node-aix-ppc64 20.8.0 → 20.8.1

package/CHANGELOG.md

@@ -8,6 +8,7 @@
 </tr>
 <tr>
 <td>
+<a href="#20.8.1">20.8.1</a><br/>
 <a href="#20.8.0">20.8.0</a><br/>
 <a href="#20.7.0">20.7.0</a><br/>
 <a href="#20.6.1">20.6.1</a><br/>
@@ -46,6 +47,35 @@
   * [io.js](CHANGELOG_IOJS.md)
   * [Archive](CHANGELOG_ARCHIVE.md)
 
+<a id="20.8.1"></a>
+
+## 2023-10-13, Version 20.8.1 (Current), @RafaelGSS
+
+This is a security release.
+
+### Notable Changes
+
+The following CVEs are fixed in this release:
+
+* [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High)
+* [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High)
+* [CVE-2023-39332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39332): Path traversal through path stored in Uint8Array (High)
+* [CVE-2023-39331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39331): Permission model improperly protects against path traversal (High)
+* [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552):  Integrity checks according to policies can be circumvented (Medium)
+* [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low)
+
+More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/) blog post.
+
+### Commits
+
+* \[[`c86883e844`](https://github.com/nodejs/node/commit/c86883e844)] - **deps**: update nghttp2 to 1.57.0 (James M Snell) [#50121](https://github.com/nodejs/node/pull/50121)
+* \[[`2860631359`](https://github.com/nodejs/node/commit/2860631359)] - **deps**: update undici to v5.26.3 (Matteo Collina) [#50153](https://github.com/nodejs/node/pull/50153)
+* \[[`cd37838bf8`](https://github.com/nodejs/node/commit/cd37838bf8)] - **lib**: let deps require `node` prefixed modules (Matthew Aitken) [#50047](https://github.com/nodejs/node/pull/50047)
+* \[[`f5c90b2951`](https://github.com/nodejs/node/commit/f5c90b2951)] - **module**: fix code injection through export names (Tobias Nießen) [nodejs-private/node-private#461](https://github.com/nodejs-private/node-private/pull/461)
+* \[[`fa5dae1944`](https://github.com/nodejs/node/commit/fa5dae1944)] - **permission**: fix Uint8Array path traversal (Tobias Nießen) [nodejs-private/node-private#456](https://github.com/nodejs-private/node-private/pull/456)
+* \[[`cd35275111`](https://github.com/nodejs/node/commit/cd35275111)] - **permission**: improve path traversal protection (Tobias Nießen) [nodejs-private/node-private#456](https://github.com/nodejs-private/node-private/pull/456)
+* \[[`a4cb7fc7c0`](https://github.com/nodejs/node/commit/a4cb7fc7c0)] - **policy**: use tamper-proof integrity check function (Tobias Nießen) [nodejs-private/node-private#462](https://github.com/nodejs-private/node-private/pull/462)
+
 <a id="20.8.0"></a>
 
 ## 2023-09-28, Version 20.8.0 (Current), @ruyadorno

package/include/node/node.exp

@@ -5961,22 +5961,22 @@ _GLOBAL__F__ZN2v88internal6torque5Block13SetInputTypesERKNS1_5StackIPKNS1_4TypeE
 _GLOBAL__F__ZN2v88internal6torque9KytheData21AddConstantDefinitionEPKNS1_5ValueE
 _GLOBAL__F__ZNK2v88internal6torque3cpp8Function22PrintDeclarationHeaderERSoi
 _GLOBAL__F__ZNK2v88internal6torque4Rule9RunActionEPKNS1_4ItemERKNS1_11LexerResultE
-_GLOBAL__I_65535_0_.._deps_v8_src_compiler_int64_lowering.cc_E21CEA7D_0x7e9e3a6628559db7
-_GLOBAL__I_65535_0_.._deps_v8_src_compiler_turboshaft_utils.cc_DFF67DD7_0x9415f2318a15dbb2
-_GLOBAL__I_65535_0_.._deps_v8_src_diagnostics_gdb_jit.cc_DFF67DD7_0x46e20c0b530f9893
-_GLOBAL__I_65535_0_.._deps_v8_src_diagnostics_objects_debug.cc_E21CEA7D_0x8e118d5fbed22c33
-_GLOBAL__I_65535_0_.._deps_v8_src_execution_arguments.cc_DFF67DD7_0x48d8c9bc843af56f
-_GLOBAL__I_65535_0_.._deps_v8_src_execution_simulator_base.cc_7874F2D3_0xf7588dbf80167e4f
-_GLOBAL__I_65535_0_.._deps_v8_src_heap_evacuation_verifier.cc_E21CEA7D_0xd0f67252b1f4f9d1
-_GLOBAL__I_65535_0_.._deps_v8_src_heap_factory_base.cc_7874F2D3_0xdc580820d0e7c97b
-_GLOBAL__I_65535_0_.._deps_v8_src_heap_heap_verifier.cc_7874F2D3_0x9a293ad174b55a01
-_GLOBAL__I_65535_0_.._deps_v8_src_heap_objects_visiting.cc_DFF67DD7_0x6949e86bf86ae388
-_GLOBAL__I_65535_0_.._deps_v8_src_objects_tagged_impl.cc_87E8306D_0xab7dacbb49507fa6
-_GLOBAL__I_65535_0_.._deps_v8_src_runtime_runtime_trace.cc_E21CEA7D_0x73c57ae62ef70f82
-_GLOBAL__I_65535_0_.._deps_v8_src_sandbox_external_pointer_table.cc_87E8306D_0x27f896e299d9fa1a
-_GLOBAL__I_65535_0_.._deps_v8_src_sandbox_sandbox.cc_87E8306D_0x2f0ab1046c749870
-_GLOBAL__I_65535_0_.._deps_v8_src_sandbox_testing.cc_7874F2D3_0x69732035c409d47a
-_GLOBAL__I_65535_0_.._src_connection_wrap.cc_E21CEA7D_0x20956c8609908a17
+_GLOBAL__I_65535_0_.._deps_v8_src_compiler_int64_lowering.cc_E21CEA7D_0x679d51edfbb59db9
+_GLOBAL__I_65535_0_.._deps_v8_src_compiler_turboshaft_utils.cc_DFF67DD7_0x168186bcaffdf23a
+_GLOBAL__I_65535_0_.._deps_v8_src_diagnostics_gdb_jit.cc_DFF67DD7_0x63b3fbd10ce21c82
+_GLOBAL__I_65535_0_.._deps_v8_src_diagnostics_objects_debug.cc_E21CEA7D_0x5542b15e2dc168e3
+_GLOBAL__I_65535_0_.._deps_v8_src_execution_arguments.cc_DFF67DD7_0x71bc7d2b450b935f
+_GLOBAL__I_65535_0_.._deps_v8_src_execution_simulator_base.cc_7874F2D3_0xa17a5c1d2a3b5036
+_GLOBAL__I_65535_0_.._deps_v8_src_heap_evacuation_verifier.cc_E21CEA7D_0xc1878895ad910c6a
+_GLOBAL__I_65535_0_.._deps_v8_src_heap_factory_base.cc_7874F2D3_0xb15da57385978b4f
+_GLOBAL__I_65535_0_.._deps_v8_src_heap_heap_verifier.cc_7874F2D3_0xb3fa937f0fdb94b7
+_GLOBAL__I_65535_0_.._deps_v8_src_heap_objects_visiting.cc_DFF67DD7_0x95e132da81623bab
+_GLOBAL__I_65535_0_.._deps_v8_src_objects_tagged_impl.cc_87E8306D_0xba83b92c1cf5681a
+_GLOBAL__I_65535_0_.._deps_v8_src_runtime_runtime_trace.cc_E21CEA7D_0x826e3a0c4b7411be
+_GLOBAL__I_65535_0_.._deps_v8_src_sandbox_external_pointer_table.cc_87E8306D_0xc49810cee33762e6
+_GLOBAL__I_65535_0_.._deps_v8_src_sandbox_sandbox.cc_87E8306D_0xbf580318da80b1a6
+_GLOBAL__I_65535_0_.._deps_v8_src_sandbox_testing.cc_7874F2D3_0xc50703e5ac27906e
+_GLOBAL__I_65535_0_.._src_connection_wrap.cc_E21CEA7D_0xb25fc710c6dcbd7e
 _GLOBAL__I_65535_0_OPENSSL_ppccap_P
