Upgrade to openssl-1.0.2k #11021

Closed
wants to merge 7 commits into
from

Projects

None yet

6 participants

@shigeki
Contributor
shigeki commented Jan 26, 2017
Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • commit message follows commit guidelines
Affected core subsystem(s)

deps, openssl

This is a upgrading to the latest openssl-1.0.2k. I've just made upgrading source and header files and cherry-picked floating patches.

asm and asm_obsolete files needs to be updated due to fixes of CVE-2017-3732.

CC: @nodejs/crypto

Shigeki Ohtsu and others added some commits Jan 26, 2017
Shigeki Ohtsu deps: upgrade openssl sources to 1.0.2k
This replaces all sources of openssl-1.0.2k.tar.gz into
deps/openssl/openssl
edc8804
Shigeki Ohtsu deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.
b1c10cf
@indutny indutny deps: fix openssl assembly error on ia32 win32
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
2a23b84
@shigeki shigeki deps: fix asm build error of openssl in x86_win32
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
970e283
@shigeki shigeki openssl: fix keypress requirement in apps on win32
Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
a7497f9
@shigeki shigeki deps: add -no_rand_screen to openssl s_client
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: nodejs#1461
PR-URL: nodejs#1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
90d1fc4
Shigeki Ohtsu deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-5.4.0. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs
61800c5
@shigeki shigeki added the openssl label Jan 26, 2017
@bnoordhuis

Rubber-stamp LGTM.

@indutny

LGTM, verified the source files. Thank you!

@shigeki shigeki pushed a commit that referenced this pull request Jan 26, 2017
Shigeki Ohtsu deps: upgrade openssl sources to 1.0.2k
This replaces all sources of openssl-1.0.2k.tar.gz into
deps/openssl/openssl

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
31e3b81
@shigeki shigeki pushed a commit that referenced this pull request Jan 26, 2017
Shigeki Ohtsu deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
c0eefcb
@shigeki shigeki pushed a commit that referenced this pull request Jan 26, 2017
Shigeki Ohtsu deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-5.4.0. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
a67a04d
@shigeki
Contributor
shigeki commented Jan 26, 2017

CI is all green. Landed in 31e3b81, c0eefcb, 0af423c, 809fa3b, 0ea2711, 2a74481 and a67a04d.

@sam-github Please take care of above commits to v4 and v6. Notify me if you have any troubles.

@indutny Very sorry, I've just landed now missing your name in reviewers.

@shigeki shigeki closed this Jan 26, 2017
@indutny
Member
indutny commented Jan 26, 2017

That's a pity. Please give me several hours next time,ください.

@shigeki
Contributor
shigeki commented Jan 26, 2017

@indutny Sorry, I will do next. I just wanted to go to bed early. By the way, Good Japanese.

@indutny
Member
indutny commented Jan 26, 2017

No worries at all.

@targos
Member
targos commented Jan 28, 2017

While updating v7.x-staging, I saw that branch-diff only reports the commits that are new:

  • [31e3b81290] - deps: upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021
  • [c0eefcb461] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #11021
  • [a67a04d765] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #11021

I took care of cherry-picking the 7 commits together but it could be easy to miss if one is not overcautious.

@targos targos added a commit that referenced this pull request Jan 28, 2017
@targos Shigeki Ohtsu + targos deps: upgrade openssl sources to 1.0.2k
This replaces all sources of openssl-1.0.2k.tar.gz into
deps/openssl/openssl

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
4349a8e
@targos targos added a commit that referenced this pull request Jan 28, 2017
@targos Shigeki Ohtsu + targos deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
184bb9d
@targos targos added a commit that referenced this pull request Jan 28, 2017
@targos Shigeki Ohtsu + targos deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-5.4.0. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
376b9a4
@italoacasas italoacasas referenced this pull request Jan 29, 2017
Merged

v7.5.0 proposal #11062

@italoacasas italoacasas added a commit to italoacasas/node that referenced this pull request Jan 30, 2017
@italoacasas Shigeki Ohtsu + italoacasas deps: upgrade openssl sources to 1.0.2k
This replaces all sources of openssl-1.0.2k.tar.gz into
deps/openssl/openssl

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
6a0f1fa
@italoacasas italoacasas added a commit to italoacasas/node that referenced this pull request Jan 30, 2017
@italoacasas Shigeki Ohtsu + italoacasas deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
a3b3b35
@italoacasas italoacasas added a commit to italoacasas/node that referenced this pull request Jan 30, 2017
@italoacasas Shigeki Ohtsu + italoacasas deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-5.4.0. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
edd2072
@italoacasas italoacasas added a commit to italoacasas/node that referenced this pull request Jan 30, 2017
@italoacasas Shigeki Ohtsu + italoacasas deps: upgrade openssl sources to 1.0.2k
This replaces all sources of openssl-1.0.2k.tar.gz into
deps/openssl/openssl

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
3c4166d
@italoacasas italoacasas added a commit to italoacasas/node that referenced this pull request Jan 30, 2017
@italoacasas Shigeki Ohtsu + italoacasas deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
b3ad80d
@italoacasas italoacasas added a commit to italoacasas/node that referenced this pull request Jan 30, 2017
@italoacasas Shigeki Ohtsu + italoacasas deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-5.4.0. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
506a50b
@sam-github sam-github added a commit to sam-github/node that referenced this pull request Jan 30, 2017
@sam-github Shigeki Ohtsu + sam-github deps: upgrade openssl sources to 1.0.2k
This replaces all sources of openssl-1.0.2k.tar.gz into
deps/openssl/openssl

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
85c357a
@sam-github sam-github added a commit to sam-github/node that referenced this pull request Jan 30, 2017
@sam-github Shigeki Ohtsu + sam-github deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
500d20c
@sam-github sam-github added a commit to sam-github/node that referenced this pull request Jan 30, 2017
@sam-github Shigeki Ohtsu + sam-github deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-5.4.0. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
9597b90
@sam-github sam-github added a commit to sam-github/node that referenced this pull request Jan 30, 2017
@sam-github Shigeki Ohtsu + sam-github deps: upgrade openssl sources to 1.0.2k
This replaces all sources of openssl-1.0.2k.tar.gz into
deps/openssl/openssl

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
195350b
@sam-github sam-github added a commit to sam-github/node that referenced this pull request Jan 30, 2017
@sam-github Shigeki Ohtsu + sam-github deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
1743827
@sam-github sam-github added a commit to sam-github/node that referenced this pull request Jan 30, 2017
@sam-github Shigeki Ohtsu + sam-github deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-5.4.0. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs

PR-URL: nodejs#11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
c338f33
@sam-github sam-github referenced this pull request Jan 30, 2017
Closed

v6 openssl 1.0.2k #11076

@MylesBorins MylesBorins added a commit that referenced this pull request Jan 30, 2017
@MylesBorins Shigeki Ohtsu + MylesBorins deps: upgrade openssl sources to 1.0.2k
This replaces all sources of openssl-1.0.2k.tar.gz into
deps/openssl/openssl

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
3f2bef6
@MylesBorins MylesBorins added a commit that referenced this pull request Jan 30, 2017
@MylesBorins Shigeki Ohtsu + MylesBorins deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
d623e8c
@MylesBorins MylesBorins added a commit that referenced this pull request Jan 30, 2017
@MylesBorins Shigeki Ohtsu + MylesBorins deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-5.4.0. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
87ac449
@MylesBorins MylesBorins pushed a commit that referenced this pull request Jan 31, 2017
Shigeki Ohtsu + Myles Borins deps: upgrade openssl sources to 1.0.2k
This replaces all sources of openssl-1.0.2k.tar.gz into
deps/openssl/openssl

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
c808447
@MylesBorins MylesBorins pushed a commit that referenced this pull request Jan 31, 2017
Shigeki Ohtsu + Myles Borins deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
6c7bdf5
@MylesBorins MylesBorins pushed a commit that referenced this pull request Jan 31, 2017
Shigeki Ohtsu + Myles Borins deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-5.4.0. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs

PR-URL: #11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8029f64
@MylesBorins MylesBorins pushed a commit that referenced this pull request Jan 31, 2017
Myles Borins 2017-01-31, Version 6.9.5 'Boron' (LTS)
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		#11021
6b60d19
@MylesBorins MylesBorins pushed a commit that referenced this pull request Jan 31, 2017
Myles Borins 2017-01-31, Version 4.7.3 'Argon' (LTS)
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		#11021
52f7c12
@MylesBorins MylesBorins pushed a commit that referenced this pull request Jan 31, 2017
Myles Borins 2017-01-31, Version 4.7.3 'Argon' (LTS)
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		#11021
ddea415
@MylesBorins MylesBorins added a commit that referenced this pull request Jan 31, 2017
@MylesBorins MylesBorins 2017-01-31, Version 4.7.3 'Argon' (LTS)
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		#11021

PR-URL: #11083
79f015a
@MylesBorins MylesBorins added a commit that referenced this pull request Jan 31, 2017
@MylesBorins MylesBorins 2017-01-31, Version 6.9.5 'Boron' (LTS)
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		#11021

PR-URL: #11081
37a8051
@evanlucas evanlucas added a commit that referenced this pull request Jan 31, 2017
@evanlucas evanlucas 2017-01-31, Version 7.5.0 (Current)
Notable changes:

* crypto:
  * ability to select cert store at runtime (Adam Majer) #8334
  * Use system CAs instead of using bundled ones (Adam Majer) #8334
* deps:
  * upgrade npm to 4.1.2 (Kat Marchán) #11020
  * upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021
* doc: add basic documentation for WHATWG URL API (James M Snell) #10620
* process: add NODE_NO_WARNINGS environment variable (cjihrig) #10842
* url: allow use of URL with http.request and https.request (James M Snell) #10638

PR-URL: #11062
42b4cee
@evanlucas evanlucas added a commit that referenced this pull request Jan 31, 2017
@evanlucas evanlucas 2017-01-31, Version 7.5.0 (Current)
Notable changes:

* crypto:
  * ability to select cert store at runtime (Adam Majer) #8334
  * Use system CAs instead of using bundled ones (Adam Majer) #8334
* deps:
  * upgrade npm to 4.1.2 (Kat Marchán) #11020
  * upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021
* doc: add basic documentation for WHATWG URL API (James M Snell) #10620
* process: add NODE_NO_WARNINGS environment variable (cjihrig) #10842
* url: allow use of URL with http.request and https.request (James M Snell) #10638

PR-URL: #11062
a34f1d6
@MylesBorins MylesBorins added a commit that referenced this pull request Jan 31, 2017
@MylesBorins MylesBorins 2017-01-31, Version 6.9.5 'Boron' (LTS)
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		#11021

PR-URL: #11081
5faaf07
@MylesBorins MylesBorins added a commit that referenced this pull request Feb 1, 2017
@MylesBorins MylesBorins 2017-01-31, Version 4.7.3 'Argon' (LTS)
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		#11021

PR-URL: #11083
d3ff73e
@MylesBorins MylesBorins added a commit that referenced this pull request Feb 1, 2017
@MylesBorins MylesBorins 2017-01-31, Version 4.7.3 'Argon' (LTS)
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		#11021

PR-URL: #11083
54fef67
@evanlucas evanlucas added a commit that referenced this pull request Feb 1, 2017
@evanlucas evanlucas 2017-01-31, Version 7.5.0 (Current)
Notable changes:

* crypto:
  * ability to select cert store at runtime (Adam Majer) #8334
  * Use system CAs instead of using bundled ones (Adam Majer) #8334
* deps:
  * upgrade npm to 4.1.2 (Kat Marchán) #11020
  * upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021
* doc: add basic documentation for WHATWG URL API (James M Snell) #10620
* process: add NODE_NO_WARNINGS environment variable (cjihrig) #10842
* url: allow use of URL with http.request and https.request (James M Snell) #10638

PR-URL: #11062
a1c91ec
@Fishrock123
Member

@targos arguably a bug but yeah those probably look like dupes to it, in a sense.

There is a limited number of things it can reliable check, but those probably matches same author, same commit message, same PR-URL.

@shigeki
Contributor
shigeki commented Feb 2, 2017

I applied each floating patches in every updates in order to confirm they are really needed and can be applied without any conflicts. I agree that most of them need not to be re-applied but we tend to forget them after several updates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment