Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to openssl-1.0.2c #1958

Closed
wants to merge 7 commits into from
Closed

Conversation

shigeki
Copy link
Contributor

@shigeki shigeki commented Jun 12, 2015

This is a upgrade to openssl-1.0.2c. I made the same procedure as that of openssl-1.0.2b.
But I missed to land doc change to the master at the last update so that the commit of UPGRADING.md
is reapplied for openssl-1.0.2c.

CI is https://jenkins-iojs.nodesource.com/job/iojs+any-pr+multi/821/ . #1953 is not yet landed to the master by mistake. So test-cluster-worker-wait-server-close.js are still failed on some platforms.

A new error in win2008r2 is "Error: Not enough storage is available to process this command." in test-debug-port-from-cmdline.js. That seems to be an another issue related CI environment.

R= @indutny or @bnoordhuis This is a small fix so that either of you is enough to review.

Shigeki Ohtsu and others added 7 commits June 13, 2015 00:56
This just replaces all sources of openssl-1.0.2c.tar.gz
into deps/openssl/openssl
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: nodejs#1461
PR-URL: nodejs#1836
Reviewed-By: Ben Noordhuis <[email protected]>
Change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h
@shigeki shigeki mentioned this pull request Jun 12, 2015
@indutny
Copy link
Member

indutny commented Jun 12, 2015

LGTM!

@indutny
Copy link
Member

indutny commented Jun 12, 2015

Thank you

shigeki pushed a commit that referenced this pull request Jun 12, 2015
This just replaces all sources of openssl-1.0.2c.tar.gz
into deps/openssl/openssl

PR-URL: #1958
Reviewed-By: Fedor Indutny <[email protected]>
shigeki pushed a commit that referenced this pull request Jun 12, 2015
Change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h

PR-URL: #1958
Reviewed-By: Fedor Indutny <[email protected]>
shigeki pushed a commit that referenced this pull request Jun 12, 2015
@thefourtheye
Copy link
Contributor

One of the commit messages start with openssl, is that okay?

@shigeki
Copy link
Contributor Author

shigeki commented Jun 12, 2015

@indutny Thanks for your quick review.
Landed in 86737cf c66c3d9 42a8de2 2eb1708 664a659 6b3df92 and 2a7fd0a to master.

@shigeki
Copy link
Contributor Author

shigeki commented Jun 12, 2015

@thefourtheye Do you mean its captial? I think everyone can understand it.

shigeki pushed a commit to shigeki/node that referenced this pull request Jun 12, 2015
This just replaces all sources of openssl-1.0.2c.tar.gz
into deps/openssl/openssl

PR-URL: nodejs#1958
Reviewed-By: Fedor Indutny <[email protected]>
shigeki pushed a commit to shigeki/node that referenced this pull request Jun 12, 2015
Change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h

PR-URL: nodejs#1958
Reviewed-By: Fedor Indutny <[email protected]>
shigeki pushed a commit to shigeki/node that referenced this pull request Jun 12, 2015
@shigeki
Copy link
Contributor Author

shigeki commented Jun 12, 2015

@mscdex mscdex added the openssl Issues and PRs related to the OpenSSL dependency. label Jun 12, 2015
@shigeki
Copy link
Contributor Author

shigeki commented Jun 12, 2015

CI is happy.
Landed in e548abb b2467e3 a472946 5c29c0c 310b8d1 0e2d068 and a971255 to v1.x branch.

@shigeki shigeki closed this Jun 12, 2015
@shigeki
Copy link
Contributor Author

shigeki commented Jun 12, 2015

Oh, there was one new test failure of test-timers-first-fire.js on win2008r2. It seems to come from a timing issue not related to the openssl.

@mscdex
Copy link
Contributor

mscdex commented Jun 12, 2015

These were added to v1.x, but aren't we backporting from master instead (otherwise 2.x won't have these changes)?

