2016-09-28 13:09:47 by Filip Hajny | Files touched by this commit (2) |
Log message:
Update lang/nodejs4 to 4.6.0.
- openssl: Remove support for loading dynamic third-party engine
modules. An attacker may be able to hide malicious code to be
inserted into Node.js at runtime by masquerading as one of the
dynamic engine modules.
- http: CVE-2016-5325 - Properly validate for allowable characters
in the reason argument in ServerResponse#writeHead().
- buffer: Zero-fill excess bytes in new Buffer objects created
with Buffer.concat() while providing a totalLength parameter
that exceeds the total length of the original Buffer objects
being concatenated.
- tls: CVE-2016-7099 - Fix invalid wildcard certificate validation
check whereby a TLS server may be able to serve an invalid
wildcard certificate for its hostname due to improper validation
of *. in the wildcard string.
|
2016-08-27 20:11:12 by Joerg Sonnenberger | Files touched by this commit (2) |
Log message:
Don't depend on PTHREAD_STACK_MIN for NetBSD, use sysconf.
|
2016-08-19 15:14:37 by Filip Hajny | Files touched by this commit (3) | |
Log message:
Update lang/nodejs4 to 4.5.0.
Semver Minor:
buffer:
- backport new buffer constructor APIs to v4.x
- backport --zero-fill-buffers cli option
build:
- add Intel Vtune profiling support
repl:
- copying tabs shouldn't trigger completion
src:
- add node::FreeEnvironment public API
test:
- run v8 tests from node tree
V8:
- Add post mortem data to improve object inspection and function's
context variables inspection
Semver Patch:
buffer:
- ignore negative allocation lengths
crypto:
- update root certificates
libuv:
- upgrade libuv to 1.9.1
- upgrade libuv to 1.9.0
npm:
- upgrade to 2.15.9
|
2016-07-01 17:41:28 by Filip Hajny | Files touched by this commit (3) |
Log message:
Update lang/nodejs4 to 4.4.7.
Notable Changes
- debugger:
* All properties of an array (aside from length) can now be printed
in the repl
- npm:
* Upgrade npm to 2.15.8
- stream:
* Fix for a bug that became more prevalent with the stream changes
that landed in v4.4.5.
- V8:
* Fix for a bug in crankshaft that was causing crashes on arm64
* Add missing classes to postmortem info such as JSMap and JSSet
|
2016-06-24 18:12:01 by Filip Hajny | Files touched by this commit (2) |
Log message:
Update lang/nodejs4 to 4.4.6.
This release is specifically related to a Buffer overflow
vulnerability discovered in v8, see CVE-2016-1669
|
2016-06-02 11:57:32 by Filip Hajny | Files touched by this commit (6) |
Log message:
Remove the nodejs icu option and make nodejs use a system ICU
package by default. Expand existing patch to fix NetBSD 6 build.
Fixes PR pkg/51172.
Bump PKGREVISION for lang/nodejs and lang/nodejs4.
|
2016-05-24 21:43:30 by Filip Hajny | Files touched by this commit (3) | |
Log message:
Update lang/nodejs4 to 4.4.5.
buffer:
- Buffer no longer errors if you call lastIndexOf with a search
term longer than the buffer
contextify:
- Context objects are now properly garbage collected, this solves
a problem some individuals were experiencing with extreme memory
growth
deps:
- update npm to 2.15.5
http:
- Invalid status codes can no longer be sent. Limited to 3 digit
numbers between 100 - 999
|
2016-05-06 11:33:57 by Filip Hajny | Files touched by this commit (2) | |
Log message:
Update lang/nodejs4 to 4.4.4.
- update openssl to 1.0.2h. (n/a with dynamic OpenSSL)
|
2016-04-13 13:55:31 by Filip Hajny | Files touched by this commit (2) |
Log message:
Update lang/nodejs4 to 4.4.3.
- deps: Fix --gdbjit for embedders. Backported from v8 upstream.
- etw: Correctly display descriptors for ETW events 9 and 23 on
the windows platform.
- querystring: Restore throw when attempting to stringify bad
surrogate pair.
|
2016-04-11 21:02:08 by Ryo ONODERA | Files touched by this commit (527) |
Log message:
Recursive revbump from textproc/icu 57.1
|