Received: by mail.netbsd.org (Postfix, from userid 605) id 6484F84D95; Mon, 3 Oct 2022 15:32:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 8FB9384D95 for ; Mon, 3 Oct 2022 15:32:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id RMB1pMqoPZ7Y for ; Mon, 3 Oct 2022 15:32:47 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id DA32584D5F for ; Mon, 3 Oct 2022 15:32:47 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id D33E3FA90; Mon, 3 Oct 2022 15:32:47 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1664811167113620" MIME-Version: 1.0 Date: Mon, 3 Oct 2022 15:32:47 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2022Q3] pkgsrc/lang/nodejs To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20221003153247.D33E3FA90@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1664811167113620 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Mon Oct 3 15:32:47 UTC 2022 Modified Files: pkgsrc/lang/nodejs [pkgsrc-2022Q3]: Makefile PLIST distinfo Log Message: Pullup ticket #6678 - requested by taca lang/nodejs: security fix Revisions pulled up: - lang/nodejs/Makefile 1.241 - lang/nodejs/PLIST 1.65 - lang/nodejs/distinfo 1.222 --- Module Name: pkgsrc Committed By: adam Date: Tue Sep 27 07:59:10 UTC 2022 Modified Files: pkgsrc/lang/nodejs: Makefile PLIST distinfo Log Message: nodejs: updated to 18.9.1 Version 18.9.1 (Current) This is a security release. Notable changes The following CVEs are fixed in this release: CVE-2022-32212: DNS rebinding in --inspect on macOS (High) Insufficient fix for macOS devices on v18.5.0 CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium) CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium) Insufficient fix on v18.5.0 CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium) Insufficient fix on v18.5.0 CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium) CVE-2022-35255: Weak randomness in WebCrypto keygen To generate a diff of this commit: cvs rdiff -u -r1.240 -r1.240.2.1 pkgsrc/lang/nodejs/Makefile cvs rdiff -u -r1.64 -r1.64.4.1 pkgsrc/lang/nodejs/PLIST cvs rdiff -u -r1.221 -r1.221.2.1 pkgsrc/lang/nodejs/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1664811167113620 Content-Disposition: inline Content-Length: 2791 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/lang/nodejs/Makefile diff -u pkgsrc/lang/nodejs/Makefile:1.240 pkgsrc/lang/nodejs/Makefile:1.240.2.1 --- pkgsrc/lang/nodejs/Makefile:1.240 Mon Aug 29 06:30:11 2022 +++ pkgsrc/lang/nodejs/Makefile Mon Oct 3 15:32:47 2022 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.240 2022/08/29 06:30:11 adam Exp $ +# $NetBSD: Makefile,v 1.240.2.1 2022/10/03 15:32:47 bsiegert Exp $ -DISTNAME= node-v18.8.0 +DISTNAME= node-v18.9.1 EXTRACT_SUFX= .tar.xz USE_LANGUAGES= c gnu++17 @@ -31,9 +31,9 @@ CXXFLAGS+= -mstackrealign .include "options.mk" # Node turns on -latomic for arm, mips and ppc. -.if !empty(MACHINE_ARCH:M*arm*) || \ - !empty(MACHINE_ARCH:M*powerpc*) || \ - !empty(MACHINE_ARCH:M*mips*) +.if ${MACHINE_ARCH:M*arm*} || \ + ${MACHINE_ARCH:M*powerpc*} || \ + ${MACHINE_ARCH:M*mips*} .include "../../devel/libatomic/buildlink3.mk" .endif Index: pkgsrc/lang/nodejs/PLIST diff -u pkgsrc/lang/nodejs/PLIST:1.64 pkgsrc/lang/nodejs/PLIST:1.64.4.1 --- pkgsrc/lang/nodejs/PLIST:1.64 Thu May 5 07:08:06 2022 +++ pkgsrc/lang/nodejs/PLIST Mon Oct 3 15:32:47 2022 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.64 2022/05/05 07:08:06 adam Exp $ +@comment $NetBSD: PLIST,v 1.64.4.1 2022/10/03 15:32:47 bsiegert Exp $ bin/node include/node/common.gypi include/node/config.gypi @@ -63,8 +63,6 @@ include/node/v8-wasm.h include/node/v8-weak-callback-info.h include/node/v8.h include/node/v8config.h -${PLIST.dtrace}lib/dtrace/node.d man/man1/node.1 share/doc/node/gdbinit share/doc/node/lldb_commands.py -share/systemtap/tapset/node.stp Index: pkgsrc/lang/nodejs/distinfo diff -u pkgsrc/lang/nodejs/distinfo:1.221 pkgsrc/lang/nodejs/distinfo:1.221.2.1 --- pkgsrc/lang/nodejs/distinfo:1.221 Mon Aug 29 06:30:11 2022 +++ pkgsrc/lang/nodejs/distinfo Mon Oct 3 15:32:47 2022 @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.221 2022/08/29 06:30:11 adam Exp $ +$NetBSD: distinfo,v 1.221.2.1 2022/10/03 15:32:47 bsiegert Exp $ -BLAKE2s (node-v18.8.0.tar.xz) = 2d98c255b10cff28ac24d24bba17b74e18a5cf40e62f442c03b60ea0675f767b -SHA512 (node-v18.8.0.tar.xz) = 757d31439672945967da10ff7079ac9f9cca9d717eabd8fcb1ab7e5716692f8dbc1382a055dc35519076a00a3ee5bce98cfaae4c4a320ce7d0bc6a95cc7f4e6a -Size (node-v18.8.0.tar.xz) = 38285796 bytes +BLAKE2s (node-v18.9.1.tar.xz) = 1955355f6949be11a933ed66e841601605c02e662310a545aaa1dadb8c0b637a +SHA512 (node-v18.9.1.tar.xz) = fc570dbd41197363d0f9bc3f329fbdffd0cb5b7382327e206d40b3b4e42a80fa65debb172abd501021bcc5082d8d99fc5f6faa05cf87066170c87be1b15e8734 +Size (node-v18.9.1.tar.xz) = 38315220 bytes SHA1 (patch-common.gypi) = 80f3645498853b9939167d152365b4fa49528b70 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3 --_----------=_1664811167113620--