Page MenuHomeFreeBSD

www/node14: Update to 14.17.5
AbandonedPublic

Authored by otis on Aug 6 2021, 10:55 AM.

Details

Reviewers
bhughes
zi
Summary

Update to 14.17.5 (as new www/kibana7 requires 14.17.3 or newer).

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 41266
Build 38155: arc lint + arc unit

Event Timeline

otis requested review of this revision.Aug 6 2021, 10:55 AM

Version 14.17.4 LTS is already published, it fixes a CVE and avoids the need of a patch (js-list-format.cc).

That being said, new security fixes are about to be released next week.

otis retitled this revision from www/node14: Update to 14.17.3 to www/node14: Update to 14.17.4.Aug 6 2021, 8:41 PM

Update to 17.17.3 (as new www/kibana7 requires this version).

Typo

Adding some upgrade notes here for reference:

This week's security releases:

  • Node.js v12.22.5 (LTS)
  • Node.js v14.17.5 (LTS)
  • Node.js v16.6.2 (Current)

For v14, specifically, it requires c-ares version 1.17.2 and a patch (GitHub PR #39739), I added ares_nameser.h to src (not the submitted patch) for simplicity.

Update:

  • dns/c-ares: Update to 1.17.2
  • www/node14: Update to 14.17.5

c-ares has been updated to 1.17.2 to meet node14's requirements.
Also, ares_nameser.h is being installed.

otis retitled this revision from www/node14: Update to 14.17.4 to www/node14: Update to 14.17.5.Aug 16 2021, 9:26 PM
otis edited the summary of this revision. (Show Details)
otis added a reviewer: zi.
  • security/vuxml will be updated, too, to reflect CVEs.
dns/c-ares/Makefile
42 ↗(On Diff #93793)

I copied this file to src in node14. They’re still debating what’s the best approach.

otis marked an inline comment as done.Aug 16 2021, 9:52 PM
otis added inline comments.
dns/c-ares/Makefile
42 ↗(On Diff #93793)

I copied this file to src in node14. They’re still debating what’s the best approach.

If you want to copy the file to src in node14, you will first need to have that file. And the only way for you to have that file (without need to extract dns/c-ares port) is to install it from within dns/c-ares package. With my update, ares_nameser.h will end up in ${LOCALBASE}/include, without any need for copying to node14's WRKSRC.

otis marked an inline comment as done.

security/vuxml: Document node14's vulnerabilities

dns/c-ares/Makefile
42 ↗(On Diff #93793)

Yes, I added it as a patch to node14. I’ll try posting your patches on bugzilla, usually the maintainer is very fast updating.

I have created PRs: 257900, 257902, 257903. (I don't see node12 in ports). Thank you!

www/node14/Makefile
5

Redirects to HTTPS

dns/c-ares/Makefile
42 ↗(On Diff #93810)

Take into account inputs from PR 257903

otis marked an inline comment as done.Aug 30 2021, 7:53 PM

Great! You beat me to it. I was waiting until tomorrow's security fixes to resubmit.

Thank you!

I have updated my PR with the latest version. I don't know why this has reached maintainer's timeout, usually the maintainer is very keen.

If possible, I would also like to have www/node updated (PR 257902).

Newer update is being discussed in review D32019.