Wed Apr 7 06:21:06 2021 UTC ()
nodejs12: updated to 12.22.1

Version 12.22.1 'Erbium' (LTS)

This is a security release.

Notable Changes

Vulnerabilities fixed:

CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines

Version 12.22.0 'Erbium' (LTS)

Notable changes

The legacy HTTP parser is runtime deprecated

The legacy HTTP parser, selected by the --http-parser=legacy command line option, is deprecated with the pending End-of-Life of Node.js 10.x (where it is the only HTTP parser implementation provided) at the end of April 2021. It will now warn on use but otherwise continue to function and may be removed in a future Node.js 12.x release.

The default HTTP parser based on llhttp is not affected. By default it is stricter than the now deprecated legacy HTTP parser. If interoperability with HTTP implementations that send invalid HTTP headers is required, the HTTP parser can be started in a less secure mode with the --insecure-http-parser command line option.

ES Modules

ES Modules are now considered stable.

node-api

Updated to node-api version 8 and added an experimental API to allow retrieval of the add-on file name.

New API's to control code coverage data collection

v8.stopCoverage() and v8.takeCoverage() have been added.

New API to monitor event loop utilization by Worker threads

worker.performance.eventLoopUtilization() has been added.


(adam)
diff -r1.31 -r1.32 pkgsrc/lang/nodejs12/Makefile
diff -r1.22 -r1.23 pkgsrc/lang/nodejs12/distinfo
cvs diff -r1.31 -r1.32 pkgsrc/lang/nodejs12/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/lang/nodejs12/Attic/Makefile 2021/02/24 11:10:11 1.31
+++ pkgsrc/lang/nodejs12/Attic/Makefile 2021/04/07 06:21:06 1.32
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.31 2021/02/24 11:10:11 adam Exp $ 1# $NetBSD: Makefile,v 1.32 2021/04/07 06:21:06 adam Exp $
2 2
3DISTNAME= node-v12.21.0 3DISTNAME= node-v12.22.1
4EXTRACT_SUFX= .tar.xz 4EXTRACT_SUFX= .tar.xz
5 5
6USE_LANGUAGES= c gnu++14 6USE_LANGUAGES= c gnu++14
7 7
8.include "../../mk/bsd.prefs.mk" 8.include "../../mk/bsd.prefs.mk"
9 9
10# XXX: figure out a way to add rpaths to torque 10# XXX: figure out a way to add rpaths to torque
11MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib 11MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib
12 12
13CONFIGURE_ARGS+= --shared-nghttp2 13CONFIGURE_ARGS+= --shared-nghttp2
14CONFIGURE_ARGS+= --with-intl=system-icu 14CONFIGURE_ARGS+= --with-intl=system-icu
15 15
16PYTHON_VERSIONS_ACCEPTED= 27 16PYTHON_VERSIONS_ACCEPTED= 27
cvs diff -r1.22 -r1.23 pkgsrc/lang/nodejs12/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/nodejs12/Attic/distinfo 2021/02/24 11:10:11 1.22
+++ pkgsrc/lang/nodejs12/Attic/distinfo 2021/04/07 06:21:06 1.23
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1$NetBSD: distinfo,v 1.22 2021/02/24 11:10:11 adam Exp $ 1$NetBSD: distinfo,v 1.23 2021/04/07 06:21:06 adam Exp $
2 2
3SHA1 (node-v12.21.0.tar.xz) = 675637f5fad3b32c2f5830b43f3b2be0bbda1626 3SHA1 (node-v12.22.1.tar.xz) = a4bd1a34dfb82960f098f3a9aab04470c0315581
4RMD160 (node-v12.21.0.tar.xz) = 1e024ad17c8d0ef941d889e953cbae47e8ef7812 4RMD160 (node-v12.22.1.tar.xz) = 840b4f5835a00136164d9950709957d476cf14bf
5SHA512 (node-v12.21.0.tar.xz) = 48df48a12657e3a2366cd80a1a7040365b7a90053676230f1f93f253a1fcdafc5bc1df5b5ec5c13f616277b5feb7e7653cd145ab9c23222bf7702d7cd1fa74eb 5SHA512 (node-v12.22.1.tar.xz) = eaead633611bda04ab9be200aeddf3b4004b8104e9c6af246023b8008003dd3a7103e1508ea690443e59c6591521b04a2d71c7344343f2a20d1c935ef51c66a0
6Size (node-v12.21.0.tar.xz) = 23650552 bytes 6Size (node-v12.22.1.tar.xz) = 23650180 bytes
7SHA1 (patch-common.gypi) = a3fa3b5b974f910b3c8fea640ded4dca262e1ba8 7SHA1 (patch-common.gypi) = a3fa3b5b974f910b3c8fea640ded4dca262e1ba8
8SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 8SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
9SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3 9SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3
10SHA1 (patch-deps_v8_src_base_atomicops.h) = d1ef20a3fee1d188687bd76836ada6f2c8e0787f 10SHA1 (patch-deps_v8_src_base_atomicops.h) = d1ef20a3fee1d188687bd76836ada6f2c8e0787f
11SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = 1c8aea6dca18159740212de221e467c70796bcd5 11SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = 1c8aea6dca18159740212de221e467c70796bcd5
12SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8 12SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8
13SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0d80cc6587af9220832de112834e9f50242f819f 13SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0d80cc6587af9220832de112834e9f50242f819f
14SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6 14SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6
15SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc 15SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc
16SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5 16SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5
17SHA1 (patch-deps_v8_src_zone_zone.h) = 651b49d242dac8f713cccc101147ccf61f828ecb 17SHA1 (patch-deps_v8_src_zone_zone.h) = 651b49d242dac8f713cccc101147ccf61f828ecb
18SHA1 (patch-deps_v8_tools_run-llprof.sh) = 39aa3faf77492ef8dd35b411b7b0e4605b469af3 18SHA1 (patch-deps_v8_tools_run-llprof.sh) = 39aa3faf77492ef8dd35b411b7b0e4605b469af3
19SHA1 (patch-node.gypi) = 4a104dba6c22702211009bc60a6be6f87554e2fa 19SHA1 (patch-node.gypi) = 4a104dba6c22702211009bc60a6be6f87554e2fa