From: Peter Korsgaard Date: Sun, 9 Dec 2018 22:18:30 +0000 (+0100) Subject: package/nodejs: security bump to version 8.14.0 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=0de2c9c76cd0a522fc1eb4b8d63bb5070efaecd3;p=buildroot.git package/nodejs: security bump to version 8.14.0 Fixes the following security vulnerabilities: - Node.js: Denial of Service with large HTTP headers (CVE-2018-12121) - Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js) - Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123) - Node.js: HTTP request splitting (CVE-2018-12116) - OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) - OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) For more details, see the announcement: https://nodejs.org/en/blog/release/v8.14.0/ Signed-off-by: Peter Korsgaard Signed-off-by: Thomas Petazzoni --- diff --git a/package/nodejs/nodejs.hash b/package/nodejs/nodejs.hash index 70d67730b1..13a5c2daa5 100644 --- a/package/nodejs/nodejs.hash +++ b/package/nodejs/nodejs.hash @@ -1,5 +1,5 @@ -# From https://nodejs.org/dist/v8.12.0/SHASUMS256.txt -sha256 5a9dff58016c18fb4bf902d963b124ff058a550ebcd9840c677757387bce419a node-v8.12.0.tar.xz +# From https://nodejs.org/dist/v8.14.0/SHASUMS256.txt +sha256 8ce252913c9f6aaa9871f2d9661b6e54858dae2f0064bd3c624676edb09083c4 node-v8.14.0.tar.xz # Hash for license file sha256 b87be6c1479ed977481115869c2dd8b6d59e5ea55aa09939d6c898242121b2f5 LICENSE diff --git a/package/nodejs/nodejs.mk b/package/nodejs/nodejs.mk index 429642b795..8c8afbc332 100644 --- a/package/nodejs/nodejs.mk +++ b/package/nodejs/nodejs.mk @@ -4,7 +4,7 @@ # ################################################################################ -NODEJS_VERSION = 8.12.0 +NODEJS_VERSION = 8.14.0 NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION) NODEJS_DEPENDENCIES = host-python host-nodejs c-ares \