Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to OpenSSL-1.1.0h #19794

Closed
wants to merge 11 commits into from

Conversation

Projects
None yet
7 participants
@shigeki
Copy link
Contributor

commented Apr 4, 2018

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

This has very big patches due to the source updates from OpenSSL-1.0.2o to 1.1.0h and generated asm files which are not necessary to be reviewed in this PR.

In order to see the differences easily for reviewers, I made two branches in which those changes are removed. Please refer the branch diffs as below in reviewing for it has just several thousands kb diffs.

shigeki/node@raw_upgrade_openssl110h...shigeki:no_archfiles_upgrade_openssl110h

Note that this has a new build requirement of assembler for asm support. Especially nasm is needed to build Windows that is required by OpenSSL. Please refer 9e38498 for details.

CC @nodejs/crypto @nodejs/tsc

The following is the description written in deps/openssl/README.md


This has a new binding scheme in builing OpenSSL-1.1.0 library with
Node.js. OpenSSL-1.1.0 uses a new build system with perl for various
supported platforms. See openssl/Configurations/README and
openssl/Configurations/README.design in the OpenSSL source for
details.

In order to build OpenSSL library without perl in the build of Node.js
for various supported platforms, platform dependent files (e.g. asm
and header files ) are pre-generated and stored into the
config/archs directory.

  • config/Makefile and config/generate_gypi.pl

    Makefile has supported platform list and generates and copies
    platform dependent files (e.g. asm files) into arch directory with
    generate.pl. Platform dependent gypi files also created obtaining
    build information from configdata.pm that is generated with
    Configure in the OpenSSL build system.

    For Windows, Configure generates makefile that is only available to
    nmake command. config/Makefile_VC-WIN32 and
    config/Makefile_VC-WIN64A are made created by hand for the use of
    GNU make. If make rules or targets are changed in the version up of
    OpenSSL, they should be also updated.

  • gyp and gypi files (openssl*.{gyp,gypi})

    openssl.gyp has two targets of openssl and openssl-cli referred
    from node.gyp. They includes asm and no_asm gypi files with arch
    dependent gypi according to its build options and platforms . The
    gyp data which is common with asm and no_asm are stored in
    openssl_common.gypi.

  • header files (config/*.{h,h.tmpl})

    bn_conf.h, dso_conf.h and opensslconf.h are platform dependent
    in the OpenSSL sources. They are replaced with config/*.h.tmpl
    files to include the file in the ../../../config/ and referred to
    each arch files that depends on asm and no-asm option.

Supported architectures for use of ASM

Here is a list of supported architectures for use of ASM in OpenSSL.

--dest-os --dest-cpu OpenSSL target arch CI
aix ppc aix-gcc o
aix ppc64 aix64-gcc o
linux ia32 linux-elf o
linux x32 linux-x32 -
linux x64 linux-x86_64 o
linux arm linux-armv4 o
linux arm64 linux-aarch64 o
linux ppc linux-ppc o
linux ppc64 linux-ppc64 o
linux ppc64 linux-ppc64le o
linux s390 linux32-s390x o
linux s390x linux64-s390x o
mac ia32 darwin-i386-cc -
mac x64 darwin64-x86-cc o
win ia32 VC-WIN32 -
win x64 VC-WIN64A o
solaris ia32 solaris-x86-gcc o
solaris x64 solaris64-x86_64-gcc o
freebsd ia32 BSD-x86 -
freebsd x64 BSD-x86_64 o
openbsd ia32 BSD-x86 -
openbsd x64 BSD-x86_64 -
others others linux-elf -

These are listed in config/Makefile.
Please refer config/opensslconf_asm.h for details.

Upgrading OpenSSL

Please refer config/README.md .

[SSL_CTX_set_timeout]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_timeout.html
[SSL_METHODS]: https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS
[SSL_CTX_set_timeout]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_timeout.html
[SSL_METHODS]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

It seems the new hash needs to be #Dealing-with-Protocol-Methods

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

Fixed the hash link. I resolved some conflicts but it needs a more fix . Fixed in 9cf8473

BUILDING.md Outdated
@@ -88,6 +88,23 @@ Depending on host platform, the selection of toolchains may vary.

* Visual Studio 2017 or the Build Tools thereof

#### OpenSSL asm support

OpenSSL-1.1.0 requires the following asssember version for use of asm

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

asssember -> assembler

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

Fixed in 07d5ac5.

BUILDING.md Outdated

Otherwise, `--openssl-no-asm` is added with warning in configure.

*Note:* The forthcoming OpenSSL-1.1.1 will require more higher

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

more higher -> higher

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

ditto.

@@ -0,0 +1,76 @@
This has a new binding scheme in builing OpenSSL-1.1.0 library with

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

builing -> building

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

Fixed in cb6aee5.

@@ -0,0 +1,76 @@
This has a new binding scheme in builing OpenSSL-1.1.0 library with
Node.js. OpenSSL-1.1.0 uses a new build system with perl for various

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

perl -> Perl?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

ditto.

`openssl/Configurations/README.design` in the OpenSSL source for
details.

In order to build OpenSSL library without perl in the build of Node.js

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

perl -> Perl?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

ditto.


`openssl.gyp` has two targets of openssl and openssl-cli referred
from `node.gyp`. They includes asm and no_asm gypi files with arch
dependent gypi according to its build options and platforms . The

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

platforms . -> platforms.

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

Fixed.

from `node.gyp`. They includes asm and no_asm gypi files with arch
dependent gypi according to its build options and platforms . The
gyp data which is common with asm and no_asm are stored in
openssl_common.gypi.

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

openssl_common.gypi -> `openssl_common.gypi`?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

Fixed.

`bn_conf.h`, `dso_conf.h` and `opensslconf.h` are platform dependent
in the OpenSSL sources. They are replaced with `config/*.h.tmpl`
files to include the file in the `../../../config/` and referred to
each arch files that depends on asm and no-asm option.

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

each arch files -> each arch file?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

Fixed.

| linux | arm64 | linux-aarch64 | o |
| linux | ppc | linux-ppc | o |
| linux | ppc64 | linux-ppc64 | o |
| linux | ppc64 | linux-ppc64le | o | (node_byteoder: little)

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

I do not see (node_byteoder: little) in the rendered table. Should it be there? Is it parsed as a hidden comment?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

This is a note. I fixed it as a footnote.


### Upgrading OpenSSL

Please refer [config/README.md](config/README.md) .

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

) . -> ).

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

Fixed.

@vsemozhetbyt

This comment has been minimized.

Copy link
Contributor

commented Apr 4, 2018

Are there any more docs to review except doc/api/crypto.md, doc/api/tls.md, BUILDING.md, and deps/openssl/README.md?

Should deps/openssl/doc/UPGRADING.md and deps/openssl/config/README.md be reviewed or are they upstream docs?

@shigeki

This comment has been minimized.

Copy link
Contributor Author

commented Apr 4, 2018

@vsemozhetbyt Thanks for fixing my English. Please review deps/openssl/config/README.md . deps/openssl/doc/UPGRADING.md was removed.

@shigeki

This comment has been minimized.

Copy link
Contributor Author

commented Apr 4, 2018

CI of https://ci.nodejs.org/job/node-test-pull-request/14044/ will be fine except ubuntu1604_sharedlibs_openssl102_x64. It is to be fixed in nodejs/build#1210.

@@ -53,7 +53,7 @@ Here is a list of supported architectures for use of ASM in OpenSSL.
| linux | arm64 | linux-aarch64 | o |
| linux | ppc | linux-ppc | o |
| linux | ppc64 | linux-ppc64 | o |
| linux | ppc64 | linux-ppc64le | o | (node_byteoder: little)
| linux | ppc64 | linux-ppc64le | o |(*1)

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

It is not in the table still:

https://github.com/shigeki/node/blob/cb6aee5a3d8201fb656a8e971b3741d85976a9d0/deps/openssl/README.md#supported-architectures-for-use-of-asm

Maybe it should be placed in a cell or its own column should be added?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 4, 2018

Author Contributor

Sorry, I missed to view and check markdown. Fixed to include it in the cell as f8cdc0f.

@vsemozhetbyt
Copy link
Contributor

left a comment

Sorry for nits)

## Upgrading OpenSSL-1.1.0

### Requirements
- Linux enviroment (Only CentOS7.1 and Ubuntu16 are tested)

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

enviroment -> environment

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 5, 2018

Author Contributor

Fixed.

- Linux enviroment (Only CentOS7.1 and Ubuntu16 are tested)
- perl5
- nasm (http://www.nasm.us/) The version of 2.11 or higher is needed.
- GNU as in binutils. The version of 2.26 or higher is needed.

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

as -> `as`

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 5, 2018

Author Contributor

Fixed.

$ nasm -v
NASM version 2.11.08
```
### 1. Obtain and extract new OpenSS sources.

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

sources. -> sources for consistency with other headings?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 5, 2018

Author Contributor

Fixed.

```
### 1. Obtain and extract new OpenSS sources.

Get a new source from https://www.openssl.org/source/ and extract

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

Get a new source... and extract them

-> Get a new source... and extract all files?
or
-> Get new source files... and extract them?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 5, 2018

Author Contributor

Fixed. My choice is the former.

$ nasm -v
NASM version 2.11.08
```
### 1. Obtain and extract new OpenSS sources.

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

OpenSS -> OpenSSL

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 5, 2018

Author Contributor

Fixed.

*Note*: On Windows, OpenSSL Configure generate `makefile` that can be
used for `nmake` command. The `make` command in the step 2 above uses
`Makefile_VC-WIN64A` and `Makefile_VC-WIN32` that is manually
created. When sources files or build options are updated in Windows,

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

sources files -> source files?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 5, 2018

Author Contributor

Fixed.

used for `nmake` command. The `make` command in the step 2 above uses
`Makefile_VC-WIN64A` and `Makefile_VC-WIN32` that is manually
created. When sources files or build options are updated in Windows,
it needs to change the these two Makefiles by hand. If you are not

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

the these -> these

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 5, 2018

Author Contributor

Fixed.

created. When sources files or build options are updated in Windows,
it needs to change the these two Makefiles by hand. If you are not
sure, please ask @shigeki for details.
### 4. Commits and make test

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

4. -> 5.

Commits -> Commit?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 5, 2018

Author Contributor

Fixed.

sure, please ask @shigeki for details.
### 4. Commits and make test

Updates all architecture dependent files. Do not forget to git add or remove

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

Updates -> Update or This updates?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 5, 2018

Author Contributor

Fixed. My choice is the former.

deps: update archs files for OpenSSL-1.1.0
```

Finally, build Node and run test it.

This comment has been minimized.

Copy link
@vsemozhetbyt

vsemozhetbyt Apr 4, 2018

Contributor

run test it -> run tests or test it?

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 5, 2018

Author Contributor

Fixed. My choice is the former.

@jasnell

jasnell approved these changes Apr 4, 2018

Copy link
Member

left a comment

rubber-stamp LGTM

@rvagg

This comment has been minimized.

Copy link
Member

commented Apr 5, 2018

@shigeki so I take it from nodejs/build#1210 that you're not able to maintain backward compatibility with 1.0.2? As per nodejs/TSC#479 the hope was that we would maintain the ability to still compile against 1.0.2 in the same way that Node 8/9 can compile against 1.1.0 now. The problem is going to be with Linux distros that insist on dynamically compiling OpenSSL against what they ship, so if they don't ship OpenSSL 1.1.0 then they won't be able to ship Node 10. I'm not sure which distros, if any, that is actually going to impact, however.

@rvagg rvagg referenced this pull request Apr 5, 2018

Closed

crypto: add support for AES-CCM #18138

4 of 4 tasks complete
@shigeki

This comment has been minimized.

Copy link
Contributor Author

commented Apr 5, 2018

@rvagg It can be possible to be compatible between 1.0.2 and 1.1.0 at this moment. But I am pessimistic to maintain it until the EOLS of 1.0.2 at the end of 2019 unless we keep freezing new features of OpenSSL-1.1.x. Node8/9 could do it since we did not add no new crypto/tls features specific to 1.1.0. I'm fearing that we lose a chance to remove the support of 1.0.2 in Node10 in the future.

If it needs a large discussion, I can make back compatibilities with 1.0.2 in this PR and submit a separated PR or issues to remove 1.0.2 support.

@rvagg

This comment has been minimized.

Copy link
Member

commented Apr 5, 2018

If it's not too much work I'd like to see 1.0.2 support maintained @shigeki. I think liberal use of "this feature is not supported by 1.0.2" runtime errors is fine so we can move forward embracing 1.1.x features and just make them not available to builds against 1.0.2, similar to how we've handled FIPS and how others have handled LibreSSL support.

@bnoordhuis @indutny could either of you weigh in on this? Perhaps it's just not worth it and we should make a clean break?

@kapouer are you available to offer an opinion here since you have a foot in the dynamic linking camp? If Node 10 goes out with no ability to compile against 1.0.2 how many yelps are we going to hear?

@danbev danbev referenced this pull request Apr 5, 2018

Closed

deps: add openssl update script (WIP) #19829

3 of 3 tasks complete
@shigeki
Copy link
Contributor Author

left a comment

@vsemozhetbyt Thanks for reviewing my English. I fixed in 9a62a0c.

@vsemozhetbyt
Copy link
Contributor

left a comment

Docs LGTM)

@shigeki shigeki force-pushed the shigeki:upgrade_openssl110h branch from 9a62a0c to 53a63ef Apr 5, 2018

@jasnell

This comment has been minimized.

Copy link
Member

commented Apr 5, 2018

Btw, if the plan is for this to go in to 10.0.0, it should land no later than April 10th. After that, I'll only pull in tsc approved semver-majors

@jasnell jasnell added this to the 10.0.0 milestone Apr 5, 2018

@rvagg

This comment has been minimized.

Copy link
Member

commented Apr 6, 2018

OK, no response to my 1.0.2 proposition so how about this: let's just land pure 1.1.0 support and ditch 1.0.2 support. It's something that could be added in afterward, during 10.x Current if enough people yelp.

I'll go ahead and pull 1.0.2 out of CI for 10+ and I'll update nodejs/TSC#479 to change the plan and get that in front of the TSC.

@shigeki anything else we need to get this landed?

configure Outdated
o['variables']['node_use_openssl'] = b(not options.without_ssl)
o['variables']['node_shared_openssl'] = b(options.shared_openssl)
o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0
variables = o['variables'];

This comment has been minimized.

Copy link
@rvagg

rvagg Apr 6, 2018

Member

semicolon probably should go

This comment has been minimized.

Copy link
@shigeki

shigeki Apr 6, 2018

Author Contributor

Fixed. Thanks.

@rvagg

rvagg approved these changes Apr 6, 2018

@rvagg

This comment has been minimized.

Copy link
Member

commented Apr 6, 2018

a near perfect CI run @ https://ci.nodejs.org/job/node-test-commit/17482/, one failure, a known Raspberry Pi problem unrelated to this 👍 great work @shigeki

@shigeki

This comment has been minimized.

Copy link
Contributor Author

commented Apr 6, 2018

I will wait for anyone's reviews until the next Monday night in JST.

@BethGriggs BethGriggs referenced this pull request Mar 26, 2019

Merged

v12.0.0 proposal #26930

sam-github added a commit to sam-github/node that referenced this pull request Mar 28, 2019

deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original:

Fixes: nodejs#4270
PR-URL: nodejs#19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

sam-github added a commit to sam-github/node that referenced this pull request Mar 28, 2019

deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original:

Fixes: nodejs#4270
PR-URL: nodejs#19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

sam-github added a commit to sam-github/node that referenced this pull request Mar 28, 2019

deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original:

Fixes: nodejs#4270
PR-URL: nodejs#19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

sam-github added a commit to sam-github/node that referenced this pull request Mar 29, 2019

deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original:

Fixes: nodejs#4270
PR-URL: nodejs#19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

sam-github added a commit to sam-github/node that referenced this pull request Apr 1, 2019

deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original:

Fixes: nodejs#4270
PR-URL: nodejs#19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

sam-github added a commit to sam-github/node that referenced this pull request Apr 8, 2019

deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original:

Fixes: nodejs#4270
PR-URL: nodejs#19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

sam-github added a commit to sam-github/node that referenced this pull request Apr 9, 2019

deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original:

Fixes: nodejs#4270
PR-URL: nodejs#19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

sam-github added a commit to sam-github/node that referenced this pull request Apr 9, 2019

deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original:

Fixes: nodejs#4270
PR-URL: nodejs#19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

sam-github added a commit to sam-github/node that referenced this pull request Apr 11, 2019

deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original:

Fixes: nodejs#4270
PR-URL: nodejs#19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

BethGriggs added a commit that referenced this pull request Apr 15, 2019

deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

Backport-PR-URL: #26951
PR-URL: #26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original:

Fixes: #4270
PR-URL: #19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

codebytere added a commit that referenced this pull request Apr 19, 2019

2019-04-23, Version 11.15.0 (Current)
* deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794)
* src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093)
* tls:
  * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951)
  * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951)
  * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951)
  * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951)
  * support TLSv1.3 (Sam Roberts) [#26209](#26209)
  * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729)

@codebytere codebytere referenced this pull request Apr 19, 2019

Merged

v11.15.0 proposal #27314

codebytere added a commit that referenced this pull request Apr 19, 2019

2019-04-23, Version 11.15.0 (Current)
Notable changes:

* deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794)
* src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093)
* tls:
  * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951)
  * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951)
  * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951)
  * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951)
  * support TLSv1.3 (Sam Roberts) [#26209](#26209)
  * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729)

codebytere added a commit that referenced this pull request Apr 19, 2019

2019-04-23, Version 11.15.0 (Current)
Notable changes:

* deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794)
* src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093)
* tls:
  * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951)
  * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951)
  * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951)
  * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951)
  * support TLSv1.3 (Sam Roberts) [#26209](#26209)
  * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729)

BethGriggs added a commit that referenced this pull request Apr 22, 2019

2019-04-23, Version 12.0.0 (Current)
Notable changes:

* assert:
  * improve performance to instantiate errors (Ruben Bridgewater)
    [#26738](#26738)
  * validate required arguments (Ruben Bridgewater)
    [#26641](#26641)
  * adjust loose assertions (Ruben Bridgewater)
    [#25008](#25008)
* async_hooks:
  * remove deprecated emitBefore and emitAfter (Matteo Collina)
    [#26530](#26530)
  * remove promise object from resource (Andreas Madsen)
    [#23443](#23443)
* bootstrap
  * make Buffer and process non-enumerable (Ruben Bridgewater)
    [#24874](#24874)
* buffer:
  * use stricter range checks (Ruben Bridgewater)
    [#27045](#27045)
  * harden SlowBuffer creation (ZYSzys)
    [#26272](#26272)
  * harden validation of buffer allocation size (ZYSzys)
    [#26162](#26162)
  * do proper error propagation in addon methods (Anna Henningsen)
    [#23939](#23939)
* child_process:
  * change the defaults maxBuffer size (kohta ito)
    [#27179](#27179)
  * harden fork arguments validation (ZYSzys)
    [#27039](#27039)
  * use non-infinite maxBuffer defaults (kohta ito)
    [#23027](#23027)
* console:
  * don't use ANSI escape codes when TERM=dumb (Vladislav Kaminsky)
    [#26261](#26261)
* crypto:
  * remove legacy native handles (Tobias Nießen)
    [#27011](#27011)
  * decode missing passphrase errors (Tobias Nießen)
    [#25208](#25208)
  * move DEP0113 to End-of-Life (Tobias Nießen)
    [#26249](#26249)
  * remove deprecated crypto.\_toBuf (Tobias Nießen)
    [#25338](#25338)
  * set `DEFAULT\_ENCODING` property to non-enumerable
    (Antoine du Hamel)
    [#23222](#23222)
* deps:
  * silence irrelevant V8 warning (Michaël Zasso)
    [#26685](#26685)
  * update postmortem metadata generation script (cjihrig)
    [#26685](#26685)
  * V8: un-cherry-pick bd019bd (Refael Ackermann)
    [#26685](#26685)
  * V8: cherry-pick 6 commits (Michaël Zasso)
    [#26685](#26685)
  * V8: cherry-pick d82c9af (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick e5f01ba (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick d5f08e4 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 6b09d21 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick f0bb5d2 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 5b0510d (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 91f0cd0 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 392316d (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 2f79d68 (Anna Henningsen)
    [#26685](#26685)
  * sync V8 gypfiles with 7.4 (Ujjwal Sharma)
    [#26685](#26685)
  * update V8 to 7.4.288.13 (Ujjwal Sharma)
    [#26685](#26685)
  * bump minimum icu version to 63 (Ujjwal Sharma)
    [#25852](#25852)
  * silence irrelevant V8 warnings (Michaël Zasso)
    [#25852](#25852)
  * V8: cherry-pick 7803fa6 (Jon Kunkee)
    [#25852](#25852)
  * V8: cherry-pick 58cefed (Jon Kunkee)
    [#25852](#25852)
  * V8: cherry-pick d3308d0 (Michaël Zasso)
    [#25852](#25852)
  * V8: cherry-pick 74571c8 (Michaël Zasso)
    [#25852](#25852)
  * cherry-pick fc0ddf5 from upstream V8 (Anna Henningsen)
    [#25852](#25852)
  * sync V8 gypfiles with 7.3 (Ujjwal Sharma)
    [#25852](#25852)
  * sync V8 gypfiles with 7.2 (Michaël Zasso)
    [#25852](#25852)
  * update V8 to 7.3.492.25 (Michaël Zasso)
    [#25852](#25852)
  * add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu)
    [#19794](#19794)
  * sync V8 gypfiles with 7.1 (Refael Ackermann)
    [#23423](#23423)
  * update V8 to 7.1.302.28 (Michaël Zasso)
    [#23423](#23423)
* doc:
  * update behaviour of fs.writeFile
    (Sakthipriyan Vairamani (thefourtheye))
    [#25080](#25080)
  * add internal functionality details of util.inherits
    (Ruben Bridgewater)
    [#24755](#24755)
* errors:
  * update error name (Ruben Bridgewater)
    [#26738](#26738)
* fs:
  * use proper .destroy() implementation for SyncWriteStream
    (Matteo Collina)
    [#26690](#26690)
  * improve mode validation (Ruben Bridgewater)
    [#26575](#26575)
  * harden validation of start option in createWriteStream (ZYSzys)
    [#25579](#25579)
  * make writeFile consistent with readFile wrt fd
    (Sakthipriyan Vairamani (thefourtheye))
    [#23709](#23709)
* http:
  * validate timeout in ClientRequest() (cjihrig)
    [#26214](#26214)
  * return HTTP 431 on HPE\_HEADER\_OVERFLOW error (Albert Still)
    [#25605](#25605)
  * switch default parser to llhttp (Anna Henningsen)
    [#24870](#24870)
  * change DEP0066 to a runtime deprecation (Morgan Roderick)
    [#24167](#24167)
  * else case is not reachable (szabolcsit)
    [#24176](#24176)
* lib:
  * move DEP0021 to end of life (cjihrig)
    [#27127](#27127)
  * remove Atomics.wake (Gus Caplan)
    [#27033](#27033)
  * validate Error.captureStackTrace() calls (Ruben Bridgewater)
    [#26738](#26738)
  * refactor Error.captureStackTrace() usage (Ruben Bridgewater)
    [#26738](#26738)
  * move DTRACE\_\* probes out of global scope (James M Snell)
    [#26541](#26541)
  * deprecate \_stream\_wrap (Sam Roberts)  [#26245]
  (#26245)
  * don't use `util.inspect()` internals (Ruben Bridgewater)
    [#24971](#24971)
  * improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
    [#25690](#25690)
  * requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
    [#25690](#25690)
  * move DEP0029 to end of life (cjihrig)
    [#25377](#25377)
  * move DEP0028 to end of life (cjihrig)
    [#25377](#25377)
  * move DEP0027 to end of life (cjihrig)
    [#25377](#25377)
  * move DEP0026 to end of life (cjihrig)
    [#25377](#25377)
  * move DEP0023 to end of life (cjihrig)
    [#25280](#25280)
  * move DEP0006 to end of life (cjihrig)
    [#25279](#25279)
  * remove unintended access to deps/ (Anna Henningsen)
    [#25138](#25138)
  * move DEP0120 to end of life (cjihrig)
    [#24862](#24862)
  * use ES6 class inheritance style (Ruben Bridgewater)
    [#24755](#24755)
  * remove `inherits()` usage (Ruben Bridgewater)
    [#24755](#24755)
* module:
  * remove dead code (Ruben Bridgewater)
    [#26983](#26983)
  * mark DEP0019 as End-of-Life (Ruben Bridgewater)
    [#26973](#26973)
  * throw an error for invalid package.json main entries
    (Ruben Bridgewater)
    [#26823](#26823)
  * don't search in require.resolve.paths (cjihrig)
    [#23683](#23683)
* n-api:
  * remove code from error name (Ruben Bridgewater)
    [#26738](#26738)
* net:
  * do not manipulate potential user code (Ruben Bridgewater)
    [#26751](#26751)
  * emit "write after end" errors in the next tick (Ouyang Yadong)
    [#24457](#24457)
  * deprecate \_setSimultaneousAccepts() undocumented function
    (James M Snell)
    [#23760](#23760)
* net,http2:
  * merge setTimeout code (ZYSzys)
    [#25084](#25084)
* os:
  * implement os.type() using uv\_os\_uname() (cjihrig)
    [#25659](#25659)
* process:
  * global.process, global.Buffer getters (Guy Bedford)
    [#26882](#26882)
  * move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
    [#25828](#25828)
  * exit on --debug and --debug-brk after option parsing (Joyee Cheung)
    [#25828](#25828)
  * improve `--redirect-warnings` handling (Ruben Bridgewater)
    [#24965](#24965)
* readline:
  * support TERM=dumb (Vladislav Kaminsky)
    [#26261](#26261)
* repl:
  * add welcome message (gengjiawen)
    [#25947](#25947)
  * fix terminal default setting (Ruben Bridgewater)
    [#26518](#26518)
  * check colors with .getColorDepth() (Vladislav Kaminsky)
    [#26261](#26261)
  * deprecate REPLServer.rli (Ruben Bridgewater)
    [#26260](#26260)
* src:
  * remove unused INT\_MAX constant (Sam Roberts)
    [#27078](#27078)
  * update NODE\_MODULE\_VERSION to 72 (Ujjwal Sharma)
    [#26685](#26685)
  * remove `AddPromiseHook()` (Anna Henningsen)
    [#26574](#26574)
  * update NODE\_MODULE\_VERSION to 71 (Michaël Zasso)
    [#25852](#25852)
  * clean up MultiIsolatePlatform interface (Anna Henningsen)
    [#26384](#26384)
  * properly configure default heap limits (Ali Ijaz Sheikh)
    [#25576](#25576)
  * remove icuDataDir from node config (GauthamBanasandra)
    [#24780](#24780)
  * explicitly allow JS in ReadHostObject (Yang Guo)
    [#23423](#23423)
  * update postmortem constant (cjihrig)
    [#23423](#23423)
  * update NODE\_MODULE\_VERSION to 68 (Michaël Zasso)
    [#23423](#23423)
* tls:
  * support TLSv1.3 (Sam Roberts)
    [#26209](#26209)
  * return correct version from getCipher() (Sam Roberts)
    [#26625](#26625)
  * check arg types of renegotiate() (Sam Roberts)
    [#25876](#25876)
  * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts)
    [#24729](#24729)
  * emit a warning when servername is an IP address (Rodger Combs)
    [#23329](#23329)
  * disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
    [#23814](#23814)
  * remove unused arg to createSecureContext() (Sam Roberts)
    [#24241](#24241)
  * deprecate Server.prototype.setOptions() (cjihrig)[
    #23820](#23820)
  * load NODE\_EXTRA\_CA\_CERTS at startup (Ouyang Yadong)
    [#23354](#23354)
* util:
  * change inspect compact and breakLength default (Ruben Bridgewater)
    [#27109](#27109)
  * improve inspect edge cases (Ruben Bridgewater)
    [#27109](#27109)
  * only the first line of the error message (Simon Zünd)
    [#26685](#26685)
  * don't set the prototype of callbackified functions
    (Ruben Bridgewater)
    [#26893](#26893)
  * rename callbackified function (Ruben Bridgewater)
    [#26893](#26893)
  * increase function length when using `callbackify()`
    (Ruben Bridgewater)
    [#26893](#26893)
  * prevent tampering with internals in `inspect()` (Ruben Bridgewater)
    [#26577](#26577)
  * fix proxy inspection (Ruben Bridgewater)
    [#26241](#26241)
  * prevent leaking internal properties (Ruben Bridgewater)
    [#24971](#24971)
  * protect against monkeypatched Object prototype for inspect()
    (Rich Trott)
    [#25953](#25953)
  * treat format arguments equally (Roman Reiss)
    [#23162](#23162)
* win, fs:
  * detect if symlink target is a directory (Bartosz Sosnowski)
    [#23724](#23724)
* zlib:
  * throw TypeError if callback is missing (Anna Henningsen)[
    #24929](#24929)
  * make “bare” constants un-enumerable (Anna Henningsen)
    [#24824](#24824)

PR-URL: #26930

codebytere added a commit that referenced this pull request Apr 29, 2019

2019-04-23, Version 11.15.0 (Current)
Notable changes:

* deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794)
* src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093)
* tls:
  * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951)
  * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951)
  * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951)
  * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951)
  * support TLSv1.3 (Sam Roberts) [#26209](#26209)
  * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729)

codebytere added a commit to codebytere/node that referenced this pull request Apr 29, 2019

2019-04-30, Version 11.15.0 (Current)
Notable changes:

* deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [nodejs#19794](nodejs#19794)
* src: add .code and SSL specific error properties (Sam Roberts) [nodejs#25093](nodejs#25093)
* tls:
  * add --tls-min-v1.2 CLI switch (Sam Roberts) [nodejs#26951](nodejs#26951)
  * supported shared openssl 1.1.0 (Sam Roberts) [nodejs#26951](nodejs#26951)
  * revert default max toTLSv1.2 (Sam Roberts) [nodejs#26951](nodejs#26951)
  * revert change to invalid protocol error type (Sam Roberts) [nodejs#26951](nodejs#26951)
  * support TLSv1.3 (Sam Roberts) [nodejs#26209](nodejs#26209)
  * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [nodejs#24729](nodejs#24729)

codebytere added a commit that referenced this pull request Apr 30, 2019

2019-04-30, Version 11.15.0 (Current)
Notable changes:

* deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794)
* src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093)
* tls:
  * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951)
  * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951)
  * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951)
  * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951)
  * support TLSv1.3 (Sam Roberts) [#26209](#26209)
  * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729)

PR-URL: #27314

codebytere added a commit that referenced this pull request Apr 30, 2019

2019-04-30, Version 11.15.0 (Current)
Notable changes:

* deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794)
* src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093)
* tls:
  * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951)
  * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951)
  * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951)
  * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951)
  * support TLSv1.3 (Sam Roberts) [#26209](#26209)
  * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729)

PR-URL: #27314
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.