Hi,
No comment on the diff itself but:
On Fri, Jul 08, 2022 at 11:31:01AM +0200, Volker Schlecht wrote:
> Attached patch updates lang/node to 16.16.0
>
> This contains fixes for:
>
> CVE-2022-32212 (High)
> CVE-2022-32213 (Medium)
> CVE-2022-32214 (Medium)
> CVE-2022-32215 (Medium)
>
> https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
>
> v16.16.0 seems like a candidate for a backport to -stable for security
> reasons. I don't have a -stable system that could build node, but I also
> don't see any change between the current node version and this one that
> should give us any trouble, the needed fix for the devel/electron build
> process withstanding.
>
> This time there's no npm update included, hence no PLIST churn for a change.
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/lang/node/Makefile,v
> retrieving revision 1.104
> diff -u -p -r1.104 Makefile
> --- Makefile 26 Jun 2022 13:59:50 -0000 1.104
> +++ Makefile 8 Jul 2022 09:21:48 -0000
> @@ -5,7 +5,7 @@ USE_WXNEEDED = Yes
>
> COMMENT = JavaScript runtime built on Chrome's V8 JavaScript engine
>
> -NODE_VERSION = v16.15.1
> +NODE_VERSION = v16.16.0
> PLEDGE_VER = 1.1.2
> DISTFILES = node-pledge-{}${PLEDGE_VER}.tar.gz:0 \
> ${DISTNAME}-headers.tar.xz \
> @@ -13,8 +13,6 @@ DISTFILES = node-pledge-{}${PLEDGE_VER}
>
> DISTNAME = node-${NODE_VERSION}
> PKGNAME = ${DISTNAME:S/v//g}
> -
> -EPOCH = 0
Once EPOCH is present, it can't be removed. See bsd.port.mk(5).
Caspar
No comments:
Post a Comment