pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/nodejs nodejs: updated to 14.15.4
details: https://anonhg.NetBSD.org/pkgsrc/rev/419056eb04aa
branches: trunk
changeset: 444335:419056eb04aa
user: adam <adam%pkgsrc.org@localhost>
date: Tue Jan 05 08:31:04 2021 +0000
description:
nodejs: updated to 14.15.4
Version 14.15.4 'Fermium' (LTS)
Notable Changes
Vulnerabilities fixed:
CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt
CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited
to corrupt memory leading to a Denial of Service or potentially other exploits.
CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)
Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html).
diffstat:
lang/nodejs/Makefile | 4 ++--
lang/nodejs/distinfo | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (30 lines):
diff -r 0ae51b77be87 -r 419056eb04aa lang/nodejs/Makefile
--- a/lang/nodejs/Makefile Tue Jan 05 08:29:28 2021 +0000
+++ b/lang/nodejs/Makefile Tue Jan 05 08:31:04 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.205 2020/12/31 20:04:12 nia Exp $
+# $NetBSD: Makefile,v 1.206 2021/01/05 08:31:04 adam Exp $
-DISTNAME= node-v14.15.3
+DISTNAME= node-v14.15.4
EXTRACT_SUFX= .tar.xz
USE_LANGUAGES= c gnu++14
diff -r 0ae51b77be87 -r 419056eb04aa lang/nodejs/distinfo
--- a/lang/nodejs/distinfo Tue Jan 05 08:29:28 2021 +0000
+++ b/lang/nodejs/distinfo Tue Jan 05 08:31:04 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.190 2020/12/21 09:41:32 adam Exp $
+$NetBSD: distinfo,v 1.191 2021/01/05 08:31:04 adam Exp $
-SHA1 (node-v14.15.3.tar.xz) = 3976ed5e20f361566d340320c33f4c1ebbc29265
-RMD160 (node-v14.15.3.tar.xz) = dd5628d97e48fd9ee73b32525294a98b25128b37
-SHA512 (node-v14.15.3.tar.xz) = fda889445084af615d1c6d6e16cf99e48a9f309b37273382f2060cf34f4aa5b11d73b96a8c7f86afa12b6da553dcfa639c0c8ca693480534d1b00dbc8b4d741c
-Size (node-v14.15.3.tar.xz) = 33302128 bytes
+SHA1 (node-v14.15.4.tar.xz) = a63eca39a1323243b2fd4b0879870f3a40d08a8d
+RMD160 (node-v14.15.4.tar.xz) = 0ad20166cb8829e9bf79d84b54b9063ec00cd2fa
+SHA512 (node-v14.15.4.tar.xz) = 0d497a5d51de52412d09dd0fbcb936dbf0cba810f84d598be8f02c876d55f614e00c1ea0b25a00838e7b9f9c73a7882e3de0e9507d1c6ee45270a62d3438ab41
+Size (node-v14.15.4.tar.xz) = 33296076 bytes
SHA1 (patch-common.gypi) = f0bd2962bf7c8466db24b35a35154897ecad6316
SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3
Home |
Main Index |
Thread Index |
Old Index