mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity
openwrt-packages/lang
History
Hirokazu MORIKAWA f9515613f9
node: bump to v16.17.1 
The following CVEs are fixed in this release:
* CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
    * Insufficient fix for macOS devices on v18.5.0
* CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
* CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
    * Insufficient fix on v18.5.0
* CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
    * Insufficient fix on v18.5.0
* CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
* CVE-2022-35255: Weak randomness in WebCrypto keygen
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.

llhttp updated to 6.0.10
llhttp is updated to 6.0.10 which includes fixes for the following vulnerabilities.
* HTTP Request Smuggling - CVE-2022-32213 bypass via obs-fold mechanic (Medium)(CVE-2022-32213 ): The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215): The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)(CVE-35256): The llhttp parser in the http does not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS).

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 658621bf5e)
 		2022-10-05 23:29:43 +02:00
..
chicken-scheme chicken-scheme: add conflict and small Makefile polishing 2022-03-16 19:39:59 -07:00
cqueues cqueues: add cqueues(rel-20200726) to feeds 2022-02-14 17:25:51 -08:00
dkjson
erlang erlang: update to version 24.2 2022-01-09 13:46:17 -08:00
golang golang: Update to 1.18.4 2022-07-20 02:38:33 -07:00
json4lua
ldbus
linotify lang: linotify: add lua bindings for inotify 2020-09-14 16:48:19 +00:00
lpeg
lua-argparse lua-argparse: delete whitespace in makefile 2020-08-29 11:47:57 +07:00
lua-bencode
lua-bit32
lua-cjson treewide: back to cmake.mk 2021-06-12 21:05:01 -07:00
lua-copas
lua-coxpcall treewide: Run refresh on all packages 2021-02-20 16:02:15 -08:00
lua-cs-bouncer lua-cs-bouncer: initial package 2022-02-14 17:26:16 -08:00
lua-curl-v3 lua-curl-v3: fix build on macos 2022-01-08 08:04:50 +01:00
lua-ev treewide: back to cmake.mk 2021-06-12 21:05:01 -07:00
lua-libmodbus lang/lua-libmodbus: bump to 0.7 release 2021-03-15 16:03:22 +00:00
lua-lsqlite3
lua-lzlib
lua-md5 treewide: Run refresh on all packages 2021-02-20 16:02:15 -08:00
lua-mobdebug
lua-mosquitto lua-mosquitto: Update to 0.4.1 2020-08-19 15:47:07 +00:00
lua-openssl lua-openssl: update to version 0.8.2-1 2022-05-28 17:32:39 +02:00
lua-penlight lua: penlight: bump to 1.11.0 2021-08-25 10:11:27 +00:00
lua-rings treewide: Run refresh on all packages 2021-02-20 16:02:15 -08:00
lua-rs232 lua-rs232: don't rely on detected luadir 2021-08-11 17:47:30 -03:00
lua-sha2
lua-wsapi lua-wsapi: build each variant in its own dir 2021-10-15 23:02:07 -07:00
lua-xavante
luabitop
luaexpat
luafilesystem luafilesystem: clean up Makefile 2020-11-22 18:53:37 -06:00
luajit luajit: patch: PPC/e500 SPE: use soft float instead of failing 2022-08-06 19:42:44 +02:00
lualanes treewide: back to cmake.mk 2021-06-12 21:05:01 -07:00
luaossl luaossl: fix build on macos 2022-01-17 21:12:53 -08:00
luaposix luaposix: update to 35.1 2021-09-18 14:49:15 -07:00
luarocks treewide: Run refresh on all packages 2021-02-20 16:02:15 -08:00
luasec treewide: Run refresh on all packages 2021-02-20 16:02:15 -08:00
luasoap
luasocket treewide: Run refresh on all packages 2021-02-20 16:02:15 -08:00
luasql luasql: fix build on macos 2022-01-11 16:25:33 -08:00
luasrcdiet
luv treewide: back to cmake.mk 2021-06-12 21:05:01 -07:00
lyaml lyaml: fix build on macos 2022-01-29 13:31:55 -08:00
lzmq treewide: back to cmake.mk 2021-06-12 21:05:01 -07:00
node node: bump to v16.17.1 2022-10-05 23:29:43 +02:00
node-arduino-firmata node-arduino-firmata: Support for npm@8 2022-05-22 13:39:01 -07:00
node-cylon node-cylon: Support for npm@8 2022-05-22 13:39:07 -07:00
node-hid node-hid: Support for npm@8 2022-05-22 13:39:12 -07:00
node-homebridge node-homebridge: Support for npm@8 2022-05-22 11:22:05 +02:00
node-javascript-obfuscator node-javascript-obfuscator: Support for npm@8 2022-05-22 11:21:58 +02:00
node-serialport node-serialport: Support for npm@8 2022-05-22 13:39:18 -07:00
node-serialport-bindings node-serialport-bindings: Support for npm@8 2022-05-22 13:38:56 -07:00
node-yarn node-yarn: Support for npm@8 2022-05-22 11:22:20 +02:00
perl perl: add powerpc64 support 2022-03-02 16:30:32 -08:00
perl-ack perl-ack: Update to 3.6.0 2022-08-26 19:44:14 +02:00
perl-authen-sasl
perl-authen-sasl-xs treewide: Run refresh on all packages 2021-02-20 16:02:15 -08:00
perl-cgi perl-cgi: Update to 4.54 2022-02-06 11:08:44 -07:00
perl-compress-bzip2
perl-dbi
perl-device-serialport perl-device-serialport: fix build on macos 2022-01-18 18:10:18 -08:00
perl-device-usb treewide: Run refresh on all packages 2021-02-20 16:02:15 -08:00
perl-encode-locale
perl-file-listing
perl-file-next perl-file-next: add new package 2021-05-28 22:38:29 +08:00
perl-file-rsyncp treewide: Run refresh on all packages 2021-02-20 16:02:15 -08:00
perl-file-sharedir-install
perl-html-form
perl-html-parser perl-html-parser: update to 3.75 2021-01-18 20:53:33 -08:00
perl-html-tagset
perl-html-tree
perl-http-cookies
perl-http-daemon
perl-http-date
perl-http-message
perl-http-negotiate
perl-http-server-simple
perl-inline
perl-inline-c
perl-io-html
perl-lockfile-simple
perl-lwp-mediatypes
perl-mail-spamassassin perl-mail-spamassassin: update to version 3.4.6 2021-04-29 00:59:15 +01:00
perl-net-cidr-lite perl: add Net::CIDR::Lite for iptables-mod-geoip 2020-04-21 23:51:03 -06:00
perl-net-dns perl-net-dns: update to version 1.33 2022-03-18 23:47:14 +00:00
perl-net-http
perl-net-telnet
perl-netaddr-ip perl: add NetAddr::IP package 2021-01-03 00:17:50 +00:00
perl-parse-recdescent
perl-parse-yapp perl-parse-yapp: fix compilation under the CI 2020-09-18 21:57:28 -07:00
perl-sub-uplevel
perl-test-harness
perl-test-warn
perl-text-csv_xs perl-text-csv_xs: update to 1.47 2022-01-02 16:29:33 -07:00
perl-try-tiny perl-try-tiny: update to 0.31 2021-11-29 01:41:19 -08:00
perl-uri
perl-www perl-www: add dependency on perl-try-tiny 2021-01-03 19:13:26 -05:00
perl-www-curl treewide: Run refresh on all packages 2021-02-20 16:02:15 -08:00
perl-www-mechanize
perl-www-robotrules
perl-xml-parser expat: don't build host libs 2021-10-19 13:16:18 -07:00
php8 php8: update to 8.1.11 2022-10-04 07:30:19 +02:00
php8-pecl-dio php7-pecl-dio: migrate package to php8-pecl-dio 2021-12-09 21:57:44 +01:00
php8-pecl-http php8-pecl-http: update to 4.2.2 2022-04-11 21:08:27 +02:00
php8-pecl-imagick php8-pecl-imagick: update to 3.7.0 2022-04-11 21:08:27 +02:00
php8-pecl-krb5 php7-pecl-krb5: migrate package to php8-pecl-krb5 2021-12-09 21:57:44 +01:00
php8-pecl-mcrypt php7-pecl-mcrypt: migrate package to php8-pecl-mcrypt 2021-12-09 21:57:44 +01:00
php8-pecl-raphf php7-pecl-raphf: migrate package to php8-pecl-raphf 2021-12-09 21:57:44 +01:00
php8-pecl-redis php8-pecl-redis: update to 5.3.7 2022-04-11 21:08:27 +02:00
php8-pecl-sodium php7-pecl-sodium: migrate package to php8-pecl-sodium 2021-12-09 21:57:44 +01:00
python python-flask-socketio: update to 5.3.1 2022-09-16 14:45:33 +02:00
ruby ruby: update to 3.0.4 2022-04-23 10:31:50 +02:00
tcl tcl: fix build on macos 2022-01-29 08:19:54 -08:00
uuid
vala vala: update to version 0.56.0 (LTS version) 2022-03-30 10:47:41 +02:00