Navigation:
Browse pkgsrc
(this page) 2021-01-05 09:35:36 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: nodejs10: updated to 10.23.1 Version 10.23.1 'Dubnium' (LTS) Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are \ vulnerable to a use-after-free bug in its TLS implementation. When writing to a \ TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a \ freshly allocated WriteWrap object as first argument. If the DoWrite method does \ not return an error, this object is passed back to the caller as part of a \ StreamWriteResult structure. This may be exploited to corrupt memory leading to \ a Denial of Service or potentially other exploits CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of Node.js \ allow two copies of a header field in a http request. For example, two \ Transfer-Encoding header fields. In this case Node.js identifies the first \ header field and ignores the second. This can lead to HTTP Request Smuggling \ (https://cwe.mitre.org/data/definitions/444.html). CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a \ vulnerability in OpenSSL which may be exploited through Node.js. You can read \ more about it in https://www.openssl.org/news/secadv/20201208.txt |
| 2020-12-16 08:29:36 by Adam Ciarcinski | Files touched by this commit (2) |
Log message: nodejs8, nodejs10: add PYTHON_VERSIONS_ACCEPTED |
| 2020-11-14 10:54:23 by Jonathan Perkin | Files touched by this commit (6) |
Log message: nodejs*: Fix builds with icu-68.1. |
| 2020-11-12 22:02:44 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs10: updated to 10.23.0 Version 10.23.0 'Dubnium' (LTS) Notable changes deps: upgrade npm to 6.14.8 n-api: create N-API version 7 expose napi_build_version variable tools: add debug entitlements for macOS 10.15+ |
| 2020-11-05 10:09:30 by Ryo ONODERA | Files touched by this commit (1814) |
Log message: *: Recursive revbump from textproc/icu-68.1 |
| 2020-10-02 14:23:54 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message: nodejs10: updated to 10.22.1 Version 10.22.1 'Dubnium' (LTS) Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium). Version 10.22.0 'Dubnium' (LTS) Notable changes deps: * upgrade npm to 6.14.6 * upgrade openssl sources to 1.1.1g n-api: * add napi_detach_arraybuffer |
| 2020-06-18 06:58:24 by David H. Gutteridge | Files touched by this commit (6) | |
Log message: nodejs/nodejs10/nodejs12: these now require nghttp2>=1.41.0 As of the last updates to each of these, made earlier this month, they now require nghttp2>=1.41.0 to build. They expect nghttp2_option_set_max_settings to be available. |
| 2020-06-03 11:25:38 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: nodejs10: updated to 10.21.0 Version 10.21.0 'Dubnium' (LTS) Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory \ corruption (High). CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High). CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low). Commits - deps: fix OPENSSLDIR on Windows - deps: backport ICU-20958 to fix CVE-2020-10531 - (SEMVER-MINOR) deps: update nghttp2 to 1.41.0 - (SEMVER-MINOR) http2: implement support for max settings entries - napi: fix memory corruption vulnerability |
| 2020-06-02 10:25:05 by Adam Ciarcinski | Files touched by this commit (1689) |
Log message: Revbump for icu |
| 2020-05-31 23:41:22 by Roland Illig | Files touched by this commit (3) |
Log message: lang/nodejs*: skip portability check for macOS installation scripts |
New packages: