Date: Sat, 19 Oct 2013 00:40:23 GMT From: Kenji Rikitake <kenji.rikitake@acm.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/183092: [security fix required] Port www/node version up required from v0.10.19 to 0.10.21 Message-ID: <201310190040.r9J0eN8V063273@oldred.freebsd.org> Resent-Message-ID: <201310190050.r9J0o01q092365@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 183092 >Category: ports >Synopsis: [security fix required] Port www/node version up required from v0.10.19 to 0.10.21 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Oct 19 00:50:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Kenji Rikitake >Release: 9.2-STABLE >Organization: >Environment: FreeBSD minimax.priv.k2r.org 9.2-STABLE FreeBSD 9.2-STABLE #13 r255959: Tue Oct 1 13:18:35 JST 2013 root@minimax.priv.k2r.org:/usr/obj/usr/src/sys/K2RKERNEL amd64 >Description: nodejs dev team has announced v0.10.21 for "an undisclosed HTTP vulnerability fix." This is a very crude kludge to put v0.10.21, instead of v0.10.20 as of 0000UTC 19-OCT-2013. See https://groups.google.com/forum/#!msg/nodejs/NEbweYB0ei0/gWvyzCunYjsJ for the details of the severity. >How-To-Repeat: /usr/local/bin/node --version >Fix: Patch given. Apply this at /usr/local/www/node and rebuild the Port. Patch attached with submission follows: A kludge to upgrade from FreeBSD Port node 0.10.19 to 0.10.21. Apply this patch at /usr/ports/www/node and rebuild/reinstall the port. diff --unified /usr/ports/www/node/Makefile ./Makefile --- /usr/ports/www/node/Makefile 2013-09-30 07:51:06.000000000 +0900 +++ ./Makefile 2013-10-19 09:17:36.000000000 +0900 @@ -2,7 +2,7 @@ # $FreeBSD: www/node/Makefile 328753 2013-09-29 22:51:06Z swills $ PORTNAME= node -PORTVERSION= 0.10.19 +PORTVERSION= 0.10.21 CATEGORIES= www MASTER_SITES= http://nodejs.org/dist/v${PORTVERSION}/ DISTNAME= ${PORTNAME}-v${PORTVERSION} diff --unified /usr/ports/www/node/distinfo ./distinfo --- /usr/ports/www/node/distinfo 2013-09-30 07:51:06.000000000 +0900 +++ ./distinfo 2013-10-19 09:18:38.000000000 +0900 @@ -1,2 +1,2 @@ -SHA256 (node-v0.10.19.tar.gz) = e50787672cdf6afa6caeef9345ca40c4a69f96a31829a0884ea6ed63dfdde21e -SIZE (node-v0.10.19.tar.gz) = 13627909 +SHA256 (node-v0.10.21.tar.gz) = 7c125bf22c1756064f2a68310d4822f77c8134ce178b2faa6155671a8124140d +SIZE (node-v0.10.21.tar.gz) = 13647047 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310190040.r9J0eN8V063273>