[v10.x backport] Update openssl 1.1.1d #29921
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This updates all sources in deps/openssl/openssl by:
$ cd deps/openssl/
$ rm -rf openssl
$ tar zxf ~/tmp/openssl-1.1.1d.tar.gz
$ mv openssl-1.1.1d openssl
$ git add --all openssl
$ git commit openssl
After an OpenSSL source update, all the config files need to be regenerated and
comitted by:
$ cd deps/openssl/config
$ make
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h
$ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
nodejs-github-bot
added
openssl
|
@nodejs/crypto @nodejs/lts |
|
It's a sea of red :-(. I'll have to do some more work on this. |
@sam-github The equivalent of 3473e58 is missing from this PR and (hopefully) accounts for all the red (it's the same two tests failing) 🤞. |
OpenSSL 1.1.1d no longer generates warnings for some DH groups that used to be considered unsafe. See below for discussion. This is considered a bug fix. See: - openssl/openssl#9363 - openssl/openssl#9363 (comment) PR-URL: nodejs#29550 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
Thanks Richard, passed locally, trying full CI again. |
|
@nodejs/platform-windows last CI failed on test.parallel/test-http-dns-error in windows: https://ci.nodejs.org/job/node-test-binary-windows/25604/COMPILED_BY=vs2017,RUNNER=win2016,RUN_SUBSET=3/ |
Trott
changed the title
Trott
changed the title
|
Updated the title of the PR to conform with https://github.com/nodejs/node/blob/19a8d22c77f55858d8dfb1fa593837112fb4aad2/doc/guides/backporting-to-release-lines.md#how-to-submit-a-backport-pull-request. (If not doing that was intentional and it is an error on my part to change it, apologies in advance.) @nodejs/backporters |
|
Only CI failures are those identified in #29977 |
BethGriggs
approved these changes
Oct 15, 2019
richardlau
approved these changes
Oct 15, 2019
BethGriggs
pushed a commit
that referenced
this pull request
Oct 16, 2019
This updates all sources in deps/openssl/openssl by:
$ cd deps/openssl/
$ rm -rf openssl
$ tar zxf ~/tmp/openssl-1.1.1d.tar.gz
$ mv openssl-1.1.1d openssl
$ git add --all openssl
$ git commit openssl
PR-URL: #29921
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
BethGriggs
pushed a commit
that referenced
this pull request
Oct 16, 2019
After an OpenSSL source update, all the config files need to be regenerated and
comitted by:
$ cd deps/openssl/config
$ make
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h
$ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
PR-URL: #29921
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
|
Landed on |
BethGriggs
added a commit
that referenced
this pull request
Oct 18, 2019
Notable changes: - **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts) [#29921](#29921) - **dns**: remove dns.promises experimental warning (cjihrig) [#26592](#26592) - **fs**: remove experimental warning for fs.promises (Anna Henningsen) [#26581](#26581) - **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof) [#29401](#29401) - **stream**: make Symbol.asyncIterator support stable (Matteo Collina) [#26989](#26989) PR-URL: #29875
Merged
BethGriggs
added a commit
that referenced
this pull request
Oct 19, 2019
Notable changes: - **deps**: update npm to 6.11.3 (claudiahdz) [#29430](#29430) - **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts) [#29921](#29921) - **dns**: remove dns.promises experimental warning (cjihrig) [#26592](#26592) - **fs**: remove experimental warning for fs.promises (Anna Henningsen) [#26581](#26581) - **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof) [#29401](#29401) - **stream**: make Symbol.asyncIterator support stable (Matteo Collina) [#26989](#26989) PR-URL: #29875
BethGriggs
added a commit
that referenced
this pull request
Oct 21, 2019
Notable changes: - **deps**: update npm to 6.11.3 (claudiahdz) [#29430](#29430) - **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts) [#29921](#29921) - **dns**: remove dns.promises experimental warning (cjihrig) [#26592](#26592) - **fs**: remove experimental warning for fs.promises (Anna Henningsen) [#26581](#26581) - **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof) [#29401](#29401) - **stream**: make Symbol.asyncIterator support stable (Matteo Collina) [#26989](#26989) PR-URL: #29875
BethGriggs
added a commit
that referenced
this pull request
Oct 22, 2019
Notable changes:
* crypto:
* add support for chacha20-poly1305 for AEAD (chux0519)
#24081
* increase maxmem range from 32 to 53 bits (Tobias Nießen)
#28799
* deps:
* update npm to 6.11.3 (claudiahdz)
#29430
* upgrade openssl sources to 1.1.1d (Sam Roberts)
#29921
* dns:
* remove dns.promises experimental warning (cjihrig)
#26592
* fs:
* remove experimental warning for fs.promises (Anna Henningsen)
#26581
* http:
* makes response.writeHead return the response (Mark S. Everitt)
#25974
* http2:
* makes response.writeHead return the response (Mark S. Everitt)
#25974
* n-api:
* make func argument of napi\_create\_threadsafe\_function optional
(legendecas)
#27791
* mark version 5 N-APIs as stable (Gabriel Schulhof)
#29401
* implement date object (Jarrod Connolly)
#25917
* process:
* add --unhandled-rejections flag (Ruben Bridgewater)
#26599
* stream:
* implement Readable.from async iterator utility (Guy Bedford)
#27660
* make Symbol.asyncIterator support stable (Matteo Collina)
#26989
PR-URL: #29875
BethGriggs
added a commit
that referenced
this pull request
Oct 22, 2019
Notable changes:
* crypto:
* add support for chacha20-poly1305 for AEAD (chux0519)
#24081
* increase maxmem range from 32 to 53 bits (Tobias Nießen)
#28799
* deps:
* update npm to 6.11.3 (claudiahdz)
#29430
* upgrade openssl sources to 1.1.1d (Sam Roberts)
#29921
* dns:
* remove dns.promises experimental warning (cjihrig)
#26592
* fs:
* remove experimental warning for fs.promises (Anna Henningsen)
#26581
* http:
* makes response.writeHead return the response (Mark S. Everitt)
#25974
* http2:
* makes response.writeHead return the response (Mark S. Everitt)
#25974
* n-api:
* make func argument of napi\_create\_threadsafe\_function optional
(legendecas)
#27791
* mark version 5 N-APIs as stable (Gabriel Schulhof)
#29401
* implement date object (Jarrod Connolly)
#25917
* process:
* add --unhandled-rejections flag (Ruben Bridgewater)
#26599
* stream:
* implement Readable.from async iterator utility (Guy Bedford)
#27660
* make Symbol.asyncIterator support stable (Matteo Collina)
#26989
PR-URL: #29875
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note that this drops the floating patch from #28983 because it is included -- or so it appears to me @ofrobots
This is a "backport" of #29550, though actually it has to be done from scratch, exact commands are documented in the commit messages, as usual.
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes