diff options
| author | Jakub Jirutka <jakub@jirutka.cz> | 2017-12-09 01:31:24 +0100 |
|---|---|---|
| committer | Jakub Jirutka <jakub@jirutka.cz> | 2017-12-09 01:35:37 +0100 |
| commit | 9221447d2d1a796bb103477d012beece75ac680e (patch) | |
| tree | fb5038769f00d44f9b6e2543b04a39a057d767c3 /main/nodejs | |
| parent | 36e3f33b8773d7ed4a0a676b2f25d229b0ff2e75 (diff) | |
| download | aports-9221447d2d1a796bb103477d012beece75ac680e.tar.bz2 aports-9221447d2d1a796bb103477d012beece75ac680e.tar.xz | |
main/nodejs: security upgrade to 8.9.3
See: https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
CVE-2017-3738 does not affect our package, because we don't use bundled
OpenSSL library. I'm not sure about CVE-2017-15896.
Diffstat (limited to 'main/nodejs')
| -rw-r--r-- | main/nodejs/APKBUILD | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/main/nodejs/APKBUILD b/main/nodejs/APKBUILD index ab551498ef..fd4efab369 100644 --- a/main/nodejs/APKBUILD +++ b/main/nodejs/APKBUILD @@ -10,11 +10,14 @@ # - CVE-2017-1000381 # 6.11.5-r0: # - CVE-2017-14919 +# 8.9.3-r0: +# - CVE-2017-15896 +# - CVE-2017-15897 # pkgname=nodejs # Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)! # Odd-numbered versions are supported only for 9 months by upstream. -pkgver=8.9.2 +pkgver=8.9.3 pkgrel=0 pkgdesc="JavaScript runtime built on V8 engine - LTS version" url="https://nodejs.org/" @@ -99,5 +102,5 @@ npm() { mv "$pkgdir"/usr/lib/node_modules/npm "$subpkgdir"/usr/lib/node_modules/ } -sha512sums="a1304483ea05833d5811fcaaef2e6e7d2bcd0aa43f7d858b77683f0136b527e044ac3f901198f0714f7e8b4fcbc1b7d9e59932ecc9c246c726e82e0d9be55844 node-v8.9.2.tar.gz +sha512sums="f5c605716749e4df5886523800470bd017bc03508d11f0f59480cac5858646faacd32a047aa0acbbb814cfc2b8fba5793be7e9567fbc300eb27366cb343a04d7 node-v8.9.3.tar.gz ba95f21b1e80717ef63941854e7ed412f64a91da068c0dbf0d6d9697333ee266c9f4cd7bf1a01111eeb28aa66adefd8a58cfb3e82debb84b43e35e9dc914dd36 dont-run-gyp-files-for-bundled-deps.patch" |