nodejs 9.10.1

- No code changes


nodejs 9.10.0

Fixes for the following CVEs are included in this release:

- CVE-2018-7158
- CVE-2018-7159
- CVE-2018-7160

Notable Changes

- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A
  malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP connections
  to localhost or to hosts on the local network, potentially to an open
  inspector port as a debugger, therefore gaining full code execution
  access. The inspector now only allows connections that have a browser
  Host value of localhost or localhost6.
- Fix for 'path' module regular expression denial of service
  (CVE-2018-7158): A regular expression used for parsing POSIX paths
  could be used to cause a denial of service if an attacker were able to
  have a specially crafted path string passed through one of the
  impacted 'path' module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159):
  The Node.js HTTP parser allowed for spaces inside Content-Length
  header values. Such values now lead to rejected connections in the
  same way as non-numeric values.
- Update root certificates: 5 additional root certificates have been
  added to the Node.js binary and 30 have been removed.
- cluster: Add support for NODE_OPTIONS="--inspect"
- crypto: Expose the public key of a certificate
- n-api: Add napi_fatal_exception to trigger an uncaughtException in
  JavaScript
- path: Fix regression in posix.normalize
- stream: Improve stream creation performance


nodejs 9.9.0

assert:
- From now on all error messages produced by assert in strict mode will
  produce a error diff.
- From now on it is possible to use a validation object in throws instead
  of the other possibilities.
crypto:
- allow passing null as IV unless required
fs:
- support as and as+ flags in stringToFlags()
tls:
- expose Finished messages in TLSSocket
tty:
- Add getColorDepth function to determine if terminal supports colors.
util:
- add util.inspect compact option

2 files changed, 7 insertions, 7 deletions

diff --git a/lang/nodejs/Makefile b/lang/nodejs/Makefile
index 5a29c1c3093..e0b9f4eb9da 100644
--- a/lang/nodejs/Makefile
+++ b/lang/nodejs/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.121 2018/03/13 16:22:00 fhajny Exp $
+# $NetBSD: Makefile,v 1.122 2018/04/04 10:41:15 fhajny Exp $
 
-DISTNAME=	node-v9.8.0
+DISTNAME=	node-v9.10.1
 
 # Stated by the changelog as of 8.2.0
 GCC_REQD+=	4.9.4
diff --git a/lang/nodejs/distinfo b/lang/nodejs/distinfo
index 51c758bdcd0..d53d57b1489 100644
--- a/lang/nodejs/distinfo
+++ b/lang/nodejs/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.117 2018/03/23 21:07:53 joerg Exp $
+$NetBSD: distinfo,v 1.118 2018/04/04 10:41:15 fhajny Exp $
 
-SHA1 (node-v9.8.0.tar.gz) = d9d30f6d255353f76ddc869e0d66c55a503afd2d
-RMD160 (node-v9.8.0.tar.gz) = 6ca4e9638643ca42c8877adb95d91760cd106994
-SHA512 (node-v9.8.0.tar.gz) = 8c56699a123c255d577c3a8a6d9c95a58342f050e66a1e6bbe5109cd630a7d78e686fa850f51c5b60a96ccfb4b16385b6c326ccbc61c6ad1ff226a8650cab87e
-Size (node-v9.8.0.tar.gz) = 31474422 bytes
+SHA1 (node-v9.10.1.tar.gz) = f0032621ed9ed6db75654ab237daa7153e12285f
+RMD160 (node-v9.10.1.tar.gz) = 204374868edd084ff92419ff7c94abc62f6f28ff
+SHA512 (node-v9.10.1.tar.gz) = cf2f6afc0e7b597bea426522dec79a53aa7668ca3e594a95ec33bc3dd042e410fde6dc1980cb1626497f64bdcaebaeac1a08ee66f19cb70694200b469e83de8e
+Size (node-v9.10.1.tar.gz) = 31411130 bytes
 SHA1 (patch-common.gypi) = 6c4f5c3f82270d5ebadce2ad3228a058634595cb
 SHA1 (patch-deps_cares_cares.gyp) = 2235eb44bc984fa2e745fdf1786f1ae6de6ef80f
 SHA1 (patch-deps_npm_node__modules_node-gyp_gyp_pylib_gyp_generator_make.py) = 78d6ddd37ae30e869e0da666a78baad86a638c50