pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/nodejs Update lang/nodejs to 8.1.4.

details:   https://anonhg.NetBSD.org/pkgsrc/rev/4a1cfa852c08
branches:  trunk
changeset: 365226:4a1cfa852c08
user:      fhajny <fhajny%pkgsrc.org@localhost>
date:      Tue Jul 11 19:00:57 2017 +0000

description:
Update lang/nodejs to 8.1.4.

- Disable V8 snapshots - The hashseed embedded in the snapshot is
  currently the same for all runs of the binary. This opens node up to
  collision attacks which could result in a Denial of Service. We have
  temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
  is used for parsing NAPTR responses, could be triggered to read memory
  outside of the given input buffer if the passed in DNS response packet
  was crafted in a particular way. This patch checks that there is
  enough data for the required elements of an NAPTR record (2 int16, 3
  bytes for string lengths) before processing a record. (David Drysdale)

diffstat:

 lang/nodejs/Makefile |   4 ++--
 lang/nodejs/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r f1b5564d72c8 -r 4a1cfa852c08 lang/nodejs/Makefile
--- a/lang/nodejs/Makefile      Tue Jul 11 17:31:49 2017 +0000
+++ b/lang/nodejs/Makefile      Tue Jul 11 19:00:57 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.102 2017/07/03 15:14:47 fhajny Exp $
+# $NetBSD: Makefile,v 1.103 2017/07/11 19:00:57 fhajny Exp $
 
-DISTNAME=      node-v8.1.3
+DISTNAME=      node-v8.1.4
 
 CONFIGURE_ARGS+=       --with-intl=system-icu
 
diff -r f1b5564d72c8 -r 4a1cfa852c08 lang/nodejs/distinfo
--- a/lang/nodejs/distinfo      Tue Jul 11 17:31:49 2017 +0000
+++ b/lang/nodejs/distinfo      Tue Jul 11 19:00:57 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.99 2017/07/03 15:14:47 fhajny Exp $
+$NetBSD: distinfo,v 1.100 2017/07/11 19:00:57 fhajny Exp $
 
-SHA1 (node-v8.1.3.tar.gz) = 15037f01cde124d5fc35281bd333afb5ee2b2856
-RMD160 (node-v8.1.3.tar.gz) = 75c1a2060305adb7abf2657489474ba03e0aa8e9
-SHA512 (node-v8.1.3.tar.gz) = 794af59b8f285f49bfbaee963f561beccdaebee05f94335a33b35db1cc8b7b42ae7c2376a38433e7af15ffd77b0299c1c978510460e5680370a2ca3683d05641
-Size (node-v8.1.3.tar.gz) = 29944234 bytes
+SHA1 (node-v8.1.4.tar.gz) = 13c3bd1e1a76dbaa46d754d4fbccdec5553cc2b0
+RMD160 (node-v8.1.4.tar.gz) = 57a6a05d3795ad677cbdd2941b18e72322a1a246
+SHA512 (node-v8.1.4.tar.gz) = da7f8b4deb3c6759c1eb881dc1971fe48ad7d86433580f837aff348bf59242e17ddbec0dc03fdf2bbbf2122a004ce0ee0331209c93e4359989324d82f91f04ab
+Size (node-v8.1.4.tar.gz) = 29947969 bytes
 SHA1 (patch-common.gypi) = 5b3a50617358637a6f910de28bb5a14f037317a6
 SHA1 (patch-deps_cares_cares.gyp) = 2235eb44bc984fa2e745fdf1786f1ae6de6ef80f
 SHA1 (patch-deps_npm_node__modules_node-gyp_gyp_pylib_gyp_generator_make.py) = 78d6ddd37ae30e869e0da666a78baad86a638c50
Home | Main Index | Thread Index | Old Index