From a69076e7921963e6931e0d5628ac99900f2bc796 Mon Sep 17 00:00:00 2001 From: Jelle Licht Date: Mon, 15 Nov 2021 21:38:16 +0100 Subject: gnu: node: Add cpe-name. * gnu/packages/node.scm (node)[properties]: Add cpe-name. --- gnu/packages/node.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'gnu/packages/node.scm') diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm index d0ffe8a398..ca8db58580 100644 --- a/gnu/packages/node.scm +++ b/gnu/packages/node.scm @@ -273,8 +273,9 @@ perfect for data-intensive real-time applications that run across distributed devices.") (home-page "https://nodejs.org/") (license license:expat) - (properties '((max-silent-time . 7200) ;2h, needed on ARM - (timeout . 21600))))) ;6h + (properties '((max-silent-time . 7200) ;2h, needed on ARM + (timeout . 21600) ;6h + (cpe-name . "node.js"))))) ;; This should be the latest version of node that still builds without ;; depending on llhttp. -- cgit v1.2.3 From cae7c3f3890a15ec5ed977966e5850fb3a93f9cd Mon Sep 17 00:00:00 2001 From: Jelle Licht Date: Thu, 28 Oct 2021 14:10:23 +0200 Subject: gnu: llhttp-bootstrap: Update to 2.1.4 [security-fixes]. * gnu/packages/node.scm (llhttp-bootstrap): Update to 2.1.4. Includes fixes for CVE-2021-22959 and CVE-2021-22960. --- gnu/packages/node.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/node.scm') diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm index ca8db58580..7a252e68be 100644 --- a/gnu/packages/node.scm +++ b/gnu/packages/node.scm @@ -576,7 +576,7 @@ parser definition into a C output.") (define-public llhttp-bootstrap (package (name "llhttp") - (version "2.1.3") + (version "2.1.4") (source (origin (method git-fetch) (uri (git-reference @@ -585,7 +585,7 @@ parser definition into a C output.") (file-name (git-file-name name version)) (sha256 (base32 - "0pqj7kyyzr1zs4h9yzn5rdxnxspm3wqgsv00765dd42fszlmrmk8")) + "115mwyds9655p76lhglxg2blc1ksgrix6zhigaxnc2q6syy3pa6x")) (patches (search-patches "llhttp-bootstrap-CVE-2020-8287.patch")) (modules '((guix build utils))) (snippet -- cgit v1.2.3 From f3cd70ff8c60ce51dfe8e37365caf1c787fcf62c Mon Sep 17 00:00:00 2001 From: Jelle Licht Date: Thu, 28 Oct 2021 14:11:45 +0200 Subject: gnu: node-lts: Update to 14.18.1 [security fixes]. * gnu/packages/node.scm (node-lts): Update to 14.18.1. [native-inputs]: Replace c-ares with c-ares-for-node. [inputs]: Replace c-ares with c-ares-for-node. Includes fixes for CVE-2021-22918, CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, and CVE-2021-22940. --- gnu/packages/node.scm | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'gnu/packages/node.scm') diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm index 7a252e68be..dccf871d2c 100644 --- a/gnu/packages/node.scm +++ b/gnu/packages/node.scm @@ -647,14 +647,14 @@ source files.") (define-public node-lts (package (inherit node) - (version "14.16.0") + (version "14.18.1") (source (origin (method url-fetch) (uri (string-append "https://nodejs.org/dist/v" version "/node-v" version ".tar.xz")) (sha256 (base32 - "19nz2mhmn6ikahxqyna1dn25pb5v3z9vsz9zb2flb6zp2yk4hxjf")) + "1vc9rypkgr5i5y946jnyr9jjpydxvm74p1s17rg2zayzvlddg89z")) (modules '((guix build utils))) (snippet `(begin @@ -783,6 +783,9 @@ source files.") '("test/parallel/test-dns.js" "test/parallel/test-dns-lookupService-promises.js")) + ;; These tests require networking. + (delete-file "test/parallel/test-https-agent-unref-socket.js") + ;; FIXME: This test fails randomly: ;; https://github.com/nodejs/node/issues/31213 (delete-file "test/parallel/test-net-listen-after-destroying-stdin.js") @@ -821,7 +824,7 @@ source files.") "deps/llhttp/include/llhttp.h")))))))) (native-inputs `(;; Runtime dependencies for binaries used as a bootstrap. - ("c-ares" ,c-ares) + ("c-ares" ,c-ares-for-node) ("brotli" ,brotli) ("icu4c" ,icu4c-67) ("libuv" ,libuv-for-node) @@ -837,7 +840,7 @@ source files.") (inputs `(("bash" ,bash) ("coreutils" ,coreutils) - ("c-ares" ,c-ares) + ("c-ares" ,c-ares-for-node) ("icu4c" ,icu4c-67) ("libuv" ,libuv-for-node) ("llhttp" ,llhttp-bootstrap) -- cgit v1.2.3