From: Hirokazu MORIKAWA Date: Sun, 7 Apr 2024 02:47:53 +0000 (+0900) Subject: node: April 3, 2024 Security Releases X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=8602f63b8db7efd93ad83f8f36e5a0d2a6e1d56a;p=feed%2Fpackages.git node: April 3, 2024 Security Releases Notable Changes * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium) * llhttp version 9.2.1 * undici version 5.28.4 Changed to use gz according to main-snapshot Signed-off-by: Hirokazu MORIKAWA --- diff --git a/lang/node/Makefile b/lang/node/Makefile index a62eefa1d3..42ad9f12cd 100644 --- a/lang/node/Makefile +++ b/lang/node/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=node -PKG_VERSION:=v18.19.1 +PKG_VERSION:=v18.20.1 PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION) -PKG_HASH:=090f96a2ecde080b6b382c6d642bca5d0be4702a78cb555be7bf02b20bd16ded +PKG_HASH:=7fb430d0b1256c22f26dd321070182ab943005bdb7b738facc6d9a82b1e04ed7 PKG_MAINTAINER:=Hirokazu MORIKAWA , Adrian Panella PKG_LICENSE:=MIT diff --git a/lang/node/patches/003-path.patch b/lang/node/patches/003-path.patch index 5bb86aa698..0a4307d17d 100644 --- a/lang/node/patches/003-path.patch +++ b/lang/node/patches/003-path.patch @@ -1,6 +1,6 @@ --- a/lib/internal/modules/cjs/loader.js +++ b/lib/internal/modules/cjs/loader.js -@@ -1516,7 +1516,8 @@ Module._initPaths = function() { +@@ -1524,7 +1524,8 @@ Module._initPaths = function() { path.resolve(process.execPath, '..') : path.resolve(process.execPath, '..', '..');