PR-URL: #47502

Backport-PR-URL: nodejs-private/node-private#419
PR-URL: nodejs-private/node-private#416
Reviewed-By: Rich Trott <[email protected]>
CVE-ID: CVE-2023-30581

The DiffieHellman class is an old and thin wrapper around certain
OpenSSL functions, many of which are deprecated in OpenSSL 3.0. Because
the Node.js API mirrors the OpenSSL API, it adopts some of its
peculiarities, but the Node.js documentation does not properly reflect
these. Most importantly, despite the documentation saying otherwise,
diffieHellman.generateKeys() does not generate a new private key when
one has already been set or generated. Based on the documentation alone,
users may be led to misuse the API in a way that results in key reuse,
which can have drastic negative consequences for subsequent operations
that consume the shared secret.

These design issues in this old API have been around for many years, and
we are not currently aware of any misuse in the ecosystem that falls
into the above scenario. Changing the behavior of the API would be a
significant breaking change and is thus not appropriate for a security
release (nor is it a goal.) The reported issue is treated as CWE-1068
(after a vast amount of uncertainty whether to treat it as a
vulnerability at all), therefore, this change only updates the
documentation to match the actual behavior. Tests are also added that
demonstrate this particular oddity.

Newer APIs exist that can be used for some, but not all, Diffie-Hellman
operations (e.g., crypto.diffieHellman() that was added in 2020). We
should keep modernizing crypto APIs, but that is a non-goal for this
security release.

The ECDH class mirrors the DiffieHellman class in many ways, but it does
not appear to be affected by this particular peculiarity. In particular,
ecdh.generateKeys() does appear to always generate a new private key.

PR-URL: nodejs-private/node-private#426
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
CVE-ID: CVE-2023-30590

PR-URL: nodejs-private/node-private#428
Refs: nodejs-private/node-private#427
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
CVE-ID: CVE-2023-30589

PR-URL: #48402
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Mohammed Keyvanzadeh <[email protected]>

PR-URL: #48402
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Mohammed Keyvanzadeh <[email protected]>

PR-URL: #48115
Backport-PR-URL: nodejs-private/node-private#437
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Rich Trott <[email protected]>

Upstream c-ares renamed `RANDOM_FILE` to `CARES_RANDOM_FILE` some
time ago in c-ares 1.17.2.

PR-URL: #48156
Refs: c-ares/c-ares#397
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>

When attempting to convert the SPKI of a X509Certificate to a KeyObject,
throw an error if the subjectPublicKey cannot be parsed instead of
aborting the process.

Fixes: https://hackerone.com/bugs?report_id=1884159
PR-URL: nodejs-private/node-private#393
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Robert Nagy <[email protected]>
CVE-ID: CVE-2023-30588

FreeBSD uses SIGBUS after update to v12.4.

Refs: nodejs/build#3134
PR-URL: #47851
Reviewed-By: Santiago Gimeno <[email protected]>
Reviewed-By: Benjamin Gruenbaum <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>

This effectively reverts e431cae due to
security concerns. The directory is being created with elevated
privileges but its path may depend on an unprivileged user's environment
variables. Creating a directory in certain sensitive locations can cause
Windows to become inoperable.

Creating AppData\Roaming\npm was an intentional addition in order to
resolve nodejs/node-v0.x-archive#8141, which
appears to have been a common issue for users of npm. However, this was
implemented before 4cfe5eb, which
changed the MSI installation scope to perMachine. There were concerns
about creating the npm directory in that PR, albeit not related to
security (see nodejs/node-v0.x-archive#25640).

Refs: nodejs/node-v0.x-archive#8141
Refs: nodejs/node-v0.x-archive#8838
Refs: nodejs/node-v0.x-archive#25640
PR-URL: nodejs-private/node-private#408
Backport-PR-URL: nodejs-private/node-private#430
Reviewed-By: Rich Trott <[email protected]>
CVE-ID: CVE-2023-30585

This is a security release.

Notable changes:

Following CVEs are fixed in this release:

* CVE-2023-30581: `mainModule.__proto__` Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases
  * https://www.openssl.org/news/secadv/20230328.txt
  * https://www.openssl.org/news/secadv/20230420.txt
  * https://www.openssl.org/news/secadv/20230530.txt
* c-ares vulnerabilities:
  * GHSA-9g78-jv2r-p7vc
  * GHSA-8r8p-23f3-64c2
  * GHSA-54xr-f67r-4pc4
  * GHSA-x6mf-cxr9-8q6v

PR-URL: nodejs-private/node-private#434