diff --git a/SHASUMS256.txt b/SHASUMS256.txt index a659e98..08e6a86 100644 --- a/SHASUMS256.txt +++ b/SHASUMS256.txt @@ -1,41 +1,41 @@ -0dbffde04695933f508e964a103657d6ef55ddadf3d8e9c39e0191c6ee2b4ead node-v21.6.1-aix-ppc64.tar.gz -88f1d4e8982d0cc439137c9b95405622489d1573051a7a13d618ef0ef2896e76 node-v21.6.1-arm64.msi -94c280bba809fa66867e363ec9e990217aedf893116660b8c75a1c4fda3baea5 node-v21.6.1-darwin-arm64.tar.gz -a1edec87af235b55443cb87d38f523d86cefa3426b9b9fe52328430124ae48ed node-v21.6.1-darwin-arm64.tar.xz -5c4821c62a1f61cf3219bc244d30a5b1cdec197c8acabc1ee7cd9ff17bbba947 node-v21.6.1-darwin-x64.tar.gz -35b0000723ab93ae3110fbdb2833947bc206da761d36da15ed2ef2f3b7f9b3b6 node-v21.6.1-darwin-x64.tar.xz -d0bc7a37a7a16301565119c472cfa3c00a4122891bec792d83f2992e3eefb62e node-v21.6.1-headers.tar.gz -7b217de8af0d2c05fffd0fb8b5cb2136c93e312bccd5cf454f039196777e4762 node-v21.6.1-headers.tar.xz -e19a4364cf27c9c0cdc1472faf4eece6313b590f1e9c55852d8ec3efa89fe097 node-v21.6.1-linux-arm64.tar.gz -19900c1a0a9d7e2ea781b46c7d498ffdf3e37e34f46b96e7344bd7bb8f27be66 node-v21.6.1-linux-arm64.tar.xz -b899fcb09400b255e6264dabca907e7a567debae98a4cce248fcdea2f2ebaf1c node-v21.6.1-linux-armv7l.tar.gz -ee63708a84ad27268a62dc04f697016f762c6c8a4261d0e1680d45829f9fa06f node-v21.6.1-linux-armv7l.tar.xz -859654218d795ab60c213d29af492904d74fd0a7a1cebc3790b1cb61838fc5eb node-v21.6.1-linux-ppc64le.tar.gz -0f22931238d96d931e8ad788326f4db92860e83105c493ee9b29a4b378b18f18 node-v21.6.1-linux-ppc64le.tar.xz -a4c885443eb92199253fe6efb48c2211ae09b003edf3af8220532a4a6fc77c86 node-v21.6.1-linux-s390x.tar.gz -efa9496c3c1e1691dfabea45e2839b592675a571880b9d25b35d3565e16f3d66 node-v21.6.1-linux-s390x.tar.xz -d2ac105754e5fc657a6a25ea7d31f19dd63d3ec845dce0aef0232533d52bc125 node-v21.6.1-linux-x64.tar.gz -c65cbf7342260df8e59dd2fe2e06dc1f36ac46c9d433a64cd84521fd4915c291 node-v21.6.1-linux-x64.tar.xz -da16368922e7da397df62c9f7571880a5d7bb8506c43097b71edf4001bc9c628 node-v21.6.1.pkg -7e284d0d64c2edcec84ecfd5bda1d9e7b82a8a3fe401f8b7023c5bc1d9fdd4d5 node-v21.6.1.tar.gz -7a82f356d1dcba5d766f0e1d4c750e2e18d6290b710b7d19a8725241e7af1f60 node-v21.6.1.tar.xz -b368ed9585ace23d145569ec670fbcbe29d2014c4fa9383705edfba9e12ec432 node-v21.6.1-win-arm64.7z -043d147e0fd55dd044ef304d4d87303f69bdf3bd1a6fd715871eee3df7f153dd node-v21.6.1-win-arm64.zip -c09bf7f09eb3aab90b1d1a6daae9f2b99704333fe6bb83a757bd2de8d2f849a1 node-v21.6.1-win-x64.7z -a74b3933e73982553c1fdea3a3a27b09488ac09845e230c7532d4387c0f9c8fe node-v21.6.1-win-x64.zip -8d936365d2473e5f11452d60a61b041ce3a95e93686cef8fb1248516f56407de node-v21.6.1-win-x86.7z -1d0cdad8b691fc1a92cf1d301ea24c905d36d36f9134a7a7e4c60ce12eef6393 node-v21.6.1-win-x86.zip -6ced3da3d4689a150452a2a6bce30d4c61067e9ec37cb89f56cc930a7ae468a4 node-v21.6.1-x64.msi -bcf13ea38a038fa4c156f6795d8f7d05b1c4a7dc3804c99717cbd0321199bb2b node-v21.6.1-x86.msi -292c6e750a066c7306b42375874eadca1a7e1e7351022f8bcc75083223c82bd1 win-arm64/node.exe -7bf3d6ec7d4f20a33ec4bc6140a196da9bae6ea7ade0bfc312bde82fcf1e341e win-arm64/node.lib -e36f9a1579efc8e4951dbaa54be610a968b039d41bcdab5fe971214f4d720061 win-arm64/node_pdb.7z -b50ca588dcdbe6c8e922b0ed3875e700e027349754b36f5c2e4078298cb8deff win-arm64/node_pdb.zip -18888b1cb13e581cba0eae3444bd37aa1946c0eb7ddb4cb2352cc7213501b219 win-x64/node.exe -062c4519e957aac29ee4e03ca5ff80212d72cd5f075e5d6e58f98fdd01d8b244 win-x64/node.lib -ac048ae771d7bb4c35307dd8a3df384d947737ef25f804f442c08dd4f4eedf2b win-x64/node_pdb.7z -7a753ffdde2ea70324cd4d21d34cc7719f0a9772a93e6cf0dd8975101896a11b win-x64/node_pdb.zip -4a7b36ebdb5a8f42e87a5c8b7e2b2dacf73c3f74fd2d060618138d8ee8a60e69 win-x86/node.exe -ca3fefa67c54bf9b18913b4b0e95d1b61a82b9a3f09acb8feea8fb96f56bc3b8 win-x86/node.lib -c33858a9294444e08c1dfd1634c25f31ed0142c6a0e0d8c0ce58ed63f39840ae win-x86/node_pdb.7z -28dbc65626661a4510daf469a0da43a5166510dc6e26661a732533df648cdbc6 win-x86/node_pdb.zip +e06dff53a5e2a88caff9735c076165a6a53f4c45960a8887410684e1fea6c7cb node-v21.6.2-aix-ppc64.tar.gz +c7fa8788001eaac4bb250a84f6b3a918ebaa8016111ece95d59b513cf4a394dc node-v21.6.2-arm64.msi +120c8205654c640865864dc464389b3ffe6d7ebe310dffdbe3fd8718a512e14f node-v21.6.2-darwin-arm64.tar.gz +f8aa996b4e7700069892bc9ff28ddef3b3b3c8c952b929d1b148c943995970e3 node-v21.6.2-darwin-arm64.tar.xz +0f75d9b46b986100c6faeec040ee46adf4981eb6abb5dd63e7a6ca4868d280f4 node-v21.6.2-darwin-x64.tar.gz +5944de39bc7b8af229b0024d583ced7c76cee194ee9068a07d67372a606c5105 node-v21.6.2-darwin-x64.tar.xz +55d9a03dcfce682583eb5e7eec15f32ae95b28b6e805f31688b22a7bd71581b1 node-v21.6.2-headers.tar.gz +976500ffa659108fa2eb30daae2f1b96a34a97b2caa1db30802ac56edc2b237a node-v21.6.2-headers.tar.xz +b8431985c53cc14e02cddf4c128d043c62af19023f908ebcdc1c6a683ee995f3 node-v21.6.2-linux-arm64.tar.gz +2606765f95262bcebb323e56a39b3be8db89863fbd83e06d2b5a08e41dc78f29 node-v21.6.2-linux-arm64.tar.xz +d6127be538ae57447fd40bac6ea124ad71cfd5a50b9343b781830cc92bc1a0c2 node-v21.6.2-linux-armv7l.tar.gz +ae33085c3d635f9488f47c56ee90fdf0dc9c1d0a520cfbe281c5b08d69e64da0 node-v21.6.2-linux-armv7l.tar.xz +2e265d86f9d20ba223d65ceadc0589b156439a5521cd9da6e34de5460a0d2195 node-v21.6.2-linux-ppc64le.tar.gz +b951f52db17b75a7bff0a2da2cefca3ba1e4dd7368b2b1280f39fcbecde0555c node-v21.6.2-linux-ppc64le.tar.xz +7cba8c2b2338aaa05f5dec5d953d61cdf5219881a7c8d420f215e920a33c06fa node-v21.6.2-linux-s390x.tar.gz +167bb0595478bae4c46b2248cae16890d24c2a9c92de7d0e27f9d1cafcad21ba node-v21.6.2-linux-s390x.tar.xz +d4504dcbcd1a9ded42d86bc20a7e72d6d631e49dcf3f9c849c3b51b12f3f4544 node-v21.6.2-linux-x64.tar.gz +593dd28f5c78d797e76b730937b95fcdfc594f053a8756b1d0860a4555bed58e node-v21.6.2-linux-x64.tar.xz +a0cdada31786f6ff1f82e8fd91bda23cd4f615a56acd3c9605cd468b60b8437a node-v21.6.2-win-arm64.7z +a201948e5f0df6de6c4b42dbcb42d7a10d3cb5b6dbb7a40e3f4244644d3b3d1a node-v21.6.2-win-arm64.zip +d450d170009d272c98765af3abf2bbc2903c1c08856f9e3730be03cc9d9b2bc5 node-v21.6.2-win-x64.7z +99bac3a930bd487e53c5a35b3e2f5ec102053316d7eb89f93273d916d57353a2 node-v21.6.2-win-x64.zip +44dee171378d7ac9967e772a8f114be5fdf59a163f65ec5faa7411c8be3bc961 node-v21.6.2-win-x86.7z +1701b32ba5315c794c2a64ef4a71e93ad2a6c109acf5b577d628413a7dc5cd04 node-v21.6.2-win-x86.zip +e081647df79c833e9d62e7edff5e9e01dbd5b78417dff6ef149e6384e8327bcf node-v21.6.2-x64.msi +12960661f83a1618adf57e84eddcd1886edec452d74f27318efde8b92a25c91a node-v21.6.2-x86.msi +6b5d7153dffec20487cbcb81d5ebaf97e6678eb463337e8429ba4e7b60754505 node-v21.6.2.pkg +9020fb36ec7e04f5032944c8422c2004350e9bfcd5e835ac3c90b74981c1f3e0 node-v21.6.2.tar.gz +191294d445d1e6800359acc8174529b1e18e102147dc5f596030d3dce96931e5 node-v21.6.2.tar.xz +ae7ccd1298e8871e61c1223a929ff482fa43d29aa284118798f01a73e40b2b29 win-arm64/node.exe +cf6082f3ffb45335d41566805c7b844082f36042fa7dc2dc6aecdc3ce0e7c79a win-arm64/node.lib +8cb47e9ebda0efb8578382db82001308bcb2de95e0275e0bca3ff4f03de140b1 win-arm64/node_pdb.7z +cdb3d760f9aca9578135c25f299b382e074bfcb56b2d321acf278a0a76ec2eb4 win-arm64/node_pdb.zip +3f06d98986b4ddf7e9d258936bb7b8907c44c6e9a29c645a5aca04e5a26c0b53 win-x64/node.exe +cacf06da3d7f04d0a0a5a901bfbdbaf0950cc5f73febf7b2f451b27c7f6265b1 win-x64/node.lib +077739fded97d02d026db839aca840622c34b7e584efe294d40fc8d1bd9dc19a win-x64/node_pdb.7z +54c3a6fea6f832716bfe5d918a56ca1767ae89163729c34d866c2623c0a90edf win-x64/node_pdb.zip +0aaa0f4635253afe9660f64a862786db555961ecc7217b68fa120817c0c56a00 win-x86/node.exe +ca6545afa230d2abdbf8ba19065f77b727bde72dfa253c466d876d0b3a7ea4ee win-x86/node.lib +cf24de1e7157ac4bac77fccb255fe295e8639a349d5c9f8726fe3e6b5ccf8afc win-x86/node_pdb.7z +99f2345e0e737fbd7f8d94b4118d9dc820ebc198823de29324e1f1754f84c9e0 win-x86/node_pdb.zip diff --git a/SHASUMS256.txt.sig b/SHASUMS256.txt.sig index 4524362..e3025f8 100644 Binary files a/SHASUMS256.txt.sig and b/SHASUMS256.txt.sig differ diff --git a/node-v21.6.1.tar.xz b/node-v21.6.1.tar.xz deleted file mode 100644 index e74bafd..0000000 --- a/node-v21.6.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7a82f356d1dcba5d766f0e1d4c750e2e18d6290b710b7d19a8725241e7af1f60 -size 42656664 diff --git a/node-v21.6.2.tar.xz b/node-v21.6.2.tar.xz new file mode 100644 index 0000000..a871111 --- /dev/null +++ b/node-v21.6.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:191294d445d1e6800359acc8174529b1e18e102147dc5f596030d3dce96931e5 +size 42668368 diff --git a/nodejs21.changes b/nodejs21.changes index 7584415..5cdd49e 100644 --- a/nodejs21.changes +++ b/nodejs21.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Fri Feb 16 15:37:23 UTC 2024 - Adam Majer + +- Update to 21.6.2: (security updates) + * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High) + * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) + * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High) + * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High) + * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) + * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) + * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) + * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) + * undici version 5.28.3 (CVE-2024-24758, bsc#1220017) + * libuv version 1.48.0 + ------------------------------------------------------------------- Mon Feb 12 14:51:32 UTC 2024 - Adam Majer diff --git a/nodejs21.spec b/nodejs21.spec index 6cc68e3..34869a7 100644 --- a/nodejs21.spec +++ b/nodejs21.spec @@ -31,7 +31,7 @@ %endif Name: nodejs21 -Version: 21.6.1 +Version: 21.6.2 Release: 0 # Double DWZ memory limits @@ -298,7 +298,7 @@ BuildRequires: openssl >= %{openssl_req_ver} %else # bundled openssl %if %node_version_number <= 12 && 0%{?suse_version} == 1315 && 0%{?sle_version} < 120400 -Provides: bundled(openssl) = 3.0.12 +Provides: bundled(openssl) = 3.0.13 %else BuildRequires: bundled_openssl_should_not_be_required %endif @@ -371,10 +371,10 @@ ExclusiveArch: not_buildable %endif Provides: bundled(uvwasi) = 0.0.19 -Provides: bundled(libuv) = 1.47.0 +Provides: bundled(libuv) = 1.48.0 Provides: bundled(v8) = 11.8.172.17 %if %{with intree_brotli} -Provides: bundled(brotli) = 1.0.9 +Provides: bundled(brotli) = 1.1.0 %else BuildRequires: pkgconfig(libbrotlidec) %endif @@ -383,8 +383,8 @@ BuildRequires: pkgconfig(libbrotlidec) Provides: bundled(llhttp) = 9.1.3 Provides: bundled(ngtcp2) = 0.8.1 Provides: bundled(base64) = 0.5.1 -Provides: bundled(simdutf) = 4.0.4 -Provides: bundled(simdjson) = 3.6.2 +Provides: bundled(simdutf) = 4.0.8 +Provides: bundled(simdjson) = 3.6.3 # bundled url-ada parser, not ada Provides: bundled(ada) = 2.7.4 @@ -394,7 +394,7 @@ Provides: bundled(node-acorn-walk) = 8.3.1 Provides: bundled(node-cjs-module-lexer) = 1.2.2 Provides: bundled(node-corepack) = 0.24.0 Provides: bundled(node-minimatch) = 9.0.3 -Provides: bundled(node-undici) = 5.28.2 +Provides: bundled(node-undici) = 5.28.3 %description Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js