Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 97D8D7ABF4 for ; Wed, 10 Feb 2016 11:09:24 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 1871385E6C; Wed, 10 Feb 2016 11:09:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 98F2F85E47 for ; Wed, 10 Feb 2016 11:09:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id HTtqJII-QNmM for ; Wed, 10 Feb 2016 11:09:23 +0000 (UTC) Received: from cvs.NetBSD.org (unknown [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 3400684CF5 for ; Wed, 10 Feb 2016 11:09:23 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 2E961FBB7; Wed, 10 Feb 2016 11:09:23 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Wed, 10 Feb 2016 11:09:23 +0000 From: "Filip Hajny" Subject: CVS commit: pkgsrc/lang/nodejs To: pkgsrc-changes@NetBSD.org Reply-To: fhajny@netbsd.org X-Mailer: log_accum Message-Id: <20160210110923.2E961FBB7@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: fhajny Date: Wed Feb 10 11:09:23 UTC 2016 Modified Files: pkgsrc/lang/nodejs: Makefile PLIST distinfo Log Message: Update lang/nodejs to 5.6.0. - http: fix defects in HTTP header parsing for requests and responses that can allow request smuggling (CVE-2016-2086) or response splitting (CVE-2016-2216). HTTP header parsing now aligns more closely with the HTTP spec including restricting the acceptable characters. - http-parser: upgrade from 2.6.0 to 2.6.1 - npm: upgrade npm from 3.3.12 to 3.6.0 (Rebecca Turner) #4958 - openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits. To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 pkgsrc/lang/nodejs/Makefile cvs rdiff -u -r1.29 -r1.30 pkgsrc/lang/nodejs/PLIST cvs rdiff -u -r1.54 -r1.55 pkgsrc/lang/nodejs/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.