@Fishrock123
Copy link
Contributor

It landed on both, fine to me. try not to do that but it is ok for some fixes so long as it's also on master.

rvagg added a commit that referenced this pull request Jun 13, 2015
Notable Changes:

* libuv: Upgraded to 1.6.0 and 1.6.1, see full ChangeLog for details.
  (Saúl Ibarra Corretgé) #1905 #1889. Highlights include:
  - Fix TTY becoming blocked on OS X
  - Fix UDP send callbacks to not to be synchronous
  - Add uv_os_homedir() (exposed as os.homedir(), see below)
* npm: See full release notes for details. (Kat Marchán) #1899. Highlight:
  - Use GIT_SSH_COMMAND (available as of Git 2.3)
* openssl:
  - Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection
    (Logjam) and fixes malformed ECParameters causing infinite loop
    (CVE-2015-1788). See the security advisory for full details.
    (Shigeki Ohtsu) #1950 #1958
  - Support FIPS mode of OpenSSL, see README for instructions.
    (Fedor Indutny) #1890
* os: Add os.homedir() method. (Colin Ihrig) #1791
* smalloc: Deprecate whole module. (Vladimir Kurchatkin) #1822
* Add new collaborators:
  - Alex Kocharin (@rlidwka)
  - Christopher Monsanto (@monsanto)
  - Ali Ijaz Sheikh (@ofrobots)
  - Oleg Elifantiev (@Olegas)
  - Domenic Denicola (@domenic)
  - Rich Trott (@Trott)
rvagg added a commit that referenced this pull request Jul 4, 2015
Maintenance release

Notable Changes:

* v8: Fixed an out-of-band write in utf8 decoder. This is an important
  security update as it can be used to cause a denial of service
  attack.
* openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE
  man-in-the-middle protection (Logjam) and fixes malformed
  ECParameters causing infinite loop (CVE-2015-1788). See the
  security advisory for full details. (Shigeki Ohtsu) #1950 #1958
* build:
  - Added support for compiling with Microsoft Visual C++ 2015
  - Started building and distributing headers-only tarballs along with
    binaries
rvagg added a commit to rvagg/io.js that referenced this pull request Sep 16, 2015
Maintenance release

Notable Changes:

* v8: Fixed an out-of-band write in utf8 decoder. This is an important
  security update as it can be used to cause a denial of service
  attack.
* openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE
  man-in-the-middle protection (Logjam) and fixes malformed
  ECParameters causing infinite loop (CVE-2015-1788). See the
  security advisory for full details. (Shigeki Ohtsu) nodejs#1950 nodejs#1958
* build:
  - Added support for compiling with Microsoft Visual C++ 2015
  - Started building and distributing headers-only tarballs along with
    binaries
ChALkeR pushed a commit to ChALkeR/io.js that referenced this pull request Dec 20, 2015
Maintenance release

Notable Changes:

* v8: Fixed an out-of-band write in utf8 decoder. This is an important
  security update as it can be used to cause a denial of service
  attack.
* openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE
  man-in-the-middle protection (Logjam) and fixes malformed
  ECParameters causing infinite loop (CVE-2015-1788). See the
  security advisory for full details. (Shigeki Ohtsu) nodejs#1950 nodejs#1958
* build:
  - Added support for compiling with Microsoft Visual C++ 2015
  - Started building and distributing headers-only tarballs along with
    binaries
scovetta pushed a commit to scovetta/node that referenced this pull request Apr 2, 2016
Maintenance release

Notable Changes:

* v8: Fixed an out-of-band write in utf8 decoder. This is an important
  security update as it can be used to cause a denial of service
  attack.
* openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE
  man-in-the-middle protection (Logjam) and fixes malformed
  ECParameters causing infinite loop (CVE-2015-1788). See the
  security advisory for full details. (Shigeki Ohtsu) nodejs#1950 nodejs#1958
* build:
  - Added support for compiling with Microsoft Visual C++ 2015
  - Started building and distributing headers-only tarballs along with
    binaries
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants