pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/nodejs10 nodejs10: updated to 10.23.1



details:   https://anonhg.NetBSD.org/pkgsrc/rev/04322c0e572e
branches:  trunk
changeset: 444337:04322c0e572e
user:      adam <adam%pkgsrc.org@localhost>
date:      Tue Jan 05 08:35:36 2021 +0000

description:
nodejs10: updated to 10.23.1

Version 10.23.1 'Dubnium' (LTS)

Notable changes

This is a security release.

Vulnerabilities fixed:

CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, 
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the 
caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits
CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case 
Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html).
CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in 
https://www.openssl.org/news/secadv/20201208.txt

diffstat:

 lang/nodejs10/Makefile |   4 ++--
 lang/nodejs10/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r 2054e07e4df5 -r 04322c0e572e lang/nodejs10/Makefile
--- a/lang/nodejs10/Makefile    Tue Jan 05 08:34:57 2021 +0000
+++ b/lang/nodejs10/Makefile    Tue Jan 05 08:35:36 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.18 2020/12/16 07:29:36 adam Exp $
+# $NetBSD: Makefile,v 1.19 2021/01/05 08:35:36 adam Exp $
 
-DISTNAME=      node-v10.23.0
+DISTNAME=      node-v10.23.1
 
 USE_LANGUAGES= c gnu++14
 
diff -r 2054e07e4df5 -r 04322c0e572e lang/nodejs10/distinfo
--- a/lang/nodejs10/distinfo    Tue Jan 05 08:34:57 2021 +0000
+++ b/lang/nodejs10/distinfo    Tue Jan 05 08:35:36 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.10 2020/11/14 09:54:23 jperkin Exp $
+$NetBSD: distinfo,v 1.11 2021/01/05 08:35:36 adam Exp $
 
-SHA1 (node-v10.23.0.tar.gz) = 641cefc66f2360dbf409f8bb7f94bf3096cb9da4
-RMD160 (node-v10.23.0.tar.gz) = 71fefc0b9451395f74750f956102e2b4cfa67144
-SHA512 (node-v10.23.0.tar.gz) = 959b3d2aadd2aa062b3e74f83234047c7c66a5636745208c484a25c33f60157892c101137afc8baf7f1de7fdeb5328ba5b1188781e3d07cad9716725c5fd3e11
-Size (node-v10.23.0.tar.gz) = 46560417 bytes
+SHA1 (node-v10.23.1.tar.gz) = 0ad5c10c53df0ec65dab7184950c23c66d3c6e40
+RMD160 (node-v10.23.1.tar.gz) = 4d7f814f4a506826de3d79b1d46ef226a9f7f65f
+SHA512 (node-v10.23.1.tar.gz) = 6414873d5f35738ea45752267c9268d6942de81131274504ab4505576e0a3af99ffcbd5692ab3c28554abb011215f2b72ca2b002e708de5ec4d1f9f799caacee
+Size (node-v10.23.1.tar.gz) = 46310109 bytes
 SHA1 (patch-common.gypi) = de37949f38d9bd39a18b59d59ec74e528bd323ac
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3



Home | Main Index | Thread Index | Old Index