Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

Upgrade openssl101p #25654

Closed
wants to merge 5 commits into from
Closed

Upgrade openssl101p #25654

wants to merge 5 commits into from

Conversation

shigeki
Copy link

@shigeki shigeki commented Jul 9, 2015

TLS client of node-v0.10/0.12 prior this release has a vulnerability of Alternative chains certificate forgery (CVE-2015-1793) . See https://www.openssl.org/news/secadv_20150709.txt .

Note that this includes the fix of #25582. Automating this is a future plan.

I did make test and make test-internet on my local Linux and they are fine except one test of debugger-client . I tried to run CI but https://jenkins.nodejs.org is down now. Do we use CI of https://jenkins-iojs.nodesource.com/ now? I could not find CI for node-v0.10.x there.

Shigeki Ohtsu and others added 5 commits July 10, 2015 01:42
This just replaces all sources of openssl-1.0.1p.tar.gz
into deps/openssl/openssl.
All symlink files in `deps/openssl/openssl/include/openssl/`
 are removed and replaced with real header files to avoid
issues on Windows.
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>
reapply b910613

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>
@shigeki
Copy link
Author

shigeki commented Jul 9, 2015

TLS client of node-v0.10/0.12 prior this release has a vulnerability

Correction. Alt cert patches were not back ported to Node so that only v0.10.39 and v0.12.6 have the vulnerability of CVE-2015-1793.

@misterdjules
Copy link

@shigeki Thank you so much!

CI for v0.10 and v0.12 is available here: http://jenkins.nodejs.org/. Tests for this PR are running across all supported platform for UNIX and Windows.

In the meantime I'll run the tests in test/external/ssl-options/ and do a review of the changes, I'll keep you posted.

@misterdjules
Copy link

Tests in test/external/ssl-options pass, no regression on UNIX or Windows.

@misterdjules
Copy link

LGTM, landing soon and starting the release process for v0.10.40 asap.

@joyent/node-tsc Sounds good?

@misterdjules
Copy link

Also /cc @joyent/node-collaborators

@misterdjules
Copy link

@shigeki shigeki/node@ba97685 has the following commit message:

All symlink files in `deps/openssl/openssl/include/openssl/`
 are removed and replaced with real header files to avoid
issues on Windows.

but it seems like it's a combination of replacing symlinks with "indirect" header files (already committed in v0.10 as ee95454) and #25582.

So the issue on Windows is already fixed in v0.10 prior to this PR, as a result we should probably reword the commit included in this PR to match the one in #25582.

Or am I missing something?

@shigeki
Copy link
Author

shigeki commented Jul 9, 2015

@misterdjules 0de721a changes "indirect" header files into symlinks which are included in the original source distribution and ba97685 replaces symlinks with real header files. This PR show the combination of the two commits so that you would see "indirect" header files are changed into real files.

@misterdjules
Copy link

@shigeki Ok, sounds good, thank you for the clarification!

misterdjules pushed a commit to misterdjules/node that referenced this pull request Jul 9, 2015
This just replaces all sources of openssl-1.0.1p.tar.gz
into deps/openssl/openssl.

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
misterdjules pushed a commit to misterdjules/node that referenced this pull request Jul 9, 2015
All symlink files in `deps/openssl/openssl/include/openssl/`
 are removed and replaced with real header files to avoid
issues on Windows.

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
misterdjules pushed a commit to misterdjules/node that referenced this pull request Jul 9, 2015
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
misterdjules pushed a commit to misterdjules/node that referenced this pull request Jul 9, 2015
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
misterdjules pushed a commit to misterdjules/node that referenced this pull request Jul 9, 2015
reapply b910613

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
@misterdjules
Copy link

Landed in 0cf9f27, 8277822, 984e7f9, 7ad5938 and c5d7b31.

misterdjules pushed a commit to misterdjules/node that referenced this pull request Jul 16, 2015
This just replaces all sources of openssl-1.0.1p.tar.gz
into deps/openssl/openssl.

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
misterdjules pushed a commit to misterdjules/node that referenced this pull request Jul 16, 2015
All symlink files in `deps/openssl/openssl/include/openssl/`
 are removed and replaced with real header files to avoid
issues on Windows.

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
misterdjules pushed a commit to misterdjules/node that referenced this pull request Jul 16, 2015
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
shigeki pushed a commit to nodejs/node that referenced this pull request May 5, 2016
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: #9451
PR-URL: nodejs/node-v0.x-archive#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: #25523
PR-URL: nodejs/node-v0.x-archive#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: #25654
PR-URL: nodejs/node-v0.x-archive#25654
Reviewed-By: Julien Gilli <[email protected]>
shigeki pushed a commit to nodejs/node that referenced this pull request May 5, 2016
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

PR: #9451
PR-URL: nodejs/node-v0.x-archive#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: #25523
PR-URL: nodejs/node-v0.x-archive#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: #25654
PR-URL: nodejs/node-v0.x-archive#25654
Reviewed-By: Julien Gilli <[email protected]>
shigeki pushed a commit to nodejs/node that referenced this pull request May 5, 2016
enricogior pushed a commit to thaliproject/jxcore that referenced this pull request Aug 20, 2016
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: #9451
PR-URL: nodejs/node-v0.x-archive#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: #25523
PR-URL: nodejs/node-v0.x-archive#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: #25654
PR-URL: nodejs/node-v0.x-archive#25654
Reviewed-By: Julien Gilli <[email protected]>
enricogior pushed a commit to thaliproject/jxcore that referenced this pull request Aug 20, 2016
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

PR: #9451
PR-URL: nodejs/node-v0.x-archive#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: #25523
PR-URL: nodejs/node-v0.x-archive#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: #25654
PR-URL: nodejs/node-v0.x-archive#25654
Reviewed-By: Julien Gilli <[email protected]>
enricogior pushed a commit to thaliproject/jxcore that referenced this pull request Aug 20, 2016
reapply b910613792dac946b295855963869933a9089044

PR: #9451
PR-URL: nodejs/node-v0.x-archive#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: #25523
PR-URL: nodejs/node-v0.x-archive#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: #25654
PR-URL: nodejs/node-v0.x-archive#25654
Reviewed-By: Julien Gilli <[email protected]>
shigeki pushed a commit to shigeki/node that referenced this pull request Sep 22, 2016
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: nodejs#9451
PR-URL: nodejs/node-v0.x-archive#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs/node-v0.x-archive#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs/node-v0.x-archive#25654
Reviewed-By: Julien Gilli <[email protected]>
shigeki pushed a commit to shigeki/node that referenced this pull request Sep 22, 2016
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

PR: nodejs#9451
PR-URL: nodejs/node-v0.x-archive#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs/node-v0.x-archive#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs/node-v0.x-archive#25654
Reviewed-By: Julien Gilli <[email protected]>
shigeki pushed a commit to shigeki/node that referenced this pull request Sep 22, 2016
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Sep 22, 2016
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: nodejs#9451
PR-URL: nodejs/node-v0.x-archive#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs/node-v0.x-archive#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs/node-v0.x-archive#25654
Reviewed-By: Julien Gilli <[email protected]>
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Sep 22, 2016
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

PR: nodejs#9451
PR-URL: nodejs/node-v0.x-archive#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs/node-v0.x-archive#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs/node-v0.x-archive#25654
Reviewed-By: Julien Gilli <[email protected]>
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Sep 22, 2016
rvagg pushed a commit to nodejs/node that referenced this pull request Sep 27, 2016
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: #9451
PR-URL: nodejs/node-v0.x-archive#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: #25523
PR-URL: nodejs/node-v0.x-archive#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: #25654
PR-URL: nodejs/node-v0.x-archive#25654
Reviewed-By: Julien Gilli <[email protected]>
rvagg pushed a commit to nodejs/node that referenced this pull request Sep 27, 2016
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

PR: #9451
PR-URL: nodejs/node-v0.x-archive#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: #25523
PR-URL: nodejs/node-v0.x-archive#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: #25654
PR-URL: nodejs/node-v0.x-archive#25654
Reviewed-By: Julien Gilli <[email protected]>
rvagg pushed a commit to nodejs/node that referenced this pull request Sep 27, 2016
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
This just replaces all sources of openssl-1.0.1p.tar.gz
into deps/openssl/openssl.

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
All symlink files in `deps/openssl/openssl/include/openssl/`
 are removed and replaced with real header files to avoid
issues on Windows.

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
reapply b910613

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
reapply b910613

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
reapply b910613

PR: nodejs#9451
PR-URL: nodejs#9451
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25523
PR-URL: nodejs#25523
Reviewed-By: Julien Gilli <[email protected]>

PR: nodejs#25654
PR-URL: nodejs#25654
Reviewed-By: Julien Gilli <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants