summaryrefslogtreecommitdiff
path: root/lang/nodejs
diff options
context:
space:
mode:
authoradam <adam@pkgsrc.org>2018-11-28 08:36:04 +0000
committeradam <adam@pkgsrc.org>2018-11-28 08:36:04 +0000
commit9884b05ee810e85d19a91abb11cf4014df4917f5 (patch)
tree633149489bc19110d51f5c750475093d47e8d4e1 /lang/nodejs
parentda2621b68ee2654b9221f7fd3fa3da645323e1d0 (diff)
downloadpkgsrc-9884b05ee810e85d19a91abb11cf4014df4917f5.tar.gz
nodejs: updated to 10.14.0
Version 10.14.0 'Dubnium' (LTS): This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121) * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js) * Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123) * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) * OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735) Notable Changes * deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735 * http: - Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina) - A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). (CVE-2018-12122 / Matteo Collina) * url: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol.
Diffstat (limited to 'lang/nodejs')
-rw-r--r--lang/nodejs/Makefile6
-rw-r--r--lang/nodejs/Makefile.common4
-rw-r--r--lang/nodejs/buildlink3.mk4
-rw-r--r--lang/nodejs/distinfo10
-rw-r--r--lang/nodejs/nodeversion.mk6
5 files changed, 15 insertions, 15 deletions
diff --git a/lang/nodejs/Makefile b/lang/nodejs/Makefile
index 2964e5aaaa6..ba3094bb096 100644
--- a/lang/nodejs/Makefile
+++ b/lang/nodejs/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.146 2018/11/10 18:35:18 adam Exp $
+# $NetBSD: Makefile,v 1.147 2018/11/28 08:36:04 adam Exp $
-DISTNAME= node-v10.13.0
+DISTNAME= node-v10.14.0
USE_LANGUAGES= c gnu++14
@@ -8,7 +8,7 @@ USE_LANGUAGES= c gnu++14
GCC_REQD+= 4.9.4
# Stated by the changelog
-BUILDLINK_API_DEPENDS.libuv+= libuv>=1.23
+BUILDLINK_API_DEPENDS.libuv+= libuv>=1.23
.include "../../mk/bsd.prefs.mk"
diff --git a/lang/nodejs/Makefile.common b/lang/nodejs/Makefile.common
index fbbac6f6618..073556ba82b 100644
--- a/lang/nodejs/Makefile.common
+++ b/lang/nodejs/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.23 2018/09/27 19:27:57 tnn Exp $
+# $NetBSD: Makefile.common,v 1.24 2018/11/28 08:36:04 adam Exp $
# used by lang/nodejs/Makefile
# used by lang/nodejs6/Makefile
# used by lang/nodejs8/Makefile
@@ -17,7 +17,7 @@ USE_TOOLS+= bash gmake pkg-config
USE_LANGUAGES= c c++
PYTHON_FOR_BUILD_ONLY= yes
-PYTHON_VERSIONS_INCOMPATIBLE= 34 35 36 37 # not yet ported as of 0.10.24
+PYTHON_VERSIONS_ACCEPTED= 27 # not yet ported as of 0.10.24
GCC_REQD+= 4.8
diff --git a/lang/nodejs/buildlink3.mk b/lang/nodejs/buildlink3.mk
index 9b055c4d01e..e524b8ba10f 100644
--- a/lang/nodejs/buildlink3.mk
