nodejs: security bump to version 6.11.5

Fixes CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. For more details, see the announcement: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ Drop 0002-inspector-don-t-build-when-ssl-support-is-disabled.patch as that is now upstream: https://github.com/nodejs/node/commit/ba23506419 And refresh the other patches. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2026-01-05 14:09:53 +03:00 · 2017-10-25 22:16:13 +02:00
parent d2bad2d079
commit 98bd08f603
5 changed files with 9 additions and 44 deletions
--- a/package/nodejs/nodejs.hash
+++ b/package/nodejs/nodejs.hash
@@ -1,5 +1,5 @@
 # From upstream URL: http://nodejs.org/dist/v0.10.48/SHASUMS256.txt
 sha256  365a93d9acc076a0d93f087d269f376abeebccad599a9dab72f2f6ed96c8ae6e  node-v0.10.48.tar.xz

-# From upstream URL: http://nodejs.org/dist/v6.11.1/SHASUMS256.txt
-sha256  6f6655b85919aa54cb045a6d69a226849802fcc26491d0db4ce59873e41cc2b8  node-v6.11.1.tar.xz
+# From upstream URL: http://nodejs.org/dist/v6.11.5/SHASUMS256.txt
+sha256  1c6de415216799fbaeca82304b3fef87accc7101ebf2ead7d5c545e0779e8aaf  node-v6.11.5.tar.xz