-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pending OpenSSL 1.0.2b upgrade #1921
Comments
/cc @nodejs/crypto |
I've just made a test branch for upgrading the current HEAD of openssl-1.0.2 branch in There no longer need to apply several floating patches of openssl to iojs so upgrading procedure gets more simpler. I'll update the doc. |
OpenSSL-1.0.2b has just been released. Just looking the advisory at a glance, Malformed ECParameters causes infinite loop (CVE-2015-1788) seems to affect. Update Branch: https://github.com/shigeki/io.js/tree/openssl-1.0.2b |
This just replaces all sources of openssl-1.0.2b.tar.gz into deps/openssl/openssl Fixes: nodejs#1921 PR-URL: nodejs#1950 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Change all openssl/include/openssl/*.h to include resolved symbolic links and openssl/crypto/opensslconf.h to refer config/opensslconf.h Fixes: nodejs#1921 PR-URL: nodejs#1950 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
asm files are generated as - In `deps/openssl/asm/`, make with CC=gcc and ASM=nasm - In `deps/openssl/asm_obsolute/`, make with no envs for compilers Fixes: nodejs#1921 PR-URL: nodejs#1950 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This just replaces all sources of openssl-1.0.2b.tar.gz into deps/openssl/openssl Fixes: nodejs#1921 PR-URL: nodejs#1950 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Change all openssl/include/openssl/*.h to include resolved symbolic links and openssl/crypto/opensslconf.h to refer config/opensslconf.h Fixes: nodejs#1921 PR-URL: nodejs#1950 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
asm files are generated as - In `deps/openssl/asm/`, make with CC=gcc and ASM=nasm - In `deps/openssl/asm_obsolute/`, make with no envs for compilers Fixes: nodejs#1921 PR-URL: nodejs#1950 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Upgrading to 1.0.2b were finished to master and v1.x branch in #1950. |
https://mta.openssl.org/pipermail/openssl-announce/2015-June/000027.html
In a couple of days, on the 11th, there will be a new release containing security fixes. The highest of these is classified as "moderate" so this ought not be a big drama but it would be good for us to be on top of this and have a release out within a day or two max.
The text was updated successfully, but these errors were encountered: