nodejs18: updated to 18.14.1 Version 18.14.1 'Hydrogen' (LTS) This is a security release. Notable Changes The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)diff -r1.4 -r1.5 pkgsrc/lang/nodejs18/Makefile
(adam)
@@ -1,61 +1,61 @@ | @@ -1,61 +1,61 @@ | |||
1 | # $NetBSD: Makefile,v 1.4 2023/02/03 11:49:19 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.5 2023/02/17 11:58:36 adam Exp $ | |
2 | 2 | |||
3 | DISTNAME= node-v18.14.0 | 3 | DISTNAME= node-v18.14.1 | |
4 | EXTRACT_SUFX= .tar.xz | 4 | EXTRACT_SUFX= .tar.xz | |
5 | 5 | |||
6 | USE_LANGUAGES= c gnu++17 | 6 | USE_LANGUAGES= c gnu++17 | |
7 | 7 | |||
8 | BUILD_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat | 8 | BUILD_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat | |
9 | 9 | |||
10 | .include "../../mk/bsd.prefs.mk" | 10 | .include "../../mk/bsd.prefs.mk" | |
11 | 11 | |||
12 | # XXX: figure out a way to add rpaths to torque | 12 | # XXX: figure out a way to add rpaths to torque | |
13 | MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib | 13 | MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib | |
14 | 14 | |||
15 | CONFIGURE_ARGS+= --shared-brotli | 15 | CONFIGURE_ARGS+= --shared-brotli | |
16 | CONFIGURE_ARGS+= --shared-nghttp2 | 16 | CONFIGURE_ARGS+= --shared-nghttp2 | |
17 | CONFIGURE_ARGS+= --shared-nghttp3 | 17 | CONFIGURE_ARGS+= --shared-nghttp3 | |
18 | CONFIGURE_ARGS+= --shared-ngtcp2 | 18 | CONFIGURE_ARGS+= --shared-ngtcp2 | |
19 | CONFIGURE_ARGS+= --with-intl=system-icu | 19 | CONFIGURE_ARGS+= --with-intl=system-icu | |
20 | CONFIGURE_ARGS+= --without-dtrace | 20 | CONFIGURE_ARGS+= --without-dtrace | |
21 | 21 | |||
22 | PYTHON_VERSIONS_INCOMPATIBLE= 27 | 22 | PYTHON_VERSIONS_INCOMPATIBLE= 27 | |
23 | 23 | |||
24 | CHECK_PORTABILITY_SKIP+= deps/uv/autogen.sh | 24 | CHECK_PORTABILITY_SKIP+= deps/uv/autogen.sh | |
25 | CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/export_to_github.sh | 25 | CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/export_to_github.sh | |
26 | CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/test_cmake.sh | 26 | CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/test_cmake.sh | |
27 | CHECK_PORTABILITY_SKIP+= tools/macos-installer/pkgbuild/npm/scripts/preinstall | 27 | CHECK_PORTABILITY_SKIP+= tools/macos-installer/pkgbuild/npm/scripts/preinstall | |
28 | 28 | |||
29 | REPLACE_NODEJS+= deps/corepack/dist/*.js | 29 | REPLACE_NODEJS+= deps/corepack/dist/*.js | |
30 | .include "../../lang/nodejs/application.mk" | 30 | .include "../../lang/nodejs/application.mk" | |
31 | CHECK_INTERPRETER_SKIP+= lib/node_modules/corepack/shims/*.ps1 | 31 | CHECK_INTERPRETER_SKIP+= lib/node_modules/corepack/shims/*.ps1 | |
32 | 32 | |||
33 | .if ${MACHINE_ARCH} == "i386" | 33 | .if ${MACHINE_ARCH} == "i386" | |
34 | # required for SSE2 code under i386. | 34 | # required for SSE2 code under i386. | |
35 | CXXFLAGS+= -mstackrealign | 35 | CXXFLAGS+= -mstackrealign | |
36 | .endif | 36 | .endif | |
37 | 37 | |||
38 | .PHONY: minusx | 38 | .PHONY: minusx | |
