Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1687360423210780"
MIME-Version: 1.0
Date: Wed, 21 Jun 2023 15:13:43 +0000
From: "Adam Ciarcinski" <adam@netbsd.org>
Subject: CVS commit: pkgsrc/lang/nodejs
To: pkgsrc-changes@NetBSD.org
Approved: commit_and_comment
Reply-To: adam@netbsd.org
Message-Id: <20230621151343.4617FFA89@cvs.NetBSD.org>

This is a multi-part message in MIME format.

--_----------=_1687360423210780
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	adam
Date:		Wed Jun 21 15:13:43 UTC 2023

Modified Files:
	pkgsrc/lang/nodejs: Makefile distinfo

Log Message:
nodejs: updated to 20.3.1

Version 20.3.1 (Current)

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
OpenSSL Security Releases
OpenSSL security advisory 28th March.
OpenSSL security advisory 20th April.
OpenSSL security advisory 30th May


To generate a diff of this commit:
cvs rdiff -u -r1.263 -r1.264 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.238 -r1.239 pkgsrc/lang/nodejs/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1687360423210780
Content-Disposition: inline
Content-Length: 1684
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/nodejs/Makefile
diff -u pkgsrc/lang/nodejs/Makefile:1.263 pkgsrc/lang/nodejs/Makefile:1.264
--- pkgsrc/lang/nodejs/Makefile:1.263	Tue Jun 13 15:45:55 2023
+++ pkgsrc/lang/nodejs/Makefile	Wed Jun 21 15:13:43 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.263 2023/06/13 15:45:55 adam Exp $
+# $NetBSD: Makefile,v 1.264 2023/06/21 15:13:43 adam Exp $
 
-DISTNAME=	node-v20.3.0
+DISTNAME=	node-v20.3.1
 EXTRACT_SUFX=	.tar.xz
 
 USE_LANGUAGES=	c gnu++17

Index: pkgsrc/lang/nodejs/distinfo
diff -u pkgsrc/lang/nodejs/distinfo:1.238 pkgsrc/lang/nodejs/distinfo:1.239
--- pkgsrc/lang/nodejs/distinfo:1.238	Tue Jun 13 15:45:55 2023
+++ pkgsrc/lang/nodejs/distinfo	Wed Jun 21 15:13:43 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.238 2023/06/13 15:45:55 adam Exp $
+$NetBSD: distinfo,v 1.239 2023/06/21 15:13:43 adam Exp $
 
-BLAKE2s (node-v20.3.0.tar.xz) = e23700714d750a95b66d10c1bb9e5c8a0ab69a9705f46a629b1cc11729cfb367
-SHA512 (node-v20.3.0.tar.xz) = 6aade4c1cc0ef8f47f403286d88099a3c0bf43f6e1e2b6d50e777eb9327fc1f0a8ba73c943306a431fd422fdda9017b1931bcb31c48badcfcadde8a260840d7c
-Size (node-v20.3.0.tar.xz) = 41709484 bytes
+BLAKE2s (node-v20.3.1.tar.xz) = cc2a81bc263192de8c5e60ddbdb907df7b48b815378fe62c1f1ef88a2e9b5c5b
+SHA512 (node-v20.3.1.tar.xz) = f9f7a3905aa05f9708d3dddcbbe8ad729db3a123ccbdbcade402c6faa6b36905239aca9ac19ca4ebb4682dde2c39058c58197f5015556ab2351f8035d35da5e1
+Size (node-v20.3.1.tar.xz) = 41712208 bytes
 SHA1 (patch-common.gypi) = f50615affd26c2c7902d2112c8e9f2704c057b9c
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = 29f0c382b68f77749a71ce39fa2ca37338ca18ec


--_----------=_1687360423210780--