rpms/nodejs20
7
0
Fork 0
Code Issues Pull Requests Releases Activity
741 Commits 1 Branch 1 Tag 1 MiB
fd717eb4cc
Go to file
Stephen Gallagher fd717eb4cc Update to 20.5.1 
** 2023-08-09, Version 20.5.1 (Current), @RafaelGSS

This is a security release.

*** Notable Changes

The following CVEs are fixed in this release:

* [CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002):  Policies can be bypassed via Module.\_load (High)
* [CVE-2023-32558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32558): process.binding() can bypass the permission model through path traversal (High)
* [CVE-2023-32004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32004): Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
* [CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006): Policies can be bypassed by module.constructor.createRequire (Medium)
* [CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559): Policies can be bypassed via process.binding (Medium)
* [CVE-2023-32005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32005): fs.statfs can bypass the permission model (Low)
* [CVE-2023-32003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32003): fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
* OpenSSL Security Releases
  * [OpenSSL security advisory 14th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html).
  * [OpenSSL security advisory 19th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html).
  * [OpenSSL security advisory 31st July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html)

More detailed information on each of the vulnerabilities can be found in [August 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/) blog post.

** 2023-07-18, Version 20.5.0 (Current), @juanarbol

*** Notable Changes

* \[[`45be29d89f`](https://github.com/nodejs/node/commit/45be29d89f)] - **doc**: add atlowChemi to collaborators (atlowChemi) [#48757](https://github.com/nodejs/node/pull/48757)
* \[[`a316808136`](https://github.com/nodejs/node/commit/a316808136)] - **(SEMVER-MINOR)** **events**: allow safely adding listener to abortSignal (Chemi Atlow) [#48596](https://github.com/nodejs/node/pull/48596)
* \[[`986b46a567`](https://github.com/nodejs/node/commit/986b46a567)] - **fs**: add a fast-path for readFileSync utf-8 (Yagiz Nizipli) [#48658](https://github.com/nodejs/node/pull/48658)
* \[[`0ef73ff6f0`](https://github.com/nodejs/node/commit/0ef73ff6f0)] - **(SEMVER-MINOR)** **test\_runner**: add shards support (Raz Luvaton) [#48639](https://github.com/nodejs/node/pull/48639)

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-08-09 16:13:26 -04:00
packaging Update to 20.1.0 2023-05-04 16:16:03 -04:00
.gitignore Update to Node.js 16.15.0 2022-04-27 19:13:00 -04:00
0001-Remove-unused-OpenSSL-config.patch Update to 20.1.0 2023-05-04 16:16:03 -04:00
btest402.js Add proper i18n support 2019-11-06 13:10:19 -05:00
changelog Switch to %autochangelog 2022-06-27 17:02:42 -04:00
macros.nodejs add no-op macro to provide spec compatibility with EPEL 2013-04-14 18:21:43 -07:00
nodejs20.spec Update to 20.5.1 2023-08-09 16:13:26 -04:00
nodejs-sources.sh sources: Check for node binary 2023-07-12 12:50:47 -04:00
nodejs.pc.in Add pkg-config files 2023-03-29 18:09:21 -04:00
npmrc Set npmrc to use python3 explicitly 2020-03-16 08:12:49 -04:00
npmrc.builtin.in Replace /usr/etc/npmrc symlink with builtin configuration 2023-04-27 13:23:13 +02:00
README-packaging.md Add README for packagers 2023-04-27 11:47:47 -04:00
sources Update to 20.5.1 2023-08-09 16:13:26 -04:00
test2.js Additional i18n test 2022-03-17 12:20:29 -04:00
v8.pc.in Add pkg-config files 2023-03-29 18:09:21 -04:00