[pkgsrc/trunk]: pkgsrc/lang/nodejs nodejs: updated to 14.17.3

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/lang/nodejs nodejs: updated to 14.17.3
From: adam <adam%pkgsrc.org@localhost>
Date: Tue, 06 Jul 2021 08:05:47 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ffd1a00ecdf4
branches:  trunk
changeset: 455553:ffd1a00ecdf4
user:      adam <adam%pkgsrc.org@localhost>
date:      Tue Jul 06 07:05:39 2021 +0000

description:
nodejs: updated to 14.17.3

Version 14.17.3 'Fermium' (LTS)

Notable Changes

Node.js 14.17.2 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not using the Windows 
installer.


Version 14.17.2 'Fermium' (LTS)

This is a security release.

Notable Changes

Vulnerabilities fixed:

CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to 
information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918

CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium)
Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory 
allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921

diffstat:

 lang/nodejs/Makefile |   4 ++--
 lang/nodejs/distinfo |  12 +++++-------
 2 files changed, 7 insertions(+), 9 deletions(-)

diffs (42 lines):

diff -r c0abb0382094 -r ffd1a00ecdf4 lang/nodejs/Makefile
--- a/lang/nodejs/Makefile      Tue Jul 06 07:04:11 2021 +0000
+++ b/lang/nodejs/Makefile      Tue Jul 06 07:05:39 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.216 2021/06/24 09:29:21 adam Exp $
+# $NetBSD: Makefile,v 1.217 2021/07/06 07:05:39 adam Exp $
 
-DISTNAME=      node-v14.17.1
+DISTNAME=      node-v14.17.3
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++14
diff -r c0abb0382094 -r ffd1a00ecdf4 lang/nodejs/distinfo
--- a/lang/nodejs/distinfo      Tue Jul 06 07:04:11 2021 +0000
+++ b/lang/nodejs/distinfo      Tue Jul 06 07:05:39 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.198 2021/06/24 09:29:21 adam Exp $
+$NetBSD: distinfo,v 1.199 2021/07/06 07:05:39 adam Exp $
 
-SHA1 (node-v14.17.1.tar.xz) = c96b0ccc7b69dec45599c7614099079d87035794
-RMD160 (node-v14.17.1.tar.xz) = e46ea519532f7e4486389290d9a9d8926c2b37fd
-SHA512 (node-v14.17.1.tar.xz) = 354f9f215a4915ca3dbccdbb90c14fb8bfb8b0ed8ece4f95106d7b068affdeab65a79db0beb2c7d6af03dc15567edc5250629deedd38a9de7d581f76716315f8
-Size (node-v14.17.1.tar.xz) = 33580416 bytes
+SHA1 (node-v14.17.3.tar.xz) = 248ddc0f050c7fc1396f2d2e83a503a64b4e0eaa
+RMD160 (node-v14.17.3.tar.xz) = 5f392a980922dfab4b608ab010bea572e07885b8
+SHA512 (node-v14.17.3.tar.xz) = c6096715299f155b96df873976da91e854da7e99cde635cdb65d5c962abc5283dac86b8ddce4f5a9f7498f9793ff08943645b5e5b0b23395dfe035f7295218bb
+Size (node-v14.17.3.tar.xz) = 33585080 bytes
 SHA1 (patch-common.gypi) = f0bd2962bf7c8466db24b35a35154897ecad6316
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3
@@ -16,11 +16,9 @@
 SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b
 SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc
 SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5
-SHA1 (patch-deps_v8_src_objects_js-list-format.cc) = b1acf2f9890f04aba58f82012528f9a425751896
 SHA1 (patch-deps_v8_src_zone_zone.h) = 651b49d242dac8f713cccc101147ccf61f828ecb
 SHA1 (patch-deps_v8_tools_run-llprof.sh) = 39aa3faf77492ef8dd35b411b7b0e4605b469af3
 SHA1 (patch-node.gypi) = 4a104dba6c22702211009bc60a6be6f87554e2fa
-SHA1 (patch-src_cares__wrap.h) = 6eeb5397daaa1255a09f7e36cfd1724c395bd4b2
 SHA1 (patch-src_inspector__agent.cc) = 2ec2a7be459648700488096f467a4ae6af5a9d91
 SHA1 (patch-src_node__postmortem__metadata.cc) = 9938482d724ad6636af5dc3fa719ec26ed8539ff
 SHA1 (patch-tools_gyp_pylib_gyp_generator_make.py) = 34d4f113d85b4502bc8240fac50dc37554ab4ebb

Prev by Date: [pkgsrc/trunk]: pkgsrc/lang/nodejs12 nodejs12: updated to 12.22.3
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated security/p5-Net-DNS-SEC to 1.18
Previous by Thread: [pkgsrc/trunk]: pkgsrc/lang/nodejs12 nodejs12: updated to 12.22.3
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated security/p5-Net-DNS-SEC to 1.18
Indexes:

Home | Main Index | Thread Index | Old Index