The NetBSD Project

CVS log for pkgsrc/lang/nodejs6/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / lang / nodejs6

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.26 / (download) - annotate - [select for diffs], Thu Aug 16 13:40:26 2018 UTC (8 months, 1 week ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, HEAD
Changes since 1.25: +5 -5 lines
Diff to previous 1.25 (colored)

lang/nodejs6: Update to 6.14.4.

- buffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2
  encoding (CVE-2018-12115)

Revision 1.25 / (download) - annotate - [select for diffs], Thu Jun 14 10:52:32 2018 UTC (10 months, 1 week ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.24: +5 -5 lines
Diff to previous 1.24 (colored)

lang/nodejs6: Update to 6.14.3.

- buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where
  calling Buffer.fill() could hang

Revision 1.24 / (download) - annotate - [select for diffs], Thu May 3 10:29:16 2018 UTC (11 months, 3 weeks ago) by fhajny
Branch: MAIN
Changes since 1.23: +5 -5 lines
Diff to previous 1.23 (colored)

lang/nodejs6: Update to 6.14.2.

- n-api has been backported to v6.x. It is being landed as an
  experimental interface, and as such is landing in
  a Semver-Patch release.

Revision 1.23 / (download) - annotate - [select for diffs], Wed May 2 16:33:02 2018 UTC (11 months, 3 weeks ago) by fhajny
Branch: MAIN
Changes since 1.22: +1 -2 lines
Diff to previous 1.22 (colored)

lang/nodejs*: Remove the npm package manager from nodejs packages. Introduce nodeversion.mk framework to pick and depend on one of the supported nodejs version packages. Bump respective PKGREVISIONs.

Revision 1.22 / (download) - annotate - [select for diffs], Wed Apr 4 10:35:55 2018 UTC (12 months, 2 weeks ago) by fhajny
Branch: MAIN
Changes since 1.21: +5 -5 lines
Diff to previous 1.21 (colored)

lang/nodejs6: Update to 6.14.1.

Fixes for the following CVEs are included in this release:

- CVE-2018-7158
- CVE-2018-7159
- CVE-2018-7160

Notable Changes

- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A
  malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP connections
  to localhost or to hosts on the local network, potentially to an open
  inspector port as a debugger, therefore gaining full code execution
  access. The inspector now only allows connections that have a browser
  Host value of localhost or localhost6.
- Fix for 'path' module regular expression denial of service
  (CVE-2018-7158): A regular expression used for parsing POSIX paths
  could be used to cause a denial of service if an attacker were able to
  have a specially crafted path string passed through one of the
  impacted 'path' module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159):
  The Node.js HTTP parser allowed for spaces inside Content-Length
  header values. Such values now lead to rejected connections in the
  same way as non-numeric values.
- Update root certificates: 5 additional root certificates have been
  added to the Node.js binary and 30 have been removed.

Revision 1.21 / (download) - annotate - [select for diffs], Wed Mar 7 11:45:48 2018 UTC (13 months, 2 weeks ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.20: +5 -5 lines
Diff to previous 1.20 (colored)

lang/nodejs6: Update to 6.13.1.

http, tls:
- better support for IPv6 addresses

Revision 1.20 / (download) - annotate - [select for diffs], Fri Feb 16 11:53:54 2018 UTC (14 months ago) by fhajny
Branch: MAIN
Changes since 1.19: +5 -5 lines
Diff to previous 1.19 (colored)

lang/nodejs6: Update to 6.13.0.

- console:
  - added console.count() and console.clear()
- crypto:
  - expose ECDH class
  - added cypto.randomFill() and crypto.randomFillSync()
  - warn on invalid authentication tag length
- deps:
  - upgrade libuv to 1.16.1
- dgram:
  - added socket.setMulticastInterface()
- http:
  - add agent.keepSocketAlive and agent.reuseSocket as to allow
    overridable keep-alive behavior of `Agent`
- lib:
  - return this from net.Socket.end()
- module:
  - add builtinModules api that provides list of all builtin modules
    in Node
- net:
  - return this from getConnections()
- promises:
  - more robust stringification for unhandled rejections
- repl:
  - improve require() autocompletion
- src:
  - add openssl-system-ca-path configure option
  - add --use-bundled-ca --use-openssl-ca check
  - add process.ppid
- tls:
  - accept `lookup` option for `tls.connect()`
- tools, build:
  - a new macOS installer!
- url:
  - WHATWG URL api support
- util:
  - add %i and %f formatting specifiers

Revision 1.19 / (download) - annotate - [select for diffs], Sat Dec 9 17:55:03 2017 UTC (16 months, 2 weeks ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4
Changes since 1.18: +5 -5 lines
Diff to previous 1.18 (colored)

Update lang/nodejs6 to 6.12.2.

- deps: openssl updated to 1.0.2n

Revision 1.18 / (download) - annotate - [select for diffs], Thu Dec 7 22:09:46 2017 UTC (16 months, 2 weeks ago) by fhajny
Branch: MAIN
Changes since 1.17: +5 -5 lines
Diff to previous 1.17 (colored)

Update lang/nodejs6 to 6.12.1.

- build: fix npm install with --shared
- build: building with python 3 is now supported
- src: v8 options can be specified with either '_' or '-' in NODE_OPTIONS

Revision 1.17 / (download) - annotate - [select for diffs], Wed Nov 8 18:31:15 2017 UTC (17 months, 2 weeks ago) by fhajny
Branch: MAIN
Changes since 1.16: +7 -7 lines
Diff to previous 1.16 (colored)

Update lang/nodejs6 to 6.12.0.

assert:
- assert.fail() can now take one or two arguments

crypto:
- add sign/verify support for RSASSA-PSS

deps:
- upgrade openssl sources to 1.0.2m
- upgrade libuv to 1.15.0

fs:
- Add support for fs.write/fs.writeSync(fd, buffer, cb) and
  fs.write/fs.writeSync(fd, buffer, offset, cb) as documented

inspector:
- enable --inspect-brk

process:
- add --redirect-warnings command line argument

src:
- allow CLI args in env with NODE_OPTIONS
- --abort-on-uncaught-exception in NODE_OPTIONS
- allow --tls-cipher-list in NODE_OPTIONS
- use SafeGetenv() for NODE_REDIRECT_WARNINGS

test:
- remove common.fail()

Revision 1.14.4.1 / (download) - annotate - [select for diffs], Wed Nov 1 19:35:16 2017 UTC (17 months, 3 weeks ago) by spz
Branch: pkgsrc-2017Q3
Changes since 1.14: +7 -6 lines
Diff to previous 1.14 (colored) next main 1.15 (colored)

Pullup ticket #5590 - requested by sevan
lang/nodejs6: security update

Revisions pulled up:
- lang/nodejs6/Makefile                                         1.16-1.17
- lang/nodejs6/distinfo                                         1.15-1.16
- lang/nodejs6/patches/patch-deps_cares_cares.gyp               1.2-1.3
- lang/nodejs6/patches/patch-deps_uv_uv.gyp                     1.1-1.2

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Wed Oct  4 16:20:58 UTC 2017

   Modified Files:
           pkgsrc/lang/nodejs6: Makefile distinfo
           pkgsrc/lang/nodejs6/patches: patch-deps_cares_cares.gyp
   Added Files:
           pkgsrc/lang/nodejs6/patches: patch-deps_uv_uv.gyp

   Log Message:
   Update lang/nodejs6 to 6.11.4.

   - net: support passing undefined to listen() to match behavior
     in v4.x and v8.x


   To generate a diff of this commit:
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/lang/nodejs6/Makefile
   cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/nodejs6/distinfo
   cvs rdiff -u -r1.1 -r1.2 \
       pkgsrc/lang/nodejs6/patches/patch-deps_cares_cares.gyp
   cvs rdiff -u -r0 -r1.1 pkgsrc/lang/nodejs6/patches/patch-deps_uv_uv.gyp

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Wed Oct 25 13:45:18 UTC 2017

   Modified Files:
           pkgsrc/lang/nodejs6: Makefile distinfo
           pkgsrc/lang/nodejs6/patches: patch-deps_cares_cares.gyp
               patch-deps_uv_uv.gyp

   Log Message:
   Update lang/nodejs6 to 6.11.5.

   zlib:
   - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
     error to be raised when a raw deflate stream is initialized with
     windowBits set to 8. On some versions this crashes Node and you cannot
     recover from it, while on some versions it throws an exception.
     Node.js will now gracefully set windowBits to 9 replicating the legacy
     behavior to avoid a DOS vector.


   To generate a diff of this commit:
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/nodejs6/Makefile
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/lang/nodejs6/distinfo
   cvs rdiff -u -r1.2 -r1.3 \
       pkgsrc/lang/nodejs6/patches/patch-deps_cares_cares.gyp
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/nodejs6/patches/patch-deps_uv_uv.gyp

Revision 1.16 / (download) - annotate - [select for diffs], Wed Oct 25 13:45:18 2017 UTC (17 months, 4 weeks ago) by fhajny
Branch: MAIN
Changes since 1.15: +7 -7 lines
Diff to previous 1.15 (colored)

Update lang/nodejs6 to 6.11.5.

zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
  error to be raised when a raw deflate stream is initialized with
  windowBits set to 8. On some versions this crashes Node and you cannot
  recover from it, while on some versions it throws an exception.
  Node.js will now gracefully set windowBits to 9 replicating the legacy
  behavior to avoid a DOS vector.

Revision 1.15 / (download) - annotate - [select for diffs], Wed Oct 4 16:20:58 2017 UTC (18 months, 2 weeks ago) by fhajny
Branch: MAIN
Changes since 1.14: +7 -6 lines
Diff to previous 1.14 (colored)

Update lang/nodejs6 to 6.11.4.

- net: support passing undefined to listen() to match behavior
  in v4.x and v8.x

Revision 1.14 / (download) - annotate - [select for diffs], Wed Sep 6 11:59:37 2017 UTC (19 months, 2 weeks ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-
Branch point for: pkgsrc-2017Q3
Changes since 1.13: +5 -5 lines
Diff to previous 1.13 (colored)

Update lang/nodejs6 to 6.11.3

- build: Codesigning is fixed on macOS
- deps: Snapshots are turned back on!!!
- path: win32 volume-relative paths are working again!
- tools: v6.x can now build with ICU 59

Revision 1.13 / (download) - annotate - [select for diffs], Wed Aug 2 16:05:20 2017 UTC (20 months, 3 weeks ago) by fhajny
Branch: MAIN
Changes since 1.12: +5 -5 lines
Diff to previous 1.12 (colored)

Update lang/nodejs6 to 6.11.2.

### Notable Changes

- configure:
  - add mips64el to valid_arch
- crypto:
  - Updated root certificates based on NSS 3.30
- deps:
  - upgrade OpenSSL to version 1.0.2.l
- http:
  - parse errors are now reported when NODE_DEBUG=http
  - Agent construction can now be envoked without `new`
- zlib:
  - node will now throw an Error when zlib rejects the value of
    windowBits, instead of crashing

Revision 1.12 / (download) - annotate - [select for diffs], Tue Jul 11 19:10:32 2017 UTC (21 months, 1 week ago) by fhajny
Branch: MAIN
Changes since 1.11: +5 -5 lines
Diff to previous 1.11 (colored)

Update lang/nodejs6 to 6.11.1.

- Disable V8 snapshots - The hashseed embedded in the snapshot is
  currently the same for all runs of the binary. This opens node up to
  collision attacks which could result in a Denial of Service. We have
  temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
  is used for parsing NAPTR responses, could be triggered to read memory
  outside of the given input buffer if the passed in DNS response packet
  was crafted in a particular way. This patch checks that there is
  enough data for the required elements of an NAPTR record (2 int16, 3
  bytes for string lengths) before processing a record.

Revision 1.11 / (download) - annotate - [select for diffs], Wed Jun 7 11:09:44 2017 UTC (22 months, 2 weeks ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.10: +5 -5 lines
Diff to previous 1.10 (colored)

Update lang/nodejs6 to 6.11.0

Notable Changes

build:
- support for building mips64el
cluster:
- disconnect() now returns a reference to the disconnected worker.
crypto:
- ability to select cert store at runtime
- Use system CAs instead of using bundled ones
- The Decipher methods setAuthTag() and setAAD now return this.
- adding support for OPENSSL_CONF again
- make LazyTransform compabile with Streams1
deps:
- upgrade libuv to 1.11.0
dns:
- Implemented {ttl: true} for resolve4() and resolve6().
process:
- add NODE_NO_WARNINGS environment variable
readline:
- add option to stop duplicates in history
src:
- support "--" after "-e" as end-of-options
tls:
- new tls.TLSSocket() supports sec ctx options
- Allow obvious key/passphrase combinations.

Revision 1.10 / (download) - annotate - [select for diffs], Wed May 3 11:03:43 2017 UTC (23 months, 3 weeks ago) by fhajny
Branch: MAIN
Changes since 1.9: +6 -6 lines
Diff to previous 1.9 (colored)

Update lang/nodejs6 to 6.10.3

- module: The module loading global fallback to the Node executable's
  directory now works correctly on Windows.
- src: fix base64 decoding in rare edgecase
- tls: fix rare segmentation faults when using TLS

Revision 1.7.2.1 / (download) - annotate - [select for diffs], Sun Apr 16 14:09:39 2017 UTC (2 years ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.7: +5 -5 lines
Diff to previous 1.7 (colored) next main 1.8 (colored)

Pullup ticket #5248 - requested by sevan
lang/nodejs6: bugfix

Revisions pulled up:
- lang/nodejs6/Makefile                                         1.9
- lang/nodejs6/distinfo                                         1.9

---
   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Thu Apr  6 14:59:22 UTC 2017

   Modified Files:
           pkgsrc/lang/nodejs6: Makefile distinfo

   Log Message:
   Update lang/nodejs6 to 6.10.2.

   - crypto: fix memory leak if certificate is revoked
   - upgrade zlib to 1.2.11
   - backport V8 fixes for spread syntax regression causing segfaults
   - repl: Revert commit that broke REPL display on Windows

Revision 1.9 / (download) - annotate - [select for diffs], Thu Apr 6 14:59:22 2017 UTC (2 years ago) by fhajny
Branch: MAIN
Changes since 1.8: +5 -5 lines
Diff to previous 1.8 (colored)

Update lang/nodejs6 to 6.10.2.

- crypto: fix memory leak if certificate is revoked
- upgrade zlib to 1.2.11
- backport V8 fixes for spread syntax regression causing segfaults
- repl: Revert commit that broke REPL display on Windows

Revision 1.8 / (download) - annotate - [select for diffs], Thu Mar 30 16:20:25 2017 UTC (2 years ago) by fhajny
Branch: MAIN
Changes since 1.7: +5 -5 lines
Diff to previous 1.7 (colored)

Update lang/nodejs6 to 6.10.1

- performance: The performance of several APIs has been improved.
  - Buffer.compare() is up to 35% faster on average.
  - buffer.toJSON() is up to 2859% faster on average.
  - fs.*statSync() functions are now up to 9.3% faster on average.
  - os.loadavg is up to 151% faster.
  - process.memoryUsage() is up to 34% faster.
  - querystring.unescape() for Buffers is 15% faster on average.
  - querystring.stringify() is up to 7.8% faster on average.
  - querystring.parse() is up to 21% faster on average.
- IPC: Batched writes have been enabled for process IPC on platforms
  that support Unix Domain Sockets.
  - Performance gains may be up to 40% for some workloads.
- child_process: spawnSync now returns a null status when child is
  terminated by a signal.
  - This fixes the behavior to act like spawn() does.
- http:
  - Control characters are now always rejected when using
    http.request().
  - Debug messages have been added for cases when headers contain
    invalid values.
- node: Heap statistics now support values larger than 4GB.
- timers: Timer callbacks now always maintain order when interacting
  with domain error handling.

