Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package nodejs20 for openSUSE:Factory
checked in at 2023-10-17 20:22:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nodejs20 (Old)
and /work/SRC/openSUSE:Factory/.nodejs20.new.20540 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs20"
Tue Oct 17 20:22:28 2023 rev:14 rq:1118025 version:20.8.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/nodejs20/nodejs20.changes 2023-10-08
12:18:52.367353330 +0200
+++ /work/SRC/openSUSE:Factory/.nodejs20.new.20540/nodejs20.changes
2023-10-17 20:22:32.598125414 +0200
@@ -1,0 +2,13 @@
+Mon Oct 16 09:28:06 UTC 2023 - Adam Majer <adam.ma...@suse.de> - 20.8.1
+
+- Security fixes relase 20.8.1
+ * (CVE-2023-44487, bsc#1216190): nghttp2 Security Release
+ * (CVE-2023-45143, bsc#1216205): undici Security Release
+ * (CVE-2023-39332, bsc#1216271): Path traversal through path stored in
Uint8Array
+ * (CVE-2023-39331, bsc#1216270): Permission model improperly protects
against path traversal
+ * (CVE-2023-38552, bsc#1216272): Integrity checks according to policies can
be circumvented
+ * (CVE-2023-39333, bsc#1216273): Code injection via WebAssembly export names
+
+- fix_ci_tests.patch: refreshed
+
+-------------------------------------------------------------------
Old:
----
node-v20.8.0.tar.xz
New:
----
node-v20.8.1.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nodejs20.spec ++++++
--- /var/tmp/diff_new_pack.nb1ZaD/_old 2023-10-17 20:22:34.950207754 +0200
+++ /var/tmp/diff_new_pack.nb1ZaD/_new 2023-10-17 20:22:34.950207754 +0200
@@ -31,7 +31,7 @@
%endif
Name: nodejs20
-Version: 20.8.0
+Version: 20.8.1
Release: 0
# Double DWZ memory limits
@@ -315,7 +315,7 @@
%if ! 0%{with intree_nghttp2}
BuildRequires: libnghttp2-devel >= 1.41.0
%else
-Provides: bundled(nghttp2) = 1.56.0
+Provides: bundled(nghttp2) = 1.57.0
%endif
%if 0%{with valgrind_tests}
@@ -390,7 +390,7 @@
Provides: bundled(node-corepack) = 0.20.0
Provides: bundled(node-minimatch) = 9.0.3
Provides: bundled(node-streamsearch) = 1.1.0
-Provides: bundled(node-undici) = 5.25.2
+Provides: bundled(node-undici) = 5.26.3
Provides: bundled(node-undici-types) = 5.25.1
%description
++++++ SHASUMS256.txt ++++++
--- /var/tmp/diff_new_pack.nb1ZaD/_old 2023-10-17 20:22:35.002209573 +0200
+++ /var/tmp/diff_new_pack.nb1ZaD/_new 2023-10-17 20:22:35.006209713 +0200
@@ -1,42 +1,42 @@
-f8f5888d82c428136fd3a9b1951ebc06b759533eda5abf94a5676904417d7dd2
node-v20.8.0-aix-ppc64.tar.gz
-7614f7b8464378a4077aedcb378a0b220c366bab722472ff3e07aa3d1512f6e0
node-v20.8.0-arm64.msi
-cbcb7fdbcd9341662256df5e4488a0045242f87382879242093e0f0699511abc
node-v20.8.0-darwin-arm64.tar.gz
-ea1362cdb1c062ab5bc134219b1467d39272b2ce6b30a6743d8e7a798185f3f2
node-v20.8.0-darwin-arm64.tar.xz
-a6f6b573ea656c149956f69f35e04ebb242b945d59972bea2e96a944bbf50ad1
node-v20.8.0-darwin-x64.tar.gz
-598538764639b67750e9002f2d3b6dca2a5f7576f9714d24816f060ada7b92ea
node-v20.8.0-darwin-x64.tar.xz
-400a9ae60e48816943f0016a9ec10fdc0c09ea8e6db97de203806431807ac49b
node-v20.8.0-headers.tar.gz
-3016b71eb7879c52ed19395f352b121250bf917e35497a87b937731f76e3438d
node-v20.8.0-headers.tar.xz
-cec9be5a060f63bfda7ef5b5a368cba5cfa0ce673b117bae8c146ec5df767cbe
node-v20.8.0-linux-arm64.tar.gz
-ec2d98894d58d07260e61e6a70b88cabea98292f0b2801cbeebd864d242e1087
node-v20.8.0-linux-arm64.tar.xz
-1922c4ff0c710b18bc6946e4efcc592b832e8c22853066b70a74181ac6d92a36
node-v20.8.0-linux-armv7l.tar.gz
-6df86705df9f63cda322b5570efa26a7509bfe4fbf2721d0d1acc81e0e3c9105
node-v20.8.0-linux-armv7l.tar.xz
-44beb7fb1ebacedf5a4c08cc4cd5d346820058a3f3316d9f34bc2fa16a29fd8c
node-v20.8.0-linux-ppc64le.tar.gz
-ae8130354dbf2526ddffa92c406864d97c08044ddb66b8aaaccb54be03085a27
node-v20.8.0-linux-ppc64le.tar.xz
-7f1c1f515eb4a93ef00ef8630de6f1e308c21969ce4b3ff482269cedb7929595
node-v20.8.0-linux-s390x.tar.gz
-a529f569b6783bd3cb948b7cb5cfee2270a720db1b347e1e168f46ad9123394d
node-v20.8.0-linux-s390x.tar.xz
-ae6f288a21a3bc7a82b79d3f00c52216df6de09c45eac0ea754243a9c7fb5e69
node-v20.8.0-linux-x64.tar.gz
-66056a2acc368db142b8a9258d0539e18538ae832b3ccb316671b0d35cb7c72c
node-v20.8.0-linux-x64.tar.xz
-6a98a466aaf7d4180365e7fe17a168fc305923d8bc64048daddd706428142e07
node-v20.8.0.pkg
-daa1f39d262b8e07a06c272f2671337f1bfce54000db9662de0dfce3c18fff3c
node-v20.8.0.tar.gz
-412be847ae6df61010ba9da3cc3e6be5b67aa002e354e919f59ec8360371704c
node-v20.8.0.tar.xz
-e5872b8a701033b57e91a6feead96a8468165cc40698885689478aebe4aea0f9
node-v20.8.0-win-arm64.7z
-7426fbd791871f07a3672750b938dd3d9d82bcdb6c0a75cc5b588bbfba30e90b
node-v20.8.0-win-arm64.zip
-fe703df746cb22f970b85134096a5097c8585fa377a394df1f68ab687ae39d65
node-v20.8.0-win-x64.7z
-6afd5a7aa126f4e255f041de66c4a608f594190d34dcaba72f7b348d2410ca66
node-v20.8.0-win-x64.zip
-93b1e13ed8ffce4214e2549daed15ab5a0cae1559164700ac9d90ab2626cfd35
node-v20.8.0-win-x86.7z
-6b3d1d5ed4b1c6220fa1c55943d923977a8cda90808af0d16d7956727f0cd275
node-v20.8.0-win-x86.zip
-83e4bad748d667799d8bb0a8cb8068c4c7ce702825d27d464cbdf746b8ae5682
node-v20.8.0-x64.msi
-34143ccf8409fd219590d54f4c6c016153699721d15299f76cbe18a0e8652795
node-v20.8.0-x86.msi
-701c5023d9a63b49d5e6a09793c5d80521252eb1ce088a8634b3e91b08271737
win-arm64/node.exe
-eab9876602b7187761bbbef60be4d67194d51fc5be949e076a10e357573451f6
win-arm64/node.lib
-9e6227bb37aee49f48478b42ad82c4777643d438c25503f4ff6640212d556c3d
win-arm64/node_pdb.7z
-1def19747c1c7b8ae98b2bb15b10ea2c6d8d649a221473ca3bf3daef3ccf433e
win-arm64/node_pdb.zip
-5f259ef0e934281c92e493555eff65595e679a0ca1697b0e220805b41422f2cd
win-x64/node.exe
+eea26c68c1f4799fc3ac3f2da9bfd4038b987d51d19d9c4ba8b145b3eee53c7d
node-v20.8.1-aix-ppc64.tar.gz
+93a5796c02c4e97378d6d0e2fcd8ac7b39418d97c21cf9aa6d9aa605814a1bff
node-v20.8.1-arm64.msi
+5451f3651c89cd8f224e74961c84e68f4c8d63fe288431a3223b0465cc8b961e
node-v20.8.1-darwin-arm64.tar.gz
+147e700ec86f8dbb8428600675673de303eb8710273b531031e5e9f3cde64644
node-v20.8.1-darwin-arm64.tar.xz
+92b00b357c311eb45dd86516b032d80c63894aa069821c3ae3c8b3bbd00fdb9a
node-v20.8.1-darwin-x64.tar.gz
+679843744b44ac897479fd53340fdc6d96e5b5c139e90b9cdcbad8a403eaf807
node-v20.8.1-darwin-x64.tar.xz
+b2db83feb961721f17142e792643974b04456cf2da34c22da3ac29cd00123226
node-v20.8.1-headers.tar.gz
+298e41b8d7fd17738049f9c5f6e315bb0f935ab90f9b542d1a55cf6488cc3d67
node-v20.8.1-headers.tar.xz
+c0420fef5f6e637888be3f400e99297bb844932166fbad5ffa4f188ce59cfcdf
node-v20.8.1-linux-arm64.tar.gz
+fec6edefa7ff959b29c7887735582ff2a2211b36a65a539da0f37db6797b7cff
node-v20.8.1-linux-arm64.tar.xz
+679fb1cc74ecc460b4a8178b90be2847af28ee817fa2f39d986c832405c0ee1e
node-v20.8.1-linux-armv7l.tar.gz
+f8370aaecd2cc2f26f8571aed7ffcf8efb6dc884a9a5e8e7a5e225e5ccfe6b74
node-v20.8.1-linux-armv7l.tar.xz
+162bbf69b2c1aefc8163c371324cfd70582b8527e7623436d6e53823987a23d2
node-v20.8.1-linux-ppc64le.tar.gz
+648d80fcb4a160e3078a66b3fc8c8eac669d28de3cfa533abed0bf8cb5af5785
node-v20.8.1-linux-ppc64le.tar.xz
+d6a384293f18ba49b7507b67ce2ca1958050930768cae817d4705c3d3e672af2
node-v20.8.1-linux-s390x.tar.gz
+4aa14458f2bac422989cc4526c431b14743c2f07889559fd1f2163cc6f3071f4
node-v20.8.1-linux-s390x.tar.xz
+a42ac1f81704b14c7d07ddde989a8e290087b0487ee3f47185eb0240ba518195
node-v20.8.1-linux-x64.tar.gz
+44096f6276cf735f3b25f47ffaaa1629b0abad4d9932c3a77d9dcdc743a3ff92
node-v20.8.1-linux-x64.tar.xz
+abd016ae0dd943b196510e67277542c9cd31d24fbfa6834116a485d2c1d2b882
node-v20.8.1-win-arm64.7z
+fbf7709c815f37577995d04b2cc41764033f06545c2c142d253ed257fe497960
node-v20.8.1-win-arm64.zip
+6b3cb0e8d347ac52f0c45ba27a8c6f099b8053f18dfe7f6802e21c0b312aaedf
node-v20.8.1-win-x64.7z
+90b27dab351a582edd3a8de2e8aaa80d95c41f19fe92ebbef83b9a45bac95d00
node-v20.8.1-win-x64.zip
+ea692ad4bb1e80156aa6143c39afda2cfd0d46c36e14a1e03064a5bd084f05cc
node-v20.8.1-win-x86.7z
+ba90977d0bee226db2dc89f55a3964eee4d844caef96e4db6994e1800d9c7dce
node-v20.8.1-win-x86.zip
+c364cda2bab611b08404d5f8c93913b0007b3a19830a27dee5ff5d466807f5eb
node-v20.8.1-x64.msi
+4f3daffb3124c08a31ebeca0a6b9aa4e4effcd5650c1fe1274c61343fb46689c
node-v20.8.1-x86.msi
+097897aa8489962e955700d75238230e8295fbc02a27bcdd53d4462ead2c8c7e
node-v20.8.1.pkg
+18aed385341bc16c7802e9d03189d1d0ad17b87923b2cdf11714d36534783b6a
node-v20.8.1.tar.gz
+f799c66f6a6386bb8ac2c75a378f740c455e97f1fe964393dd39c9f9f6efbc70
node-v20.8.1.tar.xz
+60a3d73fb1d376e6ed0a8b8e6734ab6c80aaa031fa023fd1be42276cc80dff93
win-arm64/node.exe
+90cb9fbf80b276f2ed039533a8b67f1aeaf204f0aaf6396b290ae9c4dcd6d690
win-arm64/node.lib
+6887174c70c5ca8941b9e2bad9b02bb5413158590ec5457f4497bb66d685a545
win-arm64/node_pdb.7z
+3824fb4b85c8f8086f0c33c4e906c1ac448cd6259949a06d6956e2b1b300befe
win-arm64/node_pdb.zip
+ccc62758d85434502141611b18af5fdbbc5c9087facaf4a7900d454f3d2fdd48
win-x64/node.exe
45d2519b3be3655e7b52ffcee613a484c38e768a59e9b9d4f08a3580d76a768a
win-x64/node.lib
-7cfb8db4f2dea0a90b725e03d308363d2a161fbaf7ddfa583b248d0f95653043
win-x64/node_pdb.7z
-d8e13fcded6542515d4796ac4f1d90cbdaaf484003a5e4338a766f543c9412ef
win-x64/node_pdb.zip
-7cddd80bfd283aa9b89af122ff32c4d0f046cb5680482369a988490601e11716
win-x86/node.exe
-62fe4a233ba54cf69bb528cde835997a84c0d5def5f41d283e02c1e538b4ec5f
win-x86/node.lib
-dcf457f5849dbb50e798631f1bd3827dc884e3ec9ecb1fa8d5523d89b7f44025
win-x86/node_pdb.7z
-0ed977e711297e9c0ab60aeacf932d23877c651a30db7fda9c4a5909d4e18c79
win-x86/node_pdb.zip
+e98706e1126309275692c0d318a0f1c54a50ae2447c11e3bcc1c6c261dced63a
win-x64/node_pdb.7z
+9840a61ea4dea5128c20632f367e1bed2d2ace5fa008fe29b3ae28a9f4c21805
win-x64/node_pdb.zip
+1c6ddd284a55664f0b2514bed7fcfe1fafcfec06f6dd07e82fefad9bb10aac60
win-x86/node.exe
+0809f4b2f415581f7d932d80be4ac3ff7c4344421f7cccb34ff2f30c18c2ba0c
win-x86/node.lib
+63f95d51077f2dd0360c57cc4286cc74a740391b04b63fd04914583007e8cf10
win-x86/node_pdb.7z
+108b21fc46465197cb4c07df4b25143b2a5d348b30e0d64c2536472fd94cba3e
win-x86/node_pdb.zip
++++++ SHASUMS256.txt.sig ++++++
Binary files /var/tmp/diff_new_pack.nb1ZaD/_old and
/var/tmp/diff_new_pack.nb1ZaD/_new differ
++++++ fix_ci_tests.patch ++++++
--- /var/tmp/diff_new_pack.nb1ZaD/_old 2023-10-17 20:22:35.054211394 +0200
+++ /var/tmp/diff_new_pack.nb1ZaD/_new 2023-10-17 20:22:35.058211534 +0200
@@ -2,10 +2,10 @@
Date: Dec 20 09:18:49 UTC 2017
Summary: Fix CI unit tests framework for OBS building
-Index: node-v20.8.0/test/parallel/test-module-loading-globalpaths.js
+Index: node-v20.8.1/test/parallel/test-module-loading-globalpaths.js
===================================================================
---- node-v20.8.0.orig/test/parallel/test-module-loading-globalpaths.js
-+++ node-v20.8.0/test/parallel/test-module-loading-globalpaths.js
+--- node-v20.8.1.orig/test/parallel/test-module-loading-globalpaths.js
++++ node-v20.8.1/test/parallel/test-module-loading-globalpaths.js
@@ -11,6 +11,9 @@ const { addLibraryPath } = require('../c
addLibraryPath(process.env);
@@ -16,10 +16,10 @@
if (process.argv[2] === 'child') {
console.log(require(pkgName).string);
} else {
-Index: node-v20.8.0/test/parallel/test-tls-passphrase.js
+Index: node-v20.8.1/test/parallel/test-tls-passphrase.js
===================================================================
---- node-v20.8.0.orig/test/parallel/test-tls-passphrase.js
-+++ node-v20.8.0/test/parallel/test-tls-passphrase.js
+--- node-v20.8.1.orig/test/parallel/test-tls-passphrase.js
++++ node-v20.8.1/test/parallel/test-tls-passphrase.js
@@ -223,7 +223,7 @@ server.listen(0, common.mustCall(functio
}, onSecureConnect());
})).unref();
@@ -29,10 +29,10 @@
// Missing passphrase
assert.throws(function() {
-Index: node-v20.8.0/test/parallel/test-repl-envvars.js
+Index: node-v20.8.1/test/parallel/test-repl-envvars.js
===================================================================
---- node-v20.8.0.orig/test/parallel/test-repl-envvars.js
-+++ node-v20.8.0/test/parallel/test-repl-envvars.js
+--- node-v20.8.1.orig/test/parallel/test-repl-envvars.js
++++ node-v20.8.1/test/parallel/test-repl-envvars.js
@@ -2,7 +2,9 @@
// Flags: --expose-internals
@@ -44,10 +44,10 @@
const stream = require('stream');
const { describe, test } = require('node:test');
const REPL = require('internal/repl');
-Index: node-v20.8.0/Makefile
+Index: node-v20.8.1/Makefile
===================================================================
---- node-v20.8.0.orig/Makefile
-+++ node-v20.8.0/Makefile
+--- node-v20.8.1.orig/Makefile
++++ node-v20.8.1/Makefile
@@ -545,7 +545,8 @@ test-ci-js: | clear-stalled
.PHONY: test-ci
# Related CI jobs: most CI tests, excluding node-test-commit-arm-fanned
@@ -68,10 +68,10 @@
echo "Skipping tools/doc/node_modules (no crypto)"; \
else \
cd tools/doc && $(call available-node,$(run-npm-ci)) \
-Index: node-v20.8.0/tools/test.py
+Index: node-v20.8.1/tools/test.py
===================================================================
---- node-v20.8.0.orig/tools/test.py
-+++ node-v20.8.0/tools/test.py
+--- node-v20.8.1.orig/tools/test.py
++++ node-v20.8.1/tools/test.py
@@ -1361,7 +1361,7 @@ def BuildOptions():
result.add_option("-s", "--suite", help="A test suite",
default=[], action="append")
@@ -81,10 +81,10 @@
result.add_option("--arch", help='The architecture to run tests for',
default='none')
result.add_option("--snapshot", help="Run the tests with snapshot turned
on",
-Index: node-v20.8.0/test/parallel/test-crypto-dh.js
+Index: node-v20.8.1/test/parallel/test-crypto-dh.js
===================================================================
---- node-v20.8.0.orig/test/parallel/test-crypto-dh.js
-+++ node-v20.8.0/test/parallel/test-crypto-dh.js
+--- node-v20.8.1.orig/test/parallel/test-crypto-dh.js
++++ node-v20.8.1/test/parallel/test-crypto-dh.js
@@ -89,7 +89,7 @@ const crypto = require('crypto');
dh3.computeSecret('');
}, { message: common.hasOpenSSL3 ?
++++++ node-v20.8.0.tar.xz -> node-v20.8.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/nodejs20/node-v20.8.0.tar.xz
/work/SRC/openSUSE:Factory/.nodejs20.new.20540/node-v20.8.1.tar.xz differ: char
26, line 1
