A ton of changes since 18.12.1, including a few security fixes released a few
days ago that affect OpenBSD's port:
* Node.js Permissions policies can be bypassed via process.mainModule
(CVE-2023-23918)
* Node.js OpenSSL error handling issues in nodejs crypto library
(CVE-2023-23919)
* Fetch API in Node.js did not protect against CRLF injection in host headers
(CVE-2023-23936)
* Regular Expression Denial of Service in Headers in Node.js fetch API
(CVE-2023-24807)
Port changes:
* reinstate old patch to disable building the bundled googletest, because that
could lead to build-time conflicts when devel/gtest is installed, now that the
version of devel/gtest has diverged from the bundled version again
* This fixes a build issue on riscv64 that slipped into v18.13.0
https://github.com/nodejs/node/commit/1e11247b91
* PLIST churn due to updated npm
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.14.1
* Change from bundled versions of
- libuv
- c-ares
- nghttp2
- zlib
- brotli
- icu
- openssl
to libraries from ports.
* Drop patches for bundled openssl, cares, zlib
* Adapted v8 patches from www/chromium
* Patch for node's c-ares wrapper to define ns_class, ns_type, ns_opcode and
ns_code, since those are not defined in our arpa/nameser.h
https://marc.info/?l=openbsd-ports&m=164158353605076&w=2
* Using OpenBSD's zlib has the side effect of fixing
https://marc.info/?l=openbsd-ports&m=164344705329686&w=2
* Fixes broken detection of the executable path on OpenBSD.
See patch-src_env_cc. This currently prevents node-pledge from
being actually used.
* Fixes
CVE-2021-44531
CVE-2021-44532
CVE-2021-44533
CVE-2022-21824
Original diff from MAINTAINER Volker Schlecht, tweaks and OK from sthen@
Thanks Volker!
- We now ship the -header package instead of including the full distfile.
This fixes node-gyp builds (as we had the wrong version in there).
- Teach the bundled openssl how to use $MAKE_PROGRAM (patch from Martin Sander).
While here, drop myself as MAINTAINER.
OK denis@
- add patch to work around boostrap execpath stuff (api not exposed yet)
- regen patches
- remove upstreamed patches
- remove orig entries in plist (thanks espie@)
No objections.
files that aren't needed, and regen plist which fixes a packaging problem
with i386. Cleanup unused CFLAGS from SUBST_VARS as well, and switch run dep
to g++ instead of gcc. OK abieber@
- Use internal OpenSSL (no LibreSSL :( )
- Remove node.port.mk as there are no longer any modules in ports.
- Remove various patches that are now upstream.
- Fix some tests by telling test.py the fully qualified path to node
- Add gcc as a RUN dep for building native node modules.
- Clean up Makefile a bit.
OK juanfra@
sthen