package/nodejs: security bump to version 12.22.4

Fixes the following security issues: - CVE-2021-22930: Use after free on close http2 on stream canceling (High) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. Drop 0002-Fix-build-with-ICU-68.patch as this is now fixed upstream since https://github.com/nodejs/node/commit/e459c79b02 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit ca92d31cff) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 20:02:23 +02:00 · 2021-08-08 20:02:23 +02:00 · 6f50ae1c29
commit 6f50ae1c29
parent a1966dc62c
3 changed files with 3 additions and 104 deletions
--- a/package/nodejs/0002-Fix-build-with-ICU-68.patch
+++ b/package/nodejs/0002-Fix-build-with-ICU-68.patch
@ -1,101 +0,0 @@
-From 1504de672ec44080d08a97c479a23727a9c31d8b Mon Sep 17 00:00:00 2001
-From: James Hilliard <james.hilliard1@gmail.com>
-Date: Mon, 19 Jul 2021 03:35:30 -0600
-Subject: [PATCH] Fix build with ICU >= 68.
-
-Adapted from:
-https://chromium-review.googlesource.com/c/v8/v8/+/2477751
-
-Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
-[Upstream status:
-https://github.com/nodejs/node/pull/39440]
---
- deps/v8/src/objects/js-list-format.cc | 32 +++++++++++++++++++++++++++
- 1 file changed, 32 insertions(+)
-
-diff --git a/deps/v8/src/objects/js-list-format.cc b/deps/v8/src/objects/js-list-format.cc
-index 4f303b1874..2101f8e507 100644
--- a/deps/v8/src/objects/js-list-format.cc
-+++ b/deps/v8/src/objects/js-list-format.cc
-@@ -29,6 +29,7 @@ namespace v8 {
- namespace internal {
- 
- namespace {
-+#if U_ICU_VERSION_MAJOR_NUM < 68
- const char* kStandard = "standard";
- const char* kOr = "or";
- const char* kUnit = "unit";
-@@ -41,8 +42,24 @@ const char* kUnitNarrow = "unit-narrow";
- 
- const char* GetIcuStyleString(JSListFormat::Style style,
-                               JSListFormat::Type type) {
-+#else
-+UListFormatterWidth GetIcuWidth(JSListFormat::Style style) {
-+  switch (style) {
-+    case JSListFormat::Style::LONG:
-+      return ULISTFMT_WIDTH_WIDE;
-+    case JSListFormat::Style::SHORT:
-+      return ULISTFMT_WIDTH_SHORT;
-+    case JSListFormat::Style::NARROW:
-+      return ULISTFMT_WIDTH_NARROW;
-+  }
-+  UNREACHABLE();
-+}
-+
-+UListFormatterType GetIcuType(JSListFormat::Type type) {
-+#endif
-   switch (type) {
-     case JSListFormat::Type::CONJUNCTION:
-+#if U_ICU_VERSION_MAJOR_NUM < 68
-       switch (style) {
-         case JSListFormat::Style::LONG:
-           return kStandard;
-@@ -51,7 +68,11 @@ const char* GetIcuStyleString(JSListFormat::Style style,
-         case JSListFormat::Style::NARROW:
-           return kStandardNarrow;
-       }
-+#else
-+      return ULISTFMT_TYPE_AND;
-+#endif
-     case JSListFormat::Type::DISJUNCTION:
-+#if U_ICU_VERSION_MAJOR_NUM < 68
-       switch (style) {
-         case JSListFormat::Style::LONG:
-           return kOr;
-@@ -60,7 +81,11 @@ const char* GetIcuStyleString(JSListFormat::Style style,
-         case JSListFormat::Style::NARROW:
-           return kOrNarrow;
-       }
-+#else
-+      return ULISTFMT_TYPE_OR;
-+#endif
-     case JSListFormat::Type::UNIT:
-+#if U_ICU_VERSION_MAJOR_NUM < 68
-       switch (style) {
-         case JSListFormat::Style::LONG:
-           return kUnit;
-@@ -69,6 +94,9 @@ const char* GetIcuStyleString(JSListFormat::Style style,
-         case JSListFormat::Style::NARROW:
-           return kUnitNarrow;
-       }
-+#else
-+      return ULISTFMT_TYPE_UNITS;
-+#endif
-   }
-   UNREACHABLE();
- }
-@@ -170,7 +198,11 @@ MaybeHandle<JSListFormat> JSListFormat::New(Isolate* isolate, Handle<Map> map,
-   icu::Locale icu_locale = r.icu_locale;
-   UErrorCode status = U_ZERO_ERROR;
-   icu::ListFormatter* formatter = icu::ListFormatter::createInstance(
-+#if U_ICU_VERSION_MAJOR_NUM < 68
-       icu_locale, GetIcuStyleString(style_enum, type_enum), status);
-+#else
-+      icu_locale, GetIcuType(type_enum), GetIcuWidth(style_enum), status);
-+#endif
-   if (U_FAILURE(status)) {
-     delete formatter;
-     FATAL("Failed to create ICU list formatter, are ICU data files missing?");
-- 
-2.25.1
-
--- a/package/nodejs/nodejs.hash
+++ b/package/nodejs/nodejs.hash
@ -1,5 +1,5 @@
-# From https://nodejs.org/dist/v12.22.3/SHASUMS256.txt
-sha256  350211fae3a688f41889680c8efcf689353a2e36b62b9dc2b408340986857190  node-v12.22.3.tar.xz
+# From https://nodejs.org/dist/v12.22.4/SHASUMS256.txt
+sha256  44cd4eab131e5282fc923e9e720d983a0b44c12e4aa4f6c3598dc97ae1e4cd4c  node-v12.22.4.tar.xz

 # Hash for license file
 sha256  221417a7ca275112a5ac54639b36ee3c5184e74631ea1e1b01b701293b655190  LICENSE
--- a/package/nodejs/nodejs.mk
+++ b/package/nodejs/nodejs.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-NODEJS_VERSION = 12.22.3
+NODEJS_VERSION = 12.22.4
 NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz
 NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION)
 NODEJS_DEPENDENCIES = host-python host-nodejs c-ares \