![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / lang / nodejs4
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.40, Wed May 2 16:26:38 2018 UTC (5 years, 11 months ago) by fhajny
Branch: MAIN
CVS Tags: HEAD
Changes since 1.39: +1 -1
lines
FILE REMOVED
lang/nodejs4: Remove nodejs 4.x that has reached end-of-life on 2018-04-30.
Revision 1.39 / (download) - annotate - [select for diffs], Sat Apr 14 07:34:29 2018 UTC (6 years ago) by adam
Branch: MAIN
Changes since 1.38: +2 -1
lines
Diff to previous 1.38 (colored)
revbump after icu update
Revision 1.38 / (download) - annotate - [select for diffs], Sat Dec 9 17:54:26 2017 UTC (6 years, 4 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4
Changes since 1.37: +2 -3
lines
Diff to previous 1.37 (colored)
Update lang/nodejs4 to 4.8.7. - deps: openssl updated to 1.0.2n
Revision 1.37 / (download) - annotate - [select for diffs], Thu Nov 30 16:45:28 2017 UTC (6 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.36: +2 -1
lines
Diff to previous 1.36 (colored)
Revbump after textproc/icu update
Revision 1.36 / (download) - annotate - [select for diffs], Wed Nov 8 18:46:37 2017 UTC (6 years, 5 months ago) by fhajny
Branch: MAIN
Changes since 1.35: +2 -2
lines
Diff to previous 1.35 (colored)
Update lang/nodejs4 to 4.8.6. crypto: - update root certificates deps: - add support for more modern versions of INTL - upgrade openssl sources to 1.0.2m
Revision 1.34.4.1 / (download) - annotate - [select for diffs], Tue Oct 31 18:52:44 2017 UTC (6 years, 5 months ago) by spz
Branch: pkgsrc-2017Q3
Changes since 1.34: +2 -3
lines
Diff to previous 1.34 (colored) next main 1.35 (colored)
Pullup ticket #5593 - requested by sevan
lang/nodejs4: security update
Revisions pulled up:
- lang/nodejs4/Makefile 1.35
- lang/nodejs4/distinfo 1.30
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: fhajny
Date: Wed Oct 25 13:56:01 UTC 2017
Modified Files:
pkgsrc/lang/nodejs4: Makefile distinfo
Log Message:
Update lang/nodejs4 to 4.8.5.
zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with
windowBits set to 8. On some versions this crashes Node and you cannot
recover from it, while on some versions it throws an exception.
Node.js will now gracefully set windowBits to 9 replicating the legacy
behavior to avoid a DOS vector.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 pkgsrc/lang/nodejs4/Makefile
cvs rdiff -u -r1.29 -r1.30 pkgsrc/lang/nodejs4/distinfo
Revision 1.35 / (download) - annotate - [select for diffs], Wed Oct 25 13:56:01 2017 UTC (6 years, 5 months ago) by fhajny
Branch: MAIN
Changes since 1.34: +2 -3
lines
Diff to previous 1.34 (colored)
Update lang/nodejs4 to 4.8.5. zlib: - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector.
Revision 1.34 / (download) - annotate - [select for diffs], Mon Sep 18 09:53:25 2017 UTC (6 years, 6 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base
Branch point for: pkgsrc-2017Q3
Changes since 1.33: +2 -1
lines
Diff to previous 1.33 (colored)
revbump for requiring ICU 59.x
Revision 1.33 / (download) - annotate - [select for diffs], Tue Jul 11 19:16:46 2017 UTC (6 years, 9 months ago) by fhajny
Branch: MAIN
Changes since 1.32: +2 -2
lines
Diff to previous 1.32 (colored)
Update lang/nodejs4 to 4.8.4. - Disable V8 snapshots - The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record.
Revision 1.32 / (download) - annotate - [select for diffs], Wed May 3 11:43:39 2017 UTC (6 years, 11 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.31: +2 -3
lines
Diff to previous 1.31 (colored)
Update lang/nodejs4 to 4.8.3. - module: The module loading global fallback to the Node executable's directory now works correctly on Windows. - src: fix base64 decoding in rare edgecase - tls: fix rare segmentation faults when using TLS
Revision 1.31 / (download) - annotate - [select for diffs], Sat Apr 22 21:03:40 2017 UTC (6 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.30: +2 -1
lines
Diff to previous 1.30 (colored)
Revbump after icu update
Revision 1.28.2.1 / (download) - annotate - [select for diffs], Sun Apr 16 14:09:47 2017 UTC (7 years ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored) next main 1.29 (colored)
Pullup ticket #5249 - requested by sevan
lang/nodejs4: bugfix
Revisions pulled up:
- lang/nodejs4/Makefile 1.30
- lang/nodejs4/distinfo 1.27
---
Module Name: pkgsrc
Committed By: fhajny
Date: Thu Apr 6 14:57:49 UTC 2017
Modified Files:
pkgsrc/lang/nodejs4: Makefile distinfo
Log Message:
Update lang/nodejs4 to 4.8.2.
- crypto: fix memory leak if certificate is revoked
- deps: upgrade zlib to 1.2.11
Revision 1.30 / (download) - annotate - [select for diffs], Thu Apr 6 14:57:49 2017 UTC (7 years ago) by fhajny
Branch: MAIN
Changes since 1.29: +2 -2
lines
Diff to previous 1.29 (colored)
Update lang/nodejs4 to 4.8.2. - crypto: fix memory leak if certificate is revoked - deps: upgrade zlib to 1.2.11
Revision 1.29 / (download) - annotate - [select for diffs], Thu Mar 30 16:40:11 2017 UTC (7 years ago) by fhajny
Branch: MAIN
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored)
Update lang/nodejs4 to 4.8.1. - buffer: The performance of .toJSON() is now up to 2859% faster on average. - IPC: Batched writes have been enabled for process IPC on platforms that support Unix Domain Sockets. - Performance gains may be up to 40% for some workloads. - http: Control characters are now always rejected when using http.request(). - node: Heap statistics now support values larger than 4GB.
Revision 1.28 / (download) - annotate - [select for diffs], Wed Feb 22 11:41:26 2017 UTC (7 years, 1 month ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.27: +2 -2
lines
Diff to previous 1.27 (colored)
Update lang/nodejs4 to 4.8.0. Notable Changes - child_process: add shell option to spawn() - deps: - v8: expose statistics about heap spaces - crypto: - add ALPN Support - allow adding extra certs to well-known CAs - fs: add the fs.mkdtemp() function. - process: - add externalMemory to process - add process.cpuUsage()
Revision 1.27 / (download) - annotate - [select for diffs], Mon Feb 13 14:18:20 2017 UTC (7 years, 2 months ago) by fhajny
Branch: MAIN
Changes since 1.26: +2 -2
lines
Diff to previous 1.26 (colored)
Update lang/nodejs4 to 4.7.3. Notable Changes - deps: upgrade openssl sources to 1.0.2k
Revision 1.26 / (download) - annotate - [select for diffs], Fri Jan 6 09:59:25 2017 UTC (7 years, 3 months ago) by fhajny
Branch: MAIN
Changes since 1.25: +2 -2
lines
Diff to previous 1.25 (colored)
Update lang/nodejs4 to 4.7.2. This is a special release that contains 0 commits. While promoting additional platforms for v4.7.1 after the release, the tarballs on the release server were overwritten and now have different shasums. In order to remove any ambiguity around the release we have opted to do a semver patch release with no changes.
Revision 1.25 / (download) - annotate - [select for diffs], Wed Jan 4 13:09:23 2017 UTC (7 years, 3 months ago) by fhajny
Branch: MAIN
Changes since 1.24: +2 -2
lines
Diff to previous 1.24 (colored)
Update lang/nodejs4 to 4.7.1. Notable Changes - build: shared library support is now working for AIX builds - repl: Passing options to the repl will no longer overwrite defaults - timers: Re canceling a cancelled timers will no longer throw
Revision 1.24 / (download) - annotate - [select for diffs], Thu Dec 8 23:00:17 2016 UTC (7 years, 4 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Changes since 1.23: +2 -3
lines
Diff to previous 1.23 (colored)
Update lang/nodejs4 to 4.7.0 The SEMVER-MINOR changes include: - build: export openssl symbols on Windows making it possible to build addons linking against the bundled version of openssl - debugger: make listen address configurable in the debugger server - dgram: generalized send queue to handle close fixing a potential throw when dgram socket is closed in the listening event handler. - http: Introduce the 451 status code "Unavailable For Legal Reasons" - tls: introduce secureContext for tls.connect which is useful for caching client certificates, key, and CA certificates. Notable SEMVER-PATCH changes include: build: - introduce the configure --shared option for embedders - gtest: the test reporter now outputs tap comments as yamlish - src: node no longer aborts when c-ares initialization fails - tls: fix memory leak when writing data to TLSWrap instance during handshake
Revision 1.23 / (download) - annotate - [select for diffs], Sun Dec 4 05:17:31 2016 UTC (7 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.22: +2 -1
lines
Diff to previous 1.22 (colored)
Recursive revbump from textproc/icu 58.1
Revision 1.22 / (download) - annotate - [select for diffs], Wed Nov 9 13:26:40 2016 UTC (7 years, 5 months ago) by fhajny
Branch: MAIN
Changes since 1.21: +2 -2
lines
Diff to previous 1.21 (colored)
Update lang/nodejs4 to 4.6.2. - build: It is now possible to build the documentation from the release tarball - buffer: Buffer.alloc() will no longer incorrectly return a zero filled buffer when an encoding is passed - deps: upgrade npm in LTS to 2.15.11 - repl: Enable tab completion for global properties - url: url.format() will now encode all # in search
Revision 1.21 / (download) - annotate - [select for diffs], Tue Oct 18 20:37:55 2016 UTC (7 years, 5 months ago) by fhajny
Branch: MAIN
Changes since 1.20: +2 -2
lines
Diff to previous 1.20 (colored)
Update lang/nodejs4 to 4.6.1. - c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at https://c-ares.haxx.se/adv_20160929.html
Revision 1.20 / (download) - annotate - [select for diffs], Wed Sep 28 11:09:47 2016 UTC (7 years, 6 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base,
pkgsrc-2016Q3
Changes since 1.19: +2 -2
lines
Diff to previous 1.19 (colored)
Update lang/nodejs4 to 4.6.0. - openssl: Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. - http: CVE-2016-5325 - Properly validate for allowable characters in the reason argument in ServerResponse#writeHead(). - buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat() while providing a totalLength parameter that exceeds the total length of the original Buffer objects being concatenated. - tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of *. in the wildcard string.
Revision 1.19 / (download) - annotate - [select for diffs], Fri Aug 19 13:14:37 2016 UTC (7 years, 7 months ago) by fhajny
Branch: MAIN
Changes since 1.18: +2 -2
lines
Diff to previous 1.18 (colored)
Update lang/nodejs4 to 4.5.0. Semver Minor: buffer: - backport new buffer constructor APIs to v4.x - backport --zero-fill-buffers cli option build: - add Intel Vtune profiling support repl: - copying tabs shouldn't trigger completion src: - add node::FreeEnvironment public API test: - run v8 tests from node tree V8: - Add post mortem data to improve object inspection and function's context variables inspection Semver Patch: buffer: - ignore negative allocation lengths crypto: - update root certificates libuv: - upgrade libuv to 1.9.1 - upgrade libuv to 1.9.0 npm: - upgrade to 2.15.9
Revision 1.18 / (download) - annotate - [select for diffs], Fri Jul 1 15:41:28 2016 UTC (7 years, 9 months ago) by fhajny
Branch: MAIN
Changes since 1.17: +2 -2
lines
Diff to previous 1.17 (colored)
Update lang/nodejs4 to 4.4.7.
Notable Changes
- debugger:
* All properties of an array (aside from length) can now be printed
in the repl
- npm:
* Upgrade npm to 2.15.8
- stream:
* Fix for a bug that became more prevalent with the stream changes
that landed in v4.4.5.
- V8:
* Fix for a bug in crankshaft that was causing crashes on arm64
* Add missing classes to postmortem info such as JSMap and JSSet
Revision 1.17 / (download) - annotate - [select for diffs], Fri Jun 24 16:12:01 2016 UTC (7 years, 9 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.16: +2 -3
lines
Diff to previous 1.16 (colored)
Update lang/nodejs4 to 4.4.6. This release is specifically related to a Buffer overflow vulnerability discovered in v8, see CVE-2016-1669
Revision 1.16 / (download) - annotate - [select for diffs], Thu Jun 2 09:57:32 2016 UTC (7 years, 10 months ago) by fhajny
Branch: MAIN
Changes since 1.15: +2 -1
lines
Diff to previous 1.15 (colored)
Remove the nodejs icu option and make nodejs use a system ICU package by default. Expand existing patch to fix NetBSD 6 build. Fixes PR pkg/51172. Bump PKGREVISION for lang/nodejs and lang/nodejs4.
Revision 1.15 / (download) - annotate - [select for diffs], Tue May 24 19:43:30 2016 UTC (7 years, 10 months ago) by fhajny
Branch: MAIN
Changes since 1.14: +2 -2
lines
Diff to previous 1.14 (colored)
Update lang/nodejs4 to 4.4.5. buffer: - Buffer no longer errors if you call lastIndexOf with a search term longer than the buffer contextify: - Context objects are now properly garbage collected, this solves a problem some individuals were experiencing with extreme memory growth deps: - update npm to 2.15.5 http: - Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999
Revision 1.14 / (download) - annotate - [select for diffs], Fri May 6 09:33:56 2016 UTC (7 years, 11 months ago) by fhajny
Branch: MAIN
Changes since 1.13: +2 -2
lines
Diff to previous 1.13 (colored)
Update lang/nodejs4 to 4.4.4. - update openssl to 1.0.2h. (n/a with dynamic OpenSSL)
Revision 1.13 / (download) - annotate - [select for diffs], Wed Apr 13 11:55:31 2016 UTC (8 years ago) by fhajny
Branch: MAIN
Changes since 1.12: +2 -3
lines
Diff to previous 1.12 (colored)
Update lang/nodejs4 to 4.4.3. - deps: Fix --gdbjit for embedders. Backported from v8 upstream. - etw: Correctly display descriptors for ETW events 9 and 23 on the windows platform. - querystring: Restore throw when attempting to stringify bad surrogate pair.
Revision 1.12 / (download) - annotate - [select for diffs], Mon Apr 11 19:01:54 2016 UTC (8 years ago) by ryoon
Branch: MAIN
Changes since 1.11: +2 -1
lines
Diff to previous 1.11 (colored)
Recursive revbump from textproc/icu 57.1
Revision 1.11 / (download) - annotate - [select for diffs], Fri Apr 1 08:24:34 2016 UTC (8 years ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
Update lang/nodejs4 to 4.4.2 4.4.2 * https: Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. * lib: The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this. * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. * repl: Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. 4.4.1 * build: - Updated Logos for the OSX + Windows installers - New option to select your VS Version in the Windows installer - Support Visual C++ Build Tools 2015 * tools: Gyp now works on OSX without XCode
Revision 1.10 / (download) - annotate - [select for diffs], Wed Mar 9 20:18:38 2016 UTC (8 years, 1 month ago) by fhajny
Branch: MAIN
Changes since 1.9: +2 -3
lines
Diff to previous 1.9 (colored)
Update lang/nodejs to 4.4.0. Clean stale bits from options.mk. Notable changes - deps: An update to v8 that introduces a new flag --perf_basic_prof_only_functions - http: A new feature in http(s) agent that catches errors on keep alived connections - src: Better support for Big-Endian systems - tls: A new feature that allows you to pass common SSL options to tls.createSecurePair - tools: a new flag --prof-process which will execute the tick processor on the provided isolate files - build: Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in c:/Program Files - https: A potential fix for #3692 HTTP/HTTPS client requests throwing EPROTO - installer: More readable profiling information from isolate tick logs - npm: upgrade to npm 2.14.20 - process: Add support for symbols in event emitters. Symbols didn't exist when it was written - querystring: querystring.parse() is now 13-22% faster! - streams: performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! - tools: eslint has been updated to version 2.1.0
Revision 1.9 / (download) - annotate - [select for diffs], Sat Mar 5 11:28:43 2016 UTC (8 years, 1 month ago) by jperkin
Branch: MAIN
Changes since 1.8: +2 -1
lines
Diff to previous 1.8 (colored)
Bump PKGREVISION for security/openssl ABI bump.
Revision 1.8 / (download) - annotate - [select for diffs], Thu Mar 3 11:58:18 2016 UTC (8 years, 1 month ago) by fhajny
Branch: MAIN
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
Update lang/nodejs4 to 4.3.2. Irrelevant to (dynamically linked) lang/nodejs4: * openssl: Upgrade from 1.0.2f to 1.0.2g
Revision 1.7 / (download) - annotate - [select for diffs], Wed Feb 17 11:24:47 2016 UTC (8 years, 2 months ago) by fhajny
Branch: MAIN
Changes since 1.6: +2 -2
lines
Diff to previous 1.6 (colored)
Update lang/nodejs4 to 4.3.1. buffer - make byteLength work with Buffer correctly (Jackson Tian) debugger - guard against call from non-node context (Ben Noordhuis) - do not incept debug context (Myles Borins) deps - update to http-parser 2.5.2 (James Snell)
Revision 1.6 / (download) - annotate - [select for diffs], Wed Feb 10 11:14:36 2016 UTC (8 years, 2 months ago) by fhajny
Branch: MAIN
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored)
Update lang/nodejs4 to 4.3.0.
