Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v14.19.1 proposal #42371

Merged
merged 4 commits into from
Mar 17, 2022
Merged

v14.19.1 proposal #42371

merged 4 commits into from
Mar 17, 2022

Conversation

richardlau
Copy link
Member

2022-03-17, Version 14.19.1 'Fermium' (LTS), @richardlau

This is a security release.

Notable Changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

Commits

  • [b5c52e337e] - build: pin Windows GitHub runner to windows-2019 (Richard Lau) #42350
  • [3b1a0b24f0] - deps: update archs files for OpenSSL-1.1.1n (Richard Lau) #42347
  • [c83dd99e0b] - deps: upgrade openssl sources to 1.1.1n (Richard Lau) #42347

@richardlau
build: pin Windows GitHub runner to windows-2019
b5c52e3 
Node.js 14 currently doesn't support building with Visual Studio 2022.
For now, pin the Windows workflow to run on `windows-2019` instead of
`windows-latest`.

PR-URL: #42350
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
@richardlau
deps: upgrade openssl sources to 1.1.1n
c83dd99 
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1n.tar.gz
    $ mv openssl-1.1.1n openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #42347
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Joe Sepi <sepi@joesepi.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@richardlau
deps: update archs files for OpenSSL-1.1.1n
3b1a0b2 
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #42347
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Joe Sepi <sepi@joesepi.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@richardlau
2022-03-17, Version 14.19.1 'Fermium' (LTS)
9e0bba5 
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: #42371
@nodejs-github-bot

This comment was marked as off-topic.

Sign in to view
@nodejs-github-bot nodejs-github-bot added dependencies Pull requests that update a dependency file. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. v14.x labels Mar 17, 2022
@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 17, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 17, 2022
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/43078/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/43080/

mcollina
mcollina approved these changes Mar 17, 2022
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@richardlau
Copy link
Member Author

richardlau commented Mar 17, 2022
edited
Loading

CITGM:

$ ncu-ci citgm 2885 2886
--------------------------------------------------------------------------------
[1/1] Running CITGM: 2885
--------------------------------------------------------------------------------
✔  Summary data downloaded
✔  Results data downloaded
✔  Summary data downloaded
✔  Results data downloaded
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/2885/
Source     https://api.github.com/repos/nodejs/node/git/refs/heads/v14.x
Commit     [e64bc431d35f] Working on v14.19.1
Date       2022-02-01 08:13:47 -0500
Author     Richard Lau <rlau@redhat.com>
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/2886/
Source     https://api.github.com/repos/nodejs/node/git/refs/heads/v14.19.1-proposal
Commit     [9e0bba5648e9] 2022-03-17, Version 14.19.1 'Fermium' (LTS)
Date       2022-03-16 20:25:20 -0400
Author     Richard Lau <rlau@redhat.com>
----------------------------------- Results ------------------------------------



FAILURE: 24 failures in 2886 not present in 2885


┌────────────────────────┬───────────────────────┬───────────────────┬────────────────┬─────────────────────────┐
│        (index)         │           0           │         1         │       2        │            3            │
├────────────────────────┼───────────────────────┼───────────────────┼────────────────┼─────────────────────────┤
│      rhel7-s390x       │    'acorn-v8.7.0'     │   'pino-v7.9.0'   │                │                         │
│ fedora-last-latest-x64 │     'pino-v7.9.0'     │                   │                │                         │
│     centos7-ppcle      │   'fastify-v3.27.4'   │   'pino-v7.9.0'   │ 'pump-v3.0.0'  │ 'torrent-stream-v1.2.1' │
│     ubuntu1804-64      │     'pino-v7.9.0'     │   'pump-v3.0.0'   │                │                         │
│       rhel8-x64        │     'pino-v7.9.0'     │                   │                │                         │
│      rhel8-s390x       │     'pino-v7.9.0'     │                   │                │                         │
│      aix71-ppc64       │ 'prom-client-v14.0.1' │                   │                │                         │
│      debian10-x64      │     'pino-v7.9.0'     │                   │                │                         │
│     ubuntu1604-64      │                       │                   │                │                         │
│        osx1015         │     'pino-v7.9.0'     │                   │                │                         │
│       win-vs2019       │     'pino-v7.9.0'     │                   │                │                         │
│       win-vs2017       │ 'browserify-v17.0.0'  │   'pino-v7.9.0'   │  'ws-v8.5.0'   │                         │
│       debian9-64       │    'async-v3.2.3'     │ 'clinic-v11.1.0'  │ 'jest-v27.5.1' │                         │
│        osx1014         │    'async-v3.2.3'     │ 'fastify-v3.27.4' │                │                         │
│   fedora-latest-x64    │     'pino-v7.9.0'     │                   │                │                         │
└────────────────────────┴───────────────────────┴───────────────────┴────────────────┴─────────────────────────┘

Nothing spotted that is obviously related to the commits in this PR.

mhdawson
mhdawson approved these changes Mar 17, 2022
View reviewed changes
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber stamp LGTM

@richardlau
Copy link
Member Author

Release on 9e0bba5: https://ci-release.nodejs.org/job/iojs+release/8323/

@mcollina
Copy link
Member

Fixed pino in v7.9.1, sorry about it.

richardlau added a commit that referenced this pull request Mar 17, 2022
@richardlau
Working on v14.19.2
012db46 
PR-URL: #42371
@richardlau richardlau merged commit 9e0bba5 into v14.x Mar 17, 2022
richardlau added a commit that referenced this pull request Mar 17, 2022
@richardlau
2022-03-17, Version 14.19.1 'Fermium' (LTS)
b1174f3 
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: #42371
@github-actions github-actions bot mentioned this pull request Mar 18, 2022
Open
28 tasks
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022
@richardlau
Blog: v14.19.1 release post
2d92828 
Refs: nodejs/node#42371
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022
@richardlau
Blog: v14.19.1 release post
4d21b6f 
Refs: nodejs/node#42371
@richardlau richardlau mentioned this pull request Mar 18, 2022
Merged
richardlau added a commit to nodejs/nodejs.org that referenced this pull request Mar 18, 2022
@richardlau
Blog: v14.19.1 release post (#4499)
9332280 
Refs: nodejs/node#42371
@richardlau richardlau deleted the v14.19.1-proposal branch March 18, 2022 01:31
This was referenced Mar 19, 2022
Open
Open
Open
Open
xtx1130 pushed a commit to xtx1130/node that referenced this pull request Apr 25, 2022
@richardlau @xtx1130
2022-03-17, Version 14.19.1 'Fermium' (LTS)
acc3b24 
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: nodejs#42371
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mhdawson mhdawson mhdawson approved these changes

@tniessen tniessen tniessen approved these changes

@targos targos targos approved these changes

@bengl bengl bengl approved these changes

@mcollina mcollina mcollina approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@richardlau @nodejs-github-bot @mcollina @bengl @targos @tniessen @mhdawson