v17.7.2 proposal #42381
Merged
v17.7.2 proposal #42381
Commits on Mar 17, 2022
-
test: renew certificates for specific test
Renew the certificates used by `test/parallel/test-https-selfsigned-no-keycertsign-no-crash.js` by running the `https_renew_cert.sh` script under the same directory. PR-URL: #42342 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
-
deps: upgrade openssl sources to quictls/openssl-3.0.2+quic
This updates all sources in deps/openssl/openssl by: $ git clone git@github.com:quictls/openssl.git $ cd openssl $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ rm -rf openssl/.git* openssl/.travis* $ git add --all openssl $ git commit openssl PR-URL: #42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michael Dawson <midawson@redhat.com> -
deps: update archs files for quictls/openssl-3.0.2+quic
After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl $ git commit PR-URL: #42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michael Dawson <midawson@redhat.com> -
test: fix tests affected by OpenSSL update
Last OpenSSL 3 update changes behaviour back to be closer to that of OpenSSL 1.1.1. Remove some instances where we expected different errors from OpenSSL 3 versus OpenSSL 1.1.1. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michael Dawson <midawson@redhat.com>
-
2022-03-17, Version 17.7.2 (Current)
This is a security release. Notable changes: Update to OpenSSL 3.0.2, which addresses the following vulnerability: - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt PR-URL: #42381
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.