Navigation:
Browse pkgsrc
(this page) 2021-01-05 09:34:57 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: nodejs12: updated to 12.20.1 Version 12.20.1 'Erbium' (LTS) Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are \ vulnerable to a use-after-free bug in its TLS implementation. When writing to a \ TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a \ freshly allocated WriteWrap object as first argument. If the DoWrite method does \ not return an error, this object is passed back to the caller as part of a \ StreamWriteResult structure. This may be exploited to corrupt memory leading to \ a Denial of Service or potentially other exploits CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of Node.js \ allow two copies of a header field in a http request. For example, two \ Transfer-Encoding header fields. In this case Node.js identifies the first \ header field and ignores the second. This can lead to HTTP Request Smuggling \ (https://cwe.mitre.org/data/definitions/444.html). CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a \ vulnerability in OpenSSL which may be exploited through Node.js. You can read \ more about it in https://www.openssl.org/news/secadv/20201208.txt |
| 2020-12-31 21:04:14 by Nia Alarie | Files touched by this commit (38) |
Log message: Normalize handling packages that require 64-bit atomic ops. |
| 2020-12-16 08:42:39 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs12: updated to 12.12.0 Version 12.12.0 (Current) Notable changes build: Add --force-context-aware flag to prevent usage of native node addons that \ aren't context aware deprecations: Add documentation-only deprecation for process._tickCallback() esm: Using JSON modules is experimental again fs: Introduce opendir() and fs.Dir to iterate through directories process: Add source-map support to stack traces by using --enable-source-maps tls: Honor pauseOnConnect option Add option for private keys for OpenSSL engines |
| 2020-11-17 12:02:03 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs12: updated to 12.19.1 Version 12.19.1 'Erbium' (LTS) Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js \ application that allows an attacker to trigger a DNS request for a host of their \ choice could trigger a Denial of Service by getting the application to resolve a \ DNS record with a larger number of responses. |
| 2020-11-05 10:09:30 by Ryo ONODERA | Files touched by this commit (1814) |
Log message: *: Recursive revbump from textproc/icu-68.1 |
| 2020-10-09 09:23:51 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs12: updated to 12.19.0 Version 12.19.0 'Erbium' (LTS) Notable Changes - (SEMVER-MINOR) module: package "imports" field (Guy Bedford) - (SEMVER-MINOR) n-api: create N-API version 7 (Gabriel Schulhof) - (SEMVER-MINOR) crypto: add randomInt function (Oli Lalonde) - deps: upgrade to libuv 1.39.0 (Colin Ihrig) - doc: add Ricky Zhou to collaborators (rickyes) - doc: add release key for Ruy Adorno (Ruy Adorno) - doc: add DerekNonGeneric to collaborators (Derek Lewis) - deps: upgrade npm to 6.14.7 (claudiahdz) - doc: add AshCripps to collaborators (Ash Cripps) - doc: add HarshithaKP to collaborators (Harshitha K P) - zlib: switch to lazy init for zlib streams (Andrey Pechkurov) - doc: add rexagod to collaborators (Pranshu Srivastava) - doc: add release key for Richard Lau (Richard Lau) - doc: add danielleadams to collaborators (Danielle Adams) - doc: add sxa as collaborator (Stewart X Addison) - deps: upgrade to libuv 1.38.1 (Colin Ihrig) - doc: add ruyadorno to collaborators (Ruy Adorno) - (SEMVER-MINOR) module: deprecate module.parent (Antoine du HAMEL) - (SEMVER-MAJOR) doc: deprecate process.umask() with no arguments (Colin Ihrig) |
| 2020-10-02 14:24:27 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs12: updated to 12.18.4 Version 12.18.4 'Erbium' (LTS) Notable Changes This is a security release. Vulnerabilities fixed: CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High). CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium). |
| 2020-08-03 14:10:47 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs12: updated to 12.18.3 Version 12.18.3 'Erbium' (LTS) Notable Changes deps: upgrade npm to 6.14.6 update node-inspect to v2.0.0 uvwasi: cherry-pick 9e75217 |
| 2020-07-03 21:01:40 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: nodejs12: updated to 12.18.2 Version 12.18.2 'Erbium' (LTS) Notable changes deps: V8: backport Fixes memory leak in PrototypeUsers::Add src: use symbol to store AsyncWrap resource Fixes reported memory leak Version 12.18.1 'Erbium' (LTS) Notable Changes deps: V8: cherry-pick update to uvwasi 0.0.9 upgrade to libuv 1.38.0 upgrade npm to 6.14.5 |
| 2020-06-18 06:58:24 by David H. Gutteridge | Files touched by this commit (6) | |
Log message: nodejs/nodejs10/nodejs12: these now require nghttp2>=1.41.0 As of the last updates to each of these, made earlier this month, they now require nghttp2>=1.41.0 to build. They expect nghttp2_option_set_max_settings to be available. |
New packages: