Bug 213603

Summary: www/node4: Update to 4.6.1
Product: Ports & Packages Reporter: Bradley T. Hughes <bhughes>
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Many People CC: feld, ports-secteam
Priority: Normal Keywords: needs-patch, security
Version: LatestFlags: feld: merge-quarterly+
Hardware: Any   
OS: Any   
URL: https://nodejs.org/en/blog/release/v4.6.1/
Bug Depends on: 213495, 213800    
Bug Blocks:    
Attachments:
Description Flags
nodejs 4.6.1
bhughes: maintainer-approval+
updated nodejs 4.6.1 patch bhughes: maintainer-approval+

Description Bradley T. Hughes freebsd_committer freebsd_triage 2016-10-19 07:01:47 UTC 
Created attachment 175927 [details]
nodejs 4.6.1

Bump to the latest upstream 4.x release. This is a security release to
address the c-ares single-byte buffer overwrite, CVE-2016-5180. Note
that www/node4 builds against a shared c-ares by default, so users
should ensure to update dns/c-ares as well.
    
https://nodejs.org/en/blog/release/v4.6.1/
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/

portlint: OK (-C, looks fine.)
testport: OK (poudriere, 11.0-R, 10.[123]-R, 9.3-R, amd64/i386, default options)
testport: OK (poudriere, 11.0-R, 10.[123]-R, 9.3-R, amd64/i386, BUNDLED_SSL enabled)
Comment 1 Bradley T. Hughes freebsd_committer freebsd_triage 2016-10-19 07:03:02 UTC 
dns/c-ares should be updated as well to get the full "effect" of this release. Adding dependency on 213495.
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2016-10-19 09:37:42 UTC 
This also needs a security/vuxml entry
Comment 3 Bradley T. Hughes freebsd_committer freebsd_triage 2016-10-21 07:41:59 UTC 
Created attachment 176009 [details]
updated nodejs 4.6.1 patch

Bump to the latest upstream 4.x release. This is a security release to
address the c-ares single-byte buffer overwrite, CVE-2016-5180. Note
that www/node4 builds against a shared c-ares by default, so users
should ensure to update dns/c-ares as well.
    
Cleanup clang vs. gcc handling by using USES=compiler:c++-lib
    
https://nodejs.org/en/blog/release/v4.6.1/
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
Comment 4 Bradley T. Hughes freebsd_committer freebsd_triage 2016-10-26 10:29:28 UTC 
See 213800 for vuxml entries :)
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-10-28 13:42:33 UTC 
A commit references this bug:

Author: feld
Date: Fri Oct 28 13:42:28 UTC 2016
New revision: 424840
URL: https://svnweb.freebsd.org/changeset/ports/424840

Log:
  www/node4: Update to 4.6.1

  PR:		213603
  Security:	CVE-2016-5180

Changes:
  head/www/node4/Makefile
  head/www/node4/distinfo
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-10-28 13:43:34 UTC 
A commit references this bug:

Author: feld
Date: Fri Oct 28 13:42:54 UTC 2016
New revision: 424841
URL: https://svnweb.freebsd.org/changeset/ports/424841

Log:
  MFH: r424840

  www/node4: Update to 4.6.1

  PR:		213603
  Security:	CVE-2016-5180

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/www/node4/Makefile
  branches/2016Q4/www/node4/distinfo