Closed
Conversation
Updated to match the amended description that went live on the release announcement @ http://nodejs.org/en/blog/release/v0.10.41/ PR-URL: #4153 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Backport the tools/install.py changes from 628a3ab that were missed when 6fb0b92 backported the corresponding changes to the Makefile to build the headers only archive. PR-URL: #4149 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: Rod Vagg <rod@vagg.org>
PR-URL: #4894 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: James M Snell <jasnell@gmail.com>
This replaces all sources of openssl-1.0.1r.tar.gz into deps/openssl/openssl PR-URL: #4967 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> deps: copy all openssl header files to include dir All symlink files in `deps/openssl/openssl/include/openssl/` are removed and replaced with real header files to avoid issues on Windows. Two files of opensslconf.h in crypto and include dir are replaced to refer config/opensslconf.h. PR-URL: #4967 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> deps: separate sha256/sha512-x86_64.pl for openssl sha256-x86_64.pl does not exist in the origin openssl distribution. It was copied from sha512-x86_64.pl and both sha256/sha512 scripts were modified so as to generates only one asm file specified as its key hash length. PR: #9451 PR-URL: nodejs/node-v0.x-archive#9451 Reviewed-By: Julien Gilli <julien.gilli@joyent.com> deps: fix openssl assembly error on ia32 win32 `x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . PR: #9451 PR-URL: nodejs/node-v0.x-archive#9451 Reviewed-By: Julien Gilli <julien.gilli@joyent.com> openssl: fix keypress requirement in apps on win32 reapply b910613 PR: #9451 PR-URL: nodejs/node-v0.x-archive#9451 Reviewed-By: Julien Gilli <julien.gilli@joyent.com> deps: add -no_rand_screen to openssl s_client In openssl s_client on Windows, RAND_screen() is invoked to initialize random state but it takes several seconds in each connection. This added -no_rand_screen to openssl s_client on Windows to skip RAND_screen() and gets a better performance in the unit test of test-tls-server-verify. Do not enable this except to use in the unit test. (cherry picked from commit 9f0f7c38e6df975dd39735d0e9ef968076369c74) Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs/node-v0.x-archive#25368
Security Update Notable items:
mscdex
added
meta
Member
Author
|
finished off in node-private and released |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security release, to go out ~ Tuesday, the 9th of February, 11pm UTC with releases across all active lines as per https://groups.google.com/d/msg/nodejs-sec/G8IA0G4uA88/So3Cw84YDwAJ.
Commits so far:
6dbcb188b0] - build: enable xz compressed tarballs where possible (Rod Vagg) #4894b0a848c666] - deps: upgrade openssl sources to 1.0.1r (Shigeki Ohtsu) joyent/node#25368eb4666b9dc] - doc: clarify v0.10.41 openssl tls security impact (Rod Vagg) #415302bc6f3536] - tools: backport tools/install.py for headers (Richard Lau) #4149Pending additions being worked on by the security team, I'll get everything else ready here and finish it off in our private repo. Still needs "Notable items" filled out for OpenSSL.
Commit still on
v0.10-stagingthat we'll have to get to in a v0.10.43 soon after this release:9cae9b2290] - domains: fix handling of uncaught exceptions (Julien Gilli) #3887Trying not to include non-security and non-build changes in this release to minimise impact to users (well, minimise their perceived impact at least).