Navigation:
Browse pkgsrc
(this page) 2024-01-22 17:49:18 by Adam Ciarcinski | Files touched by this commit (31) |  |
Log message: nodejs16: removed; end-of-life |
| 2023-11-23 17:57:37 by Jonathan Perkin | Files touched by this commit (5) |
Log message: nodejs*: Consolidate and fix python includes. Ensures that PYTHON_FOR_BUILD_ONLY is set prior to including pyversion.mk, and ensures python and its dependencies are not buildlinked. |
| 2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message: *: recursive bump for icu 74.1 |
| 2023-11-02 14:21:07 by Adam Ciarcinski | Files touched by this commit (4) |
Log message: nodejs16: allow build with Python 3.12 |
| 2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message: *: bump for openssl 3 |
| 2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247) |
Log message: *: recursive bump for Python 3.11 as new default |
2023-08-11 07:55:02 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: nodejs: updated to 16.20.2 Version 16.20.2 'Gallium' (LTS) Notable Changes The following CVEs are fixed in this release: * CVE-2023-32002: Policies can be bypassed via Module.\_load (High) * CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire \ (Medium) * CVE-2023-32559: Policies can be bypassed via process.binding (Medium) * OpenSSL Security Releases |
| 2023-07-11 08:13:10 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message: revbump after nghttp3/ngtcp2 update |
| 2023-07-03 14:57:53 by Thomas Klausner | Files touched by this commit (3) |
Log message: nodejs*: add upper bounds so only the requested version is pulled in |
| 2023-06-21 17:15:43 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs16: updated to 16.20.1 Version 16.20.1 'Gallium' (LTS) This is a security release. Notable Changes The following CVEs are fixed in this release: * \ [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): \ `mainModule.__proto__` Bypass Experimental Policy Mechanism (High) * \ [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): \ Privilege escalation via Malicious Registry Key manipulation during Node.js \ installer repair process (Medium) * \ [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): \ Process interuption due to invalid Public Key information in x509 certificates \ (Medium) * \ [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): \ HTTP Request Smuggling via Empty headers separated by CR (Medium) * \ [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): \ DiffieHellman does not generate keys after setting a private key (Medium) * OpenSSL Security Releases * [OpenSSL security advisory 28th \ March](https://www.openssl.org/news/secadv/20230328.txt). * [OpenSSL security advisory 20th \ April](https://www.openssl.org/news/secadv/20230420.txt). * [OpenSSL security advisory 30th \ May](https://www.openssl.org/news/secadv/20230530.txt) * c-ares vulnerabilities: * \ [GHSA-9g78-jv2r-p7vc](https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc) * \ [GHSA-8r8p-23f3-64c2](https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2) * \ [GHSA-54xr-f67r-4pc4](https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4) * \ [GHSA-x6mf-cxr9-8q6v](https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v) |
New packages: