-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update openssl1.1.1b #26327
Update openssl1.1.1b #26327
Conversation
This reverts commit f395a4a. As of openssl-1.1.1b, the dot-files are no longer distributed, so this is no longer necessary.
This updates all sources in deps/openssl/openssl with openssl-1.1.1b.
This is a floating patch against OpenSSL-1.1.1 to generate asm files with Makefile rules. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>
`cd deps/openssl/config; make` updates all archs dependant files.
Since its not packaged, we don't have to delete it, and the Makefile and update can become a (tiny) bit simpler.
@sam-github sadly an error occured when I tried to trigger a build :( |
Looks like everything passed, except custom-suites-freestyle, aka test-worker, which failed to git clone. re-ci: https://ci.nodejs.org/job/node-test-pull-request/21068 |
@nodejs/collaborators please take a look - routine OpenSSL patch update, nothing hard to review, and CI is green I'd like this to hit 10.x on top of #26270 (so from the point of view of users of 10.x it would go straight to 1.1.1b skipping 1.1.1a), and I'm trying to figure out if that's possible . It would have to be in 11.x for a couple weeks until it can land in 10.x. It can't make the 10.16.0-rc of Mar 12th, but it could make the 10.16.0 release date of April 2nd if there is an 11.x in the next couple weeks. @nodejs/release, the @nodejs/lts release schedule for 10.x is documented on https://github.com/nodejs/Release/wiki (but not 8.x or 6.x), is the 11.x schedule anywhere? |
@mhdawson points out that review-by-file has over 600 file diffs, so questioned my characterization of "not hard to review" :-) It should be reviewed by looking at https://github.com/nodejs/node/pull/26327/commits:
And that's it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RSLGTM
CI is green |
Green in CI, two approvals, 6 days open... I'll land it tomorrow if no objections, so @nodejs/crypto last chance to review. |
of a post handshake message exchange (although the messages themselves are | ||
still signalled). This could break some applications that were expecting | ||
the old signals. However without this KeyUpdate is not usable for many | ||
applications. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FWIW, this is openssl/openssl@37857e9. That change looks safe to me in the sense of no observable change with TLS <= 1.2 (and TLSv1.3 isn't an issue for us just yet.) Agree/disagree?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not just safe for TSL1.3, necessary. I'm floating this on #26209 and can drop it from there once 1.1.1b is merged.
Landed in fe71629...b348ae7 |
This reverts commit f395a4a. As of openssl-1.1.1b, the dot-files are no longer distributed, so this is no longer necessary. PR-URL: #26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
This updates all sources in deps/openssl/openssl with openssl-1.1.1b. PR-URL: #26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
This is a floating patch against OpenSSL-1.1.1 to generate asm files with Makefile rules. PR-URL: #26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Original: Fixes: #4270 PR-URL: #19794 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]> Reviewed-By: Michael Dawson <[email protected]>
`cd deps/openssl/config; make` updates all archs dependant files. PR-URL: #26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
Since its not packaged, we don't have to delete it, and the Makefile and update can become a (tiny) bit simpler. PR-URL: #26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
`cd deps/openssl/config; make` updates all archs dependant files. PR-URL: nodejs#26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
Particularly, ensure that the commit messages are self-explanatory so that reviewers can understand that the large commits are the result of a simple repeatable process. This should make them easier to review. See: nodejs#26327 (comment) PR-URL: nodejs#26378 Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Richard Lau <[email protected]>
This updates all sources in deps/openssl/openssl with openssl-1.1.1b. PR-URL: nodejs#26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
Since its not packaged, we don't have to delete it, and the Makefile and update can become a (tiny) bit simpler. PR-URL: nodejs#26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
`cd deps/openssl/config; make` updates all archs dependant files. PR-URL: nodejs#26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
Particularly, ensure that the commit messages are self-explanatory so that reviewers can understand that the large commits are the result of a simple repeatable process. This should make them easier to review. See: #26327 (comment) Backport-PR-URL: #27419 PR-URL: #26378 Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Richard Lau <[email protected]>
This updates all sources in deps/openssl/openssl with openssl-1.1.1b. Backport-PR-URL: #27419 PR-URL: #26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
Since its not packaged, we don't have to delete it, and the Makefile and update can become a (tiny) bit simpler. Backport-PR-URL: #27419 PR-URL: #26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
`cd deps/openssl/config; make` updates all archs dependant files. Backport-PR-URL: #27419 PR-URL: #26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
Particularly, ensure that the commit messages are self-explanatory so that reviewers can understand that the large commits are the result of a simple repeatable process. This should make them easier to review. See: #26327 (comment) Backport-PR-URL: #27419 PR-URL: #26378 Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Richard Lau <[email protected]>
This updates all sources in deps/openssl/openssl with openssl-1.1.1b. Backport-PR-URL: #27419 PR-URL: #26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
Since its not packaged, we don't have to delete it, and the Makefile and update can become a (tiny) bit simpler. Backport-PR-URL: #27419 PR-URL: #26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
`cd deps/openssl/config; make` updates all archs dependant files. Backport-PR-URL: #27419 PR-URL: #26327 Reviewed-By: Gireesh Punathil <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
Notable changes: - **deps**: - update ICU to 64.2 (Ujjwal Sharma) [#27361](#27361) - upgrade npm to 6.9.0 (Kat Marchán) [#26244](#26244) - upgrade openssl sources to 1.1.1b (Sam Roberts) [#26327](#26327) - upgrade to libuv 1.28.0 (cjihrig) [#27241](#27241) - **events**: - add once method to use promises with EventEmitter (Matteo Collina) [#26078](#26078) - **n-api**: - mark thread-safe function as stable (Gabriel Schulhof) [#25556](#25556) - **repl**: - support top-level for-await-of (Shelley Vohr) [#23841](#23841) - **zlib**: - add brotli support (Anna Henningsen) [#24938](#24938) PR-URL: #27514
Notable changes: - **deps**: - update ICU to 64.2 (Ujjwal Sharma) [#27361](#27361) - upgrade npm to 6.9.0 (Kat Marchán) [#26244](#26244) - upgrade openssl sources to 1.1.1b (Sam Roberts) [#26327](#26327) - upgrade to libuv 1.28.0 (cjihrig) [#27241](#27241) - **events**: - add once method to use promises with EventEmitter (Matteo Collina) [#26078](#26078) - **n-api**: - mark thread-safe function as stable (Gabriel Schulhof) [#25556](#25556) - **repl**: - support top-level for-await-of (Shelley Vohr) [#23841](#23841) - **zlib**: - add brotli support (Anna Henningsen) [#24938](#24938) PR-URL: #27514
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes