Upgrade to OpenSSL-1.1.0h by shigeki · Pull Request #19794 · nodejs/node
labels
labels
4 tasks
codebytere added a commit that referenced this pull request
Notable changes: * deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794) * src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093) * tls: * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951) * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951) * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951) * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951) * support TLSv1.3 (Sam Roberts) [#26209](#26209) * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729)
BethGriggs added a commit that referenced this pull request
Notable changes:
* assert:
* improve performance to instantiate errors (Ruben Bridgewater)
[#26738](#26738)
* validate required arguments (Ruben Bridgewater)
[#26641](#26641)
* adjust loose assertions (Ruben Bridgewater)
[#25008](#25008)
* async_hooks:
* remove deprecated emitBefore and emitAfter (Matteo Collina)
[#26530](#26530)
* remove promise object from resource (Andreas Madsen)
[#23443](#23443)
* bootstrap
* make Buffer and process non-enumerable (Ruben Bridgewater)
[#24874](#24874)
* buffer:
* use stricter range checks (Ruben Bridgewater)
[#27045](#27045)
* harden SlowBuffer creation (ZYSzys)
[#26272](#26272)
* harden validation of buffer allocation size (ZYSzys)
[#26162](#26162)
* do proper error propagation in addon methods (Anna Henningsen)
[#23939](#23939)
* child_process:
* change the defaults maxBuffer size (kohta ito)
[#27179](#27179)
* harden fork arguments validation (ZYSzys)
[#27039](#27039)
* use non-infinite maxBuffer defaults (kohta ito)
[#23027](#23027)
* console:
* don't use ANSI escape codes when TERM=dumb (Vladislav Kaminsky)
[#26261](#26261)
* crypto:
* remove legacy native handles (Tobias Nießen)
[#27011](#27011)
* decode missing passphrase errors (Tobias Nießen)
[#25208](#25208)
* move DEP0113 to End-of-Life (Tobias Nießen)
[#26249](#26249)
* remove deprecated crypto.\_toBuf (Tobias Nießen)
[#25338](#25338)
* set `DEFAULT\_ENCODING` property to non-enumerable
(Antoine du Hamel)
[#23222](#23222)
* deps:
* silence irrelevant V8 warning (Michaël Zasso)
[#26685](#26685)
* update postmortem metadata generation script (cjihrig)
[#26685](#26685)
* V8: un-cherry-pick bd019bd (Refael Ackermann)
[#26685](#26685)
* V8: cherry-pick 6 commits (Michaël Zasso)
[#26685](#26685)
* V8: cherry-pick d82c9af (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick e5f01ba (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick d5f08e4 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 6b09d21 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick f0bb5d2 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 5b0510d (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 91f0cd0 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 392316d (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 2f79d68 (Anna Henningsen)
[#26685](#26685)
* sync V8 gypfiles with 7.4 (Ujjwal Sharma)
[#26685](#26685)
* update V8 to 7.4.288.13 (Ujjwal Sharma)
[#26685](#26685)
* bump minimum icu version to 63 (Ujjwal Sharma)
[#25852](#25852)
* silence irrelevant V8 warnings (Michaël Zasso)
[#25852](#25852)
* V8: cherry-pick 7803fa6 (Jon Kunkee)
[#25852](#25852)
* V8: cherry-pick 58cefed (Jon Kunkee)
[#25852](#25852)
* V8: cherry-pick d3308d0 (Michaël Zasso)
[#25852](#25852)
* V8: cherry-pick 74571c8 (Michaël Zasso)
[#25852](#25852)
* cherry-pick fc0ddf5 from upstream V8 (Anna Henningsen)
[#25852](#25852)
* sync V8 gypfiles with 7.3 (Ujjwal Sharma)
[#25852](#25852)
* sync V8 gypfiles with 7.2 (Michaël Zasso)
[#25852](#25852)
* update V8 to 7.3.492.25 (Michaël Zasso)
[#25852](#25852)
* add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu)
[#19794](#19794)
* sync V8 gypfiles with 7.1 (Refael Ackermann)
[#23423](#23423)
* update V8 to 7.1.302.28 (Michaël Zasso)
[#23423](#23423)
* doc:
* update behaviour of fs.writeFile
(Sakthipriyan Vairamani (thefourtheye))
[#25080](#25080)
* add internal functionality details of util.inherits
(Ruben Bridgewater)
[#24755](#24755)
* errors:
* update error name (Ruben Bridgewater)
[#26738](#26738)
* fs:
* use proper .destroy() implementation for SyncWriteStream
(Matteo Collina)
[#26690](#26690)
* improve mode validation (Ruben Bridgewater)
[#26575](#26575)
* harden validation of start option in createWriteStream (ZYSzys)
[#25579](#25579)
* make writeFile consistent with readFile wrt fd
(Sakthipriyan Vairamani (thefourtheye))
[#23709](#23709)
* http:
* validate timeout in ClientRequest() (cjihrig)
[#26214](#26214)
* return HTTP 431 on HPE\_HEADER\_OVERFLOW error (Albert Still)
[#25605](#25605)
* switch default parser to llhttp (Anna Henningsen)
[#24870](#24870)
* change DEP0066 to a runtime deprecation (Morgan Roderick)
[#24167](#24167)
* else case is not reachable (szabolcsit)
[#24176](#24176)
* lib:
* move DEP0021 to end of life (cjihrig)
[#27127](#27127)
* remove Atomics.wake (Gus Caplan)
[#27033](#27033)
* validate Error.captureStackTrace() calls (Ruben Bridgewater)
[#26738](#26738)
* refactor Error.captureStackTrace() usage (Ruben Bridgewater)
[#26738](#26738)
* move DTRACE\_\* probes out of global scope (James M Snell)
[#26541](#26541)
* deprecate \_stream\_wrap (Sam Roberts) [#26245]
(#26245)
* don't use `util.inspect()` internals (Ruben Bridgewater)
[#24971](#24971)
* improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](#25690)
* requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](#25690)
* move DEP0029 to end of life (cjihrig)
[#25377](#25377)
* move DEP0028 to end of life (cjihrig)
[#25377](#25377)
* move DEP0027 to end of life (cjihrig)
[#25377](#25377)
* move DEP0026 to end of life (cjihrig)
[#25377](#25377)
* move DEP0023 to end of life (cjihrig)
[#25280](#25280)
* move DEP0006 to end of life (cjihrig)
[#25279](#25279)
* remove unintended access to deps/ (Anna Henningsen)
[#25138](#25138)
* move DEP0120 to end of life (cjihrig)
[#24862](#24862)
* use ES6 class inheritance style (Ruben Bridgewater)
[#24755](#24755)
* remove `inherits()` usage (Ruben Bridgewater)
[#24755](#24755)
* module:
* remove dead code (Ruben Bridgewater)
[#26983](#26983)
* mark DEP0019 as End-of-Life (Ruben Bridgewater)
[#26973](#26973)
* throw an error for invalid package.json main entries
(Ruben Bridgewater)
[#26823](#26823)
* don't search in require.resolve.paths (cjihrig)
[#23683](#23683)
* n-api:
* remove code from error name (Ruben Bridgewater)
[#26738](#26738)
* net:
* do not manipulate potential user code (Ruben Bridgewater)
[#26751](#26751)
* emit "write after end" errors in the next tick (Ouyang Yadong)
[#24457](#24457)
* deprecate \_setSimultaneousAccepts() undocumented function
(James M Snell)
[#23760](#23760)
* net,http2:
* merge setTimeout code (ZYSzys)
[#25084](#25084)
* os:
* implement os.type() using uv\_os\_uname() (cjihrig)
[#25659](#25659)
* process:
* global.process, global.Buffer getters (Guy Bedford)
[#26882](#26882)
* move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
[#25828](#25828)
* exit on --debug and --debug-brk after option parsing (Joyee Cheung)
[#25828](#25828)
* improve `--redirect-warnings` handling (Ruben Bridgewater)
[#24965](#24965)
* readline:
* support TERM=dumb (Vladislav Kaminsky)
[#26261](#26261)
* repl:
* add welcome message (gengjiawen)
[#25947](#25947)
* fix terminal default setting (Ruben Bridgewater)
[#26518](#26518)
* check colors with .getColorDepth() (Vladislav Kaminsky)
[#26261](#26261)
* deprecate REPLServer.rli (Ruben Bridgewater)
[#26260](#26260)
* src:
* remove unused INT\_MAX constant (Sam Roberts)
[#27078](#27078)
* update NODE\_MODULE\_VERSION to 72 (Ujjwal Sharma)
[#26685](#26685)
* remove `AddPromiseHook()` (Anna Henningsen)
[#26574](#26574)
* update NODE\_MODULE\_VERSION to 71 (Michaël Zasso)
[#25852](#25852)
* clean up MultiIsolatePlatform interface (Anna Henningsen)
[#26384](#26384)
* properly configure default heap limits (Ali Ijaz Sheikh)
[#25576](#25576)
* remove icuDataDir from node config (GauthamBanasandra)
[#24780](#24780)
* explicitly allow JS in ReadHostObject (Yang Guo)
[#23423](#23423)
* update postmortem constant (cjihrig)
[#23423](#23423)
* update NODE\_MODULE\_VERSION to 68 (Michaël Zasso)
[#23423](#23423)
* tls:
* support TLSv1.3 (Sam Roberts)
[#26209](#26209)
