From: Hirokazu MORIKAWA Date: Sat, 31 Jul 2021 02:28:02 +0000 (+0900) Subject: node: bump to 14.17.4 X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=cee32c84afb6c6bb4d414b496e04acb1d1a629ed;p=openwrt-packages.git node: bump to 14.17.4 July 2021 Security Releases: Use after free on close http2 on stream canceling (High) (CVE-2021-22930) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930 Signed-off-by: Hirokazu MORIKAWA --- diff --git a/lang/node/Makefile b/lang/node/Makefile index 9b86e7aef..660ed31c1 100644 --- a/lang/node/Makefile +++ b/lang/node/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=node -PKG_VERSION:=v14.17.1 +PKG_VERSION:=v14.17.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION) -PKG_HASH:=ddf1d2d56ddf35ecd98c5ea5ddcd690b245899f289559b4330c921255f5a247f +PKG_HASH:=ae7bf4e784f8c8027ffa1e3757f37d2bd5925d0c48988c4d7f07e4515853cf2c PKG_MAINTAINER:=Hirokazu MORIKAWA , Adrian Panella PKG_LICENSE:=MIT diff --git a/lang/node/patches/003-path.patch b/lang/node/patches/003-path.patch index 8110a4a46..2572c5f9c 100644 --- a/lang/node/patches/003-path.patch +++ b/lang/node/patches/003-path.patch @@ -1,6 +1,6 @@ --- a/lib/internal/modules/cjs/loader.js +++ b/lib/internal/modules/cjs/loader.js -@@ -1202,7 +1202,8 @@ Module._initPaths = function() { +@@ -1189,7 +1189,8 @@ Module._initPaths = function() { path.resolve(process.execPath, '..') : path.resolve(process.execPath, '..', '..');