buildroot/package/nodejs/nodejs.hash, branch 2018.02

package/nodejs: bump version to 8.9.4

2018-01-30T21:50:40+00:00

See https://nodejs.org/en/blog/release/v8.9.4/ Signed-off-by: Martin Bark Signed-off-by: Peter Korsgaard

package/nodejs: security bump to version 8.9.3

2017-12-18T20:39:46+00:00

See https://nodejs.org/en/blog/release/v8.9.3/ [Peter: mention that this fixes security issues] Signed-off-by: Martin Bark Signed-off-by: Peter Korsgaard

package/nodejs: bump version to 8.9.1

2017-11-08T18:45:42+00:00

See https://nodejs.org/en/blog/release/v8.9.1/ Signed-off-by: Martin Bark Signed-off-by: Peter Korsgaard

package/nodejs: bump version to 8.8.1

2017-10-26T11:22:53+00:00

Fixes a regression introduced in 8.8.0. See https://nodejs.org/en/blog/release/v8.8.1/ Peter: apply on top of 8.8.0, mention that it fixes regression] Signed-off-by: Martin Bark Signed-off-by: Peter Korsgaard

nodejs: security bump to version 8.8.0

2017-10-26T11:19:34+00:00

Fixes CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. For more details, see the announcement: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ Signed-off-by: Peter Korsgaard Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard

package/nodejs: bump version to 8.6.0

2017-10-01T21:12:07+00:00

See https://nodejs.org/en/blog/release/v8.6.0/ Signed-off-by: Martin Bark Signed-off-by: Peter Korsgaard

package/nodejs: bump version to 8.5.0

2017-09-24T12:27:08+00:00

Signed-off-by: Bernd Kuhls Signed-off-by: Arnout Vandecappelle (Essensium/Mind)

package/nodejs: bump version to 8.4.0

2017-09-06T20:06:55+00:00

See https://nodejs.org/en/blog/release/v8.4.0/ An update to v8 6.0.286 has removed the need for mkpeephole and 0002-add-missing-stdarg-includes.patch Signed-off-by: Martin Bark Signed-off-by: Thomas Petazzoni

package/nodejs: bump version to 8.2.1

2017-07-25T13:58:28+00:00

https://nodejs.org/en/blog/release/v8.2.1/ Signed-off-by: Martin Bark Signed-off-by: Peter Korsgaard

package/nodejs: security bump to version 8.1.4

2017-07-13T20:54:53+00:00

Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. See https://nodejs.org/en/blog/release/v8.1.4/ [Peter: add CVE info] Signed-off-by: Martin Bark Signed-off-by: Peter Korsgaard