Created attachment 171743 [details] patch from a git commit, apply with patch -p1 Notable Changes This is an important security release. All Node.js users should consult the security release summary at nodejs.org for details on patched vulnerabilities. This release is specifically related to a Buffer overflow vulnerability discovered in v8, more details can be found in the CVE 2016-1669. See the full release announcements here: https://nodejs.org/en/blog/release/v4.4.6/ https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/
poudriere testport passes on 10.3-RELEASE amd64 jail.
I just noticed that upstream released 4.4.7, I'll create an updated patch now.
A commit references this bug: Author: pi Date: Thu Jun 30 05:42:39 UTC 2016 New revision: 417807 URL: https://svnweb.freebsd.org/changeset/ports/417807 Log: www/node4: 4.4.5 -> 4.4.6 This is an important security release. Please consult https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for the details. This release is specifically related to a Buffer overflow vulnerability discovered in v8, more details can be found in the CVE 2016-1669. PR: 210520 Changes: https://nodejs.org/en/blog/release/v4.4.6/ Submitted by: Bradley T. Hughes <bradleythughes@fastmail.fm> (maintainer) Changes: head/www/node4/Makefile head/www/node4/distinfo
Created attachment 171966 [details] patch from a git commit www/node4: 4.4.5_1 -> 4.4.7 Notable Changes for 4.4.6: This is an important security release. All Node.js users should consult the security release summary at nodejs.org for details on patched vulnerabilities. This release is specifically related to a Buffer overflow vulnerability discovered in v8, more details can be found in the CVE 2016-1669. See the full release announcements here: https://nodejs.org/en/blog/release/v4.4.6/ https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ Notable Changes for 4.4.7: - debugger: - All properties of an array (aside from length) can now be printed in the repl (cjihrig) #6448 - npm: - Upgrade npm to 2.15.8 (Rebecca Turner) #7412 - stream: - Fix for a bug that became more prevalent with the stream changes that landed in v4.4.5. (Anna Henningsen) #7160 - V8: - Fix for a bug in crankshaft that was causing crashes on arm64 (Myles Borins) #7442 - Add missing classes to postmortem info such as JSMap and JSSet (evan.lucas) #3792 See the full release announcement here: https://nodejs.org/en/blog/release/v4.4.7/
(In reply to Bradley T. Hughes from comment #2) 2 minutes 8-} I'll keep this PR open for the update. We'll get this into the next quarterly 8-}
A commit references this bug: Author: pi Date: Thu Jun 30 06:26:31 UTC 2016 New revision: 417811 URL: https://svnweb.freebsd.org/changeset/ports/417811 Log: www/node4: 4.4.6 -> 4.4.7 - debugger: o All properties of an array (aside from length) can now be printed in the repl (cjihrig) #6448 - npm: o Upgrade npm to 2.15.8 (Rebecca Turner) #7412 - stream: o Fix for a bug that became more prevalent with the stream changes that landed in v4.4.5. (Anna Henningsen) #7160 - V8: o Fix for a bug in crankshaft that was causing crashes on arm64 (Myles Borins) #7442 o Add missing classes to postmortem info such as JSMap and JSSet (evan.lucas) #3792 PR: 210520 Changes: https://nodejs.org/en/blog/release/v4.4.7/ Submitted by: Bradley T. Hughes <bradleythughes@fastmail.fm> (maintainer) Changes: head/www/node4/Makefile head/www/node4/distinfo
Testbuilds fine, committed, thanks!