CVS commit: pkgsrc/lang/nodejs

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed Feb 14 21:15:56 UTC 2024

Modified Files:
        pkgsrc/lang/nodejs: Makefile distinfo

Log Message:
nodejs: updated to 21.6.2

Version 21.6.2 (Current)

Notable changes

CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
undici version 5.28.3
libuv version 1.48.0
OpenSSL version 3.0.13+quic1


To generate a diff of this commit:
cvs rdiff -u -r1.286 -r1.287 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.256 -r1.257 pkgsrc/lang/nodejs/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs/Makefile
diff -u pkgsrc/lang/nodejs/Makefile:1.286 pkgsrc/lang/nodejs/Makefile:1.287
--- pkgsrc/lang/nodejs/Makefile:1.286   Thu Jan 25 17:11:34 2024
+++ pkgsrc/lang/nodejs/Makefile Wed Feb 14 21:15:55 2024
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.286 2024/01/25 17:11:34 adam Exp $
+# $NetBSD: Makefile,v 1.287 2024/02/14 21:15:55 adam Exp $
 
-DISTNAME=      node-v21.6.1
+DISTNAME=      node-v21.6.2
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++17

Index: pkgsrc/lang/nodejs/distinfo
diff -u pkgsrc/lang/nodejs/distinfo:1.256 pkgsrc/lang/nodejs/distinfo:1.257
--- pkgsrc/lang/nodejs/distinfo:1.256   Thu Jan 25 17:11:34 2024
+++ pkgsrc/lang/nodejs/distinfo Wed Feb 14 21:15:55 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.256 2024/01/25 17:11:34 adam Exp $
+$NetBSD: distinfo,v 1.257 2024/02/14 21:15:55 adam Exp $
 
-BLAKE2s (node-v21.6.1.tar.xz) = 20050c732872c8b09d8dc4bee0e7f38fce5dffa6e594fd58673bc2d3b62b6c4b
-SHA512 (node-v21.6.1.tar.xz) = da51e685c36422257474b5bb9ec183f0c6bfdfc86ac706861ddbcf3242f72ae173090ebed67421c80da29da47095c47335efcd289f7e40cad0493181481da270
-Size (node-v21.6.1.tar.xz) = 42656664 bytes
+BLAKE2s (node-v21.6.2.tar.xz) = fe387fc8fa64dc21062a297cd71496990236e67b8b0f40a687ee58378b548eca
+SHA512 (node-v21.6.2.tar.xz) = eb97c110bb13c8c4fef06b1a793102775dd61403dbd07531414085ac7b8ed7be4959fb26f5fe813a6d8be7e79169c8279186f419657b6eda919c406f891f7845
+Size (node-v21.6.2.tar.xz) = 42668368 bytes
 SHA1 (patch-common.gypi) = f50615affd26c2c7902d2112c8e9f2704c057b9c
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = 29f0c382b68f77749a71ce39fa2ca37338ca18ec