Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v14.19.1 proposal #42371

Merged
merged 4 commits into from
Mar 17, 2022
Merged

v14.19.1 proposal #42371

merged 4 commits into from
Mar 17, 2022

Conversation

richardlau
Copy link
Member

2022-03-17, Version 14.19.1 'Fermium' (LTS), @richardlau

This is a security release.

Notable Changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

Commits

  • [b5c52e337e] - build: pin Windows GitHub runner to windows-2019 (Richard Lau) #42350
  • [3b1a0b24f0] - deps: update archs files for OpenSSL-1.1.1n (Richard Lau) #42347
  • [c83dd99e0b] - deps: upgrade openssl sources to 1.1.1n (Richard Lau) #42347

Node.js 14 currently doesn't support building with Visual Studio 2022.
For now, pin the Windows workflow to run on `windows-2019` instead of
`windows-latest`.

PR-URL: #42350
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1n.tar.gz
    $ mv openssl-1.1.1n openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #42347
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Joe Sepi <sepi@joesepi.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #42347
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Joe Sepi <sepi@joesepi.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: #42371
@nodejs-github-bot

This comment was marked as off-topic.

@nodejs-github-bot nodejs-github-bot added dependencies Pull requests that update a dependency file. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. v14.x labels Mar 17, 2022
@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 17, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 17, 2022
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@richardlau
Copy link
Member Author

richardlau commented Mar 17, 2022

CITGM:

$ ncu-ci citgm 2885 2886
--------------------------------------------------------------------------------
[1/1] Running CITGM: 2885
--------------------------------------------------------------------------------
✔  Summary data downloaded
✔  Results data downloaded
✔  Summary data downloaded
✔  Results data downloaded
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/2885/
Source     https://api.github.com/repos/nodejs/node/git/refs/heads/v14.x
Commit     [e64bc431d35f] Working on v14.19.1
Date       2022-02-01 08:13:47 -0500
Author     Richard Lau <rlau@redhat.com>
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/2886/
Source     https://api.github.com/repos/nodejs/node/git/refs/heads/v14.19.1-proposal
Commit     [9e0bba5648e9] 2022-03-17, Version 14.19.1 'Fermium' (LTS)
Date       2022-03-16 20:25:20 -0400
Author     Richard Lau <rlau@redhat.com>
----------------------------------- Results ------------------------------------



FAILURE: 24 failures in 2886 not present in 2885


┌────────────────────────┬───────────────────────┬───────────────────┬────────────────┬─────────────────────────┐
│        (index)         │           0           │         1         │       2        │            3            │
├────────────────────────┼───────────────────────┼───────────────────┼────────────────┼─────────────────────────┤
│      rhel7-s390x       │    'acorn-v8.7.0'     │   'pino-v7.9.0'   │                │                         │
│ fedora-last-latest-x64 │     'pino-v7.9.0'     │                   │                │                         │
│     centos7-ppcle      │   'fastify-v3.27.4'   │   'pino-v7.9.0'   │ 'pump-v3.0.0'  │ 'torrent-stream-v1.2.1' │
│     ubuntu1804-64      │     'pino-v7.9.0'     │   'pump-v3.0.0'   │                │                         │
│       rhel8-x64        │     'pino-v7.9.0'     │                   │                │                         │
│      rhel8-s390x       │     'pino-v7.9.0'     │                   │                │                         │
│      aix71-ppc64       │ 'prom-client-v14.0.1' │                   │                │                         │
│      debian10-x64      │     'pino-v7.9.0'     │                   │                │                         │
│     ubuntu1604-64      │                       │                   │                │                         │
│        osx1015         │     'pino-v7.9.0'     │                   │                │                         │
│       win-vs2019       │     'pino-v7.9.0'     │                   │                │                         │
│       win-vs2017       │ 'browserify-v17.0.0'  │   'pino-v7.9.0'   │  'ws-v8.5.0'   │                         │
│       debian9-64       │    'async-v3.2.3'     │ 'clinic-v11.1.0'  │ 'jest-v27.5.1' │                         │
│        osx1014         │    'async-v3.2.3'     │ 'fastify-v3.27.4' │                │                         │
│   fedora-latest-x64    │     'pino-v7.9.0'     │                   │                │                         │
└────────────────────────┴───────────────────────┴───────────────────┴────────────────┴─────────────────────────┘

Nothing spotted that is obviously related to the commits in this PR.

Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber stamp LGTM

@richardlau
Copy link
Member Author

@mcollina
Copy link
Member

Fixed pino in v7.9.1, sorry about it.

richardlau added a commit that referenced this pull request Mar 17, 2022
@richardlau richardlau merged commit 9e0bba5 into v14.x Mar 17, 2022
richardlau added a commit that referenced this pull request Mar 17, 2022
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: #42371
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022
richardlau added a commit to nodejs/nodejs.org that referenced this pull request Mar 18, 2022
@richardlau richardlau deleted the v14.19.1-proposal branch March 18, 2022 01:31
xtx1130 pushed a commit to xtx1130/node that referenced this pull request Apr 25, 2022
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: nodejs#42371
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants