Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL 1.0.2l this week #13161

Closed
rvagg opened this issue May 23, 2017 · 5 comments
Closed

OpenSSL 1.0.2l this week #13161

rvagg opened this issue May 23, 2017 · 5 comments
Assignees
@danbev
Labels
openssl Issues and PRs related to the OpenSSL dependency.

Comments

@rvagg
Copy link
Member

rvagg commented May 23, 2017 

 Forthcoming OpenSSL releases
============================

The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.0.2l and 1.1.0f.

These releases will be made available on 25th May 2017 between
approximately 1200-1600 UTC.

Note: These are bug-fix only releases. No security defects are addressed
in these releases.

Please also note that, as per our previous announcements, support for
1.0.1 ended on 31st December 2016.

"These are bug-fix only releases" i.e. I don't believe we'll be rushing anything here, nor does there appear to be a need for an announcement on this (unless somehow this release makes a bit of noise that is unsettling to some just because it's OpenSSL and that's unsettling in itself). So I imagine we'll just be seeing this slot in as a normal dependency upgrade across our active release lines which are all on 1.0.2.

@nodejs/security @nodejs/security-wg — if there are any alternative ideas on policy or procedure on this one please let us know.
@shigeki
Copy link
Contributor

shigeki commented May 23, 2017

As long as I see commit logs up to the latest HEAD of 1.0.2, there are several bug fixes in ssl and crypto but no security fixes of even low severity.

The back-ported patch of f439065 was applied to Node in a few weeks ago and it is no longer needed after upgrading.

I think we need not a security assessment of this openssl release and are not in a hurry to release Node.

@nodejs/collaborators I call someone for a volunteer to work on upgrading of the openssl. Its procedure is written in https://github.com/nodejs/node/blob/master/deps/openssl/doc/UPGRADING.md and I will be a reviewer.

@mscdex mscdex added the openssl Issues and PRs related to the OpenSSL dependency. label May 23, 2017
@danbev
Copy link
Contributor

danbev commented May 23, 2017

I call someone for a volunteer to work on upgrading of the openssl.

I'd be happy to take a look at this.

@shigeki
Copy link
Contributor

shigeki commented May 23, 2017

@danbev Okay, please check the doc and ask me if you have any questions. After releasing openssl-1.0.2l on 25th May, you can submit a PR and run CI. I will review it.

@danbev danbev self-assigned this May 23, 2017
@rvagg
Copy link
Member Author

rvagg commented May 25, 2017

It's out now, https://www.openssl.org/news/openssl-1.0.2-notes.html, I haven't looked at the diff but the release notes are underwhelming:

config now recognises 64-bit mingw and chooses mingw64 instead of mingw

@danbev
Copy link
Contributor

danbev commented May 26, 2017

It's out now, https://www.openssl.org/news/openssl-1.0.2-notes.html, I haven't looked at the diff but the release notes are underwhelming:

Great, I'm going to take a look at this today.

@danbev danbev mentioned this issue May 26, 2017
Closed
2 tasks
@shigeki shigeki closed this as completed in bd4a534 Jun 2, 2017
shigeki pushed a commit that referenced this issue Jun 2, 2017
@danbev @shigeki
deps: copy all openssl header files to include dir
51ed26e 
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: #13161
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
shigeki pushed a commit that referenced this issue Jun 2, 2017
@danbev @shigeki
deps: update openssl config files
34b79ca 
Regenerate config files for supported platforms with Makefile.

Fixes: #13161
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
shigeki pushed a commit that referenced this issue Jun 2, 2017
@danbev @shigeki
deps: update openssl asm and asm_obsolete files
a60d3ea 
Regenerate asm files with Makefile and CC=gcc and ASM=nasm where gcc
version was 5.4.0 and nasm version was 2.11.08.

Also asm files in asm_obsolete dir to support old compiler and
assembler are regenerated without CC and ASM envs.

Fixes: #13161
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
shigeki pushed a commit that referenced this issue Jun 2, 2017
@danbev @shigeki
doc: add missing make command to UPGRADING.md
d63ff23 
Added the missing make command in steps 6.3 when building
asm_obsolete.

Also updated the commit message to include the version nasm in
addition to the gcc version.

Fixes: #13161
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
jasnell pushed a commit that referenced this issue Jun 5, 2017
@danbev @jasnell
deps: upgrade openssl sources to 1.0.2l
d9191f6 
This replaces all sources of openssl-1.0.2l.tar.gz into
deps/openssl/openssl

Fixes: #13161
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
jasnell pushed a commit that referenced this issue Jun 5, 2017
@danbev @jasnell
deps: copy all openssl header files to include dir
dd93fa6 
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: #13161
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
jasnell pushed a commit that referenced this issue Jun 5, 2017
@danbev @jasnell
deps: update openssl config files
6f57554 
Regenerate config files for supported platforms with Makefile.

