Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package nodejs21 for openSUSE:Factory
checked in at 2024-02-18 20:22:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nodejs21 (Old)
and /work/SRC/openSUSE:Factory/.nodejs21.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs21"
Sun Feb 18 20:22:37 2024 rev:7 rq:1147153 version:21.6.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/nodejs21/nodejs21.changes 2024-02-14
23:18:45.976312468 +0100
+++ /work/SRC/openSUSE:Factory/.nodejs21.new.1815/nodejs21.changes
2024-02-18 20:22:41.280968015 +0100
@@ -1,0 +2,15 @@
+Fri Feb 16 15:37:23 UTC 2024 - Adam Majer <adam.ma...@suse.de>
+
+- Update to 21.6.2: (security updates)
+ * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation
through Linux capabilities- (High)
+ * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request
with unbounded chunk extension allows DoS attacks- (High)
+ * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer
internals- (High)
+ * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due
to io_uring - (High)
+ * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack
(timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) -
(Medium)
+ * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to
improper path traversal sequence sanitization - (Medium)
+ * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in
--allow-fs-read and --allow-fs-write (Medium)
+ * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion
in fetch() brotli decoding - (Medium)
+ * undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
+ * libuv version 1.48.0
+
+-------------------------------------------------------------------
Old:
----
node-v21.6.1.tar.xz
New:
----
node-v21.6.2.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nodejs21.spec ++++++
--- /var/tmp/diff_new_pack.o10Lkw/_old 2024-02-18 20:22:42.541013487 +0100
+++ /var/tmp/diff_new_pack.o10Lkw/_new 2024-02-18 20:22:42.541013487 +0100
@@ -31,7 +31,7 @@
%endif
Name: nodejs21
-Version: 21.6.1
+Version: 21.6.2
Release: 0
# Double DWZ memory limits
@@ -298,7 +298,7 @@
%else
# bundled openssl
%if %node_version_number <= 12 && 0%{?suse_version} == 1315 &&
0%{?sle_version} < 120400
-Provides: bundled(openssl) = 3.0.12
+Provides: bundled(openssl) = 3.0.13
%else
BuildRequires: bundled_openssl_should_not_be_required
%endif
@@ -371,10 +371,10 @@
%endif
Provides: bundled(uvwasi) = 0.0.19
-Provides: bundled(libuv) = 1.47.0
+Provides: bundled(libuv) = 1.48.0
Provides: bundled(v8) = 11.8.172.17
%if %{with intree_brotli}
-Provides: bundled(brotli) = 1.0.9
+Provides: bundled(brotli) = 1.1.0
%else
BuildRequires: pkgconfig(libbrotlidec)
%endif
@@ -383,8 +383,8 @@
Provides: bundled(llhttp) = 9.1.3
Provides: bundled(ngtcp2) = 0.8.1
Provides: bundled(base64) = 0.5.1
-Provides: bundled(simdutf) = 4.0.4
-Provides: bundled(simdjson) = 3.6.2
+Provides: bundled(simdutf) = 4.0.8
+Provides: bundled(simdjson) = 3.6.3
# bundled url-ada parser, not ada
Provides: bundled(ada) = 2.7.4
@@ -394,7 +394,7 @@
Provides: bundled(node-cjs-module-lexer) = 1.2.2
Provides: bundled(node-corepack) = 0.24.0
Provides: bundled(node-minimatch) = 9.0.3
-Provides: bundled(node-undici) = 5.28.2
+Provides: bundled(node-undici) = 5.28.3
%description
Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js
++++++ SHASUMS256.txt ++++++
--- /var/tmp/diff_new_pack.o10Lkw/_old 2024-02-18 20:22:42.581014931 +0100
+++ /var/tmp/diff_new_pack.o10Lkw/_new 2024-02-18 20:22:42.585015075 +0100
@@ -1,42 +1,42 @@
-0dbffde04695933f508e964a103657d6ef55ddadf3d8e9c39e0191c6ee2b4ead
node-v21.6.1-aix-ppc64.tar.gz
-88f1d4e8982d0cc439137c9b95405622489d1573051a7a13d618ef0ef2896e76
node-v21.6.1-arm64.msi
-94c280bba809fa66867e363ec9e990217aedf893116660b8c75a1c4fda3baea5
node-v21.6.1-darwin-arm64.tar.gz
-a1edec87af235b55443cb87d38f523d86cefa3426b9b9fe52328430124ae48ed
node-v21.6.1-darwin-arm64.tar.xz
-5c4821c62a1f61cf3219bc244d30a5b1cdec197c8acabc1ee7cd9ff17bbba947
node-v21.6.1-darwin-x64.tar.gz
-35b0000723ab93ae3110fbdb2833947bc206da761d36da15ed2ef2f3b7f9b3b6
node-v21.6.1-darwin-x64.tar.xz
-d0bc7a37a7a16301565119c472cfa3c00a4122891bec792d83f2992e3eefb62e
node-v21.6.1-headers.tar.gz
-7b217de8af0d2c05fffd0fb8b5cb2136c93e312bccd5cf454f039196777e4762
node-v21.6.1-headers.tar.xz
-e19a4364cf27c9c0cdc1472faf4eece6313b590f1e9c55852d8ec3efa89fe097
node-v21.6.1-linux-arm64.tar.gz
-19900c1a0a9d7e2ea781b46c7d498ffdf3e37e34f46b96e7344bd7bb8f27be66
node-v21.6.1-linux-arm64.tar.xz
-b899fcb09400b255e6264dabca907e7a567debae98a4cce248fcdea2f2ebaf1c
node-v21.6.1-linux-armv7l.tar.gz
-ee63708a84ad27268a62dc04f697016f762c6c8a4261d0e1680d45829f9fa06f
node-v21.6.1-linux-armv7l.tar.xz
-859654218d795ab60c213d29af492904d74fd0a7a1cebc3790b1cb61838fc5eb
node-v21.6.1-linux-ppc64le.tar.gz
-0f22931238d96d931e8ad788326f4db92860e83105c493ee9b29a4b378b18f18
node-v21.6.1-linux-ppc64le.tar.xz
-a4c885443eb92199253fe6efb48c2211ae09b003edf3af8220532a4a6fc77c86
node-v21.6.1-linux-s390x.tar.gz
-efa9496c3c1e1691dfabea45e2839b592675a571880b9d25b35d3565e16f3d66
node-v21.6.1-linux-s390x.tar.xz
-d2ac105754e5fc657a6a25ea7d31f19dd63d3ec845dce0aef0232533d52bc125
node-v21.6.1-linux-x64.tar.gz
-c65cbf7342260df8e59dd2fe2e06dc1f36ac46c9d433a64cd84521fd4915c291
node-v21.6.1-linux-x64.tar.xz
-da16368922e7da397df62c9f7571880a5d7bb8506c43097b71edf4001bc9c628
node-v21.6.1.pkg
-7e284d0d64c2edcec84ecfd5bda1d9e7b82a8a3fe401f8b7023c5bc1d9fdd4d5
node-v21.6.1.tar.gz
-7a82f356d1dcba5d766f0e1d4c750e2e18d6290b710b7d19a8725241e7af1f60
node-v21.6.1.tar.xz
-b368ed9585ace23d145569ec670fbcbe29d2014c4fa9383705edfba9e12ec432
node-v21.6.1-win-arm64.7z
-043d147e0fd55dd044ef304d4d87303f69bdf3bd1a6fd715871eee3df7f153dd
node-v21.6.1-win-arm64.zip
-c09bf7f09eb3aab90b1d1a6daae9f2b99704333fe6bb83a757bd2de8d2f849a1
node-v21.6.1-win-x64.7z
-a74b3933e73982553c1fdea3a3a27b09488ac09845e230c7532d4387c0f9c8fe
node-v21.6.1-win-x64.zip
-8d936365d2473e5f11452d60a61b041ce3a95e93686cef8fb1248516f56407de
node-v21.6.1-win-x86.7z
-1d0cdad8b691fc1a92cf1d301ea24c905d36d36f9134a7a7e4c60ce12eef6393
node-v21.6.1-win-x86.zip
-6ced3da3d4689a150452a2a6bce30d4c61067e9ec37cb89f56cc930a7ae468a4
node-v21.6.1-x64.msi
-bcf13ea38a038fa4c156f6795d8f7d05b1c4a7dc3804c99717cbd0321199bb2b
node-v21.6.1-x86.msi
-292c6e750a066c7306b42375874eadca1a7e1e7351022f8bcc75083223c82bd1
win-arm64/node.exe
-7bf3d6ec7d4f20a33ec4bc6140a196da9bae6ea7ade0bfc312bde82fcf1e341e
win-arm64/node.lib
-e36f9a1579efc8e4951dbaa54be610a968b039d41bcdab5fe971214f4d720061
win-arm64/node_pdb.7z
-b50ca588dcdbe6c8e922b0ed3875e700e027349754b36f5c2e4078298cb8deff
win-arm64/node_pdb.zip
-18888b1cb13e581cba0eae3444bd37aa1946c0eb7ddb4cb2352cc7213501b219
win-x64/node.exe
-062c4519e957aac29ee4e03ca5ff80212d72cd5f075e5d6e58f98fdd01d8b244
win-x64/node.lib
-ac048ae771d7bb4c35307dd8a3df384d947737ef25f804f442c08dd4f4eedf2b
win-x64/node_pdb.7z
-7a753ffdde2ea70324cd4d21d34cc7719f0a9772a93e6cf0dd8975101896a11b
win-x64/node_pdb.zip
-4a7b36ebdb5a8f42e87a5c8b7e2b2dacf73c3f74fd2d060618138d8ee8a60e69
win-x86/node.exe
-ca3fefa67c54bf9b18913b4b0e95d1b61a82b9a3f09acb8feea8fb96f56bc3b8
win-x86/node.lib
-c33858a9294444e08c1dfd1634c25f31ed0142c6a0e0d8c0ce58ed63f39840ae
win-x86/node_pdb.7z
-28dbc65626661a4510daf469a0da43a5166510dc6e26661a732533df648cdbc6
win-x86/node_pdb.zip
+e06dff53a5e2a88caff9735c076165a6a53f4c45960a8887410684e1fea6c7cb
node-v21.6.2-aix-ppc64.tar.gz
+c7fa8788001eaac4bb250a84f6b3a918ebaa8016111ece95d59b513cf4a394dc
node-v21.6.2-arm64.msi
+120c8205654c640865864dc464389b3ffe6d7ebe310dffdbe3fd8718a512e14f
node-v21.6.2-darwin-arm64.tar.gz
+f8aa996b4e7700069892bc9ff28ddef3b3b3c8c952b929d1b148c943995970e3
node-v21.6.2-darwin-arm64.tar.xz
+0f75d9b46b986100c6faeec040ee46adf4981eb6abb5dd63e7a6ca4868d280f4
node-v21.6.2-darwin-x64.tar.gz
+5944de39bc7b8af229b0024d583ced7c76cee194ee9068a07d67372a606c5105
node-v21.6.2-darwin-x64.tar.xz
+55d9a03dcfce682583eb5e7eec15f32ae95b28b6e805f31688b22a7bd71581b1
node-v21.6.2-headers.tar.gz
+976500ffa659108fa2eb30daae2f1b96a34a97b2caa1db30802ac56edc2b237a
node-v21.6.2-headers.tar.xz
+b8431985c53cc14e02cddf4c128d043c62af19023f908ebcdc1c6a683ee995f3
node-v21.6.2-linux-arm64.tar.gz
+2606765f95262bcebb323e56a39b3be8db89863fbd83e06d2b5a08e41dc78f29
node-v21.6.2-linux-arm64.tar.xz
+d6127be538ae57447fd40bac6ea124ad71cfd5a50b9343b781830cc92bc1a0c2
node-v21.6.2-linux-armv7l.tar.gz
+ae33085c3d635f9488f47c56ee90fdf0dc9c1d0a520cfbe281c5b08d69e64da0
node-v21.6.2-linux-armv7l.tar.xz
+2e265d86f9d20ba223d65ceadc0589b156439a5521cd9da6e34de5460a0d2195
node-v21.6.2-linux-ppc64le.tar.gz
+b951f52db17b75a7bff0a2da2cefca3ba1e4dd7368b2b1280f39fcbecde0555c
node-v21.6.2-linux-ppc64le.tar.xz
+7cba8c2b2338aaa05f5dec5d953d61cdf5219881a7c8d420f215e920a33c06fa
node-v21.6.2-linux-s390x.tar.gz
+167bb0595478bae4c46b2248cae16890d24c2a9c92de7d0e27f9d1cafcad21ba
node-v21.6.2-linux-s390x.tar.xz
+d4504dcbcd1a9ded42d86bc20a7e72d6d631e49dcf3f9c849c3b51b12f3f4544
node-v21.6.2-linux-x64.tar.gz
+593dd28f5c78d797e76b730937b95fcdfc594f053a8756b1d0860a4555bed58e
node-v21.6.2-linux-x64.tar.xz
+a0cdada31786f6ff1f82e8fd91bda23cd4f615a56acd3c9605cd468b60b8437a
node-v21.6.2-win-arm64.7z
+a201948e5f0df6de6c4b42dbcb42d7a10d3cb5b6dbb7a40e3f4244644d3b3d1a
node-v21.6.2-win-arm64.zip
+d450d170009d272c98765af3abf2bbc2903c1c08856f9e3730be03cc9d9b2bc5
node-v21.6.2-win-x64.7z
+99bac3a930bd487e53c5a35b3e2f5ec102053316d7eb89f93273d916d57353a2
node-v21.6.2-win-x64.zip
+44dee171378d7ac9967e772a8f114be5fdf59a163f65ec5faa7411c8be3bc961
node-v21.6.2-win-x86.7z
+1701b32ba5315c794c2a64ef4a71e93ad2a6c109acf5b577d628413a7dc5cd04
node-v21.6.2-win-x86.zip
+e081647df79c833e9d62e7edff5e9e01dbd5b78417dff6ef149e6384e8327bcf
node-v21.6.2-x64.msi
+12960661f83a1618adf57e84eddcd1886edec452d74f27318efde8b92a25c91a
node-v21.6.2-x86.msi
+6b5d7153dffec20487cbcb81d5ebaf97e6678eb463337e8429ba4e7b60754505
node-v21.6.2.pkg
+9020fb36ec7e04f5032944c8422c2004350e9bfcd5e835ac3c90b74981c1f3e0
node-v21.6.2.tar.gz
+191294d445d1e6800359acc8174529b1e18e102147dc5f596030d3dce96931e5
node-v21.6.2.tar.xz
+ae7ccd1298e8871e61c1223a929ff482fa43d29aa284118798f01a73e40b2b29
win-arm64/node.exe
+cf6082f3ffb45335d41566805c7b844082f36042fa7dc2dc6aecdc3ce0e7c79a
win-arm64/node.lib
+8cb47e9ebda0efb8578382db82001308bcb2de95e0275e0bca3ff4f03de140b1
win-arm64/node_pdb.7z
+cdb3d760f9aca9578135c25f299b382e074bfcb56b2d321acf278a0a76ec2eb4
win-arm64/node_pdb.zip
+3f06d98986b4ddf7e9d258936bb7b8907c44c6e9a29c645a5aca04e5a26c0b53
win-x64/node.exe
+cacf06da3d7f04d0a0a5a901bfbdbaf0950cc5f73febf7b2f451b27c7f6265b1
win-x64/node.lib
+077739fded97d02d026db839aca840622c34b7e584efe294d40fc8d1bd9dc19a
win-x64/node_pdb.7z
+54c3a6fea6f832716bfe5d918a56ca1767ae89163729c34d866c2623c0a90edf
win-x64/node_pdb.zip
+0aaa0f4635253afe9660f64a862786db555961ecc7217b68fa120817c0c56a00
win-x86/node.exe
+ca6545afa230d2abdbf8ba19065f77b727bde72dfa253c466d876d0b3a7ea4ee
win-x86/node.lib
+cf24de1e7157ac4bac77fccb255fe295e8639a349d5c9f8726fe3e6b5ccf8afc
win-x86/node_pdb.7z
+99f2345e0e737fbd7f8d94b4118d9dc820ebc198823de29324e1f1754f84c9e0
win-x86/node_pdb.zip
++++++ SHASUMS256.txt.sig ++++++
Binary files /var/tmp/diff_new_pack.o10Lkw/_old and
/var/tmp/diff_new_pack.o10Lkw/_new differ
++++++ node-v21.6.1.tar.xz -> node-v21.6.2.tar.xz ++++++
/work/SRC/openSUSE:Factory/nodejs21/node-v21.6.1.tar.xz
/work/SRC/openSUSE:Factory/.nodejs21.new.1815/node-v21.6.2.tar.xz differ: char
26, line 1
