Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release proposal: v0.12.10 (LTS) #5137

Closed
wants to merge 5 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 23 additions & 3 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,11 +1,31 @@
2016-02-09, Version 0.12.10 (LTS), @rvagg

Security Update

Notable changes:

* openssl: Upgrade from 1.0.1q to 1.0.1r, fixes (TODO)
* build:
- xz compressed tar files will be made available from nodejs.org for v0.12 builds from v0.12.10 onward
- A headers.tar.gz file will be made available from nodejs.org for v0.12 builds from v0.12.10 onward, a future change to node-gyp will be required to make use of these

TODO

Commits:

* [352e3d8a65] - build: enable xz compressed tarballs where possible (Rod Vagg) https://github.com/nodejs/node/pull/4894
* [86c737762e] - deps: upgrade openssl sources to 1.0.1r (Shigeki Ohtsu) https://github.com/joyent/node/pull/25368
* [8f2db882bd] - doc: clarify v0.12.9 notable items (Rod Vagg) https://github.com/nodejs/node/pull/4154
* [4f81d78ec9] - tools: backport tools/install.py for headers (Richard Lau) https://github.com/nodejs/node/pull/4149

2015-12-04, Version 0.12.9 (LTS), @rvagg

Security Update

Notable items:
Notable changes:

* http: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny)
* openssl: Upgrade to 1.0.1q, containing fixes CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>. (Ben Noordhuis) https://github.com/nodejs/node/pull/4133
* http: Fix CVE-2015-8027, a bug whereby an HTTP socket may no longer have a parser associated with it but a pipelined request attempts to trigger a pause or resume on the non-existent parser, a potential denial-of-service vulnerability. (Fedor Indutny)
* openssl: Upgrade to 1.0.1q, fixes CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers using client certificate authentication; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>. (Ben Noordhuis) https://github.com/nodejs/node/pull/4133

Commits:

Expand Down
33 changes: 31 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -324,6 +324,9 @@ TARNAME=node-$(FULLVERSION)
TARBALL=$(TARNAME).tar
BINARYNAME=$(TARNAME)-$(OSTYPE)-$(ARCH)
BINARYTAR=$(BINARYNAME).tar
# OSX doesn't have xz installed by default, http://macpkg.sourceforge.net/
XZ=$(shell which xz > /dev/null 2>&1; echo $$?)
XZ_COMPRESSION ?= 9
PKG=$(TARNAME).pkg
PACKAGEMAKER ?= /Developer/Applications/Utilities/PackageMaker.app/Contents/MacOS/PackageMaker
PKGDIR=out/dist-osx
Expand Down Expand Up @@ -397,7 +400,11 @@ $(TARBALL): release-only node doc
find $(TARNAME)/ -type l | xargs rm # annoying on windows
tar -cf $(TARNAME).tar $(TARNAME)
rm -rf $(TARNAME)
gzip -f -9 $(TARNAME).tar
gzip -c -f -9 $(TARNAME).tar > $(TARNAME).tar.gz
ifeq ($(XZ), 0)
xz -c -f -$(XZ_COMPRESSION) $(TARNAME).tar > $(TARNAME).tar.xz
endif
rm $(TARNAME).tar

tar: $(TARBALL)

Expand All @@ -406,6 +413,11 @@ tar-upload: tar
chmod 664 node-$(FULLVERSION).tar.gz
scp -p node-$(FULLVERSION).tar.gz $(STAGINGSERVER):nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/node-$(FULLVERSION).tar.gz
ssh $(STAGINGSERVER) "touch nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/node-$(FULLVERSION).tar.gz.done"
ifeq ($(XZ), 0)
chmod 664 node-$(FULLVERSION).tar.xz
scp -p node-$(FULLVERSION).tar.xz $(STAGINGSERVER):nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/node-$(FULLVERSION).tar.xz
ssh $(STAGINGSERVER) "touch nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/node-$(FULLVERSION).tar.xz.done"
endif

doc-upload: tar
ssh $(STAGINGSERVER) "mkdir -p nodejs/$(DISTTYPEDIR)/$(FULLVERSION)"
Expand All @@ -424,6 +436,9 @@ $(TARBALL)-headers: config.gypi release-only
tar -cf $(TARNAME)-headers.tar $(TARNAME)
rm -rf $(TARNAME)
gzip -c -f -9 $(TARNAME)-headers.tar > $(TARNAME)-headers.tar.gz
ifeq ($(XZ), 0)
xz -c -f -$(XZ_COMPRESSION) $(TARNAME)-headers.tar > $(TARNAME)-headers.tar.xz
endif
rm $(TARNAME)-headers.tar

tar-headers: $(TARBALL)-headers
Expand All @@ -433,6 +448,11 @@ tar-headers-upload: tar-headers
chmod 664 $(TARNAME)-headers.tar.gz
scp -p $(TARNAME)-headers.tar.gz $(STAGINGSERVER):nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/$(TARNAME)-headers.tar.gz
ssh $(STAGINGSERVER) "touch nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/$(TARNAME)-headers.tar.gz.done"
ifeq ($(XZ), 0)
chmod 664 $(TARNAME)-headers.tar.xz
scp -p $(TARNAME)-headers.tar.xz $(STAGINGSERVER):nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/$(TARNAME)-headers.tar.xz
ssh $(STAGINGSERVER) "touch nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/$(TARNAME)-headers.tar.xz.done"
endif

$(BINARYTAR): release-only
rm -rf $(BINARYNAME)
Expand All @@ -445,7 +465,11 @@ $(BINARYTAR): release-only
cp ChangeLog $(BINARYNAME)
tar -cf $(BINARYNAME).tar $(BINARYNAME)
rm -rf $(BINARYNAME)
gzip -f -9 $(BINARYNAME).tar
gzip -c -f -9 $(BINARYNAME).tar > $(BINARYNAME).tar.gz
ifeq ($(XZ), 0)
xz -c -f -$(XZ_COMPRESSION) $(BINARYNAME).tar > $(BINARYNAME).tar.xz
endif
rm $(BINARYNAME).tar

binary: $(BINARYTAR)

Expand All @@ -454,6 +478,11 @@ binary-upload-arch: binary
chmod 664 node-$(FULLVERSION)-$(OSTYPE)-$(ARCH).tar.gz
scp -p node-$(FULLVERSION)-$(OSTYPE)-$(ARCH).tar.gz $(STAGINGSERVER):nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/node-$(FULLVERSION)-$(OSTYPE)-$(ARCH).tar.gz
ssh $(STAGINGSERVER) "touch nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/node-$(FULLVERSION)-$(OSTYPE)-$(ARCH).tar.gz.done"
ifeq ($(XZ), 0)
chmod 664 node-$(FULLVERSION)-$(OSTYPE)-$(ARCH).tar.xz
scp -p node-$(FULLVERSION)-$(OSTYPE)-$(ARCH).tar.xz $(STAGINGSERVER):nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/node-$(FULLVERSION)-$(OSTYPE)-$(ARCH).tar.xz
ssh $(STAGINGSERVER) "touch nodejs/$(DISTTYPEDIR)/$(FULLVERSION)/node-$(FULLVERSION)-$(OSTYPE)-$(ARCH).tar.xz.done"
endif

ifeq ($(OSTYPE),darwin)
binary-upload:
Expand Down
32 changes: 2 additions & 30 deletions deps/openssl/openssl/ACKNOWLEDGMENTS
Original file line number Diff line number Diff line change
@@ -1,30 +1,2 @@
The OpenSSL project depends on volunteer efforts and financial support from
the end user community. That support comes in the form of donations and paid
sponsorships, software support contracts, paid consulting services
and commissioned software development.

Since all these activities support the continued development and improvement
of OpenSSL we consider all these clients and customers as sponsors of the
OpenSSL project.

We would like to identify and thank the following such sponsors for their past
or current significant support of the OpenSSL project:

Major support:

Qualys http://www.qualys.com/

Very significant support:

OpenGear: http://www.opengear.com/

Significant support:

PSW Group: http://www.psw.net/
Acano Ltd. http://acano.com/

Please note that we ask permission to identify sponsors and that some sponsors
we consider eligible for inclusion here have requested to remain anonymous.

Additional sponsorship or financial support is always welcome: for more
information please contact the OpenSSL Software Foundation.
Please https://www.openssl.org/community/thanks.html for the current
acknowledgements.
Loading