CVS commit: pkgsrc/lang/nodejs

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/nodejs
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Tue, 5 Jan 2021 08:31:04 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Tue Jan  5 08:31:04 UTC 2021

Modified Files:
        pkgsrc/lang/nodejs: Makefile distinfo

Log Message:
nodejs: updated to 14.15.4

Version 14.15.4 'Fermium' (LTS)

Notable Changes

Vulnerabilities fixed:

CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)

This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt

CVE-2020-8265: use-after-free in TLSWrap (High)

Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly 
allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited 
to corrupt memory leading to a Denial of Service or potentially other exploits.

CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)

Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores 
the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html).


To generate a diff of this commit:
cvs rdiff -u -r1.205 -r1.206 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.190 -r1.191 pkgsrc/lang/nodejs/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs/Makefile
diff -u pkgsrc/lang/nodejs/Makefile:1.205 pkgsrc/lang/nodejs/Makefile:1.206
--- pkgsrc/lang/nodejs/Makefile:1.205   Thu Dec 31 20:04:12 2020
+++ pkgsrc/lang/nodejs/Makefile Tue Jan  5 08:31:04 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.205 2020/12/31 20:04:12 nia Exp $
+# $NetBSD: Makefile,v 1.206 2021/01/05 08:31:04 adam Exp $
 
-DISTNAME=      node-v14.15.3
+DISTNAME=      node-v14.15.4
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++14

Index: pkgsrc/lang/nodejs/distinfo
diff -u pkgsrc/lang/nodejs/distinfo:1.190 pkgsrc/lang/nodejs/distinfo:1.191
--- pkgsrc/lang/nodejs/distinfo:1.190   Mon Dec 21 09:41:32 2020
+++ pkgsrc/lang/nodejs/distinfo Tue Jan  5 08:31:04 2021
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.190 2020/12/21 09:41:32 adam Exp $
+$NetBSD: distinfo,v 1.191 2021/01/05 08:31:04 adam Exp $
 
-SHA1 (node-v14.15.3.tar.xz) = 3976ed5e20f361566d340320c33f4c1ebbc29265
-RMD160 (node-v14.15.3.tar.xz) = dd5628d97e48fd9ee73b32525294a98b25128b37
-SHA512 (node-v14.15.3.tar.xz) = fda889445084af615d1c6d6e16cf99e48a9f309b37273382f2060cf34f4aa5b11d73b96a8c7f86afa12b6da553dcfa639c0c8ca693480534d1b00dbc8b4d741c
-Size (node-v14.15.3.tar.xz) = 33302128 bytes
+SHA1 (node-v14.15.4.tar.xz) = a63eca39a1323243b2fd4b0879870f3a40d08a8d
+RMD160 (node-v14.15.4.tar.xz) = 0ad20166cb8829e9bf79d84b54b9063ec00cd2fa
+SHA512 (node-v14.15.4.tar.xz) = 0d497a5d51de52412d09dd0fbcb936dbf0cba810f84d598be8f02c876d55f614e00c1ea0b25a00838e7b9f9c73a7882e3de0e9507d1c6ee45270a62d3438ab41
+Size (node-v14.15.4.tar.xz) = 33296076 bytes
 SHA1 (patch-common.gypi) = f0bd2962bf7c8466db24b35a35154897ecad6316
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3

Prev by Date: CVS commit: pkgsrc/lang/npm
Next by Date: CVS commit: pkgsrc/lang/nodejs12
Previous by Thread: CVS commit: pkgsrc/lang/npm
Next by Thread: CVS commit: pkgsrc/lang/nodejs12
Indexes:

Home | Main Index | Thread Index | Old Index