Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release proposal: v0.10.44 #5968

Closed
wants to merge 5 commits into from
Closed

Release proposal: v0.10.44 #5968

wants to merge 5 commits into from

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Mar 31, 2016

2016-03-04, Version 0.10.44 (Maintenance), @rvagg

Notable changes:


Test: https://ci.nodejs.org/job/node-test-commit/2744/
Smoker: https://ci.nodejs.org/job/thealphanerd-smoker/166/
RC 1: https://nodejs.org/download/rc/v0.10.44-rc.1/

joaocgreis and others added 5 commits March 11, 2016 11:32
Invoke MSBuild specifying the target platform as generated by Gyp.

Reviewed-By: James M Snell <[email protected]>
PR-URL: #5627
openssl-1.0.1s disables EXPORT and LOW ciphers by default.
They are obsoleted ciphers and not safe for the current use.
Node LTS also deprecates them.

Fixes: nodejs/Release#85
PR-URL: #5712
Reviewed-By: Ben Noordhuis <[email protected]>
DES-CBC-SHA is LOW cipher and disabled by default and it is used in
tests of hornorcipherorder. They are changed as to

- use RC4-SHA instead of DES-CBC-SHA.
- add AES128-SHA to entries to keep the number of ciphers.
- remove tests for non-default cipher because only SEED and IDEA are
available in !RC4:!HIGH:ALL.

Fixes: nodejs/Release#85
PR-URL: #5712
Reviewed-By: Ben Noordhuis <[email protected]>
Notable changes:

* npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm
  v2 LTS from the previously deprecated npm v1. (Forrest L Norvell)
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
  are obsolete and not considered safe. This release of Node.js turns
  on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
  included in these lists which can be used in SSLv3 and higher. Full
  details can be found in our LTS discussion on the matter
  (nodejs/Release#85).
  (Shigeki Ohtsu) #5712
@r-52 r-52 added meta Issues and PRs related to the general management of the project. v0.10 labels Mar 31, 2016
@MylesBorins
Copy link
Contributor

@rvagg it looks like the node subset for the smoker was too aggressive and not testing on fedora or osx... would you like to run it again?

@rvagg
Copy link
Member Author

rvagg commented Mar 31, 2016

@thealphanerd would you mind having a go with it? tbh it's not clear to me how to run it or even how to assess the output.

@MylesBorins
Copy link
Contributor

No prob... you ran it exactly the way it should be run... if we see nothing red than there is no change from the currently expected passing modules.

@MylesBorins
Copy link
Contributor

@rvagg
Copy link
Member Author

rvagg commented Mar 31, 2016

rc.1 had two tarballs built by the osx release slaves and no .pkg, it worked for v0.12.13-rc.1, however, so I'm not sure where blame lies for this. Investigating.

@MylesBorins
Copy link
Contributor

@rvagg that does not appear to be the only weirdness... armv7 for example built but has no assets, and the osx-pkg slave is using osx-tar as a label in the pattern matching.

Should we get another build going just in case it was a ghost in the machine?

@rvagg
Copy link
Member Author

rvagg commented Mar 31, 2016

the -tar vs -pkg thing on the build slaves is a known problem, it's because of how it's set up using environment variables rather than slave labels, we'll get there but it should be working regardless, you just won't know ahead of time which slave will build the .pkg and which the .tar.

Re armv7, none of the arm builds generate assets for v0.10 or v0.12, they are essentially skipped even though they show up in the build list in Jenkins.

I believe the only outstanding weirdness is .pkg. I'll run another build tho just to see.

@MylesBorins
Copy link
Contributor

The new citgm run is all green!

@rvagg
Copy link
Member Author

rvagg commented Mar 31, 2016

hah, random, it worked, https://nodejs.org/download/rc/v0.10.44-rc.1/

@MylesBorins
Copy link
Contributor

Oops... comment on wrong release. I'm going to test the pkg installer for weirdness on my system once the citgm run is done

ummm... @rvagg not seeing the pkg in rc.1

What is weird... why is there an x86 tarball for osx...

edit: I didn't clear my cache... dangit

@rvagg
Copy link
Member Author

rvagg commented Mar 31, 2016

I've installed via .pkg, seems to be working OK to me

rvagg pushed a commit that referenced this pull request Mar 31, 2016
rvagg added a commit that referenced this pull request Mar 31, 2016
Notable changes:

* npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm
  v2 LTS from the previously deprecated npm v1. (Forrest L Norvell)
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
  authentication tokens in HTTP requests that would allow an attacker
  to set up a server that could collect tokens from users of the
  command-line interface. Authentication tokens have previously been
  sent with every request made by the CLI for logged-in users,
  regardless of the destination of the request. This update fixes this
  by only including those tokens for requests made against the
  registry or registries used for the current install. IMPORTANT:
  This is a major upgrade to npm v2 LTS from the previously deprecated
  npm v1. (Forrest L Norvell) #5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
  are obsolete and not considered safe. This release of Node.js turns
  on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
  included in these lists which can be used in SSLv3 and higher. Full
  details can be found in our LTS discussion on the matter
  (nodejs/Release#85).
  (Shigeki Ohtsu) #5712

PR-URL: #5968
rvagg added a commit that referenced this pull request Apr 1, 2016
Notable changes:

* npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm
  v2 LTS from the previously deprecated npm v1. (Forrest L Norvell)
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
  authentication tokens in HTTP requests that would allow an attacker
  to set up a server that could collect tokens from users of the
  command-line interface. Authentication tokens have previously been
  sent with every request made by the CLI for logged-in users,
  regardless of the destination of the request. This update fixes this
  by only including those tokens for requests made against the
  registry or registries used for the current install. IMPORTANT:
  This is a major upgrade to npm v2 LTS from the previously deprecated
  npm v1. (Forrest L Norvell) #5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
  are obsolete and not considered safe. This release of Node.js turns
  on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
  included in these lists which can be used in SSLv3 and higher. Full
  details can be found in our LTS discussion on the matter
  (nodejs/Release#85).
  (Shigeki Ohtsu) #5712

PR-URL: #5968
@jasnell jasnell closed this Apr 4, 2016
@targos targos deleted the v0.10.44-proposal branch April 27, 2016 13:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Issues and PRs related to the general management of the project.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants