./lang/nodejs4, V8 JavaScript for clients and servers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.8.7, Package name: nodejs-4.8.7, Maintainer: filip

Node.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.

This package holds the 4.x LTS release.


Required to run:
[security/openssl] [lang/python27]

Required to build:
[sysutils/lockf] [pkgtools/cwrappers]

Package options: openssl

Master sites:

SHA1: 52e921da8360050da12fd8a817e1bf8f2959ff3a
RMD160: 50432194d888972e6db605517d80045e6931f791
Filesize: 22323.015 KB

Version history: (Expand)


CVS history: (Expand)


   2017-12-09 18:54:26 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update lang/nodejs4 to 4.8.7.

- deps: openssl updated to 1.0.2n
   2017-11-30 17:45:43 by Adam Ciarcinski | Files touched by this commit (654) | Package updated
Log message:
Revbump after textproc/icu update
   2017-11-08 19:46:37 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update lang/nodejs4 to 4.8.6.

crypto:
- update root certificates

deps:
- add support for more modern versions of INTL
- upgrade openssl sources to 1.0.2m
   2017-10-25 15:56:01 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update lang/nodejs4 to 4.8.5.

zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
  error to be raised when a raw deflate stream is initialized with
  windowBits set to 8. On some versions this crashes Node and you cannot
  recover from it, while on some versions it throws an exception.
  Node.js will now gracefully set windowBits to 9 replicating the legacy
  behavior to avoid a DOS vector.
   2017-09-18 11:53:40 by Maya Rashish | Files touched by this commit (676)
Log message:
revbump for requiring ICU 59.x
   2017-07-11 21:16:46 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update lang/nodejs4 to 4.8.4.

- Disable V8 snapshots - The hashseed embedded in the snapshot is
  currently the same for all runs of the binary. This opens node up to
  collision attacks which could result in a Denial of Service. We have
  temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
  is used for parsing NAPTR responses, could be triggered to read memory
  outside of the given input buffer if the passed in DNS response packet
  was crafted in a particular way. This patch checks that there is
  enough data for the required elements of an NAPTR record (2 int16, 3
  bytes for string lengths) before processing a record.
   2017-05-03 13:43:39 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update lang/nodejs4 to 4.8.3.

- module: The module loading global fallback to the Node executable's
  directory now works correctly on Windows.
- src: fix base64 decoding in rare edgecase
- tls: fix rare segmentation faults when using TLS
   2017-04-22 23:04:05 by Adam Ciarcinski | Files touched by this commit (670) | Package updated
Log message:
Revbump after icu update