Page MenuHomeFreeBSD
Differential D31433

www/node14: Update to 14.17.5
AbandonedPublic
Actions

Authored by otis on Aug 6 2021, 10:55 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mar 28 2024, 9:49 PM
Unknown Object (File)
Mar 3 2024, 6:58 PM
Unknown Object (File)
Dec 25 2023, 3:07 AM
Unknown Object (File)
Dec 20 2023, 7:01 AM
Unknown Object (File)
Nov 30 2023, 2:24 PM
Unknown Object (File)
Nov 29 2023, 10:01 AM
Unknown Object (File)
Nov 23 2023, 3:08 PM
Unknown Object (File)
Nov 13 2023, 8:00 AM
View All 27 Files
Subscribers
diizzy
jlduran_gmail.com
mat
zlei

Details

Reviewers
bhughes
zi
Summary

Update to 14.17.5 (as new www/kibana7 requires 14.17.3 or newer).

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 41266
Build 38155: arc lint + arc unit

Event Timeline

otis created this revision.Aug 6 2021, 10:55 AM
Herald added a subscriber: mat. · View Herald TranscriptAug 6 2021, 10:55 AM
otis requested review of this revision.Aug 6 2021, 10:55 AM
Harbormaster completed remote builds in B40889: Diff 93317.Aug 6 2021, 10:55 AM
jlduran_gmail.com added a subscriber: jlduran_gmail.com.EditedAug 6 2021, 4:41 PM

Version 14.17.4 LTS is already published, it fixes a CVE and avoids the need of a patch (js-list-format.cc).

That being said, new security fixes are about to be released next week.

otis updated this revision to Diff 93338.Aug 6 2021, 8:40 PM

Upate to 14.17.4

Harbormaster completed remote builds in B40899: Diff 93338.Aug 6 2021, 8:40 PM
otis retitled this revision from www/node14: Update to 14.17.3 to www/node14: Update to 14.17.4.Aug 6 2021, 8:41 PM
zlei added a subscriber: zlei.Aug 10 2021, 5:06 AM

Update to 17.17.3 (as new www/kibana7 requires this version).

Typo

jlduran_gmail.com added a comment.EditedAug 12 2021, 11:58 AM

Adding some upgrade notes here for reference:

This week's security releases:

  • Node.js v12.22.5 (LTS)
  • Node.js v14.17.5 (LTS)
  • Node.js v16.6.2 (Current)

For v14, specifically, it requires c-ares version 1.17.2 and a patch (GitHub PR #39739), I added ares_nameser.h to src (not the submitted patch) for simplicity.

otis updated this revision to Diff 93793.Aug 16 2021, 9:26 PM

Update:

  • dns/c-ares: Update to 1.17.2
  • www/node14: Update to 14.17.5

c-ares has been updated to 1.17.2 to meet node14's requirements.
Also, ares_nameser.h is being installed.

Harbormaster completed remote builds in B41084: Diff 93793.Aug 16 2021, 9:26 PM
otis retitled this revision from www/node14: Update to 14.17.4 to www/node14: Update to 14.17.5.Aug 16 2021, 9:26 PM
otis edited the summary of this revision. (Show Details)
otis added a reviewer: zi.
  • security/vuxml will be updated, too, to reflect CVEs.
jlduran_gmail.com added inline comments.Aug 16 2021, 9:36 PM
dns/c-ares/Makefile
42 ↗(On Diff #93793)

I copied this file to src in node14. They’re still debating what’s the best approach.

otis marked an inline comment as done.Aug 16 2021, 9:52 PM
otis added inline comments.
dns/c-ares/Makefile
42 ↗(On Diff #93793)

I copied this file to src in node14. They’re still debating what’s the best approach.

If you want to copy the file to src in node14, you will first need to have that file. And the only way for you to have that file (without need to extract dns/c-ares port) is to install it from within dns/c-ares package. With my update, ares_nameser.h will end up in ${LOCALBASE}/include, without any need for copying to node14's WRKSRC.

otis updated this revision to Diff 93794.Aug 16 2021, 9:56 PM
otis marked an inline comment as done.

security/vuxml: Document node14's vulnerabilities

Harbormaster completed remote builds in B41085: Diff 93794.Aug 16 2021, 9:56 PM
jlduran_gmail.com added inline comments.Aug 16 2021, 11:36 PM
dns/c-ares/Makefile
42 ↗(On Diff #93793)

Yes, I added it as a patch to node14. I’ll try posting your patches on bugzilla, usually the maintainer is very fast updating.

jlduran_gmail.com added a comment.Aug 17 2021, 2:06 AM

I have created PRs: 257900, 257902, 257903. (I don't see node12 in ports). Thank you!

otis updated this revision to Diff 93810.Aug 17 2021, 7:27 AM

Delete stray patch.

Harbormaster completed remote builds in B41092: Diff 93810.Aug 17 2021, 7:27 AM
diizzy added a subscriber: diizzy.Aug 17 2021, 9:41 AM
diizzy added inline comments.
dns/c-ares/Makefile
7 ↗(On Diff #93810)

This should probably go and be replaced by GitHub
https://github.com/c-ares/c-ares/releases/tag/cares-1_17_2 --> https://github.com/c-ares/c-ares/releases/download/cares-1_17_2/c-ares-1.17.2.tar.gz

diizzy added inline comments.Aug 17 2021, 9:46 AM
www/node14/Makefile
5

Redirects to HTTPS

jlduran_gmail.com added inline comments.Aug 17 2021, 11:40 AM
dns/c-ares/Makefile
42 ↗(On Diff #93810)

Just for reference:
https://github.com/c-ares/c-ares/issues/415

otis updated this revision to Diff 94388.Aug 30 2021, 7:51 PM

Take into account inputs from PR 257903

Harbormaster completed remote builds in B41266: Diff 94388.Aug 30 2021, 7:51 PM
otis marked an inline comment as done.Aug 30 2021, 7:53 PM
jlduran_gmail.com added a comment.Aug 30 2021, 8:41 PM

Great! You beat me to it. I was waiting until tomorrow's security fixes to resubmit.

Thank you!

jlduran_gmail.com added a comment.Aug 31 2021, 4:38 PM

I have updated my PR with the latest version. I don't know why this has reached maintainer's timeout, usually the maintainer is very keen.

If possible, I would also like to have www/node updated (PR 257902).

otis abandoned this revision.Sep 19 2021, 10:59 AM

Newer update is being discussed in review D32019.

Revision Contents
Changeset List

Diff 94388

View Options

www/node14/Makefile

Loading...
View Options

www/node14/distinfo

Loading...
View Options

www/node14/files/patch-deps_v8_src_objects_js-list-format.cc

Loading...
View Options

www/node14/files/patch-src_ares__nameser.h

Loading...
View Options

www/node14/pkg-plist

Loading...