-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v12.22.11 proposal #42363
Merged
Merged
v12.22.11 proposal #42363
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If Visual Studio 2017 is not found, attempt to find Visual Studio 2019. PR-URL: #42349 Refs: https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/ Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
GitHub is removing the Windows 2016 runner image on March 15, 2022. Refs: https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/ PR-URL: #42349 Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1n.tar.gz $ mv openssl-1.1.1n openssl $ git add --all openssl $ git commit openssl PR-URL: #42348 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Joe Sepi <sepi@joesepi.com>
After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #42348 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Joe Sepi <sepi@joesepi.com>
richardlau
added a commit
that referenced
this pull request
Mar 16, 2022
This is a security release. Notable changes: Update to OpenSSL 1.1.1n, which addresses the following vulnerability: - Infinite loop in BN\_mod\_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to run CI tests. PR-URL: #42363
github-actions
bot
removed
the
request-ci
Add this label to start a Jenkins CI on a PR.
label
Mar 16, 2022
tniessen
approved these changes
Mar 16, 2022
Review requested:
|
github-actions
bot
added
dependencies
Pull requests that update a dependency file.
meta
Issues and PRs related to the general management of the project.
needs-ci
PRs that need a full CI run.
openssl
Issues and PRs related to the OpenSSL dependency.
v12.x
labels
Mar 16, 2022
bengl
approved these changes
Mar 16, 2022
aduh95
approved these changes
Mar 16, 2022
mhdawson
approved these changes
Mar 16, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This is a security release. Notable changes: Update to OpenSSL 1.1.1n, which addresses the following vulnerability: - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to run CI tests. PR-URL: #42363
richardlau
force-pushed
the
v12.22.11-proposal
branch
from
March 16, 2022 23:37
d2c4e06
to
cdb72ea
Compare
github-actions
bot
removed
the
request-ci
Add this label to start a Jenkins CI on a PR.
label
Mar 16, 2022
38 tasks
CITGM:
Nothing spotted that is obviously related to the commits in this PR. |
Release build for cdb72ea: https://ci-release.nodejs.org/job/iojs+release/8322/ |
richardlau
added a commit
that referenced
this pull request
Mar 17, 2022
This is a security release. Notable changes: Update to OpenSSL 1.1.1n, which addresses the following vulnerability: - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to run CI tests. PR-URL: #42363
28 tasks
richardlau
added a commit
to richardlau/nodejs.org
that referenced
this pull request
Mar 18, 2022
richardlau
added a commit
to richardlau/nodejs.org
that referenced
this pull request
Mar 18, 2022
richardlau
added a commit
to nodejs/nodejs.org
that referenced
this pull request
Mar 18, 2022
This was referenced Mar 19, 2022
xtx1130
pushed a commit
to xtx1130/node
that referenced
this pull request
Apr 25, 2022
This is a security release. Notable changes: Update to OpenSSL 1.1.1n, which addresses the following vulnerability: - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to run CI tests. PR-URL: nodejs#42363
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependencies
Pull requests that update a dependency file.
meta
Issues and PRs related to the general management of the project.
needs-ci
PRs that need a full CI run.
openssl
Issues and PRs related to the OpenSSL dependency.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
2022-03-17, Version 12.22.11 'Erbium' (LTS), @richardlau
This is a security release.
Notable changes
Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
More details are available at https://www.openssl.org/news/secadv/20220315.txt
Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to
run CI tests.
Commits
e3e5bf11ba
] - build: pin Windows GitHub runner to windows-2019 (Richard Lau) #42349f41e7771bf
] - build: fix detection of Visual Studio 2019 (Richard Lau) #42349c372ec207d
] - deps: update archs files for OpenSSL-1.1.n (Richard Lau) #42348d574a1dccb
] - deps: upgrade openssl sources to 1.1.1n (Richard Lau) #42348