Note that this release includes a non-backward compatible change
to address a security issue. This change increases the version
of the LTS v4.x line to v4.3.0. There will be no further updates
to v4.2.x.
- http: fix defects in HTTP header parsing for requests and
responses that can allow request smuggling (CVE-2016-2086)
or response splitting (CVE-2016-2216). HTTP header parsing
now aligns more closely with the HTTP spec including
restricting the acceptable characters.
- http-parser: upgrade from 2.5.0 to 2.5.1
- openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against
the Logjam attack, TLS clients now reject Diffie-Hellman
handshakes with parameters shorter than 1024-bits, up from
the previous limit of 768-bits.
- introduce new --security-revert={cvenum} command line flag
for selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted
using --security-revert=CVE-2016-2216
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jan 26 14:39:01 2016 UTC (8 years, 2 months ago) by fhajny
Branch: MAIN
Changes since 1.4: +2 -2
lines
Diff to previous 1.4 (colored)
Update lang/nodejs4 to 4.2.6. - Fix regression in debugger and profiler functionality
Revision 1.4 / (download) - annotate - [select for diffs], Thu Jan 21 11:43:44 2016 UTC (8 years, 2 months ago) by fhajny
Branch: MAIN
Changes since 1.3: +2 -2
lines
Diff to previous 1.3 (colored)
Update lang/nodejs4 to 4.2.5. * assert - accommodate ES6 classes that extend Error (Rich Trott) #4166 * build - add "--partly-static" build options (Super Zheng) #4152 * deps - backport 066747e from upstream V8 (Ali Ijaz Sheikh) #4655 - backport 200315c from V8 upstream (Vladimir Kurchatkin) #4128 - upgrade libuv to 1.8.0 (Saúl Ibarra Corretgé) * docs - various updates landed in 70 different commits! * repl - attach location info to syntax errors (cjihrig) #4013 - display error message when loading directory (Prince J Wesley) #4170 * tests - various updates landed in over 50 commits * tools - add tap output to cpplint (Johan Bergstrom) #3448 * util - allow lookup of hidden values (cjihrig) #3988
Revision 1.3 / (download) - annotate - [select for diffs], Tue Dec 29 20:33:47 2015 UTC (8 years, 3 months ago) by fhajny
Branch: MAIN
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
Update lang/nodejs4 to 4.2.4. - Roughly 78% of the commits are documentation and test improvements - domains: ** Fix handling of uncaught exceptions (Julien Gilli) #3884 - deps: ** Upgrade to npm 2.14.12 (Kat Marchan) #4110 ** Backport 819b40a from V8 upstream (Michael Zasso) #3938 ** Updated node LICENSE file with new npm license (Kat Marchan) #4110
Revision 1.2 / (download) - annotate - [select for diffs], Fri Dec 4 12:18:36 2015 UTC (8 years, 4 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored)
Update nodejs4 to 4.2.3 and nodejs to 5.1.1.
Notable changes
- http: Fix a bug where an HTTP socket may no longer have a socket
but a pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
- openssl: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack is considered feasible against a Node.js TLS server
using DHE key exchange. Details are available at
http://openssl.org/news/secadv/20151203.txt.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers; TLS
clients are also impacted. Details are available at
http://openssl.org/news/secadv/20151203.txt. (Shigeki Ohtsu) #4134
- v8: Backport fixes for a bug in JSON.stringify() that can result in
out-of-bounds reads for arrays. (Ben Noordhuis)
Revision 1.1 / (download) - annotate - [select for diffs], Mon Nov 9 20:21:51 2015 UTC (8 years, 5 months ago) by fhajny
Branch: MAIN
Import nodejs 4.2.2 as lang/nodejs4, based on the last 4.x update in lang/nodejs. This package holds the current 4.x LTS release. For more on node.js LTS support, see here: https://nodejs.org/en/blog/community/node-v5/