security update to node-16.17.1, from maintainer Volker Schlecht
plus I added a patch to the configure script to prevent it from picking up a non-default Python version at build time HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding (Medium) (improper fix for CVE-2022-32215) CVE-2022-32213 bypass via obs-fold mechanic (Medium) (CVE-2022-32213) HTTP Request Smuggling Due to Incorrect Parsing of Header Fields (Medium) (CVE-2022-35256) Weak randomness in WebCrypto keygen (High) (CVE-2022-35255)
This commit is contained in:
parent
292fef7fa1
commit
bd3af7ea70
@ -5,7 +5,7 @@ USE_WXNEEDED = Yes
|
||||
|
||||
COMMENT = JavaScript runtime built on Chrome's V8 JavaScript engine
|
||||
|
||||
NODE_VERSION = v16.17.0
|
||||
NODE_VERSION = v16.17.1
|
||||
PLEDGE_VER = 1.1.2
|
||||
DISTFILES = node-pledge-{}${PLEDGE_VER}.tar.gz:0 \
|
||||
${DISTNAME}-headers.tar.xz \
|
||||
|
@ -1,6 +1,6 @@
|
||||
SHA256 (node-pledge-1.1.2.tar.gz) = zY/JcbZ32mmtqWXXNn3/9aTh7Y3F6fAAaADDA8SYwEk=
|
||||
SHA256 (node-v16.17.0-headers.tar.xz) = 0xXvroZshZyLkmnoSb/zGRQkf/8Bp4KFAwNpsM+M6RA=
|
||||
SHA256 (node-v16.17.0.tar.xz) = HSjChWheRGmFkhvJY1ZcqcDF9P2pdV5InAaAjql5VkU=
|
||||
SHA256 (node-v16.17.1-headers.tar.xz) = VUyNG0sW4PTAc7nffEnIk3FqOlM/JaxkbyNhn1zO598=
|
||||
SHA256 (node-v16.17.1.tar.xz) = ZyH+tBUtVtLGs1jOOXq9Wn8drwnuLiXFAhubTT+GozA=
|
||||
SIZE (node-pledge-1.1.2.tar.gz) = 3155
|
||||
SIZE (node-v16.17.0-headers.tar.xz) = 385884
|
||||
SIZE (node-v16.17.0.tar.xz) = 35664964
|
||||
SIZE (node-v16.17.1-headers.tar.xz) = 386032
|
||||
SIZE (node-v16.17.1.tar.xz) = 35661452
|
||||
|
15
lang/node/patches/patch-configure
Normal file
15
lang/node/patches/patch-configure
Normal file
@ -0,0 +1,15 @@
|
||||
Index: configure
|
||||
--- configure.orig
|
||||
+++ configure
|
||||
@@ -4,11 +4,6 @@
|
||||
# Note that the mix of single and double quotes is intentional,
|
||||
# as is the fact that the ] goes on a new line.
|
||||
_=[ 'exec' '/bin/sh' '-c' '''
|
||||
-command -v python3.10 >/dev/null && exec python3.10 "$0" "$@"
|
||||
-command -v python3.9 >/dev/null && exec python3.9 "$0" "$@"
|
||||
-command -v python3.8 >/dev/null && exec python3.8 "$0" "$@"
|
||||
-command -v python3.7 >/dev/null && exec python3.7 "$0" "$@"
|
||||
-command -v python3.6 >/dev/null && exec python3.6 "$0" "$@"
|
||||
command -v python3 >/dev/null && exec python3 "$0" "$@"
|
||||
exec python "$0" "$@"
|
||||
''' "$0" "$@"
|
@ -10,7 +10,7 @@ Index: node.gyp
|
||||
'deps/histogram/histogram.gyp:histogram',
|
||||
'deps/uvwasi/uvwasi.gyp:uvwasi',
|
||||
],
|
||||
@@ -1130,8 +1130,8 @@
|
||||
@@ -1132,8 +1132,8 @@
|
||||
|
||||
'dependencies': [
|
||||
'<(node_lib_target_name)',
|
||||
@ -21,7 +21,7 @@ Index: node.gyp
|
||||
'deps/histogram/histogram.gyp:histogram',
|
||||
'deps/uvwasi/uvwasi.gyp:uvwasi',
|
||||
'node_dtrace_header',
|
||||
@@ -1205,6 +1205,10 @@
|
||||
@@ -1207,6 +1207,10 @@
|
||||
}],
|
||||
['OS=="solaris"', {
|
||||
'ldflags': [ '-I<(SHARED_INTERMEDIATE_DIR)' ]
|
||||
|
Loading…
Reference in New Issue
Block a user