From ca3209a3b35cd80de39f9f4f2a263211191807cb Mon Sep 17 00:00:00 2001 From: Hirokazu MORIKAWA Date: Sun, 7 Apr 2024 11:34:45 +0900 Subject: [PATCH] node: April 3, 2024 Security Releases This is a security release Notable Changes * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium) * llhttp version 9.2.1 * undici version 5.28.4 Changed to use gz according to main-snapshot Signed-off-by: Hirokazu MORIKAWA --- lang/node/Makefile | 6 +++--- lang/node/patches/003-path.patch | 2 +- lang/node/patches/202-node_gyp.patch | 6 +++--- lang/node/patches/204-v8_gyp.patch | 20 +++++++++---------- .../patches/999-localhost-no-addrconfig.patch | 2 +- ...able_pointer_authentication_on_arm64.patch | 2 +- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/lang/node/Makefile b/lang/node/Makefile index 1238b94d84..369f3bbe86 100644 --- a/lang/node/Makefile +++ b/lang/node/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=node -PKG_VERSION:=v20.11.1 +PKG_VERSION:=v20.12.1 PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION) -PKG_HASH:=77813edbf3f7f16d2d35d3353443dee4e61d5ee84d9e3138c7538a3c0ca5209e +PKG_HASH:=b9bef0314e12773ef004368ee56a2db509a948d4170b9efb07441bac1f1407a0 PKG_MAINTAINER:=Hirokazu MORIKAWA , Adrian Panella PKG_LICENSE:=MIT diff --git a/lang/node/patches/003-path.patch b/lang/node/patches/003-path.patch index 06201179bc..02b45b6d65 100644 --- a/lang/node/patches/003-path.patch +++ b/lang/node/patches/003-path.patch @@ -1,6 +1,6 @@ --- a/lib/internal/modules/cjs/loader.js +++ b/lib/internal/modules/cjs/loader.js -@@ -1537,7 +1537,8 @@ Module._initPaths = function() { +@@ -1529,7 +1529,8 @@ Module._initPaths = function() { path.resolve(process.execPath, '..') : path.resolve(process.execPath, '..', '..'); diff --git a/lang/node/patches/202-node_gyp.patch b/lang/node/patches/202-node_gyp.patch index b8bd937fbd..2105ffcfcc 100644 --- a/lang/node/patches/202-node_gyp.patch +++ b/lang/node/patches/202-node_gyp.patch @@ -1,10 +1,10 @@ --- a/node.gyp +++ b/node.gyp -@@ -1193,6 +1193,7 @@ +@@ -1197,6 +1197,7 @@ 'dependencies': [ 'deps/simdutf/simdutf.gyp:simdutf#host', ], + 'libraries!':[ '-licui18n', '-licuuc', '-licudata', '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ], 'include_dirs': [ - 'tools' - ], + 'tools', + 'src', diff --git a/lang/node/patches/204-v8_gyp.patch b/lang/node/patches/204-v8_gyp.patch index 605148cc7e..15fe36f182 100644 --- a/lang/node/patches/204-v8_gyp.patch +++ b/lang/node/patches/204-v8_gyp.patch @@ -77,7 +77,7 @@ 'include_dirs': [ '<(generate_bytecode_output_root)', '<(SHARED_INTERMEDIATE_DIR)', -@@ -1484,6 +1495,7 @@ +@@ -1495,6 +1506,7 @@ }], ], 'direct_dependent_settings': { @@ -85,7 +85,7 @@ 'include_dirs': [ '<(V8_ROOT)/include', ], -@@ -1504,6 +1516,7 @@ +@@ -1515,6 +1527,7 @@ { 'target_name': 'bytecode_builtins_list_generator', 'type': 'executable', @@ -93,7 +93,7 @@ 'conditions': [ ['want_separate_host_toolset', { 'toolsets': ['host'], -@@ -1532,6 +1545,9 @@ +@@ -1543,6 +1556,9 @@ { 'target_name': 'mksnapshot', 'type': 'executable', @@ -103,7 +103,7 @@ 'dependencies': [ 'v8_base_without_compiler', 'v8_compiler_for_mksnapshot', -@@ -1559,6 +1575,7 @@ +@@ -1570,6 +1586,7 @@ { 'target_name': 'torque', 'type': 'executable', @@ -111,7 +111,7 @@ 'dependencies': [ 'torque_base', # "build/win:default_exe_manifest", -@@ -1601,6 +1618,7 @@ +@@ -1612,6 +1629,7 @@ { 'target_name': 'torque-language-server', 'type': 'executable', @@ -119,7 +119,7 @@ 'conditions': [ ['want_separate_host_toolset', { 'toolsets': ['host'], -@@ -1632,6 +1650,8 @@ +@@ -1643,6 +1661,8 @@ { 'target_name': 'gen-regexp-special-case', 'type': 'executable', @@ -128,7 +128,7 @@ 'dependencies': [ 'v8_libbase', # "build/win:default_exe_manifest", -@@ -1850,6 +1870,7 @@ +@@ -1861,6 +1881,7 @@ }], ], 'direct_dependent_settings': { @@ -136,9 +136,9 @@ 'include_dirs': [ '<(V8_ROOT)/include', ], -@@ -1971,15 +1992,19 @@ - }], - ], +@@ -1988,15 +2009,19 @@ + 'WARNING_CFLAGS!': ['-Wno-invalid-offsetof'] + }, 'direct_dependent_settings': { + 'include_dirs!': [ '