node-aix-ppc64 18.9.0 → 18.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +38 -0
  2. package/bin/node +0 -0
  3. package/include/node/node.exp +8 -8
  4. package/include/node/node_version.h +1 -1
  5. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -8,6 +8,7 @@
8
8
  </tr>
9
9
  <tr>
10
10
  <td>
11
+ <a href="#18.9.1">18.9.1</a><br/>
11
12
  <a href="#18.9.0">18.9.0</a><br/>
12
13
  <a href="#18.8.0">18.8.0</a><br/>
13
14
  <a href="#18.7.0">18.7.0</a><br/>
@@ -42,6 +43,43 @@
42
43
  * [io.js](CHANGELOG_IOJS.md)
43
44
  * [Archive](CHANGELOG_ARCHIVE.md)
44
45
 
46
+ <a id="18.9.1"></a>
47
+
48
+ ## 2022-09-23, Version 18.9.1 (Current), @RafaelGSS
49
+
50
+ This is a security release.
51
+
52
+ ### Notable changes
53
+
54
+ The following CVEs are fixed in this release:
55
+
56
+ * **[CVE-2022-32212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212)**: DNS rebinding in --inspect on macOS (High)
57
+ * Insufficient fix for macOS devices on v18.5.0
58
+ * **[CVE-2022-32222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32222)**: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
59
+ * **[CVE-2022-32213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213)**: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
60
+ * Insufficient fix on v18.5.0
61
+ * **[CVE-2022-32215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215)**: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
62
+ * Insufficient fix on v18.5.0
63
+ * **[CVE-2022-35256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256)**: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
64
+ * **[CVE-2022-35255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255)**: Weak randomness in WebCrypto keygen
65
+
66
+ More detailed information on each of the vulnerabilities can be found in [September 22nd 2022 Security Releases](https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/) blog post.
67
+
68
+ #### llhttp updated to 6.0.10
69
+
70
+ `llhttp` is updated to 6.0.10 which includes fixes for the following vulnerabilities.
71
+
72
+ * **HTTP Request Smuggling - CVE-2022-32213 bypass via obs-fold mechanic (Medium)([CVE-2022-32213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213) )**: The `llhttp` parser in the `http` module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
73
+ * **HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)([CVE-2022-32215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215))**: The `llhttp` parser in the `http` module does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
74
+ * **HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)([CVE-35256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256))**: The llhttp parser in the `http` does not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS).
75
+
76
+ ### Commits
77
+
78
+ * \[[`0c2a5723be`](https://github.com/nodejs/node/commit/0c2a5723be)] - **crypto**: fix weak randomness in WebCrypto keygen (Ben Noordhuis) [nodejs-private/node-private#](https://github.com/nodejs-private/node-private/pull/346)
79
+ * \[[`ffb6f4d51d`](https://github.com/nodejs/node/commit/ffb6f4d51d)] - **deps**: MacOS - fix location of OpenSSL config file (Michael Dawson) [nodejs-private/node-private#345](https://github.com/nodejs-private/node-private/pull/345)
80
+ * \[[`01bffcdd93`](https://github.com/nodejs/node/commit/01bffcdd93)] - **http**: disable chunked encoding when OBS fold is used (Paolo Insogna) [nodejs-private/node-private#341](https://github.com/nodejs-private/node-private/pull/341)
81
+ * \[[`2c379d341d`](https://github.com/nodejs/node/commit/2c379d341d)] - **src**: fix IPv4 non routable validation (RafaelGSS) [nodejs-private/node-private#337](https://github.com/nodejs-private/node-private/pull/337)
82
+
45
83
  <a id="18.9.0"></a>
46
84
 
47
85
  ## 2022-09-08, Version 18.9.0 (Current), @RafaelGSS
package/bin/node CHANGED
Binary file
package/include/node/node.exp CHANGED
@@ -5949,7 +5949,7 @@ _GLOBAL__I_65535_0_.._deps_v8_src_runtime_runtime_trace.cc_FE345EE0_0x4ebe226fe4
5949
5949
  _GLOBAL__I_65535_0_.._deps_v8_src_sandbox_external_pointer_table.cc_87E8306D_0x11b6f29a79111535
5950
5950
  _GLOBAL__I_65535_0_.._deps_v8_src_sandbox_sandbox.cc_3723FE55_0x9e7922885c6c5f9e
5951
5951
  _GLOBAL__I_65535_0_.._deps_v8_src_strings_string_case.cc_DFF67DD7_0x29976dedf87fc2f5
5952
- _GLOBAL__I_65535_0_.._src_connection_wrap.cc_FE345EE0_0x2385ab7f28f73bb8
5952
+ _GLOBAL__I_65535_0_.._src_connection_wrap.cc_FE345EE0_0x30e80cb92d769e02
5953
5953
  _GLOBAL__I_65535_0_OPENSSL_ppccap_P
5954
5954
  _GLOBAL__I_65535_0__Z16_register_configv
5955
5955
  _GLOBAL__I_65535_0__Z17_register_symbolsv
@@ -46787,6 +46787,7 @@ _ZN4node17SocketAddressBaseC1EPNS_11EnvironmentEN2v85LocalINS3_6ObjectEEESt10sha
46787
46787
  _ZN4node17SocketAddressBaseC2EPNS_11EnvironmentEN2v85LocalINS3_6ObjectEEESt10shared_ptrINS_13SocketAddressEE
46788
46788
  _ZN4node17SocketAddressBaseD0Ev
46789
46789
  _ZN4node17SocketAddressBaseD1Ev
46790
+ _ZN4node17StringEqualNoCaseEPKcS1_
46790
46791
  _ZN4node17SyncProcessRunner10InitializeEN2v85LocalINS1_6ObjectEEENS2_INS1_5ValueEEENS2_INS1_7ContextEEEPv
46791
46792
  _ZN4node17SyncProcessRunner12CopyJsStringEN2v85LocalINS1_5ValueEEEPPKc
46792
46793
  _ZN4node17SyncProcessRunner12ExitCallbackEP12uv_process_sli
@@ -47800,7 +47801,6 @@ _ZN4node6crypto11ManagedX509C2ERKS1_
47800
47801
  _ZN4node6crypto11ManagedX509D0Ev
47801
47802
  _ZN4node6crypto11ManagedX509D1Ev
47802
47803
  _ZN4node6crypto11ManagedX509aSERKS1_
47803
- _ZN4node6crypto12CheckEntropyEv
47804
47804
  _ZN4node6crypto12DHBitsConfigD0Ev
47805
47805
  _ZN4node6crypto12DHBitsConfigD1Ev
47806
47806
  _ZN4node6crypto12DHBitsTraits10DeriveBitsEPNS_11EnvironmentERKNS0_12DHBitsConfigEPNS0_10ByteSourceE
@@ -47925,7 +47925,6 @@ _ZN4node6crypto13DiffieHellmanC1EPNS_11EnvironmentEN2v85LocalINS4_6ObjectEEE
47925
47925
  _ZN4node6crypto13DiffieHellmanC2EPNS_11EnvironmentEN2v85LocalINS4_6ObjectEEE
47926
47926
  _ZN4node6crypto13DiffieHellmanD0Ev
47927
47927
  _ZN4node6crypto13DiffieHellmanD1Ev
47928
- _ZN4node6crypto13EntropySourceEPhm
47929
47928
  _ZN4node6crypto13GetCipherInfoEPNS_11EnvironmentERKSt10unique_ptrI6ssl_stNS_15FunctionDeleterIS4_XadL_Z8SSL_freeEEEEE
47930
47929
  _ZN4node6crypto13GetFipsCryptoERKN2v820FunctionCallbackInfoINS1_5ValueEEE
47931
47930
  _ZN4node6crypto13GetServerNameEP6ssl_st
@@ -48306,6 +48305,7 @@ _ZN4node6crypto5SPKAC15ExportPublicKeyEPNS_11EnvironmentERKNS0_25ArrayBufferOrVi
48306
48305
  _ZN4node6crypto5SPKAC15ExportPublicKeyERKN2v820FunctionCallbackInfoINS2_5ValueEEE
48307
48306
  _ZN4node6crypto5SPKAC26RegisterExternalReferencesEPNS_25ExternalReferenceRegistryE
48308
48307
  _ZN4node6crypto5error8DecorateEPNS_11EnvironmentEN2v85LocalINS4_6ObjectEEEm
48308
+ _ZN4node6crypto6CSPRNGEPvm
48309
48309
  _ZN4node6crypto6DSAAlg10InitializeEPNS_11EnvironmentEN2v85LocalINS4_6ObjectEEE
48310
48310
  _ZN4node6crypto6DSAAlg26RegisterExternalReferencesEPNS_25ExternalReferenceRegistryE
48311
48311
  _ZN4node6crypto6DecodeINS0_10CipherBaseEEEvRKN2v820FunctionCallbackInfoINS3_5ValueEEEPFvPT_S8_PKcmE
@@ -72766,18 +72766,18 @@ llhttp__internal__c_test_flags_3
72766
72766
  llhttp__internal__c_test_lenient_flags
72767
72767
  llhttp__internal__c_test_lenient_flags_1
72768
72768
  llhttp__internal__c_test_lenient_flags_2
72769
- llhttp__internal__c_test_lenient_flags_4
72770
- llhttp__internal__c_test_lenient_flags_6
72769
+ llhttp__internal__c_test_lenient_flags_5
72770
+ llhttp__internal__c_test_lenient_flags_7
72771
72771
  llhttp__internal__c_update_content_length
72772
72772
  llhttp__internal__c_update_finish
72773
72773
  llhttp__internal__c_update_finish_1
72774
72774
  llhttp__internal__c_update_finish_3
72775
72775
  llhttp__internal__c_update_header_state
72776
- llhttp__internal__c_update_header_state_2
72777
- llhttp__internal__c_update_header_state_4
72778
- llhttp__internal__c_update_header_state_5
72776
+ llhttp__internal__c_update_header_state_1
72777
+ llhttp__internal__c_update_header_state_3
72779
72778
  llhttp__internal__c_update_header_state_6
72780
72779
  llhttp__internal__c_update_header_state_7
72780
+ llhttp__internal__c_update_header_state_8
72781
72781
  llhttp__internal__c_update_http_major
72782
72782
  llhttp__internal__c_update_http_minor
72783
72783
  llhttp__internal__c_update_status_code
package/include/node/node_version.h CHANGED
@@ -24,7 +24,7 @@
24
24
 
25
25
  #define NODE_MAJOR_VERSION 18
26
26
  #define NODE_MINOR_VERSION 9
27
- #define NODE_PATCH_VERSION 0
27
+ #define NODE_PATCH_VERSION 1
28
28
 
29
29
  #define NODE_VERSION_IS_LTS 0
30
30
  #define NODE_VERSION_LTS_CODENAME ""
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "node-aix-ppc64",
3
- "version": "v18.9.0",
3
+ "version": "v18.9.1",
4
4
  "description": "node",
5
5
  "bin": {
6
6
  "node": "bin/node"