Fri Feb 17 11:58:37 2023 UTC ()
nodejs18: updated to 18.14.1

Version 18.14.1 'Hydrogen' (LTS)

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)


(adam)
diff -r1.4 -r1.5 pkgsrc/lang/nodejs18/Makefile
diff -r1.3 -r1.4 pkgsrc/lang/nodejs18/distinfo
cvs diff -r1.4 -r1.5 pkgsrc/lang/nodejs18/Makefile (switch to unified diff)

--- pkgsrc/lang/nodejs18/Makefile 2023/02/03 11:49:19 1.4
+++ pkgsrc/lang/nodejs18/Makefile 2023/02/17 11:58:36 1.5
@@ -1,61 +1,61 @@ @@ -1,61 +1,61 @@
1# $NetBSD: Makefile,v 1.4 2023/02/03 11:49:19 adam Exp $ 1# $NetBSD: Makefile,v 1.5 2023/02/17 11:58:36 adam Exp $
2 2
3DISTNAME= node-v18.14.0 3DISTNAME= node-v18.14.1
4EXTRACT_SUFX= .tar.xz 4EXTRACT_SUFX= .tar.xz
5 5
6USE_LANGUAGES= c gnu++17 6USE_LANGUAGES= c gnu++17
7 7
8BUILD_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat 8BUILD_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat
9 9
10.include "../../mk/bsd.prefs.mk" 10.include "../../mk/bsd.prefs.mk"
11 11
12# XXX: figure out a way to add rpaths to torque 12# XXX: figure out a way to add rpaths to torque
13MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib 13MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib
14 14
15CONFIGURE_ARGS+= --shared-brotli 15CONFIGURE_ARGS+= --shared-brotli
16CONFIGURE_ARGS+= --shared-nghttp2 16CONFIGURE_ARGS+= --shared-nghttp2
17CONFIGURE_ARGS+= --shared-nghttp3 17CONFIGURE_ARGS+= --shared-nghttp3
18CONFIGURE_ARGS+= --shared-ngtcp2 18CONFIGURE_ARGS+= --shared-ngtcp2
19CONFIGURE_ARGS+= --with-intl=system-icu 19CONFIGURE_ARGS+= --with-intl=system-icu
20CONFIGURE_ARGS+= --without-dtrace 20CONFIGURE_ARGS+= --without-dtrace
21 21
22PYTHON_VERSIONS_INCOMPATIBLE= 27 22PYTHON_VERSIONS_INCOMPATIBLE= 27
23 23
24CHECK_PORTABILITY_SKIP+= deps/uv/autogen.sh 24CHECK_PORTABILITY_SKIP+= deps/uv/autogen.sh
25CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/export_to_github.sh 25CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/export_to_github.sh
26CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/test_cmake.sh 26CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/test_cmake.sh
27CHECK_PORTABILITY_SKIP+= tools/macos-installer/pkgbuild/npm/scripts/preinstall 27CHECK_PORTABILITY_SKIP+= tools/macos-installer/pkgbuild/npm/scripts/preinstall
28 28
29REPLACE_NODEJS+= deps/corepack/dist/*.js 29REPLACE_NODEJS+= deps/corepack/dist/*.js
30.include "../../lang/nodejs/application.mk" 30.include "../../lang/nodejs/application.mk"
31CHECK_INTERPRETER_SKIP+= lib/node_modules/corepack/shims/*.ps1 31CHECK_INTERPRETER_SKIP+= lib/node_modules/corepack/shims/*.ps1
32 32
33.if ${MACHINE_ARCH} == "i386" 33.if ${MACHINE_ARCH} == "i386"
34# required for SSE2 code under i386. 34# required for SSE2 code under i386.
35CXXFLAGS+= -mstackrealign 35CXXFLAGS+= -mstackrealign
36.endif 36.endif
37 37
38.PHONY: minusx 38.PHONY: minusx
39post-install: minusx 39post-install: minusx
40minusx: 40minusx:
41 ${CHMOD} -x ${DESTDIR}${PREFIX}/lib/node_modules/corepack/shims/*.cmd 41 ${CHMOD} -x ${DESTDIR}${PREFIX}/lib/node_modules/corepack/shims/*.cmd
42 42
43.include "../../lang/nodejs/options.mk" 43.include "../../lang/nodejs/options.mk"
44 44
45# Node turns on -latomic for arm, mips and ppc. 45# Node turns on -latomic for arm, mips and ppc.
46.if ${MACHINE_ARCH:M*arm*} || \ 46.if ${MACHINE_ARCH:M*arm*} || \
47 ${MACHINE_ARCH:M*powerpc*} || \ 47 ${MACHINE_ARCH:M*powerpc*} || \
48 ${MACHINE_ARCH:M*mips*} 48 ${MACHINE_ARCH:M*mips*}
49.include "../../devel/libatomic/buildlink3.mk" 49.include "../../devel/libatomic/buildlink3.mk"
50.endif 50.endif
51 51
52.include "../../lang/nodejs/Makefile.common" 52.include "../../lang/nodejs/Makefile.common"
53.include "../../archivers/brotli/buildlink3.mk" 53.include "../../archivers/brotli/buildlink3.mk"
54.include "../../net/ngtcp2/buildlink3.mk" 54.include "../../net/ngtcp2/buildlink3.mk"
55.include "../../textproc/icu/buildlink3.mk" 55.include "../../textproc/icu/buildlink3.mk"
56# Requires nghttp2_option_set_max_settings 56# Requires nghttp2_option_set_max_settings
57BUILDLINK_API_DEPENDS.nghttp2+= nghttp2>=1.41.0 57BUILDLINK_API_DEPENDS.nghttp2+= nghttp2>=1.41.0
58.include "../../www/nghttp2/buildlink3.mk" 58.include "../../www/nghttp2/buildlink3.mk"
59.include "../../www/nghttp3/buildlink3.mk" 59.include "../../www/nghttp3/buildlink3.mk"
60.include "../../mk/atomic64.mk" 60.include "../../mk/atomic64.mk"
61.include "../../mk/bsd.pkg.mk" 61.include "../../mk/bsd.pkg.mk"
cvs diff -r1.3 -r1.4 pkgsrc/lang/nodejs18/distinfo (switch to unified diff)

--- pkgsrc/lang/nodejs18/distinfo 2023/02/03 11:49:19 1.3
+++ pkgsrc/lang/nodejs18/distinfo 2023/02/17 11:58:36 1.4
@@ -1,27 +1,27 @@ @@ -1,27 +1,27 @@
1$NetBSD: distinfo,v 1.3 2023/02/03 11:49:19 adam Exp $ 1$NetBSD: distinfo,v 1.4 2023/02/17 11:58:36 adam Exp $
2 2
3BLAKE2s (node-v18.14.0.tar.xz) = cd283af85d9e9369f974c9bf864d05eaa47b5bdd7eae07e4899af6c4d09d5a95 3BLAKE2s (node-v18.14.1.tar.xz) = 9153b138377a95b96e3a7972298008de349f94442c5674efe13bb3f496d814e9
4SHA512 (node-v18.14.0.tar.xz) = bf1072d17a5ae003310f792b5acf7c36c2f294a802aadbb0977df240e8214344b0d4e9c3ee6fc8351e6249154b4468f1e5db15561168715ae1ecdeb8868b884b 4SHA512 (node-v18.14.1.tar.xz) = 0462e7643ca6085088b6fa70df593b861d4d023f9194ed077a7c35cdc62446218b8bc637685adad2ebd96c1ae4a96d8edcbb58443806ca107a29fe53eb81e257
5Size (node-v18.14.0.tar.xz) = 41425240 bytes 5Size (node-v18.14.1.tar.xz) = 41439328 bytes
6SHA1 (patch-common.gypi) = 80f3645498853b9939167d152365b4fa49528b70 6SHA1 (patch-common.gypi) = 80f3645498853b9939167d152365b4fa49528b70
7SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 7SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
8SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3 8SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3
9SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf 9SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf
10SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1 10SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1
11SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8 11SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8
12SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0fdbc003d63429e9e097531d7848d16011f273a8 12SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0fdbc003d63429e9e097531d7848d16011f273a8
13SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6 13SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6
14SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb 14SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb
15SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b 15SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b
16SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc 16SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc
17SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5 17SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5
18SHA1 (patch-deps_v8_src_heap_code-range.cc) = b281f76f4e3d8e562f596235049a6be7c5ff4de2 18SHA1 (patch-deps_v8_src_heap_code-range.cc) = b281f76f4e3d8e562f596235049a6be7c5ff4de2
19SHA1 (patch-deps_v8_tools_run-llprof.sh) = 39aa3faf77492ef8dd35b411b7b0e4605b469af3 19SHA1 (patch-deps_v8_tools_run-llprof.sh) = 39aa3faf77492ef8dd35b411b7b0e4605b469af3
20SHA1 (patch-node.gypi) = 4a104dba6c22702211009bc60a6be6f87554e2fa 20SHA1 (patch-node.gypi) = 4a104dba6c22702211009bc60a6be6f87554e2fa
21SHA1 (patch-src_crypto_crypto__rsa.cc) = 9ffd8de2fac76014696c8dfac7ba200eab56f6f6 21SHA1 (patch-src_crypto_crypto__rsa.cc) = 9ffd8de2fac76014696c8dfac7ba200eab56f6f6
22SHA1 (patch-src_inspector__agent.cc) = 3fd3d71f9d6013a6eb2a79e0442b31d2e2408a2f 22SHA1 (patch-src_inspector__agent.cc) = 3fd3d71f9d6013a6eb2a79e0442b31d2e2408a2f
23SHA1 (patch-src_node__postmortem__metadata.cc) = 9938482d724ad6636af5dc3fa719ec26ed8539ff 23SHA1 (patch-src_node__postmortem__metadata.cc) = 9938482d724ad6636af5dc3fa719ec26ed8539ff
24SHA1 (patch-tools_gyp_pylib_gyp_generator_make.py) = 570fe9889767c555468a225cd7f0b398ea6a193c 24SHA1 (patch-tools_gyp_pylib_gyp_generator_make.py) = 570fe9889767c555468a225cd7f0b398ea6a193c
25SHA1 (patch-tools_gyp_pylib_gyp_xcode__emulation.py) = 4ee24115f5e97ffbd23aaa6dc62f408d381d4e22 25SHA1 (patch-tools_gyp_pylib_gyp_xcode__emulation.py) = 4ee24115f5e97ffbd23aaa6dc62f408d381d4e22
26SHA1 (patch-tools_install.py) = c01515e3001bebd50f12bcada548f1cc0c25a49f 26SHA1 (patch-tools_install.py) = c01515e3001bebd50f12bcada548f1cc0c25a49f
27SHA1 (patch-tools_v8_gypfiles_v8.gyp) = 997748c6663e7931ead02ee47654933ec051e688 27SHA1 (patch-tools_v8_gypfiles_v8.gyp) = 997748c6663e7931ead02ee47654933ec051e688