<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/nodejs, branch 2018.02.1</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2018.02.1</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2018.02.1'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2018-04-06T18:10:02+00:00</updated>
<entry>
<title>nodejs: security bump to version 8.11.1</title>
<updated>2018-04-06T18:10:02+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2018-03-31T06:11:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=560b1d374e15046567ed7c866aa1aebbaf3d6e7e'/>
<id>urn:sha1:560b1d374e15046567ed7c866aa1aebbaf3d6e7e</id>
<content type='text'>
Fixes the following security issues:

- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A malicious
  website could use a DNS rebinding attack to trick a web browser to bypass
  same-origin-policy checks and allow HTTP connections to localhost or to
  hosts on the local network, potentially to an open inspector port as a
  debugger, therefore gaining full code execution access.  The inspector now
  only allows connections that have a browser Host value of localhost or
  localhost6.

- Fix for 'path' module regular expression denial of service
  (CVE-2018-7158): A regular expression used for parsing POSIX paths could
  be used to cause a denial of service if an attacker were able to have a
  specially crafted path string passed through one of the impacted 'path'
  module functions.

- Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The
  Node.js HTTP parser allowed for spaces inside Content-Length header
  values.  Such values now lead to rejected connections in the same way as
  non-numeric values.

While we are at it, also add a hash for the license file.

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 7f02604553bc3c8449d6a112818f038e99abbdaf)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/nodejs: bump version to 8.10.0</title>
<updated>2018-03-30T21:12:27+00:00</updated>
<author>
<name>Martin Bark</name>
<email>martin@barkynet.com</email>
</author>
<published>2018-03-08T16:16:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=444201fd1c286f722cbd1182a17bc090d8532222'/>
<id>urn:sha1:444201fd1c286f722cbd1182a17bc090d8532222</id>
<content type='text'>
See https://nodejs.org/en/blog/release/v8.10.0/

Signed-off-by: Martin Bark &lt;martin@barkynet.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit df33aae5f59eaaf40e800acdfefc83e57216ffe8)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/nodejs: bump version to 8.9.4</title>
<updated>2018-01-30T21:50:40+00:00</updated>
<author>
<name>Martin Bark</name>
<email>martin@barkynet.com</email>
</author>
<published>2018-01-30T19:48:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=d6a491bc6ba40f39557ea8c4be732da199b83691'/>
<id>urn:sha1:d6a491bc6ba40f39557ea8c4be732da199b83691</id>
<content type='text'>
See https://nodejs.org/en/blog/release/v8.9.4/

Signed-off-by: Martin Bark &lt;martin@barkynet.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/nodejs: security bump to version 8.9.3</title>
<updated>2017-12-18T20:39:46+00:00</updated>
<author>
<name>Martin Bark</name>
<email>martin@barkynet.com</email>
</author>
<published>2017-12-18T18:17:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=380c3d5e4067fcd0d551890083dc83edd6b8a055'/>
<id>urn:sha1:380c3d5e4067fcd0d551890083dc83edd6b8a055</id>
<content type='text'>
See https://nodejs.org/en/blog/release/v8.9.3/

[Peter: mention that this fixes security issues]
Signed-off-by: Martin Bark &lt;martin@barkynet.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/*/Config.in: fix help text check-package warnings</title>
<updated>2017-12-18T08:22:54+00:00</updated>
<author>
<name>Thomas Petazzoni</name>
<email>thomas.petazzoni@free-electrons.com</email>
</author>
<published>2017-12-18T08:21:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=2277fdeca8c94f8ea8fe8afebcdbb176c6b1531d'/>
<id>urn:sha1:2277fdeca8c94f8ea8fe8afebcdbb176c6b1531d</id>
<content type='text'>
This commit fixes the warnings reported by check-package on the help
text of all package Config.in files, related to the formatting of the
help text: should start with a tab, then 2 spaces, then at most 62
characters.

The vast majority of warnings fixed were caused by too long lines. A
few warnings were related to spaces being used instead of a tab to
indent the help text.

Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>package/nodejs: bump version to 8.9.1</title>
<updated>2017-11-08T18:45:42+00:00</updated>
<author>
<name>Martin Bark</name>
<email>martin@barkynet.com</email>
</author>
<published>2017-11-08T11:25:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=582496635cd26678f8c1b9a48b73c0e1d8534d01'/>
<id>urn:sha1:582496635cd26678f8c1b9a48b73c0e1d8534d01</id>
<content type='text'>
See https://nodejs.org/en/blog/release/v8.9.1/

Signed-off-by: Martin Bark &lt;martin@barkynet.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/nodejs: bump version to 8.8.1</title>
<updated>2017-10-26T11:22:53+00:00</updated>
<author>
<name>Martin Bark</name>
<email>martin@barkynet.com</email>
</author>
<published>2017-10-26T10:07:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=07e4910c56746336d35ae8ed7183c36b3675fc0d'/>
<id>urn:sha1:07e4910c56746336d35ae8ed7183c36b3675fc0d</id>
<content type='text'>
Fixes a regression introduced in 8.8.0.
See https://nodejs.org/en/blog/release/v8.8.1/

Peter: apply on top of 8.8.0, mention that it fixes regression]
Signed-off-by: Martin Bark &lt;martin@barkynet.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>nodejs: security bump to version 8.8.0</title>
<updated>2017-10-26T11:19:34+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-10-26T06:59:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=228f68a137f4f73ae2655f4a223b472eb6cfa391'/>
<id>urn:sha1:228f68a137f4f73ae2655f4a223b472eb6cfa391</id>
<content type='text'>
Fixes CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with windowBits
set to 8.  On some versions this crashes Node and you cannot recover from
it, while on some versions it throws an exception.  Node.js will now
gracefully set windowBits to 9 replicating the legacy behavior to avoid a
DOS vector.

For more details, see the announcement:
https://nodejs.org/en/blog/vulnerability/oct-2017-dos/

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
Signed-off-by: Peter Korsgaard &amp;lt;&lt;a href="mailto:peter@korsgaard.com"&gt;peter@korsgaard.com&lt;/a&gt;&amp;gt;&lt;br&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/nodejs: bump version to 8.6.0</title>
<updated>2017-10-01T21:12:07+00:00</updated>
<author>
<name>Martin Bark</name>
<email>martin@barkynet.com</email>
</author>
<published>2017-09-30T12:45:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=bd17abcd569d4349574bc7a4a047268e0adb393e'/>
<id>urn:sha1:bd17abcd569d4349574bc7a4a047268e0adb393e</id>
<content type='text'>
See https://nodejs.org/en/blog/release/v8.6.0/

Signed-off-by: Martin Bark &lt;martin@barkynet.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/nodejs: bump version to 8.5.0</title>
<updated>2017-09-24T12:27:08+00:00</updated>
<author>
<name>Bernd Kuhls</name>
<email>bernd.kuhls@t-online.de</email>
</author>
<published>2017-09-13T14:17:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=83aae6deda9961765cbd1fa07bdd66c503a2d407'/>
<id>urn:sha1:83aae6deda9961765cbd1fa07bdd66c503a2d407</id>
<content type='text'>
Signed-off-by: Bernd Kuhls &lt;bernd.kuhls@t-online.de&gt;
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) &lt;arnout@mind.be&gt;
</content>
</entry>
</feed>
