node-aix-ppc64 16.13.1 → 16.13.2

package/CHANGELOG.md

@@ -9,6 +9,7 @@
 </tr>
 <tr>
 <td>
+<a href="#16.13.2">16.13.2</a><br/>
 <a href="#16.13.1">16.13.1</a><br/>
 <a href="#16.13.0">16.13.0</a><br/>
 </td>
@@ -54,6 +55,57 @@
   * [io.js](CHANGELOG\_IOJS.md)
   * [Archive](CHANGELOG\_ARCHIVE.md)
 
+<a id="16.13.2"></a>
+
+## 2022-01-10, Version 16.13.2 'Gallium' (LTS), @danielleadams
+
+This is a security release.
+
+### Notable changes
+
+#### Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
+
+Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.
+
+Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the `--security-revert` command-line option.
+
+More details will be available at [CVE-2021-44531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531) after publication.
+
+#### Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
+
+Node.js converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.
+
+Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the `--security-revert` command-line option.
+
+More details will be available at [CVE-2021-44532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532) after publication.
+
+#### Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
+
+Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.
+
+Affected versions of Node.js do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.
+
+More details will be available at [CVE-2021-44533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533) after publication.
+
+#### Prototype pollution via `console.table` properties (Low)(CVE-2022-21824)
+
+Due to the formatting logic of the `console.table()` function it was not safe to allow user controlled input to be passed to the `properties` parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be `__proto__`. The prototype pollution has very limited control, in that it only allows an empty string to be assigned numerical keys of the object prototype.
+
+Versions of Node.js with the fix for this use a null protoype for the object these properties are being assigned to.
+
+More details will be available at [CVE-2022-21824](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824) after publication.
+
+Thanks to Patrik Oldsberg (rugvip) for reporting this vulnerability.
+
+### Commits
+
+* [[`8dd4ca4537`](https://github.com/nodejs/node/commit/8dd4ca4537)] - **console**: fix prototype pollution via console.table (Tobias Nießen) [nodejs-private/node-private#307](https://github.com/nodejs-private/node-private/pull/307)
+* [[`e52882da4c`](https://github.com/nodejs/node/commit/e52882da4c)] - **crypto,tls**: implement safe x509 GeneralName format (Tobias Nießen) [nodejs-private/node-private#300](https://github.com/nodejs-private/node-private/pull/300)
+* [[`9a0a189b0b`](https://github.com/nodejs/node/commit/9a0a189b0b)] - **src**: add cve reverts and associated tests (Michael Dawson) [nodejs-private/node-private#300](https://github.com/nodejs-private/node-private/pull/300)
+* [[`4a262d42bc`](https://github.com/nodejs/node/commit/4a262d42bc)] - **src**: remove unused x509 functions (Tobias Nießen) [nodejs-private/node-private#300](https://github.com/nodejs-private/node-private/pull/300)
+* [[`965536fe3d`](https://github.com/nodejs/node/commit/965536fe3d)] - **tls**: fix handling of x509 subject and issuer (Tobias Nießen) [nodejs-private/node-private#300](https://github.com/nodejs-private/node-private/pull/300)
+* [[`a2cbfa95ff`](https://github.com/nodejs/node/commit/a2cbfa95ff)] - **tls**: drop support for URI alternative names (Tobias Nießen) [nodejs-private/node-private#300](https://github.com/nodejs-private/node-private/pull/300)
+
 <a id="16.13.1"></a>
 
 ## 2021-12-01, Version 16.13.1 'Gallium' (LTS), @BethGriggs

package/include/node/node.exp

@@ -4893,15 +4893,15 @@ _GLOBAL__F__ZN2v88internal6torque4TypeC2ERKS2_
 _GLOBAL__F__ZN2v88internal6torque5Block13SetInputTypesERKNS1_5StackIPKNS1_4TypeEEE
 _GLOBAL__F__ZNK2v88internal6torque3cpp8Function22PrintDeclarationHeaderERSoi
 _GLOBAL__F__ZNK2v88internal6torque4Rule9RunActionEPKNS1_4ItemERKNS1_11LexerResultE
-_GLOBAL__I_65535_0_.._deps_v8_src_diagnostics_gdb_jit.cc_FB5499C7_0xd1018251a12840e
-_GLOBAL__I_65535_0_.._deps_v8_src_diagnostics_objects_debug.cc_FB5499C7_0xc427499beddb94d1
-_GLOBAL__I_65535_0_.._deps_v8_src_execution_simulator_base.cc_DFF67DD7_0x65feddc867d1e52c
-_GLOBAL__I_65535_0_.._deps_v8_src_heap_factory_base.cc_DFF67DD7_0x5b9b322adc4af0d
-_GLOBAL__I_65535_0_.._deps_v8_src_heap_objects_visiting.cc_87E8306D_0x983758d2d5a2e995
-_GLOBAL__I_65535_0_.._deps_v8_src_objects_tagged_impl.cc_87E8306D_0xe66d863d5eb740dc
-_GLOBAL__I_65535_0_.._deps_v8_src_runtime_runtime_trace.cc_FB5499C7_0x641b6ac6e73be4f5
-_GLOBAL__I_65535_0_.._deps_v8_src_strings_string_case.cc_DFF67DD7_0x39afda1a80640f59
-_GLOBAL__I_65535_0_.._src_connection_wrap.cc_FB5499C7_0xfa8a983b66396ce0
+_GLOBAL__I_65535_0_.._deps_v8_src_diagnostics_gdb_jit.cc_FB5499C7_0x48de2725fbc14f69
+_GLOBAL__I_65535_0_.._deps_v8_src_diagnostics_objects_debug.cc_FB5499C7_0x8a7ff21bd306e969
+_GLOBAL__I_65535_0_.._deps_v8_src_execution_simulator_base.cc_DFF67DD7_0x5d7b5e76e28a9816
+_GLOBAL__I_65535_0_.._deps_v8_src_heap_factory_base.cc_DFF67DD7_0xe34c975efcecbb0d
+_GLOBAL__I_65535_0_.._deps_v8_src_heap_objects_visiting.cc_87E8306D_0x2f110c80499d4cd0
+_GLOBAL__I_65535_0_.._deps_v8_src_objects_tagged_impl.cc_87E8306D_0x3e1171e30e137d42
+_GLOBAL__I_65535_0_.._deps_v8_src_runtime_runtime_trace.cc_FB5499C7_0xa70cb7c336c7930a
+_GLOBAL__I_65535_0_.._deps_v8_src_strings_string_case.cc_DFF67DD7_0x47adfa619e3e2544
+_GLOBAL__I_65535_0_.._src_connection_wrap.cc_FB5499C7_0x51ac61f0f6b3d64c
 _GLOBAL__I_65535_0_OPENSSL_ppccap_P
 _GLOBAL__I_65535_0__Z16_register_configv
 _GLOBAL__I_65535_0__Z17_register_symbolsv
@@ -5899,10 +5899,10 @@ _GLOBAL__I_65535_0__ZNK2v88internal9BitVector5CountEv
 _GLOBAL__I_65535_0__ZNK2v88internal9DebugInfo7IsEmptyEv
 _GLOBAL__I_65535_0__ZNK2v88internal9PreParser13GetIdentifierEv
 _GLOBAL__I_65535_0__ZNK4node10BaseObject15GetTransferModeEv
-_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_enum_verifiers.cc_FB5499C7_0x8c0045b0bcb192aa
-_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_factory.cc_DFF67DD7_0xe2bf9267c235eaf2
-_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_src_objects_intl_objects_tq_csa.cc_FB5499C7_0x8bd7602837a93af4
-_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_src_objects_torque_defined_classes_tq_csa.cc_FB5499C7_0x6bbc373957e91fff
+_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_enum_verifiers.cc_FB5499C7_0xea79d6b7f813d1d1
+_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_factory.cc_DFF67DD7_0x8bbcfca6c36f1620
+_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_src_objects_intl_objects_tq_csa.cc_FB5499C7_0x37fad98949c805fc
+_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_src_objects_torque_defined_classes_tq_csa.cc_FB5499C7_0x4d5af9f29688de16
 _GLOBAL__I_65535_0_nodedbg_const_ContextEmbedderIndex__kEnvironment__int
 _GLOBAL__I_65535_0_v8dbg_frametype_EntryFrame
 _HZData_69
@@ -44830,7 +44830,7 @@ _ZN4node6crypto12ScryptConfigaSEOS1_
 _ZN4node6crypto12ScryptTraits10DeriveBitsEPNS_11EnvironmentERKNS0_12ScryptConfigEPNS0_10ByteSourceE
 _ZN4node6crypto12ScryptTraits12EncodeOutputEPNS_11EnvironmentERKNS0_12ScryptConfigEPNS0_10ByteSourceEPN2v85LocalINS9_5ValueEEE
 _ZN4node6crypto12ScryptTraits16AdditionalConfigENS0_13CryptoJobModeERKN2v820FunctionCallbackInfoINS3_5ValueEEEjPNS0_12ScryptConfigE
-_ZN4node6crypto12X509ToObjectEPNS_11EnvironmentEP7x509_st
+_ZN4node6crypto12X509ToObjectEPNS_11EnvironmentEP7x509_stb
 _ZN4node6crypto13DeriveBitsJobINS0_10HKDFTraitsEE16DoThreadPoolWorkEv
 _ZN4node6crypto13DeriveBitsJobINS0_10HKDFTraitsEE3NewERKN2v820FunctionCallbackInfoINS4_5ValueEEE
 _ZN4node6crypto13DeriveBitsJobINS0_10HKDFTraitsEE8ToResultEPN2v85LocalINS4_5ValueEEES8_
@@ -45129,7 +45129,6 @@ _ZN4node6crypto16CryptoErrorStoreD0Ev
 _ZN4node6crypto16CryptoErrorStoreD1Ev
 _ZN4node6crypto16DsaKeyPairParamsD0Ev
 _ZN4node6crypto16DsaKeyPairParamsD1Ev
-_ZN4node6crypto16GetCertificateCNB5cxx11EP7x509_st
 _ZN4node6crypto16GetCipherVersionEPNS_11EnvironmentERKSt10unique_ptrI6ssl_stNS_15FunctionDeleterIS4_XadL_Z8SSL_freeEEEEE
 _ZN4node6crypto16GetCryptoJobModeEN2v85LocalINS1_5ValueEEE
 _ZN4node6crypto16GetCurveFromNameEPKc
@@ -45199,6 +45198,7 @@ _ZN4node6crypto18SecretKeyGenConfigD1Ev
 _ZN4node6crypto18SecretKeyGenTraits16AdditionalConfigENS0_13CryptoJobModeERKN2v820FunctionCallbackInfoINS3_5ValueEEEPjPNS0_18SecretKeyGenConfigE
 _ZN4node6crypto18SecretKeyGenTraits8DoKeyGenEPNS_11EnvironmentEPNS0_18SecretKeyGenConfigE
 _ZN4node6crypto18SecretKeyGenTraits9EncodeKeyEPNS_11EnvironmentEPNS0_18SecretKeyGenConfigEPN2v85LocalINS6_5ValueEEE
+_ZN4node6crypto19GetInfoAccessStringEPNS_11EnvironmentERKSt10unique_ptrI6bio_stNS_15FunctionDeleterIS4_XadL_Z12BIO_free_allEEEEEP7x509_st
 _ZN4node6crypto19GetOKPCurveFromNameEPKc
 _ZN4node6crypto19GetRootCertificatesERKN2v820FunctionCallbackInfoINS1_5ValueEEE
 _ZN4node6crypto19NidKeyPairGenTraits16AdditionalConfigENS0_13CryptoJobModeERKN2v820FunctionCallbackInfoINS3_5ValueEEEPjPNS0_16KeyPairGenConfigINS0_16NidKeyPairParamsEEE
@@ -45208,14 +45208,16 @@ _ZN4node6crypto20GetRawDERCertificateEPNS_11EnvironmentEP7x509_st
 _ZN4node6crypto21GetCipherStandardNameEPNS_11EnvironmentERKSt10unique_ptrI6ssl_stNS_15FunctionDeleterIS4_XadL_Z8SSL_freeEEEEE
 _ZN4node6crypto21GetClientHelloCiphersEPNS_11EnvironmentERKSt10unique_ptrI6ssl_stNS_15FunctionDeleterIS4_XadL_Z8SSL_freeEEEEE
 _ZN4node6crypto21VerifyPeerCertificateERKSt10unique_ptrI6ssl_stNS_15FunctionDeleterIS2_XadL_Z8SSL_freeEEEEEl
-_ZN4node6crypto22GetCertificateAltNamesB5cxx11EP7x509_st
 _ZN4node6crypto22GetValidationErrorCodeEPNS_11EnvironmentEi
+_ZN4node6crypto23GetSubjectAltNameStringEPNS_11EnvironmentERKSt10unique_ptrI6bio_stNS_15FunctionDeleterIS4_XadL_Z12BIO_free_allEEEEEP7x509_st
+_ZN4node6crypto23SafeX509InfoAccessPrintERKSt10unique_ptrI6bio_stNS_15FunctionDeleterIS2_XadL_Z12BIO_free_allEEEEEP17X509_extension_st
 _ZN4node6crypto24GetClientHelloServerNameERKSt10unique_ptrI6ssl_stNS_15FunctionDeleterIS2_XadL_Z8SSL_freeEEEEE
 _ZN4node6crypto24GetValidationErrorReasonEPNS_11EnvironmentEi
 _ZN4node6crypto25ArrayBufferOrViewContentsIcEC1EN2v85LocalINS3_5ValueEEE
 _ZN4node6crypto25ArrayBufferOrViewContentsIhEC1EN2v85LocalINS3_5ValueEEE
 _ZN4node6crypto26IsExtraRootCertsFileLoadedERKN2v820FunctionCallbackInfoINS1_5ValueEEE
 _ZN4node6crypto26RegisterExternalReferencesEPNS_25ExternalReferenceRegistryE
+_ZN4node6crypto27SafeX509SubjectAltNamePrintERKSt10unique_ptrI6bio_stNS_15FunctionDeleterIS2_XadL_Z12BIO_free_allEEEEEP17X509_extension_st
 _ZN4node6crypto3AES10InitializeEPNS_11EnvironmentEN2v85LocalINS4_6ObjectEEE
 _ZN4node6crypto3AES26RegisterExternalReferencesEPNS_25ExternalReferenceRegistryE
 _ZN4node6crypto4ECDH10ConvertKeyERKN2v820FunctionCallbackInfoINS2_5ValueEEE
@@ -60410,7 +60412,6 @@ _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS
 _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N4node14options_parser13OptionsParserINS8_17PerProcessOptionsEE11ImplicationEESaISE_ENSt8__detail10_Select1stESt8equal_toIS5_ESt4hashIS5_ENSG_18_Mod_range_hashingENSG_20_Default_ranged_hashENSG_20_Prime_rehash_policyENSG_17_Hashtable_traitsILb1ELb0ELb0EEEE20_M_insert_multi_nodeEPNSG_10_Hash_nodeISE_Lb1EEEmSU_
 _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N4node14options_parser13OptionsParserINS8_18EnvironmentOptionsEE10OptionInfoEESaISE_ENSt8__detail10_Select1stESt8equal_toIS5_ESt4hashIS5_ENSG_18_Mod_range_hashingENSG_20_Default_ranged_hashENSG_20_Prime_rehash_policyENSG_17_Hashtable_traitsILb1ELb0ELb1EEEE21_M_insert_unique_nodeEmmPNSG_10_Hash_nodeISE_Lb1EEEm
 _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N4node14options_parser13OptionsParserINS8_18EnvironmentOptionsEE11ImplicationEESaISE_ENSt8__detail10_Select1stESt8equal_toIS5_ESt4hashIS5_ENSG_18_Mod_range_hashingENSG_20_Default_ranged_hashENSG_20_Prime_rehash_policyENSG_17_Hashtable_traitsILb1ELb0ELb0EEEE20_M_insert_multi_nodeEPNSG_10_Hash_nodeISE_Lb1EEEmSU_
-_ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESaIS8_ENSt8__detail10_Select1stESt8equal_toIS5_ESt4hashIS5_ENSA_18_Mod_range_hashingENSA_20_Default_ranged_hashENSA_20_Prime_rehash_policyENSA_17_Hashtable_traitsILb1ELb0ELb0EEEE20_M_insert_multi_nodeEPNSA_10_Hash_nodeIS8_Lb1EEEmSO_
 _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESaIS8_ENSt8__detail10_Select1stESt8equal_toIS5_ESt4hashIS5_ENSA_18_Mod_range_hashingENSA_20_Default_ranged_hashENSA_20_Prime_rehash_policyENSA_17_Hashtable_traitsILb1ELb0ELb1EEEE4findERS7_
 _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St10unique_ptrIN2v814ScriptCompiler10CachedDataESt14default_deleteISB_EEESaISF_ENSt8__detail10_Select1stESt8equal_toIS5_ESt4hashIS5_ENSH_18_Mod_range_hashingENSH_20_Default_ranged_hashENSH_20_Prime_rehash_policyENSH_17_Hashtable_traitsILb1ELb0ELb1EEEE5eraseENSH_20_Node_const_iteratorISF_Lb0ELb1EEE
 _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St6vectorIPN2v88internal6torque10DeclarableESaISD_EEESaISG_ENSt8__detail10_Select1stESt8equal_toIS5_ESt4hashIS5_ENSI_18_Mod_range_hashingENSI_20_Default_ranged_hashENSI_20_Prime_rehash_policyENSI_17_Hashtable_traitsILb1ELb0ELb1EEEE21_M_insert_unique_nodeEmmPNSI_10_Hash_nodeISG_Lb1EEEm
@@ -67792,8 +67793,6 @@ _ZZN4node6crypto13DeriveBitsJobINS0_17RandomPrimeTraitsEE8ToResultEPN2v85LocalIN
 _ZZN4node6crypto13DeriveBitsJobINS0_17RandomPrimeTraitsEE8ToResultEPN2v85LocalINS4_5ValueEEES8_E4args_0
 _ZZN4node6crypto13EnginePointer5resetEP9engine_stbE4args
 _ZZN4node6crypto13EnginePointer5resetEP9engine_stbE4args_0
-_ZZN4node6crypto13GetInfoStringILi177EEEN2v810MaybeLocalINS2_5ValueEEEPNS_11EnvironmentERKSt10unique_ptrI6bio_stNS_15FunctionDeleterIS9_XadL_Z12BIO_free_allEEEEEP7x509_stE4args
-_ZZN4node6crypto13GetInfoStringILi85EEEN2v810MaybeLocalINS2_5ValueEEEPNS_11EnvironmentERKSt10unique_ptrI6bio_stNS_15FunctionDeleterIS9_XadL_Z12BIO_free_allEEEEEP7x509_stE4args
 _ZZN4node6crypto13MallocOpenSSLIcEEPT_mE4args
 _ZZN4node6crypto13MallocOpenSSLIhEEPT_mE4args
 _ZZN4node6crypto14ReallocOpenSSLIcEEPT_S3_mE4args

package/include/node/node_version.h

@@ -24,7 +24,7 @@
 
 #define NODE_MAJOR_VERSION 16
 #define NODE_MINOR_VERSION 13
-#define NODE_PATCH_VERSION 1
+#define NODE_PATCH_VERSION 2
 
 #define NODE_VERSION_IS_LTS 1
 #define NODE_VERSION_LTS_CODENAME "Gallium"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "node-aix-ppc64",
-  "version": "v16.13.1",
+  "version": "v16.13.2",
   "description": "node",
   "bin": {
     "node": "bin/node"