nodejs_20: 20.3.0 -> 20.3.1

The following CVEs are fixed in this release:
- CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
- CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
- CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
- CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
- CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
- CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
- CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
- CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
- CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)

https://github.com/nodejs/node/releases/tag/v20.3.1
This commit is contained in:
Mario Rodas 2023-06-21 04:20:00 +00:00
parent 75f22e0d83
commit 12bbce3e6c

View file

@ -9,8 +9,8 @@ let
in in
buildNodejs { buildNodejs {
inherit enableNpm; inherit enableNpm;
version = "20.3.0"; version = "20.3.1";
sha256 = "sha256-G6jUlCPtOnVykGa7PqJkk+6ct9ZWjvlIWX/J70VPdDU="; sha256 = "sha256-EqgtswZpeVm0OJs1Gl+XhImGsTE/mQGw4LPYz08/mZE=";
patches = [ patches = [
./revert-arm64-pointer-auth.patch ./revert-arm64-pointer-auth.patch
./disable-darwin-v8-system-instrumentation-node19.patch ./disable-darwin-v8-system-instrumentation-node19.patch