Subject: CVS commit: pkgsrc/lang
From: Filip Hajny
Date: 2015-12-04 13:18:36
Message id: 20151204121836.9425098@cvs.netbsd.org
Log Message:
Update nodejs4 to 4.2.3 and nodejs to 5.1.1.

Notable changes

- http: Fix a bug where an HTTP socket may no longer have a socket
  but a pipelined request triggers a pause or resume, a potential
  denial-of-service vector. (Fedor Indutny)
- openssl: Upgrade to 1.0.2e, containing fixes for:
  - CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
    an attack is considered feasible against a Node.js TLS server
    using DHE key exchange. Details are available at
    http://openssl.org/news/secadv/20151203.txt.
  - CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
    a potential denial-of-service vector for Node.js TLS servers; TLS
    clients are also impacted. Details are available at
    http://openssl.org/news/secadv/20151203.txt. (Shigeki Ohtsu) #4134
- v8: Backport fixes for a bug in JSON.stringify() that can result in
  out-of-bounds reads for arrays. (Ben Noordhuis)
Files:
RevisionActionfile
1.50modifypkgsrc/lang/nodejs/Makefile
1.49modifypkgsrc/lang/nodejs/distinfo
1.2modifypkgsrc/lang/nodejs4/Makefile
1.2modifypkgsrc/lang/nodejs4/distinfo