node-linux-arm64 18.16.0 → 18.16.1

package/CHANGELOG.md

@@ -9,6 +9,7 @@
 </tr>
 <tr>
 <td>
+<a href="#18.16.1">18.16.1</a><br/>
 <a href="#18.16.0">18.16.0</a><br/>
 <a href="#18.15.0">18.15.0</a><br/>
 <a href="#18.14.2">18.14.2</a><br/>
@@ -56,6 +57,46 @@
   * [io.js](CHANGELOG_IOJS.md)
   * [Archive](CHANGELOG_ARCHIVE.md)
 
+<a id="18.16.1"></a>
+
+## 2023-06-20, Version 18.16.1 'Hydrogen' (LTS), @RafaelGSS
+
+This is a security release.
+
+### Notable Changes
+
+The following CVEs are fixed in this release:
+
+* [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
+* [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
+* [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): Process interuption due to invalid Public Key information in x509 certificates (Medium)
+* [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): HTTP Request Smuggling via Empty headers separated by CR (Medium)
+* [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): DiffieHellman does not generate keys after setting a private key (Medium)
+* OpenSSL Security Releases
+  * [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt).
+  * [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt).
+  * [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt)
+* c-ares vulnerabilities:
+  * [GHSA-9g78-jv2r-p7vc](https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc)
+  * [GHSA-8r8p-23f3-64c2](https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2)
+  * [GHSA-54xr-f67r-4pc4](https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4)
+  * [GHSA-x6mf-cxr9-8q6v](https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v)
+
+More detailed information on each of the vulnerabilities can be found in [June 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/) blog post.
+
+### Commits
+
+* \[[`bf3e2c8928`](https://github.com/nodejs/node/commit/bf3e2c8928)] - **crypto**: handle cert with invalid SPKI gracefully (Tobias Nießen) [nodejs-private/node-private#393](https://github.com/nodejs-private/node-private/pull/393)
+* \[[`70f9449072`](https://github.com/nodejs/node/commit/70f9449072)] - **deps**: set `CARES_RANDOM_FILE` for c-ares (Richard Lau) [#48156](https://github.com/nodejs/node/pull/48156)
+* \[[`35d4efb57b`](https://github.com/nodejs/node/commit/35d4efb57b)] - **deps**: update c-ares to 1.19.1 (RafaelGSS) [#48115](https://github.com/nodejs/node/pull/48115)
+* \[[`392dfedc77`](https://github.com/nodejs/node/commit/392dfedc77)] - **deps**: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) [#48402](https://github.com/nodejs/node/pull/48402)
+* \[[`46cd5fe38b`](https://github.com/nodejs/node/commit/46cd5fe38b)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) [#48402](https://github.com/nodejs/node/pull/48402)
+* \[[`7e3d2d85c2`](https://github.com/nodejs/node/commit/7e3d2d85c2)] - **doc,test**: clarify behavior of DH generateKeys (Tobias Nießen) [nodejs-private/node-private#426](https://github.com/nodejs-private/node-private/pull/426)
+* \[[`4ff6ba050a`](https://github.com/nodejs/node/commit/4ff6ba050a)] - **http**: disable request smuggling via rempty headers (Paolo Insogna) [nodejs-private/node-private#428](https://github.com/nodejs-private/node-private/pull/428)
+* \[[`ab269129a6`](https://github.com/nodejs/node/commit/ab269129a6)] - **msi**: do not create AppData\Roaming\npm (Tobias Nießen) [nodejs-private/node-private#408](https://github.com/nodejs-private/node-private/pull/408)
+* \[[`925e8f5619`](https://github.com/nodejs/node/commit/925e8f5619)] - **policy**: handle mainModule.\_\_proto\_\_ bypass (RafaelGSS) [nodejs-private/node-private#416](https://github.com/nodejs-private/node-private/pull/416)
+* \[[`d6fae8e47e`](https://github.com/nodejs/node/commit/d6fae8e47e)] - **test**: allow SIGBUS in signal-handler abort test (Michaël Zasso) [#47851](https://github.com/nodejs/node/pull/47851)
+
 <a id="18.16.0"></a>
 
 ## 2023-04-12, Version 18.16.0 'Hydrogen' (LTS), @danielleadams

package/include/node/node_version.h

@@ -24,7 +24,7 @@
 
 #define NODE_MAJOR_VERSION 18
 #define NODE_MINOR_VERSION 16
-#define NODE_PATCH_VERSION 0
+#define NODE_PATCH_VERSION 1
 
 #define NODE_VERSION_IS_LTS 1
 #define NODE_VERSION_LTS_CODENAME "Hydrogen"

package/include/node/openssl/archs/BSD-x86/asm/crypto/buildinf.h

@@ -11,7 +11,7 @@
  */
 
 #define PLATFORM "platform: BSD-x86"
-#define DATE "built on: Mon Feb 13 14:21:06 2023 UTC"
+#define DATE "built on: Fri Jun  9 11:58:46 2023 UTC"
 
 /*
  * Generate compiler_flags as an array of individual characters. This is a

package/include/node/openssl/archs/BSD-x86/asm/include/openssl/cmp.h

@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cmp.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -442,8 +442,8 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
 int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
 int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
                                      const unsigned char *ref, int len);
-int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
-                                  const int len);
+int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
+                                  const unsigned char *sec, int len);
 /* CMP message header and extra certificates: */
 int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
@@ -503,6 +503,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
 OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
 OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
                                 const char *propq);

package/include/node/openssl/archs/BSD-x86/asm/include/openssl/opensslv.h

@@ -29,7 +29,7 @@ extern "C" {
  */
 # define OPENSSL_VERSION_MAJOR  3
 # define OPENSSL_VERSION_MINOR  0
-# define OPENSSL_VERSION_PATCH  8
+# define OPENSSL_VERSION_PATCH  9
 
 /*
  * Additional version information
@@ -74,21 +74,21 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.0.8"
-# define OPENSSL_FULL_VERSION_STR "3.0.8+quic"
+# define OPENSSL_VERSION_STR "3.0.9"
+# define OPENSSL_FULL_VERSION_STR "3.0.9+quic"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
  *
  * These strings are defined separately to allow them to be parsable.
  */
-# define OPENSSL_RELEASE_DATE "7 Feb 2023"
+# define OPENSSL_RELEASE_DATE "30 May 2023"
 
 /*
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.8+quic 7 Feb 2023"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE

package/include/node/openssl/archs/BSD-x86/asm_avx2/crypto/buildinf.h

@@ -11,7 +11,7 @@
  */
 
 #define PLATFORM "platform: BSD-x86"
-#define DATE "built on: Mon Feb 13 14:21:18 2023 UTC"
+#define DATE "built on: Fri Jun  9 11:59:07 2023 UTC"
 
 /*
  * Generate compiler_flags as an array of individual characters. This is a

package/include/node/openssl/archs/BSD-x86/asm_avx2/include/openssl/cmp.h

@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cmp.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -442,8 +442,8 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
 int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
 int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
                                      const unsigned char *ref, int len);
-int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
-                                  const int len);
+int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
+                                  const unsigned char *sec, int len);
 /* CMP message header and extra certificates: */
 int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
@@ -503,6 +503,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
 OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
 OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
                                 const char *propq);

package/include/node/openssl/archs/BSD-x86/asm_avx2/include/openssl/opensslv.h

@@ -29,7 +29,7 @@ extern "C" {
  */
 # define OPENSSL_VERSION_MAJOR  3
 # define OPENSSL_VERSION_MINOR  0
-# define OPENSSL_VERSION_PATCH  8
+# define OPENSSL_VERSION_PATCH  9
 
 /*
  * Additional version information
@@ -74,21 +74,21 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.0.8"
-# define OPENSSL_FULL_VERSION_STR "3.0.8+quic"
+# define OPENSSL_VERSION_STR "3.0.9"
+# define OPENSSL_FULL_VERSION_STR "3.0.9+quic"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
  *
  * These strings are defined separately to allow them to be parsable.
  */
-# define OPENSSL_RELEASE_DATE "7 Feb 2023"
+# define OPENSSL_RELEASE_DATE "30 May 2023"
 
 /*
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.8+quic 7 Feb 2023"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE

package/include/node/openssl/archs/BSD-x86/no-asm/crypto/buildinf.h

@@ -11,7 +11,7 @@
  */
 
 #define PLATFORM "platform: BSD-x86"
-#define DATE "built on: Mon Feb 13 14:21:30 2023 UTC"
+#define DATE "built on: Fri Jun  9 11:59:26 2023 UTC"
 
 /*
  * Generate compiler_flags as an array of individual characters. This is a
@@ -19,14 +19,14 @@
  * literal
  */
 static const char compiler_flags[] = {
-    'c','o','m','p','i','l','e','r',':',' ','g','c','c',' ','-','f',
-    'P','I','C',' ','-','p','t','h','r','e','a','d',' ','-','W','a',
-    'l','l',' ','-','O','3',' ','-','f','o','m','i','t','-','f','r',
-    'a','m','e','-','p','o','i','n','t','e','r',' ','-','D','L','_',
-    'E','N','D','I','A','N',' ','-','D','O','P','E','N','S','S','L',
-    '_','P','I','C',' ','-','D','_','T','H','R','E','A','D','_','S',
-    'A','F','E',' ','-','D','_','R','E','E','N','T','R','A','N','T',
-    ' ','-','D','O','P','E','N','S','S','L','_','B','U','I','L','D',
-    'I','N','G','_','O','P','E','N','S','S','L',' ','-','D','N','D',
-    'E','B','U','G','\0'
+    'c','o','m','p','i','l','e','r',':',' ','c','c',' ','-','f','P',
+    'I','C',' ','-','p','t','h','r','e','a','d',' ','-','W','a','l',
+    'l',' ','-','O','3',' ','-','f','o','m','i','t','-','f','r','a',
+    'm','e','-','p','o','i','n','t','e','r',' ','-','D','L','_','E',
+    'N','D','I','A','N',' ','-','D','O','P','E','N','S','S','L','_',
+    'P','I','C',' ','-','D','_','T','H','R','E','A','D','_','S','A',
+    'F','E',' ','-','D','_','R','E','E','N','T','R','A','N','T',' ',
+    '-','D','O','P','E','N','S','S','L','_','B','U','I','L','D','I',
+    'N','G','_','O','P','E','N','S','S','L',' ','-','D','N','D','E',
+    'B','U','G','\0'
 };

package/include/node/openssl/archs/BSD-x86/no-asm/include/openssl/cmp.h

@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cmp.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -442,8 +442,8 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
 int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
 int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
                                      const unsigned char *ref, int len);
-int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
-                                  const int len);
+int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
+                                  const unsigned char *sec, int len);
 /* CMP message header and extra certificates: */
 int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
@@ -503,6 +503,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
 OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
 OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
                                 const char *propq);

package/include/node/openssl/archs/BSD-x86/no-asm/include/openssl/opensslv.h

@@ -29,7 +29,7 @@ extern "C" {
  */
 # define OPENSSL_VERSION_MAJOR  3
 # define OPENSSL_VERSION_MINOR  0
-# define OPENSSL_VERSION_PATCH  8
+# define OPENSSL_VERSION_PATCH  9
 
 /*
  * Additional version information
@@ -74,21 +74,21 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.0.8"
-# define OPENSSL_FULL_VERSION_STR "3.0.8+quic"
+# define OPENSSL_VERSION_STR "3.0.9"
+# define OPENSSL_FULL_VERSION_STR "3.0.9+quic"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
  *
  * These strings are defined separately to allow them to be parsable.
  */
-# define OPENSSL_RELEASE_DATE "7 Feb 2023"
+# define OPENSSL_RELEASE_DATE "30 May 2023"
 
 /*
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.8+quic 7 Feb 2023"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE

package/include/node/openssl/archs/BSD-x86_64/asm/crypto/buildinf.h

@@ -11,7 +11,7 @@
  */
 
 #define PLATFORM "platform: BSD-x86_64"
-#define DATE "built on: Mon Feb 13 14:21:40 2023 UTC"
+#define DATE "built on: Fri Jun  9 11:59:45 2023 UTC"
 
 /*
  * Generate compiler_flags as an array of individual characters. This is a

package/include/node/openssl/archs/BSD-x86_64/asm/include/openssl/cmp.h

@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cmp.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -442,8 +442,8 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
 int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
 int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
                                      const unsigned char *ref, int len);
-int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
-                                  const int len);
+int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
+                                  const unsigned char *sec, int len);
 /* CMP message header and extra certificates: */
 int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
@@ -503,6 +503,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
 OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
 OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
                                 const char *propq);

package/include/node/openssl/archs/BSD-x86_64/asm/include/openssl/opensslv.h

@@ -29,7 +29,7 @@ extern "C" {
  */
 # define OPENSSL_VERSION_MAJOR  3
 # define OPENSSL_VERSION_MINOR  0
-# define OPENSSL_VERSION_PATCH  8
+# define OPENSSL_VERSION_PATCH  9
 
 /*
  * Additional version information
@@ -74,21 +74,21 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.0.8"
-# define OPENSSL_FULL_VERSION_STR "3.0.8+quic"
+# define OPENSSL_VERSION_STR "3.0.9"
+# define OPENSSL_FULL_VERSION_STR "3.0.9+quic"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
  *
  * These strings are defined separately to allow them to be parsable.
  */
-# define OPENSSL_RELEASE_DATE "7 Feb 2023"
+# define OPENSSL_RELEASE_DATE "30 May 2023"
 
 /*
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.8+quic 7 Feb 2023"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE

package/include/node/openssl/archs/BSD-x86_64/asm_avx2/crypto/buildinf.h

@@ -11,7 +11,7 @@
  */
 
 #define PLATFORM "platform: BSD-x86_64"
-#define DATE "built on: Mon Feb 13 14:21:54 2023 UTC"
+#define DATE "built on: Fri Jun  9 12:00:09 2023 UTC"
 
 /*
  * Generate compiler_flags as an array of individual characters. This is a

package/include/node/openssl/archs/BSD-x86_64/asm_avx2/include/openssl/cmp.h

@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cmp.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -442,8 +442,8 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
 int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
 int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
                                      const unsigned char *ref, int len);
-int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
-                                  const int len);
+int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
+                                  const unsigned char *sec, int len);
 /* CMP message header and extra certificates: */
 int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
@@ -503,6 +503,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
 OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
 OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
                                 const char *propq);

package/include/node/openssl/archs/BSD-x86_64/asm_avx2/include/openssl/opensslv.h

@@ -29,7 +29,7 @@ extern "C" {
  */
 # define OPENSSL_VERSION_MAJOR  3
 # define OPENSSL_VERSION_MINOR  0
-# define OPENSSL_VERSION_PATCH  8
+# define OPENSSL_VERSION_PATCH  9
 
 /*
  * Additional version information
@@ -74,21 +74,21 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.0.8"
-# define OPENSSL_FULL_VERSION_STR "3.0.8+quic"
+# define OPENSSL_VERSION_STR "3.0.9"
+# define OPENSSL_FULL_VERSION_STR "3.0.9+quic"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
  *
  * These strings are defined separately to allow them to be parsable.
  */
-# define OPENSSL_RELEASE_DATE "7 Feb 2023"
+# define OPENSSL_RELEASE_DATE "30 May 2023"
 
 /*
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.8+quic 7 Feb 2023"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE

package/include/node/openssl/archs/BSD-x86_64/no-asm/crypto/buildinf.h

@@ -11,7 +11,7 @@
  */
 
 #define PLATFORM "platform: BSD-x86_64"
-#define DATE "built on: Mon Feb 13 14:22:08 2023 UTC"
+#define DATE "built on: Fri Jun  9 12:00:34 2023 UTC"
 
 /*
  * Generate compiler_flags as an array of individual characters. This is a
@@ -19,12 +19,12 @@
  * literal
  */
 static const char compiler_flags[] = {
-    'c','o','m','p','i','l','e','r',':',' ','g','c','c',' ','-','f',
-    'P','I','C',' ','-','p','t','h','r','e','a','d',' ','-','W','a',
-    'l','l',' ','-','O','3',' ','-','D','L','_','E','N','D','I','A',
-    'N',' ','-','D','O','P','E','N','S','S','L','_','P','I','C',' ',
-    '-','D','_','T','H','R','E','A','D','_','S','A','F','E',' ','-',
-    'D','_','R','E','E','N','T','R','A','N','T',' ','-','D','O','P',
-    'E','N','S','S','L','_','B','U','I','L','D','I','N','G','_','O',
-    'P','E','N','S','S','L',' ','-','D','N','D','E','B','U','G','\0'
+    'c','o','m','p','i','l','e','r',':',' ','c','c',' ','-','f','P',
+    'I','C',' ','-','p','t','h','r','e','a','d',' ','-','W','a','l',
+    'l',' ','-','O','3',' ','-','D','L','_','E','N','D','I','A','N',
+    ' ','-','D','O','P','E','N','S','S','L','_','P','I','C',' ','-',
+    'D','_','T','H','R','E','A','D','_','S','A','F','E',' ','-','D',
+    '_','R','E','E','N','T','R','A','N','T',' ','-','D','O','P','E',
+    'N','S','S','L','_','B','U','I','L','D','I','N','G','_','O','P',
+    'E','N','S','S','L',' ','-','D','N','D','E','B','U','G','\0'
 };

package/include/node/openssl/archs/BSD-x86_64/no-asm/include/openssl/cmp.h

@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cmp.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -442,8 +442,8 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
 int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
 int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
                                      const unsigned char *ref, int len);
-int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
-                                  const int len);
+int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
+                                  const unsigned char *sec, int len);
 /* CMP message header and extra certificates: */
 int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
@@ -503,6 +503,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
 OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
 OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
                                 const char *propq);

package/include/node/openssl/archs/BSD-x86_64/no-asm/include/openssl/opensslv.h

@@ -29,7 +29,7 @@ extern "C" {
  */
 # define OPENSSL_VERSION_MAJOR  3
 # define OPENSSL_VERSION_MINOR  0
-# define OPENSSL_VERSION_PATCH  8
+# define OPENSSL_VERSION_PATCH  9
 
 /*
  * Additional version information
@@ -74,21 +74,21 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.0.8"
-# define OPENSSL_FULL_VERSION_STR "3.0.8+quic"
+# define OPENSSL_VERSION_STR "3.0.9"
+# define OPENSSL_FULL_VERSION_STR "3.0.9+quic"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
  *
  * These strings are defined separately to allow them to be parsable.
  */
-# define OPENSSL_RELEASE_DATE "7 Feb 2023"
+# define OPENSSL_RELEASE_DATE "30 May 2023"
 
 /*
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.8+quic 7 Feb 2023"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE