diff options
| author | fhajny <fhajny@pkgsrc.org> | 2017-07-11 19:00:57 +0000 |
|---|---|---|
| committer | fhajny <fhajny@pkgsrc.org> | 2017-07-11 19:00:57 +0000 |
| commit | 4c013b39cc8889f15b4e100d8ebd1367e7ba7d96 (patch) | |
| tree | db58a4f82f5f0fbaeff055061837d46c6be044a7 /lang/nodejs | |
| parent | ddcaa15c8aa6782bc4493e793f011d3de2c5daae (diff) | |
| download | pkgsrc-4c013b39cc8889f15b4e100d8ebd1367e7ba7d96.tar.gz | |
Update lang/nodejs to 8.1.4.
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet
was crafted in a particular way. This patch checks that there is
enough data for the required elements of an NAPTR record (2 int16, 3
bytes for string lengths) before processing a record. (David Drysdale)
Diffstat (limited to 'lang/nodejs')
| -rw-r--r-- | lang/nodejs/Makefile | 4 | ||||
| -rw-r--r-- | lang/nodejs/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/lang/nodejs/Makefile b/lang/nodejs/Makefile index 23b969b2090..21f767469b9 100644 --- a/lang/nodejs/Makefile +++ b/lang/nodejs/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.102 2017/07/03 15:14:47 fhajny Exp $ +# $NetBSD: Makefile,v 1.103 2017/07/11 19:00:57 fhajny Exp $ -DISTNAME= node-v8.1.3 +DISTNAME= node-v8.1.4 CONFIGURE_ARGS+= --with-intl=system-icu diff --git a/lang/nodejs/distinfo b/lang/nodejs/distinfo index 304683634a2..09abc7657ec 100644 --- a/lang/nodejs/distinfo +++ b/lang/nodejs/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.99 2017/07/03 15:14:47 fhajny Exp $ +$NetBSD: distinfo,v 1.100 2017/07/11 19:00:57 fhajny Exp $ -SHA1 (node-v8.1.3.tar.gz) = 15037f01cde124d5fc35281bd333afb5ee2b2856 -RMD160 (node-v8.1.3.tar.gz) = 75c1a2060305adb7abf2657489474ba03e0aa8e9 -SHA512 (node-v8.1.3.tar.gz) = 794af59b8f285f49bfbaee963f561beccdaebee05f94335a33b35db1cc8b7b42ae7c2376a38433e7af15ffd77b0299c1c978510460e5680370a2ca3683d05641 -Size (node-v8.1.3.tar.gz) = 29944234 bytes +SHA1 (node-v8.1.4.tar.gz) = 13c3bd1e1a76dbaa46d754d4fbccdec5553cc2b0 +RMD160 (node-v8.1.4.tar.gz) = 57a6a05d3795ad677cbdd2941b18e72322a1a246 +SHA512 (node-v8.1.4.tar.gz) = da7f8b4deb3c6759c1eb881dc1971fe48ad7d86433580f837aff348bf59242e17ddbec0dc03fdf2bbbf2122a004ce0ee0331209c93e4359989324d82f91f04ab +Size (node-v8.1.4.tar.gz) = 29947969 bytes SHA1 (patch-common.gypi) = 5b3a50617358637a6f910de28bb5a14f037317a6 SHA1 (patch-deps_cares_cares.gyp) = 2235eb44bc984fa2e745fdf1786f1ae6de6ef80f SHA1 (patch-deps_npm_node__modules_node-gyp_gyp_pylib_gyp_generator_make.py) = 78d6ddd37ae30e869e0da666a78baad86a638c50 |