Comparing changes

PR-URL: nodejs-private/node-private#242

Fixes: #36437 PR-URL: #36479 Backport-PR-URL: #36831 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>

PR-URL: #36633 Backport-PR-URL: #36940 Fixes: #36620 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>

PR-URL: #36618 Reviewed-By: Robert Nagy <ronagy@icloud.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>

PR-URL: #37173 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com>

Signed-off-by: Ruben Bridgewater <ruben@bridgewater.de> Backport-PR-URL: #37100 PR-URL: #36178 Fixes: #35730 Fixes: #36151 Refs: #35754 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Guy Bedford <guybedford@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Original commit message: [wasm] PostMessage of Memory.buffer should throw PostMessage of an ArrayBuffer that is not detachable should result in a DataCloneError. Bug: chromium:1170176, chromium:961059 Change-Id: Ib89bbc10d2b58918067fd1a90365cad10a0db9ec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2653810 Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#72415} Refs: v8/v8@dfcf1e8 PR-URL: #37245 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

Fixes: #36364 PR-URL: #36410 Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: Ricky Zhou <0x19951125@gmail.com>

Notable changes: - **deps**: - upgrade npm to 6.14.11 (Ruy Adorno) (#37173) - V8: backport dfcf1e86fac0 (Michaël Zasso) (#37245) - Note: Node.js is not believed to be vulnerable to CVE-2021-21148. - **stream,zlib**: do not use \_stream\_\* anymore (Matteo Collina) (#36618) PR-URL: #37074

PR-URL: #37074

CVE-ID: CVE-2021-22884 Refs: https://hackerone.com/bugs?report_id=1069487 PR-URL: nodejs-private/node-private#244 Reviewed-By: Beth Griggs <bgriggs@redhat.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Mary Marchini <oss@mmarchini.me> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>

This commit add a configuration options named unknownProtocolTimeout which can be specified to set a value for the timeout in milliseconds that a server should wait when an unknowProtocol is sent to it. When this happens a timer will be started and the if the socket has not been destroyed during that time the timer callback will destoy it. Refs: https://hackerone.com/reports/1043360 CVE-ID: CVE-2021-22883 PR-URL: nodejs-private/node-private#246 Backport-PR-URL: nodejs-private/node-private#250 Reviewed-By: Beth Griggs <bgriggs@redhat.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1j.tar.gz $ mv openssl-1.1.1j openssl $ git add --all openssl $ git commit openssl PR-URL: #37412 Backport-PR-URL: #37413 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #37412 Backport-PR-URL: #37413 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com>

This is a security release. Notable changes: Vulnerabilities fixed: - **CVE-2021-22883**: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion - **CVE-2021-22884**: DNS rebinding in --inspect - **CVE-2021-23840**: OpenSSL - Integer overflow in CipherUpdate PR-URL: nodejs-private/node-private#254

Commits on Feb 9, 2021

Working on v14.15.6

PR-URL: #37074

BethGriggs committed Feb 9, 2021

Configuration menu

View commit details

Copy full SHA for 93f7f9e

Browse repository at this point

Copy the full SHA

93f7f9e View commit details

Browse the repository at this point in the history

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Comparing changes

Open a pull request

Commits on Jan 4, 2021

Commits on Jan 28, 2021

Commits on Feb 4, 2021

Commits on Feb 5, 2021

Commits on Feb 8, 2021

Commits on Feb 9, 2021

Commits on Feb 18, 2021

Commits on Feb 22, 2021

This comparison is taking too long to generate.

Uh oh!