Mon Oct 16 19:15:17 2023 UTC ()
nodejs: updated to 20.8.1

Version 20.8.1 (Current)

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-44487: nghttp2 Security Release (High)
CVE-2023-45143: undici Security Release (High)
CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
CVE-2023-39331: Permission model improperly protects against path traversal (High)
CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
CVE-2023-39333: Code injection via WebAssembly export names (Low)


(adam)
diff -r1.274 -r1.275 pkgsrc/lang/nodejs/Makefile
diff -r1.246 -r1.247 pkgsrc/lang/nodejs/distinfo
cvs diff -r1.274 -r1.275 pkgsrc/lang/nodejs/Makefile (switch to unified diff)

--- pkgsrc/lang/nodejs/Makefile 2023/10/01 16:00:13 1.274
+++ pkgsrc/lang/nodejs/Makefile 2023/10/16 19:15:17 1.275
@@ -1,51 +1,51 @@ @@ -1,51 +1,51 @@
1# $NetBSD: Makefile,v 1.274 2023/10/01 16:00:13 adam Exp $ 1# $NetBSD: Makefile,v 1.275 2023/10/16 19:15:17 adam Exp $
2 2
3DISTNAME= node-v20.8.0 3DISTNAME= node-v20.8.1
4EXTRACT_SUFX= .tar.xz 4EXTRACT_SUFX= .tar.xz
5 5
6USE_LANGUAGES= c gnu++17 6USE_LANGUAGES= c gnu++17
7 7
8USE_CXX_FEATURES+= c++17 charconv 8USE_CXX_FEATURES+= c++17 charconv
9 9
10TOOL_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat 10TOOL_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat
11 11
12.include "../../mk/bsd.prefs.mk" 12.include "../../mk/bsd.prefs.mk"
13 13
14# XXX: figure out a way to add rpaths to torque 14# XXX: figure out a way to add rpaths to torque
15MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib 15MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib
16 16
17CONFIGURE_ARGS+= --shared-nghttp3 17CONFIGURE_ARGS+= --shared-nghttp3
18CONFIGURE_ARGS+= --shared-ngtcp2 18CONFIGURE_ARGS+= --shared-ngtcp2
19 19
20PYTHON_VERSIONS_INCOMPATIBLE= 27 20PYTHON_VERSIONS_INCOMPATIBLE= 27
21 21
22CHECK_INTERPRETER_SKIP+= lib/node_modules/corepack/shims/*.ps1 22CHECK_INTERPRETER_SKIP+= lib/node_modules/corepack/shims/*.ps1
23CHECK_PORTABILITY_SKIP+= deps/uv/autogen.sh 23CHECK_PORTABILITY_SKIP+= deps/uv/autogen.sh
24CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/export_to_github.sh 24CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/export_to_github.sh
25CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/test_cmake.sh 25CHECK_PORTABILITY_SKIP+= deps/v8/tools/cppgc/test_cmake.sh
26CHECK_PORTABILITY_SKIP+= tools/macos-installer/pkgbuild/npm/scripts/preinstall 26CHECK_PORTABILITY_SKIP+= tools/macos-installer/pkgbuild/npm/scripts/preinstall
27 27
28.if ${MACHINE_ARCH} == "i386" 28.if ${MACHINE_ARCH} == "i386"
29# required for SSE2 code under i386. 29# required for SSE2 code under i386.
30CXXFLAGS+= -mstackrealign 30CXXFLAGS+= -mstackrealign
31.endif 31.endif
32 32
33.PHONY: minusx 33.PHONY: minusx
34post-install: minusx 34post-install: minusx
35minusx: 35minusx:
36 ${CHMOD} -x ${DESTDIR}${PREFIX}/lib/node_modules/corepack/shims/*.cmd 36 ${CHMOD} -x ${DESTDIR}${PREFIX}/lib/node_modules/corepack/shims/*.cmd
37 37
38.include "options.mk" 38.include "options.mk"
39 39
40# Node turns on -latomic for arm, mips and ppc. 40# Node turns on -latomic for arm, mips and ppc.
41.if ${MACHINE_ARCH:M*arm*} || \ 41.if ${MACHINE_ARCH:M*arm*} || \
42 ${MACHINE_ARCH:M*powerpc*} || \ 42 ${MACHINE_ARCH:M*powerpc*} || \
43 ${MACHINE_ARCH:M*mips*} 43 ${MACHINE_ARCH:M*mips*}
44.include "../../devel/libatomic/buildlink3.mk" 44.include "../../devel/libatomic/buildlink3.mk"
45.endif 45.endif
46 46
47.include "../../lang/nodejs/Makefile.common" 47.include "../../lang/nodejs/Makefile.common"
48.include "../../net/ngtcp2/buildlink3.mk" 48.include "../../net/ngtcp2/buildlink3.mk"
49.include "../../www/nghttp3/buildlink3.mk" 49.include "../../www/nghttp3/buildlink3.mk"
50.include "../../mk/atomic64.mk" 50.include "../../mk/atomic64.mk"
51.include "../../mk/bsd.pkg.mk" 51.include "../../mk/bsd.pkg.mk"
cvs diff -r1.246 -r1.247 pkgsrc/lang/nodejs/distinfo (switch to unified diff)

--- pkgsrc/lang/nodejs/distinfo 2023/10/01 16:00:13 1.246
+++ pkgsrc/lang/nodejs/distinfo 2023/10/16 19:15:17 1.247
@@ -1,28 +1,28 @@ @@ -1,28 +1,28 @@
1$NetBSD: distinfo,v 1.246 2023/10/01 16:00:13 adam Exp $ 1$NetBSD: distinfo,v 1.247 2023/10/16 19:15:17 adam Exp $
2 2
3BLAKE2s (node-v20.8.0.tar.xz) = fd3cef6d97ddb955327baed0dfc2aaaa7deb544d89480ce4c51a7b51486a9a3e 3BLAKE2s (node-v20.8.1.tar.xz) = 2fedcaa70f6e4017469e0513e035ee2159c24b6d6f7cdf450413b9c6d5d99165
4SHA512 (node-v20.8.0.tar.xz) = 9b2a8c14aee765f1fb039ce949eac635160b44cc3ae6507fe96637b9c8fc4e90a492dd3e0ce2173e190fa534dcd5d76e2639d9812406e0a9de4ec2e2ec1b4e2d 4SHA512 (node-v20.8.1.tar.xz) = d76245a8ec35fdb481e898efc457d3804d425a0d8e2da9175cdcc41036c57b5a6c23a5c2e84b7b417d3f48be631bff86708b2cae9e65ca3a22908caa3190ed1b
5Size (node-v20.8.0.tar.xz) = 41855692 bytes 5Size (node-v20.8.1.tar.xz) = 41863408 bytes
6SHA1 (patch-common.gypi) = f50615affd26c2c7902d2112c8e9f2704c057b9c 6SHA1 (patch-common.gypi) = f50615affd26c2c7902d2112c8e9f2704c057b9c
7SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 7SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
8SHA1 (patch-deps_uv_common.gypi) = 29f0c382b68f77749a71ce39fa2ca37338ca18ec 8SHA1 (patch-deps_uv_common.gypi) = 29f0c382b68f77749a71ce39fa2ca37338ca18ec
9SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf 9SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf
10SHA1 (patch-deps_v8_src_base_platform_memory.h) = 0921b5eeecfe03b774f85a15628c559901e7fea8 10SHA1 (patch-deps_v8_src_base_platform_memory.h) = 0921b5eeecfe03b774f85a15628c559901e7fea8
11SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1 11SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1
12SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8 12SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8
13SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = e797043e7fa1379f086ffe3a919e140260b0632e 13SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = e797043e7fa1379f086ffe3a919e140260b0632e
14SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6 14SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6
15SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb 15SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb
16SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b 16SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b
17SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc 17SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc
18SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5 18SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5
19SHA1 (patch-deps_v8_src_heap_code-range.cc) = b281f76f4e3d8e562f596235049a6be7c5ff4de2 19SHA1 (patch-deps_v8_src_heap_code-range.cc) = b281f76f4e3d8e562f596235049a6be7c5ff4de2
20SHA1 (patch-deps_v8_tools_profiling_run-llprof.sh) = b19994d3195cc97424a3cc2ffd3ae02eacc6ffa8 20SHA1 (patch-deps_v8_tools_profiling_run-llprof.sh) = b19994d3195cc97424a3cc2ffd3ae02eacc6ffa8
21SHA1 (patch-node.gypi) = 4a104dba6c22702211009bc60a6be6f87554e2fa 21SHA1 (patch-node.gypi) = 4a104dba6c22702211009bc60a6be6f87554e2fa
22SHA1 (patch-src_crypto_crypto__rsa.cc) = 9ffd8de2fac76014696c8dfac7ba200eab56f6f6 22SHA1 (patch-src_crypto_crypto__rsa.cc) = 9ffd8de2fac76014696c8dfac7ba200eab56f6f6
23SHA1 (patch-src_inspector__agent.cc) = 3fd3d71f9d6013a6eb2a79e0442b31d2e2408a2f 23SHA1 (patch-src_inspector__agent.cc) = 3fd3d71f9d6013a6eb2a79e0442b31d2e2408a2f
24SHA1 (patch-src_node__postmortem__metadata.cc) = 9938482d724ad6636af5dc3fa719ec26ed8539ff 24SHA1 (patch-src_node__postmortem__metadata.cc) = 9938482d724ad6636af5dc3fa719ec26ed8539ff
25SHA1 (patch-tools_gyp_pylib_gyp_generator_make.py) = 570fe9889767c555468a225cd7f0b398ea6a193c 25SHA1 (patch-tools_gyp_pylib_gyp_generator_make.py) = 570fe9889767c555468a225cd7f0b398ea6a193c
26SHA1 (patch-tools_gyp_pylib_gyp_xcode__emulation.py) = 4ee24115f5e97ffbd23aaa6dc62f408d381d4e22 26SHA1 (patch-tools_gyp_pylib_gyp_xcode__emulation.py) = 4ee24115f5e97ffbd23aaa6dc62f408d381d4e22
27SHA1 (patch-tools_install.py) = c01515e3001bebd50f12bcada548f1cc0c25a49f 27SHA1 (patch-tools_install.py) = c01515e3001bebd50f12bcada548f1cc0c25a49f
28SHA1 (patch-tools_v8_gypfiles_v8.gyp) = 8b1b0e2216f9e8025f8e623d5aa8af3f8d670804 28SHA1 (patch-tools_v8_gypfiles_v8.gyp) = 8b1b0e2216f9e8025f8e623d5aa8af3f8d670804