Fri Aug 11 05:25:17 2023 UTC ()

nodejs: updated to 20.5.1

Version 20.5.1 (Current)

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-32002: Policies can be bypassed via Module._load (High)
CVE-2023-32558: process.binding() can bypass the permission model through path traversal (High)
CVE-2023-32004: Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
CVE-2023-32005: fs.statfs can bypass the permission model (Low)
CVE-2023-32003: fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
OpenSSL Security Releases


(adam)

diff -r1.268 -r1.269 pkgsrc/lang/nodejs/Makefile
diff -r1.241 -r1.242 pkgsrc/lang/nodejs/distinfo

--- pkgsrc/lang/nodejs/Makefile 2023/07/25 06:42:43 1.268
+++ pkgsrc/lang/nodejs/Makefile 2023/08/11 05:25:17 1.269

 @@ -1,16 +1,16 @@
-# $NetBSD: Makefile,v 1.268 2023/07/25 06:42:43 adam Exp $
+# $NetBSD: Makefile,v 1.269 2023/08/11 05:25:17 adam Exp $
-DISTNAME=	node-v20.5.0
+DISTNAME=	node-v20.5.1
 EXTRACT_SUFX=	.tar.xz
 USE_LANGUAGES=	c gnu++17
 USE_CXX_FEATURES+=	c++17 charconv
 TOOL_DEPENDS+=	${PYPKGPREFIX}-expat>=0:../../textproc/py-expat
 .include "../../mk/bsd.prefs.mk"
 # XXX: figure out a way to add rpaths to torque
 MAKE_ENV+=	LD_LIBRARY_PATH=${PREFIX}/lib

--- pkgsrc/lang/nodejs/distinfo 2023/07/25 06:42:43 1.241
+++ pkgsrc/lang/nodejs/distinfo 2023/08/11 05:25:17 1.242

 @@ -1,18 +1,18 @@
-$NetBSD: distinfo,v 1.241 2023/07/25 06:42:43 adam Exp $
+$NetBSD: distinfo,v 1.242 2023/08/11 05:25:17 adam Exp $
-BLAKE2s (node-v20.5.0.tar.xz) = 9b48678c84ecac57039a7772567c8335903f78825b523b41a1947f91abfefb63
+BLAKE2s (node-v20.5.1.tar.xz) = d4b65e72751e657084aa8d70648eecfe4a3cfaea320c83a58443b1119de87463
-SHA512 (node-v20.5.0.tar.xz) = f7afb0aa7175bf1b87d1916c8085e2292bfa32aae3de1dae060d74bcdadb3fe486cca6b92c5fb27a70cd3aaa57622e65a57721519fd180bfdf16401d5d89bec7
+SHA512 (node-v20.5.1.tar.xz) = 2828930bf2df0769ec7116fc6b89c7069294426b937ce38543426e0108a8c953301c523eb03419e35a993773895d74b28838bec96ffc01ab0e138a4b2a52737d
-Size (node-v20.5.0.tar.xz) = 41738488 bytes
+Size (node-v20.5.1.tar.xz) = 41532256 bytes
 SHA1 (patch-common.gypi) = f50615affd26c2c7902d2112c8e9f2704c057b9c
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = 29f0c382b68f77749a71ce39fa2ca37338ca18ec
 SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf
 SHA1 (patch-deps_v8_src_base_platform_memory.h) = 0921b5eeecfe03b774f85a15628c559901e7fea8
 SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1
 SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8
 SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = e797043e7fa1379f086ffe3a919e140260b0632e
 SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6
 SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb
 SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b
 SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc
 SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5