Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v14.x] deps: upgrade openssl to OpenSSL_1_1_1l #39868

Closed
wants to merge 2 commits into from
Closed

[v14.x] deps: upgrade openssl to OpenSSL_1_1_1l #39868

wants to merge 2 commits into from

Conversation

richardlau
Copy link
Member

@github-actions github-actions bot added needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. v14.x labels Aug 24, 2021
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@richardlau
Copy link
Member Author

cc @nodejs/crypto

Is anyone able to validate this? I followed https://github.com/nodejs/node/blob/master/doc/guides/maintaining-openssl.md but 5000+ changed files seems like a lot.

@richardlau
Copy link
Member Author

cc @nodejs/crypto

Is anyone able to validate this? I followed https://github.com/nodejs/node/blob/master/doc/guides/maintaining-openssl.md but 5000+ changed files seems like a lot.

Seems like previously we didn't have deps/openssl/openssl/fuzz/corpora, but it exists upstream, e.g. OpenSSL 1.1.1k: https://github.com/openssl/openssl/tree/OpenSSL_1_1_1k/fuzz/corpora.

@richardlau
deps: upgrade openssl sources to 1.1.1l
6e3fbca 
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1l.tar.gz
    $ mv openssl-1.1.1l openssl
    $ git add --all openssl
    $ git commit openssl
@richardlau
Copy link
Member Author

richardlau commented Aug 24, 2021
edited
Loading

Ah okay I think this is possibly a discrepancy between cloning from GitHub vs the tarball.
https://github.com/nodejs/node/blob/v14.x-staging/doc/guides/maintaining-openssl.md differs from master in using the tarball instead of a git clone/checkout. I'll redo.

@richardlau
deps: update archs files for OpenSSL-1.1.1l
44d7cbc 
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit
@richardlau richardlau force-pushed the v14.x-openssl1.1.1l branch from 8aa2b89 to 44d7cbc Compare August 24, 2021 18:32
@richardlau
Copy link
Member Author

Updated to use the OpenSSL tarball.

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/39663/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/39666/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/39673/

@richardlau
Copy link
Member Author

I've opened a PR to update the maintaining openssl guide to clarify updating for 14.x/12.x: #39878

MylesBorins
MylesBorins approved these changes Aug 28, 2021
View reviewed changes
Copy link
Contributor

@MylesBorins MylesBorins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

MylesBorins pushed a commit that referenced this pull request Aug 28, 2021
@richardlau @MylesBorins
deps: upgrade openssl sources to 1.1.1l
493201d 
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1l.tar.gz
    $ mv openssl-1.1.1l openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #39868
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
MylesBorins pushed a commit that referenced this pull request Aug 28, 2021
@richardlau @MylesBorins
deps: update archs files for OpenSSL-1.1.1l
f8b4dc1 
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #39868
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@MylesBorins
Copy link
Contributor

Landed in 84ed5b0...f8b4dc1

MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Aug 28, 2021
@richardlau @MylesBorins
deps: upgrade openssl sources to 1.1.1l
7137262 
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1l.tar.gz
    $ mv openssl-1.1.1l openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: nodejs#39868
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Aug 28, 2021
@richardlau @MylesBorins
deps: update archs files for OpenSSL-1.1.1l
5b3f70b 
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: nodejs#39868
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@richardlau richardlau deleted the v14.x-openssl1.1.1l branch September 3, 2021 11:00
foxxyz pushed a commit to foxxyz/node that referenced this pull request Oct 18, 2021
@richardlau @foxxyz
deps: upgrade openssl sources to 1.1.1l
c790f6b 
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1l.tar.gz
    $ mv openssl-1.1.1l openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: nodejs#39868
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
foxxyz pushed a commit to foxxyz/node that referenced this pull request Oct 18, 2021
@richardlau @foxxyz
deps: update archs files for OpenSSL-1.1.1l
8e21bfd 
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: nodejs#39868
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tniessen tniessen tniessen approved these changes

@mildsunrise mildsunrise mildsunrise approved these changes

@MylesBorins MylesBorins MylesBorins approved these changes

Assignees
No one assigned
Labels
needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@richardlau @nodejs-github-bot @MylesBorins @mildsunrise @tniessen