pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/lang/nodejs4



Module Name:    pkgsrc
Committed By:   fhajny
Date:           Tue Jul 11 19:16:46 UTC 2017

Modified Files:
        pkgsrc/lang/nodejs4: Makefile distinfo

Log Message:
Update lang/nodejs4 to 4.8.4.

- Disable V8 snapshots - The hashseed embedded in the snapshot is
  currently the same for all runs of the binary. This opens node up to
  collision attacks which could result in a Denial of Service. We have
  temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
  is used for parsing NAPTR responses, could be triggered to read memory
  outside of the given input buffer if the passed in DNS response packet
  was crafted in a particular way. This patch checks that there is
  enough data for the required elements of an NAPTR record (2 int16, 3
  bytes for string lengths) before processing a record.


To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 pkgsrc/lang/nodejs4/Makefile
cvs rdiff -u -r1.28 -r1.29 pkgsrc/lang/nodejs4/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs4/Makefile
diff -u pkgsrc/lang/nodejs4/Makefile:1.32 pkgsrc/lang/nodejs4/Makefile:1.33
--- pkgsrc/lang/nodejs4/Makefile:1.32   Wed May  3 11:43:39 2017
+++ pkgsrc/lang/nodejs4/Makefile        Tue Jul 11 19:16:46 2017
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.32 2017/05/03 11:43:39 fhajny Exp $
+# $NetBSD: Makefile,v 1.33 2017/07/11 19:16:46 fhajny Exp $
 
-DISTNAME=      node-v4.8.3
+DISTNAME=      node-v4.8.4
 
 .include "../../lang/nodejs/Makefile.common"
 .include "../../mk/bsd.pkg.mk"

Index: pkgsrc/lang/nodejs4/distinfo
diff -u pkgsrc/lang/nodejs4/distinfo:1.28 pkgsrc/lang/nodejs4/distinfo:1.29
--- pkgsrc/lang/nodejs4/distinfo:1.28   Wed May  3 11:43:39 2017
+++ pkgsrc/lang/nodejs4/distinfo        Tue Jul 11 19:16:46 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.28 2017/05/03 11:43:39 fhajny Exp $
+$NetBSD: distinfo,v 1.29 2017/07/11 19:16:46 fhajny Exp $
 
-SHA1 (node-v4.8.3.tar.gz) = bc170b03f8d9507a574ec334ac202b822ac3b938
-RMD160 (node-v4.8.3.tar.gz) = d960777f1623ed0fc2dcf14ddf5ca78613dba5be
-SHA512 (node-v4.8.3.tar.gz) = 4ab02672003ee00279ac99bbe041d8d26ee24f5e112f26bb14d9496e58cb2f1e4860033795e2599910442630f6dbcfdf1bfe6cfecc18751bc999c4df739790a6
-Size (node-v4.8.3.tar.gz) = 22771884 bytes
+SHA1 (node-v4.8.4.tar.gz) = f93917817c620c4314ba622a70af4c9565b11286
+RMD160 (node-v4.8.4.tar.gz) = 6ef96faf5f404d6f7d60b9db5d9491ac87fc9b68
+SHA512 (node-v4.8.4.tar.gz) = 6fd1fb7f3197db5b0469439cf2cf8b8ba7192bb9a4decd94f41134c424977dbe8304f812d2d73804d8d10f8bfa1c6e24c220d016b6cee7a4c7247ada4ed2392d
+Size (node-v4.8.4.tar.gz) = 22774599 bytes
 SHA1 (patch-common.gypi) = 5b3a50617358637a6f910de28bb5a14f037317a6
 SHA1 (patch-deps_cares_cares.gyp) = 2235eb44bc984fa2e745fdf1786f1ae6de6ef80f
 SHA1 (patch-deps_npm_node__modules_node-gyp_gyp_pylib_gyp_generator_make.py) = 78d6ddd37ae30e869e0da666a78baad86a638c50



Home | Main Index | Thread Index | Old Index