v17.7.2 proposal #42381
Merged
v17.7.2 proposal #42381
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Renew the certificates used by `test/parallel/test-https-selfsigned-no-keycertsign-no-crash.js` by running the `https_renew_cert.sh` script under the same directory. PR-URL: #42342 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
This updates all sources in deps/openssl/openssl by:
$ git clone git@github.com:quictls/openssl.git
$ cd openssl
$ cd ../node/deps/openssl
$ rm -rf openssl
$ cp -R ../openssl openssl
$ rm -rf openssl/.git* openssl/.travis*
$ git add --all openssl
$ git commit openssl
PR-URL: #42356
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
$ make -C deps/openssl/config
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl
$ git commit
PR-URL: #42356
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Last OpenSSL 3 update changes behaviour back to be closer to that of OpenSSL 1.1.1. Remove some instances where we expected different errors from OpenSSL 3 versus OpenSSL 1.1.1. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michael Dawson <midawson@redhat.com>
This is a security release. Notable changes: Update to OpenSSL 3.0.2, which addresses the following vulnerability: - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt PR-URL: #42381
nodejs-github-bot
added
dependencies
github-actions
bot
removed
the
request-ci
|
CI: https://ci.nodejs.org/job/node-test-pull-request/43095/ |
aduh95
approved these changes
Mar 17, 2022
bengl
approved these changes
Mar 17, 2022
richardlau
added a commit
that referenced
this pull request
Mar 18, 2022
This is a security release. Notable changes: Update to OpenSSL 3.0.2, which addresses the following vulnerability: - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt PR-URL: #42381
richardlau
added a commit
to richardlau/nodejs.org
that referenced
this pull request
Mar 18, 2022
richardlau
added a commit
to richardlau/nodejs.org
that referenced
this pull request
Mar 18, 2022
richardlau
added a commit
to nodejs/nodejs.org
that referenced
this pull request
Mar 18, 2022
This was referenced Mar 22, 2022
xtx1130
pushed a commit
to xtx1130/node
that referenced
this pull request
Apr 25, 2022
This is a security release. Notable changes: Update to OpenSSL 3.0.2, which addresses the following vulnerability: - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt PR-URL: nodejs#42381
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A combination of some GitHub issues today and having to take over this release at short notice has resulted in my decision to only pick the OpenSSL commits over for this proposal instead of our usual "treat current as a regular release". This should hopefully reduce the risk and give us more chance of getting the release out today. cc @nodejs/releasers
2022-03-17, Version 17.7.2 (Current), @richardlau
This is a security release.
Notable Changes
Update to OpenSSL 3.0.2, which addresses the following vulnerability:
BN_mod_sqrt()reachable when parsing certificates (High)(CVE-2022-0778)More details are available at https://www.openssl.org/news/secadv/20220315.txt
Commits
55e293e05f] - deps: update archs files for quictls/openssl-3.0.2+quic (Hassaan Pasha) #42356b8d090603d] - deps: upgrade openssl sources to quictls/openssl-3.0.2+quic (Hassaan Pasha) #42356c8b6d92af0] - test: fix tests affected by OpenSSL update (Michael Dawson) #42356457e31ea09] - test: renew certificates for specific test (Luigi Pinca) #42342