-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v10.x backport] Update openssl 1.1.1d #29921
[v10.x backport] Update openssl 1.1.1d #29921
Conversation
This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1d.tar.gz $ mv openssl-1.1.1d openssl $ git add --all openssl $ git commit openssl
After an OpenSSL source update, all the config files need to be regenerated and comitted by: $ cd deps/openssl/config $ make $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h $ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit
@nodejs/crypto @nodejs/lts |
It's a sea of red :-(. I'll have to do some more work on this. |
@sam-github The equivalent of 3473e58 is missing from this PR and (hopefully) accounts for all the red (it's the same two tests failing) 🤞. |
OpenSSL 1.1.1d no longer generates warnings for some DH groups that used to be considered unsafe. See below for discussion. This is considered a bug fix. See: - openssl/openssl#9363 - openssl/openssl#9363 (comment) PR-URL: nodejs#29550 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Thanks Richard, passed locally, trying full CI again. |
@nodejs/platform-windows last CI failed on test.parallel/test-http-dns-error in windows: https://ci.nodejs.org/job/node-test-binary-windows/25604/COMPILED_BY=vs2017,RUNNER=win2016,RUN_SUBSET=3/ |
Updated the title of the PR to conform with https://github.com/nodejs/node/blob/19a8d22c77f55858d8dfb1fa593837112fb4aad2/doc/guides/backporting-to-release-lines.md#how-to-submit-a-backport-pull-request. (If not doing that was intentional and it is an error on my part to change it, apologies in advance.) @nodejs/backporters |
Only CI failures are those identified in #29977 |
This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1d.tar.gz $ mv openssl-1.1.1d openssl $ git add --all openssl $ git commit openssl PR-URL: #29921 Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
After an OpenSSL source update, all the config files need to be regenerated and comitted by: $ cd deps/openssl/config $ make $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h $ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #29921 Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Landed on |
Notable changes: - **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts) [#29921](#29921) - **dns**: remove dns.promises experimental warning (cjihrig) [#26592](#26592) - **fs**: remove experimental warning for fs.promises (Anna Henningsen) [#26581](#26581) - **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof) [#29401](#29401) - **stream**: make Symbol.asyncIterator support stable (Matteo Collina) [#26989](#26989) PR-URL: #29875
Notable changes: - **deps**: update npm to 6.11.3 (claudiahdz) [#29430](#29430) - **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts) [#29921](#29921) - **dns**: remove dns.promises experimental warning (cjihrig) [#26592](#26592) - **fs**: remove experimental warning for fs.promises (Anna Henningsen) [#26581](#26581) - **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof) [#29401](#29401) - **stream**: make Symbol.asyncIterator support stable (Matteo Collina) [#26989](#26989) PR-URL: #29875
Notable changes: - **deps**: update npm to 6.11.3 (claudiahdz) [#29430](#29430) - **deps**: upgrade openssl sources to 1.1.1d (Sam Roberts) [#29921](#29921) - **dns**: remove dns.promises experimental warning (cjihrig) [#26592](#26592) - **fs**: remove experimental warning for fs.promises (Anna Henningsen) [#26581](#26581) - **n-api**: mark version 5 N-APIs as stable (Gabriel Schulhof) [#29401](#29401) - **stream**: make Symbol.asyncIterator support stable (Matteo Collina) [#26989](#26989) PR-URL: #29875
Notable changes: * crypto: * add support for chacha20-poly1305 for AEAD (chux0519) #24081 * increase maxmem range from 32 to 53 bits (Tobias Nießen) #28799 * deps: * update npm to 6.11.3 (claudiahdz) #29430 * upgrade openssl sources to 1.1.1d (Sam Roberts) #29921 * dns: * remove dns.promises experimental warning (cjihrig) #26592 * fs: * remove experimental warning for fs.promises (Anna Henningsen) #26581 * http: * makes response.writeHead return the response (Mark S. Everitt) #25974 * http2: * makes response.writeHead return the response (Mark S. Everitt) #25974 * n-api: * make func argument of napi\_create\_threadsafe\_function optional (legendecas) #27791 * mark version 5 N-APIs as stable (Gabriel Schulhof) #29401 * implement date object (Jarrod Connolly) #25917 * process: * add --unhandled-rejections flag (Ruben Bridgewater) #26599 * stream: * implement Readable.from async iterator utility (Guy Bedford) #27660 * make Symbol.asyncIterator support stable (Matteo Collina) #26989 PR-URL: #29875
Notable changes: * crypto: * add support for chacha20-poly1305 for AEAD (chux0519) #24081 * increase maxmem range from 32 to 53 bits (Tobias Nießen) #28799 * deps: * update npm to 6.11.3 (claudiahdz) #29430 * upgrade openssl sources to 1.1.1d (Sam Roberts) #29921 * dns: * remove dns.promises experimental warning (cjihrig) #26592 * fs: * remove experimental warning for fs.promises (Anna Henningsen) #26581 * http: * makes response.writeHead return the response (Mark S. Everitt) #25974 * http2: * makes response.writeHead return the response (Mark S. Everitt) #25974 * n-api: * make func argument of napi\_create\_threadsafe\_function optional (legendecas) #27791 * mark version 5 N-APIs as stable (Gabriel Schulhof) #29401 * implement date object (Jarrod Connolly) #25917 * process: * add --unhandled-rejections flag (Ruben Bridgewater) #26599 * stream: * implement Readable.from async iterator utility (Guy Bedford) #27660 * make Symbol.asyncIterator support stable (Matteo Collina) #26989 PR-URL: #29875
Note that this drops the floating patch from #28983 because it is included -- or so it appears to me @ofrobots
This is a "backport" of #29550, though actually it has to be done from scratch, exact commands are documented in the commit messages, as usual.
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes