Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_163472126052110"
MIME-Version: 1.0
Date: Wed, 20 Oct 2021 09:14:20 +0000
From: "Adam Ciarcinski" <adam@netbsd.org>
Subject: CVS commit: pkgsrc/lang/nodejs
To: pkgsrc-changes@NetBSD.org
Reply-To: adam@netbsd.org
Message-Id: <20211020091420.0B530FA97@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_163472126052110
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	adam
Date:		Wed Oct 20 09:14:19 UTC 2021

Modified Files:
	pkgsrc/lang/nodejs: Makefile distinfo

Log Message:
nodejs: updated to 14.18.1

Version 14.18.1 'Fermium' (LTS)

This is a security release.

Notable changes

CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.


To generate a diff of this commit:
cvs rdiff -u -r1.220 -r1.221 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.203 -r1.204 pkgsrc/lang/nodejs/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_163472126052110
Content-Disposition: inline
Content-Length: 1641
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/nodejs/Makefile
diff -u pkgsrc/lang/nodejs/Makefile:1.220 pkgsrc/lang/nodejs/Makefile:1.221
--- pkgsrc/lang/nodejs/Makefile:1.220	Wed Sep 29 19:21:34 2021
+++ pkgsrc/lang/nodejs/Makefile	Wed Oct 20 09:14:19 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.220 2021/09/29 19:21:34 adam Exp $
+# $NetBSD: Makefile,v 1.221 2021/10/20 09:14:19 adam Exp $
 
-DISTNAME=	node-v14.18.0
+DISTNAME=	node-v14.18.1
 EXTRACT_SUFX=	.tar.xz
 
 USE_LANGUAGES=	c gnu++14

Index: pkgsrc/lang/nodejs/distinfo
diff -u pkgsrc/lang/nodejs/distinfo:1.203 pkgsrc/lang/nodejs/distinfo:1.204
--- pkgsrc/lang/nodejs/distinfo:1.203	Thu Oct  7 14:21:02 2021
+++ pkgsrc/lang/nodejs/distinfo	Wed Oct 20 09:14:19 2021
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.203 2021/10/07 14:21:02 nia Exp $
+$NetBSD: distinfo,v 1.204 2021/10/20 09:14:19 adam Exp $
 
-RMD160 (node-v14.18.0.tar.xz) = fe966ce9c1a6c41bd5525a12416797ee5d00b37b
-SHA512 (node-v14.18.0.tar.xz) = 0603e2466bf89b57e404e2992dda25012866a347489fb811a9757aea07056fc4f346236adf44a56d52c442f5f298f4dfdfc961f8582cd194d062beeb80c60cbf
-Size (node-v14.18.0.tar.xz) = 33698388 bytes
+RMD160 (node-v14.18.1.tar.xz) = b05b1189139ba2d60d7f8d9370c1fc37f2ca37e7
+SHA512 (node-v14.18.1.tar.xz) = a92d6f392e960008efd0c1f48471a3e294aa5292065fb31acc62723e8924f7f1a22bb02f3ab51a440f6e190bdee3c1667a275808c6b76d053a77aa6d7ad68aef
+Size (node-v14.18.1.tar.xz) = 33693816 bytes
 SHA1 (patch-common.gypi) = f0bd2962bf7c8466db24b35a35154897ecad6316
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3


--_----------=_163472126052110--