39 | post-install: minusx | 39 | post-install: minusx | |
40 | minusx: | 40 | minusx: | |
41 | ${CHMOD} -x ${DESTDIR}${PREFIX}/lib/node_modules/corepack/shims/*.cmd | 41 | ${CHMOD} -x ${DESTDIR}${PREFIX}/lib/node_modules/corepack/shims/*.cmd | |
42 | 42 | |||
43 | .include "../../lang/nodejs/options.mk" | 43 | .include "../../lang/nodejs/options.mk" | |
44 | 44 | |||
45 | # Node turns on -latomic for arm, mips and ppc. | 45 | # Node turns on -latomic for arm, mips and ppc. | |
46 | .if ${MACHINE_ARCH:M*arm*} || \ | 46 | .if ${MACHINE_ARCH:M*arm*} || \ | |
47 | ${MACHINE_ARCH:M*powerpc*} || \ | 47 | ${MACHINE_ARCH:M*powerpc*} || \ | |
48 | ${MACHINE_ARCH:M*mips*} | 48 | ${MACHINE_ARCH:M*mips*} | |
49 | .include "../../devel/libatomic/buildlink3.mk" | 49 | .include "../../devel/libatomic/buildlink3.mk" | |
50 | .endif | 50 | .endif | |
51 | 51 | |||
52 | .include "../../lang/nodejs/Makefile.common" | 52 | .include "../../lang/nodejs/Makefile.common" | |
53 | .include "../../archivers/brotli/buildlink3.mk" | 53 | .include "../../archivers/brotli/buildlink3.mk" | |
54 | .include "../../net/ngtcp2/buildlink3.mk" | 54 | .include "../../net/ngtcp2/buildlink3.mk" | |
55 | .include "../../textproc/icu/buildlink3.mk" | 55 | .include "../../textproc/icu/buildlink3.mk" | |
56 | # Requires nghttp2_option_set_max_settings | 56 | # Requires nghttp2_option_set_max_settings | |
57 | BUILDLINK_API_DEPENDS.nghttp2+= nghttp2>=1.41.0 | 57 | BUILDLINK_API_DEPENDS.nghttp2+= nghttp2>=1.41.0 | |
58 | .include "../../www/nghttp2/buildlink3.mk" | 58 | .include "../../www/nghttp2/buildlink3.mk" | |
59 | .include "../../www/nghttp3/buildlink3.mk" | 59 | .include "../../www/nghttp3/buildlink3.mk" | |
60 | .include "../../mk/atomic64.mk" | 60 | .include "../../mk/atomic64.mk" | |
61 | .include "../../mk/bsd.pkg.mk" | 61 | .include "../../mk/bsd.pkg.mk" |
@@ -1,27 +1,27 @@ | @@ -1,27 +1,27 @@ | |||
1 | $NetBSD: distinfo,v 1.3 2023/02/03 11:49:19 adam Exp $ | 1 | $NetBSD: distinfo,v 1.4 2023/02/17 11:58:36 adam Exp $ | |
2 | 2 | |||
3 | BLAKE2s (node-v18.14.0.tar.xz) = cd283af85d9e9369f974c9bf864d05eaa47b5bdd7eae07e4899af6c4d09d5a95 | 3 | BLAKE2s (node-v18.14.1.tar.xz) = 9153b138377a95b96e3a7972298008de349f94442c5674efe13bb3f496d814e9 | |
4 | SHA512 (node-v18.14.0.tar.xz) = bf1072d17a5ae003310f792b5acf7c36c2f294a802aadbb0977df240e8214344b0d4e9c3ee6fc8351e6249154b4468f1e5db15561168715ae1ecdeb8868b884b | 4 | SHA512 (node-v18.14.1.tar.xz) = 0462e7643ca6085088b6fa70df593b861d4d023f9194ed077a7c35cdc62446218b8bc637685adad2ebd96c1ae4a96d8edcbb58443806ca107a29fe53eb81e257 | |
5 | Size (node-v18.14.0.tar.xz) = 41425240 bytes | 5 | Size (node-v18.14.1.tar.xz) = 41439328 bytes | |
6 | SHA1 (patch-common.gypi) = 80f3645498853b9939167d152365b4fa49528b70 | 6 | SHA1 (patch-common.gypi) = 80f3645498853b9939167d152365b4fa49528b70 | |
7 | SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 | 7 | SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 | |
8 | SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3 | 8 | SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3 | |
9 | SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf | 9 | SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf | |
10 | SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1 | 10 | SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1 | |
11 | SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8 | 11 | SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8 | |
12 | SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0fdbc003d63429e9e097531d7848d16011f273a8 | 12 | SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0fdbc003d63429e9e097531d7848d16011f273a8 | |
13 | SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6 | 13 | SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6 | |
14 | SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb | 14 | SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb | |
15 | SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b | 15 | SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b | |
16 | SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc | 16 | SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc | |
17 | SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5 | 17 | SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5 | |
18 | SHA1 (patch-deps_v8_src_heap_code-range.cc) = b281f76f4e3d8e562f596235049a6be7c5ff4de2 | 18 | SHA1 (patch-deps_v8_src_heap_code-range.cc) = b281f76f4e3d8e562f596235049a6be7c5ff4de2 | |
19 | SHA1 (patch-deps_v8_tools_run-llprof.sh) = 39aa3faf77492ef8dd35b411b7b0e4605b469af3 | 19 | SHA1 (patch-deps_v8_tools_run-llprof.sh) = 39aa3faf77492ef8dd35b411b7b0e4605b469af3 | |
20 | SHA1 (patch-node.gypi) = 4a104dba6c22702211009bc60a6be6f87554e2fa | 20 | SHA1 (patch-node.gypi) = 4a104dba6c22702211009bc60a6be6f87554e2fa | |
21 | SHA1 (patch-src_crypto_crypto__rsa.cc) = 9ffd8de2fac76014696c8dfac7ba200eab56f6f6 | 21 | SHA1 (patch-src_crypto_crypto__rsa.cc) = 9ffd8de2fac76014696c8dfac7ba200eab56f6f6 | |
22 | SHA1 (patch-src_inspector__agent.cc) = 3fd3d71f9d6013a6eb2a79e0442b31d2e2408a2f | 22 | SHA1 (patch-src_inspector__agent.cc) = 3fd3d71f9d6013a6eb2a79e0442b31d2e2408a2f | |
23 | SHA1 (patch-src_node__postmortem__metadata.cc) = 9938482d724ad6636af5dc3fa719ec26ed8539ff | 23 | SHA1 (patch-src_node__postmortem__metadata.cc) = 9938482d724ad6636af5dc3fa719ec26ed8539ff | |
24 | SHA1 (patch-tools_gyp_pylib_gyp_generator_make.py) = 570fe9889767c555468a225cd7f0b398ea6a193c | 24 | SHA1 (patch-tools_gyp_pylib_gyp_generator_make.py) = 570fe9889767c555468a225cd7f0b398ea6a193c | |
25 | SHA1 (patch-tools_gyp_pylib_gyp_xcode__emulation.py) = 4ee24115f5e97ffbd23aaa6dc62f408d381d4e22 | 25 | SHA1 (patch-tools_gyp_pylib_gyp_xcode__emulation.py) = 4ee24115f5e97ffbd23aaa6dc62f408d381d4e22 | |
26 | SHA1 (patch-tools_install.py) = c01515e3001bebd50f12bcada548f1cc0c25a49f | 26 | SHA1 (patch-tools_install.py) = c01515e3001bebd50f12bcada548f1cc0c25a49f | |
27 | SHA1 (patch-tools_v8_gypfiles_v8.gyp) = 997748c6663e7931ead02ee47654933ec051e688 | 27 | SHA1 (patch-tools_v8_gypfiles_v8.gyp) = 997748c6663e7931ead02ee47654933ec051e688 |