Bug 210521 - www/node012: Update to 0.12.15
Summary: www/node012: Update to 0.12.15
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kurt Jaeger
URL:
Keywords: patch, patch-ready
Depends on:
Blocks:
 
Reported: 2016-06-24 10:31 UTC by Bradley T. Hughes
Modified: 2016-06-30 05:49 UTC (History)
2 users (show)

See Also:
bhughes: maintainer-feedback+


Attachments
patch from a git commit, apply with patch -p1 (1.91 KB, text/plain)
2016-06-24 10:31 UTC, Bradley T. Hughes
bhughes: maintainer-approval+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Bradley T. Hughes freebsd_committer freebsd_triage 2016-06-24 10:31:36 UTC
Created attachment 171744 [details]
patch from a git commit, apply with patch -p1

Notable changes:

This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/
for details on patched vulnerabilities.

- libuv: (CVE-2014-9748) Fixes a bug in the read/write locks
  implementation for Windows XP and Windows 2003 that can lead to
  undefined and potentially unsafe behaviour. More information can be
  found at https://github.com/libuv/libuv/issues/515 or at
  https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/.
- V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability
  discovered in V8, more details can be found in the CVE at
  https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at
  https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/.

See the full release announcement here:
https://nodejs.org/en/blog/release/v0.12.15/
Comment 1 Bradley T. Hughes freebsd_committer freebsd_triage 2016-06-24 10:31:52 UTC
poudriere testpot passes on 10.3-RELEASE amd64 jail.
Comment 2 Kurt Jaeger freebsd_committer freebsd_triage 2016-06-30 05:48:55 UTC
Committed, thanks. No MFH as new quarterly is just around the corner.
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-06-30 05:49:11 UTC
A commit references this bug:

Author: pi
Date: Thu Jun 30 05:48:20 UTC 2016
New revision: 417809
URL: https://svnweb.freebsd.org/changeset/ports/417809

Log:
  www/node012: 0.12.14 -> 0.12.15

  This is a security release. Please read
  https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/
  for details.

  - libuv: (CVE-2014-9748) Fixes a bug in the read/write locks
    implementation for Windows XP and Windows 2003 that can lead to
    undefined and potentially unsafe behaviour. More information can be
    found at https://github.com/libuv/libuv/issues/515 or at
    https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/.
  - V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability
    discovered in V8, more details can be found in the CVE at
    https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669

  PR:		210521
  Changes:	https://nodejs.org/en/blog/release/v0.12.15/
  Submitted by:	Bradley T. Hughes <bradleythughes@fastmail.fm> (maintainer)

Changes:
  head/www/node012/Makefile
  head/www/node012/distinfo