kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

lang/nodejs6: Update to 6.14.1.

Browse source 
Fixes for the following CVEs are included in this release:

- CVE-2018-7158
- CVE-2018-7159
- CVE-2018-7160

Notable Changes

- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A
  malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP connections
  to localhost or to hosts on the local network, potentially to an open
  inspector port as a debugger, therefore gaining full code execution
  access. The inspector now only allows connections that have a browser
  Host value of localhost or localhost6.
- Fix for 'path' module regular expression denial of service
  (CVE-2018-7158): A regular expression used for parsing POSIX paths
  could be used to cause a denial of service if an attacker were able to
  have a specially crafted path string passed through one of the
  impacted 'path' module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159):
  The Node.js HTTP parser allowed for spaces inside Content-Length
  header values. Such values now lead to rejected connections in the
  same way as non-numeric values.
- Update root certificates: 5 additional root certificates have been
  added to the Node.js binary and 30 have been removed.
This commit is contained in:
fhajny 2018-04-04 10:35:55 +00:00
parent 65573643dd
commit 6f39786389
2 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lang/nodejs6/Makefile
View file

@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.22 2018/03/07 11:45:48 fhajny Exp $
# $NetBSD: Makefile,v 1.23 2018/04/04 10:35:55 fhajny Exp $
DISTNAME= node-v6.13.1
DISTNAME= node-v6.14.1
.include "../../lang/nodejs/Makefile.common"
.include "../../mk/bsd.pkg.mk"

10
lang/nodejs6/distinfo
View file

@ -1,9 +1,9 @@
$NetBSD: distinfo,v 1.21 2018/03/07 11:45:48 fhajny Exp $
$NetBSD: distinfo,v 1.22 2018/04/04 10:35:55 fhajny Exp $
SHA1 (node-v6.13.1.tar.gz) = ccaf59ae19003c5a445ceb05ac16c6df725a309d
RMD160 (node-v6.13.1.tar.gz) = ede4d17269bf0264c87215e9d80aaf85d6d96773
SHA512 (node-v6.13.1.tar.gz) = 74129c3600b8873c6fd2ad6252ea9ccc73a2a3f961b3c8ed7e45b44e329aa3ea89e639c1881f57e9b498f7659166386729be8a24331348cdb15395658cb7c203
Size (node-v6.13.1.tar.gz) = 27560377 bytes
SHA1 (node-v6.14.1.tar.gz) = 800d4876242ba4c730fdb52708112ad6189a097a
RMD160 (node-v6.14.1.tar.gz) = ee584aca256aa6784f6cb4f48826d88c02a894c6
SHA512 (node-v6.14.1.tar.gz) = 271cb1e9ff362dfa7dbdc8d31a72353646689c8b42df86bfe1060f1f82f7ca1a039c2d6380dc8afcd5dbc98c0d2e362dfc6e91e8ab4719324df41b4b3ef243e2
Size (node-v6.14.1.tar.gz) = 27449739 bytes
SHA1 (patch-common.gypi) = 5b3a50617358637a6f910de28bb5a14f037317a6
SHA1 (patch-deps_cares_cares.gyp) = bae68a88473f9b7e0af1fbf65da033bc8f917225
SHA1 (patch-deps_npm_node__modules_node-gyp_gyp_pylib_gyp_generator_make.py) = 78d6ddd37ae30e869e0da666a78baad86a638c50