Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v14.16.1 proposal #38082

Merged
merged 4 commits into from
Apr 6, 2021
Merged

v14.16.1 proposal #38082

merged 4 commits into from
Apr 6, 2021

Commits on Apr 4, 2021

  1. deps: upgrade openssl sources to 1.1.1k 

    This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1k.tar.gz
    $ mv openssl-1.1.1k openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #37938
Refs: #37913
Refs: #37916
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
    @tniessen @MylesBorins
    tniessen authored and MylesBorins committed Apr 4, 2021
    Configuration menu
    Copy the full SHA
    403a014 View commit details
    Browse the repository at this point in the history

  2. deps: update archs files for OpenSSL-1.1.1k 

    After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ make -C deps/openssl/config
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: #37938
Refs: #37913
Refs: #37916
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
    @tniessen @MylesBorins
    tniessen authored and MylesBorins committed Apr 4, 2021
    Configuration menu
    Copy the full SHA
    6bc8f58 View commit details
    Browse the repository at this point in the history

  3. deps: upgrade npm to 6.14.12 

    PR-URL: #37918
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
    @ruyadorno @MylesBorins
    ruyadorno authored and MylesBorins committed Apr 4, 2021
    Configuration menu
    Copy the full SHA
    467be7a View commit details
    Browse the repository at this point in the history

Commits on Apr 6, 2021

  1. 2021-04-06, Version 14.16.1 'Fermium' (LTS) 

    This is a security release.

Notable Changes:

Vulnerabilities fixed:

- **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)

PR-URL: #38082
    @MylesBorins
    MylesBorins committed Apr 6, 2021
    Configuration menu
    Copy the full SHA
    b34a9d7 View commit details
    Browse the repository at this point in the history