CVS commit: pkgsrc/lang/nodejs

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/nodejs
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Fri, 11 Aug 2023 05:25:17 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Fri Aug 11 05:25:17 UTC 2023

Modified Files:
        pkgsrc/lang/nodejs: Makefile distinfo

Log Message:
nodejs: updated to 20.5.1

Version 20.5.1 (Current)

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-32002: Policies can be bypassed via Module._load (High)
CVE-2023-32558: process.binding() can bypass the permission model through path traversal (High)
CVE-2023-32004: Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
CVE-2023-32005: fs.statfs can bypass the permission model (Low)
CVE-2023-32003: fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
OpenSSL Security Releases


To generate a diff of this commit:
cvs rdiff -u -r1.268 -r1.269 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.241 -r1.242 pkgsrc/lang/nodejs/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs/Makefile
diff -u pkgsrc/lang/nodejs/Makefile:1.268 pkgsrc/lang/nodejs/Makefile:1.269
--- pkgsrc/lang/nodejs/Makefile:1.268   Tue Jul 25 06:42:43 2023
+++ pkgsrc/lang/nodejs/Makefile Fri Aug 11 05:25:17 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.268 2023/07/25 06:42:43 adam Exp $
+# $NetBSD: Makefile,v 1.269 2023/08/11 05:25:17 adam Exp $
 
-DISTNAME=      node-v20.5.0
+DISTNAME=      node-v20.5.1
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++17

Index: pkgsrc/lang/nodejs/distinfo
diff -u pkgsrc/lang/nodejs/distinfo:1.241 pkgsrc/lang/nodejs/distinfo:1.242
--- pkgsrc/lang/nodejs/distinfo:1.241   Tue Jul 25 06:42:43 2023
+++ pkgsrc/lang/nodejs/distinfo Fri Aug 11 05:25:17 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.241 2023/07/25 06:42:43 adam Exp $
+$NetBSD: distinfo,v 1.242 2023/08/11 05:25:17 adam Exp $
 
-BLAKE2s (node-v20.5.0.tar.xz) = 9b48678c84ecac57039a7772567c8335903f78825b523b41a1947f91abfefb63
-SHA512 (node-v20.5.0.tar.xz) = f7afb0aa7175bf1b87d1916c8085e2292bfa32aae3de1dae060d74bcdadb3fe486cca6b92c5fb27a70cd3aaa57622e65a57721519fd180bfdf16401d5d89bec7
-Size (node-v20.5.0.tar.xz) = 41738488 bytes
+BLAKE2s (node-v20.5.1.tar.xz) = d4b65e72751e657084aa8d70648eecfe4a3cfaea320c83a58443b1119de87463
+SHA512 (node-v20.5.1.tar.xz) = 2828930bf2df0769ec7116fc6b89c7069294426b937ce38543426e0108a8c953301c523eb03419e35a993773895d74b28838bec96ffc01ab0e138a4b2a52737d
+Size (node-v20.5.1.tar.xz) = 41532256 bytes
 SHA1 (patch-common.gypi) = f50615affd26c2c7902d2112c8e9f2704c057b9c
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = 29f0c382b68f77749a71ce39fa2ca37338ca18ec

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/lang/nodejs18
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/lang/nodejs18
Indexes:

Home | Main Index | Thread Index | Old Index