[v10.x backport] Update openssl 1.1.1d by sam-github · Pull Request #29921 · nodejs/node

sam-github · 2019-10-10T16:42:08Z

Note that this drops the floating patch from #28983 because it is included -- or so it appears to me @ofrobots

This is a "backport" of #29550, though actually it has to be done from scratch, exact commands are documented in the commit messages, as usual.

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1d.tar.gz $ mv openssl-1.1.1d openssl $ git add --all openssl $ git commit openssl

After an OpenSSL source update, all the config files need to be regenerated and comitted by: $ cd deps/openssl/config $ make $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h $ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit

nodejs-github-bot · 2019-10-10T16:44:04Z

CI: https://ci.nodejs.org/job/node-test-pull-request/25944/

sam-github · 2019-10-10T16:44:12Z

@nodejs/crypto @nodejs/lts

sam-github · 2019-10-10T19:36:16Z

It's a sea of red :-(. I'll have to do some more work on this.

richardlau · 2019-10-10T20:28:32Z

This is a "backport" of #29550, though actually it has to be done from scratch, exact commands are documented in the commit messages, as usual.

@sam-github The equivalent of 3473e58 is missing from this PR and (hopefully) accounts for all the red (it's the same two tests failing) 🤞.

OpenSSL 1.1.1d no longer generates warnings for some DH groups that used to be considered unsafe. See below for discussion. This is considered a bug fix. See: - openssl/openssl#9363 - openssl/openssl#9363 (comment) PR-URL: nodejs#29550 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anna Henningsen <anna@addaleax.net>

nodejs-github-bot · 2019-10-11T17:54:45Z

CI: https://ci.nodejs.org/job/node-test-pull-request/25965/

sam-github · 2019-10-11T17:54:54Z

Thanks Richard, passed locally, trying full CI again.

sam-github · 2019-10-11T20:58:17Z

@nodejs/platform-windows last CI failed on test.parallel/test-http-dns-error in windows: https://ci.nodejs.org/job/node-test-binary-windows/25604/COMPILED_BY=vs2017,RUNNER=win2016,RUN_SUBSET=3/

nodejs-github-bot · 2019-10-11T20:58:43Z

CI: https://ci.nodejs.org/job/node-test-pull-request/25971/

nodejs-github-bot · 2019-10-13T00:11:40Z

CI: https://ci.nodejs.org/job/node-test-pull-request/25992/

Trott · 2019-10-13T00:14:30Z

Updated the title of the PR to conform with https://github.com/nodejs/node/blob/19a8d22c77f55858d8dfb1fa593837112fb4aad2/doc/guides/backporting-to-release-lines.md#how-to-submit-a-backport-pull-request. (If not doing that was intentional and it is an error on my part to change it, apologies in advance.) @nodejs/backporters

nodejs-github-bot · 2019-10-14T12:45:54Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26009/ ✅

BethGriggs · 2019-10-15T11:03:06Z

Only CI failures are those identified in #29977

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1d.tar.gz $ mv openssl-1.1.1d openssl $ git add --all openssl $ git commit openssl PR-URL: #29921 Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>

After an OpenSSL source update, all the config files need to be regenerated and comitted by: $ cd deps/openssl/config $ make $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h $ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #29921 Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>

BethGriggs · 2019-10-16T14:12:09Z

Landed on v10.x-staging

Notable changes: - **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts) [#29921](#29921) - **dns**: remove dns.promises experimental warning (cjihrig) [#26592](#26592) - **fs**: remove experimental warning for fs.promises (Anna Henningsen) [#26581](#26581) - **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof) [#29401](#29401) - **stream**: make Symbol.asyncIterator support stable (Matteo Collina) [#26989](#26989) PR-URL: #29875

Notable changes: - **deps**: update npm to 6.11.3 (claudiahdz) [#29430](#29430) - **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts) [#29921](#29921) - **dns**: remove dns.promises experimental warning (cjihrig) [#26592](#26592) - **fs**: remove experimental warning for fs.promises (Anna Henningsen) [#26581](#26581) - **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof) [#29401](#29401) - **stream**: make Symbol.asyncIterator support stable (Matteo Collina) [#26989](#26989) PR-URL: #29875

Notable changes: * crypto: * add support for chacha20-poly1305 for AEAD (chux0519) #24081 * increase maxmem range from 32 to 53 bits (Tobias Nießen) #28799 * deps: * update npm to 6.11.3 (claudiahdz) #29430 * upgrade openssl sources to 1.1.1d (Sam Roberts) #29921 * dns: * remove dns.promises experimental warning (cjihrig) #26592 * fs: * remove experimental warning for fs.promises (Anna Henningsen) #26581 * http: * makes response.writeHead return the response (Mark S. Everitt) #25974 * http2: * makes response.writeHead return the response (Mark S. Everitt) #25974 * n-api: * make func argument of napi\_create\_threadsafe\_function optional (legendecas) #27791 * mark version 5 N-APIs as stable (Gabriel Schulhof) #29401 * implement date object (Jarrod Connolly) #25917 * process: * add --unhandled-rejections flag (Ruben Bridgewater) #26599 * stream: * implement Readable.from async iterator utility (Guy Bedford) #27660 * make Symbol.asyncIterator support stable (Matteo Collina) #26989 PR-URL: #29875

sam-github added 2 commits October 10, 2019 08:41

deps: upgrade openssl sources to 1.1.1d

ecd93ee

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1d.tar.gz $ mv openssl-1.1.1d openssl $ git add --all openssl $ git commit openssl

nodejs-github-bot added openssl Issues and PRs related to the OpenSSL dependency. v10.x labels Oct 10, 2019

Trott changed the title ~~Update openssl 1.1.1d v10.x~~ [v10.x backport] Update openssl 1.1.1d v10.x Oct 13, 2019

Trott changed the title ~~[v10.x backport] Update openssl 1.1.1d v10.x~~ [v10.x backport] Update openssl 1.1.1d Oct 13, 2019

BethGriggs approved these changes Oct 15, 2019

View reviewed changes

richardlau approved these changes Oct 15, 2019

View reviewed changes

BethGriggs closed this Oct 16, 2019

BethGriggs mentioned this pull request Oct 18, 2019

v10.17.0 proposal #29875

Merged

sam-github deleted the update-openssl-1.1.1d-v10.x branch March 6, 2020 19:05

Uh oh!

Conversation

sam-github commented Oct 10, 2019

Checklist

Uh oh!

nodejs-github-bot commented Oct 10, 2019

Uh oh!

sam-github commented Oct 10, 2019

Uh oh!

sam-github commented Oct 10, 2019

Uh oh!

richardlau commented Oct 10, 2019

Uh oh!

nodejs-github-bot commented Oct 11, 2019

Uh oh!

sam-github commented Oct 11, 2019

Uh oh!

sam-github commented Oct 11, 2019

Uh oh!

nodejs-github-bot commented Oct 11, 2019

Uh oh!

nodejs-github-bot commented Oct 13, 2019

Uh oh!

Trott commented Oct 13, 2019

Uh oh!

nodejs-github-bot commented Oct 14, 2019 • edited by BethGriggs Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

BethGriggs commented Oct 15, 2019

Uh oh!

BethGriggs commented Oct 16, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

nodejs-github-bot commented Oct 14, 2019 •

edited by BethGriggs

Loading