diff --git a/Disable-running-gyp-on-shared-deps.patch b/0001-Disable-running-gyp-on-shared-deps.patch
similarity index 62%
rename from Disable-running-gyp-on-shared-deps.patch
rename to 0001-Disable-running-gyp-on-shared-deps.patch
index 7db5731e019b8bd6614aaa7a177b01e2c896167d..3c11dd8747bbd2cdb47fdc77dcac8480ef08aed2 100644
--- a/Disable-running-gyp-on-shared-deps.patch
+++ b/0001-Disable-running-gyp-on-shared-deps.patch
@@ -1,10 +1,17 @@
+From 7a6257be1d0276ff22d2d92ea89c5bca6c633802 Mon Sep 17 00:00:00 2001
+From: Zuzana Svetlikova <zsvetlik@redhat.com>
+Date: Thu, 27 Apr 2017 14:25:42 +0200
+Subject: [PATCH 1/3] Disable running gyp on shared deps
+
+---
+ Makefile | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
 diff --git a/Makefile b/Makefile
-index 5fc2bb0c58f5532044a14e9f9595b2316f562726..f1c1545caa220d7442d6d92c49412ec7554de123 100644
+index 316410e3f81e39cdddecf91d5b717c884a9c51b3..62c8ebb5b95a68e44d4c2ab3beee70d63c3175c7 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -121,14 +121,13 @@ with-code-cache:
- 
- .PHONY: test-code-cache
+@@ -123,10 +123,9 @@ with-code-cache:
  test-code-cache: with-code-cache
  	$(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache
  
@@ -18,8 +25,6 @@ index 5fc2bb0c58f5532044a14e9f9595b2316f562726..f1c1545caa220d7442d6d92c49412ec7
  	$(PYTHON) tools/gyp_node.py -f make
  
  config.gypi: configure configure.py
- 	@if [ -x config.status ]; then \
- 		./config.status; \
 -- 
-2.19.0
+2.24.1
 
diff --git a/0002-Install-both-binaries-and-use-libdir.patch b/0002-Install-both-binaries-and-use-libdir.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9e184d7e926bdc2c6914a91365a6620725ac0955
--- /dev/null
+++ b/0002-Install-both-binaries-and-use-libdir.patch
@@ -0,0 +1,86 @@
+From 8828c8fdc98f310a718a65ebc47d8a163e41b0cb Mon Sep 17 00:00:00 2001
+From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
+Date: Tue, 19 Mar 2019 23:22:40 -0400
+Subject: [PATCH 2/3] Install both binaries and use libdir.
+
+This allows us to build with a shared library for other users while
+still providing the normal executable.
+
+Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com>
+---
+ configure.py     |  7 +++++++
+ tools/install.py | 29 +++++++++++++----------------
+ 2 files changed, 20 insertions(+), 16 deletions(-)
+
+diff --git a/configure.py b/configure.py
+index 22861a10eeac54cae69fc1be4b9aef7ed5106a35..48389fbdcb57cbf8d9c11d4921c65f34a1937cc7 100755
+--- a/configure.py
++++ b/configure.py
+@@ -552,6 +552,12 @@ parser.add_option('--shared',
+     help='compile shared library for embedding node in another project. ' +
+          '(This mode is not officially supported for regular applications)')
+ 
++parser.add_option('--libdir',
++    action='store',
++    dest='libdir',
++    default='lib',
++    help='a directory to install the shared library into')
++
+ parser.add_option('--without-v8-platform',
+     action='store_true',
+     dest='without_v8_platform',
+@@ -1095,6 +1101,7 @@ def configure_node(o):
+   if options.code_cache_path:
+     o['variables']['node_code_cache_path'] = options.code_cache_path
+   o['variables']['node_shared'] = b(options.shared)
++  o['variables']['libdir'] = options.libdir
+   node_module_version = getmoduleversion.get_version()
+ 
+   if sys.platform == 'darwin':
+diff --git a/tools/install.py b/tools/install.py
+index 028c32ecbbdf9625238dfcc2baef66df9408b539..bf443c4d15a3b3ebf1e10a5dd802e9c5999691e5 100755
+--- a/tools/install.py
++++ b/tools/install.py
+@@ -117,26 +117,23 @@ def subdir_files(path, dest, action):
+ 
+ def files(action):
+   is_windows = sys.platform == 'win32'
+-  output_file = 'node'
+   output_prefix = 'out/Release/'
++  output_libprefix = output_prefix
+ 
+-  if 'false' == variables.get('node_shared'):
+-    if is_windows:
+-      output_file += '.exe'
++  if is_windows:
++    output_bin = 'node.exe'
++    output_lib = 'node.dll'
+   else:
+-    if is_windows:
+-      output_file += '.dll'
+-    else:
+-      output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix')
+-      # GYP will output to lib.target except on OS X, this is hardcoded
+-      # in its source - see the _InstallableTargetInstallPath function.
+-      if sys.platform != 'darwin':
+-        output_prefix += 'lib.target/'
++    output_bin = 'node'
++    output_lib = 'libnode.' + variables.get('shlib_suffix')
++    # GYP will output to lib.target except on OS X, this is hardcoded
++    # in its source - see the _InstallableTargetInstallPath function.
++    if sys.platform != 'darwin':
++      output_libprefix += 'lib.target/'
+ 
+-  if 'false' == variables.get('node_shared'):
+-    action([output_prefix + output_file], 'bin/' + output_file)
+-  else:
+-    action([output_prefix + output_file], 'lib/' + output_file)
++  action([output_prefix + output_bin], 'bin/' + output_bin)
++  if 'true' == variables.get('node_shared'):
++    action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib)
+ 
+   if 'true' == variables.get('node_use_dtrace'):
+     action(['out/Release/node.d'], 'lib/dtrace/node.d')
+-- 
+2.24.1
+
diff --git a/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch b/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9a02d6519c42ec29ba4d7acfec0eb7089c916caf
--- /dev/null
+++ b/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
@@ -0,0 +1,122 @@
+From 9ca4d4aeccf50e6c036e5536ef070a09c1776817 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Fri, 6 Dec 2019 16:40:25 -0500
+Subject: [PATCH 3/3] build: auto-load ICU data from
+ --with-icu-default-data-dir
+
+When compiled with `--with-intl=small` and
+`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
+fallback location for the ICU data.
+
+We will first perform an access check using fopen(PATH, 'r') to
+ensure that the file is readable. If it is, we'll set the
+icu_data_directory and proceed. There's a slight overhead for the
+fopen() check, but it should be barely measurable.
+
+This will be useful for Linux distribution packagers who want to
+be able to ship a minimal node binary in a container image but
+also be able to add on the full i18n support where needed. With
+this patch, it becomes possible to ship the interpreter as
+/usr/bin/node in one package for the distribution and to ship the
+data files in another package (without a strict dependency
+between the two). This means that users of the distribution will
+not need to explicitly direct Node.js to locate the ICU data. It
+also means that in environments where full internationalization is
+not required, they do not need to carry the extra content (with
+the associated storage costs).
+
+Refs: https://github.com/nodejs/node/issues/3460
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+---
+ configure.py |  9 +++++++++
+ node.gypi    |  7 +++++++
+ src/node.cc  | 20 ++++++++++++++++++++
+ 3 files changed, 36 insertions(+)
+
+diff --git a/configure.py b/configure.py
+index 48389fbdcb57cbf8d9c11d4921c65f34a1937cc7..063e8748b954a7fed4fe084399e61371c061edab 100755
+--- a/configure.py
++++ b/configure.py
+@@ -433,6 +433,14 @@ intl_optgroup.add_option('--with-icu-source',
+         'the icu4c source archive. '
+         'v%d.x or later recommended.' % icu_versions['minimum_icu'])
+ 
++intl_optgroup.add_option('--with-icu-default-data-dir',
++    action='store',
++    dest='with_icu_default_data_dir',
++    help='Path to the icuXXdt{lb}.dat file. If unspecified, ICU data will '
++         'only be read if the NODE_ICU_DATA environment variable or the '
++         '--icu-data-dir runtime argument is used. This option has effect '
++         'only when Node.js is built with --with-intl=small-icu.')
++
+ parser.add_option('--with-ltcg',
+     action='store_true',
+     dest='with_ltcg',
+@@ -1360,6 +1368,7 @@ def configure_intl(o):
+     locs.add('root')  # must have root
+     o['variables']['icu_locales'] = string.join(locs,',')
+     # We will check a bit later if we can use the canned deps/icu-small
++    o['variables']['icu_default_data'] = options.with_icu_default_data_dir or ''
+   elif with_intl == 'full-icu':
+     # full ICU
+     o['variables']['v8_enable_i18n_support'] = 1
+diff --git a/node.gypi b/node.gypi
+index 466a1746811cfac1a8ce4ef604ef1152c6229ff1..65b97d6466a14f4343a948a5fc36f8a2580badfb 100644
+--- a/node.gypi
++++ b/node.gypi
+@@ -113,6 +113,13 @@
+       'conditions': [
+         [ 'icu_small=="true"', {
+           'defines': [ 'NODE_HAVE_SMALL_ICU=1' ],
++          'conditions': [
++            [ 'icu_default_data!=""', {
++              'defines': [
++                'NODE_ICU_DEFAULT_DATA_DIR="<(icu_default_data)"',
++              ],
++            }],
++          ],
+       }]],
+     }],
+     [ 'node_use_bundled_v8=="true" and \
+diff --git a/src/node.cc b/src/node.cc
+index 7c0118758dfd9449283b900209b2ba8df7ddd129..c9840e3e367ca47176a17a7940a1e08eb1f56f78 100644
+--- a/src/node.cc
++++ b/src/node.cc
+@@ -92,6 +92,7 @@
+ 
+ #if defined(NODE_HAVE_I18N_SUPPORT)
+ #include <unicode/uvernum.h>
++#include <unicode/utypes.h>
+ #endif
+ 
+ #if defined(LEAK_SANITIZER)
+@@ -2643,6 +2644,25 @@ void Init(std::vector<std::string>* argv,
+   // If the parameter isn't given, use the env variable.
+   if (per_process_opts->icu_data_dir.empty())
+     SafeGetenv("NODE_ICU_DATA", &per_process_opts->icu_data_dir);
++
++#ifdef NODE_ICU_DEFAULT_DATA_DIR
++  // If neither the CLI option nor the environment variable was specified,
++  // fall back to the configured default
++  if (per_process_opts->icu_data_dir.empty()) {
++    // Check whether the NODE_ICU_DEFAULT_DATA_DIR contains the right data
++    // file and can be read.
++    static const char full_path[] =
++        NODE_ICU_DEFAULT_DATA_DIR "/" U_ICUDATA_NAME ".dat";
++
++    FILE* f = fopen(full_path, "rb");
++
++    if (f != nullptr) {
++      fclose(f);
++      per_process_opts->icu_data_dir = NODE_ICU_DEFAULT_DATA_DIR;
++    }
++  }
++#endif  // NODE_ICU_DEFAULT_DATA_DIR
++
+   // Initialize ICU.
+   // If icu_data_dir is empty here, it will load the 'minimal' data.
+   if (!i18n::InitializeICUDirectory(per_process_opts->icu_data_dir)) {
+-- 
+2.24.1
+
diff --git a/0004-src-avoid-OOB-read-in-URL-parser.patch b/0004-src-avoid-OOB-read-in-URL-parser.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6108a397efe0aa1ec92b151657b57791d4537977
--- /dev/null
+++ b/0004-src-avoid-OOB-read-in-URL-parser.patch
@@ -0,0 +1,79 @@
+From 4cb8fa4aa5dea72bc66ea950e3fc193385bb7175 Mon Sep 17 00:00:00 2001
+From: gaozhekang <gaozhekang@huawei.com>
+Date: Wed, 4 Nov 2020 11:12:53 +0800
+Subject: [PATCH] src: avoid OOB read in URL parser
+
+This is not a big concern, because right now, all (non-test) inputs
+to the parser are `'\0'`-terminated, but we should be future-proof
+here and not perform these OOB reads.
+
+---
+ src/node_url.cc         |  6 +++---
+ test/cctest/test_url.cc | 20 ++++++++++++++++++++
+ 2 files changed, 23 insertions(+), 3 deletions(-)
+
+diff --git a/src/node_url.cc b/src/node_url.cc
+index 7bfcde5..41492b1 100644
+--- a/src/node_url.cc
++++ b/src/node_url.cc
+@@ -1487,7 +1487,7 @@ void URL::Parse(const char* input,
+             state = kSpecialRelativeOrAuthority;
+           } else if (special) {
+             state = kSpecialAuthoritySlashes;
+-          } else if (p[1] == '/') {
++          } else if (p + 1 < end && p[1] == '/') {
+             state = kPathOrAuthority;
+             p++;
+           } else {
+@@ -1547,7 +1547,7 @@ void URL::Parse(const char* input,
+         }
+         break;
+       case kSpecialRelativeOrAuthority:
+-        if (ch == '/' && p[1] == '/') {
++        if (ch == '/' && p + 1 < end && p[1] == '/') {
+           state = kSpecialAuthorityIgnoreSlashes;
+           p++;
+         } else {
+@@ -1695,7 +1695,7 @@ void URL::Parse(const char* input,
+         break;
+       case kSpecialAuthoritySlashes:
+         state = kSpecialAuthorityIgnoreSlashes;
+-        if (ch == '/' && p[1] == '/') {
++        if (ch == '/' && p + 1 < end && p[1] == '/') {
+           p++;
+         } else {
+           continue;
+diff --git a/test/cctest/test_url.cc b/test/cctest/test_url.cc
+index ddef534..810cbc2 100644
+--- a/test/cctest/test_url.cc
++++ b/test/cctest/test_url.cc
+@@ -80,6 +80,26 @@ TEST_F(URLTest, Base3) {
+   EXPECT_EQ(simple.path(), "/baz");
+ }
+ 
++TEST_F(URLTest, TruncatedAfterProtocol) {
++  char input[2] = { 'q', ':' };
++  URL simple(input, sizeof(input));
++
++  EXPECT_FALSE(simple.flags() & URL_FLAGS_FAILED);
++  EXPECT_EQ(simple.protocol(), "q:");
++  EXPECT_EQ(simple.host(), "");
++  EXPECT_EQ(simple.path(), "/");
++}
++
++TEST_F(URLTest, TruncatedAfterProtocol2) {
++  char input[6] = { 'h', 't', 't', 'p', ':', '/' };
++  URL simple(input, sizeof(input));
++
++  EXPECT_TRUE(simple.flags() & URL_FLAGS_FAILED);
++  EXPECT_EQ(simple.protocol(), "http:");
++  EXPECT_EQ(simple.host(), "");
++  EXPECT_EQ(simple.path(), "");
++}
++
+ TEST_F(URLTest, ToFilePath) {
+ #define T(url, path) EXPECT_EQ(path, URL(url).ToFilePath())
+   T("http://example.org/foo/bar", "");
+-- 
+2.23.0
+
diff --git a/CVE-2018-12122.patch b/CVE-2018-12122.patch
deleted file mode 100644
index c46268b278865a2e9d773bfcc441a160c8f48b55..0000000000000000000000000000000000000000
--- a/CVE-2018-12122.patch
+++ /dev/null
@@ -1,208 +0,0 @@
-From ee618a7ab239c98d945c723a4e225bc409151736 Mon Sep 17 00:00:00 2001
-From: Matteo Collina <hello@matteocollina.com>
-Date: Thu, 23 Aug 2018 16:46:07 +0200
-Subject: [PATCH] http,https: protect against slow headers attack
-
-CVE-2018-12122
-
-An attacker can send a char/s within headers and exahust the resources
-(file descriptors) of a system even with a tight max header length
-protection. This PR destroys a socket if it has not received the headers
-in 40s.
-
-PR-URL: https://github.com/nodejs-private/node-private/pull/144
-Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
-Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
-Reviewed-By: James M Snell <jasnell@gmail.com>
----
- doc/api/http.md                          | 20 ++++++++
- doc/api/https.md                         |  7 +++
- lib/_http_server.js                      | 22 ++++++++-
- lib/https.js                             |  1 +
- lib/internal/http.js                     | 27 +++++++---
- test/async-hooks/test-graph.http.js      |  2 +-
- test/parallel/test-http-slow-headers.js  | 50 +++++++++++++++++++
- test/parallel/test-https-slow-headers.js | 63 ++++++++++++++++++++++++
- 8 files changed, 182 insertions(+), 10 deletions(-)
- create mode 100644 test/parallel/test-http-slow-headers.js
- create mode 100644 test/parallel/test-https-slow-headers.js
-
-diff --git a/doc/api/http.md b/doc/api/http.md
-index 1c6b5717e004..13373debb404 100644
---- a/doc/api/http.md
-+++ b/doc/api/http.md
-@@ -958,6 +958,26 @@ added: v0.7.0
- 
- Limits maximum incoming headers count. If set to 0, no limit will be applied.
- 
-+### server.headersTimeout
-+<!-- YAML
-+added: REPLACEME
-+-->
-+
-+* {number} **Default:** `40000`
-+
-+Limit the amount of time the parser will wait to receive the complete HTTP
-+headers.
-+
-+In case of inactivity, the rules defined in [server.timeout][] apply. However,
-+that inactivity based timeout would still allow the connection to be kept open
-+if the headers are being sent very slowly (by default, up to a byte per 2
-+minutes). In order to prevent this, whenever header data arrives an additional
-+check is made that more than `server.headersTimeout` milliseconds has not
-+passed since the connection was established. If the check fails, a `'timeout'`
-+event is emitted on the server object, and (by default) the socket is destroyed.
-+See [server.timeout][] for more information on how timeout behaviour can be
-+customised.
-+
- ### server.setTimeout([msecs][, callback])
- <!-- YAML
- added: v0.9.12
-diff --git a/doc/api/https.md b/doc/api/https.md
-index 777fbab741c8..81a5bcce934e 100644
---- a/doc/api/https.md
-+++ b/doc/api/https.md
-@@ -44,6 +44,12 @@ This method is identical to [`server.listen()`][] from [`net.Server`][].
- 
- See [`http.Server#maxHeadersCount`][].
- 
-+### server.headersTimeout
-+
-+- {number} **Default:** `40000`
-+
-+See [`http.Server#headersTimeout`][].
-+
- ### server.setTimeout([msecs][, callback])
- <!-- YAML
- added: v0.11.2
-@@ -363,6 +369,7 @@ headers: max-age=0; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; p
- [`http.Agent`]: http.html#http_class_http_agent
- [`http.Server#keepAliveTimeout`]: http.html#http_server_keepalivetimeout
- [`http.Server#maxHeadersCount`]: http.html#http_server_maxheaderscount
-+[`http.Server#headersTimeout`]: http.html#http_server_headerstimeout
- [`http.Server#setTimeout()`]: http.html#http_server_settimeout_msecs_callback
- [`http.Server#timeout`]: http.html#http_server_timeout
- [`http.Server`]: http.html#http_class_http_server
-diff --git a/lib/_http_server.js b/lib/_http_server.js
-index 96f05f5819d3..c171b1d3e78a 100644
---- a/lib/_http_server.js
-+++ b/lib/_http_server.js
-@@ -37,7 +37,7 @@ const {
-   _checkInvalidHeaderChar: checkInvalidHeaderChar
- } = require('_http_common');
- const { OutgoingMessage } = require('_http_outgoing');
--const { outHeadersKey, ondrain } = require('internal/http');
-+const { outHeadersKey, ondrain, nowDate } = require('internal/http');
- const {
-   defaultTriggerAsyncIdScope,
-   getOrSetAsyncId
-@@ -306,6 +306,7 @@ function Server(options, requestListener) {
-   this.keepAliveTimeout = 5000;
-   this._pendingResponseData = 0;
-   this.maxHeadersCount = null;
-+  this.headersTimeout = 40 * 1000; // 40 seconds
- }
- util.inherits(Server, net.Server);
- 
-@@ -344,6 +345,9 @@ function connectionListenerInternal(server, socket) {
-   var parser = parsers.alloc();
-   parser.reinitialize(HTTPParser.REQUEST);
-   parser.socket = socket;
-+
-+  // We are starting to wait for our headers.
-+  parser.parsingHeadersStart = nowDate();
-   socket.parser = parser;
- 
-   // Propagate headers limit from server instance to parser
-@@ -481,7 +485,20 @@ function socketOnData(server, socket, parser, state, d) {
- 
- function onParserExecute(server, socket, parser, state, ret) {
-   socket._unrefTimer();
-+  const start = parser.parsingHeadersStart;
-   debug('SERVER socketOnParserExecute %d', ret);
-+
-+  // If we have not parsed the headers, destroy the socket
-+  // after server.headersTimeout to protect from DoS attacks.
-+  // start === 0 means that we have parsed headers.
-+  if (start !== 0 && nowDate() - start > server.headersTimeout) {
-+    const serverTimeout = server.emit('timeout', socket);
-+
-+    if (!serverTimeout)
-+      socket.destroy();
-+    return;
-+  }
-+
-   onParserExecuteCommon(server, socket, parser, state, ret, undefined);
- }
- 
-@@ -598,6 +615,9 @@ function emitCloseNT(self) {
- function parserOnIncoming(server, socket, state, req, keepAlive) {
-   resetSocketTimeout(server, socket, state);
- 
-+  // Set to zero to communicate that we have finished parsing.
-+  socket.parser.parsingHeadersStart = 0;
-+
-   if (req.upgrade) {
-     req.upgrade = req.method === 'CONNECT' ||
-                   server.listenerCount('upgrade') > 0;
-diff --git a/lib/https.js b/lib/https.js
-index 66e76c1f0509..0854c3d44057 100644
---- a/lib/https.js
-+++ b/lib/https.js
-@@ -74,6 +74,7 @@ function Server(opts, requestListener) {
-   this.timeout = 2 * 60 * 1000;
-   this.keepAliveTimeout = 5000;
-   this.maxHeadersCount = null;
-+  this.headersTimeout = 40 * 1000; // 40 seconds
- }
- inherits(Server, tls.Server);
- 
-diff --git a/lib/internal/http.js b/lib/internal/http.js
-index 2b9c948aeefb..47a51fb73949 100644
---- a/lib/internal/http.js
-+++ b/lib/internal/http.js
-@@ -2,19 +2,29 @@
- 
- const { setUnrefTimeout } = require('internal/timers');
- 
--var dateCache;
-+var nowCache;
-+var utcCache;
-+
-+function nowDate() {
-+  if (!nowCache) cache();
-+  return nowCache;
-+}
-+
- function utcDate() {
--  if (!dateCache) {
--    const d = new Date();
--    dateCache = d.toUTCString();
-+  if (!utcCache) cache();
-+  return utcCache;
-+}
- 
--    setUnrefTimeout(resetCache, 1000 - d.getMilliseconds());
--  }
--  return dateCache;
-+function cache() {
-+  const d = new Date();
-+  nowCache = d.valueOf();
-+  utcCache = d.toUTCString();
-+  setUnrefTimeout(resetCache, 1000 - d.getMilliseconds());
- }
- 
- function resetCache() {
--  dateCache = undefined;
-+  nowCache = undefined;
-+  utcCache = undefined;
- }
- 
- function ondrain() {
-@@ -24,5 +34,6 @@ function ondrain() {
- module.exports = {
-   outHeadersKey: Symbol('outHeadersKey'),
-   ondrain,
-+  nowDate,
-   utcDate
- };
diff --git a/CVE-2019-5737.patch b/CVE-2019-5737.patch
deleted file mode 100644
index f2c8a13dd2d76539af6db2c4ed750e9ef9764e76..0000000000000000000000000000000000000000
--- a/CVE-2019-5737.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 1a7302bd48593cd95473600b153022dda2b811a1 Mon Sep 17 00:00:00 2001
-From: Matteo Collina <hello@matteocollina.com>
-Date: Sat, 1 Dec 2018 16:29:13 +0100
-Subject: [PATCH] http: prevent slowloris with keepalive connections
-
-Fixes: https://github.com/nodejs-private/security/issues/214
-PR-URL: https://github.com/nodejs-private/node-private/pull/158
-Reviewed-By: Rod Vagg <rod@vagg.org>
-Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
-Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
----
- lib/_http_server.js                           | 15 ++++++
- .../test-http-slow-headers-keepalive.js       | 51 +++++++++++++++++++
- 2 files changed, 66 insertions(+)
- create mode 100644 test/parallel/test-http-slow-headers-keepalive.js
-
-diff --git a/lib/_http_server.js b/lib/_http_server.js
-index 797597aa9f71..2c7c6c29b864 100644
---- a/lib/_http_server.js
-+++ b/lib/_http_server.js
-@@ -606,6 +606,10 @@ function resOnFinish(req, res, socket, state, server) {
- function parserOnIncoming(server, socket, state, req, keepAlive) {
-   resetSocketTimeout(server, socket, state);
- 
-+  if (server.keepAliveTimeout > 0) {
-+    req.on('end', resetHeadersTimeoutOnReqEnd);
-+  }
-+
-   // Set to zero to communicate that we have finished parsing.
-   socket.parser.parsingHeadersStart = 0;
- 
-@@ -730,6 +734,17 @@ function socketOnWrap(ev, fn) {
-   return res;
- }
- 
-+function resetHeadersTimeoutOnReqEnd() {
-+  debug('resetHeadersTimeoutOnReqEnd');
-+
-+  const parser = this.socket.parser;
-+  // Parser can be null if the socket was destroyed
-+  // in that case, there is nothing to do.
-+  if (parser !== null) {
-+    parser.parsingHeadersStart = nowDate();
-+  }
-+}
-+
- module.exports = {
-   STATUS_CODES,
-   Server,
-diff --git a/test/parallel/test-http-slow-headers-keepalive.js b/test/parallel/test-http-slow-headers-keepalive.js
-new file mode 100644
-index 000000000000..5552f33f77e3
---- /dev/null
-+++ b/test/parallel/test-http-slow-headers-keepalive.js
-@@ -0,0 +1,51 @@
-+'use strict';
-+
-+const common = require('../common');
-+const http = require('http');
-+const net = require('net');
-+const { finished } = require('stream');
-+
-+const headers =
-+  'GET / HTTP/1.1\r\n' +
-+  'Host: localhost\r\n' +
-+  'Connection: keep-alive' +
-+  'Agent: node\r\n';
-+
-+let sendCharEvery = 1000;
-+
-+const server = http.createServer(common.mustCall((req, res) => {
-+  res.writeHead(200);
-+  res.end();
-+}));
-+
-+// Pass a REAL env variable to shortening up the default
-+// value which is 40s otherwise this is useful for manual
-+// testing
-+if (!process.env.REAL) {
-+  sendCharEvery = common.platformTimeout(10);
-+  server.headersTimeout = 2 * sendCharEvery;
-+}
-+
-+server.once('timeout', common.mustCall((socket) => {
-+  socket.destroy();
-+}));
-+
-+server.listen(0, () => {
-+  const client = net.connect(server.address().port);
-+  client.write(headers);
-+  // finish the first request
-+  client.write('\r\n');
-+  // second request
-+  client.write(headers);
-+  client.write('X-CRASH: ');
-+
-+  const interval = setInterval(() => {
-+    client.write('a');
-+  }, sendCharEvery);
-+
-+  client.resume();
-+  finished(client, common.mustCall((err) => {
-+    clearInterval(interval);
-+    server.close();
-+  }));
-+});
diff --git a/CVE-2020-8252.patch b/CVE-2020-8252.patch
new file mode 100644
index 0000000000000000000000000000000000000000..de3ca915e23b01c540b98052286a392ce7fd8bc7
--- /dev/null
+++ b/CVE-2020-8252.patch
@@ -0,0 +1,45 @@
+From 0e6e8620496dff0eb285589ef1e37a7f407f3ddd Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Mon, 24 Aug 2020 11:42:27 +0200
+Subject: [PATCH] unix: don't use _POSIX_PATH_MAX
+
+Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279b
+("unix: do not require PATH_MAX to be defined") from September 2018.
+
+_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not
+the actual max path size of the system libuv runs on. _POSIX_PATH_MAX
+is always 256, the real max is often much bigger.
+
+This commit fixes buffer overruns when processing very long paths in
+uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating
+enough memory to store the result.
+
+Fixes: https://github.com/libuv/libuv/issues/2965
+PR-URL: https://github.com/libuv/libuv/pull/2966
+Reviewed-By: Richard Lau <riclau@uk.ibm.com>
+Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
+Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
+Reviewed-By: Jameson Nash <vtjnash@gmail.com>
+---
+
+ deps/uv/src/unix/internal.h | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/deps/uv/src/unix/internal.h b/deps/uv/src/unix/internal.h
+index 47f2200..82f7bc9 100644
+--- a/deps/uv/src/unix/internal.h
++++ b/deps/uv/src/unix/internal.h
+@@ -61,9 +61,7 @@
+ # include <AvailabilityMacros.h>
+ #endif
+ 
+-#if defined(_POSIX_PATH_MAX)
+-# define UV__PATH_MAX _POSIX_PATH_MAX
+-#elif defined(PATH_MAX)
++#if defined(PATH_MAX)
+ # define UV__PATH_MAX PATH_MAX
+ #else
+ # define UV__PATH_MAX 8192
+-- 
+2.23.0
+
diff --git a/Suppress-NPM-message-to-run-global-update.patch b/Suppress-NPM-message-to-run-global-update.patch
deleted file mode 100644
index e95129e2dadf496cc3e57adf32806a58946837df..0000000000000000000000000000000000000000
--- a/Suppress-NPM-message-to-run-global-update.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js
-index 6f76b23828531e7af98a7e3cd7d5abfaac09b40c..98edb6f45fe073e03794a2ae6e7aa7f5500723ee 100755
---- a/deps/npm/bin/npm-cli.js
-+++ b/deps/npm/bin/npm-cli.js
-@@ -67,69 +67,15 @@
-   if (conf.usage && npm.command !== 'help') {
-     npm.argv.unshift(npm.command)
-     npm.command = 'help'
-   }
- 
--  var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')
--
-   // now actually fire up npm and run the command.
-   // this is how to use npm programmatically:
-   conf._exit = true
-   npm.load(conf, function (er) {
-     if (er) return errorHandler(er)
--    if (
--      !isGlobalNpmUpdate &&
--      npm.config.get('update-notifier') &&
--      !unsupported.checkVersion(process.version).unsupported
--    ) {
--      const pkg = require('../package.json')
--      let notifier = require('update-notifier')({pkg})
--      const isCI = require('ci-info').isCI
--      if (
--        notifier.update &&
--        notifier.update.latest !== pkg.version &&
--        !isCI
--      ) {
--        const color = require('ansicolors')
--        const useColor = npm.config.get('color')
--        const useUnicode = npm.config.get('unicode')
--        const old = notifier.update.current
--        const latest = notifier.update.latest
--        let type = notifier.update.type
--        if (useColor) {
--          switch (type) {
--            case 'major':
--              type = color.red(type)
--              break
--            case 'minor':
--              type = color.yellow(type)
--              break
--            case 'patch':
--              type = color.green(type)
--              break
--          }
--        }
--        const changelog = `https://github.com/npm/cli/releases/tag/v${latest}`
--        notifier.notify({
--          message: `New ${type} version of ${pkg.name} available! ${
--            useColor ? color.red(old) : old
--          } ${useUnicode ? '→' : '->'} ${
--            useColor ? color.green(latest) : latest
--          }\n` +
--          `${
--            useColor ? color.yellow('Changelog:') : 'Changelog:'
--          } ${
--            useColor ? color.cyan(changelog) : changelog
--          }\n` +
--          `Run ${
--            useColor
--              ? color.green(`npm install -g ${pkg.name}`)
--              : `npm i -g ${pkg.name}`
--          } to update!`
--        })
--      }
--    }
-     npm.commands[npm.command](npm.argv, function (err) {
-       // https://genius.com/Lin-manuel-miranda-your-obedient-servant-lyrics
-       if (
-         !err &&
-         npm.config.get('ham-it-up') &&
--- 
-2.19.0
-
diff --git a/btest402.js b/btest402.js
new file mode 100644
index 0000000000000000000000000000000000000000..277319cdccaffc11917b10d338ea3613604fd8c7
--- /dev/null
+++ b/btest402.js
@@ -0,0 +1,151 @@
+// Copyright (C) 2014 IBM Corporation and Others. All Rights Reserved.
+// This file is part of the Node.JS ICU enablement work
+// https://github.com/joyent/node/pull/7719
+// and is under the same license.
+//
+// This is a very, very, very basic test of es402
+//
+// URL: https://github.com/srl295/btest402
+// Author: Steven R. Loomis <srl@icu-project.org>
+//
+// for a complete test, see http://test262.ecmascript.org
+//
+// Usage: node btest402.js
+
+try {
+    console.log("You have console.log.");
+} catch(e) {
+    // this works on d8
+    console = { log: print };
+    console.log("Now you have console.log.");
+}
+
+function runbtest() {
+    var summary = {};
+
+    try {
+        var i = Intl;
+        summary.haveIntl = true;
+        console.log("+ Congrats, you have the Intl object.");
+    } catch(e) {
+        console.log("You don't have the Intl object: " + e);
+    }
+
+    if(summary.haveIntl) {
+        var locs = [ "en", "mt", "ja","tlh"];
+        var d = new Date(196400000);
+        for ( var n=0; n<locs.length; n++ ) {
+            var loc = locs[n];
+            var lsummary = summary[loc] = {};
+
+            console.log(loc+":");
+            var sl=null;
+            try {
+                sl = Intl.DateTimeFormat.supportedLocalesOf([loc]);
+                if( sl.length > 0 ) {
+                    lsummary.haveSlo = true;
+                }
+            } catch (e) {
+                console.log("SLO err: " + e);
+            }
+            var dstr = "ERR";
+            try {
+                lsummary.dstr = d.toLocaleString(loc,{month: "long",day:"numeric",weekday:"long",year:"numeric"});
+                console.log(" date: (supported:"+sl+") " + lsummary.dstr);
+            } catch (e) {
+                console.log(" Date Format err: " + e);
+            }
+            try {
+                new Intl.v8BreakIterator();
+                console.log(" Intl.v8BreakIterator:" +
+                            Intl.v8BreakIterator.supportedLocalesOf(loc) + " Supported, first()==" +
+                            new Intl.v8BreakIterator(loc).first() );
+                lsummary.brkOk = true;
+            } catch ( e) {
+                console.log(" Intl.v8BreakIterator error (NOT part of EcmaScript402): " + e);
+            }
+            console.log();
+        }
+    }
+
+    // print summary
+    console.log();
+    console.log("--------- Analysis ---------");
+    stxt = "";
+    if( summary.haveIntl ) {
+        console.log("* You have the 'Intl' object. Congratulations! You have the possibility of being EcmaScript 402 compliant.");
+        stxt += "Have Intl, ";
+
+        if ( !summary.en.haveSlo ) {
+            stxt += "Date:no EN, ";
+            console.log("* English isn't a supported language by the date formatter. Perhaps the data isn't installed properly?");
+        }
+        if ( !summary.tlh.haveSlo ) {
+            stxt += "Date:no 'tlh', ";
+            console.log("* Klingon isn't a supported language by the date formatter. It is without honor!");
+        }
+        // now, what is it actually saying
+        if( summary.en.dstr.indexOf("1970") == -1) {
+            stxt += "Date:bad 'en', ";
+            console.log("* the English date format text looks bad to me. Doesn't even have the year.");
+        } else {
+            if( summary.en.dstr.indexOf("Jan") == -1) {
+                stxt += "Date:bad 'en', ";
+                console.log("* The English date format text looks bad to me. Doesn't have the right month.");
+            }
+        }
+
+        if( summary.mt.dstr == summary.en.dstr ) {
+            stxt += "Date:'mt'=='en', ";
+            console.log("* The English and Maltese look the same to me. Probably a 'small' build.");
+        } else if( summary.mt.dstr.indexOf("1970") == -1) {
+            stxt += "Date:bad 'mt', ";
+            console.log("* the Maltese date format text looks bad to me. Doesn't even have the year. (This data is missing from the Chromium ICU build)");
+        } else {
+            if( summary.mt.dstr.indexOf("Jann") == -1) {
+                stxt += "Date:bad 'mt', ";
+                console.log("* The Maltese date format text looks bad to me. Doesn't have the right month. (This data is missing from the Chromium ICU build)");
+            }
+        }
+
+        if ( !summary.ja.haveSlo ) {
+            stxt += "Date:no 'ja', ";
+            console.log("* Japanese isn't a supported language by the date formatter. Could be a 'small' build.");
+        } else {
+            if( summary.ja.dstr.indexOf("1970") == -1) {
+                stxt += "Date:bad 'ja', ";
+                console.log("* the Japanese date format text looks bad to me. Doesn't even have the year.");
+            } else {
+                if( summary.ja.dstr.indexOf("日") == -1) {
+                    stxt += "Date:bad 'ja', ";
+                    console.log("* The Japanese date format text looks bad to me.");
+                }
+            }
+        }
+        if ( summary.en.brkOk ) {
+            stxt += "FYI: v8Brk:have 'en', ";
+            console.log("* You have Intl.v8BreakIterator support. (Note: not part of ES402.)");
+        }
+    } else {
+        console.log("* You don't have the 'Intl' object. You aren't EcmaScript 402 compliant.");
+        stxt += " NO Intl. ";
+    }
+
+    // 1-liner.
+    console.log();
+    console.log("----------------");
+    console.log( "SUMMARY:" +  stxt );
+}
+
+var dorun = true;
+
+try {
+    if(btest402_noautorun) {
+        dorun = false;
+    }
+} catch(e) {}
+
+if(dorun) {
+    console.log("Running btest..");
+    runbtest();
+}
diff --git a/node-v10.11.0-stripped.tar.gz b/icu4c-64_2-src.tgz
similarity index 66%
rename from node-v10.11.0-stripped.tar.gz
rename to icu4c-64_2-src.tgz
index e5b18dd2160719c8e9a804c8f9b5e5d6ea10aeff..73fb8ad95520ddc0bf6d4f97e3e593b32bc2d658 100644
Binary files a/node-v10.11.0-stripped.tar.gz and b/icu4c-64_2-src.tgz differ
diff --git a/node-v10.21.0.tar.gz b/node-v10.21.0.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..2be6961b0ad60317bef8a381885df252b285ef75
Binary files /dev/null and b/node-v10.21.0.tar.gz differ
diff --git a/nodejs-tarball.sh b/nodejs-tarball.sh
deleted file mode 100644
index 237ae134ce820833a2092d658fa41051d558a344..0000000000000000000000000000000000000000
--- a/nodejs-tarball.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-
-version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1)
-rm -f node-v${version}.tar.gz
-wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz
-tar -zxf node-v${version}.tar.gz
-rm -rf node-v${version}/deps/openssl
-tar -zcf node-v${version}-stripped.tar.gz node-v${version}
-
-fedpkg new-sources node-v${version}-stripped.tar.gz
diff --git a/nodejs.spec b/nodejs.spec
index a622d4f0a09be6c8de67b9885417872667f9da9f..3702257bf0544f51b6b6f3bc64b1328e650965c8 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -1,29 +1,58 @@
+%bcond_with bootstrap
+%global baserelease 4
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
-
 %global nodejs_epoch 1
 %global nodejs_major 10
-%global nodejs_minor 11
+%global nodejs_minor 21
 %global nodejs_patch 0
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
+%global nodejs_soversion 64
 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
-%global nodejs_release 1
-
+%global nodejs_release %{baserelease}
+%global nodejs_datadir %{_datarootdir}/nodejs
+%global v8_epoch 1
 %global v8_major 6
 %global v8_minor 8
 %global v8_build 275
 %global v8_patch 32
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
-
-%global c_ares_version 1.14.0
-%global libuv_version 1.23.0
-%global nghttp2_version 1.33.0
-%global icu_version 62.1
-%global punycode_version 2.1.0
-
+%global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
+%global c_ares_major 1
+%global c_ares_minor 15
+%global c_ares_patch 0
+%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
+%global http_parser_major 2
+%global http_parser_minor 9
+%global http_parser_patch 3
+%global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}
+%global libuv_major 1
+%global libuv_minor 34
+%global libuv_patch 2
+%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
+%global nghttp2_major 1
+%global nghttp2_minor 41
+%global nghttp2_patch 0
+%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
+%global icu_major 64
+%global icu_minor 2
+%global icu_version %{icu_major}.%{icu_minor}
+%global icudatadir %{nodejs_datadir}/icudata
+%{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
+%global punycode_major 2
+%global punycode_minor 1
+%global punycode_patch 0
+%global punycode_version %{punycode_major}.%{punycode_minor}.%{punycode_patch}
 %global npm_epoch 1
-%global npm_version 6.4.1
-%global npm_release 1.10.11.0.1
+%global npm_major 6
+%global npm_minor 14
+%global npm_patch 4
+%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
+%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
+%global brotli_major 1
+%global brotli_minor 0
+%global brotli_patch 7
+%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}
 
 Name: nodejs
 Epoch: %{nodejs_epoch}
@@ -31,79 +60,156 @@ Version: %{nodejs_version}
 Release: %{nodejs_release}
 Summary: JavaScript runtime
 License: MIT and ASL 2.0 and ISC and BSD
+Group: Development/Languages
 URL: http://nodejs.org/
 
-Source0: node-v%{nodejs_version}-stripped.tar.gz
-Source1: nodejs_native.attr
-Source2: nodejs_native.req
-
-Patch0001: Disable-running-gyp-on-shared-deps.patch
-Patch0002: Suppress-NPM-message-to-run-global-update.patch
-#https://github.com/nodejs/node/commit/ee618a7ab239c98d945c723a4e225bc409151736
-Patch0003: CVE-2018-12122.patch
-#https://github.com/nodejs/node/commit/1a7302bd48
-Patch0004: CVE-2019-5737.patch 
-
-BuildRequires: gcc gcc-c++ openssl-devel
-BuildRequires: http-parser-devel
+Source0: https://nodejs.org/dist/v%{version}/node-v%{version}.tar.gz
+Source1: npmrc
+Source2: btest402.js
+Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz
+Source7: nodejs_native.attr
+
+Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
+Patch2: 0002-Install-both-binaries-and-use-libdir.patch
+Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
+Patch4: 0004-src-avoid-OOB-read-in-URL-parser.patch
+Patch5: CVE-2020-8252.patch
+
+BuildRequires: python2-devel python3-devel zlib-devel gcc >= 6.3.0
+BuildRequires: gcc-c++ >= 6.3.0 nodejs-packaging chrpath libatomic
+
+%if %{with bootstrap}
+Provides: bundled(http-parser) = %{http_parser_version}
+Provides: bundled(libuv) = %{libuv_version}
+Provides: bundled(nghttp2) = %{nghttp2_version}
+%else
+BuildRequires: systemtap-sdt-devel
 BuildRequires: libuv-devel >= 1:%{libuv_version}
+Requires: libuv >= 1:%{libuv_version}
 BuildRequires: libnghttp2-devel >= %{nghttp2_version}
-BuildRequires: python2-devel python3-devel zlib-devel
-
-Requires: ca-certificates http-parser >= 2.7.0
-Requires: libuv >= 1:1.20.2 libnghttp2 >= %{nghttp2_version}
-Requires: npm = %{npm_epoch}:%{npm_version}-%{npm_release}
-
-Provides: nodejs(engine) = %{nodejs_version}
-Provides: bundled(v8) = %{v8_version}
-Provides: bundled(icu) = %{icu_version}
+Requires: libnghttp2 >= %{nghttp2_version}
+BuildRequires: http-parser-devel >= %{http_parser_version}
+Requires: http-parser >= %{http_parser_version}
+%endif
+
+BuildRequires: openssl-devel
+Requires: ca-certificates
+Requires: nodejs-libs%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
+Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
 Provides: nodejs(abi) = %{nodejs_abi}
-Provides: nodejs-punycode = %{punycode_version}
-Provides: nodejs(v8-abi%{v8_major}) = %{v8_abi}
-Provides: npm(punycode) = %{punycode_version}
-Provides: bundled(c-ares) = %{c_ares_version}
 Provides: nodejs(abi%{nodejs_major}) = %{nodejs_abi}
 Provides: nodejs(v8-abi) = %{v8_abi}
+Provides: nodejs(v8-abi%{v8_major}) = %{v8_abi}
+Provides: nodejs(engine) = %{nodejs_version}
 Conflicts: node <= 0.3.2-12
+Provides: nodejs-punycode = %{punycode_version}
+Provides: npm(punycode) = %{punycode_version}
+Provides: bundled(c-ares) = %{c_ares_version}
+Provides: bundled(v8) = %{v8_version}
+Provides: bundled(icu) = %{icu_version}
+Requires: (nodejs-packaging if rpm-build)
+Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+Provides: bundled(brotli) = %{brotli_version}
+Provides: %{name}-help = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Obsoletes: %{name}-help < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 
 %description
-Node.js is an open-source, cross-platform, JavaScript runtime environment,
-it executes JavaScript code outside of a browser.
+Node.js is a platform built on Chrome's JavaScript runtime
+for easily building fast, scalable network applications.
+Node.js uses an event-driven, non-blocking I/O model that
+makes it lightweight and efficient, perfect for data-intensive
+real-time applications that run across distributed devices.
 
 %package devel
 Summary: JavaScript runtime - development headers
-Requires: %{name} = %{epoch}:%{nodejs_version}-%{nodejs_release}
-Requires: openssl-devel zlib-devel
-Requires: libuv-devel http-parser-devel
+Group: Development/Languages
+Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Requires: openssl-devel%{?_isa}
+Requires: zlib-devel%{?_isa}
+Requires: brotli-devel%{?_isa}
 Requires: nodejs-packaging
 
+%if %{with bootstrap}
+%else
+Requires: http-parser-devel%{?_isa}
+Requires: libuv-devel%{?_isa}
+%endif
+
 %description devel
-Development headers for the Nodejs.
+Development headers for the Node.js JavaScript runtime.
+
+%package libs
+Summary: Node.js and v8 libraries
+
+%if 0%{?__isa_bits} == 64
+Provides: libv8.so.%{v8_major}()(64bit)
+Provides: libv8_libbase.so.%{v8_major}()(64bit)
+Provides: libv8_libplatform.so.%{v8_major}()(64bit)
+%else
+Provides: libv8.so.%{v8_major}
+Provides: libv8_libbase.so.%{v8_major}
+Provides: libv8_libplatform.so.%{v8_major}
+%endif
+
+Provides: v8 = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
+Provides: v8%{?_isa} = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
+Obsoletes: v8 < 1:6.7.17-10
+
+%description libs
+Libraries to support Node.js and provide stable v8 interfaces.
+
+%package full-i18n
+Summary: Non-English locale data for Node.js
+Requires: %{name}%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+
+%description full-i18n
+Optional data files to provide full-icu support for Node.js. Remove this
+package to save space if non-English locales are not needed.
+
+%package -n v8-devel
+Summary: v8 - development headers
+Epoch: %{v8_epoch}
+Version: %{v8_version}
+Release: %{v8_release}%{?dist}
+Requires: %{name}-devel%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+
+%description -n v8-devel
+Development headers for the v8 runtime.
 
 %package -n npm
 Summary: Node.js Package Manager
 Epoch: %{npm_epoch}
 Version: %{npm_version}
-Release: %{npm_release}
+Release: %{npm_release}%{?dist}
 
+Obsoletes: npm < 0:3.5.4-6
 Provides: npm = %{npm_epoch}:%{npm_version}
+Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 Provides: npm(npm) = %{npm_version}
-Obsoletes: npm < 0:3.5.4-6
 
 %description -n npm
-npm is a package manager for node.js.
+npm is a package manager for node.js. You can use it to install and publish
+your node programs. It manages dependencies and does other cool stuff.
 
-%package help
-Summary: Nodejs documentation
+%package docs
+Summary: Node.js API documentation
+Group: Documentation
 BuildArch: noarch
 
-%description help
-The manual documentation for Nodejs.
+Provides: %{name}-help = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Obsoletes: %{name}-help < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Conflicts: %{name} > %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Conflicts: %{name} < %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 
-%prep
-%autosetup -n node-v%{nodejs_version} -p1
+%description docs
+The API documentation for the Node.js JavaScript runtime.
 
-pathfix.py -i %{__python2} -pn $(find -type f)
+%prep
+%autosetup -p1 -n node-v%{nodejs_version}
+rm -rf deps/zlib
+rm -rf deps/openssl
+pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js")
 find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python2~" {} \;
 find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python2~" {} \;
 sed -i "s~python~python2~" $(find . -type f | grep "gyp$")
@@ -113,13 +219,20 @@ find . -type f -exec sed -i "s~python -c~python2 -c~" {} \;
 sed -i "s~which('python')~which('python2')~" configure
 
 %build
+%define _lto_cflags %{nil}
 
-export CFLAGS='%{optflags} -g \
+%ifarch s390 s390x %{arm} %ix86
+%global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
+%endif
+
+export CC='%{__cc}'
+export CXX='%{__cxx}'
+export CFLAGS='%{optflags} \
                -D_LARGEFILE_SOURCE \
                -D_FILE_OFFSET_BITS=64 \
                -DZLIB_CONST \
                -fno-delete-null-pointer-checks'
-export CXXFLAGS='%{optflags} -g \
+export CXXFLAGS='%{optflags} \
                  -D_LARGEFILE_SOURCE \
                  -D_FILE_OFFSET_BITS=64 \
                  -DZLIB_CONST \
@@ -129,7 +242,20 @@ export CFLAGS="$(echo ${CFLAGS} | tr '\n\\' '  ')"
 export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' '  ')"
 export LDFLAGS="%{build_ldflags}"
 
+%if %{with bootstrap}
+./configure --prefix=%{_prefix} \
+           --shared \
+           --libdir=%{_lib} \
+           --shared-openssl \
+           --shared-zlib \
+           --without-dtrace \
+           --with-intl=small-icu \
+           --debug-nghttp2 \
+           --openssl-use-def-ca-store
+%else
 ./configure --prefix=%{_prefix} \
+           --shared \
+           --libdir=%{_lib} \
            --shared-openssl \
            --shared-zlib \
            --shared-libuv \
@@ -137,18 +263,51 @@ export LDFLAGS="%{build_ldflags}"
            --shared-nghttp2 \
            --with-dtrace \
            --with-intl=small-icu \
+           --with-icu-default-data-dir=%{icudatadir} \
            --debug-nghttp2 \
            --openssl-use-def-ca-store
+%endif
 
 make BUILDTYPE=Release %{?_smp_mflags}
+pushd deps/
+tar xfz %SOURCE3
+pushd icu/source
+mkdir -p converted
+%if 0%{?little_endian}
+install -Dpm0644 data/in/icudt%{icu_major}l.dat converted/
+%else
+mkdir -p data/out/tmp
+%configure
+%make_build
+icu_root=$(pwd)
+LD_LIBRARY_PATH=./lib ./bin/icupkg -tb data/in/icudt%{icu_major}l.dat \
+                                       converted/icudt%{icu_major}b.dat
+%endif
+
+popd # icu/source
+popd # deps
 
 %install
 rm -rf %{buildroot}
 ./tools/install.py install %{buildroot} %{_prefix}
 chmod 0755 %{buildroot}/%{_bindir}/node
+chrpath --delete %{buildroot}%{_bindir}/node
+ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/libnode.so
+for header in %{buildroot}%{_includedir}/node/libplatform %{buildroot}%{_includedir}/node/v8*.h; do
+    header=$(basename ${header})
+    ln -s %{_includedir}/node/${header} %{buildroot}%{_includedir}/${header}
+done
+for soname in libv8 libv8_libbase libv8_libplatform; do
+    ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so
+    ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so.%{v8_major}
+done
 mkdir -p %{buildroot}%{_prefix}/lib/node_modules
-install -Dpm0644 %{SOURCE1} %{buildroot}%{_rpmconfigdir}/fileattrs/nodejs_native.attr
-install -Dpm0644 %{SOURCE2} %{buildroot}%{_rpmconfigdir}/nodejs_native.req
+install -Dpm0644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/fileattrs/nodejs_native.attr
+cat << EOF > %{buildroot}%{_rpmconfigdir}/nodejs_native.req
+#!/bin/sh
+echo 'nodejs(abi%{nodejs_major}) >= %nodejs_abi'
+echo 'nodejs(v8-abi%{v8_major}) >= %v8_abi'
+EOF
 chmod 0755 %{buildroot}%{_rpmconfigdir}/nodejs_native.req
 mkdir -p %{buildroot}%{_pkgdocdir}/html
 cp -pr doc/* %{buildroot}%{_pkgdocdir}/html
@@ -156,69 +315,167 @@ rm -f %{buildroot}%{_pkgdocdir}/html/nodejs.1
 mkdir -p %{buildroot}%{_datadir}/node
 cp -p common.gypi %{buildroot}%{_datadir}/node
 mv %{buildroot}/%{_datadir}/doc/node/gdbinit %{buildroot}/%{_pkgdocdir}/gdbinit
-mkdir -p %{buildroot}%{_mandir} %{buildroot}%{_pkgdocdir}/npm
+mkdir -p %{buildroot}%{_mandir} \
+         %{buildroot}%{_pkgdocdir}/npm
+
 cp -pr deps/npm/man/* %{buildroot}%{_mandir}/
 rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man
 ln -sf %{_mandir}  %{buildroot}%{_prefix}/lib/node_modules/npm/man
-cp -pr deps/npm/html deps/npm/doc %{buildroot}%{_pkgdocdir}/npm/
-rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/html
-rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/doc
-ln -sf %{_pkgdocdir} %{buildroot}%{_prefix}/lib/node_modules/npm/html
-ln -sf %{_pkgdocdir}/npm/html %{buildroot}%{_prefix}/lib/node_modules/npm/doc
-rm -f %{buildroot}/%{_defaultdocdir}/node/lldb_commands.py
-rm -f %{buildroot}/%{_defaultdocdir}/node/lldbinit
-
+cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
+rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
+ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs
+rm -f %{buildroot}/%{_defaultdocdir}/node/lldb_commands.py \
+      %{buildroot}/%{_defaultdocdir}/node/lldbinit
 find %{buildroot}%{_prefix}/lib/node_modules/npm \
     -not -path "%{buildroot}%{_prefix}/lib/node_modules/npm/bin/*" \
     -executable -type f \
     -exec chmod -x {} \;
+chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin/node-gyp
+chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js
+mkdir -p %{buildroot}%{_sysconfdir}
+cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc
+mkdir -p %{buildroot}%{_prefix}/etc
+ln -s %{_sysconfdir}/npmrc %{buildroot}%{_prefix}/etc/npmrc
+install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
 
 %check
-%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
-%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
-%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
-%{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
-NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"
+LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
+LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
+LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
+
+LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
+
+NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"
+
+NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
+
+%pretrans -n npm -p <lua>
+-- Replace the npm man directory with a symlink
+-- Drop this scriptlet when F31 is EOL
+path = "%{_prefix}/lib/node_modules/npm/man"
+st = posix.stat(path)
+if st and st.type == "directory" then
+  status = os.rename(path, path .. ".rpmmoved")
+  if not status then
+    suffix = 0
+    while not status do
+      suffix = suffix + 1
+      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
+    end
+    os.rename(path, path .. ".rpmmoved")
+  end
+end
+
+%pretrans -n v8-devel -p <lua>
+-- Replace the v8 libplatform include directory with a symlink
+-- Drop this scriptlet when F30 is EOL
+path = "%{_includedir}/libplatform"
+st = posix.stat(path)
+if st and st.type == "directory" then
+  status = os.rename(path, path .. ".rpmmoved")
+  if not status then
+    suffix = 0
+    while not status do
+      suffix = suffix + 1
+      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
+    end
+    os.rename(path, path .. ".rpmmoved")
+  end
+end
 
 %files
 %{_bindir}/node
 %dir %{_prefix}/lib/node_modules
 %dir %{_datadir}/node
-%dir %{_usr}/lib/dtrace
-%{_usr}/lib/dtrace/node.d
+%dir %{_datadir}/systemtap
 %dir %{_datadir}/systemtap/tapset
 %{_datadir}/systemtap/tapset/node.stp
+
+%if %{with bootstrap}
+%else
+%dir %{_usr}/lib/dtrace
+%{_usr}/lib/dtrace/node.d
+%endif
+
 %{_rpmconfigdir}/fileattrs/nodejs_native.attr
 %{_rpmconfigdir}/nodejs_native.req
-%license LICENSE
 %doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md
+%doc %{_mandir}/man1/node.1*
 
 %files devel
 %{_includedir}/node
+%{_libdir}/libnode.so
 %{_datadir}/node/common.gypi
 %{_pkgdocdir}/gdbinit
 
+%files full-i18n
+%dir %{icudatadir}
+%{icudatadir}/icudt%{icu_major}*.dat
+
+%files libs
+%license LICENSE
+%{_libdir}/libnode.so.%{nodejs_soversion}
+%{_libdir}/libv8.so.%{v8_major}
+%{_libdir}/libv8_libbase.so.%{v8_major}
+%{_libdir}/libv8_libplatform.so.%{v8_major}
+%dir %{nodejs_datadir}/
+
+%files -n v8-devel
+%{_includedir}/libplatform
+%{_includedir}/v8*.h
+%{_libdir}/libv8.so
+%{_libdir}/libv8_libbase.so
+%{_libdir}/libv8_libplatform.so
+%ghost %{_includedir}/libplatform.rpmmoved
+
 %files -n npm
 %{_bindir}/npm
 %{_bindir}/npx
 %{_prefix}/lib/node_modules/npm
-%ghost %{_sysconfdir}/npmrc
+%config(noreplace) %{_sysconfdir}/npmrc
+%{_prefix}/etc/npmrc
 %ghost %{_sysconfdir}/npmignore
-%doc %{_mandir}/man*/npm*
-%doc %{_mandir}/man*/npx*
-%doc %{_mandir}/man5/package.json.5*
-%doc %{_mandir}/man5/package-lock.json.5*
-%doc %{_mandir}/man7/removing-npm.7*
+%doc %{_mandir}/man1/npm*.1*
+%doc %{_mandir}/man1/npx.1*
+%doc %{_mandir}/man5/folders.5*
+%doc %{_mandir}/man5/install.5*
+%doc %{_mandir}/man5/npmrc.5*
+%doc %{_mandir}/man5/package-json.5*
+%doc %{_mandir}/man5/package-lock-json.5*
+%doc %{_mandir}/man5/package-locks.5*
+%doc %{_mandir}/man5/shrinkwrap-json.5*
+%doc %{_mandir}/man7/config.7*
+%doc %{_mandir}/man7/developers.7*
+%doc %{_mandir}/man7/disputes.7*
+%doc %{_mandir}/man7/orgs.7*
+%doc %{_mandir}/man7/registry.7*
+%doc %{_mandir}/man7/removal.7*
+%doc %{_mandir}/man7/scope.7*
+%doc %{_mandir}/man7/scripts.7*
 %doc %{_mandir}/man7/semver.7*
 
-%files help
+%files docs
 %dir %{_pkgdocdir}
 %{_pkgdocdir}/html
-%{_pkgdocdir}/npm/html
-%{_pkgdocdir}/npm/doc
-%doc %{_mandir}/man1/node.1*
+%{_pkgdocdir}/npm/docs
+
 
 %changelog
+* Tue Dec 6 2020 wangxiao <wangxiao65@huawei.com> 1:10.21.0-4
+- fix CVE-2020-8252
+
+* Sat Nov 28 2020 wutao <wutao61@huawei.com> 1:10.21.0-3
+- fix conflicts between help and docs packages
+
+* Wed Nov 04 2020 gaozhekang <gaozhekang@huawei.com> - 1:10.21.0-2
+- avoid OOB read in URL parser
+
+* Wed Oct 14 2020 Jeffery.Gao <gaojianxing@huawei.com> - 1:10.21.0-1
+- Update to 10.21.0
+
+* Thu Aug 20 2020 wutao <wutao61@huawei.com> - 1:10.11.0-3
+- fix dist miss problem
+
 * Fri Mar 20 2020 shijian <shijian16@huawei.com> - 1:10.11.0-2
 - Fix CVE-2018-12122 CVE-2019-5737
 
diff --git a/nodejs_native.req b/nodejs_native.req
deleted file mode 100644
index 54aa516a9c498fe8076d54577cf34d63901d2883..0000000000000000000000000000000000000000
--- a/nodejs_native.req
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/usr/bin/sh
-echo 'nodejs(abi10) >= 10.11'
-echo 'nodejs(v8-abi6) >= 6.8'
diff --git a/npmrc b/npmrc
new file mode 100644
index 0000000000000000000000000000000000000000..10437ca2d105f1a5086e712a8158b94a111e03f7
--- /dev/null
+++ b/npmrc
@@ -0,0 +1 @@
+prefix=/usr/local