Commit e058057d authored by Ariadne Conill's avatar Ariadne Conill 🐰
Browse files

main/nodejs: security upgrade to 14.17.3 (CVE-2021-22918)

parent fd9a2ea1
......@@ -6,6 +6,8 @@
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
# 14.17.3-r0:
# - CVE-2021-22918
# 14.16.1-r1:
# - CVE-2021-27290
# 14.16.1-r0:
......@@ -69,8 +71,8 @@
pkgname=nodejs
# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
# Odd-numbered versions are supported only for 9 months by upstream.
pkgver=14.16.1
pkgrel=1
pkgver=14.17.3
pkgrel=0
pkgdesc="JavaScript runtime built on V8 engine - LTS version"
url="https://nodejs.org/"
arch="all !mips64 !mips64el"
......@@ -92,7 +94,6 @@ replaces="nodejs-current nodejs-lts" # nodejs-lts for backward compatibility
source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz
disable-running-gyp-on-shared-deps.patch
link-with-libatomic-on-mips32.patch
npm-ssri-CVE-2021-27290.patch
"
builddir="$srcdir/node-v$pkgver"
......@@ -184,7 +185,8 @@ npm() {
mv "$pkgdir"/usr/lib/node_modules/npm "$subpkgdir"/usr/lib/node_modules/
}
sha512sums="40843674584c2010958b4faf12290b525f3e5b13d37e52e3b41d50691de16cc0a29ed1fbc81912a0f76f48648c603dfb726242d232e4542f46ab957a4042c05d node-v14.16.1.tar.gz
sha512sums="
0ceeddd2b93ed1f7c40912b6533879f7401aaafd27f54230c65ec0454b2eb860abe855c73428a43aa440502302b31fd4a6fa700f5cb0b00702cd2ef522dbf496 node-v14.17.3.tar.gz
dbe8167b61518f8f59176759d69834d57bf3e6a5a5fd3dfc2359cafe0325da08b27f8220d278ed77f50c9f63a03313eabbbb0eaca3e592e5bb4e0d5be0ced373 disable-running-gyp-on-shared-deps.patch
44e81fbf254bd79e38b813f7f5a1336df854588939cba50aaec600660495f9b7745a7049a99eb59d15a51100b3a44f66892a902d7fc32e1399b51883ad4c02cf link-with-libatomic-on-mips32.patch
c36fc3dfa60ef35c3a319d55bfbe32088e9ad63ee79345a6621cf5f65ab285a567963c687fb46783bba7c43d511cab4d734788c2a7b1d47872eb1ce2f928b928 npm-ssri-CVE-2021-27290.patch"
"
From 63b5c56c5203c8965c8ddeff28f2a65010b40b7c Mon Sep 17 00:00:00 2001
From: Ruy Adorno <ruyadorno@hotmail.com>
Date: Thu, 8 Apr 2021 15:26:34 -0400
Subject: [PATCH] ssri@6.0.2
Patch-Source: https://github.com/npm/cli/pull/3054
--- a/deps/npm/node_modules/ssri/index.js
+++ b/deps/npm/node_modules/ssri/index.js
@@ -8,7 +8,7 @@ const SPEC_ALGORITHMS = ['sha256', 'sha384', 'sha512']
const BASE64_REGEX = /^[a-z0-9+/]+(?:=?=?)$/i
const SRI_REGEX = /^([^-]+)-([^?]+)([?\S*]*)$/
-const STRICT_SRI_REGEX = /^([^-]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)*$/
+const STRICT_SRI_REGEX = /^([^-]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)?$/
const VCHAR_REGEX = /^[\x21-\x7E]+$/
const SsriOpts = figgyPudding({
--- a/deps/npm/node_modules/ssri/package.json
+++ b/deps/npm/node_modules/ssri/package.json
@@ -1,31 +1,32 @@
{
- "_from": "ssri@latest",
- "_id": "ssri@6.0.1",
+ "_from": "ssri@6.0.2",
+ "_id": "ssri@6.0.2",
"_inBundle": false,
- "_integrity": "sha512-3Wge10hNcT1Kur4PDFwEieXSCMCJs/7WvSACcrMYrNp+b8kDL1/0wJch5Ni2WrtwEa2IO8OsVfeKIciKCDx/QA==",
+ "_integrity": "sha512-cepbSq/neFK7xB6A50KHN0xHDotYzq58wWCa5LeWqnPrHG8GzfEjO/4O8kpmcGW+oaxkvhEJCWgbgNk4/ZV93Q==",
"_location": "/ssri",
"_phantomChildren": {},
"_requested": {
- "type": "tag",
+ "type": "version",
"registry": true,
- "raw": "ssri@latest",
+ "raw": "ssri@6.0.2",
"name": "ssri",
"escapedName": "ssri",
- "rawSpec": "latest",
+ "rawSpec": "6.0.2",
"saveSpec": null,
- "fetchSpec": "latest"
+ "fetchSpec": "6.0.2"
},
"_requiredBy": [
"#USER",
"/",
"/cacache",
+ "/libnpmpublish",
"/make-fetch-happen",
"/pacote"
],
- "_resolved": "https://registry.npmjs.org/ssri/-/ssri-6.0.1.tgz",
- "_shasum": "2a3c41b28dd45b62b63676ecb74001265ae9edd8",
- "_spec": "ssri@latest",
- "_where": "/Users/zkat/Documents/code/work/npm",
+ "_resolved": "https://registry.npmjs.org/ssri/-/ssri-6.0.2.tgz",
+ "_shasum": "157939134f20464e7301ddba3e90ffa8f7728ac5",
+ "_spec": "ssri@6.0.2",
+ "_where": "/Users/ruyadorno/Documents/workspace/cli/legacy",
"author": {
"name": "Kat Marchán",
"email": "kzm@sykosomatic.org"
@@ -89,5 +90,5 @@
"update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
"update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
},
- "version": "6.0.1"
+ "version": "6.0.2"
}
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -132,7 +132,7 @@
"slide": "~1.1.6",
"sorted-object": "~2.0.1",
"sorted-union-stream": "~2.1.3",
- "ssri": "^6.0.1",
+ "ssri": "^6.0.2",
"stringify-package": "^1.0.1",
"tar": "^4.4.13",
"text-table": "~0.2.0",
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment