Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v10.x backport] Update openssl 1.1.1d #29921

Closed

Conversation

@sam-github
Copy link
Member

sam-github commented Oct 10, 2019

Note that this drops the floating patch from #28983 because it is included -- or so it appears to me @ofrobots

This is a "backport" of #29550, though actually it has to be done from scratch, exact commands are documented in the commit messages, as usual.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
sam-github added 2 commits Oct 10, 2019
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1d.tar.gz
    $ mv openssl-1.1.1d openssl
    $ git add --all openssl
    $ git commit openssl
After an OpenSSL source update, all the config files need to be regenerated and
comitted by:
    $ cd deps/openssl/config
    $ make
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h
    $ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit
@nodejs-github-bot

This comment has been minimized.

@sam-github

This comment has been minimized.

Copy link
Member Author

sam-github commented Oct 10, 2019

@sam-github

This comment has been minimized.

Copy link
Member Author

sam-github commented Oct 10, 2019

It's a sea of red :-(. I'll have to do some more work on this.

@richardlau

This comment has been minimized.

Copy link
Member

richardlau commented Oct 10, 2019

This is a "backport" of #29550, though actually it has to be done from scratch, exact commands are documented in the commit messages, as usual.

@sam-github The equivalent of 3473e58 is missing from this PR and (hopefully) accounts for all the red (it's the same two tests failing) 🤞.

OpenSSL 1.1.1d no longer generates warnings for some DH groups that used
to be considered unsafe. See below for discussion. This is considered a
bug fix.

See:
- openssl/openssl#9363
- openssl/openssl#9363 (comment)

PR-URL: #29550
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
@nodejs-github-bot

This comment has been minimized.

@sam-github

This comment has been minimized.

Copy link
Member Author

sam-github commented Oct 11, 2019

Thanks Richard, passed locally, trying full CI again.

@sam-github

This comment has been minimized.

Copy link
Member Author

sam-github commented Oct 11, 2019

@nodejs-github-bot

This comment has been minimized.

@Trott Trott changed the title Update openssl 1.1.1d v10.x [v10.x backport] Update openssl 1.1.1d v10.x Oct 13, 2019
@Trott Trott changed the title [v10.x backport] Update openssl 1.1.1d v10.x [v10.x backport] Update openssl 1.1.1d Oct 13, 2019
@nodejs-github-bot

This comment has been minimized.

@Trott

This comment has been minimized.

Copy link
Member

Trott commented Oct 13, 2019

Updated the title of the PR to conform with https://github.com/nodejs/node/blob/19a8d22c77f55858d8dfb1fa593837112fb4aad2/doc/guides/backporting-to-release-lines.md#how-to-submit-a-backport-pull-request. (If not doing that was intentional and it is an error on my part to change it, apologies in advance.) @nodejs/backporters

@nodejs-github-bot

This comment has been minimized.

Copy link

nodejs-github-bot commented Oct 14, 2019

@BethGriggs

This comment has been minimized.

Copy link
Member

BethGriggs commented Oct 15, 2019

Only CI failures are those identified in #29977

BethGriggs added a commit that referenced this pull request Oct 16, 2019
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1d.tar.gz
    $ mv openssl-1.1.1d openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #29921
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
BethGriggs added a commit that referenced this pull request Oct 16, 2019
After an OpenSSL source update, all the config files need to be regenerated and
comitted by:
    $ cd deps/openssl/config
    $ make
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h
    $ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #29921
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
@BethGriggs

This comment has been minimized.

Copy link
Member

BethGriggs commented Oct 16, 2019

Landed on v10.x-staging

@BethGriggs BethGriggs closed this Oct 16, 2019
BethGriggs added a commit that referenced this pull request Oct 18, 2019
Notable changes:

- **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts)
  [#29921](#29921)
- **dns**: remove dns.promises experimental warning (cjihrig)
  [#26592](#26592)
- **fs**: remove experimental warning for fs.promises (Anna Henningsen)
  [#26581](#26581)
- **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof)
  [#29401](#29401)
- **stream**: make Symbol.asyncIterator support stable (Matteo Collina)
  [#26989](#26989)

PR-URL: #29875
@BethGriggs BethGriggs referenced this pull request Oct 18, 2019
BethGriggs added a commit that referenced this pull request Oct 18, 2019
Notable changes:

- **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts)
  [#29921](#29921)
- **dns**: remove dns.promises experimental warning (cjihrig)
  [#26592](#26592)
- **fs**: remove experimental warning for fs.promises (Anna Henningsen)
  [#26581](#26581)
- **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof)
  [#29401](#29401)
- **stream**: make Symbol.asyncIterator support stable (Matteo Collina)
  [#26989](#26989)

PR-URL: #29875
BethGriggs added a commit that referenced this pull request Oct 18, 2019
Notable changes:

- **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts)
  [#29921](#29921)
- **dns**: remove dns.promises experimental warning (cjihrig)
  [#26592](#26592)
- **fs**: remove experimental warning for fs.promises (Anna Henningsen)
  [#26581](#26581)
- **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof)
  [#29401](#29401)
- **stream**: make Symbol.asyncIterator support stable (Matteo Collina)
  [#26989](#26989)

PR-URL: #29875
BethGriggs added a commit that referenced this pull request Oct 19, 2019
Notable changes:

- **deps**: update npm to 6.11.3 (claudiahdz)
  [#29430](#29430)
- **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts)
  [#29921](#29921)
- **dns**: remove dns.promises experimental warning (cjihrig)
  [#26592](#26592)
- **fs**: remove experimental warning for fs.promises (Anna Henningsen)
  [#26581](#26581)
- **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof)
  [#29401](#29401)
- **stream**: make Symbol.asyncIterator support stable (Matteo Collina)
  [#26989](#26989)

PR-URL: #29875
BethGriggs added a commit that referenced this pull request Oct 21, 2019
Notable changes:

- **deps**: update npm to 6.11.3 (claudiahdz)
  [#29430](#29430)
- **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts)
  [#29921](#29921)
- **dns**: remove dns.promises experimental warning (cjihrig)
  [#26592](#26592)
- **fs**: remove experimental warning for fs.promises (Anna Henningsen)
  [#26581](#26581)
- **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof)
  [#29401](#29401)
- **stream**: make Symbol.asyncIterator support stable (Matteo Collina)
  [#26989](#26989)

PR-URL: #29875
BethGriggs added a commit that referenced this pull request Oct 22, 2019
Notable changes:

- crypto:
  - add support for chacha20-poly1305 for AEAD (chux0519)
    #24081
  - increase maxmem range from 32 to 53 bits (Tobias Nießen)
    #28799
- deps:
  - update npm to 6.11.3 (claudiahdz)
    #29430
  - upgrade openssl sources to 1.1.1d (Sam Roberts)
    #29921
- dns:
  - remove dns.promises experimental warning (cjihrig)
    #26592
- fs:
  - remove experimental warning for fs.promises (Anna Henningsen)
    #26581
- http:
  - makes response.writeHead return the response (Mark S. Everitt)
    #25974
- http2:
  - makes response.writeHead return the response (Mark S. Everitt)
    #25974
- n-api:
  - make func argument of napi\_create\_threadsafe\_function optional
    (legendecas) #27791
  - mark version 5 N-APIs as stable (Gabriel Schulhof)
    #29401
  - implement date object (Jarrod Connolly)
    #25917
- process:
  - add --unhandled-rejections flag (Ruben Bridgewater)
    #26599
- stream:
  - implement Readable.from async iterator utility (Guy Bedford)
    #27660
  - make Symbol.asyncIterator support stable (Matteo Collina)
    #26989

PR-URL: #29875
BethGriggs added a commit that referenced this pull request Oct 22, 2019
Notable changes:

- crypto:
  - add support for chacha20-poly1305 for AEAD (chux0519)
    #24081
  - increase maxmem range from 32 to 53 bits (Tobias Nießen)
    #28799
- deps:
  - update npm to 6.11.3 (claudiahdz)
    #29430
  - upgrade openssl sources to 1.1.1d (Sam Roberts)
    #29921
- dns:
  - remove dns.promises experimental warning (cjihrig)
    #26592
- fs:
  - remove experimental warning for fs.promises (Anna Henningsen)
    #26581
- http:
  - makes response.writeHead return the response (Mark S. Everitt)
    #25974
- http2:
  - makes response.writeHead return the response (Mark S. Everitt)
    #25974
- n-api:
  - make func argument of napi\_create\_threadsafe\_function optional
    (legendecas)
    #27791
  - mark version 5 N-APIs as stable (Gabriel Schulhof)
    #29401
  - implement date object (Jarrod Connolly)
    #25917
- process:
  - add --unhandled-rejections flag (Ruben Bridgewater)
    #26599
- stream:
  - implement Readable.from async iterator utility (Guy Bedford)
    #27660
  - make Symbol.asyncIterator support stable (Matteo Collina)
    #26989

PR-URL: #29875
BethGriggs added a commit that referenced this pull request Oct 22, 2019
Notable changes:

* crypto:
  * add support for chacha20-poly1305 for AEAD (chux0519)
    #24081
  * increase maxmem range from 32 to 53 bits (Tobias Nießen)
    #28799
* deps:
  * update npm to 6.11.3 (claudiahdz)
    #29430
  * upgrade openssl sources to 1.1.1d (Sam Roberts)
    #29921
* dns:
  * remove dns.promises experimental warning (cjihrig)
    #26592
* fs:
  * remove experimental warning for fs.promises (Anna Henningsen)
    #26581
* http:
  * makes response.writeHead return the response (Mark S. Everitt)
    #25974
* http2:
  * makes response.writeHead return the response (Mark S. Everitt)
    #25974
* n-api:
  * make func argument of napi\_create\_threadsafe\_function optional
    (legendecas)
    #27791
  * mark version 5 N-APIs as stable (Gabriel Schulhof)
    #29401
  * implement date object (Jarrod Connolly)
    #25917
* process:
  * add --unhandled-rejections flag (Ruben Bridgewater)
    #26599
* stream:
  * implement Readable.from async iterator utility (Guy Bedford)
    #27660
  * make Symbol.asyncIterator support stable (Matteo Collina)
    #26989

PR-URL: #29875
BethGriggs added a commit that referenced this pull request Oct 22, 2019
Notable changes:

* crypto:
  * add support for chacha20-poly1305 for AEAD (chux0519)
    #24081
  * increase maxmem range from 32 to 53 bits (Tobias Nießen)
    #28799
* deps:
  * update npm to 6.11.3 (claudiahdz)
    #29430
  * upgrade openssl sources to 1.1.1d (Sam Roberts)
    #29921
* dns:
  * remove dns.promises experimental warning (cjihrig)
    #26592
* fs:
  * remove experimental warning for fs.promises (Anna Henningsen)
    #26581
* http:
  * makes response.writeHead return the response (Mark S. Everitt)
    #25974
* http2:
  * makes response.writeHead return the response (Mark S. Everitt)
    #25974
* n-api:
  * make func argument of napi\_create\_threadsafe\_function optional
    (legendecas)
    #27791
  * mark version 5 N-APIs as stable (Gabriel Schulhof)
    #29401
  * implement date object (Jarrod Connolly)
    #25917
* process:
  * add --unhandled-rejections flag (Ruben Bridgewater)
    #26599
* stream:
  * implement Readable.from async iterator utility (Guy Bedford)
    #27660
  * make Symbol.asyncIterator support stable (Matteo Collina)
    #26989

PR-URL: #29875
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.