Wed Apr 7 06:19:21 2021 UTC ()
nodejs10: updated to 10.24.1

Version 10.24.1 'Dubnium' (LTS)

This is a security release.

Notable Changes

Vulerabilties fixed:

CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines


(adam)
diff -r1.22 -r1.23 pkgsrc/lang/nodejs10/Makefile
diff -r1.14 -r1.15 pkgsrc/lang/nodejs10/distinfo
cvs diff -r1.22 -r1.23 pkgsrc/lang/nodejs10/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/lang/nodejs10/Attic/Makefile 2021/02/24 11:10:11 1.22
+++ pkgsrc/lang/nodejs10/Attic/Makefile 2021/04/07 06:19:21 1.23
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.22 2021/02/24 11:10:11 adam Exp $ 1# $NetBSD: Makefile,v 1.23 2021/04/07 06:19:21 adam Exp $
2 2
3DISTNAME= node-v10.24.0 3DISTNAME= node-v10.24.1
4EXTRACT_SUFX= .tar.xz 4EXTRACT_SUFX= .tar.xz
5 5
6USE_LANGUAGES= c gnu++14 6USE_LANGUAGES= c gnu++14
7 7
8.include "../../mk/bsd.prefs.mk" 8.include "../../mk/bsd.prefs.mk"
9 9
10# XXX: figure out a way to add rpaths to torque 10# XXX: figure out a way to add rpaths to torque
11MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib 11MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib
12 12
13CONFIGURE_ARGS+= --shared-http-parser 13CONFIGURE_ARGS+= --shared-http-parser
14CONFIGURE_ARGS+= --shared-nghttp2 14CONFIGURE_ARGS+= --shared-nghttp2
15CONFIGURE_ARGS+= --with-intl=system-icu 15CONFIGURE_ARGS+= --with-intl=system-icu
16 16
cvs diff -r1.14 -r1.15 pkgsrc/lang/nodejs10/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/nodejs10/Attic/distinfo 2021/02/24 11:10:11 1.14
+++ pkgsrc/lang/nodejs10/Attic/distinfo 2021/04/07 06:19:21 1.15
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1$NetBSD: distinfo,v 1.14 2021/02/24 11:10:11 adam Exp $ 1$NetBSD: distinfo,v 1.15 2021/04/07 06:19:21 adam Exp $
2 2
3SHA1 (node-v10.24.0.tar.xz) = 01f110a36a890ed5a527646a2bb85b7fe8eb9847 3SHA1 (node-v10.24.1.tar.xz) = b476e5aaa305798d903ed0de424ee0a5c8b4eed2
4RMD160 (node-v10.24.0.tar.xz) = 149c2a5aa49c8a179c879e04d0528db64ac53663 4RMD160 (node-v10.24.1.tar.xz) = 1e59704c06219ced68b1f47abd2e1e176a144f41
5SHA512 (node-v10.24.0.tar.xz) = 9fe6b48762da06774fb57922cda444e4d1ab2341d555d94c91bc7def3882c68f0e71f89926903b4845fc35af1a48abe5d518a414a5a619f0aef1ac0615b91248 5SHA512 (node-v10.24.1.tar.xz) = c25eca3c26dfb82be2e2e2f7b5401fb1811a9586732e12944929bcb6ad1f2bd7a3a97681008922cd28bf330b2672907dd637c718e8c7c55444b9028a2bafdb6d
6Size (node-v10.24.0.tar.xz) = 21649616 bytes 6Size (node-v10.24.1.tar.xz) = 21647996 bytes
7SHA1 (patch-common.gypi) = de37949f38d9bd39a18b59d59ec74e528bd323ac 7SHA1 (patch-common.gypi) = de37949f38d9bd39a18b59d59ec74e528bd323ac
8SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 8SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
9SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3 9SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3
10SHA1 (patch-deps_v8_src_arm_assembler-arm-inl.h) = 56a5d6539d31e19673ef61cc91f003109c69dc29 10SHA1 (patch-deps_v8_src_arm_assembler-arm-inl.h) = 56a5d6539d31e19673ef61cc91f003109c69dc29
11SHA1 (patch-deps_v8_src_arm_assembler-arm.cc) = f32d5d2a1096f822c813eaf6d02b9348564213f6 11SHA1 (patch-deps_v8_src_arm_assembler-arm.cc) = f32d5d2a1096f822c813eaf6d02b9348564213f6
12SHA1 (patch-deps_v8_src_arm_cpu-arm.cc) = d0d11ac474ab109a6f40b26fa457b12d742eb48d 12SHA1 (patch-deps_v8_src_arm_cpu-arm.cc) = d0d11ac474ab109a6f40b26fa457b12d742eb48d
13SHA1 (patch-deps_v8_src_base_atomicops.h) = 552d2b7781b39b93392fd00043b1cf4cb10802da 13SHA1 (patch-deps_v8_src_base_atomicops.h) = 552d2b7781b39b93392fd00043b1cf4cb10802da
14SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = 427c7712fc1c2872fc48e593f7ab491c69ee44e3 14SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = 427c7712fc1c2872fc48e593f7ab491c69ee44e3
15SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8 15SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8
16SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0d80cc6587af9220832de112834e9f50242f819f 16SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0d80cc6587af9220832de112834e9f50242f819f
17SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = aa84bf1dbaac5808529f6b01502d117c88751649 17SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = aa84bf1dbaac5808529f6b01502d117c88751649
18SHA1 (patch-deps_v8_src_compiler_types.h) = 711cc94535200374104c3cd1f0fbbd00994701a6 18SHA1 (patch-deps_v8_src_compiler_types.h) = 711cc94535200374104c3cd1f0fbbd00994701a6
19SHA1 (patch-deps_v8_src_globals.h) = 6695a381000844ad9837bdbc3edbe9040ec4d5ff 19SHA1 (patch-deps_v8_src_globals.h) = 6695a381000844ad9837bdbc3edbe9040ec4d5ff