Revision 1.7 / (download) - annotate - [select for diffs], Mon Mar 20 16:51:42 2017 UTC (2 years, 1 month ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)

Fix build on Darwin with GCC 4.8 or newer.

Revision 1.6 / (download) - annotate - [select for diffs], Wed Feb 22 11:34:41 2017 UTC (2 years, 2 months ago) by fhajny
Branch: MAIN
Changes since 1.5: +5 -5 lines
Diff to previous 1.5 (colored)

Update lang/nodejs6 to 6.10.0.

Notable Changes

- crypto: allow adding extra certs to well-known CAs
- deps: Upgrade INTL ICU to version 58
- process: add process.memoryUsage.external
- src: add wrapper for process.emitWarning()
- fs: cache non-symlinks in realpathSync.
- repl: allow autocompletion for scoped packages

Revision 1.5 / (download) - annotate - [select for diffs], Mon Feb 13 14:05:50 2017 UTC (2 years, 2 months ago) by fhajny
Branch: MAIN
Changes since 1.4: +5 -5 lines
Diff to previous 1.4 (colored)

Update lang/nodejs6 to 6.9.5.

Notable Changes

- deps: upgrade openssl sources to 1.0.2k

Revision 1.4 / (download) - annotate - [select for diffs], Fri Jan 6 10:00:14 2017 UTC (2 years, 3 months ago) by fhajny
Branch: MAIN
Changes since 1.3: +5 -5 lines
Diff to previous 1.3 (colored)

Update lang/nodejs6 to 6.9.4.

This is a special release that contains 0 commits. While promoting
additional platforms for v6.9.3 after the release, the tarballs on the
release server were overwritten and now have different shasums. In order
to remove any ambiguity around the release we have opted to do a semver
patch release with no changes.

Revision 1.3 / (download) - annotate - [select for diffs], Wed Jan 4 13:01:48 2017 UTC (2 years, 3 months ago) by fhajny
Branch: MAIN
Changes since 1.2: +5 -5 lines
Diff to previous 1.2 (colored)

Update lang/nodejs6 to 6.9.3.

Notable Changes

- build: shared library support is now working for AIX builds
- deps:
  - npm: upgrade npm to 3.10.10
  - V8: Destructuring of arrow function arguments via computed property
    no longer throws
- inspector: /json/version returns object, not an object wrapped
  in an array
- module: using --debug-brk and --eval together now works as expected
- process: improve performance of nextTick up to 20%
- repl:
  - the division operator will no longer be accidentally parsed as regex
  - improved support for generator functions
- timers: Re canceling a cancelled timers will no longer throw

Revision 1.2 / (download) - annotate - [select for diffs], Thu Dec 8 23:02:13 2016 UTC (2 years, 4 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4
Changes since 1.1: +5 -5 lines
Diff to previous 1.1 (colored)

Update lang/nodejs6 to 6.9.2

- buffer: coerce slice parameters consistently
- deps:
  - npm: upgrade npm to 3.10.9
  - V8: Various fixes to destructuring edge cases
    - cherry-pick 3c39bac from V8 upstream
    - cherry pick 7166503 from upstream v8
- gtest: the test reporter now outputs tap comments as yamlish
- inspector: inspector now prompts user to use 127.0.0.1 rather
  than localhost
- tls: fix memory leak when writing data to TLSWrap instance
  during handshake

Revision 1.1 / (download) - annotate - [select for diffs], Tue Oct 25 19:54:00 2016 UTC (2 years, 5 months ago) by fhajny
Branch: MAIN

Import nodejs 6.9.1 (LTS) as lang/nodejs6.

Node.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.

This package holds the 6.x LTS release.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>