From cee32c84afb6c6bb4d414b496e04acb1d1a629ed Mon Sep 17 00:00:00 2001 From: Hirokazu MORIKAWA Date: Sat, 31 Jul 2021 11:28:02 +0900 Subject: [PATCH] node: bump to 14.17.4 July 2021 Security Releases: Use after free on close http2 on stream canceling (High) (CVE-2021-22930) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930 Signed-off-by: Hirokazu MORIKAWA --- lang/node/Makefile | 4 ++-- lang/node/patches/003-path.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/node/Makefile b/lang/node/Makefile index 9b86e7aef..660ed31c1 100644 --- a/lang/node/Makefile +++ b/lang/node/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=node -PKG_VERSION:=v14.17.1 +PKG_VERSION:=v14.17.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION) -PKG_HASH:=ddf1d2d56ddf35ecd98c5ea5ddcd690b245899f289559b4330c921255f5a247f +PKG_HASH:=ae7bf4e784f8c8027ffa1e3757f37d2bd5925d0c48988c4d7f07e4515853cf2c PKG_MAINTAINER:=Hirokazu MORIKAWA , Adrian Panella PKG_LICENSE:=MIT diff --git a/lang/node/patches/003-path.patch b/lang/node/patches/003-path.patch index 8110a4a46..2572c5f9c 100644 --- a/lang/node/patches/003-path.patch +++ b/lang/node/patches/003-path.patch @@ -1,6 +1,6 @@ --- a/lib/internal/modules/cjs/loader.js +++ b/lib/internal/modules/cjs/loader.js -@@ -1202,7 +1202,8 @@ Module._initPaths = function() { +@@ -1189,7 +1189,8 @@ Module._initPaths = function() { path.resolve(process.execPath, '..') : path.resolve(process.execPath, '..', '..');