Upgrade to openssl-1.0.2c #1958
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This just replaces all sources of openssl-1.0.2c.tar.gz into deps/openssl/openssl
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
Reapply b910613 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
In openssl s_client on Windows, RAND_screen() is invoked to initialize random state but it takes several seconds in each connection. This added -no_rand_screen to openssl s_client on Windows to skip RAND_screen() and gets a better performance in the unit test of test-tls-server-verify. Do not enable this except to use in the unit test. Fixes: nodejs#1461 PR-URL: nodejs#1836 Reviewed-By: Ben Noordhuis <[email protected]>
Change all openssl/include/openssl/*.h to include resolved symbolic links and openssl/crypto/opensslconf.h to refer config/opensslconf.h
|
LGTM! |
|
Thank you |
shigeki
pushed a commit
that referenced
this pull request
Jun 12, 2015
This just replaces all sources of openssl-1.0.2c.tar.gz into deps/openssl/openssl PR-URL: #1958 Reviewed-By: Fedor Indutny <[email protected]>
shigeki
pushed a commit
that referenced
this pull request
Jun 12, 2015
Change all openssl/include/openssl/*.h to include resolved symbolic links and openssl/crypto/opensslconf.h to refer config/opensslconf.h PR-URL: #1958 Reviewed-By: Fedor Indutny <[email protected]>
shigeki
pushed a commit
that referenced
this pull request
Jun 12, 2015
PR-URL: #1958 Reviewed-By: Fedor Indutny <[email protected]>
|
One of the commit messages start with openssl, is that okay? |
|
@thefourtheye Do you mean its captial? I think everyone can understand it. |
shigeki
pushed a commit
to shigeki/node
that referenced
this pull request
Jun 12, 2015
This just replaces all sources of openssl-1.0.2c.tar.gz into deps/openssl/openssl PR-URL: nodejs#1958 Reviewed-By: Fedor Indutny <[email protected]>
shigeki
pushed a commit
to shigeki/node
that referenced
this pull request
Jun 12, 2015
Change all openssl/include/openssl/*.h to include resolved symbolic links and openssl/crypto/opensslconf.h to refer config/opensslconf.h PR-URL: nodejs#1958 Reviewed-By: Fedor Indutny <[email protected]>
shigeki
pushed a commit
to shigeki/node
that referenced
this pull request
Jun 12, 2015
PR-URL: nodejs#1958 Reviewed-By: Fedor Indutny <[email protected]>
|
Oh, there was one new test failure of test-timers-first-fire.js on win2008r2. It seems to come from a timing issue not related to the openssl. |
|
These were added to v1.x, but aren't we backporting from master instead (otherwise 2.x won't have these changes)? |
|
It landed on both, fine to me. try not to do that but it is ok for some fixes so long as it's also on master. |
rvagg
added a commit
that referenced
this pull request
Jun 13, 2015
Notable Changes: * libuv: Upgraded to 1.6.0 and 1.6.1, see full ChangeLog for details. (Saúl Ibarra Corretgé) #1905 #1889. Highlights include: - Fix TTY becoming blocked on OS X - Fix UDP send callbacks to not to be synchronous - Add uv_os_homedir() (exposed as os.homedir(), see below) * npm: See full release notes for details. (Kat Marchán) #1899. Highlight: - Use GIT_SSH_COMMAND (available as of Git 2.3) * openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the security advisory for full details. (Shigeki Ohtsu) #1950 #1958 - Support FIPS mode of OpenSSL, see README for instructions. (Fedor Indutny) #1890 * os: Add os.homedir() method. (Colin Ihrig) #1791 * smalloc: Deprecate whole module. (Vladimir Kurchatkin) #1822 * Add new collaborators: - Alex Kocharin (@rlidwka) - Christopher Monsanto (@monsanto) - Ali Ijaz Sheikh (@ofrobots) - Oleg Elifantiev (@Olegas) - Domenic Denicola (@domenic) - Rich Trott (@Trott)
rvagg
added a commit
that referenced
this pull request
Jul 4, 2015
Maintenance release Notable Changes: * v8: Fixed an out-of-band write in utf8 decoder. This is an important security update as it can be used to cause a denial of service attack. * openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the security advisory for full details. (Shigeki Ohtsu) #1950 #1958 * build: - Added support for compiling with Microsoft Visual C++ 2015 - Started building and distributing headers-only tarballs along with binaries
rvagg
added a commit
to rvagg/io.js
that referenced
this pull request
Sep 16, 2015
Maintenance release Notable Changes: * v8: Fixed an out-of-band write in utf8 decoder. This is an important security update as it can be used to cause a denial of service attack. * openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the security advisory for full details. (Shigeki Ohtsu) nodejs#1950 nodejs#1958 * build: - Added support for compiling with Microsoft Visual C++ 2015 - Started building and distributing headers-only tarballs along with binaries
ChALkeR
pushed a commit
to ChALkeR/io.js
that referenced
this pull request
Dec 20, 2015
Maintenance release Notable Changes: * v8: Fixed an out-of-band write in utf8 decoder. This is an important security update as it can be used to cause a denial of service attack. * openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the security advisory for full details. (Shigeki Ohtsu) nodejs#1950 nodejs#1958 * build: - Added support for compiling with Microsoft Visual C++ 2015 - Started building and distributing headers-only tarballs along with binaries
scovetta
pushed a commit
to scovetta/node
that referenced
this pull request
Apr 2, 2016
Maintenance release Notable Changes: * v8: Fixed an out-of-band write in utf8 decoder. This is an important security update as it can be used to cause a denial of service attack. * openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the security advisory for full details. (Shigeki Ohtsu) nodejs#1950 nodejs#1958 * build: - Added support for compiling with Microsoft Visual C++ 2015 - Started building and distributing headers-only tarballs along with binaries
This was referenced Jun 22, 2023
This was referenced Jul 7, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a upgrade to openssl-1.0.2c. I made the same procedure as that of openssl-1.0.2b.
But I missed to land doc change to the master at the last update so that the commit of UPGRADING.md
is reapplied for openssl-1.0.2c.
CI is https://jenkins-iojs.nodesource.com/job/iojs+any-pr+multi/821/ . #1953 is not yet landed to the master by mistake. So test-cluster-worker-wait-server-close.js are still failed on some platforms.
A new error in win2008r2 is "Error: Not enough storage is available to process this command." in test-debug-port-from-cmdline.js. That seems to be an another issue related CI environment.
R= @indutny or @bnoordhuis This is a small fix so that either of you is enough to review.