Fixes: #13161
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
jasnell pushed a commit that referenced this issue Jun 5, 2017
@danbev @jasnell
deps: update openssl asm and asm_obsolete files
035a81b 
Regenerate asm files with Makefile and CC=gcc and ASM=nasm where gcc
version was 5.4.0 and nasm version was 2.11.08.

Also asm files in asm_obsolete dir to support old compiler and
assembler are regenerated without CC and ASM envs.

Fixes: #13161
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
jasnell pushed a commit that referenced this issue Jun 5, 2017
@danbev @jasnell
doc: add missing make command to UPGRADING.md
90417e8 
Added the missing make command in steps 6.3 when building
asm_obsolete.

Also updated the commit message to include the version nasm in
addition to the gcc version.

Fixes: #13161
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
shigeki pushed a commit to shigeki/node that referenced this issue Jun 15, 2017
@danbev @shigeki
deps: upgrade openssl sources to 1.0.2l
d6851ff 
This replaces all sources of openssl-1.0.2l.tar.gz into
deps/openssl/openssl

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
shigeki pushed a commit to shigeki/node that referenced this issue Jun 15, 2017
@danbev @shigeki
deps: copy all openssl header files to include dir
b8f866a 
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
shigeki pushed a commit to shigeki/node that referenced this issue Jun 15, 2017
@danbev @shigeki
deps: update openssl config files
7dd81b9 
Regenerate config files for supported platforms with Makefile.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
shigeki pushed a commit to shigeki/node that referenced this issue Jun 15, 2017
@danbev @shigeki
deps: update openssl asm and asm_obsolete files
ecaa828 
Regenerate asm files with Makefile and CC=gcc and ASM=nasm where gcc
version was 5.4.0 and nasm version was 2.11.08.

Also asm files in asm_obsolete dir to support old compiler and
assembler are regenerated without CC and ASM envs.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
shigeki pushed a commit to shigeki/node that referenced this issue Jun 15, 2017
@danbev @shigeki
doc: add missing make command to UPGRADING.md
a7b32c5 
Added the missing make command in steps 6.3 when building
asm_obsolete.

Also updated the commit message to include the version nasm in
addition to the gcc version.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
gibfahn pushed a commit to gibfahn/node that referenced this issue Jun 17, 2017
@danbev @gibfahn
deps: upgrade openssl sources to 1.0.2l
d319015 
This replaces all sources of openssl-1.0.2l.tar.gz into
deps/openssl/openssl

Fixes: nodejs#13161
PR-URL: nodejs#13233
Backport-PR-URL: nodejs#13695
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
gibfahn pushed a commit to gibfahn/node that referenced this issue Jun 17, 2017
@danbev @gibfahn
deps: copy all openssl header files to include dir
b0b52bc 
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Backport-PR-URL: nodejs#13695
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
@MaxMood96 MaxMood96 mentioned this issue Jun 22, 2023
Open
This was referenced Jun 22, 2023
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
@kissofire kissofire mentioned this issue Jun 25, 2023
Open
This was referenced Jul 6, 2023
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
abhishekumar-tyagi pushed a commit to abhishekumar-tyagi/node that referenced this issue May 5, 2024
@danbev @shigeki
deps: upgrade openssl sources to 1.0.2l
ab3bb3b 
This replaces all sources of openssl-1.0.2l.tar.gz into
deps/openssl/openssl

Fixes: nodejs/node#13161
PR-URL: nodejs/node#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
abhishekumar-tyagi pushed a commit to abhishekumar-tyagi/node that referenced this issue May 5, 2024
@danbev @shigeki
deps: copy all openssl header files to include dir
cf4ac72 
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: nodejs/node#13161
PR-URL: nodejs/node#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
abhishekumar-tyagi pushed a commit to abhishekumar-tyagi/node that referenced this issue May 5, 2024
@danbev @shigeki
deps: update openssl config files
3f2bb80 
Regenerate config files for supported platforms with Makefile.

Fixes: nodejs/node#13161
PR-URL: nodejs/node#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
abhishekumar-tyagi pushed a commit to abhishekumar-tyagi/node that referenced this issue May 5, 2024
@danbev @shigeki
deps: update openssl asm and asm_obsolete files
305596e 
Regenerate asm files with Makefile and CC=gcc and ASM=nasm where gcc
version was 5.4.0 and nasm version was 2.11.08.

Also asm files in asm_obsolete dir to support old compiler and
assembler are regenerated without CC and ASM envs.

Fixes: nodejs/node#13161
PR-URL: nodejs/node#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
abhishekumar-tyagi pushed a commit to abhishekumar-tyagi/node that referenced this issue May 5, 2024
@danbev @shigeki
doc: add missing make command to UPGRADING.md
077fae1 
Added the missing make command in steps 6.3 when building
asm_obsolete.

Also updated the commit message to include the version nasm in
addition to the gcc version.

Fixes: nodejs/node#13161
PR-URL: nodejs/node#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danbev danbev

Labels
openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mscdex @danbev @rvagg @shigeki