Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v12.22.1 proposal #38083

Merged
merged 4 commits into from
Apr 6, 2021
Merged

v12.22.1 proposal #38083

merged 4 commits into from
Apr 6, 2021

Commits on Apr 4, 2021

  1. deps: upgrade openssl sources to 1.1.1k 

    This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1k.tar.gz
    $ mv openssl-1.1.1k openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #37939
Refs: #37913
Refs: #37916
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
    @tniessen @MylesBorins
    tniessen authored and MylesBorins committed Apr 4, 2021
    Configuration menu
    Copy the full SHA
    c85a519 View commit details
    Browse the repository at this point in the history

  2. deps: update archs files for OpenSSL-1.1.1k 

    After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ make -C deps/openssl/config
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: #37939
Refs: #37913
Refs: #37916
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
    @tniessen @MylesBorins
    tniessen authored and MylesBorins committed Apr 4, 2021
    Configuration menu
    Copy the full SHA
    51a753c View commit details
    Browse the repository at this point in the history

  3. deps: upgrade npm to 6.14.12 

    PR-URL: #37918
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
    @ruyadorno @MylesBorins
    ruyadorno authored and MylesBorins committed Apr 4, 2021
    Configuration menu
    Copy the full SHA
    c947f1a View commit details
    Browse the repository at this point in the history

Commits on Apr 6, 2021

  1. 2021-04-06, Version 12.22.1 'Erbium' (LTS) 

    This is a security release.

Notable changes:

Vulnerabilities fixed:

- **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)

PR-URL: #38083
    @MylesBorins
    MylesBorins committed Apr 6, 2021
    Configuration menu
    Copy the full SHA
    fe1c4b4 View commit details
    Browse the repository at this point in the history