Hola! This update fixes CVE-2016-1669, a High ranking buffer overflow in v8 that 'allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code'.
Also included is the backport for 5.9, which was tested on amd64 with no issues. The ChangeLog is here: https://github.com/nodejs/node/blob/v4.4.6/CHANGELOG.md OK? --- current --- diff --git a/lang/node/Makefile b/lang/node/Makefile index ed992ce..3cd4e9a 100644 --- a/lang/node/Makefile +++ b/lang/node/Makefile @@ -8,7 +8,7 @@ ONLY_FOR_ARCHS= amd64 i386 powerpc COMMENT= V8 JavaScript for clients and servers -NODE_VERSION= v4.4.5 +NODE_VERSION= v4.4.6 PLEDGE_VER= 1.1.0 DISTFILES= node-pledge-{}${PLEDGE_VER}.tar.gz:0 ${DISTNAME}.tar.gz diff --git a/lang/node/distinfo b/lang/node/distinfo index 115fd9b..0c99a6a 100644 --- a/lang/node/distinfo +++ b/lang/node/distinfo @@ -1,4 +1,4 @@ SHA256 (node-pledge-1.1.0.tar.gz) = BuKnrXSkqpTb5Tfap1AHk+l7ucTJLEWbMFNbgQkNBsw= -SHA256 (node-v4.4.5.tar.gz) = 6pyWrkdo/u5PGKJrgZubT25JEF6g7oxcnRiNyNSdS3c= +SHA256 (node-v4.4.6.tar.gz) = Reqz1BVhblgxullhtnzsVCPh+cF1yn4zHef1YMKZjZ8= SIZE (node-pledge-1.1.0.tar.gz) = 2560 -SIZE (node-v4.4.5.tar.gz) = 22675369 +SIZE (node-v4.4.6.tar.gz) = 22675490 --- 5.9 back port --- diff --git a/lang/node/Makefile b/lang/node/Makefile index 5b2e555..39b88d7 100644 --- a/lang/node/Makefile +++ b/lang/node/Makefile @@ -9,6 +9,7 @@ ONLY_FOR_ARCHS= amd64 i386 powerpc COMMENT= V8 JavaScript for clients and servers NODE_VERSION= v4.3.0 +REVISION= 0 PLEDGE_VER= 1.1.0 DISTFILES= node-pledge-{}${PLEDGE_VER}.tar.gz:0 ${DISTNAME}.tar.gz diff --git a/lang/node/patches/patch-deps_v8_include_v8-version_h b/lang/node/patches/patch-deps_v8_include_v8-version_h index e69de29..80a6cbc 100644 --- a/lang/node/patches/patch-deps_v8_include_v8-version_h +++ b/lang/node/patches/patch-deps_v8_include_v8-version_h @@ -0,0 +1,12 @@ +$OpenBSD$ +--- deps/v8/include/v8-version.h.orig Tue Feb 9 07:02:02 2016 ++++ deps/v8/include/v8-version.h Mon Jun 27 14:05:55 2016 +@@ -11,7 +11,7 @@ + #define V8_MAJOR_VERSION 4 + #define V8_MINOR_VERSION 5 + #define V8_BUILD_NUMBER 103 +-#define V8_PATCH_LEVEL 35 ++#define V8_PATCH_LEVEL 36 + + // Use 1 for candidates and 0 otherwise. + // (Boolean macro values are not supported by all preprocessors.) diff --git a/lang/node/patches/patch-deps_v8_src_zone_cc b/lang/node/patches/patch-deps_v8_src_zone_cc index e69de29..f9d951c 100644 --- a/lang/node/patches/patch-deps_v8_src_zone_cc +++ b/lang/node/patches/patch-deps_v8_src_zone_cc @@ -0,0 +1,27 @@ +$OpenBSD$ +--- deps/v8/src/zone.cc.orig Tue Feb 9 07:02:05 2016 ++++ deps/v8/src/zone.cc Mon Jun 27 14:06:04 2016 +@@ -105,7 +105,10 @@ void* Zone::New(size_t size) { + Address result = position_; + + const size_t size_with_redzone = size + kASanRedzoneBytes; +- if (limit_ < position_ + size_with_redzone) { ++ const uintptr_t limit = reinterpret_cast<uintptr_t>(limit_); ++ const uintptr_t position = reinterpret_cast<uintptr_t>(position_); ++ // position_ > limit_ can be true after the alignment correction above. ++ if (limit < position || size_with_redzone > limit - position) { + result = NewExpand(size_with_redzone); + } else { + position_ += size_with_redzone; +@@ -222,7 +225,10 @@ Address Zone::NewExpand(size_t size) { + // Make sure the requested size is already properly aligned and that + // there isn't enough room in the Zone to satisfy the request. + DCHECK_EQ(size, RoundDown(size, kAlignment)); +- DCHECK_LT(limit_, position_ + size); ++ DCHECK(limit_ < position_ || ++ reinterpret_cast<uintptr_t>(limit_) - ++ reinterpret_cast<uintptr_t>(position_) < ++ size); + + // Compute the new segment size. We use a 'high water mark' + // strategy, where we increase the segment size every time we expand
