diff --git a/SHASUMS256.txt b/SHASUMS256.txt index 728cec2..addee43 100644 --- a/SHASUMS256.txt +++ b/SHASUMS256.txt @@ -1,41 +1,41 @@ -45375449725aa845f605a77e6ff88886a2f73294183e82ea8d38e0c24722f853 node-v20.3.0-aix-ppc64.tar.gz -ce9af071a58909f81a0601b976c688ef04a027442b1bca2baa35445efca53b2d node-v20.3.0-arm64.msi -25d5db6192ebcb7013f4138c71a7c423d0da33f28149d28b3b6df7c00527dd40 node-v20.3.0-darwin-arm64.tar.gz -c45ff3a1c6a3d69fde8fb8023ec21b987e5c56d5bd3d527ecde0932378e562af node-v20.3.0-darwin-arm64.tar.xz -24293d0217f009cbf821e5f399dcf72c1df2cb27f70cb1f05fd07af2ee6ad2c2 node-v20.3.0-darwin-x64.tar.gz -f26e9e3f1fb8bd603b879ae7e81fdf6bcc3ee97a15afa4c5af3e88fab7fb7368 node-v20.3.0-darwin-x64.tar.xz -01015dffc18bc86e56b3d59773391cc812cd0ce8e69d96e23b2e9a6540f43340 node-v20.3.0-headers.tar.gz -729408bc7548f384412a8744c579bc4fecb1452cba1bc4e4f57e5b1198bd4cd2 node-v20.3.0-headers.tar.xz -c3476b293f3b26a14163184171896ef17dc33ee26a208256170556b493a2b2c5 node-v20.3.0-linux-arm64.tar.gz -9b661e54f8ea73a3b0a1c92c2af32cf020f67f2c123789539fb343f2a1e36ffd node-v20.3.0-linux-arm64.tar.xz -25a06a1477cd5c91e4b69d86bae03890d80e07c996c677032de4278fa389eed3 node-v20.3.0-linux-armv7l.tar.gz -7efca84caaaf9003bb6adc7cfee3c13048891494e928018f6994cb4b7887176d node-v20.3.0-linux-armv7l.tar.xz -36ccc8c274d00a5eb195477b62cacc9aec0e1f56a6965b07c9de7f28a67ca52b node-v20.3.0-linux-ppc64le.tar.gz -620662ccf99973835cecc8d6c16f5d20c5af8d76f5da18deb21f41cef78e985e node-v20.3.0-linux-ppc64le.tar.xz -02e287c74218d6418af5173a641f8b78d7539e11e96c2af4bf946437c9833e0c node-v20.3.0-linux-s390x.tar.gz -26444015212c8e6cc00516826de48ae9447015405f7890ce053c77c61f4dd6c2 node-v20.3.0-linux-s390x.tar.xz -80238ee1a9dee6b0d5d1081503c6fdd1c7f81bdf4ca6abd90aa5a568712a2eaa node-v20.3.0-linux-x64.tar.gz -2dd1f5c0e01732024ba1f5de4517fa3976eb0976fa7976ff687ec09b62dd73fa node-v20.3.0-linux-x64.tar.xz -7fe22ee0fc446ed2e2cc153947ed7861a83a5c8b5182d86f80314049d0ed4172 node-v20.3.0.pkg -2f5f80be36315a2dd4a0da123597c3cbbba2b0ec19ba7832bf93414b1a645ca4 node-v20.3.0.tar.gz -1ba8d49423ed3a75729066bb3ea26493ee9cb7d6568ef948597fc9ef454f7435 node-v20.3.0.tar.xz -15297e64b07742719cceca13acb66b067c06e7d610114d85834a2e33eb58e11f node-v20.3.0-win-arm64.7z -700065af61429edc88ed714f1e2e64fe476a289ccc30d4345b7f6472a9b943b4 node-v20.3.0-win-arm64.zip -b8bda54d0936e2295dd3267dba7d61903af92a0427dac56251047fed2e8ff05f node-v20.3.0-win-x64.7z -43be53f9f4d6fa19e27efdb724e10cbdf3c7abfaebe0d852af62fc80c6f465a2 node-v20.3.0-win-x64.zip -32f63af144aa64c5fbe83a26dced8305934063393e34886aec7abf4e1d6637d8 node-v20.3.0-win-x86.7z -56699afcf06278f8b136a325bc34e5dbaf1cf836f57030630496fa28fe853e6f node-v20.3.0-win-x86.zip -9a8404fc31d9dce5a490a31f8624c3fc6f8adeee7686f255d0fe031c80188c04 node-v20.3.0-x64.msi -015e02672d93f5cc162a690cd5010df5cd45a46f884f97d0e7be8875feb71355 node-v20.3.0-x86.msi -6efd7b085f4b6e7b893963e34522dda7c01d8bcfd6bdb7ceeda7734a39c63242 win-arm64/node.exe +74408b56e0a20601cd073e52f90ffcafeb8d63a4e8deb8583fc3f0d26b502081 node-v20.3.1-aix-ppc64.tar.gz +fe48243bff912a26a76a7d5553c6f848a8b738c05ca976738d3a49af5621a584 node-v20.3.1-arm64.msi +fabf0d5bde4e1c16b6b96c310115425508c3750cd2b1d2992fa03d52b0050cf1 node-v20.3.1-darwin-arm64.tar.gz +5b9ba231a2502f9369295454a80e85468225f2695289ed163870a675eb5ed29f node-v20.3.1-darwin-arm64.tar.xz +fd2be29c8e17ef1460a3c67b5fd36ead27159367a8958fae8fe8f3945465e0db node-v20.3.1-darwin-x64.tar.gz +37684d83976612774f553e428a1f2610fb7efb270cca32657950c6e2542b250b node-v20.3.1-darwin-x64.tar.xz +0e5265e18039399e4e4e013622d5cd5878f3aa9e7d96fc551a74713e0ea447c2 node-v20.3.1-headers.tar.gz +c5d8b256a6acd91178342cb4634d0f1652a6aceb32565a72f99c71d69dd22550 node-v20.3.1-headers.tar.xz +4785061286dccf43cef673d8f9fec637f7a27d7e4c5b075f393e99ae13089f17 node-v20.3.1-linux-arm64.tar.gz +75f820e7e0c460d902eb2c35716d158c06a4692e69f9a6cf2be30a721d7e0b42 node-v20.3.1-linux-arm64.tar.xz +f9f8fa6e90e341b2e334589fea5247dfffada4b8ac1eecfb1577b3bbc538f2de node-v20.3.1-linux-armv7l.tar.gz +55d405b0ce92fe85a2604c56e92757ba255fff698f7e7d1bc5c9a3f5efcc966c node-v20.3.1-linux-armv7l.tar.xz +6e786adcc4bce1d790af579829d29d11a59221c608b760fe5ba2557ee8e3c2c4 node-v20.3.1-linux-ppc64le.tar.gz +8463ced01d4aa008be5c699ac4c0f75edac341d6da3bb4c34d5e708bc164e660 node-v20.3.1-linux-ppc64le.tar.xz +4fe866b2e8f001d0861a3042d3778189ccbc494dfe7fb1c0b6af9ff8e5086ff4 node-v20.3.1-linux-s390x.tar.gz +62737d306d1a3c25b794a362a354092cbce5f04f22f9e8f5cfd61e95aecd487e node-v20.3.1-linux-s390x.tar.xz +100507c0c4b4cf2f0661ab8ca79b21790c20a4aae24859e9ab60b7d95fbfd740 node-v20.3.1-linux-x64.tar.gz +a9f94435763f9c0128a8b6282ccbeefd0413a96e78e4427cfb7831d150c50334 node-v20.3.1-linux-x64.tar.xz +44ef9d3ceac5b7903948923bebc737bd062116a9768e2f620a0ccf034a0fcdf4 node-v20.3.1.pkg +785cfbf77998a96949d626f7bc63bc0b8e4737eb5dd2054b2e58d876904f5443 node-v20.3.1.tar.gz +12a82db306697959b4389b351a5f97848986b1313f9901b0e0b3d8cf4f3f9991 node-v20.3.1.tar.xz +569cb80351832ec3c1e38d61dabbe18d49f18cf20d658845d129c75d67e6e664 node-v20.3.1-win-arm64.7z +3ded6baf40440d762928d44df7d05d7c3f0c210a0240b8e5bb65ef3d9ad10edd node-v20.3.1-win-arm64.zip +79a85bb3758bfaba66df3abda9e2f29c6ceb65ceedd19d5a5e589c92835b24d5 node-v20.3.1-win-x64.7z +b9660cf19136d6cfce9d5ec1bd7b8b7dcc5642fe5fb8c5ddde78dc0aba216dd5 node-v20.3.1-win-x64.zip +72657860e268ca1b778a249531cda920800851c252d9f3680201796f45dc76da node-v20.3.1-win-x86.7z +69dce73312904b19b4a9b011bccfc47d05b8ebf05b07dcb58246f8d9c7f91e5b node-v20.3.1-win-x86.zip +4afe2af88b327173910085d25645e84bf7986d5849db2872b1e304ffd96e295a node-v20.3.1-x64.msi +6371129462ec79c6463be74bbd792bbb8071bf333d43fd8aa510d747da670fb4 node-v20.3.1-x86.msi +2b1965d736fcdf590c07751948c84b5936d9e09ae2a00d4cd0d307b965437cd9 win-arm64/node.exe 7d27551370e78fdf44e4e515458ad33d0c39983985853649fb01368999172662 win-arm64/node.lib -380bde84e409dde3044421ff4ffe49ac4a9f4ffa1a5d58827f44f0c3b1d76aa8 win-arm64/node_pdb.7z -ff756fde597c62d1a679e6e8843d2131e75d1bf68f65e1e875dcd609ce9c694a win-arm64/node_pdb.zip -8b56881aa5cc919897a217106713d4e34697143ba41170e632a482c3c2e891b4 win-x64/node.exe +44589d9a922591ea1ec4c4a98f77f99cbeae9928ad26c10ec21d6012afc5a48a win-arm64/node_pdb.7z +172e8df848141efa31a92ebbb8a557b314b6d97ada7f73cfd49b5397a2dc978d win-arm64/node_pdb.zip +016669a5da40b058c02e4a61a990dec2b4ad4d6fc071eeebdd8d07db4d2601db win-x64/node.exe 68a3ed4ccb2780dda353f609ec83ff6d6dc02a399f1dfed6621ae8c1f39a5788 win-x64/node.lib -6e62f3bdc215761372dc38f4c044b4de8bceb16f3d4b1fb5b87cc5764946ef6a win-x64/node_pdb.7z -8483f149955a344d3faa6c4659f680f11bfa23757c146fd3c9d510e01340b75c win-x64/node_pdb.zip -47c59d9a2ad4924b7886d54af9cd8454129f26d88c30895023b4ef1807940b42 win-x86/node.exe +7c3a5f02900047ef8451ac4cc134803960f80e2373fe187a8567d505f9b8415b win-x64/node_pdb.7z +44c07769d543b300f3a59f34e5deb428fa2454da9a55114ed945133cc9a4e702 win-x64/node_pdb.zip +38022d2ed2a9cb86998dfbd0e3bb2983e4eabaedbec81949223c2e27a5d4ecc4 win-x86/node.exe 13fb4b75d9e6fdf5a708b4dc8ea4ca60b565e4a3235514870e4b369e26fade5f win-x86/node.lib -40f0966f25b91837d9be795b20cd21c45d9f6b46258838fb62796cec4eb0d90d win-x86/node_pdb.7z -122c5f8f61a3cb53454e269c0ab7e131bdc89a549b1c446be3b2ed64286bd03f win-x86/node_pdb.zip +2c5750f21ca050a0a7d179970b11d2c54458492166905e7748bd2307c19b2771 win-x86/node_pdb.7z +834cb5cd72a281f01dc5273bd47818f12d00a5efacc315dc3addaeb91920a2de win-x86/node_pdb.zip diff --git a/SHASUMS256.txt.sig b/SHASUMS256.txt.sig index 470c50c..472ed57 100644 Binary files a/SHASUMS256.txt.sig and b/SHASUMS256.txt.sig differ diff --git a/node-v20.3.0.tar.xz b/node-v20.3.0.tar.xz deleted file mode 100644 index c98a0c7..0000000 --- a/node-v20.3.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1ba8d49423ed3a75729066bb3ea26493ee9cb7d6568ef948597fc9ef454f7435 -size 41709484 diff --git a/node-v20.3.1.tar.xz b/node-v20.3.1.tar.xz new file mode 100644 index 0000000..db4e59d --- /dev/null +++ b/node-v20.3.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:12a82db306697959b4389b351a5f97848986b1313f9901b0e0b3d8cf4f3f9991 +size 41712208 diff --git a/nodejs20.changes b/nodejs20.changes index 79dba0c..555fa84 100644 --- a/nodejs20.changes +++ b/nodejs20.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Wed Jun 21 11:24:39 UTC 2023 - Adam Majer + +- Update to version 20.3.1 (security fixes only). The following + CVEs are fixed in this release: + * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass + Experimental Policy Mechanism (High) + * (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in + Experimental Permission Model (High) + * (CVE-2023-30587, bsc#1212576): Bypass of Experimental + Permission Model via Node.js Inspector (High) + * (CVE-2023-30582, bsc#1212577): Inadequate Permission Model + Allows Unauthorized File Watching (Medium) + * (CVE-2023-30583, bsc#1212578): Bypass of Experimental + Permission Model via fs.openAsBlob() (Medium) + * (CVE-2023-30585, bsc#1212579): Privilege escalation via + Malicious Registry Key manipulation during Node.js + installer repair process (Medium) + * (CVE-2023-30586, bsc#1212580): Bypass of Experimental + Permission Model via Arbitrary OpenSSL Engines (Medium) + * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid + Public Key information in x509 certificates (Medium) + * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via + Empty headers separated by CR (Medium) + * (CVE-2023-30590, bsc#1212583): DiffieHellman does not + generate keys after setting a private key (Medium) + ------------------------------------------------------------------- Thu Jun 15 11:25:18 UTC 2023 - Adam Majer diff --git a/nodejs20.spec b/nodejs20.spec index 74d8964..6fd3230 100644 --- a/nodejs20.spec +++ b/nodejs20.spec @@ -31,7 +31,7 @@ %endif Name: nodejs20 -Version: 20.3.0 +Version: 20.3.1 Release: 0 # Double DWZ memory limits @@ -293,7 +293,7 @@ BuildRequires: openssl >= %{openssl_req_ver} %else # bundled openssl %if %node_version_number <= 12 && 0%{?suse_version} == 1315 && 0%{?sle_version} < 120400 -Provides: bundled(openssl) = 3.0.8 +Provides: bundled(openssl) = 3.0.9 %else BuildRequires: bundled_openssl_should_not_be_required %endif @@ -375,7 +375,7 @@ BuildRequires: pkgconfig(libbrotlidec) %endif -Provides: bundled(llhttp) = 8.1.0 +Provides: bundled(llhttp) = 8.1.1 Provides: bundled(ngtcp2) = 0.8.1 Provides: bundled(base64) = 0.5.0 Provides: bundled(simdutf) = 3.2.12