+++ b/lang/nodejs/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.3 2018/07/20 03:33:52 ryoon Exp $
+# $NetBSD: buildlink3.mk,v 1.4 2018/11/28 08:36:04 adam Exp $
BUILDLINK_TREE+= nodejs
@@ -9,7 +9,7 @@ BUILDLINK_API_DEPENDS.nodejs+= nodejs>=10
BUILDLINK_ABI_DEPENDS.nodejs?= nodejs>=10.6.0nb1
BUILDLINK_PKGSRCDIR.nodejs?= ../../lang/nodejs
-.include "../../mk/bsd.prefs.mk"
+.include "../../mk/bsd.fast.prefs.mk"
.if ${OPSYS} != "Darwin"
.include "../../devel/libexecinfo/buildlink3.mk"
diff --git a/lang/nodejs/distinfo b/lang/nodejs/distinfo
index 84b2e4d52f0..d8034e9bc7c 100644
--- a/lang/nodejs/distinfo
+++ b/lang/nodejs/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.136 2018/11/10 18:35:18 adam Exp $
+$NetBSD: distinfo,v 1.137 2018/11/28 08:36:04 adam Exp $
-SHA1 (node-v10.13.0.tar.gz) = 5441e66cb6747532b0d8caa71908ce0f787dfc78
-RMD160 (node-v10.13.0.tar.gz) = 35f81d484e6e34881f87f95f6b90c2b0b6e8dc6d
-SHA512 (node-v10.13.0.tar.gz) = ec30c966467a9fb348b060deeb918d1605d79eb35ca09197d8bccb37f98645d4d75f0dcf97a6e328376d56b132359d3691403ed8b3301269a6258da28adb8cc0
-Size (node-v10.13.0.tar.gz) = 36274534 bytes
+SHA1 (node-v10.14.0.tar.gz) = 6c998193421861051c472d28819862364de5e53a
+RMD160 (node-v10.14.0.tar.gz) = 06211271057aff397b853c600fa2db86ba124684
+SHA512 (node-v10.14.0.tar.gz) = 35506ab4cb2d3fa8ab2540aa3df87df5bd7e254ee092bd8872895bcac256ad0f54eab0277d3f67fed223a2634e75143a3a796657a9c8981fa444d599bc93cecc
+Size (node-v10.14.0.tar.gz) = 36257211 bytes
SHA1 (patch-common.gypi) = de37949f38d9bd39a18b59d59ec74e528bd323ac
SHA1 (patch-deps_cares_cares.gyp) = 2235eb44bc984fa2e745fdf1786f1ae6de6ef80f
SHA1 (patch-deps_openssl_config_opensslconf__asm.h) = 7b074ebd5353dff662ac66cf4012926f12dd7b7e
diff --git a/lang/nodejs/nodeversion.mk b/lang/nodejs/nodeversion.mk
index 81f079d4646..61e3b881545 100644
--- a/lang/nodejs/nodeversion.mk
+++ b/lang/nodejs/nodeversion.mk
@@ -1,4 +1,4 @@
-# $NetBSD: nodeversion.mk,v 1.3 2018/05/04 14:28:32 fhajny Exp $
+# $NetBSD: nodeversion.mk,v 1.4 2018/11/28 08:36:04 adam Exp $
# This file determins which nodejs version is used as a dependency for
# a package.
@@ -46,10 +46,10 @@ NODEJS_NODEVERSION_MK= # defined
# optionally handled quoted package names
.if defined(PKGNAME_REQD) && !empty(PKGNAME_REQD:Mnode[0-9]-*) || \
defined(PKGNAME_REQD) && !empty(PKGNAME_REQD:M*-node[0-9]-*)
-NODE_VERSION_REQD?= ${PKGNAME_REQD:C/(^.*-|^)node([0-9])-.*/\2/}
+NODE_VERSION_REQD?= ${PKGNAME_REQD:C/(^.*-|^)node([0-9])-.*/\2/}
.elif defined(PKGNAME_OLD) && !empty(PKGNAME_OLD:Mnode[0-9]-*) || \
defined(PKGNAME_OLD) && !empty(PKGNAME_OLD:M*-node[0-9]-*)
-NODE_VERSION_REQD?= ${PKGNAME_OLD:C/(^.*-|^)node([0-9])-.*/\2/}
+NODE_VERSION_REQD?= ${PKGNAME_OLD:C/(^.*-|^)node([0-9])-.*/\2/}
.endif
.include "../../mk/bsd.prefs.mk"