deps: update openssl to openssl1.1.1g by hassaanp · Pull Request #32971 · nodejs/node

hassaanp · 2020-04-21T14:00:54Z

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1g.tar.gz $ mv openssl-1.1.1g openssl $ git add --all openssl $ git commit openssl

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ cd deps/openssl/config $ make $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit

nodejs-github-bot · 2020-04-21T16:40:47Z

CI: https://ci.nodejs.org/job/node-test-pull-request/30889/

nodejs-github-bot · 2020-04-21T19:11:32Z

CI: https://ci.nodejs.org/job/node-test-pull-request/30895/

sam-github · 2020-04-21T19:53:39Z

This has passed CI, despite the failure above in the GH UI, the link is to the last run (test must be flaky). Correct link for this latest run is:

https://ci.nodejs.org/job/node-test-commit-linux-containered/19695/nodes=ubuntu1804_sharedlibs_openssl111_x64/

sam-github · 2020-04-21T20:06:48Z

didn't land clean on 12.x and 10.x:

picked clean onto 14.x and 13.x

richardlau · 2020-04-21T22:54:48Z

didn't land clean on 12.x and 10.x:
* #32983

* #32982
picked clean onto 14.x and 13.x

Is that because we haven't landed 1.1.1f onto 10.x and 12.x yet?

sam-github · 2020-04-21T23:28:56Z

For 12.x, yes, for 10.x, its more complex - the configurations generated are different slightly in terms of the config options used, and platforms generated, so the lack of 1.1.1f is an issue, but its never possible to cherry-pick openssl updates back to 10.x. Even though mechanical application of the update process (essential replacing deps/openssl/openssl with the tar ball contents, then doing make -C deps/openssl/config) works fine on 10.x, the result of the config process on 12.x can't pick back to 10.x.

sam-github · 2020-04-27T14:23:53Z

@nodejs/crypto

sam-github · 2020-04-27T14:30:10Z

Landed in 58682d8...9f14584

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1g.tar.gz $ mv openssl-1.1.1g openssl $ git add --all openssl $ git commit openssl PR-URL: #32971 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ cd deps/openssl/config $ make $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #32971 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>

targos · 2020-04-27T17:53:04Z

@sam-github should I incorporate this in v12.16.3 or can it wait one month?

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1g.tar.gz $ mv openssl-1.1.1g openssl $ git add --all openssl $ git commit openssl PR-URL: #32971 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ cd deps/openssl/config $ make $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #32971 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>

Notable changes: - deps: upgrade openssl sources to 1.1.1g (Hassaan Pasha) [#32971](#32971) - module: do not warn when accessing `\_\_esModule` of unfinished exports (Anna Henningsen) [#33048](#33048) - stream: - don't wait for close on legacy streams (Robert Nagy) [#33058](#33058) - pipeline should only destroy un-finished streams (Robert Nagy) [#32968](#32968) PR-URL: #33103

sam-github · 2020-04-27T21:24:33Z

I would land it with openssl-1.1.1f, whenever that lands, since it was a quick follow-on patch to 1.1.1f.

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1g.tar.gz $ mv openssl-1.1.1g openssl $ git add --all openssl $ git commit openssl PR-URL: #32971 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ cd deps/openssl/config $ make $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #32971 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>

Notable changes: Dependencies: * Updated OpenSSL to 1.1.1g. #32971 * Updated c-ares to 1.16.0. #32246 * Updated experimental uvwasi to 0.0.6. #32309 ESM (experimental): * Additional warnings are no longer printed for modules that use conditional exports or package name self resolution. #31845 PR-URL: #33009