Fri Feb 17 11:58:37 2023 UTC ()
nodejs18: updated to 18.14.1

Version 18.14.1 'Hydrogen' (LTS)

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)


(adam)
diff -r1.4 -r1.5 pkgsrc/lang/nodejs18/Makefile
diff -r1.3 -r1.4 pkgsrc/lang/nodejs18/distinfo
cvs diff -r1.4 -r1.5 pkgsrc/lang/nodejs18/Makefile (expand / switch to unified diff)

--- pkgsrc/lang/nodejs18/Makefile 2023/02/03 11:49:19 1.4
+++ pkgsrc/lang/nodejs18/Makefile 2023/02/17 11:58:36 1.5
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.4 2023/02/03 11:49:19 adam Exp $ 1# $NetBSD: Makefile,v 1.5 2023/02/17 11:58:36 adam Exp $
2 2
3DISTNAME= node-v18.14.0 3DISTNAME= node-v18.14.1
4EXTRACT_SUFX= .tar.xz 4EXTRACT_SUFX= .tar.xz
5 5
6USE_LANGUAGES= c gnu++17 6USE_LANGUAGES= c gnu++17
7 7
8BUILD_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat 8BUILD_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat
9 9
10.include "../../mk/bsd.prefs.mk" 10.include "../../mk/bsd.prefs.mk"
11 11
12# XXX: figure out a way to add rpaths to torque 12# XXX: figure out a way to add rpaths to torque
13MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib 13MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib
14 14
15CONFIGURE_ARGS+= --shared-brotli 15CONFIGURE_ARGS+= --shared-brotli
16CONFIGURE_ARGS+= --shared-nghttp2 16CONFIGURE_ARGS+= --shared-nghttp2
cvs diff -r1.3 -r1.4 pkgsrc/lang/nodejs18/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/nodejs18/distinfo 2023/02/03 11:49:19 1.3
+++ pkgsrc/lang/nodejs18/distinfo 2023/02/17 11:58:36 1.4
@@ -1,18 +1,18 @@ @@ -1,18 +1,18 @@
1$NetBSD: distinfo,v 1.3 2023/02/03 11:49:19 adam Exp $ 1$NetBSD: distinfo,v 1.4 2023/02/17 11:58:36 adam Exp $
2 2
3BLAKE2s (node-v18.14.0.tar.xz) = cd283af85d9e9369f974c9bf864d05eaa47b5bdd7eae07e4899af6c4d09d5a95 3BLAKE2s (node-v18.14.1.tar.xz) = 9153b138377a95b96e3a7972298008de349f94442c5674efe13bb3f496d814e9
4SHA512 (node-v18.14.0.tar.xz) = bf1072d17a5ae003310f792b5acf7c36c2f294a802aadbb0977df240e8214344b0d4e9c3ee6fc8351e6249154b4468f1e5db15561168715ae1ecdeb8868b884b 4SHA512 (node-v18.14.1.tar.xz) = 0462e7643ca6085088b6fa70df593b861d4d023f9194ed077a7c35cdc62446218b8bc637685adad2ebd96c1ae4a96d8edcbb58443806ca107a29fe53eb81e257
5Size (node-v18.14.0.tar.xz) = 41425240 bytes 5Size (node-v18.14.1.tar.xz) = 41439328 bytes
6SHA1 (patch-common.gypi) = 80f3645498853b9939167d152365b4fa49528b70 6SHA1 (patch-common.gypi) = 80f3645498853b9939167d152365b4fa49528b70
7SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 7SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
8SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3 8SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3
9SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf 9SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf
10SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1 10SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1
11SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8 11SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8
12SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0fdbc003d63429e9e097531d7848d16011f273a8 12SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0fdbc003d63429e9e097531d7848d16011f273a8
13SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6 13SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6
14SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb 14SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb
15SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b 15SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b
16SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc 16SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc
17SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5 17SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5
18SHA1 (patch-deps_v8_src_heap_code-range.cc) = b281f76f4e3d8e562f596235049a6be7c5ff4de2 18SHA1 (patch-deps_v8_src_heap_code-range.cc) = b281f76f4e3d8e562f596235049a6be7c5ff4de2