 _GLOBAL__I_65535_0__Z16_register_configv
 _GLOBAL__I_65535_0__Z17_register_symbolsv
@@ -7068,9 +7068,9 @@ _GLOBAL__I_65535_0__ZNK4node3url11BindingData10MemoryInfoEPNS_13MemoryTrackerE
 _GLOBAL__I_65535_0__ZNK4node4quic10TLSContext4sideEv
 _GLOBAL__I_65535_0__ZNK4node4quic6Packet11destinationEv
 _GLOBAL__I_65535_0__ZNK7simdutf14implementation27supported_by_runtime_systemEv
-_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_enum_verifiers.cc_E21CEA7D_0x13ff925ece47af3e
-_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_factory.cc_7874F2D3_0x2b5f399e7fbe3aea
-_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_src_objects_torque_defined_classes_tq_csa.cc_E21CEA7D_0x50cda2c293ee570f
+_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_enum_verifiers.cc_E21CEA7D_0xf07a5c498ef939ea
+_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_factory.cc_7874F2D3_0xb677e1e425578f2d
+_GLOBAL__I_65535_0__home_iojs_build_ws_out_Release_obj_gen_torque_generated_src_objects_torque_defined_classes_tq_csa.cc_E21CEA7D_0xea4995f58ac0a867
 _GLOBAL__I_65535_0_nodedbg_const_ContextEmbedderIndex__kEnvironment__int
 _GLOBAL__I_65535_0_v8dbg_frametype_EntryFrame
 _HZData_73
@@ -54811,6 +54811,7 @@ _ZN4node6crypto21VerifyPeerCertificateERKSt10unique_ptrI6ssl_stNS_15FunctionDele
 _ZN4node6crypto22GetValidationErrorCodeEPNS_11EnvironmentEi
 _ZN4node6crypto23GetCurrentCipherVersionEPNS_11EnvironmentERKSt10unique_ptrI6ssl_stNS_15FunctionDeleterIS4_XadL_Z8SSL_freeEEEEE
 _ZN4node6crypto23GetSubjectAltNameStringEPNS_11EnvironmentEP7x509_stRKSt10unique_ptrI6bio_stNS_15FunctionDeleterIS6_XadL_Z12BIO_free_allEEEEE
+_ZN4node6crypto23InternalVerifyIntegrityERKN2v820FunctionCallbackInfoINS1_5ValueEEE
 _ZN4node6crypto23SafeX509InfoAccessPrintERKSt10unique_ptrI6bio_stNS_15FunctionDeleterIS2_XadL_Z12BIO_free_allEEEEEP17X509_extension_st
 _ZN4node6crypto24GetClientHelloServerNameERKSt10unique_ptrI6ssl_stNS_15FunctionDeleterIS2_XadL_Z8SSL_freeEEEEE
 _ZN4node6crypto24GetValidationErrorReasonEPNS_11EnvironmentEi
@@ -81338,6 +81339,7 @@ nghttp2_option_set_no_recv_client_magic
 nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation
 nghttp2_option_set_peer_max_concurrent_streams
 nghttp2_option_set_server_fallback_rfc7540_priorities
+nghttp2_option_set_stream_reset_rate_limit
 nghttp2_option_set_user_recv_extension_type
 nghttp2_outbound_item_free
 nghttp2_outbound_item_init
@@ -81368,6 +81370,9 @@ nghttp2_queue_front
 nghttp2_queue_init
 nghttp2_queue_pop
 nghttp2_queue_push
+nghttp2_ratelim_drain
+nghttp2_ratelim_init
+nghttp2_ratelim_update
 nghttp2_rcbuf_decref
 nghttp2_rcbuf_del
 nghttp2_rcbuf_get_buf
@@ -81544,6 +81549,7 @@ nghttp2_submit_settings
 nghttp2_submit_shutdown_notice
 nghttp2_submit_trailer
 nghttp2_submit_window_update
+nghttp2_time_now_sec
 nghttp2_version
 nghttp3_balloc_clear
 nghttp3_balloc_free

package/include/node/node_version.h

@@ -24,7 +24,7 @@
 
 #define NODE_MAJOR_VERSION 20
 #define NODE_MINOR_VERSION 8
-#define NODE_PATCH_VERSION 0
+#define NODE_PATCH_VERSION 1
 
 #define NODE_VERSION_IS_LTS 0
 #define NODE_VERSION_LTS_CODENAME ""

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "node-aix-ppc64",
-  "version": "v20.8.0",
+  "version": "v20.8.1",
   "description": "node",
   "bin": {
     "node": "bin/node"