The NetBSD Project

CVS log for pkgsrc/lang/nodejs10/Attic/distinfo

[BACK] Up to [] / pkgsrc / lang / nodejs10

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.18, Tue Apr 5 16:57:17 2022 UTC (17 months, 3 weeks ago) by adam
Branch: MAIN
Changes since 1.17: +1 -1 lines

nodejs10: removed, end of life

Revision 1.17 / (download) - annotate - [select for diffs], Tue Oct 26 10:51:44 2021 UTC (23 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)

lang: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles could not be fetched (possibly fetched

./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-musl.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-armv7-unknown-netbsd-eabihf.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-i686-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-sparc64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-apple-darwin.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-freebsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-musl.tar.gz
./lang/smlnj/distinfo smlnj-110.73/boot.ppc-unix.tgz
./lang/smlnj/distinfo smlnj-110.73/boot.sparc-unix.tgz
./lang/oracle-jre8/distinfo jre-8u202-linux-i586.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-linux-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-macosx-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-solaris-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-i586.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-solaris-x64.tar.gz
./lang/ghc80/distinfo ghc-7.10.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-i386-unknown-freebsd.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-x86_64-unknown-freebsd.tar.xz
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/rust/distinfo rust-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-illumos.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-std-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/smlnj11072/distinfo smlnj-110.72/boot.ppc-unix.tgz
./lang/smlnj11072/distinfo smlnj-110.72/boot.sparc-unix.tgz
./lang/ghc84/distinfo ghc-8.0.2-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.10.3-boot-i386-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-i386-unknown-solaris2.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-powerpc-apple-darwin.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-8.10.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-aarch64-unknown-netbsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-i386-unknown-freebsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-apple-darwin.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-unknown-freebsd.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.8.181-netbsd-8-aarch64-20180917.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.6-amd64-20140719.tar.bz2
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
./lang/go-bin/distinfo go1.14.2.darwin-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-386.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-arm64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-armv6l.tar.gz
./lang/go-bin/distinfo go1.14.2.netbsd-arm64.tar.gz
./lang/go-bin/distinfo go1.16beta1.darwin-arm64.tar.gz
./lang/gcc6-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/ghc810/distinfo ghc-8.8.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/sun-jre7/distinfo jre-7u80-linux-x64.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-i586.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-x64.tar.gz
./lang/ghc88/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/gcc-aux/distinfo ada-bootstrap.i386.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/gcc6/distinfo ecj-4.5.jar
./lang/openjdk11/distinfo bootstrap-jdk-
./lang/sun-jdk7/distinfo jdk-7u80-linux-x64.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-i586.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-x64.tar.gz

Revision 1.16 / (download) - annotate - [select for diffs], Thu Oct 7 14:21:02 2021 UTC (23 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.15: +1 -2 lines
Diff to previous 1.15 (colored)

lang: Remove SHA1 hashes for distfiles

Revision 1.15 / (download) - annotate - [select for diffs], Wed Apr 7 06:19:21 2021 UTC (2 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2
Changes since 1.14: +5 -5 lines
Diff to previous 1.14 (colored)

nodejs10: updated to 10.24.1

Version 10.24.1 'Dubnium' (LTS)

This is a security release.

Notable Changes

Vulerabilties fixed:

CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in
All versions of the 14.x, 12.x and 10.x releases lines

Revision 1.14 / (download) - annotate - [select for diffs], Wed Feb 24 11:10:11 2021 UTC (2 years, 7 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1
Changes since 1.13: +5 -5 lines
Diff to previous 1.13 (colored)

nodejs10/12: switch to .tar.xz

Revision 1.13 / (download) - annotate - [select for diffs], Wed Feb 24 11:04:35 2021 UTC (2 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.12: +5 -5 lines
Diff to previous 1.12 (colored)

nodejs10: updated to 10.24.0

Version 10.24.0 'Dubnium' (LTS)

This is a security release.

Notable changes

Vulnerabilities fixed:

CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
CVE-2021-22884: DNS rebinding in --inspect
Affected Node.js versions are vulnerable to denial of service attacks when the whitelist includes „ŗ◊Õocalhost6„ŗ When „ŗ◊Õocalhost6„ŗis not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the „ŗ◊Õocalhost6„ŗdomain. As long as the attacker uses the „ŗ◊Õocalhost6„ŗdomain, they can still apply the attack described in CVE-2018-7160.
CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in

Revision 1.12 / (download) - annotate - [select for diffs], Mon Feb 15 10:20:58 2021 UTC (2 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.11: +5 -5 lines
Diff to previous 1.11 (colored)

nodejs10: updated to 10.23.3

Version 10.23.3 'Dubnium' (LTS)

Notable changes

The update to npm 6.14.11 has been relanded so that npm correctly reports its version.

Version 10.23.2 'Dubnium'

Notable changes

Release keys have been synchronized with the main branch.

upgrade npm to 6.14.11

Revision 1.11 / (download) - annotate - [select for diffs], Tue Jan 5 08:35:36 2021 UTC (2 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.10: +5 -5 lines
Diff to previous 1.10 (colored)

nodejs10: updated to 10.23.1

Version 10.23.1 'Dubnium' (LTS)

Notable changes

This is a security release.

Vulnerabilities fixed:

CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits
CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (
CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in

Revision 1.10 / (download) - annotate - [select for diffs], Sat Nov 14 09:54:23 2020 UTC (2 years, 10 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.9: +3 -1 lines
Diff to previous 1.9 (colored)

nodejs*: Fix builds with icu-68.1.

Revision 1.9 / (download) - annotate - [select for diffs], Thu Nov 12 21:02:43 2020 UTC (2 years, 10 months ago) by adam
Branch: MAIN
Changes since 1.8: +5 -5 lines
Diff to previous 1.8 (colored)

nodejs10: updated to 10.23.0

Version 10.23.0 'Dubnium' (LTS)

Notable changes

upgrade npm to 6.14.8

create N-API version 7
expose napi_build_version variable

add debug entitlements for macOS 10.15+

Revision 1.8 / (download) - annotate - [select for diffs], Fri Oct 2 12:23:53 2020 UTC (2 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.7: +6 -8 lines
Diff to previous 1.7 (colored)

nodejs10: updated to 10.22.1

Version 10.22.1 'Dubnium' (LTS)

Notable changes
This is a security release.

Vulnerabilities fixed:
CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).

Version 10.22.0 'Dubnium' (LTS)

Notable changes
* upgrade npm to 6.14.6
* upgrade openssl sources to 1.1.1g
* add napi_detach_arraybuffer

Revision 1.7 / (download) - annotate - [select for diffs], Wed Jun 3 09:25:38 2020 UTC (3 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2
Changes since 1.6: +5 -5 lines
Diff to previous 1.6 (colored)

nodejs10: updated to 10.21.0

Version 10.21.0 'Dubnium' (LTS)

Notable changes

This is a security release.

Vulnerabilities fixed:

CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).
CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).


- deps: fix OPENSSLDIR on Windows
- deps: backport ICU-20958 to fix CVE-2020-10531
- (SEMVER-MINOR) deps: update nghttp2 to 1.41.0
- (SEMVER-MINOR) http2: implement support for max settings entries
- napi: fix memory corruption vulnerability

Revision 1.6 / (download) - annotate - [select for diffs], Sat May 30 20:44:39 2020 UTC (3 years, 3 months ago) by joerg
Branch: MAIN
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 (colored)

Don't implicitly convert pointers to bool.

Revision 1.5 / (download) - annotate - [select for diffs], Fri Apr 17 07:58:54 2020 UTC (3 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.4: +5 -5 lines
Diff to previous 1.4 (colored)

nodejs10: updated to 10.20.1

Version 10.20.1 'Dubnium'

Notable changes

Due to release process failures, Node.js v10.20.0 shipped with source and header tarballs that did not properly match the final release commit that was used to build the binaries. We recommend that Node.js v10.20.0 not be used, particularly in any applications using native add-ons or where compiling Node.js from source is involved.

Node.js v10.20.1 is a clean release with the correct sources and is strongly recommended in place of v10.20.0.

Version 10.20.0 'Dubnium'

macOS package notarization and a change in builder configuration

The macOS binaries for this release, and future 10.x releases, are now being compiled on macOS 10.15

Notable changes
buffer: add {read|write}Big[U]Int64{BE|LE} methods
build: macOS package notarization

update npm to 6.14.3
upgrade openssl sources to 1.1.1e
upgrade to libuv 1.34.2

add napi_get_all_property_names
add APIs for per-instance state management
define release 6
turn NAPI_CALL_INTO_MODULE into a function

expose keylog event on TLSSocket
support TLS min/max protocol defaults in CLI
url: handle quasi-WHATWG URLs in urlToOptions()

Revision 1.4 / (download) - annotate - [select for diffs], Fri Feb 7 09:50:36 2020 UTC (3 years, 7 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.3: +5 -5 lines
Diff to previous 1.3 (colored)

nodejs10: updated to 10.19.0

Version 10.19.0 'Dubnium' (LTS):

Notable changes

This is a security release.

Vulnerabilities fixed:

CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may cause problems in interoperability with some non-conformant HTTP implementations, it is possible to disable the strict checks with the --insecure-http-parser command line flag, or the insecureHTTPParser http option. Using the insecure HTTP parser should be avoided.

Revision 1.3 / (download) - annotate - [select for diffs], Fri Jan 24 18:57:09 2020 UTC (3 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.2: +6 -19 lines
Diff to previous 1.2 (colored)

nodejs10: updated to 10.18.1

Version 10.18.1 'Dubnium':

Notable changes
http2: fix session memory accounting after pausing
n-api: correct bug in napi_get_last_error
tools: update tzdata to 2019c

Revision 1.2 / (download) - annotate - [select for diffs], Sun Dec 29 15:40:00 2019 UTC (3 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.1: +6 -6 lines
Diff to previous 1.1 (colored)

nodejs10: updated to 10.18.0

Version 10.18.0 'Dubnium' (LTS)
Notable changes
deps: update npm to 6.13.4

Revision 1.1 / (download) - annotate - [select for diffs], Mon Dec 9 20:05:40 2019 UTC (3 years, 9 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4

nodejs: added version 12.13.1, removed version 6.14.3

Moved nodejs to nodejs10 - version 10.17.0

Version 12.13.1 'Erbium' (LTS):

Notable changes
Experimental support for building Node.js with Python 3 is improved.
ICU time zone data is updated to version 2019c. This fixes the date offset in Brazil.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

CVSweb <>