CVS commit: pkgsrc/lang/nodejs

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/nodejs
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Wed, 7 Apr 2021 06:21:56 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed Apr  7 06:21:56 UTC 2021

Modified Files:
        pkgsrc/lang/nodejs: Makefile distinfo

Log Message:
nodejs: updated to 14.16.1

Version 14.16.1 'Fermium' (LTS)

This is a security release.

Notable Changes

Vulnerabilities fixed:

CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines


To generate a diff of this commit:
cvs rdiff -u -r1.208 -r1.209 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.193 -r1.194 pkgsrc/lang/nodejs/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs/Makefile
diff -u pkgsrc/lang/nodejs/Makefile:1.208 pkgsrc/lang/nodejs/Makefile:1.209
--- pkgsrc/lang/nodejs/Makefile:1.208   Wed Feb 24 11:06:12 2021
+++ pkgsrc/lang/nodejs/Makefile Wed Apr  7 06:21:56 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.208 2021/02/24 11:06:12 adam Exp $
+# $NetBSD: Makefile,v 1.209 2021/04/07 06:21:56 adam Exp $
 
-DISTNAME=      node-v14.16.0
+DISTNAME=      node-v14.16.1
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++14

Index: pkgsrc/lang/nodejs/distinfo
diff -u pkgsrc/lang/nodejs/distinfo:1.193 pkgsrc/lang/nodejs/distinfo:1.194
--- pkgsrc/lang/nodejs/distinfo:1.193   Wed Feb 24 11:06:12 2021
+++ pkgsrc/lang/nodejs/distinfo Wed Apr  7 06:21:56 2021
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.193 2021/02/24 11:06:12 adam Exp $
+$NetBSD: distinfo,v 1.194 2021/04/07 06:21:56 adam Exp $
 
-SHA1 (node-v14.16.0.tar.xz) = 52ee20a121bc54990d6e0b3320c26a4be4c38325
-RMD160 (node-v14.16.0.tar.xz) = 17eaeca8d358432e3b9e149d0eb26ba71fdf7545
-SHA512 (node-v14.16.0.tar.xz) = ac6f7408df35e2bae8bcad3f461d8e260a2762c77f78d737b0339a592724ff1a98ba171a95e44366e731accfb3208e7cfd6d3edd0f646ddc26a01cfbdbbb655b
-Size (node-v14.16.0.tar.xz) = 33301140 bytes
+SHA1 (node-v14.16.1.tar.xz) = 3b8001e12cdae8b0e0fb2c1f7a8eb7f314d30cfc
+RMD160 (node-v14.16.1.tar.xz) = cf91d50c5833f8f20799bb2bbdfc9152207c50d0
+SHA512 (node-v14.16.1.tar.xz) = d4f5fbab69592ae555613b2186090b85a458d2211b6035989aee2617bfd0f6768ca767ec45ce12756a9c452d00af7237edee3b1ae526049e9fcd01f8f67680c0
+Size (node-v14.16.1.tar.xz) = 33297064 bytes
 SHA1 (patch-common.gypi) = f0bd2962bf7c8466db24b35a35154897ecad6316
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3

Prev by Date: CVS commit: pkgsrc/lang/nodejs12
Next by Date: CVS commit: pkgsrc/devel/py-hypothesis
Previous by Thread: CVS commit: pkgsrc/lang/nodejs12
Next by Thread: CVS commit: pkgsrc/devel/py-hypothesis
Indexes:

Home | Main Index | Thread Index | Old Index