* return correct version from getCipher() (Sam Roberts)
[#26625](#26625)
* check arg types of renegotiate() (Sam Roberts)
[#25876](#25876)
* add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts)
[#24729](#24729)
* emit a warning when servername is an IP address (Rodger Combs)
[#23329](#23329)
* disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
[#23814](#23814)
* remove unused arg to createSecureContext() (Sam Roberts)
[#24241](#24241)
* deprecate Server.prototype.setOptions() (cjihrig)[
#23820](#23820)
* load NODE\_EXTRA\_CA\_CERTS at startup (Ouyang Yadong)
[#23354](#23354)
* util:
* change inspect compact and breakLength default (Ruben Bridgewater)
[#27109](#27109)
* improve inspect edge cases (Ruben Bridgewater)
[#27109](#27109)
* only the first line of the error message (Simon Zünd)
[#26685](#26685)
* don't set the prototype of callbackified functions
(Ruben Bridgewater)
[#26893](#26893)
* rename callbackified function (Ruben Bridgewater)
[#26893](#26893)
* increase function length when using `callbackify()`
(Ruben Bridgewater)
[#26893](#26893)
* prevent tampering with internals in `inspect()` (Ruben Bridgewater)
[#26577](#26577)
* fix proxy inspection (Ruben Bridgewater)
[#26241](#26241)
* prevent leaking internal properties (Ruben Bridgewater)
[#24971](#24971)
* protect against monkeypatched Object prototype for inspect()
(Rich Trott)
[#25953](#25953)
* treat format arguments equally (Roman Reiss)
[#23162](#23162)
* win, fs:
* detect if symlink target is a directory (Bartosz Sosnowski)
[#23724](#23724)
* zlib:
* throw TypeError if callback is missing (Anna Henningsen)[
#24929](#24929)
* make “bare” constants un-enumerable (Anna Henningsen)
[#24824](#24824)
PR-URL: #26930
This was referenced
codebytere added a commit that referenced this pull request
Notable changes: * deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794) * src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093) * tls: * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951) * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951) * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951) * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951) * support TLSv1.3 (Sam Roberts) [#26209](#26209) * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729) PR-URL: #27314
codebytere added a commit that referenced this pull request
Notable changes: * deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794) * src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093) * tls: * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951) * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951) * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951) * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951) * support TLSv1.3 (Sam Roberts) [#26209](#26209) * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729) PR-URL: #27314
BaochengSu added a commit to BaochengSu/node that referenced this pull request
Ported from OpenSUSE:nodejs8-8.17.0-lp152.147.1:openssl_1_1_1.patch Original commit message: Backport OpenSSL 1.1.1 support, mostly be disabling TLS 1.3 Upstream commits: commit 8dd8033 Author: Shigeki Ohtsu <ohtsu@ohtsu.org> Date: Wed Sep 12 17:34:24 2018 +0900 tls: workaround handshakedone in renegotiation `SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. Backport-PR-URL: nodejs#26270 PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> commit 161dca7 Author: Sam Roberts <vieuxtech@gmail.com> Date: Wed Nov 28 14:11:18 2018 -0800 tls: re-define max supported version as 1.2 Several secureProtocol strings allow any supported TLS version as the maximum, but our maximum supported protocol version is TLSv1.2 even if someone configures a build against an OpenSSL that supports TLSv1.3. Fixes: nodejs#24658 PR-URL: nodejs#25024 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Partial port, remain compatible with 1.0.2: commit 970ce14 Author: Shigeki Ohtsu <ohtsu@ohtsu.org> Date: Wed Mar 14 14:26:55 2018 +0900 crypto: remove deperecated methods of TLS version All version-specific methods were deprecated in OpenSSL 1.1.0 and min/max versions explicitly need to be set. This still keeps comptatible with JS and OpenSSL-1.0.2 APIs for now. crypto, constants: add constant of OpenSSL-1.1.0 Several constants for OpenSSL-1.1.0 engine were removed and renamed in OpenSSL-1.1.0. This added one renamed constant in order to have a compatible feature with that of OpenSSL-1.0.2. Other missed or new constants in OpenSSL-1.1.0 are not yet added. crypto,tls,constants: remove OpenSSL1.0.2 support This is semver-majar change so that we need not to have compatibilities with older versions. Fixes: nodejs#4270 PR-URL: nodejs#19794 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Signed-off-by: Su Baocheng <baocheng.su@siemens.com>
BaochengSu added a commit to BaochengSu/node that referenced this pull request
Ported from OpenSUSE:nodejs8-8.17.0-lp152.147.1:openssl_1_1_1.patch Original commit message: Backport OpenSSL 1.1.1 support, mostly be disabling TLS 1.3 Upstream commits: commit 8dd8033 Author: Shigeki Ohtsu <ohtsu@ohtsu.org> Date: Wed Sep 12 17:34:24 2018 +0900 tls: workaround handshakedone in renegotiation `SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. Backport-PR-URL: nodejs#26270 PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> commit 161dca7 Author: Sam Roberts <vieuxtech@gmail.com> Date: Wed Nov 28 14:11:18 2018 -0800 tls: re-define max supported version as 1.2 Several secureProtocol strings allow any supported TLS version as the maximum, but our maximum supported protocol version is TLSv1.2 even if someone configures a build against an OpenSSL that supports TLSv1.3. Fixes: nodejs#24658 PR-URL: nodejs#25024 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Partial port, remain compatible with 1.0.2: commit 970ce14 Author: Shigeki Ohtsu <ohtsu@ohtsu.org> Date: Wed Mar 14 14:26:55 2018 +0900 crypto: remove deperecated methods of TLS version All version-specific methods were deprecated in OpenSSL 1.1.0 and min/max versions explicitly need to be set. This still keeps comptatible with JS and OpenSSL-1.0.2 APIs for now. crypto, constants: add constant of OpenSSL-1.1.0 Several constants for OpenSSL-1.1.0 engine were removed and renamed in OpenSSL-1.1.0. This added one renamed constant in order to have a compatible feature with that of OpenSSL-1.0.2. Other missed or new constants in OpenSSL-1.1.0 are not yet added. crypto,tls,constants: remove OpenSSL1.0.2 support This is semver-majar change so that we need not to have compatibilities with older versions. Fixes: nodejs#4270 PR-URL: nodejs#19794 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Signed-off-by: Su Baocheng <baocheng.su@siemens.com>
tniessen added a commit to tniessen/node that referenced this pull request
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: nodejs#1529 Refs: nodejs#10859 Refs: nodejs#19794 Refs: nodejs#38116
nodejs-github-bot pushed a commit that referenced this pull request
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: #1529 Refs: #10859 Refs: #19794 Refs: #38116 PR-URL: #44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
RafaelGSS pushed a commit that referenced this pull request
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: #1529 Refs: #10859 Refs: #19794 Refs: #38116 PR-URL: #44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
tniessen added a commit to tniessen/node that referenced this pull request
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: nodejs#19794
nodejs-github-bot pushed a commit that referenced this pull request
Fyko pushed a commit to Fyko/node that referenced this pull request
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: nodejs#1529 Refs: nodejs#10859 Refs: nodejs#19794 Refs: nodejs#38116 PR-URL: nodejs#44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Fyko pushed a commit to Fyko/node that referenced this pull request
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: nodejs#19794 PR-URL: nodejs#44589 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
RafaelGSS pushed a commit that referenced this pull request
RafaelGSS pushed a commit that referenced this pull request
RafaelGSS pushed a commit that referenced this pull request
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters