Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package nodejs20 for openSUSE:Factory
checked in at 2024-02-18 20:22:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nodejs20 (Old)
and /work/SRC/openSUSE:Factory/.nodejs20.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs20"
Sun Feb 18 20:22:33 2024 rev:22 rq:1147152 version:20.11.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/nodejs20/nodejs20.changes 2024-02-14
23:18:48.984420914 +0100
+++ /work/SRC/openSUSE:Factory/.nodejs20.new.1815/nodejs20.changes
2024-02-18 20:22:35.764768949 +0100
@@ -1,0 +2,15 @@
+Fri Feb 16 16:04:46 UTC 2024 - Adam Majer <adam.ma...@suse.de>
+
+- Update to 20.11.1: (security updates)
+ * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation
through Linux capabilities- (High)
+ * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request
with unbounded chunk extension allows DoS attacks- (High)
+ * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer
internals- (High)
+ * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due
to io_uring - (High)
+ * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack
(timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) -
(Medium)
+ * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to
improper path traversal sequence sanitization - (Medium)
+ * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in
--allow-fs-read and --allow-fs-write (Medium)
+ * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion
in fetch() brotli decoding - (Medium)
+ * undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
+ * libuv version 1.48.0 (CVE-2024-24806, bsc#1219724)
+
+-------------------------------------------------------------------
Old:
----
node-v20.11.0.tar.xz
New:
----
node-v20.11.1.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nodejs20.spec ++++++
--- /var/tmp/diff_new_pack.gaRJJ4/_old 2024-02-18 20:22:36.768805183 +0100
+++ /var/tmp/diff_new_pack.gaRJJ4/_new 2024-02-18 20:22:36.768805183 +0100
@@ -31,7 +31,7 @@
%endif
Name: nodejs20
-Version: 20.11.0
+Version: 20.11.1
Release: 0
# Double DWZ memory limits
@@ -298,7 +298,7 @@
%else
# bundled openssl
%if %node_version_number <= 12 && 0%{?suse_version} == 1315 &&
0%{?sle_version} < 120400
-Provides: bundled(openssl) = 3.0.12
+Provides: bundled(openssl) = 3.0.13
%else
BuildRequires: bundled_openssl_should_not_be_required
%endif
@@ -383,8 +383,8 @@
Provides: bundled(llhttp) = 8.1.1
Provides: bundled(ngtcp2) = 0.8.1
Provides: bundled(base64) = 0.5.1
-Provides: bundled(simdutf) = 3.2.18
-
+Provides: bundled(simdutf) = 4.0.4
+Provides: bundled(simdjson) = {{nothing}}
# bundled url-ada parser, not ada
Provides: bundled(ada) = 2.7.4
@@ -396,7 +396,7 @@
Provides: bundled(node-corepack) = 0.23.0
Provides: bundled(node-minimatch) = 9.0.3
Provides: bundled(node-streamsearch) = 1.1.0
-Provides: bundled(node-undici) = 5.27.2
+Provides: bundled(node-undici) = 5.28.3
Provides: bundled(node-undici-types) = 5.25.1
%description
++++++ SHASUMS256.txt ++++++
--- /var/tmp/diff_new_pack.gaRJJ4/_old 2024-02-18 20:22:36.816806915 +0100
+++ /var/tmp/diff_new_pack.gaRJJ4/_new 2024-02-18 20:22:36.824807203 +0100
@@ -1,42 +1,42 @@
-f76a47616ceb47b9766cb7182ec6b53100192349de6a8aebb11f3abce045748f
node-v20.11.0-aix-ppc64.tar.gz
-6f36120adc4a49657ceeb7e55b1d42fa58e1006f4ebd04e12a0c6858f58f7b1e
node-v20.11.0-arm64.msi
-94e443d007e2882f8e5aecc85d978f7591520dc3b642adc7583b3cb0b3fc37d7
node-v20.11.0-darwin-arm64.tar.gz
-f18a7438723d48417f5e9be211a2f3c0520ffbf8e02703469e5153137ca0f328
node-v20.11.0-darwin-arm64.tar.xz
-c0ba02c905814258bd99a362027f8d4d2cc738218a9cf1dce2620e8735e3a80e
node-v20.11.0-darwin-x64.tar.gz
-d4b4ab81ebf1f7aab09714f834992f27270ad0079600da00c8110f8950ca6c5a
node-v20.11.0-darwin-x64.tar.xz
-c456d00c993b3d60d29c50e3389edc4f181145934b4ed38ad2fd047938440f22
node-v20.11.0-headers.tar.gz
-5629e124cf240c73540df0c79d683b9568bab34d53a632e2d8a2c4ad279d7da1
node-v20.11.0-headers.tar.xz
-402178cd5438b9ed89bffafc119e2bd4148616390bcdfd7089090ffc4615c981
node-v20.11.0-linux-arm64.tar.gz
-f6df68c6793244071f69023a9b43a0cf0b13d65cbe86d55925c28e4134d9aafb
node-v20.11.0-linux-arm64.tar.xz
-04bc09322f3d71230c32364a6f55d64c67bdb4fe032f07bab5d3cb0a940b6b86
node-v20.11.0-linux-armv7l.tar.gz
-f943abd348d2b8ff8754ca912c118a20301eb6a0014cc4cdea86cff021fde8e6
node-v20.11.0-linux-armv7l.tar.xz
-333b51abb06931348640a8707a16ce8a71ac7c1c11ba6a7bd9ce0941f8bbde81
node-v20.11.0-linux-ppc64le.tar.gz
-6a0e1fa23d7bc707711bbc36159b4220eca123e13435d266d690c6b6c443dc67
node-v20.11.0-linux-ppc64le.tar.xz
-8d093b2f49017f67cff368fcfeafe036d9c3d0eca2656b379132afef2bf12725
node-v20.11.0-linux-s390x.tar.gz
-cc92efa3fa101d613539451b1cf323ea9ac6198b4a68a7d3bf3b1090c6a7b5da
node-v20.11.0-linux-s390x.tar.xz
-9556262f6cd4c020af027782afba31ca6d1a37e45ac0b56cecd2d5a4daf720e0
node-v20.11.0-linux-x64.tar.gz
-822780369d0ea309e7d218e41debbd1a03f8cdf354ebf8a4420e89f39cc2e612
node-v20.11.0-linux-x64.tar.xz
-e2acb2da96b455a9b8ce9c88f7f00eabeda75d2724e6789dfe65ee71b50298c2
node-v20.11.0.pkg
-9884b22d88554d65025352ba7e4cb20f5d17a939231bea41a7894c0344fab1bf
node-v20.11.0.tar.gz
-31807ebeeeb049c53f1765e4a95aed69476a4b696dd100cb539ab668d7950b40
node-v20.11.0.tar.xz
-5ba71917c41059deada7fc51bc838dcbe7c72017a13818fe12052f32a4a79920
node-v20.11.0-win-arm64.7z
-89c1f7034dcd6ff5c17f2af61232a96162a1902f862078347dcf274a938b6142
node-v20.11.0-win-arm64.zip
-83f1621f7f5debb14466e2a5a439b03a5508bf6ff9e36dd3be812d101d31b9d4
node-v20.11.0-win-x64.7z
-893115cd92ad27bf178802f15247115e93c0ef0c753b93dca96439240d64feb5
node-v20.11.0-win-x64.zip
-d0594c790377493ac1331c97c688527c2610fff5b2d788c86879dec99befd198
node-v20.11.0-win-x86.7z
-7233041955deca69a0cd7b958f9a927969a9c49c38c4bc7b627d57ee626095a6
node-v20.11.0-win-x86.zip
-9a8c2e99b1fca559e1a1a393d6be4a23781b0c66883a9d6e5584272d9bf49dc2
node-v20.11.0-x64.msi
-01484d759ca9aa758ca1e1ddf080c00ef850b2aa98645dafe4557a46e9fa0e7d
node-v20.11.0-x86.msi
-40c82471f28e5998d6978b59c8870177e68326f313e99141c5194fe4de849eca
win-arm64/node.exe
+43a881788549e1b3425eb5f2b92608f438f146e08213de09c5bd5ff841cae7ae
node-v20.11.1-aix-ppc64.tar.gz
+3f8e77b775372c0b27d2b85ce899d80339691f480e64dde43d4eb01504a58679
node-v20.11.1-arm64.msi
+e0065c61f340e85106a99c4b54746c5cee09d59b08c5712f67f99e92aa44995d
node-v20.11.1-darwin-arm64.tar.gz
+fd771bf3881733bfc0622128918ae6baf2ed1178146538a53c30ac2f7006af5b
node-v20.11.1-darwin-arm64.tar.xz
+c52e7fb0709dbe63a4cbe08ac8af3479188692937a7bd8e776e0eedfa33bb848
node-v20.11.1-darwin-x64.tar.gz
+ed69f1f300beb75fb4cad45d96aacd141c3ddca03b6d77c76b42cb258202363d
node-v20.11.1-darwin-x64.tar.xz
+0aa42c91b441e945ff43bd3a837759c58b436de57dcd033d02e5cbcd2fba1f87
node-v20.11.1-headers.tar.gz
+edce238817acf5adce3123366b55304aff2a1f0849231d1b49f42370e454b6f8
node-v20.11.1-headers.tar.xz
+e34ab2fc2726b4abd896bcbff0250e9b2da737cbd9d24267518a802ed0606f3b
node-v20.11.1-linux-arm64.tar.gz
+c957f29eb4e341903520caf362534f0acd1db7be79c502ae8e283994eed07fe1
node-v20.11.1-linux-arm64.tar.xz
+e42791f76ece283c7a4b97fbf716da72c5128c54a9779f10f03ae74a4bcfb8f6
node-v20.11.1-linux-armv7l.tar.gz
+28e0120d2d150a8f41717899d33167b8b32053778665583d49ff971bfd188d1b
node-v20.11.1-linux-armv7l.tar.xz
+9823305ac3a66925a9b61d8032f6bbb4c3e33c28e7f957ebb27e49732feffb23
node-v20.11.1-linux-ppc64le.tar.gz
+51343cacf5cdf5c4b5e93e919d19dd373d6ef43d5f2c666eae299f26e31d08b5
node-v20.11.1-linux-ppc64le.tar.xz
+4c66b2f247fdd8720853321526d7cda483018fcb32014b75c30f3a54ecacaea7
node-v20.11.1-linux-s390x.tar.gz
+b32616b705cd0ddbb230b95c693e3d7a37becc2ced9bcadea8dc824cceed6be0
node-v20.11.1-linux-s390x.tar.xz
+bf3a779bef19452da90fb88358ec2c57e0d2f882839b20dc6afc297b6aafc0d7
node-v20.11.1-linux-x64.tar.gz
+d8dab549b09672b03356aa2257699f3de3b58c96e74eb26a8b495fbdc9cf6fbe
node-v20.11.1-linux-x64.tar.xz
+f1cd449fcbeb1b948e8498cb8edd9655fa319d109a7f4c5bd96a9b122b91538a
node-v20.11.1-win-arm64.7z
+e85461ec124956a2853c4ee6e13c4f4889d63c88beb3d530c1ee0c4b51dc10e7
node-v20.11.1-win-arm64.zip
+fb9b5348259988a562a48eed7349e7e716c0bec78d98ad0a336b2993a8b3bf34
node-v20.11.1-win-x64.7z
+bc032628d77d206ffa7f133518a6225a9c5d6d9210ead30d67e294ff37044bda
node-v20.11.1-win-x64.zip
+c2b1863d8979546804a39fc63d0a9bc9c6e49cb2f6c9d1e52844a24629b24765
node-v20.11.1-win-x86.7z
+b98e95f78416d1359b647cfa09ba2a48b76d41b56a776df822bf36ffe8e76a2d
node-v20.11.1-win-x86.zip
+c54f5f7e2416e826fd84e878f28e3b53363ae9c3f60a140af4434b2453b5ae89
node-v20.11.1-x64.msi
+63e2aed4dabb96eed6903a3974e006d3c29c218472aac60ae3c3c7de00df13b1
node-v20.11.1-x86.msi
+c46019a095a1549d000e85da13f17972a448e0be5854a51786ecccde7278a012
node-v20.11.1.pkg
+4af1ba6ea848cc05908b8a62b02fb27684dd52b2a7988ee82b0cfa72deb90b94
node-v20.11.1.tar.gz
+77813edbf3f7f16d2d35d3353443dee4e61d5ee84d9e3138c7538a3c0ca5209e
node-v20.11.1.tar.xz
+a5a9d30a8f7d56e00ccb27c1a7d24c8d0bc96a2689ebba8eb7527698793496f1
win-arm64/node.exe
93529170cebe57c0f4830a4cc6a261b6cc9bcf0cd8b3e88ac4995a5015031d79
win-arm64/node.lib
-0c122978bbc1000ea274041039b1f01b6d6ffbd99d4f3e543ef59aa3ddb478b0
win-arm64/node_pdb.7z
-c2c9d294eff41013afbd61ded5a61f60943366ff9ded0b6224ada51ae1734ba6
win-arm64/node_pdb.zip
-5da5e201155bb3ea99134b404180adebcfa696b0dbc09571d01a09ca5489f53e
win-x64/node.exe
+c14c6e927406b8683cbfb8a67ca4c8fd5093ca7812b5b1627e3d6a53d3674565
win-arm64/node_pdb.7z
+68034cd09d8dfaa755d1b280da13e20388cc486ac57b037b3e11dfe2d6b74284
win-arm64/node_pdb.zip
+bc585910690318aaebe3c57669cb83ca9d1e5791efd63195e238f54686e6c2ec
win-x64/node.exe
53a982d490cb9fcc4b231a8b95147de423b36186bc6f4ba5697b20117fdcbd5d
win-x64/node.lib
-114e91742393e4f77354d02876d833bb1ee3b4574c6fbb8348be54035f25b433
win-x64/node_pdb.7z
-88533c1475ee77b121cf11bb5a3060314a9405a4cc41c164a4fcc61588e67f88
win-x64/node_pdb.zip
-38ca23f8dd943c0b7f29607a8414f11a5a27d06702680fa5071fcf04361dcb43
win-x86/node.exe
-416137df167e2b54548f92425244b039496da62b5a31f40fb6e7f331f07f5040
win-x86/node.lib
-0fe07006b930c9dc72028be8f2048f01e7827cc620ff2cf0bd773f1ea3f812d8
win-x86/node_pdb.7z
-dce7cd4b62a721d783ce961e9f70416ac63cf9cdc87b01f6be46540201333b1e
win-x86/node_pdb.zip
+ccac9f2f5219ed858aeddb306d6493478ba9675c7cbf009e83742437d6752c4f
win-x64/node_pdb.7z
+bec5da4035c84580843978a59ef9bcc1c0eaca881cf9e1c94e63a1862cf14421
win-x64/node_pdb.zip
+3829137e062b1e2eb9947ef05e4b717ae578a8fce1c5c60fe4f6ae7ef2ec0240
win-x86/node.exe
+c5321bb65dcecb3989f9b8f6ec56369c16627ca4bade0c78afb6b88f7dde50e4
win-x86/node.lib
+20ca60ced1fc21f15ea952b4406aec6bde39d20eab11cf042040628841b2249e
win-x86/node_pdb.7z
+bef05cebedce5949ae35e87e7d4789c16fa73caf478483fcf92e5dbb9ba5d774
win-x86/node_pdb.zip
++++++ SHASUMS256.txt.sig ++++++
Binary files /var/tmp/diff_new_pack.gaRJJ4/_old and
/var/tmp/diff_new_pack.gaRJJ4/_new differ
++++++ node-v20.11.0.tar.xz -> node-v20.11.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/nodejs20/node-v20.11.0.tar.xz
/work/SRC/openSUSE:Factory/.nodejs20.new.1815/node-v20.11.1.tar.xz differ: char
27, line 1
