[Buildroot] [git commit branch/2023.11.x] package/libuv: security bump to version 1.48
Peter Korsgaard
peter at korsgaard.com
Sun Mar 17 12:54:04 UTC 2024
commit: https://git.buildroot.net/buildroot/commit/?id=4fa03debb02cac30c3b6e985ffa4bc0fbd9b3c4c
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.11.x
Fixes: CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 [1]
Release Notes: https://github.com/libuv/libuv/releases/tag/v1.48.0
Full Changelog: https://github.com/libuv/libuv/blob/v1.48.0/ChangeLog
[1]: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
Signed-off-by: Marcus Hoffmann <buildroot at bubu1.eu>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit bd2f99246c253739a3d44d8345f2fbb5362b3fb5)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/libuv/libuv.hash | 2 +-
package/libuv/libuv.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libuv/libuv.hash b/package/libuv/libuv.hash
index 1fd286d9e9..2ca8f64a80 100644
--- a/package/libuv/libuv.hash
+++ b/package/libuv/libuv.hash
@@ -1,4 +1,4 @@
# Locally calculated
-sha256 94f101111ef3209340d7f09c2aa150ddb4feabd2f9d87d47d9f5bded835b8094 libuv-v1.46.0-dist.tar.gz
+sha256 c593139feb9061699fdd2f7fde47bb6c1ca77761ae9ec04f052083f1ef46c13b libuv-v1.48.0-dist.tar.gz
sha256 16de0c32b265cb7d46a6d3bd614f259dd4d693a5e26b3407b04aae8d73041f0c LICENSE
sha256 262c44bd2cdba037e6d2a82fba15f5800d292bc993a6f5d6b6ea487744d02836 LICENSE-extra
diff --git a/package/libuv/libuv.mk b/package/libuv/libuv.mk
index 76316484e4..5f96e98a98 100644
--- a/package/libuv/libuv.mk
+++ b/package/libuv/libuv.mk
@@ -6,7 +6,7 @@
# When bumping libuv, check if a new version of uvw is available
# and bump it too.
-LIBUV_VERSION = 1.46.0
+LIBUV_VERSION = 1.48.0
LIBUV_SOURCE = libuv-v$(LIBUV_VERSION)-dist.tar.gz
LIBUV_SITE = https://dist.libuv.org/dist/v$(LIBUV_VERSION)
LIBUV_DEPENDENCIES = host-pkgconf
More information about the buildroot
mailing list