rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Wed, 25 Oct 2017 20:16:13 +0000 (22:16 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Thu, 26 Oct 2017 11:24:57 +0000 (13:24 +0200)
commit	98bd08f6037d5157a6cd8dff78a2fcd7049531f0
tree	79847fc83443efb643e1a65826b038f5442d8b27	tree \| snapshot
parent	d2bad2d07986b4a5b39b9acfa69d4d339c7966e8	commit \| diff

nodejs: security bump to version 6.11.5

Fixes CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with windowBits
set to 8. On some versions this crashes Node and you cannot recover from
it, while on some versions it throws an exception. Node.js will now
gracefully set windowBits to 9 replicating the legacy behavior to avoid a
DOS vector.

For more details, see the announcement:
https://nodejs.org/en/blog/vulnerability/oct-2017-dos/

Drop 0002-inspector-don-t-build-when-ssl-support-is-disabled.patch as that
is now upstream:

https://github.com/nodejs/node/commit/ba23506419

And refresh the other patches.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nodejs/6.11.1/0002-inspector-don-t-build-when-ssl-support-is-disabled.patch	[deleted file]	blob \| history
package/nodejs/6.11.5/0001-gyp-force-link-command-to-use-CXX.patch	[moved from package/nodejs/6.11.1/0001-gyp-force-link-command-to-use-CXX.patch with 85% similarity]	diff \| blob \| history
package/nodejs/6.11.5/0002-src-add-HAVE_OPENSSL-directive-to-openssl_config.patch	[moved from package/nodejs/6.11.1/0003-src-add-HAVE_OPENSSL-directive-to-openssl_config.patch with 90% similarity]	diff \| blob \| history
package/nodejs/Config.in		diff \| blob \| history
package/nodejs/nodejs.hash		diff \| blob \| history