Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v12.22.11 proposal #42363

Merged
merged 5 commits into from
Mar 17, 2022
Merged

v12.22.11 proposal #42363

merged 5 commits into from
Mar 17, 2022

Conversation

richardlau
Copy link
Member

2022-03-17, Version 12.22.11 'Erbium' (LTS), @richardlau

This is a security release.

Notable changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to
run CI tests.

Commits

  • [e3e5bf11ba] - build: pin Windows GitHub runner to windows-2019 (Richard Lau) #42349
  • [f41e7771bf] - build: fix detection of Visual Studio 2019 (Richard Lau) #42349
  • [c372ec207d] - deps: update archs files for OpenSSL-1.1.n (Richard Lau) #42348
  • [d574a1dccb] - deps: upgrade openssl sources to 1.1.1n (Richard Lau) #42348

If Visual Studio 2017 is not found, attempt to find Visual Studio 2019.

PR-URL: #42349
Refs: https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
GitHub is removing the Windows 2016 runner image on March 15, 2022.

Refs: https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/

PR-URL: #42349
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1n.tar.gz
    $ mv openssl-1.1.1n openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #42348
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Joe Sepi <sepi@joesepi.com>
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #42348
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Joe Sepi <sepi@joesepi.com>
@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 16, 2022
richardlau added a commit that referenced this pull request Mar 16, 2022
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN\_mod\_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to
run CI tests.

PR-URL: #42363
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 16, 2022
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/actions

@github-actions github-actions bot added dependencies Pull requests that update a dependency file. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. v12.x labels Mar 16, 2022
doc/changelogs/CHANGELOG_V12.md Outdated Show resolved Hide resolved
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to
run CI tests.

PR-URL: #42363
@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 16, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 16, 2022
@nodejs-github-bot
Copy link
Collaborator

@richardlau
Copy link
Member Author

CITGM:

$ ncu-ci citgm 2883 2884
--------------------------------------------------------------------------------
[1/1] Running CITGM: 2883
--------------------------------------------------------------------------------
✔  Summary data downloaded
✔  Results data downloaded
✔  Summary data downloaded
✔  Results data downloaded
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/2883/
Source     https://api.github.com/repos/nodejs/node/git/refs/heads/v12.x
Commit     [390189173fa3] Working on v12.22.11
Date       2022-02-01 15:03:27 -0500
Author     Ruy Adorno <ruyadorno@hotmail.com>
----------------------------------- Summary ------------------------------------
Result     FAILURE
URL        https://ci.nodejs.org/job/citgm-smoker/2884/
Source     https://api.github.com/repos/nodejs/node/git/refs/heads/v12.22.11-proposal
Commit     [cdb72ea5d913] 2022-03-17, Version 12.22.11 'Erbium' (LTS)
Date       2022-03-16 19:32:07 -0400
Author     Richard Lau <rlau@redhat.com>
----------------------------------- Results ------------------------------------



FAILURE: 17 failures in 2884 not present in 2883


┌────────────────────────┬────────────────────┬────────────────────────┬────────────────┐
│        (index)         │         0          │           1            │       2        │
├────────────────────────┼────────────────────┼────────────────────────┼────────────────┤
│        osx1015         │   'async-v3.2.3'   │   'resolve-v1.22.0'    │                │
│      aix71-ppc64       │                    │                        │                │
│   fedora-latest-x64    │   'async-v3.2.3'   │                        │                │
│     ubuntu1804-64      │   'jest-v27.5.1'   │    'winston-v3.6.0'    │                │
│     centos7-ppcle      │    'bl-v5.0.0'     │  'spawn-wrap-v2.0.0'   │                │
│       win-vs2017       │   'async-v3.2.3'   │   'leveldown-v6.1.0'   │  'ws-v8.5.0'   │
│       debian9-64       │   'async-v3.2.3'   │ 'full-icu-test-v1.0.3' │ 'jest-v27.5.1' │
│     ubuntu1604-64      │  'winston-v3.6.0'  │                        │                │
│      rhel7-s390x       │  'undici-v4.15.1'  │                        │                │
│        osx1014         │                    │                        │                │
│      debian10-x64      │ 'socket.io-v4.4.1' │                        │                │
│ fedora-last-latest-x64 │   'async-v3.2.3'   │                        │                │
└────────────────────────┴────────────────────┴────────────────────────┴────────────────┘

Nothing spotted that is obviously related to the commits in this PR.

@richardlau
Copy link
Member Author

richardlau added a commit that referenced this pull request Mar 17, 2022
@richardlau richardlau merged commit cdb72ea into v12.x Mar 17, 2022
richardlau added a commit that referenced this pull request Mar 17, 2022
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to
run CI tests.

PR-URL: #42363
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022
richardlau added a commit to nodejs/nodejs.org that referenced this pull request Mar 18, 2022
@richardlau richardlau deleted the v12.22.11-proposal branch March 18, 2022 01:31
xtx1130 pushed a commit to xtx1130/node that referenced this pull request Apr 25, 2022
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to
run CI tests.

PR-URL: nodejs#42363
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants