    %{!?el7:--shared-zlib} \

    %{!?with_bootstrap:--shared-http-parser}

%make_build %{!?with_parallel_build:-j1}

# Extract the ICU data and convert it to the appropriate endianness

pushd deps/

tar -xzf '%{SOURCE3}'

pushd icu/source

mkdir -p converted

%if 0%{?little_endian}

# The little endian data file is included in the ICU sources

install -Dpm0644 data/in/icudt%{icu_major}l.dat converted/

%else

# For the time being, we need to build ICU and use the included `icupkg` tool

# to convert the little endian data file into a big-endian one.

# At some point in the future, ICU releases will start including both data

# files and we should switch to those.

mkdir -p data/out/tmp

%configure

%make_build

icu_root=$(pwd)

LD_LIBRARY_PATH=./lib ./bin/icupkg -tb data/in/icudt%{icu_major}l.dat converted/icudt%{icu_major}b.dat

%endif

popd # icu/source

popd # deps

%{?scl:EOF}

%install

./tools/install.py install %{buildroot} %{_prefix}

# Set the binary permissions properly

chmod 0755 %{buildroot}/%{_bindir}/node

%if %{with debug}

# Install the debug binary and set its permissions

install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g

%endif

# own the sitelib directory

mkdir -p %{buildroot}%{nodejs_sitelib}

#install documentation

mkdir -p %{buildroot}%{_pkgdocdir}/html

cp -pr doc/* %{buildroot}%{_pkgdocdir}/html

rm -f %{buildroot}%{_pkgdocdir}/html/nodejs.1

#node-gyp needs common.gypi too

mkdir -p %{buildroot}%{_datadir}/node

cp -p common.gypi %{buildroot}%{_datadir}/node

# install NPM docs to mandir

mkdir -p %{buildroot}%{_mandir} \

         %{buildroot}%{_pkgdocdir}/npm

cp -pr deps/npm/man/* %{buildroot}%{_mandir}/

rm -rf %{buildroot}%{_prefix}/%{nodejs_sitelib}/npm/man

ln -sf %{_mandir}  %{buildroot}%{nodejs_sitelib}/npm/man

# Install Gatsby HTML documentation to %%{_pkgdocdir}

cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/

rm -rf %{buildroot}%{nodejs_sitelib}/npm/docs

ln -sf %{_pkgdocdir}/npm %{buildroot}%{nodejs_sitelib}/npm/docs

# Install the GDB init tool into the documentation directory

mv %{buildroot}/%{_datadir}/doc/node/gdbinit %{buildroot}/%{_pkgdocdir}/gdbinit

# Node tries to install some python files into a documentation directory

# (and not the proper one). Remove them for now until we figure out what to

# do with them.

rm -f %{buildroot}/%{_defaultdocdir}/node/lldb_commands.py \

      %{buildroot}/%{_defaultdocdir}/node/lldbinit

# Since the old version of NPM was unbundled, there are a lot of symlinks in

# it's node_modules directory. We need to keep these as symlinks to ensure we

# can backtrack on this if we decide to.

# Rename the npm node_modules directory to node_modules.bundled

mv %{buildroot}/%{nodejs_sitelib}/npm/node_modules \

   %{buildroot}/%{nodejs_sitelib}/npm/node_modules.bundled

# Recreate all the symlinks

mkdir -p %{buildroot}/%{nodejs_sitelib}/npm/node_modules

FILES=%{buildroot}/%{nodejs_sitelib}/npm/node_modules.bundled/*

for f in $FILES

do

  module=`basename $f`

  ln -s ../node_modules.bundled/$module %{buildroot}%{nodejs_sitelib}/npm/node_modules/$module

done

# Install the full-icu data files

mkdir -p '%{buildroot}%{icudatadir}'

install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*

%check

%{?scl:scl enable %{scl} devtoolset-9 - << \EOF}

set -ex

# Fail the build if the versions don't match

%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"

%{buildroot}/%{_bindir}/node -e "require('assert').ok(process.versions.v8.startsWith('%{v8_version}'))"

%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"

# Ensure we have punycode and that the version matches

%{buildroot}/%{_bindir}/node -e "require('assert').equal(require('punycode').version, '%{punycode_version}')"

# Ensure we have npm and that the version matches

NODE_PATH=%{buildroot}%{nodejs_sitelib} %{buildroot}/%{_bindir}/node -e "require('assert').equal(require('npm').version, '%{npm_version}')"

# Make sure i18n support is working

NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}

# Only run suites that we are expected to pass

RUN_SUITES=(

    abort

    async-hooks

    cctest

    es-module

    parallel

    sequential

)

python2 tools/test.py "${RUN_SUITES[@]}" || :  # FIXME – disable all failing tests to catch new failures

%{?scl:EOF}

%files

%{_bindir}/node

%{_mandir}/man1/node.*

%dir %{_pkgdocdir}

%dir %{nodejs_sitelib}

%dir %{_datadir}/node

%dir %{_datadir}/systemtap

%dir %{_datadir}/systemtap/tapset

%{_datadir}/systemtap/tapset/node.stp

%dir %{_prefix}/lib/dtrace

%{_prefix}/lib/dtrace/node.d

%license LICENSE

%doc AUTHORS CHANGELOG.md onboarding.md GOVERNANCE.md README.md

%files devel

%if %{with debug}

%{_bindir}/node_g

%endif

%{_includedir}/node

%{_datadir}/node/common.gypi

%{_pkgdocdir}/gdbinit

%files full-i18n

%dir %{icudatadir}

%{icudatadir}/icudt%{icu_major}*.dat

%files -n %{?scl_prefix}npm

%{_bindir}/npm

%{_bindir}/npx

%{nodejs_sitelib}/npm

%ghost %{_sysconfdir}/npmrc

%ghost %{_sysconfdir}/npmignore

%doc %{_mandir}/man1/npm*.1*

%doc %{_mandir}/man1/npx.1*

%doc %{_mandir}/man5/folders.5*

%doc %{_mandir}/man5/install.5*

%doc %{_mandir}/man5/npmrc.5*

%doc %{_mandir}/man5/package-json.5*

%doc %{_mandir}/man5/package-lock-json.5*

%doc %{_mandir}/man5/package-locks.5*

%doc %{_mandir}/man5/shrinkwrap-json.5*

%doc %{_mandir}/man7/config.7*

%doc %{_mandir}/man7/developers.7*

%doc %{_mandir}/man7/disputes.7*

%doc %{_mandir}/man7/orgs.7*

%doc %{_mandir}/man7/registry.7*

%doc %{_mandir}/man7/removal.7*

%doc %{_mandir}/man7/scope.7*

%doc %{_mandir}/man7/scripts.7*

%doc %{_mandir}/man7/semver.7*

%files docs

%dir %{_pkgdocdir}

%{_pkgdocdir}/html

%{_pkgdocdir}/npm/docs

%changelog

* Thu Jan 26 2023 Jan Staněk <jstanek@redhat.com> - 14.21.1-3

- Properly apply upstream patch for CVE-2022-3517

  Resolves: CVE-2022-3517

* Tue Jan 10 2023 Jan Staněk <jstanek@redhat.com> - 14.21.1-2

- Provide full-i18n subpackage

  Resolves: rhbz#2009880

- Properly backport CVE-2022-0235 fix

  Resolves: CVE-2022-0235

- Fix prototype poisoning in qs dependency

  Resolves: CVE-2022-24999

* Wed Nov 16 2022 Jan Staněk <jstanek@redhat.com> - 14.21.1-1

- Rebase to version 14.21.1

  Resolves: rhbz#2129806 CVE-2022-43548

* Fri Oct 07 2022 Jan Staněk <jstanek@redhat.com> - 14.20.1-2

- Record additional fixes included in current version

  Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824

  Resolves: CVE-2022-0235 CVE-2021-44906

* Thu Sep 29 2022 Jan Staněk <jstanek@redhat.com> - 14.20.1-1

- Rebase to version 14.20.1

  Resolves: CVE-2022-35256

* Tue Jul 26 2022 Jan Staněk <jstanek@redhat.com> - 14.20.0-2

- Disable corepack

* Tue Jul 12 2022 Jan Staněk <jstanek@redhat.com> - 14.20.0-1

- Rebase to 14.20.0

  Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215

* Thu Dec 09 2021 Jan Staněk <jstanek@redhat.com> - 14.18.2-1

- Rebase to 14.18.2

  Resolves: rhbz#2031770 rhbz#2031774

* Mon Nov 01 2021 Jan Staněk <jstanek@redhat.com> - 14.18.1-1

- Rebase to 14.18.1

  Resolves: rhbz#2031773 rhbz#2031772

* Wed Sep 01 2021 Jan Staněk <jstanek@redhat.com> - 14.17.6-1

- Rebase to 14.17.6

  Resolves: rhbz#2031767 rhbz#2031769

- Drop CVE-2021-23343-path-parse-redos.patch: fixed upstream

* Thu Aug 19 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 14.17.5-1.1

- Fix parallel builds

* Thu Aug 12 2021 Jan Staněk <jstanek@redhat.com> - 14.17.5-1

- Rebase to 14.17.5

  Resolves: CVE-2021-22931 CVE-2021-22939 CVE-2021-22940

* Thu Aug 05 2021 Jan Staněk <jstanek@redhat.com> - 14.17.4-1

- Rebase to 14.17.4 with additional fixes (update-handling-on-rst_stream-frames.patch)

  Resolves: CVE-2021-22930

- Patch bundled(nodejs-path-parse) for CVE-2021-23343

  Resolves: rhbz#1986745

* Wed Jul 07 2021 Jan Staněk <jstanek@redhat.com> - 14.17.2-1

- Rebase to 14.17.2

  Resolves: CVE-2021-22918, CVE-2021-23362, CVE-2021-27290, CVE-2021-33502

- Remove upstreamed deps-y18n-CVE-2020-7774.patch

* Tue Feb 23 2021 Jan Staněk <jstanek@redhat.com> - 14.16.0-1

- Rebase to 14.16.0

- Resolves: CVE-2021-22883 CVE-2021-22884

* Wed Jan 27 2021 Jan Staněk <jstanek@redhat.com> - 14.15.4-2

- Patch bundled y18n for CVE-2020-7774

- Resolves: CVE-2020-7774

* Tue Jan 05 2021 Jan Staněk <jstanek@redhat.com> - 14.15.4-1

- Rebase to 14.15.4

- Resolves: CVE-2020-8265 CVE-2020-8287

* Thu Oct 29 2020 Jan Staněk <jstanek@redhat.com> - 14.15.0-1

- Rebase to 14.15.0

* Wed Sep 16 2020 Jan Staněk <jstanek@redhat.com> - 14.11.0-1

- Rebase to 14.11.0

* Thu Aug 27 2020 Jan Staněk <jstanek@redhat.com> - 14.8.0-1

- Rebase to 14.8.0

- Enable FIPS when building (--openssl-is-fips)

* Wed Jul 29 2020 Jan Staněk <jstanek@redhat.com> - 14.6.0-1

- Rebase to 14.6.0

* Tue Jun 30 2020 Jan Staněk <jstanek@redhat.com> - 12.18.2-1

- Rebase to 12.18.2

* Wed Jun 24 2020 Jan Staněk <jstanek@redhat.com> - 12.18.1-1

- Rebase to 12.18.1

- Use devtoolset-9

* Wed Feb 19 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 12.16.1

- Resolves: RHBZ#1800404, RHBZ#1800403, RHBZ#1800378, RHBZ#1774113

- Resolves: RHBZ#1803154, RHBZ#1803157, RHBZ#1803160 (nmp CVEs)

- also 1793482

- use devtoolset-8, build with -j4

- added uvwasi bundled dependency

- revert more features #23188, #30637, #29598, #29292, #29489, #30055, #30053

* Thu Jan 16 2020 Jan Staněk <jstanek@redhat.com> - 12.14.1-1

- Rebase to 12.14.1

* Thu Nov 14 2019 Jan Staněk <jstanek@redhat.com> - 12.10.0-4

- Patch more OpenSSL features

- Adjust test suite to (mostly) pass without patched OpenSSL features

* Thu Oct 10 2019 Jan Staněk <jstanek@redhat.com> - 12.10.0-3

- Revert statx utilization in libuv to workaround s390x container issue

- Resolves: rhbz#1760184

* Sat Oct 05 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 12.10.0-2

- Add some missing flags, merge patches into one

* Sat Oct 05 2019 Honza Horak <hhorak@redhat.com> - 12.10.0-1.1

- Rebase to 12.10.0 and apply patches for openssl compatibility

  (patches prepared by Zuzana and Jan)

* Tue Aug 13 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 12.8.0-1

- Resolves: RHBZ#1717846

- update to v12.x

- build without crypto for now

* Thu Apr 04 2019 Jan Staněk <jstanek@redhat.com> - 10.10.0-3

- Rebuild with bundled zlib

- Resolves: rhbz#1677710

* Wed Oct 31 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 10.10.0-2

- Resolves: RHBZ#1584252

- comment out native.req file to prevent conflict with other Node.js

- installations (rhbz#1637922)

* Fri Sep 14 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 10.10.0-1

- rebase to v10.10.0

- update patches for openssl

- TODO: remove useless comments, fix failing tests, update bundled provides

* Thu Jul 19 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 10.1.0-1

- Initial v10 packaging

- patch crypto/openssl 1.1.0 -> 1.0.2

- remove scl prefixes from bundled dependencies

- TODO: update patches and dependencies

* Tue Feb 06 2018 Zuzana Svetlikova <zsvtelik@redhat.com> - 8.9.4-2

- Resolves: RHBZ#1513560 #1542079

- fix outdated minizlib dependency in npm node_modules tree

- https://github.com/nodejs/node/pull/16509

* Mon Jan 15 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 8.9.4-1

- Resolves: RHBZ#1513560

- rebase to LTS

* Wed Sep 27 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 8.6.0-1

- Resolves: RHBZ#1490389

- Update, v8.5.0 contains a CVE