CVS commit: pkgsrc/lang/nodejs

["Filip Hajny" <fhajny%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   fhajny
Date:           Tue Jul 11 19:00:57 UTC 2017

Modified Files:
        pkgsrc/lang/nodejs: Makefile distinfo

Log Message:
Update lang/nodejs to 8.1.4.

- Disable V8 snapshots - The hashseed embedded in the snapshot is
  currently the same for all runs of the binary. This opens node up to
  collision attacks which could result in a Denial of Service. We have
  temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
  is used for parsing NAPTR responses, could be triggered to read memory
  outside of the given input buffer if the passed in DNS response packet
  was crafted in a particular way. This patch checks that there is
  enough data for the required elements of an NAPTR record (2 int16, 3
  bytes for string lengths) before processing a record. (David Drysdale)


To generate a diff of this commit:
cvs rdiff -u -r1.102 -r1.103 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.99 -r1.100 pkgsrc/lang/nodejs/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs/Makefile
diff -u pkgsrc/lang/nodejs/Makefile:1.102 pkgsrc/lang/nodejs/Makefile:1.103
--- pkgsrc/lang/nodejs/Makefile:1.102   Mon Jul  3 15:14:47 2017
+++ pkgsrc/lang/nodejs/Makefile Tue Jul 11 19:00:57 2017
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.102 2017/07/03 15:14:47 fhajny Exp $
+# $NetBSD: Makefile,v 1.103 2017/07/11 19:00:57 fhajny Exp $
 
-DISTNAME=      node-v8.1.3
+DISTNAME=      node-v8.1.4
 
 CONFIGURE_ARGS+=       --with-intl=system-icu
 

Index: pkgsrc/lang/nodejs/distinfo
diff -u pkgsrc/lang/nodejs/distinfo:1.99 pkgsrc/lang/nodejs/distinfo:1.100
--- pkgsrc/lang/nodejs/distinfo:1.99    Mon Jul  3 15:14:47 2017
+++ pkgsrc/lang/nodejs/distinfo Tue Jul 11 19:00:57 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.99 2017/07/03 15:14:47 fhajny Exp $
+$NetBSD: distinfo,v 1.100 2017/07/11 19:00:57 fhajny Exp $
 
-SHA1 (node-v8.1.3.tar.gz) = 15037f01cde124d5fc35281bd333afb5ee2b2856
-RMD160 (node-v8.1.3.tar.gz) = 75c1a2060305adb7abf2657489474ba03e0aa8e9
-SHA512 (node-v8.1.3.tar.gz) = 794af59b8f285f49bfbaee963f561beccdaebee05f94335a33b35db1cc8b7b42ae7c2376a38433e7af15ffd77b0299c1c978510460e5680370a2ca3683d05641
-Size (node-v8.1.3.tar.gz) = 29944234 bytes
+SHA1 (node-v8.1.4.tar.gz) = 13c3bd1e1a76dbaa46d754d4fbccdec5553cc2b0
+RMD160 (node-v8.1.4.tar.gz) = 57a6a05d3795ad677cbdd2941b18e72322a1a246
+SHA512 (node-v8.1.4.tar.gz) = da7f8b4deb3c6759c1eb881dc1971fe48ad7d86433580f837aff348bf59242e17ddbec0dc03fdf2bbbf2122a004ce0ee0331209c93e4359989324d82f91f04ab
+Size (node-v8.1.4.tar.gz) = 29947969 bytes
 SHA1 (patch-common.gypi) = 5b3a50617358637a6f910de28bb5a14f037317a6
 SHA1 (patch-deps_cares_cares.gyp) = 2235eb44bc984fa2e745fdf1786f1ae6de6ef80f
 SHA1 (patch-deps_npm_node__modules_node-gyp_gyp_pylib_gyp_generator_make.py) = 78d6ddd37ae30e869e0da666a78baad86a638c50