Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade openssl to 1.0.2f #4961

Closed
wants to merge 8 commits into from

Conversation

MylesBorins
Copy link
Contributor

This PR updates openssl to version 1.0.2f

This is in accordance with the security advisory that was posted in #4857

It was done following the steps documented in https://github.com/TheAlphaNerd/node/blob/f48bce95eea9ad5b15a0872a194fa66623f0e5ba/deps/openssl/doc/UPGRADING.md

@MylesBorins
Copy link
Contributor Author

I think we can safely drop MylesBorins@0185025

Myles Borins and others added 8 commits January 29, 2016 17:38
This replaces all sources of openssl-1.0.2f.tar.gz
into deps/openssl/openssl

PR-URL: nodejs#4961
Reviewed-By:
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows.
Two files of opensslconf.h in crypto and include dir are replaced to
refer config/opensslconf.h.

PR-URL: nodejs#4961
Reviewed-By:
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: nodejs#1461
PR-URL: nodejs#1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Regenerate config files for supported platforms with Makefile.

PR-URL: nodejs#4961
Reviewed-By:
the guide is now current with the steps taken to update
openssl to v1.0.2f

PR-URL: nodejs#4961
Reviewed-By:
@MylesBorins
Copy link
Contributor Author

@mscdex mscdex added the openssl Issues and PRs related to the OpenSSL dependency. label Jan 30, 2016
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Jan 31, 2016
This replaces all sources of openssl-1.0.2f.tar.gz
into deps/openssl/openssl

PR-URL: nodejs#4961
Reviewed-By:
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Jan 31, 2016
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows.
Two files of opensslconf.h in crypto and include dir are replaced to
refer config/opensslconf.h.

PR-URL: nodejs#4961
Reviewed-By:
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Jan 31, 2016
the guide is now current with the steps taken to update
openssl to v1.0.2f

PR-URL: nodejs#4961
Reviewed-By:
@MylesBorins
Copy link
Contributor Author

I've opened #4983 targeting v4

@MylesBorins
Copy link
Contributor Author

The failures on citgm appear unrelated

shigeki pushed a commit that referenced this pull request Jan 31, 2016
This replaces all sources of openssl-1.0.2f.tar.gz
into deps/openssl/openssl

Fix: #4857
PR-URL: #4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: copy openssl header files to include dir

All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows.
Two files of opensslconf.h in crypto and include dir are replaced to
refer config/opensslconf.h.

Fix: #4857
PR-URL: #4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

openssl: fix keypress requirement in apps on win32

Reapply b910613 .

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

docs: update openssl UPDATING guide

the guide is now current with the steps taken to update
openssl to v1.0.2f

PR-URL: #4961
Reviewed-By: Myles Borins <mborins@us.ibm.com>
shigeki pushed a commit that referenced this pull request Jan 31, 2016
This replaces all sources of openssl-1.0.2f.tar.gz
into deps/openssl/openssl

Fix: #4857
PR-URL: #4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: copy openssl header files to include dir

All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows.
Two files of opensslconf.h in crypto and include dir are replaced to
refer config/opensslconf.h.

Fix: #4857
PR-URL: #4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

openssl: fix keypress requirement in apps on win32

Reapply b910613 .

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

docs: update openssl UPDATING guide

the guide is now current with the steps taken to update
openssl to v1.0.2f

PR-URL: #4961
Reviewed-By: Myles Borins <mborins@us.ibm.com>
shigeki pushed a commit that referenced this pull request Jan 31, 2016
This replaces all sources of openssl-1.0.2f.tar.gz
into deps/openssl/openssl

Fix: #4857
PR-URL: #4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: copy openssl header files to include dir

All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows.
Two files of opensslconf.h in crypto and include dir are replaced to
refer config/opensslconf.h.

Fix: #4857
PR-URL: #4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

openssl: fix keypress requirement in apps on win32

Reapply b910613 .

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

docs: update openssl UPDATING guide

the guide is now current with the steps taken to update
openssl to v1.0.2f

PR-URL: #4961
Reviewed-By: Myles Borins <mborins@us.ibm.com>
@shigeki
Copy link
Contributor

shigeki commented Jan 31, 2016

LGTM and landed for master in 1f43478 and bdd37e1,
for v5.x in cfc44c3 and 9f643af,
for v4.x-staging in 7bd9fab and fcb8cae.

The -no_rand_screen commit is not squashed because it resolved conflicts and worth while to reuse in the future upgrade.

Thanks @thealphanerd for a great work for upgrading.

@shigeki shigeki closed this Jan 31, 2016
@shigeki shigeki mentioned this pull request Jan 31, 2016
@MylesBorins MylesBorins deleted the openssl-1.0.2f branch February 1, 2016 20:38
rvagg pushed a commit that referenced this pull request Feb 8, 2016
This replaces all sources of openssl-1.0.2f.tar.gz
into deps/openssl/openssl

Fix: #4857
PR-URL: #4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: copy openssl header files to include dir

All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows.
Two files of opensslconf.h in crypto and include dir are replaced to
refer config/opensslconf.h.

Fix: #4857
PR-URL: #4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

openssl: fix keypress requirement in apps on win32

Reapply b910613 .

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

docs: update openssl UPDATING guide

the guide is now current with the steps taken to update
openssl to v1.0.2f

PR-URL: #4961
Reviewed-By: Myles Borins <mborins@us.ibm.com>
jasnell pushed a commit that referenced this pull request Feb 9, 2016
This replaces all sources of openssl-1.0.2f.tar.gz
into deps/openssl/openssl

Fix: #4857
PR-URL: #4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: copy openssl header files to include dir

All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows.
Two files of opensslconf.h in crypto and include dir are replaced to
refer config/opensslconf.h.

Fix: #4857
PR-URL: #4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

openssl: fix keypress requirement in apps on win32

Reapply b910613 .

Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

docs: update openssl UPDATING guide

the guide is now current with the steps taken to update
openssl to v1.0.2f

PR-URL: #4961
Reviewed-By: Myles Borins <mborins@us.ibm.com>
scovetta pushed a commit to scovetta/node that referenced this pull request Apr 2, 2016
This replaces all sources of openssl-1.0.2f.tar.gz
into deps/openssl/openssl

Fix: nodejs#4857
PR-URL: nodejs#4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: copy openssl header files to include dir

All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows.
Two files of opensslconf.h in crypto and include dir are replaced to
refer config/opensslconf.h.

Fix: nodejs#4857
PR-URL: nodejs#4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

openssl: fix keypress requirement in apps on win32

Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

docs: update openssl UPDATING guide

the guide is now current with the steps taken to update
openssl to v1.0.2f

PR-URL: nodejs#4961
Reviewed-By: Myles Borins <mborins@us.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants