CVS commit: pkgsrc/lang/nodejs16

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed Jun 21 15:15:43 UTC 2023

Modified Files:
        pkgsrc/lang/nodejs16: Makefile distinfo

Log Message:
nodejs16: updated to 16.20.1

Version 16.20.1 'Gallium' (LTS)

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

* [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): Process interuption due to invalid Public Key information in x509 certificates (Medium)
* [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): HTTP Request Smuggling via Empty headers separated by CR (Medium)
* [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
  * [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt).
  * [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt).
  * [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt)
* c-ares vulnerabilities:
  * [GHSA-9g78-jv2r-p7vc](https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc)
  * [GHSA-8r8p-23f3-64c2](https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2)
  * [GHSA-54xr-f67r-4pc4](https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4)
  * [GHSA-x6mf-cxr9-8q6v](https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v)


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/lang/nodejs16/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/nodejs16/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/nodejs16/Makefile
diff -u pkgsrc/lang/nodejs16/Makefile:1.15 pkgsrc/lang/nodejs16/Makefile:1.16
--- pkgsrc/lang/nodejs16/Makefile:1.15  Tue Jun  6 12:41:45 2023
+++ pkgsrc/lang/nodejs16/Makefile       Wed Jun 21 15:15:43 2023
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.15 2023/06/06 12:41:45 riastradh Exp $
+# $NetBSD: Makefile,v 1.16 2023/06/21 15:15:43 adam Exp $
 
-DISTNAME=      node-v16.20.0
-PKGREVISION=   2
+DISTNAME=      node-v16.20.1
 EXTRACT_SUFX=  .tar.xz
 
 USE_LANGUAGES= c gnu++14

Index: pkgsrc/lang/nodejs16/distinfo
diff -u pkgsrc/lang/nodejs16/distinfo:1.11 pkgsrc/lang/nodejs16/distinfo:1.12
--- pkgsrc/lang/nodejs16/distinfo:1.11  Wed Apr 19 17:41:29 2023
+++ pkgsrc/lang/nodejs16/distinfo       Wed Jun 21 15:15:43 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.11 2023/04/19 17:41:29 adam Exp $
+$NetBSD: distinfo,v 1.12 2023/06/21 15:15:43 adam Exp $
 
-BLAKE2s (node-v16.20.0.tar.xz) = 6dd4d86726c5ac69e63b260eed249155ac18b0061c8d5a89ba4e3fb842d1abd3
-SHA512 (node-v16.20.0.tar.xz) = b155acdff0244307afcc334844f113b5c321f7764ebb69326d60a6a79d0e0d38d55257a38b815f5933aa4071e6a788e01c466476ef012cec648c84d74adda406
-Size (node-v16.20.0.tar.xz) = 35546884 bytes
+BLAKE2s (node-v16.20.1.tar.xz) = c6175cfed8190615163dff457e7c6e6680e5d0c759bbe65b1ade0b34642ed41c
+SHA512 (node-v16.20.1.tar.xz) = 3179c4b598f211f21c6d7ba378cd03a7ca4a06d99ae8e5bd5b8c0f1a895dc83222858a349cfb7589deecb7c654e9f25ce89c30aef9981ee18d4e24d6bbd5822e
+Size (node-v16.20.1.tar.xz) = 35556440 bytes
 SHA1 (patch-common.gypi) = 15393846d9dce28f963ef66faa504d5bb3e92018
 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32
 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3