-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v12.22.8 proposal #41161
v12.22.8 proposal #41161
Conversation
PR-URL: #39402 Backport-PR-URL: #39422 Reviewed-By: Bradley Farias <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Zijian Liu <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Jan Krems <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Fixes: #25988 PR-URL: #40838 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Rich Trott <[email protected]>
Add a script to automate updating of the c-ares dependency and accompanying maintenance guide. PR-URL: #40660 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
Updated as described in doc/guides/maintaining-c-ares.md. PR-URL: #40660 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
PR-URL: #36915 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]>
Node.js 12.x requires Python 2 to build. `macos-latest` GitHub hosted runners are now macOS 11 and do not have Python 2 available. PR-URL: #41124 Refs: actions/runner-images#4060 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Beth Griggs <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
This commit turns on `-fno-strict-aliasing` in libuv. Fixes: #40368 Refs: libuv/libuv#1230 PR-URL: #40631 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Santiago Gimeno <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Voltrex <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
This is the certdata.txt[0] from NSS 3.71, released on 2021-09-30. This is the version of NSS that will ship in Firefox 94 on 2021-11-02. [0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_71_RTM/lib/ckfw/builtins/certdata.txt PR-URL: #40280 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Zijian Liu <[email protected]>
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl. Certificates added: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority - NAVER Global Root Certification Authority - AC RAIZ FNMT-RCM SERVIDORES SEGUROS - GlobalSign Root R46 - GlobalSign Root E46 - GLOBALTRUST 2020 - ANF Secure Server Root CA - Certum EC-384 CA - Certum Trusted Root CA - TunTrust Root CA - HARICA TLS RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 Certificates removed: - GeoTrust Global CA - GeoTrust Universal CA - GeoTrust Universal CA 2 - QuoVadis Root CA - Sonera Class 2 Root CA - Taiwan GRCA - GeoTrust Primary Certification Authority - thawte Primary Root CA - VeriSign Class 3 Public Primary Certification Authority - G5 - OISTE WISeKey Global Root GA CA - GeoTrust Primary Certification Authority - G3 - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - GeoTrust Primary Certification Authority - G2 - VeriSign Universal Root Certification Authority - VeriSign Class 3 Public Primary Certification Authority - G4 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Trustis FPS Root CA - EE Certification Centre Root CA - Staat der Nederlanden Root CA - G3 PR-URL: #40280 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Zijian Liu <[email protected]>
This comment has been minimized.
This comment has been minimized.
809aee2
to
7bb9d89
Compare
This comment has been minimized.
This comment has been minimized.
The REPL implementation would strip away the first and last character of a formatted error message if it ended with `]` (but with the obviously missing check for a starting `]`), leading to things like `Uncaught rror: foo[a` being printed for input like `Error: foo[a]`. Refs: #22436 PR-URL: #38209 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Yongsheng Zhang <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
It can happen that the `NearHeapLimit` callback is called while calling the `oninit()` function on `MessagePort` construction causing a deadlock when the `Worker::Exit()` method is called, as the `mutex_` was already held on the `CreateEnvMessagePort()` method. To fix it, just use the `mutex_` to protect the `child_port_data_` variable and avoid holding it when creating the `MessagePort`. Also, return early from `Worker::Run()` if the worker message port could not be created. Fixes: #38208 PR-URL: #38403 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]>
Do the same thing we do for other streams, and retain a reference to the Buffer that was sent over IPC while the write request is active, so that it doesn’t get garbage collected while the data is still in flight. (This is a good example of why it’s a bad idea that we’re not re-using the general streams implementation for IPC and instead maintain separate usage of the low-level I/O primitives.) Fixes: #34797 PR-URL: #38728 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Minwoo Jung <[email protected]>
Remove invalid usage of `Check()`. This addresses: FATAL ERROR: v8::FromJust Maybe value is Nothing. 1: 0x101311bf5 node::Abort() (.cold.1) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 2: 0x1000ade29 node::Abort() [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 3: 0x1000adf8f node::OnFatalError(char const*, char const*) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 4: 0x1001f42d0 v8::V8::FromJustIsNothing() [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 5: 0x1000268e2 node::cares_wrap::(anonymous namespace)::AfterGetAddrInfo(uv_getaddrinfo_s*, int, addrinfo*)::$_2::operator()(bool, bool) const [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 6: 0x10002657c node::cares_wrap::(anonymous namespace)::AfterGetAddrInfo(uv_getaddrinfo_s*, int, addrinfo*) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 7: 0x1009fb388 uv__work_done [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 8: 0x100a00453 uv__async_io [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 9: 0x100a140cc uv__io_poll [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 10: 0x100a009c1 uv_run [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 11: 0x10014aca0 node::worker::Worker::Run() [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 12: 0x10014e56f node::worker::Worker::StartThread(v8::FunctionCallbackInfo<v8::Value> const&)::$_3::__invoke(void*) [/Users/xxx/.nvm/versions/node/v14.17.4/bin/node] 13: 0x7fff703d42eb _pthread_body [/usr/lib/system/libsystem_pthread.dylib] 14: 0x7fff703d7249 _pthread_start [/usr/lib/system/libsystem_pthread.dylib] 15: 0x7fff703d340d thread_start [/usr/lib/system/libsystem_pthread.dylib] PR-URL: #39735 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: #40325 Backport-PR-URL: #40565 Fixes: #40305 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Guy Bedford <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Zeyu Yang <[email protected]>
7bb9d89
to
74daefb
Compare
This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1m.tar.gz $ mv openssl-1.1.1m openssl $ git add --all openssl $ git commit openssl PR-URL: #41172 Refs: https://mta.openssl.org/pipermail/openssl-announce/2021-December/000211.html Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Matteo Collina <[email protected]>
After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #41172 Refs: https://mta.openssl.org/pipermail/openssl-announce/2021-December/000211.html Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Matteo Collina <[email protected]>
74daefb
to
8b61500
Compare
CI: https://ci.nodejs.org/job/node-test-pull-request/41503/ (✔️) Release build on 8b61500: https://ci-release.nodejs.org/job/iojs+release/8144/ |
Oops typoed the date in the changelog and commit message 🤦. Fix: #41213 |
PR-URL: #41213 Refs: #41161 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Derek Lewis <[email protected]>
PR-URL: #41213 Refs: #41161 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Derek Lewis <[email protected]>
Notable changes: This release contains a c-ares update to fix a regression introduced in Node.js 12.22.5 resolving CNAME records containing underscores (nodejs#39780). Root certificates have been updated to those from Mozilla's Network Security Services 3.71 (nodejs#40280). PR-URL: nodejs#41161
PR-URL: nodejs#41213 Refs: nodejs#41161 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Derek Lewis <[email protected]>
Putting this together in response to #39780 (comment) with a potential release date of Thursday with the hope that would allow us to include Tuesday's forthcoming OpenSSL update (which is described as "bug fix", with no security fixes).
If we miss releasing by the end of this week, I'd propose moving out to January (unless another releaser wants to takeover).
cc @nodejs/lts
2021-12-16, Version 12.22.8 'Erbium' (LTS), @richardlau
Notable Changes
This release contains a c-ares update to fix a regression introduced in
Node.js 12.22.5 resolving CNAME records containing underscores
#39780.
Root certificates have been updated to those from Mozilla's Network
Security Services 3.71 #40281.
Commits
2d42295d2a
] - build: pin macOS GitHub runner to macos-10.15 (Richard Lau) #4112441e09ec71b
] - child_process: retain reference to data with advanced serialization (Anna Henningsen) #38728f0be07796e
] - crypto: update root certificates (Richard Lau) #402804c9f920d34
] - deps: update archs files for OpenSSL-1.1.1m (Richard Lau) #4117260d7d4171e
] - deps: upgrade openssl sources to 1.1.1m (Richard Lau) #411727feff67419
] - deps: add -fno-strict-aliasing flag to libuv (Daniel Bevenius) #40631534ac7c7c6
] - deps: update c-ares to 1.18.1 (Richard Lau) #40660c019fa9b70
] - deps: update to [email protected] (Guy Bedford) #39402b13340eff4
] - doc: add alternative version links to the packages page (Filip Skokan) #36915243b2fbfdb
] - lib: fix regular expression to detect `/` and `\` (Francesco Trotta) #4032570e094a26b
] - repl: fix error message printing (Anna Henningsen) #3820902b432a704
] - src: fix crash in AfterGetAddrInfo (Anna Henningsen) #397357479447d6a
] - test: deflake child-process-pipe-dataflow (Luigi Pinca) #40838833e199393
] - tools: update certdata.txt (Richard Lau) #40280e4339fe286
] - tools: add script to update c-ares (Richard Lau) #40660f50b9c1e8a
] - worker: avoid potential deadlock on NearHeapLimit (Santiago Gimeno) #38403