CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2023/02/19 05:27:19
Modified files:
lang/node : Makefile distinfo
lang/node/patches: patch-Makefile patch-common_gypi
patch-configure
patch-deps_npm_node_modules_node-gyp_gyp_pylib_gyp_generator_make_py
patch-deps_v8_src_execution_isolate_cc
patch-lib_internal_modules_cjs_loader_js
patch-lib_net_js patch-node_gyp
patch-src_env_cc patch-tools_test_py
patch-tools_v8_gypfiles_v8_gyp
lang/node/pkg : PLIST
Log message:
Update node to 18.14.1 from maintainer Volker Schlecht
A ton of changes since 18.12.1, including a few security fixes released a few
days ago that affect OpenBSD's port:
* Node.js Permissions policies can be bypassed via process.mainModule
(CVE-2023-23918)
* Node.js OpenSSL error handling issues in nodejs crypto library
(CVE-2023-23919)
* Fetch API in Node.js did not protect against CRLF injection in host headers
(CVE-2023-23936)
* Regular Expression Denial of Service in Headers in Node.js fetch API
(CVE-2023-24807)
Port changes:
* reinstate old patch to disable building the bundled googletest, because that
could lead to build-time conflicts when devel/gtest is installed, now that the
version of devel/gtest has diverged from the bundled version again
* This fixes a build issue on riscv64 that slipped into v18.13.0
https://github.com/nodejs/node/commit/1e11247b91
* PLIST churn due to updated npm
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.14.1
