node: July 7th 2022 Security Releases
authorHirokazu MORIKAWA <morikw2@gmail.com>
Fri, 8 Jul 2022 23:26:01 +0000 (08:26 +0900)
committerJosef Schlehofer <pepe.schlehofer@gmail.com>
Mon, 11 Jul 2022 08:20:25 +0000 (10:20 +0200)
Update to v16.16.0

Release for the following issues:
HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213)
HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214)
HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215)
DNS rebinding in --inspect via invalid IP addresses (High)(CVE-2022-32212)

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/

No vulnerabilities related with openssl (uses system openssl)

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 8db0d09823764d50b38ff27a9b13cac7fa46bdd2)

lang/node/Makefile

index 12e8afde4aa7bdbc3d1d7007e2de4503a273172e..811e07269aa14ddd3d1844f5c24e0c336ddd8a03 100644 (file)
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=node
-PKG_VERSION:=v16.15.1
+PKG_VERSION:=v16.16.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
-PKG_HASH:=d4e99d3c1f69711109a67525571058e6009cddbc228e7d723b8fb4a454169b7d
+PKG_HASH:=145151eff3b2aa5ebe73384009c52271a83740ae687a93c98c628cd7d52736eb
 
 PKG_MAINTAINER:=Hirokazu MORIKAWA <morikw2@gmail.com>, Adrian Panella <ianchi74@outlook.com>
 PKG_LICENSE:=MIT