v12.22.8 proposal #41161
Merged
v12.22.8 proposal #41161
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PR-URL: #39402 Backport-PR-URL: #39422 Reviewed-By: Bradley Farias <bradley.meck@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Zijian Liu <lxxyxzj@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Jan Krems <jan.krems@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Add a script to automate updating of the c-ares dependency and accompanying maintenance guide. PR-URL: #40660 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michaël Zasso <targos@protonmail.com>
Updated as described in doc/guides/maintaining-c-ares.md. PR-URL: #40660 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #36915 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Node.js 12.x requires Python 2 to build. `macos-latest` GitHub hosted runners are now macOS 11 and do not have Python 2 available. PR-URL: #41124 Refs: actions/runner-images#4060 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
This commit turns on `-fno-strict-aliasing` in libuv. Fixes: #40368 Refs: libuv/libuv#1230 PR-URL: #40631 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This is the certdata.txt[0] from NSS 3.71, released on 2021-09-30. This is the version of NSS that will ship in Firefox 94 on 2021-11-02. [0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_71_RTM/lib/ckfw/builtins/certdata.txt PR-URL: #40280 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl. Certificates added: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority - NAVER Global Root Certification Authority - AC RAIZ FNMT-RCM SERVIDORES SEGUROS - GlobalSign Root R46 - GlobalSign Root E46 - GLOBALTRUST 2020 - ANF Secure Server Root CA - Certum EC-384 CA - Certum Trusted Root CA - TunTrust Root CA - HARICA TLS RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 Certificates removed: - GeoTrust Global CA - GeoTrust Universal CA - GeoTrust Universal CA 2 - QuoVadis Root CA - Sonera Class 2 Root CA - Taiwan GRCA - GeoTrust Primary Certification Authority - thawte Primary Root CA - VeriSign Class 3 Public Primary Certification Authority - G5 - OISTE WISeKey Global Root GA CA - GeoTrust Primary Certification Authority - G3 - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - GeoTrust Primary Certification Authority - G2 - VeriSign Universal Root Certification Authority - VeriSign Class 3 Public Primary Certification Authority - G4 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Trustis FPS Root CA - EE Certification Centre Root CA - Staat der Nederlanden Root CA - G3 PR-URL: #40280 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
This comment has been minimized.
This comment has been minimized.
github-actions
bot
added
cares
richardlau
force-pushed
the
v12.22.8-proposal
branch
from
809aee2
to
7bb9d89
Compare
This comment has been minimized.
This comment has been minimized.
This was referenced Dec 13, 2021
targos
approved these changes
Dec 14, 2021
gengjiawen
approved these changes
Dec 14, 2021
danielleadams
approved these changes
Dec 14, 2021
cjihrig
approved these changes
Dec 14, 2021
The REPL implementation would strip away the first and last character of a formatted error message if it ended with `]` (but with the obviously missing check for a starting `]`), leading to things like `Uncaught rror: foo[a` being printed for input like `Error: foo[a]`. Refs: #22436 PR-URL: #38209 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
It can happen that the `NearHeapLimit` callback is called while calling the `oninit()` function on `MessagePort` construction causing a deadlock when the `Worker::Exit()` method is called, as the `mutex_` was already held on the `CreateEnvMessagePort()` method. To fix it, just use the `mutex_` to protect the `child_port_data_` variable and avoid holding it when creating the `MessagePort`. Also, return early from `Worker::Run()` if the worker message port could not be created. Fixes: #38208 PR-URL: #38403 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Do the same thing we do for other streams, and retain a reference to the Buffer that was sent over IPC while the write request is active, so that it doesn’t get garbage collected while the data is still in flight. (This is a good example of why it’s a bad idea that we’re not re-using the general streams implementation for IPC and instead maintain separate usage of the low-level I/O primitives.) Fixes: #34797 PR-URL: #38728 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
Remove invalid usage of `Check()`. This addresses:
FATAL ERROR: v8::FromJust Maybe value is Nothing.
1: 0x101311bf5 node::Abort() (.cold.1) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
2: 0x1000ade29 node::Abort() [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
3: 0x1000adf8f node::OnFatalError(char const*, char const*) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
4: 0x1001f42d0 v8::V8::FromJustIsNothing() [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
5: 0x1000268e2 node::cares_wrap::(anonymous namespace)::AfterGetAddrInfo(uv_getaddrinfo_s*, int, addrinfo*)::$_2::operator()(bool, bool) const [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
6: 0x10002657c node::cares_wrap::(anonymous namespace)::AfterGetAddrInfo(uv_getaddrinfo_s*, int, addrinfo*) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
7: 0x1009fb388 uv__work_done [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
8: 0x100a00453 uv__async_io [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
9: 0x100a140cc uv__io_poll [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
10: 0x100a009c1 uv_run [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
11: 0x10014aca0 node::worker::Worker::Run() [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
12: 0x10014e56f node::worker::Worker::StartThread(v8::FunctionCallbackInfo<v8::Value> const&)::$_3::__invoke(void*) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
13: 0x7fff703d42eb _pthread_body [/usr/lib/system/libsystem_pthread.dylib]
14: 0x7fff703d7249 _pthread_start [/usr/lib/system/libsystem_pthread.dylib]
15: 0x7fff703d340d thread_start [/usr/lib/system/libsystem_pthread.dylib]
PR-URL: #39735
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #40325 Backport-PR-URL: #40565 Fixes: #40305 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Guy Bedford <guybedford@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Zeyu Yang <himself65@outlook.com>
richardlau
force-pushed
the
v12.22.8-proposal
branch
from
7bb9d89
to
74daefb
Compare
This updates all sources in deps/openssl/openssl by:
$ cd deps/openssl/
$ rm -rf openssl
$ tar zxf ~/tmp/openssl-1.1.1m.tar.gz
$ mv openssl-1.1.1m openssl
$ git add --all openssl
$ git commit openssl
PR-URL: #41172
Refs: https://mta.openssl.org/pipermail/openssl-announce/2021-December/000211.html
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
$ make -C deps/openssl/config
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/include/crypto/bn_conf.h
$ git add deps/openssl/openssl/include/crypto/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
PR-URL: #41172
Refs: https://mta.openssl.org/pipermail/openssl-announce/2021-December/000211.html
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
richardlau
force-pushed
the
v12.22.8-proposal
branch
from
74daefb
to
8b61500
Compare
|
CI: https://ci.nodejs.org/job/node-test-pull-request/41503/ (✔️) Release build on 8b61500: https://ci-release.nodejs.org/job/iojs+release/8144/ |
richardlau
added a commit
to richardlau/nodejs.org
that referenced
this pull request
Dec 16, 2021
richardlau
added a commit
to nodejs/nodejs.org
that referenced
this pull request
Dec 16, 2021
|
Oops typoed the date in the changelog and commit message 🤦. Fix: #41213 |
Linkgoron
pushed a commit
to Linkgoron/node
that referenced
this pull request
Jan 31, 2022
Notable changes: This release contains a c-ares update to fix a regression introduced in Node.js 12.22.5 resolving CNAME records containing underscores (nodejs#39780). Root certificates have been updated to those from Mozilla's Network Security Services 3.71 (nodejs#40280). PR-URL: nodejs#41161
Linkgoron
pushed a commit
to Linkgoron/node
that referenced
this pull request
Jan 31, 2022
PR-URL: nodejs#41213 Refs: nodejs#41161 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Putting this together in response to #39780 (comment) with a potential release date of Thursday with the hope that would allow us to include Tuesday's forthcoming OpenSSL update (which is described as "bug fix", with no security fixes).
If we miss releasing by the end of this week, I'd propose moving out to January (unless another releaser wants to takeover).
cc @nodejs/lts
2021-12-16, Version 12.22.8 'Erbium' (LTS), @richardlau
Notable Changes
This release contains a c-ares update to fix a regression introduced in
Node.js 12.22.5 resolving CNAME records containing underscores
#39780.
Root certificates have been updated to those from Mozilla's Network
Security Services 3.71 #40281.
Commits
2d42295d2a] - build: pin macOS GitHub runner to macos-10.15 (Richard Lau) #4112441e09ec71b] - child_process: retain reference to data with advanced serialization (Anna Henningsen) #38728f0be07796e] - crypto: update root certificates (Richard Lau) #402804c9f920d34] - deps: update archs files for OpenSSL-1.1.1m (Richard Lau) #4117260d7d4171e] - deps: upgrade openssl sources to 1.1.1m (Richard Lau) #411727feff67419] - deps: add -fno-strict-aliasing flag to libuv (Daniel Bevenius) #40631534ac7c7c6] - deps: update c-ares to 1.18.1 (Richard Lau) #40660c019fa9b70] - deps: update to cjs-module-lexer@1.2.2 (Guy Bedford) #39402b13340eff4] - doc: add alternative version links to the packages page (Filip Skokan) #36915243b2fbfdb] - lib: fix regular expression to detect `/` and `\` (Francesco Trotta) #4032570e094a26b] - repl: fix error message printing (Anna Henningsen) #3820902b432a704] - src: fix crash in AfterGetAddrInfo (Anna Henningsen) #397357479447d6a] - test: deflake child-process-pipe-dataflow (Luigi Pinca) #40838833e199393] - tools: update certdata.txt (Richard Lau) #40280e4339fe286] - tools: add script to update c-ares (Richard Lau) #40660f50b9c1e8a] - worker: avoid potential deadlock on NearHeapLimit (Santiago Gimeno) #38403