| Summary: | Important security upgrades for node.js | ||
|---|---|---|---|
| Product: | buildroot | Reporter: | Chris <goabonga> |
| Component: | Outdated package | Assignee: | Yann E. MORIN <yann.morin.1998> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | CC: | buildroot, yann.morin.1998 |
| Priority: | P5 | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
| Host: | Target: | ||
| Build: | |||
| Attachments: | Important security upgrades for node.js (upgrade to v0.12.6) | ||
|
Description
Chris
2015-07-05 11:09:40 UTC
I believe there's a mistake in your bug report: it is really 0.12.6 that has been released as a security fix for 0.12.5. Can you submit a patch to update to 0.12.6 ? Thanks! Created attachment 6091 [details]
Important security upgrades for node.js (upgrade to v0.12.6)
Hi Thomas, Can you check and test it ? Chris,
Thanks for the patch!
The normal process for submitting patches isa to send them to the list,
like explained in the manual:
http://buildroot.net/downloads/manual/manual.html#submitting-patches
However, I can already spot some issues with the patch: when you use
git-send-email, use the -C option, so that files that are only renamed
(or moved to another directory) only appear as a git rename, please?
Regards,
Yann E. MORIN.
Yann: we did a mistake when merging the alternate version stuff for NodeJS. The naming of the option should not be 0_12_5, but just 0_12. Otherwise, everytime we upgrade the minor version of NodeJS, we would need to change the Config.in option name, which isn't good. I did not notice that when applying the patches. Thomas, Yes, probably. And also for 0_10, I guess. Regards, Yann E. MORIN. Chris,
We believe this has been fixed with:
781529b package/nodejs: security bump
http://git.buildroot.org/buildroot/commit/?id=781529b159313c04903791c6f9e437e697f0e3a9
Regards,
Yann E. MORIN.
|