Mon Oct 16 19:15:17 2023 UTC ()
nodejs: updated to 20.8.1

Version 20.8.1 (Current)

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-44487: nghttp2 Security Release (High)
CVE-2023-45143: undici Security Release (High)
CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
CVE-2023-39331: Permission model improperly protects against path traversal (High)
CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
CVE-2023-39333: Code injection via WebAssembly export names (Low)


(adam)
diff -r1.274 -r1.275 pkgsrc/lang/nodejs/Makefile
diff -r1.246 -r1.247 pkgsrc/lang/nodejs/distinfo
cvs diff -r1.274 -r1.275 pkgsrc/lang/nodejs/Makefile (expand / switch to unified diff)

--- pkgsrc/lang/nodejs/Makefile 2023/10/01 16:00:13 1.274
+++ pkgsrc/lang/nodejs/Makefile 2023/10/16 19:15:17 1.275
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.274 2023/10/01 16:00:13 adam Exp $ 1# $NetBSD: Makefile,v 1.275 2023/10/16 19:15:17 adam Exp $
2 2
3DISTNAME= node-v20.8.0 3DISTNAME= node-v20.8.1
4EXTRACT_SUFX= .tar.xz 4EXTRACT_SUFX= .tar.xz
5 5
6USE_LANGUAGES= c gnu++17 6USE_LANGUAGES= c gnu++17
7 7
8USE_CXX_FEATURES+= c++17 charconv 8USE_CXX_FEATURES+= c++17 charconv
9 9
10TOOL_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat 10TOOL_DEPENDS+= ${PYPKGPREFIX}-expat>=0:../../textproc/py-expat
11 11
12.include "../../mk/bsd.prefs.mk" 12.include "../../mk/bsd.prefs.mk"
13 13
14# XXX: figure out a way to add rpaths to torque 14# XXX: figure out a way to add rpaths to torque
15MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib 15MAKE_ENV+= LD_LIBRARY_PATH=${PREFIX}/lib
16 16
cvs diff -r1.246 -r1.247 pkgsrc/lang/nodejs/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/nodejs/distinfo 2023/10/01 16:00:13 1.246
+++ pkgsrc/lang/nodejs/distinfo 2023/10/16 19:15:17 1.247
@@ -1,18 +1,18 @@ @@ -1,18 +1,18 @@
1$NetBSD: distinfo,v 1.246 2023/10/01 16:00:13 adam Exp $ 1$NetBSD: distinfo,v 1.247 2023/10/16 19:15:17 adam Exp $
2 2
3BLAKE2s (node-v20.8.0.tar.xz) = fd3cef6d97ddb955327baed0dfc2aaaa7deb544d89480ce4c51a7b51486a9a3e 3BLAKE2s (node-v20.8.1.tar.xz) = 2fedcaa70f6e4017469e0513e035ee2159c24b6d6f7cdf450413b9c6d5d99165
4SHA512 (node-v20.8.0.tar.xz) = 9b2a8c14aee765f1fb039ce949eac635160b44cc3ae6507fe96637b9c8fc4e90a492dd3e0ce2173e190fa534dcd5d76e2639d9812406e0a9de4ec2e2ec1b4e2d 4SHA512 (node-v20.8.1.tar.xz) = d76245a8ec35fdb481e898efc457d3804d425a0d8e2da9175cdcc41036c57b5a6c23a5c2e84b7b417d3f48be631bff86708b2cae9e65ca3a22908caa3190ed1b
5Size (node-v20.8.0.tar.xz) = 41855692 bytes 5Size (node-v20.8.1.tar.xz) = 41863408 bytes
6SHA1 (patch-common.gypi) = f50615affd26c2c7902d2112c8e9f2704c057b9c 6SHA1 (patch-common.gypi) = f50615affd26c2c7902d2112c8e9f2704c057b9c
7SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 7SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
8SHA1 (patch-deps_uv_common.gypi) = 29f0c382b68f77749a71ce39fa2ca37338ca18ec 8SHA1 (patch-deps_uv_common.gypi) = 29f0c382b68f77749a71ce39fa2ca37338ca18ec
9SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf 9SHA1 (patch-deps_uvwasi_include_wasi__serdes.h) = 32b85ef5824b96b35aba9280bbe7aa7899d9e5cf
10SHA1 (patch-deps_v8_src_base_platform_memory.h) = 0921b5eeecfe03b774f85a15628c559901e7fea8 10SHA1 (patch-deps_v8_src_base_platform_memory.h) = 0921b5eeecfe03b774f85a15628c559901e7fea8
11SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1 11SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1
12SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8 12SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8
13SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = e797043e7fa1379f086ffe3a919e140260b0632e 13SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = e797043e7fa1379f086ffe3a919e140260b0632e
14SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6 14SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6
15SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb 15SHA1 (patch-deps_v8_src_base_strings.h) = 4d2b37491f2f74f1a573f8c1942790204e23a8bb
16SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b 16SHA1 (patch-deps_v8_src_codegen_arm_cpu-arm.cc) = 84c75d61bc99c2ff9adeac3152f5b11ebb0e582b
17SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc 17SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc
18SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5 18SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5