Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v12.22.8 proposal #41161

Merged
merged 17 commits into from
Dec 16, 2021
Merged

v12.22.8 proposal #41161

merged 17 commits into from
Dec 16, 2021

Conversation

richardlau
Copy link
Member

@richardlau richardlau commented Dec 13, 2021

Putting this together in response to #39780 (comment) with a potential release date of Thursday with the hope that would allow us to include Tuesday's forthcoming OpenSSL update (which is described as "bug fix", with no security fixes).

If we miss releasing by the end of this week, I'd propose moving out to January (unless another releaser wants to takeover).

cc @nodejs/lts


2021-12-16, Version 12.22.8 'Erbium' (LTS), @richardlau

Notable Changes

This release contains a c-ares update to fix a regression introduced in
Node.js 12.22.5 resolving CNAME records containing underscores
#39780.

Root certificates have been updated to those from Mozilla's Network
Security Services 3.71 #40281.

Commits

guybedford and others added 9 commits October 12, 2021 10:19
PR-URL: #39402
Backport-PR-URL: #39422
Reviewed-By: Bradley Farias <bradley.meck@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Fixes: #25988

PR-URL: #40838
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Add a script to automate updating of the c-ares dependency and
accompanying maintenance guide.

PR-URL: #40660
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Updated as described in doc/guides/maintaining-c-ares.md.

PR-URL: #40660
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #36915
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Node.js 12.x requires Python 2 to build. `macos-latest` GitHub
hosted runners are now macOS 11 and do not have Python 2 available.

PR-URL: #41124
Refs: actions/runner-images#4060
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
This commit turns on `-fno-strict-aliasing` in libuv.

Fixes: #40368
Refs: libuv/libuv#1230

PR-URL: #40631
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This is the certdata.txt[0] from NSS 3.71, released on 2021-09-30.

This is the version of NSS that will ship in Firefox 94 on
2021-11-02.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_71_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: #40280
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- Trustwave Global Certification Authority
- Trustwave Global ECC P256 Certification Authority
- Trustwave Global ECC P384 Certification Authority
- NAVER Global Root Certification Authority
- AC RAIZ FNMT-RCM SERVIDORES SEGUROS
- GlobalSign Root R46
- GlobalSign Root E46
- GLOBALTRUST 2020
- ANF Secure Server Root CA
- Certum EC-384 CA
- Certum Trusted Root CA
- TunTrust Root CA
- HARICA TLS RSA Root CA 2021
- HARICA TLS ECC Root CA 2021

Certificates removed:
- GeoTrust Global CA
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- QuoVadis Root CA
- Sonera Class 2 Root CA
- Taiwan GRCA
- GeoTrust Primary Certification Authority
- thawte Primary Root CA
- VeriSign Class 3 Public Primary Certification Authority - G5
- OISTE WISeKey Global Root GA CA
- GeoTrust Primary Certification Authority - G3
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- GeoTrust Primary Certification Authority - G2
- VeriSign Universal Root Certification Authority
- VeriSign Class 3 Public Primary Certification Authority - G4
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Trustis FPS Root CA
- EE Certification Centre Root CA
- Staat der Nederlanden Root CA - G3

PR-URL: #40280
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
@nodejs-github-bot

This comment has been minimized.

@github-actions github-actions bot added cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. meta Issues and PRs related to the general management of the project. needs-ci PRs that need a full CI run. v12.x labels Dec 13, 2021
richardlau added a commit that referenced this pull request Dec 13, 2021
Notable changes:
This release contains a c-ares update to fix a regression introduced in
Node.js 12.22.5 resolving CNAME records containing underscores
(#39780).

Root certificates have been updated to those from Mozilla's Network
Security Services 3.71 (#40280).

PR-URL: #41161
@nodejs-github-bot

This comment has been minimized.

addaleax and others added 5 commits December 14, 2021 15:32
The REPL implementation would strip away the first and last character
of a formatted error message if it ended with `]` (but with the
obviously missing check for a starting `]`), leading to things like
`Uncaught rror: foo[a` being printed for input like `Error: foo[a]`.

Refs: #22436

PR-URL: #38209
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
It can happen that the `NearHeapLimit` callback is called while calling
the `oninit()` function on `MessagePort` construction causing a deadlock
when the `Worker::Exit()` method is called, as the `mutex_` was already
held on the `CreateEnvMessagePort()` method. To fix it, just use the
`mutex_` to protect the `child_port_data_` variable and avoid holding it
when creating the `MessagePort`.
Also, return early from `Worker::Run()` if the worker message port
could not be created.

Fixes: #38208

PR-URL: #38403
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Do the same thing we do for other streams, and retain a reference to
the Buffer that was sent over IPC while the write request is active,
so that it doesn’t get garbage collected while the data is still in
flight.

(This is a good example of why it’s a bad idea that we’re not re-using
the general streams implementation for IPC and instead maintain
separate usage of the low-level I/O primitives.)

Fixes: #34797

PR-URL: #38728
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
Remove invalid usage of `Check()`. This addresses:

    FATAL ERROR: v8::FromJust Maybe value is Nothing.
     1: 0x101311bf5 node::Abort() (.cold.1) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
     2: 0x1000ade29 node::Abort() [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
     3: 0x1000adf8f node::OnFatalError(char const*, char const*) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
     4: 0x1001f42d0 v8::V8::FromJustIsNothing() [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
     5: 0x1000268e2 node::cares_wrap::(anonymous namespace)::AfterGetAddrInfo(uv_getaddrinfo_s*, int, addrinfo*)::$_2::operator()(bool, bool) const [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
     6: 0x10002657c node::cares_wrap::(anonymous namespace)::AfterGetAddrInfo(uv_getaddrinfo_s*, int, addrinfo*) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
     7: 0x1009fb388 uv__work_done [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
     8: 0x100a00453 uv__async_io [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
     9: 0x100a140cc uv__io_poll [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
    10: 0x100a009c1 uv_run [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
    11: 0x10014aca0 node::worker::Worker::Run() [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
    12: 0x10014e56f node::worker::Worker::StartThread(v8::FunctionCallbackInfo<v8::Value> const&)::$_3::__invoke(void*) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node]
    13: 0x7fff703d42eb _pthread_body [/usr/lib/system/libsystem_pthread.dylib]
    14: 0x7fff703d7249 _pthread_start [/usr/lib/system/libsystem_pthread.dylib]
    15: 0x7fff703d340d thread_start [/usr/lib/system/libsystem_pthread.dylib]

PR-URL: #39735
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #40325
Backport-PR-URL: #40565
Fixes: #40305
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Guy Bedford <guybedford@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Zeyu Yang <himself65@outlook.com>
richardlau added a commit that referenced this pull request Dec 14, 2021
Notable changes:
This release contains a c-ares update to fix a regression introduced in
Node.js 12.22.5 resolving CNAME records containing underscores
(#39780).

Root certificates have been updated to those from Mozilla's Network
Security Services 3.71 (#40280).

PR-URL: #41161
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1m.tar.gz
    $ mv openssl-1.1.1m openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #41172
Refs: https://mta.openssl.org/pipermail/openssl-announce/2021-December/000211.html
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #41172
Refs: https://mta.openssl.org/pipermail/openssl-announce/2021-December/000211.html
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Notable changes:
This release contains a c-ares update to fix a regression introduced in
Node.js 12.22.5 resolving CNAME records containing underscores
(#39780).

Root certificates have been updated to those from Mozilla's Network
Security Services 3.71 (#40280).

PR-URL: #41161
@targos targos added release Issues and PRs related to Node.js releases. and removed meta Issues and PRs related to the general management of the project. cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. needs-ci PRs that need a full CI run. labels Dec 16, 2021
@richardlau richardlau merged commit 8b61500 into v12.x Dec 16, 2021
richardlau added a commit that referenced this pull request Dec 16, 2021
@richardlau richardlau deleted the v12.22.8-proposal branch December 16, 2021 23:33
richardlau added a commit that referenced this pull request Dec 16, 2021
Notable changes:
This release contains a c-ares update to fix a regression introduced in
Node.js 12.22.5 resolving CNAME records containing underscores
(#39780).

Root certificates have been updated to those from Mozilla's Network
Security Services 3.71 (#40280).

PR-URL: #41161
richardlau added a commit to richardlau/nodejs.org that referenced this pull request Dec 16, 2021
richardlau added a commit to nodejs/nodejs.org that referenced this pull request Dec 16, 2021
@richardlau
Copy link
Member Author

Oops typoed the date in the changelog and commit message 🤦. Fix: #41213

nodejs-github-bot pushed a commit that referenced this pull request Dec 17, 2021
PR-URL: #41213
Refs: #41161
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is>
richardlau added a commit that referenced this pull request Dec 17, 2021
PR-URL: #41213
Refs: #41161
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is>
Linkgoron pushed a commit to Linkgoron/node that referenced this pull request Jan 31, 2022
Notable changes:
This release contains a c-ares update to fix a regression introduced in
Node.js 12.22.5 resolving CNAME records containing underscores
(nodejs#39780).

Root certificates have been updated to those from Mozilla's Network
Security Services 3.71 (nodejs#40280).

PR-URL: nodejs#41161
Linkgoron pushed a commit to Linkgoron/node that referenced this pull request Jan 31, 2022
PR-URL: nodejs#41213
Refs: nodejs#41161
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release Issues and PRs related to Node.js releases.
Projects
None yet
Development

Successfully merging this pull request may close these issues.