v12.22.11 proposal by richardlau · Pull Request #42363 · nodejs/node

richardlau · Mar 16, 2022

2022-03-17, Version 12.22.11 'Erbium' (LTS), @richardlau

This is a security release.

Notable changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
More details are available at https://www.openssl.org/news/secadv/20220315.txt

Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to
run CI tests.

Commits

[e3e5bf11ba] - build: pin Windows GitHub runner to windows-2019 (Richard Lau) #42349
[f41e7771bf] - build: fix detection of Visual Studio 2019 (Richard Lau) #42349
[c372ec207d] - deps: update archs files for OpenSSL-1.1.n (Richard Lau) #42348
[d574a1dccb] - deps: upgrade openssl sources to 1.1.1n (Richard Lau) #42348

If Visual Studio 2017 is not found, attempt to find Visual Studio 2019. PR-URL: #42349 Refs: https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/ Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>

GitHub is removing the Windows 2016 runner image on March 15, 2022. Refs: https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/ PR-URL: #42349 Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1n.tar.gz $ mv openssl-1.1.1n openssl $ git add --all openssl $ git commit openssl PR-URL: #42348 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Joe Sepi <sepi@joesepi.com>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #42348 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Joe Sepi <sepi@joesepi.com>

This is a security release. Notable changes: Update to OpenSSL 1.1.1n, which addresses the following vulnerability: - Infinite loop in BN\_mod\_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to run CI tests. PR-URL: #42363

nodejs-github-bot · Mar 16, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43070/

nodejs-github-bot · Mar 16, 2022

Review requested:

@nodejs/actions

mhdawson

LGTM

This is a security release. Notable changes: Update to OpenSSL 1.1.1n, which addresses the following vulnerability: - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to run CI tests. PR-URL: #42363

nodejs-github-bot · Mar 16, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43076/

richardlau · Mar 17, 2022

CITGM:

v12.x (base): https://ci.nodejs.org/job/citgm-smoker/2883/
v12.22.11: https://ci.nodejs.org/job/citgm-smoker/2884/

$ ncu-ci citgm 2883 2884
--------------------------------------------------------------------------------
[1/1] Running CITGM: 2883
--------------------------------------------------------------------------------
✔  Summary data downloaded
✔  Results data downloaded
✔  Summary data downloaded
✔  Results data downloaded
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/2883/
Source     https://api.github.com/repos/nodejs/node/git/refs/heads/v12.x
Commit     [390189173fa3] Working on v12.22.11
Date       2022-02-01 15:03:27 -0500
Author     Ruy Adorno <ruyadorno@hotmail.com>
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/2884/
Source     https://api.github.com/repos/nodejs/node/git/refs/heads/v12.22.11-proposal
Commit     [cdb72ea5d913] 2022-03-17, Version 12.22.11 'Erbium' (LTS)
Date       2022-03-16 19:32:07 -0400
Author     Richard Lau <rlau@redhat.com>
----------------------------------- Results ------------------------------------



FAILURE: 17 failures in 2884 not present in 2883


┌────────────────────────┬────────────────────┬────────────────────────┬────────────────┐
│        (index)         │         0          │           1            │       2        │
├────────────────────────┼────────────────────┼────────────────────────┼────────────────┤
│        osx1015         │   'async-v3.2.3'   │   'resolve-v1.22.0'    │                │
│      aix71-ppc64       │                    │                        │                │
│   fedora-latest-x64    │   'async-v3.2.3'   │                        │                │
│     ubuntu1804-64      │   'jest-v27.5.1'   │    'winston-v3.6.0'    │                │
│     centos7-ppcle      │    'bl-v5.0.0'     │  'spawn-wrap-v2.0.0'   │                │
│       win-vs2017       │   'async-v3.2.3'   │   'leveldown-v6.1.0'   │  'ws-v8.5.0'   │
│       debian9-64       │   'async-v3.2.3'   │ 'full-icu-test-v1.0.3' │ 'jest-v27.5.1' │
│     ubuntu1604-64      │  'winston-v3.6.0'  │                        │                │
│      rhel7-s390x       │  'undici-v4.15.1'  │                        │                │
│        osx1014         │                    │                        │                │
│      debian10-x64      │ 'socket.io-v4.4.1' │                        │                │
│ fedora-last-latest-x64 │   'async-v3.2.3'   │                        │                │
└────────────────────────┴────────────────────┴────────────────────────┴────────────────┘

Nothing spotted that is obviously related to the commits in this PR.

richardlau · Mar 17, 2022

Release build for cdb72ea: https://ci-release.nodejs.org/job/iojs+release/8322/

PR-URL: #42363

This is a security release. Notable changes: Update to OpenSSL 1.1.1n, which addresses the following vulnerability: - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to run CI tests. PR-URL: #42363

Refs: nodejs/node#42363

This is a security release. Notable changes: Update to OpenSSL 1.1.1n, which addresses the following vulnerability: - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to run CI tests. PR-URL: nodejs#42363

richardlau added 4 commits March 16, 2022 11:36

richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 16, 2022

github-actions Bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 16, 2022

tniessen approved these changes Mar 16, 2022

View reviewed changes

github-actions Bot added dependencies Pull requests that update a dependency file. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. v12.x labels Mar 16, 2022

bengl approved these changes Mar 16, 2022

View reviewed changes

aduh95 approved these changes Mar 16, 2022

View reviewed changes

Comment thread doc/changelogs/CHANGELOG_V12.md Outdated

mhdawson approved these changes Mar 16, 2022

View reviewed changes

richardlau force-pushed the v12.22.11-proposal branch from d2c4e06 to cdb72ea Compare March 16, 2022 23:37

richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 16, 2022

github-actions Bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 16, 2022

github-actions Bot mentioned this pull request Mar 17, 2022

CI Reliability 2022-03-17 nodejs/reliability#223

Open

38 tasks

richardlau added a commit that referenced this pull request Mar 17, 2022

Working on v12.22.12

eca0dd9

PR-URL: #42363

richardlau merged commit cdb72ea into v12.x Mar 17, 2022

github-actions Bot mentioned this pull request Mar 18, 2022

CI Reliability 2022-03-18 nodejs/reliability#224

Open

28 tasks

richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022

Blog: v12.22.11 release post

0d991e2

Refs: nodejs/node#42363

richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022

Blog: v12.22.11 release post

ba3f515

Refs: nodejs/node#42363

richardlau mentioned this pull request Mar 18, 2022

Blog: v12.22.11 release post nodejs/nodejs.org#4498

Merged

richardlau added a commit to nodejs/nodejs.org that referenced this pull request Mar 18, 2022

Blog: v12.22.11 release post (#4498)

299e1ff

Refs: nodejs/node#42363

richardlau deleted the v12.22.11-proposal branch March 18, 2022 01:31

This was referenced Mar 19, 2022

CI Reliability 2022-03-19 nodejs/reliability#225

Open

CI Reliability 2022-03-20 nodejs/reliability#226

Open

CI Reliability 2022-03-21 nodejs/reliability#227

Open

CI Reliability 2022-03-22 nodejs/reliability#228

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

v12.22.11 proposal#42363

v12.22.11 proposal#42363
richardlau merged 5 commits into
v12.xnodejs/node:v12.xfrom
v12.22.11-proposalnodejs/node:v12.22.11-proposalCopy head branch name to clipboard

richardlau commented Mar 16, 2022

Uh oh!

nodejs-github-bot commented Mar 16, 2022

Uh oh!

nodejs-github-bot commented Mar 16, 2022

Uh oh!

Uh oh!

mhdawson left a comment

Uh oh!

nodejs-github-bot commented Mar 16, 2022

Uh oh!

richardlau commented Mar 17, 2022

Uh oh!

richardlau commented Mar 17, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Search code, repositories, users, issues, pull requests...

Uh oh!

Uh oh!

Conversation

richardlau commented Mar 16, 2022

2022-03-17, Version 12.22.11 'Erbium' (LTS), @richardlau

Notable changes

Commits

Uh oh!

nodejs-github-bot commented Mar 16, 2022

Uh oh!

nodejs-github-bot commented Mar 16, 2022

Uh oh!

Uh oh!

mhdawson left a comment

Choose a reason for hiding this comment

Uh oh!

nodejs-github-bot commented Mar 16, 2022

Uh oh!

richardlau commented Mar 17, 2022

Uh oh!

richardlau commented Mar 17, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants