From 02a982bc10e8278905d0b76ac073b82192576433 Mon Sep 17 00:00:00 2001 From: Hirokazu MORIKAWA Date: Fri, 16 Feb 2024 18:33:14 +0900 Subject: [PATCH] libuv: fix CVE-2024-24806 Update to 1.48.0 CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks Vulnerabilities fixed * CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 0f2d7e7, 3530bcc and e0327e1 Notable Changes * linux: disable io_uring on ppc64 and ppc64le #4285 * linux: disable io_uring on hppa below kernel 6.1.51 #4224 * win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default) Important Bugs Fixed * unix,win: fix busy loop with zero timeout timers #4250, #4304. Signed-off-by: Hirokazu MORIKAWA --- libs/libuv/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libs/libuv/Makefile b/libs/libuv/Makefile index 5b4bface1a..df691eda37 100644 --- a/libs/libuv/Makefile +++ b/libs/libuv/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libuv -PKG_VERSION:=1.45.0 +PKG_VERSION:=1.48.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://dist.libuv.org/dist/v$(PKG_VERSION)/ -PKG_HASH:=f5b07f65a1e8166e47983a7ed1f42fae0bee08f7458142170c37332fc676a748 +PKG_SOURCE_URL:=https://dist.libuv.org/dist/v$(PKG_VERSION)/ +PKG_HASH:=7f1db8ac368d89d1baf163bac1ea5fe5120697a73910c8ae6b2fffb3551d59fb PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION) PKG_MAINTAINER:=Marko Ratkaj