[pkgsrc/trunk]: pkgsrc/lang/nodejs nodejs: updated to 14.15.4

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/lang/nodejs nodejs: updated to 14.15.4
From: adam <adam%pkgsrc.org@localhost>
Date: Tue, 05 Jan 2021 09:37:21 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/419056eb04aa
branches:  trunk
changeset: 444335:419056eb04aa
user:      adam <adam%pkgsrc.org@localhost>
date:      Tue Jan 05 08:31:04 2021 +0000

description:
nodejs: updated to 14.15.4

Version 14.15.4 'Fermium' (LTS)

Notable Changes

Vulnerabilities fixed:

CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)

This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt

CVE-2020-8265: use-after-free in TLSWrap (High)

Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly 
allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited 
to corrupt memory leading to a Denial of Service or potentially other exploits.

CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)

Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores 
the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html).

diffstat:

 lang/nodejs/Makefile |   4 ++--
 lang/nodejs/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r 0ae51b77be87 -r 419056eb04aa lang/nodejs/Makefile
--- a/lang/nodejs/Makefile      Tue Jan 05 08:29:28 2021 +0000
+++ b/lang/nodejs/Makefile      Tue Jan 05 08:31:04 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.205 2020/12/31 20:04:12 nia Exp $
+# $NetBSD: Makefile,v 1.206 2021/01/05 08:31:04 adam Exp $
 
-DISTNAME=      node-v14.15.3
+DISTNAME=      node-v14.15.4
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++14
diff -r 0ae51b77be87 -r 419056eb04aa lang/nodejs/distinfo
--- a/lang/nodejs/distinfo      Tue Jan 05 08:29:28 2021 +0000
+++ b/lang/nodejs/distinfo      Tue Jan 05 08:31:04 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.190 2020/12/21 09:41:32 adam Exp $
+$NetBSD: distinfo,v 1.191 2021/01/05 08:31:04 adam Exp $
 
-SHA1 (node-v14.15.3.tar.xz) = 3976ed5e20f361566d340320c33f4c1ebbc29265
-RMD160 (node-v14.15.3.tar.xz) = dd5628d97e48fd9ee73b32525294a98b25128b37
-SHA512 (node-v14.15.3.tar.xz) = fda889445084af615d1c6d6e16cf99e48a9f309b37273382f2060cf34f4aa5b11d73b96a8c7f86afa12b6da553dcfa639c0c8ca693480534d1b00dbc8b4d741c
-Size (node-v14.15.3.tar.xz) = 33302128 bytes
+SHA1 (node-v14.15.4.tar.xz) = a63eca39a1323243b2fd4b0879870f3a40d08a8d
+RMD160 (node-v14.15.4.tar.xz) = 0ad20166cb8829e9bf79d84b54b9063ec00cd2fa
+SHA512 (node-v14.15.4.tar.xz) = 0d497a5d51de52412d09dd0fbcb936dbf0cba810f84d598be8f02c876d55f614e00c1ea0b25a00838e7b9f9c73a7882e3de0e9507d1c6ee45270a62d3438ab41
+Size (node-v14.15.4.tar.xz) = 33296076 bytes
 SHA1 (patch-common.gypi) = f0bd2962bf7c8466db24b35a35154897ecad6316
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3

Prev by Date: [pkgsrc/trunk]: pkgsrc/lang/npm npm: updated to 6.14.10
Next by Date: [pkgsrc/trunk]: pkgsrc/lang/nodejs12 nodejs12: updated to 12.20.1
Previous by Thread: [pkgsrc/trunk]: pkgsrc/lang/npm npm: updated to 6.14.10
Next by Thread: [pkgsrc/trunk]: pkgsrc/lang/nodejs12 nodejs12: updated to 12.20.1
Indexes:

Home | Main Index | Thread Index | Old Index