-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: export openssl symbols on windows (v4.x) #7676
Conversation
fcdb93d
to
27222f4
Compare
@bnoordhuis can you rebase? I'm going to set this for the LTS agenda so we can discuss the potential breakages before landing. |
If this gets to land, you should also look to land this: #7576 |
ecbcea2
to
63dfd85
Compare
Rebased. New CI: https://ci.nodejs.org/job/node-test-pull-request/3274/ |
There is no technical reason #7576 couldn't land together with this PR but it sets a weird precedent of landing changes in the LTS branch that haven't landed in the stable branch yet. I don't think we want to go there but I'll leave that decision to our release people. |
There is something funny going on with the freebsd buildbot:
The build does seem to succeed though. Other buildbots are green. |
In today's LTS WG meeting we discussed this PR. The opinion was that The potential breakages are a red flag, but this is definitely a candidate if it is going to fix building addons with openssl for windows (without requiring weird hacks). @bnoordhuis would you be willing to put together a Postmortem on this bug. Specifically how long it has been open, and when these changes landed. There are quite a few different threads and it isn't exactly clear when things have happened / landed. |
If by postmortem you mean a quick comment summarizing the chain of events, sure.
|
11da35d
to
63d94ee
Compare
@bnoordhuis this is going to need to be rebased one more time. Since I don't think it is going to land in v4.5.0 I think you should hold off on doing so until after the release to avoid doing it again. I'll ping you when it will be a good time |
The @nodejs/lts WG discussed this today and couldn't come up with a pressing justification to land it in v4.x. @bnoordhuis, if you think this absolutely should be backported, let us know, otherwise we're inclined to leave it be in v4.x |
63dfd85
to
e9d7232
Compare
Without this change, it's impossible to build add-ons on Windows that link against the bundled openssl. That seems like pretty good justification to me. I've rebased the PR, by the way. |
So what about the two accompanying build fixes: #7983 #7576 Especially 7576 as that fix is a direct response to this fix (we missed exporting all OpenSSL functions, so some addons, like my own, still cannot use OpenSSL without 7576). Same goes with zlib which is available on OS X and Linux but not Windows, until 7983. |
I don't think anyone felt super strongly about not having it in v4.x. The key concern would be whether or not there's a non-zero chance of this breaking anyone. |
The only bug report was from someone with an in-house add-on with an ad hoc build system. I think a compelling case can be made that this change is good for security. Add-ons on Windows won't have to ship (and keep up to date) their own copy of openssl anymore. |
Ok, @nodejs/lts ... given that, do any of you feel strongly about this not being backported? |
810f29f
to
9308205
Compare
Add an option to the configure script for building d8. Useful for testing V8 standalone. PR-URL: nodejs#7538 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
There is no test coverage for `assert.notDeepStrictEqual()`. Add some minimal tests. PR-URL: nodejs#8177 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]>
The test does some extra work that isn't necessary because of the way temp directories are handled. The test removes all files from the temp directory with `common.refreshTmpDir()` but still filters the results even though only its files will be in the directory). Refactor to remove that unneeded logic. PR-URL: nodejs#8180 Reviewed-By: Evan Lucas <[email protected]> Reviewed-By: Jeremiah Senkpiel <[email protected]> Reviewed-By: James M Snell <[email protected]>
Previously, an attempt was made to make sure the links state is inherited. Unfortunately, this support was not complete, which results in various unresolved links in the JSON output (as an example, [1] contains `initialized by calling [<code>buf.fill(fill, encoding)</code>][<code>buf.fill()</code>]`). This commit completes that attempt. After this commit, individual instances of the parser (for descriptions) inherit the links state from the root lexer, so that individual Markdown links in descriptions could be resolved. That same example is now substituted with `initialized by calling <a href=\"#buffer_buf_fill_value_offset_end_encoding\"><code>buf.fill(fill, encoding)</code></a>`. [1]: https://nodejs.org/api/buffer.json PR-URL: nodejs#8494 Reviewed-By: Roman Reiss <[email protected]>
PR-URL: nodejs#7915 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Brian White <[email protected]> Reviewed-By: Minwoo Jung <[email protected]> Reviewed-By: James M Snell <[email protected]>
PR-URL: nodejs#8365 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Evan Lucas <[email protected]> Reviewed-By: Sakthipriyan Vairamani <[email protected]>
PR-URL: nodejs#8412 Reviewed-By: Ben Noordhuis <[email protected]>
PR-URL: nodejs#8412 Reviewed-By: Ben Noordhuis <[email protected]>
PR-URL: nodejs#8412 Reviewed-By: Ben Noordhuis <[email protected]>
The RELEASE_URLBASE environment variable is used in releases as a prefix for links in the process.release object. The Makefile picks it and forwards it to configure, but vcbuild.bat did not. Hence, in Windows, Node releases have a correct process.release because it uses the default URL, but nightlies, RCs and so on do not, breaking node-gyp. This enables native modules to be built with such versions of Node. PR-URL: nodejs#8430 Reviewed-By: jbergstroem - Johan Bergström <[email protected]>
`convertNPNProtocols` and `convertALPNProtocols' uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it. PR-URL: nodejs#8055 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Franziska Hinkelmann <[email protected]>
Fix handle leaks in Buffer::New() and Buffer::Copy() by creating the handle scope before looking up the env with Environment::GetCurrent(). Environment::GetCurrent() calls v8::Isolate::GetCurrentContext(), which creates a handle in the current scope, i.e., the scope created by the caller of Buffer::New() or Buffer::Copy(). PR-URL: nodejs#7711 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Trevor Norris <[email protected]>
Create a handle scope before performing a check that creates a handle, otherwise the handle is leaked into the handle scope of the caller. PR-URL: nodejs#7711 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Trevor Norris <[email protected]>
Create a handle scope before performing a check that creates a handle, otherwise the handle is leaked into the handle scope of the caller. PR-URL: nodejs#7711 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Trevor Norris <[email protected]>
API function callbacks run inside an implicit HandleScope. We don't need to explicitly create one and in fact introduce some unnecessary overhead when we do. PR-URL: nodejs#7711 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Trevor Norris <[email protected]>
Incorrect string length calculation when passing escaped dot. - CVE: CVE-2016-5180 - Upstream bug: https://c-ares.haxx.se/adv_20160929.html Ref: nodejs#9037 PR-URL: nodejs#8849 Reviewed-By: Myles Borins <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: Fedor Indutny <[email protected]>
Run `npm install` before building the documentation from release tarballs. The doctool currently depends on `js-yaml`, which is imported from the `tools/eslint` subtree; however, release tarballs don’t contain that directory. Running `npm install` is clearly not a beautiful solution, but it works. Fixes: nodejs#7872 PR-URL: nodejs#8413 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: James M Snell <[email protected]>
Export symbols from the bundled openssl for add-ons to link against. Fixes: nodejs/node-v0.x-archive#4051 PR-URL: nodejs#6274 Reviewed-By: James M Snell <[email protected]>
This exports even more openssl symbols when building on Windows. SSL_set_fd is one example of added symbol. PR-URL: nodejs#7576 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Roman Reiss <[email protected]>
e9d7232
to
5087643
Compare
@nodejs/lts Rebased and included #7576. |
@bnoordhuis I've added the semver minor tag for the inclusion of #7576. |
15ec16e
to
9049c1f
Compare
landed in 279e30c...84849f1 |
R=@thealphanerd
TBD if it should be back-ported to LTS. There was at least one report of add-on breakage caused by exporting openssl symbols (ref: #7608) although that was arguably more of an issue with the add-on.
CI: https://ci.nodejs.org/job/node-test-pull-request/3266/