CVS commit: [pkgsrc-2022Q3] pkgsrc/lang/nodejs

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2022Q3] pkgsrc/lang/nodejs
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Mon, 3 Oct 2022 15:32:47 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Mon Oct  3 15:32:47 UTC 2022

Modified Files:
        pkgsrc/lang/nodejs [pkgsrc-2022Q3]: Makefile PLIST distinfo

Log Message:
Pullup ticket #6678 - requested by taca
lang/nodejs: security fix

Revisions pulled up:
- lang/nodejs/Makefile                                          1.241
- lang/nodejs/PLIST                                             1.65
- lang/nodejs/distinfo                                          1.222

---
   Module Name: pkgsrc
   Committed By:        adam
   Date:                Tue Sep 27 07:59:10 UTC 2022

   Modified Files:
        pkgsrc/lang/nodejs: Makefile PLIST distinfo

   Log Message:
   nodejs: updated to 18.9.1

   Version 18.9.1 (Current)

   This is a security release.

   Notable changes

   The following CVEs are fixed in this release:

   CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
   Insufficient fix for macOS devices on v18.5.0
   CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
   CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
   Insufficient fix on v18.5.0
   CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
   Insufficient fix on v18.5.0
   CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
   CVE-2022-35255: Weak randomness in WebCrypto keygen


To generate a diff of this commit:
cvs rdiff -u -r1.240 -r1.240.2.1 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.64 -r1.64.4.1 pkgsrc/lang/nodejs/PLIST
cvs rdiff -u -r1.221 -r1.221.2.1 pkgsrc/lang/nodejs/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs/Makefile
diff -u pkgsrc/lang/nodejs/Makefile:1.240 pkgsrc/lang/nodejs/Makefile:1.240.2.1
--- pkgsrc/lang/nodejs/Makefile:1.240   Mon Aug 29 06:30:11 2022
+++ pkgsrc/lang/nodejs/Makefile Mon Oct  3 15:32:47 2022
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.240 2022/08/29 06:30:11 adam Exp $
+# $NetBSD: Makefile,v 1.240.2.1 2022/10/03 15:32:47 bsiegert Exp $
 
-DISTNAME=      node-v18.8.0
+DISTNAME=      node-v18.9.1
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++17
@@ -31,9 +31,9 @@ CXXFLAGS+=    -mstackrealign
 .include "options.mk"
 
 # Node turns on -latomic for arm, mips and ppc.
-.if !empty(MACHINE_ARCH:M*arm*) || \
-    !empty(MACHINE_ARCH:M*powerpc*) || \
-    !empty(MACHINE_ARCH:M*mips*)
+.if ${MACHINE_ARCH:M*arm*} || \
+    ${MACHINE_ARCH:M*powerpc*} || \
+    ${MACHINE_ARCH:M*mips*}
 .include "../../devel/libatomic/buildlink3.mk"
 .endif
 

Index: pkgsrc/lang/nodejs/PLIST
diff -u pkgsrc/lang/nodejs/PLIST:1.64 pkgsrc/lang/nodejs/PLIST:1.64.4.1
--- pkgsrc/lang/nodejs/PLIST:1.64       Thu May  5 07:08:06 2022
+++ pkgsrc/lang/nodejs/PLIST    Mon Oct  3 15:32:47 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.64 2022/05/05 07:08:06 adam Exp $
+@comment $NetBSD: PLIST,v 1.64.4.1 2022/10/03 15:32:47 bsiegert Exp $
 bin/node
 include/node/common.gypi
 include/node/config.gypi
@@ -63,8 +63,6 @@ include/node/v8-wasm.h
 include/node/v8-weak-callback-info.h
 include/node/v8.h
 include/node/v8config.h
-${PLIST.dtrace}lib/dtrace/node.d
 man/man1/node.1
 share/doc/node/gdbinit
 share/doc/node/lldb_commands.py
-share/systemtap/tapset/node.stp

Index: pkgsrc/lang/nodejs/distinfo
diff -u pkgsrc/lang/nodejs/distinfo:1.221 pkgsrc/lang/nodejs/distinfo:1.221.2.1
--- pkgsrc/lang/nodejs/distinfo:1.221   Mon Aug 29 06:30:11 2022
+++ pkgsrc/lang/nodejs/distinfo Mon Oct  3 15:32:47 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.221 2022/08/29 06:30:11 adam Exp $
+$NetBSD: distinfo,v 1.221.2.1 2022/10/03 15:32:47 bsiegert Exp $
 
-BLAKE2s (node-v18.8.0.tar.xz) = 2d98c255b10cff28ac24d24bba17b74e18a5cf40e62f442c03b60ea0675f767b
-SHA512 (node-v18.8.0.tar.xz) = 757d31439672945967da10ff7079ac9f9cca9d717eabd8fcb1ab7e5716692f8dbc1382a055dc35519076a00a3ee5bce98cfaae4c4a320ce7d0bc6a95cc7f4e6a
-Size (node-v18.8.0.tar.xz) = 38285796 bytes
+BLAKE2s (node-v18.9.1.tar.xz) = 1955355f6949be11a933ed66e841601605c02e662310a545aaa1dadb8c0b637a
+SHA512 (node-v18.9.1.tar.xz) = fc570dbd41197363d0f9bc3f329fbdffd0cb5b7382327e206d40b3b4e42a80fa65debb172abd501021bcc5082d8d99fc5f6faa05cf87066170c87be1b15e8734
+Size (node-v18.9.1.tar.xz) = 38315220 bytes
 SHA1 (patch-common.gypi) = 80f3645498853b9939167d152365b4fa49528b70
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3

Prev by Date: CVS commit: [pkgsrc-2022Q3] pkgsrc/lang
Next by Date: CVS commit: [pkgsrc-2022Q3] pkgsrc/doc
Previous by Thread: CVS commit: [pkgsrc-2022Q3] pkgsrc/lang
Next by Thread: CVS commit: [pkgsrc-2022Q3] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index