CVS commit: pkgsrc/lang/nodejs20

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed Feb 14 21:16:23 UTC 2024

Modified Files:
        pkgsrc/lang/nodejs20: Makefile distinfo

Log Message:
nodejs20: updated to 20.11.1

Version 20.11.1 'Iron' (LTS)

Notable changes

CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
undici version 5.28.3
libuv version 1.48.0
OpenSSL version 3.0.13+quic1


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/nodejs20/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/nodejs20/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs20/Makefile
diff -u pkgsrc/lang/nodejs20/Makefile:1.5 pkgsrc/lang/nodejs20/Makefile:1.6
--- pkgsrc/lang/nodejs20/Makefile:1.5   Thu Jan 11 09:33:41 2024
+++ pkgsrc/lang/nodejs20/Makefile       Wed Feb 14 21:16:23 2024
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.5 2024/01/11 09:33:41 adam Exp $
+# $NetBSD: Makefile,v 1.6 2024/02/14 21:16:23 adam Exp $
 
-DISTNAME=      node-v20.11.0
+DISTNAME=      node-v20.11.1
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++17

Index: pkgsrc/lang/nodejs20/distinfo
diff -u pkgsrc/lang/nodejs20/distinfo:1.4 pkgsrc/lang/nodejs20/distinfo:1.5
--- pkgsrc/lang/nodejs20/distinfo:1.4   Thu Jan 11 09:33:41 2024
+++ pkgsrc/lang/nodejs20/distinfo       Wed Feb 14 21:16:23 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.4 2024/01/11 09:33:41 adam Exp $
+$NetBSD: distinfo,v 1.5 2024/02/14 21:16:23 adam Exp $
 
-BLAKE2s (node-v20.11.0.tar.xz) = 44c2fceaaa2b66b7bfcd0667136d5cf93dcb5166aa8cff0265e932b0df487182
-SHA512 (node-v20.11.0.tar.xz) = 405cbd53f75d94b9c31536a638c6508215b34a77505471319c46f66eb87ac907cb6796b25efa27162da53cb6a013aaf9ad1a5690eb7ed793969055a648d1d53c
-Size (node-v20.11.0.tar.xz) = 42162348 bytes
+BLAKE2s (node-v20.11.1.tar.xz) = d8c854118240391964ce156ce25175a5eee54d905265964018d93250519a94bf
+SHA512 (node-v20.11.1.tar.xz) = b3a3ab3cdeccb54eb38a5b95eece5d180077393e7c1766bc591bbdc0445d78fdd4e19d2d3a3325cb6788a19cef83f48172ff7a6ec152eb1c352b3862dd955596
+Size (node-v20.11.1.tar.xz) = 42159296 bytes
 SHA1 (patch-common.gypi) = f50615affd26c2c7902d2112c8e9f2704c057b9c
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = 29f0c382b68f77749a71ce39fa2ca37338ca18ec