CVS commit: pkgsrc/lang/nodejs4

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/nodejs4
From: "Filip Hajny" <fhajny%netbsd.org@localhost>
Date: Wed, 10 Feb 2016 11:14:36 +0000

Module Name:    pkgsrc
Committed By:   fhajny
Date:           Wed Feb 10 11:14:36 UTC 2016

Modified Files:
        pkgsrc/lang/nodejs4: Makefile distinfo

Log Message:
Update lang/nodejs4 to 4.3.0.

Note that this release includes a non-backward compatible change
to address a security issue. This change increases the version
of the LTS v4.x line to v4.3.0. There will be no further updates
to v4.2.x.

- http: fix defects in HTTP header parsing for requests and
  responses that can allow request smuggling (CVE-2016-2086)
  or response splitting (CVE-2016-2216). HTTP header parsing
  now aligns more closely with the HTTP spec including
  restricting the acceptable characters.
- http-parser: upgrade from 2.5.0 to 2.5.1
- openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against
  the Logjam attack, TLS clients now reject Diffie-Hellman
  handshakes with parameters shorter than 1024-bits, up from
  the previous limit of 768-bits.
- introduce new --security-revert={cvenum} command line flag
  for selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted
  using --security-revert=CVE-2016-2216


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/nodejs4/Makefile \
    pkgsrc/lang/nodejs4/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index