Tuesday, February 01, 2022

Re: Fwd: [SECURITY] [UPDATE] lang/node to

Volker Schlecht <openbsd-ports@schlecht.dev> writes:

> Even smaller diff attached.
>
> To reiterate the (intended) changes to look out for:
>
> * Update to v16.13.2 (Active LTS Release)
>
> * Change from bundled versions of
> - libuv
> - c-ares
> - nghttp2
> - zlib
> - brotli
> - icu
> - openssl
> to libraries from ports.
>
> * Drop patches for bundled openssl, cares, zlib
>
> * Adapted v8 patches from www/chromium
>
> * Patch for node's c-ares wrapper to define ns_class, ns_type, ns_opcode and
> ns_code, since those are not defined in our arpa/nameser.h
> https://marc.info/?l=openbsd-ports&m=164158353605076&w=2
>
> * Using OpenBSD's zlib has the side effect of fixing
> https://marc.info/?l=openbsd-ports&m=164344705329686&w=2
>
> * Fixes broken detection of the executable path on OpenBSD.
> See patch-src_env_cc. This currently prevents node-pledge from
> being actually used.
>
> * Fixes
> CVE-2021-44531
> CVE-2021-44532
> CVE-2021-44533
> CVE-2022-21824
>
> * NodeJS v12.22.9 would also fix those, but 12.x will be EOL'ed in 3 months.

Committed! Thanks!

>
>
> It builds www/firefox, it builds www/chromium, it's been running fine for me in
> day-to-day use.
>
> [2. text/plain; patch-node-16.13.2_3.txt]...

No comments:

Post a Comment