Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v16.x] deps: update OpenSSL 1.1.1q+quic #43692

Closed

Conversation

RafaelGSS
Copy link
Member

Updated openssl dep to openssl-1.1.1q using the maintenance guide.

Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-July/000232.html

vmoroz and others added 6 commits June 22, 2022 21:05
PR-URL: nodejs#42459
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>

Backport-PR-URL: nodejs#43293
    [Compiler] Remove untrusted code mitigations.

    These are no longer enabled, so remove the code mitigation logic from
    the codebase.

    BUG=chromium:1003890

    Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704
    Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
    Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: Clemens Backes <clemensb@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#76256}

Refs: v8/v8@4ab70f6
Fixes: nodejs#43296

PR-URL: nodejs#43328
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1p+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: nodejs#43535
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-June/000228.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: nodejs#43535
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-June/000228.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1q+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit
@nodejs-github-bot nodejs-github-bot added dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. v16.x labels Jul 5, 2022
@nodejs-github-bot
Copy link
Collaborator

@RafaelGSS
Copy link
Member Author

Wait for quictls/openssl#89 resolution before merging it. It seems there are a few issues in the Linux building.

@RafaelGSS
Copy link
Member Author

Well, it seems to be: openssl/openssl#18719 a fix. However, I don't see it breaking in our builds, is it safe to land?

@tmshort
Copy link
Contributor

tmshort commented Jul 6, 2022

Please see: quictls/openssl#90

danielleadams added a commit that referenced this pull request Jul 7, 2022
This is a security release.

Notable changes:

* deps:
  * upgrade openssl sources to OpenSSL\_1\_1\_1q (RafaelGSS) #43692
* src:
  * add OpenSSL config appname (Daniel Bevenius) #43124

PR-URL: nodejs-private/node-private#331
@RafaelGSS
Copy link
Member Author

Landed in 2a5712e and c087644

@RafaelGSS RafaelGSS closed this Jul 7, 2022
mwalbeck pushed a commit to mwalbeck/docker-cyberchef that referenced this pull request Jul 12, 2022
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [node](https://github.com/nodejs/node) | stage | minor | `16.15.1-bullseye` -> `16.16.0-bullseye` |

---

### Release Notes

<details>
<summary>nodejs/node</summary>

### [`v16.16.0`](https://github.com/nodejs/node/releases/tag/v16.16.0)

[Compare Source](nodejs/node@v16.15.1...v16.16.0)

This is a security release.

##### Notable changes

-   **deps**:
    -   upgrade openssl sources to OpenSSL\_1\_1\_1q (RafaelGSS) [#&#8203;43692](nodejs/node#43692)
-   **src**:
    -   add OpenSSL config appname (Daniel Bevenius) [#&#8203;43124](nodejs/node#43124)

##### Commits

-   \[[`2303fd3fe5`](nodejs/node@2303fd3fe5)] - **deps**: update archs files for OpenSSL-1.1.1q (RafaelGSS) [#&#8203;43692](nodejs/node#43692)
-   \[[`b219a63c28`](nodejs/node@b219a63c28)] - **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1q (RafaelGSS) [#&#8203;43692](nodejs/node#43692)
-   \[[`c6553a4ef5`](nodejs/node@c6553a4ef5)] - **deps**: update archs files for OpenSSL-1.1.1p+quic (RafaelGSS) [#&#8203;43535](nodejs/node#43535)
-   \[[`e9084a3e90`](nodejs/node@e9084a3e90)] - **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1p+quic (RafaelGSS) [#&#8203;43535](nodejs/node#43535)
-   \[[`1da22eb482`](nodejs/node@1da22eb482)] - **http**: stricter Transfer-Encoding and header separator parsing (Paolo Insogna) [nodejs-private/node-private#&#8203;315](https://github.com/nodejs-private/node-private/pull/315)
-   \[[`754c9bfde0`](nodejs/node@754c9bfde0)] - **src**: fix IPv4 validation in inspector_socket (Tobias Nießen) [nodejs-private/node-private#&#8203;320](https://github.com/nodejs-private/node-private/pull/320)
-   \[[`447cf680b0`](nodejs/node@447cf680b0)] - **(SEMVER-MAJOR)** **src,deps,build,test**: add OpenSSL config appname (Daniel Bevenius) [#&#8203;43124](nodejs/node#43124)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

Reviewed-on: https://git.walbeck.it/mwalbeck/docker-cyberchef/pulls/79
Co-authored-by: renovate-bot <bot@walbeck.it>
Co-committed-by: renovate-bot <bot@walbeck.it>
viceice-bot added a commit to renovate-reproductions/docker-node-versioning-issue that referenced this pull request Aug 10, 2022
##### [\`v16.16.0\`](https://github.com/nodejs/node/releases/tag/v16.16.0)

This is a security release.

##### Notable changes

-   **deps**:
    -   upgrade openssl sources to OpenSSL\_1\_1\_1q (RafaelGSS) [#43692](nodejs/node#43692)
-   **src**:
    -   add OpenSSL config appname (Daniel Bevenius) [#43124](nodejs/node#43124)

##### Commits

-   \[[`2303fd3fe5`](nodejs/node@2303fd3fe5)] - **deps**: update archs files for OpenSSL-1.1.1q (RafaelGSS) [#43692](nodejs/node#43692)
-   \[[`b219a63c28`](nodejs/node@b219a63c28)] - **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1q (RafaelGSS) [#43692](nodejs/node#43692)
-   \[[`c6553a4ef5`](nodejs/node@c6553a4ef5)] - **deps**: update archs files for OpenSSL-1.1.1p+quic (RafaelGSS) [#43535](nodejs/node#43535)
-   \[[`e9084a3e90`](nodejs/node@e9084a3e90)] - **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1p+quic (RafaelGSS) [#43535](nodejs/node#43535)
-   \[[`1da22eb482`](nodejs/node@1da22eb482)] - **http**: stricter Transfer-Encoding and header separator parsing (Paolo Insogna) [nodejs-private/node-private#315](https://github.com/nodejs-private/node-private/pull/315)
-   \[[`754c9bfde0`](nodejs/node@754c9bfde0)] - **src**: fix IPv4 validation in inspector_socket (Tobias Nießen) [nodejs-private/node-private#320](https://github.com/nodejs-private/node-private/pull/320)
-   \[[`447cf680b0`](nodejs/node@447cf680b0)] - **(SEMVER-MAJOR)** **src,deps,build,test**: add OpenSSL config appname (Daniel Bevenius) [#43124](nodejs/node#43124)
guangwong pushed a commit to noslate-project/node that referenced this pull request Oct 10, 2022
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1q+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: nodejs/node#43692
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-July/000232.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
guangwong pushed a commit to noslate-project/node that referenced this pull request Oct 10, 2022
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: nodejs/node#43692
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-July/000232.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
guangwong pushed a commit to noslate-project/node that referenced this pull request Oct 10, 2022
This is a security release.

Notable changes:

* deps:
  * upgrade openssl sources to OpenSSL\_1\_1\_1q (RafaelGSS) nodejs/node#43692
* src:
  * add OpenSSL config appname (Daniel Bevenius) nodejs/node#43124

PR-URL: https://github.com/nodejs-private/node-private/pull/331
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants