CVS commit: pkgsrc/lang/nodejs

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/nodejs
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Tue, 6 Jul 2021 07:05:40 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Tue Jul  6 07:05:40 UTC 2021

Modified Files:
        pkgsrc/lang/nodejs: Makefile distinfo

Log Message:
nodejs: updated to 14.17.3

Version 14.17.3 'Fermium' (LTS)

Notable Changes

Node.js 14.17.2 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not using the Windows 
installer.

Version 14.17.2 'Fermium' (LTS)

This is a security release.

Notable Changes

Vulnerabilities fixed:

CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to 
information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918

CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium)
Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory 
allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921


To generate a diff of this commit:
cvs rdiff -u -r1.216 -r1.217 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.198 -r1.199 pkgsrc/lang/nodejs/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs/Makefile
diff -u pkgsrc/lang/nodejs/Makefile:1.216 pkgsrc/lang/nodejs/Makefile:1.217
--- pkgsrc/lang/nodejs/Makefile:1.216   Thu Jun 24 09:29:21 2021
+++ pkgsrc/lang/nodejs/Makefile Tue Jul  6 07:05:39 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.216 2021/06/24 09:29:21 adam Exp $
+# $NetBSD: Makefile,v 1.217 2021/07/06 07:05:39 adam Exp $
 
-DISTNAME=      node-v14.17.1
+DISTNAME=      node-v14.17.3
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++14

Index: pkgsrc/lang/nodejs/distinfo
diff -u pkgsrc/lang/nodejs/distinfo:1.198 pkgsrc/lang/nodejs/distinfo:1.199
--- pkgsrc/lang/nodejs/distinfo:1.198   Thu Jun 24 09:29:21 2021
+++ pkgsrc/lang/nodejs/distinfo Tue Jul  6 07:05:39 2021
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.198 2021/06/24 09:29:21 adam Exp $
+$NetBSD: distinfo,v 1.199 2021/07/06 07:05:39 adam Exp $
 
-SHA1 (node-v14.17.1.tar.xz) = c96b0ccc7b69dec45599c7614099079d87035794
-RMD160 (node-v14.17.1.tar.xz) = e46ea519532f7e4486389290d9a9d8926c2b37fd
-SHA512 (node-v14.17.1.tar.xz) = 354f9f215a4915ca3dbccdbb90c14fb8bfb8b0ed8ece4f95106d7b068affdeab65a79db0beb2c7d6af03dc15567edc5250629deedd38a9de7d581f76716315f8
-Size (node-v14.17.1.tar.xz) = 33580416 bytes
+SHA1 (node-v14.17.3.tar.xz) = 248ddc0f050c7fc1396f2d2e83a503a64b4e0eaa
+RMD160 (node-v14.17.3.tar.xz) = 5f392a980922dfab4b608ab010bea572e07885b8
+SHA512 (node-v14.17.3.tar.xz) = c6096715299f155b96df873976da91e854da7e99cde635cdb65d5c962abc5283dac86b8ddce4f5a9f7498f9793ff08943645b5e5b0b23395dfe035f7295218bb
+Size (node-v14.17.3.tar.xz) = 33585080 bytes
 SHA1 (patch-common.gypi) = f0bd2962bf7c8466db24b35a35154897ecad6316
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3
@@ -16,11 +16,9 @@ SHA1 (patch-deps_v8_src_base_platform_se
 SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b
 SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc
 SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5
-SHA1 (patch-deps_v8_src_objects_js-list-format.cc) = b1acf2f9890f04aba58f82012528f9a425751896
 SHA1 (patch-deps_v8_src_zone_zone.h) = 651b49d242dac8f713cccc101147ccf61f828ecb
 SHA1 (patch-deps_v8_tools_run-llprof.sh) = 39aa3faf77492ef8dd35b411b7b0e4605b469af3
 SHA1 (patch-node.gypi) = 4a104dba6c22702211009bc60a6be6f87554e2fa
-SHA1 (patch-src_cares__wrap.h) = 6eeb5397daaa1255a09f7e36cfd1724c395bd4b2
 SHA1 (patch-src_inspector__agent.cc) = 2ec2a7be459648700488096f467a4ae6af5a9d91
 SHA1 (patch-src_node__postmortem__metadata.cc) = 9938482d724ad6636af5dc3fa719ec26ed8539ff
 SHA1 (patch-tools_gyp_pylib_gyp_generator_make.py) = 34d4f113d85b4502bc8240fac50dc37554ab4ebb

Prev by Date: CVS commit: pkgsrc/lang/nodejs12
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/lang/nodejs12
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index