Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/nodejs: security bump to version 20.11.1
@ 2024-02-21 22:03 Fabrice Fontaine
  2024-02-22 13:07 ` Marcus Hoffmann via buildroot
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Fabrice Fontaine @ 2024-02-21 22:03 UTC (permalink / raw)
  To: buildroot
  Cc: Fabrice Fontaine, Marcus Hoffmann, Martin Bark, Thomas Petazzoni,
	Daniel Price

- Fix CVE-2024-21892, CVE-2024-22019, CVE-2024-21896, CVE-2024-22017,
  CVE-2023-46809, CVE-2024-21891, CVE-2024-21890 and CVE-2024-22025

- LICENSE hash changed due to two things:
  * c-ares vendored dependency license got updated [1]. This is unused
    by buildroot though anyway
  * base64 vendored library license updated copyright years and sorted
    contributor names [2], [3]

- This bump will fix the following build failure raised since bump of
  python to version 3.12.1 in commit 36e635d2d5c0166476858aa239ccbe78e8f2af14
  thanks to
  https://github.com/nodejs/node/commit/95534ad82f4e33f53fd50efe633d43f8da70cba6
  https://github.com/nodejs/node/commit/6557c1c9b1206a85bb7d8e7450e8c3a4cff7c84b:

Traceback (most recent call last):
  File "/home/autobuild/autobuild/instance-2/output-1/build/host-nodejs-src-20.9.0/configure.py", line 17, in <module>
    from distutils.version import StrictVersion
ModuleNotFoundError: No module named 'distutils'

https://github.com/nodejs/node/blob/v20.11.1/CHANGELOG.md

[1] https://github.com/c-ares/c-ares/pull/556
[2] https://github.com/aklomp/base64/commit/2e8ad2aec2065f258dc1aec9402aedd3604cfbcd
[3] https://github.com/aklomp/base64/commit/d7bca2bb2928de6c4fe496e6defe8b3affa35d1b

Fixes: 36e635d2d5c0166476858aa239ccbe78e8f2af14
 - http://autobuild.buildroot.org/results/8b38bc4b7879a0349c1305e2fcb458a0cfd04a93

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/nodejs/nodejs.hash | 14 +++++++-------
 package/nodejs/nodejs.mk   |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/package/nodejs/nodejs.hash b/package/nodejs/nodejs.hash
index 2d60437a7c..ddab345e0a 100644
--- a/package/nodejs/nodejs.hash
+++ b/package/nodejs/nodejs.hash
@@ -1,8 +1,8 @@
-# From https://nodejs.org/dist/v20.9.0/SHASUMS256.txt.asc
-sha256  ced3ecece4b7c3a664bca3d9e34a0e3b9a31078525283a6fdb7ea2de8ca5683b  node-v20.9.0-linux-arm64.tar.xz
-sha256  64099d7e62bdbb8efd52c216a6759b3cdd77c38aa993096fdee9f875d95b2d8e  node-v20.9.0-linux-armv7l.tar.xz
-sha256  3c6cea5d614cfbb95d92de43fbc2f8ecd66e431502fe5efc4f3c02637897bd45  node-v20.9.0-linux-ppc64le.tar.xz
-sha256  9033989810bf86220ae46b1381bdcdc6c83a0294869ba2ad39e1061f1e69217a  node-v20.9.0-linux-x64.tar.xz
-sha256  a23d96810abf0455426b349d47ce5310f33095b7bc0571b9cc510f481c3a4519  node-v20.9.0.tar.xz
+# From https://nodejs.org/dist/v20.11.1/SHASUMS256.txt.asc
+sha256  c957f29eb4e341903520caf362534f0acd1db7be79c502ae8e283994eed07fe1  node-v20.11.1-linux-arm64.tar.xz
+sha256  28e0120d2d150a8f41717899d33167b8b32053778665583d49ff971bfd188d1b  node-v20.11.1-linux-armv7l.tar.xz
+sha256  51343cacf5cdf5c4b5e93e919d19dd373d6ef43d5f2c666eae299f26e31d08b5  node-v20.11.1-linux-ppc64le.tar.xz
+sha256  d8dab549b09672b03356aa2257699f3de3b58c96e74eb26a8b495fbdc9cf6fbe  node-v20.11.1-linux-x64.tar.xz
+sha256  77813edbf3f7f16d2d35d3353443dee4e61d5ee84d9e3138c7538a3c0ca5209e  node-v20.11.1.tar.xz
 # Locally calculated
-sha256  93ac846282ce6c5255e00fada2fd2e7e292255239fe58d5502b0a554859e6a3e  LICENSE
+sha256  7b0bbdca72f925bd78b764914651244a4432a753c7325d061a565cd7eac1193d  LICENSE
diff --git a/package/nodejs/nodejs.mk b/package/nodejs/nodejs.mk
index 9806a64d38..858c6a86f5 100644
--- a/package/nodejs/nodejs.mk
+++ b/package/nodejs/nodejs.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 # _VERSION, _SOURCE and _SITE must be kept empty to avoid downloading anything
-NODEJS_COMMON_VERSION = 20.9.0
+NODEJS_COMMON_VERSION = 20.11.1
 NODEJS_COMMON_SOURCE = node-v$(NODEJS_COMMON_VERSION).tar.xz
 NODEJS_COMMON_SITE = http://nodejs.org/dist/v$(NODEJS_COMMON_VERSION)
 
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-03-17 13:03 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-21 22:03 [Buildroot] [PATCH 1/1] package/nodejs: security bump to version 20.11.1 Fabrice Fontaine
2024-02-22 13:07 ` Marcus Hoffmann via buildroot
2024-02-24 10:16 ` Peter Korsgaard
2024-03-17 13:03 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox