./lang/nodejs8, V8 JavaScript for clients and servers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 8.11.1nb1, Package name: nodejs-8.11.1nb1, Maintainer: filip

Node.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.

This package holds the 8.x LTS release.


Required to run:
[textproc/icu] [security/openssl] [lang/python27] [lang/gcc49-libs]

Required to build:
[sysutils/lockf] [lang/gcc49] [pkgtools/cwrappers]

Package options: openssl

Master sites:

SHA1: 9144b4545885af5c806f7f68d814ffa6a8ed97bd
RMD160: bbed69463aa4fb4bf8bf5d37d6878fdb23eff450
Filesize: 30302.954 KB

Version history: (Expand)


CVS history: (Expand)


   2018-04-14 09:34:46 by Adam Ciarcinski | Files touched by this commit (681) | Package updated
Log message:
revbump after icu update
   2018-04-04 12:37:44 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
lang/nodejs8: Update to 8.11.1.

Fixes for the following CVEs are included in this release:

- CVE-2018-7158
- CVE-2018-7159
- CVE-2018-7160

Notable Changes

- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A
  malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP connections
  to localhost or to hosts on the local network, potentially to an open
  inspector port as a debugger, therefore gaining full code execution
  access. The inspector now only allows connections that have a browser
  Host value of localhost or localhost6.
- Fix for 'path' module regular expression denial of service
  (CVE-2018-7158): A regular expression used for parsing POSIX paths
  could be used to cause a denial of service if an attacker were able to
  have a specially crafted path string passed through one of the
  impacted 'path' module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159):
  The Node.js HTTP parser allowed for spaces inside Content-Length
  header values. Such values now lead to rejected connections in the
  same way as non-numeric values.
- Update root certificates: 5 additional root certificates have been
  added to the Node.js binary and 30 have been removed.
   2018-03-07 12:45:06 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
lang/nodejs8: Update to 8.10.0

deps:
- update V8 to 6.2.414.46
- revert ABI breaking changes in V8 6.2
- upgrade libuv to 1.19.1
- re land npm 5.6.0
- ICU 60 bump
crypto:
- Support both OpenSSL 1.1.0 and 1.0.2
- warn on invalid authentication tag length
async_hooks:
- update defaultTriggerAsyncIdScope for perf
- use typed array stack as fast path
- use scope for defaultTriggerAsyncId
- separate missing from default context
- rename initTriggerId
- deprecate undocumented API
- add destroy event for gced AsyncResources
- add trace events to async_hooks
- set HTTPParser trigger to socket
- add provider types for net server
n-api:
- add helper for addons to get the event loop
cli:
- add --stack-trace-limit to NODE_OPTIONS
console:
- add support for console.debug
module:
- add builtinModules
- replace default paths in require.resolve()
src:
- add helper for addons to get the event loop
- add process.ppid
http:
- support generic `Duplex` streams
- add rawPacket in err of `clientError` event
- better support for IPv6 addresses
net:
- remove ADDRCONFIG DNS hint on Windows
process:
- fix reading zero-length env vars on win32
tls:
- unconsume stream on destroy
process:
- improve unhandled rejection message
stream:
- remove usage of *State.highWaterMark
trace_events:
- add executionAsyncId to init events
   2018-01-05 16:00:25 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
Update lang/nodejs8 to 8.9.4.

- deps: upgrade npm to 5.6.0
- build: configure can now be run from any directory
   2017-12-09 18:55:35 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update lang/nodejs8 to 8.9.3.

- buffer: buffer allocated with an invalid content will now be zero
  filled (CVE-2017-15897)
- deps: openssl updated to 1.0.2n
   2017-12-07 22:59:25 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update lang/nodejs8 to 8.9.2.

- console: avoid adding infinite error listeners
- http2: improve errors thrown in header validation
   2017-11-30 17:45:43 by Adam Ciarcinski | Files touched by this commit (654) | Package updated
Log message:
Revbump after textproc/icu update
   2017-11-08 18:44:02 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update lang/nodejs8 to 8.9.1.

- openssl: upgrade openssl sources to 1.0.2m
- Revert "https: refactor to use http internals"