pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/nodejs6 Update lang/nodejs6 to 6.11.1.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/479fafce4f83
branches:  trunk
changeset: 365228:479fafce4f83
user:      fhajny <fhajny%pkgsrc.org@localhost>
date:      Tue Jul 11 19:10:32 2017 +0000

description:
Update lang/nodejs6 to 6.11.1.

- Disable V8 snapshots - The hashseed embedded in the snapshot is
  currently the same for all runs of the binary. This opens node up to
  collision attacks which could result in a Denial of Service. We have
  temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
  is used for parsing NAPTR responses, could be triggered to read memory
  outside of the given input buffer if the passed in DNS response packet
  was crafted in a particular way. This patch checks that there is
  enough data for the required elements of an NAPTR record (2 int16, 3
  bytes for string lengths) before processing a record.

diffstat:

 lang/nodejs6/Makefile |   4 ++--
 lang/nodejs6/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r 3d479cbca31f -r 479fafce4f83 lang/nodejs6/Makefile
--- a/lang/nodejs6/Makefile     Tue Jul 11 19:01:13 2017 +0000
+++ b/lang/nodejs6/Makefile     Tue Jul 11 19:10:32 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.12 2017/06/07 11:09:44 fhajny Exp $
+# $NetBSD: Makefile,v 1.13 2017/07/11 19:10:32 fhajny Exp $
 
-DISTNAME=      node-v6.11.0
+DISTNAME=      node-v6.11.1
 
 .include "../../lang/nodejs/Makefile.common"
 .include "../../mk/bsd.pkg.mk"
diff -r 3d479cbca31f -r 479fafce4f83 lang/nodejs6/distinfo
--- a/lang/nodejs6/distinfo     Tue Jul 11 19:01:13 2017 +0000
+++ b/lang/nodejs6/distinfo     Tue Jul 11 19:10:32 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.11 2017/06/07 11:09:44 fhajny Exp $
+$NetBSD: distinfo,v 1.12 2017/07/11 19:10:32 fhajny Exp $
 
-SHA1 (node-v6.11.0.tar.gz) = df31d0e4e2104b3a62342533af5fb879f321416b
-RMD160 (node-v6.11.0.tar.gz) = efc2d60ac3ce98897f3376707b972bf727bbe10c
-SHA512 (node-v6.11.0.tar.gz) = a298232f6393735f2d459eb23f78089dd7eb1bae4907dfe61b286ceb8f93d3131c2dd45f09643089d00e2a4bef0f35739c9c8984f88b34c0ab515793f38eda46
-Size (node-v6.11.0.tar.gz) = 26797030 bytes
+SHA1 (node-v6.11.1.tar.gz) = 6292aa058ec003e7633e56e714755f2a0e48eb9c
+RMD160 (node-v6.11.1.tar.gz) = de2731488a712e8caae1e39a809cee8f2544455a
+SHA512 (node-v6.11.1.tar.gz) = 72a622ed5b884ddfc467ca665c5ba0ed03093dff221664359fe5587f24c2c9a95775002089528fad56bdfafce2489c912638e68a7e10c74a730b07cbde28fab6
+Size (node-v6.11.1.tar.gz) = 26799657 bytes
 SHA1 (patch-common.gypi) = 5b3a50617358637a6f910de28bb5a14f037317a6
 SHA1 (patch-deps_cares_cares.gyp) = 2235eb44bc984fa2e745fdf1786f1ae6de6ef80f
 SHA1 (patch-deps_npm_node__modules_node-gyp_gyp_pylib_gyp_generator_make.py) = 78d6ddd37ae30e869e0da666a78baad86a638c50



Home | Main Index | Thread Index | Old Index