chore: bump node to v20.11.1 (main) (#41353)

* chore: bump node in DEPS to v20.11.1 * chore: update patches * crypto: disable PKCS#1 padding for privateDecrypt https://github.com/nodejs-private/node-private/pull/525 --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
2024-02-21 12:49:20 -05:00 · 2024-02-21 12:49:20 -05:00 · e87746ff0f
commit e87746ff0f
parent 136d7e7e6a
6 changed files with 41 additions and 11 deletions
--- a/2
+++ b/2
@ -4,7 +4,7 @@ vars = {
  'chromium_version':
    '123.0.6296.0',
  'node_version':
-    'v20.11.0',
+    'v20.11.1',
  'nan_version':
    'e14bdcd1f72d62bca1d541b66da43130384ec213',
  'squirrel.mac_version':
--- a/patches/node/chore_allow_the_node_entrypoint_to_be_a_builtin_module.patch
+++ b/patches/node/chore_allow_the_node_entrypoint_to_be_a_builtin_module.patch
@ -26,10 +26,10 @@ index 1f3b719048f2477de183e2856b9b8eee8502f708..21116088c101f4679b5a5f41762ce710
         try {
           resolvedArgv = Module._resolveFilename(process.argv[1], null, false);
 diff --git a/lib/internal/process/pre_execution.js b/lib/internal/process/pre_execution.js
-index 9142fed75e9050fcc17c01208e82f1bc57923fcd..157a85623c7eb5338baa77aba5dc448a4614ded0 100644
+index cffffc28d3d703aab4beca6a150549f370281615..eb66f0e37b517a03be20e0829863e7572042c7ed 100644
 --- a/lib/internal/process/pre_execution.js
 +++ b/lib/internal/process/pre_execution.js
-@@ -232,12 +232,14 @@ function patchProcessObject(expandArgv1) {
+@@ -233,12 +233,14 @@ function patchProcessObject(expandArgv1) {
   if (expandArgv1 && process.argv[1] &&
       !StringPrototypeStartsWith(process.argv[1], '-')) {
     // Expand process.argv[1] into a full path.
--- a/patches/node/fix_crypto_tests_to_run_with_bssl.patch
+++ b/patches/node/fix_crypto_tests_to_run_with_bssl.patch
@ -549,7 +549,7 @@ index 1785f5eef3d202976666081d09850ed744d83446..e88227a215ba4f7fa196f7642ae694a5
   });
 
 diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
-index 9afcb38616dafd6da1ab7b5843d68f4f796ca9a6..00d3381056a5a40c549f06d74c130149ba4abc8c 100644
+index 438037acc867c2bd6e34ffdcd1e706f8d0ff6a57..65611c79d0e93bf7f91948b2a0105cdc3192b2f2 100644
 --- a/test/parallel/test-crypto-rsa-dsa.js
 +++ b/test/parallel/test-crypto-rsa-dsa.js
@@ -28,12 +28,11 @@ const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem');
@ -570,7 +570,18 @@ index 9afcb38616dafd6da1ab7b5843d68f4f796ca9a6..00d3381056a5a40c549f06d74c130149
 };
 
 const decryptError = common.hasOpenSSL3 ?
-@@ -397,7 +396,7 @@ assert.throws(() => {
+@@ -221,8 +220,8 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
+     oaepHash: encryptOaepHash
+   }, bufferToEncrypt);
+ 
+-
+-  if (padding === constants.RSA_PKCS1_PADDING) {
+  // BoringSSL does not support RSA_PKCS1_PADDING.
+  if (false) {
+     assert.throws(() => {
+       crypto.privateDecrypt({
+         key: rsaKeyPem,
+@@ -415,7 +414,7 @@ assert.throws(() => {
   assert.strictEqual(verify2.verify(publicKey, signature, 'hex'), true);
 }
 
@ -579,7 +590,7 @@ index 9afcb38616dafd6da1ab7b5843d68f4f796ca9a6..00d3381056a5a40c549f06d74c130149
 //
 // Test DSA signing and verification
 //
-@@ -472,3 +471,4 @@ const input = 'I AM THE WALRUS';
+@@ -490,3 +489,4 @@ const input = 'I AM THE WALRUS';
 
   assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
 }
--- a/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch
+++ b/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch
@ -17,10 +17,10 @@ Upstreams:
 - https://github.com/nodejs/node/pull/39136

 diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
-index 2e6e02d229b67bc97e0d15a2704e091d5289df9c..6fd0416820998bd0ba4c4cd4fe3093f144610f18 100644
+index 99a16a667baa20138715b0901e3255e41f5f1052..a7f210031085a348f752e7e7e963d2f040bc2000 100644
 --- a/src/crypto/crypto_cipher.cc
 +++ b/src/crypto/crypto_cipher.cc
-@@ -27,7 +27,8 @@ using v8::Value;
+@@ -28,7 +28,8 @@ using v8::Value;
 namespace crypto {
 namespace {
 bool IsSupportedAuthenticatedMode(const EVP_CIPHER* cipher) {
@ -30,6 +30,23 @@ index 2e6e02d229b67bc97e0d15a2704e091d5289df9c..6fd0416820998bd0ba4c4cd4fe3093f1
   case EVP_CIPH_CCM_MODE:
   case EVP_CIPH_GCM_MODE:
 #ifndef OPENSSL_NO_OCB
+@@ -1062,7 +1063,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
+     if (EVP_PKEY_decrypt_init(ctx.get()) <= 0) {
+       return ThrowCryptoError(env, ERR_get_error());
+     }
+-
+#ifndef OPENSSL_IS_BORINGSSL
+     int rsa_pkcs1_implicit_rejection =
+         EVP_PKEY_CTX_ctrl_str(ctx.get(), "rsa_pkcs1_implicit_rejection", "1");
+     // From the doc -2 means that the option is not supported.
+@@ -1078,6 +1079,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
+           "RSA_PKCS1_PADDING is no longer supported for private decryption,"
+           " this can be reverted with --security-revert=CVE-2023-46809");
+     }
+#endif
+   }
+ 
+   const EVP_MD* digest = nullptr;
 diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc
 index c6120a655ec853aef11c66ed37d7ca0ffb957dd3..a52ca15cb0ab592d4196d4bd0f1133240967d70c 100644
 --- a/src/crypto/crypto_common.cc
--- a/patches/node/src_preload_function_for_environment.patch
+++ b/patches/node/src_preload_function_for_environment.patch
@ -20,10 +20,10 @@ running the main script, for example:
   extensions.

 diff --git a/lib/internal/process/pre_execution.js b/lib/internal/process/pre_execution.js
-index 157a85623c7eb5338baa77aba5dc448a4614ded0..701f91f1c9603c1da03e0fe6d20c8627c8d644fb 100644
+index eb66f0e37b517a03be20e0829863e7572042c7ed..4d5646b6067a1409df5915cc744bdc38d0191bd9 100644
 --- a/lib/internal/process/pre_execution.js
 +++ b/lib/internal/process/pre_execution.js
-@@ -185,6 +185,9 @@ function setupUserModules(forceDefaultLoader = false) {
+@@ -186,6 +186,9 @@ function setupUserModules(forceDefaultLoader = false) {
   initializeESMLoader(forceDefaultLoader);
   const CJSLoader = require('internal/modules/cjs/loader');
   assert(!CJSLoader.hasLoadedAnyUserCJSModule);
@ -33,7 +33,7 @@ index 157a85623c7eb5338baa77aba5dc448a4614ded0..701f91f1c9603c1da03e0fe6d20c8627
   // Do not enable preload modules if custom loaders are disabled.
   // For example, loader workers are responsible for doing this themselves.
   // And preload modules are not supported in ShadowRealm as well.
-@@ -742,6 +745,10 @@ function initializeFrozenIntrinsics() {
+@@ -745,6 +748,10 @@ function initializeFrozenIntrinsics() {
   }
 }
 
--- a/script/node-disabled-tests.json
+++ b/script/node-disabled-tests.json
@ -16,6 +16,8 @@
  "parallel/test-crypto-key-objects",
  "parallel/test-crypto-keygen",
  "parallel/test-crypto-keygen-deprecation",
+  "parallel/test-crypto-rsa-dsa-revert",
+  "parallel/test-crypto-rsa-dsa.js",
  "parallel/test-crypto-padding-aes256",
  "parallel/test-crypto-secure-heap",
  "parallel/test-dgram-send-cb-quelches-error",