[pkgsrc/trunk]: pkgsrc/lang/nodejs4 Update lang/nodejs4 to 4.8.4.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/lang/nodejs4 Update lang/nodejs4 to 4.8.4.
From: fhajny <fhajny%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 07:30:08 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f17b63fca7cf
branches:  trunk
changeset: 365230:f17b63fca7cf
user:      fhajny <fhajny%pkgsrc.org@localhost>
date:      Tue Jul 11 19:16:46 2017 +0000

description:
Update lang/nodejs4 to 4.8.4.

- Disable V8 snapshots - The hashseed embedded in the snapshot is
  currently the same for all runs of the binary. This opens node up to
  collision attacks which could result in a Denial of Service. We have
  temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
  is used for parsing NAPTR responses, could be triggered to read memory
  outside of the given input buffer if the passed in DNS response packet
  was crafted in a particular way. This patch checks that there is
  enough data for the required elements of an NAPTR record (2 int16, 3
  bytes for string lengths) before processing a record.

diffstat:

 lang/nodejs4/Makefile |   4 ++--
 lang/nodejs4/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r 6aec0bccc04b -r f17b63fca7cf lang/nodejs4/Makefile
--- a/lang/nodejs4/Makefile     Tue Jul 11 19:10:42 2017 +0000
+++ b/lang/nodejs4/Makefile     Tue Jul 11 19:16:46 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.32 2017/05/03 11:43:39 fhajny Exp $
+# $NetBSD: Makefile,v 1.33 2017/07/11 19:16:46 fhajny Exp $
 
-DISTNAME=      node-v4.8.3
+DISTNAME=      node-v4.8.4
 
 .include "../../lang/nodejs/Makefile.common"
 .include "../../mk/bsd.pkg.mk"
diff -r 6aec0bccc04b -r f17b63fca7cf lang/nodejs4/distinfo
--- a/lang/nodejs4/distinfo     Tue Jul 11 19:10:42 2017 +0000
+++ b/lang/nodejs4/distinfo     Tue Jul 11 19:16:46 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.28 2017/05/03 11:43:39 fhajny Exp $
+$NetBSD: distinfo,v 1.29 2017/07/11 19:16:46 fhajny Exp $
 
-SHA1 (node-v4.8.3.tar.gz) = bc170b03f8d9507a574ec334ac202b822ac3b938
-RMD160 (node-v4.8.3.tar.gz) = d960777f1623ed0fc2dcf14ddf5ca78613dba5be
-SHA512 (node-v4.8.3.tar.gz) = 4ab02672003ee00279ac99bbe041d8d26ee24f5e112f26bb14d9496e58cb2f1e4860033795e2599910442630f6dbcfdf1bfe6cfecc18751bc999c4df739790a6
-Size (node-v4.8.3.tar.gz) = 22771884 bytes
+SHA1 (node-v4.8.4.tar.gz) = f93917817c620c4314ba622a70af4c9565b11286
+RMD160 (node-v4.8.4.tar.gz) = 6ef96faf5f404d6f7d60b9db5d9491ac87fc9b68
+SHA512 (node-v4.8.4.tar.gz) = 6fd1fb7f3197db5b0469439cf2cf8b8ba7192bb9a4decd94f41134c424977dbe8304f812d2d73804d8d10f8bfa1c6e24c220d016b6cee7a4c7247ada4ed2392d
+Size (node-v4.8.4.tar.gz) = 22774599 bytes
 SHA1 (patch-common.gypi) = 5b3a50617358637a6f910de28bb5a14f037317a6
 SHA1 (patch-deps_cares_cares.gyp) = 2235eb44bc984fa2e745fdf1786f1ae6de6ef80f
 SHA1 (patch-deps_npm_node__modules_node-gyp_gyp_pylib_gyp_generator_make.py) = 78d6ddd37ae30e869e0da666a78baad86a638c50

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc Updated lang/nodejs4 to 4.8.4
Next by Date: [pkgsrc/trunk]: pkgsrc/lang/py-js2py Changes 0.44:
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated lang/nodejs4 to 4.8.4
Next by Thread: [pkgsrc/trunk]: pkgsrc/lang/py-js2py Changes 0.44:
Indexes:

Home | Main Index | Thread Index | Old Index