Release proposal: v0.10.44 #5968
Conversation
Invoke MSBuild specifying the target platform as generated by Gyp. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: #5627
openssl-1.0.1s disables EXPORT and LOW ciphers by default. They are obsoleted ciphers and not safe for the current use. Node LTS also deprecates them. Fixes: nodejs/Release#85 PR-URL: #5712 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
DES-CBC-SHA is LOW cipher and disabled by default and it is used in tests of hornorcipherorder. They are changed as to - use RC4-SHA instead of DES-CBC-SHA. - add AES128-SHA to entries to keep the number of ciphers. - remove tests for non-default cipher because only SEED and IDEA are available in !RC4:!HIGH:ALL. Fixes: nodejs/Release#85 PR-URL: #5712 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Notable changes: * npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712
r-52
added
meta
|
@rvagg it looks like the node subset for the smoker was too aggressive and not testing on fedora or osx... would you like to run it again? |
|
@thealphanerd would you mind having a go with it? tbh it's not clear to me how to run it or even how to assess the output. |
|
No prob... you ran it exactly the way it should be run... if we see nothing red than there is no change from the currently expected passing modules. |
|
new citgm run: https://ci.nodejs.org/job/thealphanerd-smoker/170/ |
|
rc.1 had two tarballs built by the osx release slaves and no .pkg, it worked for v0.12.13-rc.1, however, so I'm not sure where blame lies for this. Investigating. |
|
@rvagg that does not appear to be the only weirdness... armv7 for example built but has no assets, and the osx-pkg slave is using Should we get another build going just in case it was a ghost in the machine? |
|
the -tar vs -pkg thing on the build slaves is a known problem, it's because of how it's set up using environment variables rather than slave labels, we'll get there but it should be working regardless, you just won't know ahead of time which slave will build the .pkg and which the .tar. Re armv7, none of the arm builds generate assets for v0.10 or v0.12, they are essentially skipped even though they show up in the build list in Jenkins. I believe the only outstanding weirdness is .pkg. I'll run another build tho just to see. |
|
The new citgm run is all green! |
|
hah, random, it worked, https://nodejs.org/download/rc/v0.10.44-rc.1/ |
|
Oops... comment on wrong release. I'm going to test the pkg installer for weirdness on my system once the citgm run is done ummm... @rvagg not seeing the pkg in rc.1 What is weird... why is there an x86 tarball for osx... edit: I didn't clear my cache... dangit |
|
I've installed via .pkg, seems to be working OK to me |
Notable changes: * npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) #5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712 PR-URL: #5968
Notable changes: * npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) #5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712 PR-URL: #5968
2016-03-04, Version 0.10.44 (Maintenance), @rvagg
Notable changes:
OPENSSL_NO_WEAK_SSL_CIPHERSto fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (Disable EXPORT and LOW SSLv3+ ciphers by default for Argon, v0.12 and v0.10 Release#85). (Shigeki Ohtsu) deps: Disable EXPORT and LOW ciphers in openssl for v0.12 #5712Test: https://ci.nodejs.org/job/node-test-commit/2744/
Smoker: https://ci.nodejs.org/job/thealphanerd-smoker/166/
RC 1: https://nodejs.org/download/rc/v0.10.44-rc.1/