---
- branch: pkgsrc-2017Q3
  date: Tue Oct 31 18:52:44 UTC 2017
  files:
  - new: 1.34.4.1
    old: '1.34'
    path: pkgsrc/lang/nodejs4/Makefile
    pathrev: pkgsrc/lang/nodejs4/Makefile@1.34.4.1
    type: modified
  - new: 1.29.4.1
    old: '1.29'
    path: pkgsrc/lang/nodejs4/distinfo
    pathrev: pkgsrc/lang/nodejs4/distinfo@1.29.4.1
    type: modified
  id: 20171031T185244Z.260ad32889a26b4450e3474cf2bc14ed70204dad
  log: |
    Pullup ticket #5593 - requested by sevan
    lang/nodejs4: security update

    Revisions pulled up:
    - lang/nodejs4/Makefile                                         1.35
    - lang/nodejs4/distinfo                                         1.30

    -------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   fhajny
       Date:           Wed Oct 25 13:56:01 UTC 2017

       Modified Files:
               pkgsrc/lang/nodejs4: Makefile distinfo

       Log Message:
       Update lang/nodejs4 to 4.8.5.

       zlib:
       - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
         error to be raised when a raw deflate stream is initialized with
         windowBits set to 8. On some versions this crashes Node and you cannot
         recover from it, while on some versions it throws an exception.
         Node.js will now gracefully set windowBits to 9 replicating the legacy
         behavior to avoid a DOS vector.

       To generate a diff of this commit:
       cvs rdiff -u -r1.34 -r1.35 pkgsrc/lang/nodejs4/Makefile
       cvs rdiff -u -r1.29 -r1.30 pkgsrc/lang/nodejs4/distinfo
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2017Q3] pkgsrc/lang/nodejs4'
  unixtime: '1509475964'
  user: spz