Skip to content

v16.14.2 proposal #42385

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 18, 2022
Merged

v16.14.2 proposal #42385

merged 4 commits into from
Mar 18, 2022

Conversation

richardlau
Copy link
Member

2022-03-17, Version 16.14.2 'Gallium' (LTS), @richardlau

This is a security release.

Notable Changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

Commits

  • [3924618c74] - deps: update archs files for OpenSSL-1.1.1 (Hassaan Pasha) #42352
  • [7a6a870d58] - deps: upgrade openssl sources to OpenSSL_1_1_1n (Hassaan Pasha) #42352
  • [c533b430f4] - test: fix tests affected by OpenSSL update (Michael Dawson) #42352

hassaanp and others added 4 commits March 17, 2022 17:20
@hassaanp @richardlau
deps: upgrade openssl sources to OpenSSL_1_1_1n
7a6a870 
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1n+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: #42352
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Danielle Adams <[email protected]>
@hassaanp @richardlau
deps: update archs files for OpenSSL-1.1.1
3924618 
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #42352
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Danielle Adams <[email protected]>
@mhdawson @richardlau
test: fix tests affected by OpenSSL update
c533b43 
Last OpenSSL 3 update changes behaviour back to be
closer to that of OpenSSL 1.1.1. Remove some instances
where we expected different errors from OpenSSL 3 versus
OpenSSL 1.1.1.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #42352
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Danielle Adams <[email protected]>
@richardlau
2022-03-17, Version 16.14.2 'Gallium' (LTS)
442e84a 
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: #42385
@nodejs-github-bot nodejs-github-bot added dependencies Pull requests that update a dependency file. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. v16.x labels Mar 17, 2022
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 17, 2022
edited by richardlau
Loading

CI: https://ci.nodejs.org/job/node-test-pull-request/43101/
Release build on 442e84a: https://ci-release.nodejs.org/job/iojs+release/8326/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/43108/

@github-actions github-actions bot mentioned this pull request Mar 18, 2022
Open
28 tasks
richardlau added a commit that referenced this pull request Mar 18, 2022
@richardlau
Working on v16.14.3
85e3624 
PR-URL: #42385
@richardlau richardlau merged commit 442e84a into v16.x Mar 18, 2022
richardlau added a commit that referenced this pull request Mar 18, 2022
@richardlau
2022-03-17, Version 16.14.2 'Gallium' (LTS)
c7173ed 
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: #42385
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022
@richardlau
Blog: v16.14.2 release post
3ad4eab 
Refs: nodejs/node#42385
@aduh95 aduh95 deleted the v16.14.2-proposal branch March 18, 2022 01:25
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Mar 18, 2022
@richardlau
Blog: v16.14.2 release post
ac93a44 
Refs: nodejs/node#42385
@richardlau richardlau mentioned this pull request Mar 18, 2022
Merged
richardlau added a commit to nodejs/nodejs.org that referenced this pull request Mar 18, 2022
@richardlau
Blog: v16.14.2 release post (#4500)
35c8637 
Refs: nodejs/node#42385
This was referenced Mar 19, 2022
Open
Open
Open
Open
Open
Open
Open
@github-actions github-actions bot mentioned this pull request Mar 26, 2022
Open
26 tasks
@github-actions github-actions bot mentioned this pull request Mar 27, 2022
Open
26 tasks
xtx1130 pushed a commit to xtx1130/node that referenced this pull request Apr 25, 2022
@richardlau @xtx1130
2022-03-17, Version 16.14.2 'Gallium' (LTS)
6bef841 
This is a security release.

Notable changes:

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:
- Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778)
  More details are available at https://www.openssl.org/news/secadv/20220315.txt

PR-URL: nodejs#42385
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BethGriggs BethGriggs BethGriggs approved these changes

@aduh95 aduh95 aduh95 approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@richardlau @nodejs-github-bot @BethGriggs @aduh95 @hassaanp @mhdawson