CVS commit: pkgsrc/lang/nodejs8

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/nodejs8
From: "Filip Hajny" <fhajny%netbsd.org@localhost>
Date: Wed, 4 Apr 2018 10:37:44 +0000

Module Name:    pkgsrc
Committed By:   fhajny
Date:           Wed Apr  4 10:37:44 UTC 2018

Modified Files:
        pkgsrc/lang/nodejs8: Makefile distinfo

Log Message:
lang/nodejs8: Update to 8.11.1.

Fixes for the following CVEs are included in this release:

- CVE-2018-7158
- CVE-2018-7159
- CVE-2018-7160

Notable Changes

- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A
  malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP connections
  to localhost or to hosts on the local network, potentially to an open
  inspector port as a debugger, therefore gaining full code execution
  access. The inspector now only allows connections that have a browser
  Host value of localhost or localhost6.
- Fix for 'path' module regular expression denial of service
  (CVE-2018-7158): A regular expression used for parsing POSIX paths
  could be used to cause a denial of service if an attacker were able to
  have a specially crafted path string passed through one of the
  impacted 'path' module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159):
  The Node.js HTTP parser allowed for spaces inside Content-Length
  header values. Such values now lead to rejected connections in the
  same way as non-numeric values.
- Update root certificates: 5 additional root certificates have been
  added to the Node.js binary and 30 have been removed.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/nodejs8/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/nodejs8/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs8/Makefile
diff -u pkgsrc/lang/nodejs8/Makefile:1.7 pkgsrc/lang/nodejs8/Makefile:1.8
--- pkgsrc/lang/nodejs8/Makefile:1.7    Wed Mar  7 11:45:05 2018
+++ pkgsrc/lang/nodejs8/Makefile        Wed Apr  4 10:37:44 2018
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.7 2018/03/07 11:45:05 fhajny Exp $
+# $NetBSD: Makefile,v 1.8 2018/04/04 10:37:44 fhajny Exp $
 
-DISTNAME=      node-v8.10.0
+DISTNAME=      node-v8.11.1
 
 # Stated by the changelog as of 8.2.0
 GCC_REQD+=     4.9.4

Index: pkgsrc/lang/nodejs8/distinfo
diff -u pkgsrc/lang/nodejs8/distinfo:1.6 pkgsrc/lang/nodejs8/distinfo:1.7
--- pkgsrc/lang/nodejs8/distinfo:1.6    Wed Mar  7 11:45:05 2018
+++ pkgsrc/lang/nodejs8/distinfo        Wed Apr  4 10:37:44 2018
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.6 2018/03/07 11:45:05 fhajny Exp $
+$NetBSD: distinfo,v 1.7 2018/04/04 10:37:44 fhajny Exp $
 
-SHA1 (node-v8.10.0.tar.gz) = de39d8e411ad1677302f715efedb51867a52eee0
-RMD160 (node-v8.10.0.tar.gz) = 21142f22d66a732c80dc0b5ebf3e86331e807092
-SHA512 (node-v8.10.0.tar.gz) = 5478a8ad6ea83d431b7d8cd13b57dd148c2c90af838bc7d4e0ac732f94d0ad35c354c0992f774cf0b1ca72abc4b47d30bc9690f96bd6760fbc09431f6d2473ee
-Size (node-v8.10.0.tar.gz) = 31140371 bytes
+SHA1 (node-v8.11.1.tar.gz) = 9144b4545885af5c806f7f68d814ffa6a8ed97bd
+RMD160 (node-v8.11.1.tar.gz) = bbed69463aa4fb4bf8bf5d37d6878fdb23eff450
+SHA512 (node-v8.11.1.tar.gz) = 91ed0c6f3e4b3b7f914d96401754ade6a2e7dd7d820774336650a2e1854c0b3f6010d36a4236363caa0659656a1970f30717490a244d94c5acf6c4fdcf53d3d1
+Size (node-v8.11.1.tar.gz) = 31030225 bytes
 SHA1 (patch-common.gypi) = 5b3a50617358637a6f910de28bb5a14f037317a6
 SHA1 (patch-deps_cares_cares.gyp) = 2235eb44bc984fa2e745fdf1786f1ae6de6ef80f
 SHA1 (patch-deps_npm_node__modules_node-gyp_gyp_pylib_gyp_generator_make.py) = 78d6ddd37ae30e869e0da666a78baad86a638c50

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index