File: [cvs.NetBSD.org] / pkgsrc / lang / nodejs / Makefile (download)
Revision 1.78, Tue Oct 18 20:44:34 2016 UTC (7 years, 6 months ago) by fhajny
Branch: MAIN
Changes since 1.77: +2 -2
lines
Update lang/nodejs to 6.9.0.
- crypto: Don't automatically attempt to load an OpenSSL
configuration file, from the OPENSSL_CONF environment variable
or from the default location for the current platform. Always
triggering a configuration file load attempt may allow an attacker
to load compromised OpenSSL configuration into a Node.js process
if they are able to place a file in a default location.
- node: Introduce the process.release.lts property, set to "Boron".
This value is "Argon" for v4 LTS releases and undefined for all
other releases.
- V8: Backport fix for CVE-2016-5172, an arbitrary memory read.
- v8_inspector: Generate a UUID for each execution of the
inspector. This provides additional security to prevent
unauthorized clients from connecting to the Node.js process via
the v8_inspector port when running with --inspect.
|