./lang/nodejs6, V8 JavaScript for clients and servers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 6.14.1, Package name: nodejs-6.14.1, Maintainer: filip

Node.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.

This package holds the 6.x LTS release.


Required to run:
[security/openssl] [lang/python27]

Required to build:
[sysutils/lockf] [pkgtools/cwrappers]

Package options: openssl

Master sites:

SHA1: 800d4876242ba4c730fdb52708112ad6189a097a
RMD160: ee584aca256aa6784f6cb4f48826d88c02a894c6
Filesize: 26806.386 KB

Version history: (Expand)


CVS history: (Expand)


   2018-04-04 12:35:55 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
lang/nodejs6: Update to 6.14.1.

Fixes for the following CVEs are included in this release:

- CVE-2018-7158
- CVE-2018-7159
- CVE-2018-7160

Notable Changes

- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A
  malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP connections
  to localhost or to hosts on the local network, potentially to an open
  inspector port as a debugger, therefore gaining full code execution
  access. The inspector now only allows connections that have a browser
  Host value of localhost or localhost6.
- Fix for 'path' module regular expression denial of service
  (CVE-2018-7158): A regular expression used for parsing POSIX paths
  could be used to cause a denial of service if an attacker were able to
  have a specially crafted path string passed through one of the
  impacted 'path' module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159):
  The Node.js HTTP parser allowed for spaces inside Content-Length
  header values. Such values now lead to rejected connections in the
  same way as non-numeric values.
- Update root certificates: 5 additional root certificates have been
  added to the Node.js binary and 30 have been removed.
   2018-03-07 12:45:48 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
lang/nodejs6: Update to 6.13.1.

http, tls:
- better support for IPv6 addresses
   2018-02-16 12:53:54 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
lang/nodejs6: Update to 6.13.0.

- console:
  - added console.count() and console.clear()
- crypto:
  - expose ECDH class
  - added cypto.randomFill() and crypto.randomFillSync()
  - warn on invalid authentication tag length
- deps:
  - upgrade libuv to 1.16.1
- dgram:
  - added socket.setMulticastInterface()
- http:
  - add agent.keepSocketAlive and agent.reuseSocket as to allow
    overridable keep-alive behavior of `Agent`
- lib:
  - return this from net.Socket.end()
- module:
  - add builtinModules api that provides list of all builtin modules
    in Node
- net:
  - return this from getConnections()
- promises:
  - more robust stringification for unhandled rejections
- repl:
  - improve require() autocompletion
- src:
  - add openssl-system-ca-path configure option
  - add --use-bundled-ca --use-openssl-ca check
  - add process.ppid
- tls:
  - accept `lookup` option for `tls.connect()`
- tools, build:
  - a new macOS installer!
- url:
  - WHATWG URL api support
- util:
  - add %i and %f formatting specifiers
   2017-12-09 18:55:04 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update lang/nodejs6 to 6.12.2.

- deps: openssl updated to 1.0.2n
   2017-12-07 23:09:46 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update lang/nodejs6 to 6.12.1.

- build: fix npm install with --shared
- build: building with python 3 is now supported
- src: v8 options can be specified with either '_' or '-' in NODE_OPTIONS
   2017-11-08 19:31:15 by Filip Hajny | Files touched by this commit (5) | Package updated
Log message:
Update lang/nodejs6 to 6.12.0.

assert:
- assert.fail() can now take one or two arguments

crypto:
- add sign/verify support for RSASSA-PSS

deps:
- upgrade openssl sources to 1.0.2m
- upgrade libuv to 1.15.0

fs:
- Add support for fs.write/fs.writeSync(fd, buffer, cb) and
  fs.write/fs.writeSync(fd, buffer, offset, cb) as documented

inspector:
- enable --inspect-brk

process:
- add --redirect-warnings command line argument

src:
- allow CLI args in env with NODE_OPTIONS
- --abort-on-uncaught-exception in NODE_OPTIONS
- allow --tls-cipher-list in NODE_OPTIONS
- use SafeGetenv() for NODE_REDIRECT_WARNINGS

test:
- remove common.fail()
   2017-10-25 15:45:18 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
Update lang/nodejs6 to 6.11.5.

zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
  error to be raised when a raw deflate stream is initialized with
  windowBits set to 8. On some versions this crashes Node and you cannot
  recover from it, while on some versions it throws an exception.
  Node.js will now gracefully set windowBits to 9 replicating the legacy
  behavior to avoid a DOS vector.
   2017-10-04 18:20:58 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
Update lang/nodejs6 to 6.11.4.

- net: support passing undefined to listen() to match behavior
  in v4.x and v8.x