Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

v14.19.1 proposal#42371

Merged
richardlau merged 4 commits into
v14.xnodejs/node:v14.xfrom
v14.19.1-proposalnodejs/node:v14.19.1-proposalCopy head branch name to clipboard
Mar 17, 2022
Merged

v14.19.1 proposal#42371
richardlau merged 4 commits into
v14.xnodejs/node:v14.xfrom
v14.19.1-proposalnodejs/node:v14.19.1-proposalCopy head branch name to clipboard

Conversation

@richardlau

@richardlau richardlau commented Mar 17, 2022

Copy link
Copy Markdown
Member

2022-03-17, Version 14.19.1 'Fermium' (LTS), @richardlau

This is a security release.

Notable Changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

Commits

  • [b5c52e337e] - build: pin Windows GitHub runner to windows-2019 (Richard Lau) #42350
  • [3b1a0b24f0] - deps: update archs files for OpenSSL-1.1.1n (Richard Lau) #42347
  • [c83dd99e0b] - deps: upgrade openssl sources to 1.1.1n (Richard Lau) #42347

@richardlau
build: pin Windows GitHub runner to windows-2019
b5c52e3 
Node.js 14 currently doesn't support building with Visual Studio 2022.
For now, pin the Windows workflow to run on `windows-2019` instead of
`windows-latest`.

PR-URL: #42350
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
@richardlau
deps: upgrade openssl sources to 1.1.1n
c83dd99 
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1n.tar.gz
    $ mv openssl-1.1.1n openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #42347
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Joe Sepi <sepi@joesepi.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@richardlau
deps: update archs files for OpenSSL-1.1.1n
3b1a0b2 
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #42347
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Joe Sepi <sepi@joesepi.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@richardlau
2022-03-17, Version 14.19.1 'Fermium' (LTS)
9e0bba5 
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: #42371
@nodejs-github-bot

This comment was marked as off-topic.

Sign in to view
@nodejs-github-bot nodejs-github-bot added dependencies Pull requests that update a dependency file. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. v14.x labels Mar 17, 2022
@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 17, 2022
@github-actions github-actions Bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 17, 2022
@nodejs-github-bot

nodejs-github-bot commented Mar 17, 2022

Copy link
Copy Markdown
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/43078/

@nodejs-github-bot

nodejs-github-bot commented Mar 17, 2022

Copy link
Copy Markdown
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/43080/

mcollina
mcollina approved these changes Mar 17, 2022
View reviewed changes

@mcollina mcollina left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@richardlau

richardlau commented Mar 17, 2022
edited
Loading

Copy link
Copy Markdown
Member Author

CITGM:

$ ncu-ci citgm 2885 2886
--------------------------------------------------------------------------------
[1/1] Running CITGM: 2885
--------------------------------------------------------------------------------
✔  Summary data downloaded
✔  Results data downloaded
✔  Summary data downloaded
✔  Results data downloaded
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/2885/
Source     https://api.github.com/repos/nodejs/node/git/refs/heads/v14.x
Commit     [e64bc431d35f] Working on v14.19.1
Date       2022-02-01 08:13:47 -0500
Author     Richard Lau <rlau@redhat.com>
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/2886/
Source     https://api.github.com/repos/nodejs/node/git/refs/heads/v14.19.1-proposal
Commit     [9e0bba5648e9] 2022-03-17, Version 14.19.1 'Fermium' (LTS)
Date       2022-03-16 20:25:20 -0400
Author     Richard Lau <rlau@redhat.com>
----------------------------------- Results ------------------------------------



FAILURE: 24 failures in 2886 not present in 2885


┌────────────────────────┬───────────────────────┬───────────────────┬────────────────┬─────────────────────────┐
│        (index)         │           0           │         1         │       2        │            3            │
├────────────────────────┼───────────────────────┼───────────────────┼────────────────┼─────────────────────────┤
│      rhel7-s390x       │    'acorn-v8.7.0'     │   'pino-v7.9.0'   │                │                         │
│ fedora-last-latest-x64 │     'pino-v7.9.0'     │                   │                │                         │
│     centos7-ppcle      │   'fastify-v3.27.4'   │   'pino-v7.9.0'   │ 'pump-v3.0.0'  │ 'torrent-stream-v1.2.1' │
│     ubuntu1804-64      │     'pino-v7.9.0'     │   'pump-v3.0.0'   │                │                         │
│       rhel8-x64        │     'pino-v7.9.0'     │                   │                │                         │
│      rhel8-s390x       │     'pino-v7.9.0'     │                   │                │                         │
│      aix71-ppc64       │ 'prom-client-v14.0.1' │                   │                │                         │
│      debian10-x64      │     'pino-v7.9.0'     │                   │                │                         │
│     ubuntu1604-64      │                       │                   │                │                         │
│        osx1015         │     'pino-v7.9.0'     │                   │                │                         │
│       win-vs2019       │     'pino-v7.9.0'     │                   │                │                         │
│       win-vs2017       │ 'browserify-v17.0.0'  │   'pino-v7.9.0'   │  'ws-v8.5.0'   │                         │
│       debian9-64       │    'async-v3.2.3'     │ 'clinic-v11.1.0'  │ 'jest-v27.5.1' │                         │
│        osx1014         │    'async-v3.2.3'     │ 'fastify-v3.27.4' │                │                         │
│   fedora-latest-x64    │     'pino-v7.9.0'     │                   │                │                         │
└────────────────────────┴───────────────────────┴───────────────────┴────────────────┴─────────────────────────┘

Nothing spotted that is obviously related to the commits in this PR.

mhdawson
mhdawson approved these changes Mar 17, 2022
View reviewed changes

@mhdawson mhdawson left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber stamp LGTM

@richardlau

richardlau commented Mar 17, 2022

Copy link
Copy Markdown
Member Author

Release on 9e0bba5: https://ci-release.nodejs.org/job/iojs+release/8323/

@mcollina

mcollina commented Mar 17, 2022

Copy link
Copy Markdown
Member

Fixed pino in v7.9.1, sorry about it.

richardlau added a commit that referenced this pull request Mar 17, 2022
@richardlau
Working on v14.19.2
012db46 
PR-URL: #42371
@richardlau richardlau merged commit 9e0bba5 into v14.x Mar 17, 2022
richardlau added a commit that referenced this pull request Mar 17, 2022
@richardlau
2022-03-17, Version 14.19.1 'Fermium' (LTS)
b1174f3 
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: #42371
@github-actions github-actions Bot mentioned this pull request Mar 18, 2022
Open
28 tasks
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022
@richardlau
Blog: v14.19.1 release post
2d92828 
Refs: nodejs/node#42371
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022
@richardlau
Blog: v14.19.1 release post
4d21b6f 
Refs: nodejs/node#42371
@richardlau richardlau mentioned this pull request Mar 18, 2022
Merged
richardlau added a commit to nodejs/nodejs.org that referenced this pull request Mar 18, 2022
@richardlau
Blog: v14.19.1 release post (#4499)
9332280 
Refs: nodejs/node#42371
@richardlau richardlau deleted the v14.19.1-proposal branch March 18, 2022 01:31
This was referenced Mar 19, 2022
Open
Open
Open
Open
xtx1130 pushed a commit to xtx1130/node that referenced this pull request Apr 25, 2022
@richardlau @xtx1130
2022-03-17, Version 14.19.1 'Fermium' (LTS)
acc3b24 
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: nodejs#42371
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcollina mcollina mcollina approved these changes
@bengl bengl bengl approved these changes
@targos targos targos approved these changes
@tniessen tniessen tniessen approved these changes
+1 more reviewer
@mhdawson mhdawson mhdawson approved these changes
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@richardlau @nodejs-github-bot @mcollina @bengl @targos @tniessen @mhdawson
Morty Proxy This is a proxified and sanitized view of the page, visit original site.