Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: update openssl to openssl1.1.1g #32971

Closed

Conversation

hassaanp
Copy link
Contributor

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

Closes #32846

This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1g.tar.gz
    $ mv openssl-1.1.1g openssl
    $ git add --all openssl
    $ git commit openssl
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ cd deps/openssl/config
   $ make
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit
@nodejs-github-bot nodejs-github-bot added the openssl Issues and PRs related to the OpenSSL dependency. label Apr 21, 2020
@hassaanp hassaanp changed the title Deps/update openssl to openssl1.1.1g deps: update openssl to openssl1.1.1g Apr 21, 2020
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@sam-github
Copy link
Contributor

This has passed CI, despite the failure above in the GH UI, the link is to the last run (test must be flaky). Correct link for this latest run is:

https://ci.nodejs.org/job/node-test-commit-linux-containered/19695/nodes=ubuntu1804_sharedlibs_openssl111_x64/

@sam-github sam-github mentioned this pull request Apr 21, 2020
4 tasks
@sam-github
Copy link
Contributor

didn't land clean on 12.x and 10.x:

picked clean onto 14.x and 13.x

@richardlau
Copy link
Member

didn't land clean on 12.x and 10.x:

* #32983

* #32982

picked clean onto 14.x and 13.x

Is that because we haven't landed 1.1.1f onto 10.x and 12.x yet?

@sam-github
Copy link
Contributor

For 12.x, yes, for 10.x, its more complex - the configurations generated are different slightly in terms of the config options used, and platforms generated, so the lack of 1.1.1f is an issue, but its never possible to cherry-pick openssl updates back to 10.x. Even though mechanical application of the update process (essential replacing deps/openssl/openssl with the tar ball contents, then doing make -C deps/openssl/config) works fine on 10.x, the result of the config process on 12.x can't pick back to 10.x.

@sam-github
Copy link
Contributor

@nodejs/crypto

@sam-github
Copy link
Contributor

Landed in 58682d8...9f14584

@sam-github sam-github closed this Apr 27, 2020
@sam-github sam-github deleted the deps/update-openssl-to-openssl1.1.1g branch April 27, 2020 14:30
sam-github pushed a commit that referenced this pull request Apr 27, 2020
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1g.tar.gz
    $ mv openssl-1.1.1g openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
sam-github pushed a commit that referenced this pull request Apr 27, 2020
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ cd deps/openssl/config
   $ make
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
@targos
Copy link
Member

targos commented Apr 27, 2020

@sam-github should I incorporate this in v12.16.3 or can it wait one month?

BethGriggs pushed a commit that referenced this pull request Apr 27, 2020
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1g.tar.gz
    $ mv openssl-1.1.1g openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
BethGriggs pushed a commit that referenced this pull request Apr 27, 2020
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ cd deps/openssl/config
   $ make
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
@BethGriggs BethGriggs mentioned this pull request Apr 27, 2020
BethGriggs added a commit that referenced this pull request Apr 27, 2020
Notable changes:

- deps: upgrade openssl sources to 1.1.1g (Hassaan Pasha)
  [#32971](#32971)
- module: do not warn when accessing `\_\_esModule` of unfinished exports (Anna Henningsen)
  [#33048](#33048)
- stream:
  - don't wait for close on legacy streams (Robert Nagy)
    [#33058](#33058)
  - pipeline should only destroy un-finished streams (Robert Nagy)
    [#32968](#32968)

PR-URL: #33103
@sam-github
Copy link
Contributor

I would land it with openssl-1.1.1f, whenever that lands, since it was a quick follow-on patch to 1.1.1f.

targos pushed a commit that referenced this pull request Apr 27, 2020
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1g.tar.gz
    $ mv openssl-1.1.1g openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
targos pushed a commit that referenced this pull request Apr 27, 2020
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ cd deps/openssl/config
   $ make
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
targos added a commit that referenced this pull request Apr 27, 2020
Notable changes:

Dependencies:
  * Updated OpenSSL to 1.1.1g.
    #32971
  * Updated c-ares to 1.16.0.
    #32246
  * Updated experimental uvwasi to 0.0.6.
    #32309
ESM (experimental):
  * Additional warnings are no longer printed for modules that use
    conditional exports or package name self resolution.
    #31845

PR-URL: #33009
BethGriggs added a commit that referenced this pull request Apr 28, 2020
Notable changes:

- deps: upgrade openssl sources to 1.1.1g (Hassaan Pasha)
  [#32971](#32971)
- module: do not warn when accessing `\_\_esModule` of unfinished exports (Anna Henningsen)
  [#33048](#33048)
- stream:
  - don't wait for close on legacy streams (Robert Nagy)
    [#33058](#33058)
  - pipeline should only destroy un-finished streams (Robert Nagy)
    [#32968](#32968)

PR-URL: #33103
BridgeAR pushed a commit that referenced this pull request Apr 28, 2020
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1g.tar.gz
    $ mv openssl-1.1.1g openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
BridgeAR pushed a commit that referenced this pull request Apr 28, 2020
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ cd deps/openssl/config
   $ make
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
BridgeAR pushed a commit that referenced this pull request Apr 28, 2020
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1g.tar.gz
    $ mv openssl-1.1.1g openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
BridgeAR pushed a commit that referenced this pull request Apr 28, 2020
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ cd deps/openssl/config
   $ make
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
@BridgeAR BridgeAR mentioned this pull request Apr 28, 2020
targos added a commit that referenced this pull request Apr 28, 2020
Notable changes:

Dependencies:
  * Updated OpenSSL to 1.1.1g.
    #32971
  * Updated c-ares to 1.16.0.
    #32246
  * Updated experimental uvwasi to 0.0.6.
    #32309
ESM (experimental):
  * Additional warnings are no longer printed for modules that use
    conditional exports or package name self resolution.
    #31845

PR-URL: #33009
BethGriggs pushed a commit that referenced this pull request Apr 28, 2020
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1g.tar.gz
    $ mv openssl-1.1.1g openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
BethGriggs pushed a commit that referenced this pull request Apr 28, 2020
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ cd deps/openssl/config
   $ make
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: #32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
BethGriggs added a commit that referenced this pull request Apr 28, 2020
Notable changes:

- deps: upgrade openssl sources to 1.1.1g (Hassaan Pasha)
  [#32971](#32971)
- doc: add juanarbol as collaborator (Juan José Arboleda)
  [#32906](#32906)
- http: doc deprecate abort and improve docs (Robert Nagy)
  [#32807](#32807)
- module: do not warn when accessing `__esModule` of unfinished exports
  (Anna Henningsen) [#33048](#33048)
- n-api: detect deadlocks in thread-safe function (Gabriel Schulhof)
  [#32860](#32860)
- src: deprecate embedder APIs with replacements (Anna Henningsen)
  [#32858](#32858)
- stream:
  - don't emit end after close (Robert Nagy)
    [#33076](#33076)
  - don't wait for close on legacy streams (Robert Nagy)
    [#33058](#33058)
  - pipeline should only destroy un-finished streams (Robert Nagy)
    [#32968](#32968)

PR-URL: #33103
BethGriggs added a commit that referenced this pull request Apr 28, 2020
Notable changes:

- deps: upgrade openssl sources to 1.1.1g (Hassaan Pasha)
  [#32971](#32971)
- doc: add juanarbol as collaborator (Juan José Arboleda)
  [#32906](#32906)
- http: doc deprecate abort and improve docs (Robert Nagy)
  [#32807](#32807)
- module: do not warn when accessing `__esModule` of unfinished exports
  (Anna Henningsen) [#33048](#33048)
- n-api: detect deadlocks in thread-safe function (Gabriel Schulhof)
  [#32860](#32860)
- src: deprecate embedder APIs with replacements (Anna Henningsen)
  [#32858](#32858)
- stream:
  - don't emit end after close (Robert Nagy)
    [#33076](#33076)
  - don't wait for close on legacy streams (Robert Nagy)
    [#33058](#33058)
  - pipeline should only destroy un-finished streams (Robert Nagy)
    [#32968](#32968)
- vm: add importModuleDynamically option to compileFunction (Gus Caplan)
  [#32985](#32985)

PR-URL: #33103
BethGriggs added a commit that referenced this pull request Apr 29, 2020
Notable changes:

- deps: upgrade openssl sources to 1.1.1g (Hassaan Pasha)
  [#32971](#32971)
- doc: add juanarbol as collaborator (Juan José Arboleda)
  [#32906](#32906)
- http: doc deprecate abort and improve docs (Robert Nagy)
  [#32807](#32807)
- module: do not warn when accessing `__esModule` of unfinished exports
  (Anna Henningsen) [#33048](#33048)
- n-api: detect deadlocks in thread-safe function (Gabriel Schulhof)
  [#32860](#32860)
- src: deprecate embedder APIs with replacements (Anna Henningsen)
  [#32858](#32858)
- stream:
  - don't emit end after close (Robert Nagy)
    [#33076](#33076)
  - don't wait for close on legacy streams (Robert Nagy)
    [#33058](#33058)
  - pipeline should only destroy un-finished streams (Robert Nagy)
    [#32968](#32968)
- vm: add importModuleDynamically option to compileFunction (Gus Caplan)
  [#32985](#32985)

PR-URL: #33103
BethGriggs added a commit that referenced this pull request Apr 29, 2020
Notable changes:

- deps: upgrade openssl sources to 1.1.1g (Hassaan Pasha)
  [#32971](#32971)
- doc: add juanarbol as collaborator (Juan José Arboleda)
  [#32906](#32906)
- http: doc deprecate abort and improve docs (Robert Nagy)
  [#32807](#32807)
- module: do not warn when accessing `__esModule` of unfinished exports
  (Anna Henningsen) [#33048](#33048)
- n-api: detect deadlocks in thread-safe function (Gabriel Schulhof)
  [#32860](#32860)
- src: deprecate embedder APIs with replacements (Anna Henningsen)
  [#32858](#32858)
- stream:
  - don't emit end after close (Robert Nagy)
    [#33076](#33076)
  - don't wait for close on legacy streams (Robert Nagy)
    [#33058](#33058)
  - pipeline should only destroy un-finished streams (Robert Nagy)
    [#32968](#32968)
- vm: add importModuleDynamically option to compileFunction (Gus Caplan)
  [#32985](#32985)

PR-URL: #33103
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

openssl security release 1.1.1g - vulnerability HIGH
6 participants