CVS commit: pkgsrc/lang/nodejs

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/nodejs
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Wed, 28 Nov 2018 08:36:05 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed Nov 28 08:36:05 UTC 2018

Modified Files:
        pkgsrc/lang/nodejs: Makefile Makefile.common buildlink3.mk distinfo
            nodeversion.mk

Log Message:
nodejs: updated to 10.14.0

Version 10.14.0 'Dubnium' (LTS):

This is a security release. All Node.js users should consult the security release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)

Notable Changes
* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
  - Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
  - A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the 
socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan 
Maybach (liebdich.com). (CVE-2018-12122 / Matteo Collina)
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol.


To generate a diff of this commit:
cvs rdiff -u -r1.146 -r1.147 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.23 -r1.24 pkgsrc/lang/nodejs/Makefile.common
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/nodejs/buildlink3.mk \
    pkgsrc/lang/nodejs/nodeversion.mk
cvs rdiff -u -r1.136 -r1.137 pkgsrc/lang/nodejs/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs/Makefile
diff -u pkgsrc/lang/nodejs/Makefile:1.146 pkgsrc/lang/nodejs/Makefile:1.147
--- pkgsrc/lang/nodejs/Makefile:1.146   Sat Nov 10 18:35:18 2018
+++ pkgsrc/lang/nodejs/Makefile Wed Nov 28 08:36:04 2018
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.146 2018/11/10 18:35:18 adam Exp $
+# $NetBSD: Makefile,v 1.147 2018/11/28 08:36:04 adam Exp $
 
-DISTNAME=      node-v10.13.0
+DISTNAME=      node-v10.14.0
 
 USE_LANGUAGES= c gnu++14
 
@@ -8,7 +8,7 @@ USE_LANGUAGES=  c gnu++14
 GCC_REQD+=     4.9.4
 
 # Stated by the changelog
-BUILDLINK_API_DEPENDS.libuv+=   libuv>=1.23
+BUILDLINK_API_DEPENDS.libuv+=  libuv>=1.23
 
 .include "../../mk/bsd.prefs.mk"
 

Index: pkgsrc/lang/nodejs/Makefile.common
diff -u pkgsrc/lang/nodejs/Makefile.common:1.23 pkgsrc/lang/nodejs/Makefile.common:1.24
--- pkgsrc/lang/nodejs/Makefile.common:1.23     Thu Sep 27 19:27:57 2018
+++ pkgsrc/lang/nodejs/Makefile.common  Wed Nov 28 08:36:04 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.23 2018/09/27 19:27:57 tnn Exp $
+# $NetBSD: Makefile.common,v 1.24 2018/11/28 08:36:04 adam Exp $
 # used by lang/nodejs/Makefile
 # used by lang/nodejs6/Makefile
 # used by lang/nodejs8/Makefile
@@ -17,7 +17,7 @@ USE_TOOLS+=   bash gmake pkg-config
 USE_LANGUAGES= c c++
 
 PYTHON_FOR_BUILD_ONLY=         yes
-PYTHON_VERSIONS_INCOMPATIBLE=  34 35 36 37 # not yet ported as of 0.10.24
+PYTHON_VERSIONS_ACCEPTED=      27 # not yet ported as of 0.10.24
 
 GCC_REQD+=             4.8
 

Index: pkgsrc/lang/nodejs/buildlink3.mk
diff -u pkgsrc/lang/nodejs/buildlink3.mk:1.3 pkgsrc/lang/nodejs/buildlink3.mk:1.4
--- pkgsrc/lang/nodejs/buildlink3.mk:1.3        Fri Jul 20 03:33:52 2018
+++ pkgsrc/lang/nodejs/buildlink3.mk    Wed Nov 28 08:36:04 2018
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.3 2018/07/20 03:33:52 ryoon Exp $
+# $NetBSD: buildlink3.mk,v 1.4 2018/11/28 08:36:04 adam Exp $
 
 BUILDLINK_TREE+=       nodejs
 
@@ -9,7 +9,7 @@ BUILDLINK_API_DEPENDS.nodejs+=  nodejs>=1
 BUILDLINK_ABI_DEPENDS.nodejs?= nodejs>=10.6.0nb1
 BUILDLINK_PKGSRCDIR.nodejs?=   ../../lang/nodejs
 
-.include "../../mk/bsd.prefs.mk"
+.include "../../mk/bsd.fast.prefs.mk"
 
 .if ${OPSYS} != "Darwin"
 .include "../../devel/libexecinfo/buildlink3.mk"
Index: pkgsrc/lang/nodejs/nodeversion.mk
diff -u pkgsrc/lang/nodejs/nodeversion.mk:1.3 pkgsrc/lang/nodejs/nodeversion.mk:1.4
--- pkgsrc/lang/nodejs/nodeversion.mk:1.3       Fri May  4 14:28:32 2018
+++ pkgsrc/lang/nodejs/nodeversion.mk   Wed Nov 28 08:36:04 2018
@@ -1,4 +1,4 @@
-# $NetBSD: nodeversion.mk,v 1.3 2018/05/04 14:28:32 fhajny Exp $
+# $NetBSD: nodeversion.mk,v 1.4 2018/11/28 08:36:04 adam Exp $
 
 # This file determins which nodejs version is used as a dependency for
 # a package.
@@ -46,10 +46,10 @@ NODEJS_NODEVERSION_MK=      # defined
 # optionally handled quoted package names
 .if defined(PKGNAME_REQD) && !empty(PKGNAME_REQD:Mnode[0-9]-*) || \
     defined(PKGNAME_REQD) && !empty(PKGNAME_REQD:M*-node[0-9]-*)
-NODE_VERSION_REQD?= ${PKGNAME_REQD:C/(^.*-|^)node([0-9])-.*/\2/}
+NODE_VERSION_REQD?=    ${PKGNAME_REQD:C/(^.*-|^)node([0-9])-.*/\2/}
 .elif defined(PKGNAME_OLD) && !empty(PKGNAME_OLD:Mnode[0-9]-*) || \
     defined(PKGNAME_OLD) && !empty(PKGNAME_OLD:M*-node[0-9]-*)
-NODE_VERSION_REQD?= ${PKGNAME_OLD:C/(^.*-|^)node([0-9])-.*/\2/}
+NODE_VERSION_REQD?=    ${PKGNAME_OLD:C/(^.*-|^)node([0-9])-.*/\2/}
 .endif
 
 .include "../../mk/bsd.prefs.mk"

Index: pkgsrc/lang/nodejs/distinfo
diff -u pkgsrc/lang/nodejs/distinfo:1.136 pkgsrc/lang/nodejs/distinfo:1.137
--- pkgsrc/lang/nodejs/distinfo:1.136   Sat Nov 10 18:35:18 2018
+++ pkgsrc/lang/nodejs/distinfo Wed Nov 28 08:36:04 2018
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.136 2018/11/10 18:35:18 adam Exp $
+$NetBSD: distinfo,v 1.137 2018/11/28 08:36:04 adam Exp $
 
-SHA1 (node-v10.13.0.tar.gz) = 5441e66cb6747532b0d8caa71908ce0f787dfc78
-RMD160 (node-v10.13.0.tar.gz) = 35f81d484e6e34881f87f95f6b90c2b0b6e8dc6d
-SHA512 (node-v10.13.0.tar.gz) = ec30c966467a9fb348b060deeb918d1605d79eb35ca09197d8bccb37f98645d4d75f0dcf97a6e328376d56b132359d3691403ed8b3301269a6258da28adb8cc0
-Size (node-v10.13.0.tar.gz) = 36274534 bytes
+SHA1 (node-v10.14.0.tar.gz) = 6c998193421861051c472d28819862364de5e53a
+RMD160 (node-v10.14.0.tar.gz) = 06211271057aff397b853c600fa2db86ba124684
+SHA512 (node-v10.14.0.tar.gz) = 35506ab4cb2d3fa8ab2540aa3df87df5bd7e254ee092bd8872895bcac256ad0f54eab0277d3f67fed223a2634e75143a3a796657a9c8981fa444d599bc93cecc
+Size (node-v10.14.0.tar.gz) = 36257211 bytes
 SHA1 (patch-common.gypi) = de37949f38d9bd39a18b59d59ec74e528bd323ac
 SHA1 (patch-deps_cares_cares.gyp) = 2235eb44bc984fa2e745fdf1786f1ae6de6ef80f
 SHA1 (patch-deps_openssl_config_opensslconf__asm.h) = 7b074ebd5353dff662ac66cf4012926f12dd7b7e

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/net/libcares
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/net/libcares
Indexes:

Home | Main Index | Thread Index | Old Index