Skip to content

Release proposal: v0.10.41#2805

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rvagg merged 7 commits into from
Dec 4, 2015
Merged

Release proposal: v0.10.41 #2805

rvagg merged 7 commits into from
Dec 4, 2015

Conversation

@rvagg
Copy link
Member

@rvaggrvagg commented Sep 11, 2015

Technically we can't do this with our new Jenkins setup and new nodejs.org server, we still have jenkins.nodejs.org and the original nodejs.org server in place to serve for emergencies but this release needs to come out of our new infra so there's work for @nodejs/build to do. Some details on that here: nodejs/build#164

@rvaggrvagg mentioned this pull request Sep 11, 2015
Merged
@brendanashworthbrendanashworth added the meta Issues and PRs related to the general management of the project. label Sep 11, 2015
@othiym23
Copy link
Contributor

othiym23 commented Sep 11, 2015

Has there been discussion or a decision about nodejs/Release#37? It would be nice to get a less broken npm into 0.10 at some point.

@rvagg
Copy link
MemberAuthor

rvagg commented Sep 11, 2015

@othiym23 @nodejs/lts let's get that question sorted out at next week's meeting and make sure the results of that make it into this release

@Fishrock123
Copy link
Contributor

Fishrock123 commented Sep 11, 2015

Rubber stamp LGTM. Would like to discuss npm also.

@bnoordhuis
Copy link
Member

bnoordhuis commented Sep 11, 2015

The release should wait for the new libuv v0.10 release.

@jasnell
Copy link
Member

jasnell commented Sep 11, 2015

Unless there were updates I missed while I was in Waterford, three are only 8 open PRs against v0.10. We should attempt to close those before cutting a new v0.10.41

@rvagg
Copy link
MemberAuthor

rvagg commented Sep 12, 2015

$ curl -sL 'https://api.github.com/repos/nodejs/node-v0.x-archive/pulls?base=v0.10' | json -a url title

@jasnell
Copy link
Member

jasnell commented Sep 12, 2015

Some of these can likely be closed straight off, but a few represent long standing bugs.

@ChALkeRChALkeR added the lts Issues and PRs related to Long Term Support releases. label Oct 28, 2015
@othiym23@jasnell
deps: upgrade npm to 1.4.29
b68781e
See https://github.com/npm/npm/releases/tag/v1.4.29 for details. Encourage users to upgrade to a newer npm, and lays the groundwork for getting npm@2 into Node 0.10 LTS. PR-URL: #3639 Reviewed-By: Rod Vagg <[email protected]> Reviewed-By: James M Snell <[email protected]>
@rvagg
Copy link
MemberAuthor

rvagg commented Nov 23, 2015

Using the work in #3965 combined with the v0.10 and v0.10-staging branches I've pushed an RC 1 to test these builds on the new infra, binaries are available for download @ https://nodejs.org/download/rc/v0.10.41-rc.1/

@evanlucas
Copy link
Contributor

evanlucas commented Nov 23, 2015

the pkg for OS X looks good

@silverwindsilverwind mentioned this pull request Nov 23, 2015
Closed
@rvaggrvaggforce-pushed the v0.10.41-proposal branch 2 times, most recently from 4473495 to 0365803CompareDecember 3, 2015 13:13
@rvagg
Copy link
MemberAuthor

rvagg commented Dec 3, 2015

Updated to match current #3965 which should be close to final. Preparing for OpenSSL upgrade. Unfortunately we can't do a simple OpenSSL-commits-only release for v0.10 because our build infra won't allow it and when you start pulling in commits to support our infra you end up with a large chunk of the commits staged on v0.10 anyway. So I'm suggesting we just move ahead with v0.10.41 with all pending commits as soon as we have the OpenSSL 1.0.1 upgrade ready.

/cc @nodejs/security

bnoordhuisand others added 6 commits December 4, 2015 03:39
@bnoordhuis
deps: upgrade to openssl 1.0.1q
ce0a488
Contains fixes for: * CVE-2015-3194 Certificate verify crash with missing PSS parameter * CVE-2015-3195 X509_ATTRIBUTE memory leak fixup! character encoding noise fixup! update opensslconf.h PR-URL: #4132 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>
@rvagg
build: backport config for new CI infrastructure
268d2b4
PR-URL: #3965 Reviewed-By: Alexis Campailla <[email protected]> Reviewed-By: Johan Bergström <[email protected]>
@rvagg
build: backport tools/release.sh
c559c79
PR-URL: #3965 Reviewed-By: Alexis Campailla <[email protected]> Reviewed-By: Johan Bergström <[email protected]>
@rvagg
doc: backport README.md
5d829a6
PR-URL: #3965 Reviewed-By: Alexis Campailla <[email protected]> Reviewed-By: Johan Bergström <[email protected]>
@joaocgreis@rvagg
build,win: fix node.exe resource version
d7ae79a
When MSBuild invokes rc.exe, it passes NODE_TAG unstringified, but passes it correctly to cl.exe. Hence, this workaround was made to apply only to the resource file. Fixes: #2963 PR-URL: #3053 Reviewed-By: Alexis Campailla <[email protected]> Reviewed-By: Johan Bergström <[email protected]>
@rvagg
2015-12-04, Version 0.10.41 (Maintenance)
2f947e9
Security Update Notable items: * build: Add support for Microsoft Visual Studio 2015 * npm: Upgrade to v1.4.29 from v1.4.28. A special one-off release as part of the strategy to get a version of npm into Node.js v0.10.x that works with the current registry (nodejs/Release#37). This version of npm prints out a banner each time it is run. The banner warns that the next standard release of Node.js v0.10.x will ship with a version of npm v2. * openssl: Upgrade to 1.0.1q, containing fixes CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>. (Ben Noordhuis) #4133 PR-URL: nodejs-private/node-private#15
@rvagg
Copy link
MemberAuthor

rvagg commented Dec 3, 2015

https://ci.nodejs.org/job/node-test-pull-request/916/

Incorporated the OpenSSL fixes and the updated build fixes, updated commits list in OP, release notes now starts with:

2015-12-04, Version 0.10.41 (Maintenance), @rvagg

Security Update

Notable items:

  • build: Add support for Microsoft Visual Studio 2015
  • npm: Upgrade to v1.4.29 from v1.4.28. A special one-off release as part of the strategy to get a version of npm into Node.js v0.10.x that works with the current registry (npm in 0.10 LTS Release#37). This version of npm prints out a banner each time it is run. The banner warns that the next standard release of Node.js v0.10.x will ship with a version of npm v2.
  • openssl: Upgrade to 1.0.1q, containing fixes CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at http://openssl.org/news/secadv/20151203.txt. (Ben Noordhuis) deps: upgrade to openssl 1.0.1q (v0.12) #4133

@rvaggrvagg merged commit 2f947e9 into v0.10Dec 4, 2015
@rvaggrvagg deleted the v0.10.41-proposal branch December 4, 2015 02:42
@vweeversvweevers mentioned this pull request Jan 29, 2016
Closed
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ltsIssues and PRs related to Long Term Support releases.metaIssues and PRs related to the general management of the project.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@rvagg@othiym23@Fishrock123@bnoordhuis@jasnell@evanlucas@ChALkeR@brendanashworth@joaocgreis