node: bump to 20.20.2

This is a security release. Notable Changes * (CVE-2026-21717) fix array index hash collision (Joyee Cheung) * (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) * (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) * (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS)pull/795> * (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) * (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) * (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2026-04-15 10:51:55 +00:00 · 2026-04-05 08:10:41 +09:00
parent 0816e4806a
commit 4f80e67a71
2 changed files with 2 additions and 27 deletions
--- a/lang/node/Makefile
+++ b/lang/node/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=node
-PKG_VERSION:=20.20.0
+PKG_VERSION:=20.20.2
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://nodejs.org/dist/v$(PKG_VERSION)
-PKG_HASH:=cafc92e90917c17869d982fdff10104c2eb328437ed9bbf03fdda78ebc0accdd
+PKG_HASH:=8cb85a81f75169eb811f7b2512cf17a646826430debbe016a7461f31e286fdef
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION)
 HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)-v$(PKG_VERSION)

--- a/lang/node/patches/999-llhttp-neon.patch
+++ b/lang/node/patches/999-llhttp-neon.patch
@@ -1,25 +0,0 @@
--- a/deps/llhttp/src/llhttp.c
-+++ b/deps/llhttp/src/llhttp.c
-@@ -2639,17 +2639,17 @@ static llparse_state_t llhttp__internal_
-         /* Find first character that does not match `ranges` */
-         single = vceqq_u8(input, vdupq_n_u8(0x9));
-         mask = single;
-        single = vandq_u16(
-+        single = vandq_u8(
-           vcgeq_u8(input, vdupq_n_u8(' ')),
-           vcleq_u8(input, vdupq_n_u8('~'))
-         );
-        mask = vorrq_u16(mask, single);
-        single = vandq_u16(
-+        mask = vorrq_u8(mask, single);
-+        single = vandq_u8(
-           vcgeq_u8(input, vdupq_n_u8(0x80)),
-           vcleq_u8(input, vdupq_n_u8(0xff))
-         );
-        mask = vorrq_u16(mask, single);
-        narrow = vshrn_n_u16(mask, 4);
-+        mask = vorrq_u8(mask, single);
-+        narrow = vshrn_n_u16(vreinterpretq_u16_u8(mask), 4);
-         match_mask = ~vget_lane_u64(vreinterpret_u64_u8(narrow), 0);
-         match_len = __builtin_ctzll(match_mask) >> 2;
-         if (match_len != 16) {