mirror of
https://github.com/openwrt/packages.git
synced 2025-01-31 03:41:44 +00:00
643afd8977
This is a security release.
Notable Changes
CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
Dependency update:
CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
30 lines
948 B
Diff
30 lines
948 B
Diff
Description: do not use dns.ADDRCONFIG for localhost
|
|
it fails on IPv6-only systems. Setting it with libc fails on linux.
|
|
https://github.com/nodejs/node/issues/33279
|
|
Author: Jérémy Lal <kapouer@melix.org>
|
|
Last-Update: 2020-06-11
|
|
Bug-Debian: https://bugs.debian.org/962318
|
|
Forwarded: https://github.com/nodejs/node/issues/33816
|
|
--- a/lib/net.js
|
|
+++ b/lib/net.js
|
|
@@ -1,4 +1,5 @@
|
|
// Copyright Joyent, Inc. and other Node contributors.
|
|
+
|
|
//
|
|
// Permission is hereby granted, free of charge, to any person obtaining a
|
|
// copy of this software and associated documentation files (the
|
|
@@ -1368,13 +1369,6 @@ function lookupAndConnect(self, options)
|
|
hints: options.hints || 0,
|
|
};
|
|
|
|
- if (!isWindows &&
|
|
- dnsopts.family !== 4 &&
|
|
- dnsopts.family !== 6 &&
|
|
- dnsopts.hints === 0) {
|
|
- dnsopts.hints = dns.ADDRCONFIG;
|
|
- }
|
|
-
|
|
debug('connect: find host', host);
|
|
debug('connect: dns options', dnsopts);
|
|
self._host = host;
|