diff options
| author | fhajny <fhajny@pkgsrc.org> | 2018-04-04 10:35:55 +0000 |
|---|---|---|
| committer | fhajny <fhajny@pkgsrc.org> | 2018-04-04 10:35:55 +0000 |
| commit | a46c4e747d370c0ba1dcd3587080f8a65c092ad3 (patch) | |
| tree | 61dc73b680c8cf6f05c63e526c8496ff8ca8e691 | |
| parent | 4ccaeaf12e70d26f8f9fb1e7bf4673790d1a79ec (diff) | |
| download | pkgsrc-a46c4e747d370c0ba1dcd3587080f8a65c092ad3.tar.gz | |
lang/nodejs6: Update to 6.14.1.
Fixes for the following CVEs are included in this release:
- CVE-2018-7158
- CVE-2018-7159
- CVE-2018-7160
Notable Changes
- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A
malicious website could use a DNS rebinding attack to trick a web
browser to bypass same-origin-policy checks and allow HTTP connections
to localhost or to hosts on the local network, potentially to an open
inspector port as a debugger, therefore gaining full code execution
access. The inspector now only allows connections that have a browser
Host value of localhost or localhost6.
- Fix for 'path' module regular expression denial of service
(CVE-2018-7158): A regular expression used for parsing POSIX paths
could be used to cause a denial of service if an attacker were able to
have a specially crafted path string passed through one of the
impacted 'path' module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159):
The Node.js HTTP parser allowed for spaces inside Content-Length
header values. Such values now lead to rejected connections in the
same way as non-numeric values.
- Update root certificates: 5 additional root certificates have been
added to the Node.js binary and 30 have been removed.
| -rw-r--r-- | lang/nodejs6/Makefile | 4 | ||||
| -rw-r--r-- | lang/nodejs6/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/lang/nodejs6/Makefile b/lang/nodejs6/Makefile index 845881f2d60..5518bf17e3b 100644 --- a/lang/nodejs6/Makefile +++ b/lang/nodejs6/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.22 2018/03/07 11:45:48 fhajny Exp $ +# $NetBSD: Makefile,v 1.23 2018/04/04 10:35:55 fhajny Exp $ -DISTNAME= node-v6.13.1 +DISTNAME= node-v6.14.1 .include "../../lang/nodejs/Makefile.common" .include "../../mk/bsd.pkg.mk" diff --git a/lang/nodejs6/distinfo b/lang/nodejs6/distinfo index a92f4055e20..4bfd4bdfa37 100644 --- a/lang/nodejs6/distinfo +++ b/lang/nodejs6/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.21 2018/03/07 11:45:48 fhajny Exp $ +$NetBSD: distinfo,v 1.22 2018/04/04 10:35:55 fhajny Exp $ -SHA1 (node-v6.13.1.tar.gz) = ccaf59ae19003c5a445ceb05ac16c6df725a309d -RMD160 (node-v6.13.1.tar.gz) = ede4d17269bf0264c87215e9d80aaf85d6d96773 -SHA512 (node-v6.13.1.tar.gz) = 74129c3600b8873c6fd2ad6252ea9ccc73a2a3f961b3c8ed7e45b44e329aa3ea89e639c1881f57e9b498f7659166386729be8a24331348cdb15395658cb7c203 -Size (node-v6.13.1.tar.gz) = 27560377 bytes +SHA1 (node-v6.14.1.tar.gz) = 800d4876242ba4c730fdb52708112ad6189a097a +RMD160 (node-v6.14.1.tar.gz) = ee584aca256aa6784f6cb4f48826d88c02a894c6 +SHA512 (node-v6.14.1.tar.gz) = 271cb1e9ff362dfa7dbdc8d31a72353646689c8b42df86bfe1060f1f82f7ca1a039c2d6380dc8afcd5dbc98c0d2e362dfc6e91e8ab4719324df41b4b3ef243e2 +Size (node-v6.14.1.tar.gz) = 27449739 bytes SHA1 (patch-common.gypi) = 5b3a50617358637a6f910de28bb5a14f037317a6 SHA1 (patch-deps_cares_cares.gyp) = bae68a88473f9b7e0af1fbf65da033bc8f917225 SHA1 (patch-deps_npm_node__modules_node-gyp_gyp_pylib_gyp_generator_make.py) = 78d6ddd37ae30e869e0da666a78baad86a638c50 |