Volker Schlecht <openbsd-po...@schlecht.dev> writes:
> Even smaller diff attached. > > To reiterate the (intended) changes to look out for: > > * Update to v16.13.2 (Active LTS Release) > > * Change from bundled versions of > - libuv > - c-ares > - nghttp2 > - zlib > - brotli > - icu > - openssl > to libraries from ports. > > * Drop patches for bundled openssl, cares, zlib > > * Adapted v8 patches from www/chromium > > * Patch for node's c-ares wrapper to define ns_class, ns_type, ns_opcode and > ns_code, since those are not defined in our arpa/nameser.h > https://marc.info/?l=openbsd-ports&m=164158353605076&w=2 > > * Using OpenBSD's zlib has the side effect of fixing > https://marc.info/?l=openbsd-ports&m=164344705329686&w=2 > > * Fixes broken detection of the executable path on OpenBSD. > See patch-src_env_cc. This currently prevents node-pledge from > being actually used. > > * Fixes > CVE-2021-44531 > CVE-2021-44532 > CVE-2021-44533 > CVE-2022-21824 > > * NodeJS v12.22.9 would also fix those, but 12.x will be EOL'ed in 3 months. Committed! Thanks! > > > It builds www/firefox, it builds www/chromium, it's been running fine for me > in > day-to-day use. > > [2. text/plain; patch-node-16.13.2_3.txt]...
