Bug 266595

Comment 1 Matthias Fechner 2022-10-16 08:18:29 UTC

Testbuilding now

Comment 2 Juraj Lutter 2022-10-16 09:08:43 UTC

I have newer update in my WIP, I can commit it in coming hours. Test builds are OK.

Comment 3 commit-hook 2022-10-16 16:21:09 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2bedef22cc3e8d539f63a6933b5396035093d61a

commit 2bedef22cc3e8d539f63a6933b5396035093d61a
Author:     Juraj Lutter <otis@FreeBSD.org>
AuthorDate: 2022-10-16 08:24:42 +0000
Commit:     Matthias Fechner <mfechner@FreeBSD.org>
CommitDate: 2022-10-16 16:19:49 +0000

    www/node16: Security update to 16.17.1

    Changelog: https://github.com/nodejs/node/releases/tag/v16.17.1

    The following CVEs are fixed in this release:

    CVE-2022-32212: DNS rebinding in --inspect on macOS
    CVE-2022-32213: bypass via obs-fold mechanic
    CVE-2022-35255: Weak randomness in WebCrypto keygen
    CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields

    PR:             266595
    Approved by:    (maintainer timeout)
    MFH:            2022Q4
    Differential Revision:  https://reviews.freebsd.org/D36692

 www/node16/Makefile  | 4 ++--
 www/node16/distinfo  | 6 +++---
 www/node16/pkg-plist | 5 ++---
 3 files changed, 7 insertions(+), 8 deletions(-)

Comment 4 Matthias Fechner 2022-10-16 16:22:29 UTC

There was a small plist issue, I fixed.
One build takes here 2,5 hours, so the second run took some time.

Please to commit any pending version you have.

Comment 5 Juraj Lutter 2022-10-19 12:54:16 UTC

Thanks, you were quicker than me.

There's already node19 out, I've started the work on getting it into ports.