[v14.x] Update openssl 1.1.1i #36521

MylesBorins · 2020-12-15T04:22:28Z

Manually created this on v14.x as we don't need all the quic patches that are included in #36520

I've checked and this will cleanly cherry-pick to 12.x and 10.x

tarball for update: https://www.openssl.org/source/openssl-1.1.1i.tar.gz

/cc @nodejs/crypto @nodejs/lts

nodejs-github-bot · 2020-12-15T04:24:02Z

CI: https://ci.nodejs.org/job/node-test-pull-request/34943/

nodejs-github-bot · 2020-12-15T12:03:32Z

CI: https://ci.nodejs.org/job/node-test-pull-request/34947/

richardlau · 2020-12-15T16:32:10Z

The second commit should be titled deps: update archs files for OpenSSL-1.1.1i.

richardlau · 2020-12-15T18:59:50Z

These commits cherry-pick cleanly onto v12.x-staging but not onto v10.x-staging.

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1i.tar.gz $ mv openssl-1.1.1i openssl $ git add --all openssl $ git commit openssl

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make gen-openssl $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit

richardlau · 2020-12-16T15:56:59Z

These commits cherry-pick cleanly onto v12.x-staging but not onto v10.x-staging.

So I've dug a bit and it's not expected to be able to cherry-pick the openssl config from v12.x+ back to v10.x, see #32971 (comment). I've opened #36541 to manually backport the openssl update to v10.x-staging.

mhdawson

Rubber stamp LGTM

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1i.tar.gz $ mv openssl-1.1.1i openssl $ git add --all openssl $ git commit openssl PR-URL: #36521 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make gen-openssl $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #36521 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>

MylesBorins · 2020-12-17T02:55:38Z

landed in f9f01b9...12a0111

MylesBorins · 2020-12-17T02:57:30Z

Backported to v12.x in 76ea9c5...941b1ab

CI: https://ci.nodejs.org/job/node-test-commit/42998/

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1i.tar.gz $ mv openssl-1.1.1i openssl $ git add --all openssl $ git commit openssl PR-URL: #36521 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make gen-openssl $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #36521 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>

richardlau · 2020-12-17T12:53:14Z

Backported to v12.x in 76ea9c5...941b1ab

FYI These commits were missing metadata. I've force pushed the commits with metadata added to v12.x-staging as 76ea9c5...96ec482.

MylesBorins · 2020-12-17T15:59:46Z

@richardlau thanks for getting that, apologies

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1i.tar.gz $ mv openssl-1.1.1i openssl $ git add --all openssl $ git commit openssl PR-URL: #36521 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make gen-openssl $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #36521 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>

MylesBorins added the v14.x label Dec 15, 2020

MylesBorins requested review from jasnell, richardlau and BethGriggs December 15, 2020 04:22

nodejs-github-bot added the openssl Issues and PRs related to the OpenSSL dependency. label Dec 15, 2020

MylesBorins added request-ci Add this label to start a Jenkins CI on a PR. and removed request-ci Add this label to start a Jenkins CI on a PR. labels Dec 15, 2020

richardlau approved these changes Dec 15, 2020

View reviewed changes

MylesBorins force-pushed the update-openssl-1.1.1i-14.x branch from 6cf7cf5 to 7051246 Compare December 15, 2020 17:23

BethGriggs force-pushed the v14.x-staging branch from 4b315a5 to 71c3efe Compare December 15, 2020 21:29

codebytere approved these changes Dec 15, 2020

View reviewed changes

MylesBorins added 2 commits December 15, 2020 18:43

deps: upgrade openssl sources to 1.1.1i

3440581

This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1i.tar.gz $ mv openssl-1.1.1i openssl $ git add --all openssl $ git commit openssl

MylesBorins force-pushed the update-openssl-1.1.1i-14.x branch from 7051246 to 84c9983 Compare December 15, 2020 23:43

richardlau mentioned this pull request Dec 16, 2020

[v10.x] Update openssl 1.1.1i #36541

Merged

2 tasks

richardlau added the lts-watch-v12.x label Dec 16, 2020

mhdawson approved these changes Dec 16, 2020

View reviewed changes

MylesBorins closed this Dec 17, 2020

MylesBorins added backported-to-v12.x and removed lts-watch-v12.x labels Dec 17, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[v14.x] Update openssl 1.1.1i #36521

[v14.x] Update openssl 1.1.1i #36521

MylesBorins commented Dec 15, 2020

nodejs-github-bot commented Dec 15, 2020

nodejs-github-bot commented Dec 15, 2020

richardlau commented Dec 15, 2020

richardlau commented Dec 15, 2020

richardlau commented Dec 16, 2020

mhdawson left a comment

MylesBorins commented Dec 17, 2020

MylesBorins commented Dec 17, 2020

richardlau commented Dec 17, 2020

MylesBorins commented Dec 17, 2020

[v14.x] Update openssl 1.1.1i #36521

[v14.x] Update openssl 1.1.1i #36521

Conversation

MylesBorins commented Dec 15, 2020

nodejs-github-bot commented Dec 15, 2020

nodejs-github-bot commented Dec 15, 2020

richardlau commented Dec 15, 2020

richardlau commented Dec 15, 2020

richardlau commented Dec 16, 2020

mhdawson left a comment

Choose a reason for hiding this comment

MylesBorins commented Dec 17, 2020

MylesBorins commented Dec 17, 2020

richardlau commented Dec 17, 2020

MylesBorins commented Dec 17, 2020