Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update openssl1.1.1b #26327

Closed
wants to merge 5 commits into from
Closed

Conversation

sam-github
Copy link
Contributor

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • commit message follows commit guidelines

sam-github and others added 5 commits February 26, 2019 11:28
This reverts commit f395a4a.

As of openssl-1.1.1b, the dot-files are no longer distributed, so this
is no longer necessary.
This updates all sources in deps/openssl/openssl with openssl-1.1.1b.
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: nodejs#25381
Reviewed-By: Daniel Bevenius <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
`cd deps/openssl/config; make` updates all archs dependant files.
Since its not packaged, we don't have to delete it, and the Makefile
and update can become a (tiny) bit simpler.
@sam-github sam-github requested a review from shigeki February 26, 2019 21:18
@nodejs-github-bot
Copy link
Collaborator

@sam-github sadly an error occured when I tried to trigger a build :(

@nodejs-github-bot nodejs-github-bot added the openssl Issues and PRs related to the OpenSSL dependency. label Feb 26, 2019
This was referenced Feb 27, 2019
@sam-github
Copy link
Contributor Author

@sam-github
Copy link
Contributor Author

Looks like everything passed, except custom-suites-freestyle, aka test-worker, which failed to git clone.

re-ci: https://ci.nodejs.org/job/node-test-pull-request/21068

@sam-github
Copy link
Contributor Author

@nodejs/collaborators please take a look - routine OpenSSL patch update, nothing hard to review, and CI is green

I'd like this to hit 10.x on top of #26270 (so from the point of view of users of 10.x it would go straight to 1.1.1b skipping 1.1.1a), and I'm trying to figure out if that's possible . It would have to be in 11.x for a couple weeks until it can land in 10.x. It can't make the 10.16.0-rc of Mar 12th, but it could make the 10.16.0 release date of April 2nd if there is an 11.x in the next couple weeks.

@nodejs/release, the @nodejs/lts release schedule for 10.x is documented on https://github.com/nodejs/Release/wiki (but not 8.x or 6.x), is the 11.x schedule anywhere?

@sam-github
Copy link
Contributor Author

@mhdawson points out that review-by-file has over 600 file diffs, so questioned my characterization of "not hard to review" :-)

It should be reviewed by looking at https://github.com/nodejs/node/pull/26327/commits:

And that's it.

Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RSLGTM

@sam-github
Copy link
Contributor Author

CI is green

@sam-github
Copy link
Contributor Author

Green in CI, two approvals, 6 days open... I'll land it tomorrow if no objections, so @nodejs/crypto last chance to review.

of a post handshake message exchange (although the messages themselves are
still signalled). This could break some applications that were expecting
the old signals. However without this KeyUpdate is not usable for many
applications.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, this is openssl/openssl@37857e9. That change looks safe to me in the sense of no observable change with TLS <= 1.2 (and TLSv1.3 isn't an issue for us just yet.) Agree/disagree?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not just safe for TSL1.3, necessary. I'm floating this on #26209 and can drop it from there once 1.1.1b is merged.

@BridgeAR BridgeAR added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Mar 5, 2019
@sam-github
Copy link
Contributor Author

Landed in fe71629...b348ae7

@sam-github sam-github closed this Mar 5, 2019
sam-github added a commit that referenced this pull request Mar 5, 2019
This reverts commit f395a4a.

As of openssl-1.1.1b, the dot-files are no longer distributed, so this
is no longer necessary.

PR-URL: #26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
sam-github added a commit that referenced this pull request Mar 5, 2019
This updates all sources in deps/openssl/openssl with openssl-1.1.1b.

PR-URL: #26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
sam-github pushed a commit that referenced this pull request Mar 5, 2019
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: #26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>

Original:

Fixes: #4270
PR-URL: #19794
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Rod Vagg <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
sam-github added a commit that referenced this pull request Mar 5, 2019
`cd deps/openssl/config; make` updates all archs dependant files.

PR-URL: #26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
sam-github added a commit that referenced this pull request Mar 5, 2019
Since its not packaged, we don't have to delete it, and the Makefile
and update can become a (tiny) bit simpler.

PR-URL: #26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
@sam-github sam-github deleted the update_openssl1.1.1b branch March 5, 2019 16:55
sam-github added a commit to sam-github/node that referenced this pull request Apr 29, 2019
`cd deps/openssl/config; make` updates all archs dependant files.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
sam-github added a commit to sam-github/node that referenced this pull request May 10, 2019
Particularly, ensure that the commit messages are self-explanatory so
that reviewers can understand that the large commits are the result of a
simple repeatable process. This should make them easier to review.

See: nodejs#26327 (comment)

PR-URL: nodejs#26378
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
sam-github added a commit to sam-github/node that referenced this pull request May 10, 2019
This updates all sources in deps/openssl/openssl with openssl-1.1.1b.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
sam-github added a commit to sam-github/node that referenced this pull request May 10, 2019
Since its not packaged, we don't have to delete it, and the Makefile
and update can become a (tiny) bit simpler.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
sam-github added a commit to sam-github/node that referenced this pull request May 10, 2019
`cd deps/openssl/config; make` updates all archs dependant files.

PR-URL: nodejs#26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 16, 2019
Particularly, ensure that the commit messages are self-explanatory so
that reviewers can understand that the large commits are the result of a
simple repeatable process. This should make them easier to review.

See: #26327 (comment)

Backport-PR-URL: #27419
PR-URL: #26378
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 16, 2019
This updates all sources in deps/openssl/openssl with openssl-1.1.1b.

Backport-PR-URL: #27419
PR-URL: #26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 16, 2019
Since its not packaged, we don't have to delete it, and the Makefile
and update can become a (tiny) bit simpler.

Backport-PR-URL: #27419
PR-URL: #26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 16, 2019
`cd deps/openssl/config; make` updates all archs dependant files.

Backport-PR-URL: #27419
PR-URL: #26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 16, 2019
Particularly, ensure that the commit messages are self-explanatory so
that reviewers can understand that the large commits are the result of a
simple repeatable process. This should make them easier to review.

See: #26327 (comment)

Backport-PR-URL: #27419
PR-URL: #26378
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 16, 2019
This updates all sources in deps/openssl/openssl with openssl-1.1.1b.

Backport-PR-URL: #27419
PR-URL: #26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 16, 2019
Since its not packaged, we don't have to delete it, and the Makefile
and update can become a (tiny) bit simpler.

Backport-PR-URL: #27419
PR-URL: #26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 16, 2019
`cd deps/openssl/config; make` updates all archs dependant files.

Backport-PR-URL: #27419
PR-URL: #26327
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
@BethGriggs BethGriggs mentioned this pull request May 16, 2019
BethGriggs added a commit that referenced this pull request May 28, 2019
Notable changes:

- **deps**:
  - update ICU to 64.2 (Ujjwal Sharma)
    [#27361](#27361)
  - upgrade npm to 6.9.0 (Kat Marchán)
    [#26244](#26244)
  - upgrade openssl sources to 1.1.1b (Sam Roberts)
    [#26327](#26327)
  - upgrade to libuv 1.28.0 (cjihrig)
    [#27241](#27241)
- **events**:
  - add once method to use promises with EventEmitter (Matteo Collina)
   [#26078](#26078)
- **n-api**:
  - mark thread-safe function as stable (Gabriel Schulhof)
    [#25556](#25556)
- **repl**:
  - support top-level for-await-of (Shelley Vohr)
    [#23841](#23841)
- **zlib**:
  - add brotli support (Anna Henningsen)
    [#24938](#24938)

PR-URL: #27514
BethGriggs added a commit that referenced this pull request May 28, 2019
Notable changes:

- **deps**:
  - update ICU to 64.2 (Ujjwal Sharma)
    [#27361](#27361)
  - upgrade npm to 6.9.0 (Kat Marchán)
    [#26244](#26244)
  - upgrade openssl sources to 1.1.1b (Sam Roberts)
    [#26327](#26327)
  - upgrade to libuv 1.28.0 (cjihrig)
    [#27241](#27241)
- **events**:
  - add once method to use promises with EventEmitter (Matteo Collina)
   [#26078](#26078)
- **n-api**:
  - mark thread-safe function as stable (Gabriel Schulhof)
    [#25556](#25556)
- **repl**:
  - support top-level for-await-of (Shelley Vohr)
    [#23841](#23841)
- **zlib**:
  - add brotli support (Anna Henningsen)
    [#24938](#24938)

PR-URL: #27514
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants