diff --git a/.requirements b/.requirements index d834d859bd9..e33006c69d5 100644 --- a/.requirements +++ b/.requirements @@ -2,7 +2,7 @@ KONG_PACKAGE_NAME=kong OPENRESTY=1.21.4.3 LUAROCKS=3.9.2 -OPENSSL=3.1.4 +OPENSSL=3.2.0 PCRE=8.45 LIBEXPAT=2.5.0 diff --git a/build/openresty/openssl/openssl_repositories.bzl b/build/openresty/openssl/openssl_repositories.bzl index cab43702d1d..f06c848fc92 100644 --- a/build/openresty/openssl/openssl_repositories.bzl +++ b/build/openresty/openssl/openssl_repositories.bzl @@ -11,7 +11,7 @@ def openssl_repositories(): http_archive, name = "openssl", build_file = "//build/openresty/openssl:BUILD.bazel", - sha256 = "840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3", + sha256 = "14c826f07c7e433706fb5c69fa9e25dab95684844b4c962a2cf1bf183eb4690e", strip_prefix = "openssl-" + version, urls = [ "https://www.openssl.org/source/openssl-" + version + ".tar.gz", diff --git a/changelog/unreleased/kong/bump-openssl.yml b/changelog/unreleased/kong/bump-openssl.yml new file mode 100644 index 00000000000..687f0c70200 --- /dev/null +++ b/changelog/unreleased/kong/bump-openssl.yml @@ -0,0 +1,3 @@ +message: Bumped OpenSSL from 3.1.4 to 3.2.0 +type: dependency +scope: Core diff --git a/scripts/explain_manifest/fixtures/alpine-amd64.txt b/scripts/explain_manifest/fixtures/alpine-amd64.txt deleted file mode 100644 index b5bf1a0fa46..00000000000 --- a/scripts/explain_manifest/fixtures/alpine-amd64.txt +++ /dev/null @@ -1,145 +0,0 @@ -- Path : /usr/local/kong/include/google - Type : directory - -- Path : /usr/local/kong/include/kong - Type : directory - -- Path : /usr/local/kong/lib/engines-1.1/afalg.so - Needed : - - libcrypto.so.1.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/kong/lib/engines-1.1/capi.so - Needed : - - libcrypto.so.1.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/kong/lib/engines-1.1/padlock.so - Needed : - - libcrypto.so.1.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/kong/lib/libcrypto.so.1.1 - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/kong/lib/libexpat.so.1.8.10 - Needed : - - libc.so - -- Path : /usr/local/kong/lib/libssl.so.1.1 - Needed : - - libcrypto.so.1.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lfs.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lpeg.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lsyslog.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lua_pack.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lua_system_constants.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lxp.so - Needed : - - libexpat.so.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/mime/core.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/pb.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/socket/core.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/socket/serial.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/socket/unix.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/ssl.so - Needed : - - libssl.so.1.1 - - libcrypto.so.1.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/yaml.so - Needed : - - libyaml-0.so.2 - - libc.so - -- Path : /usr/local/openresty/lualib/cjson.so - Needed : - - libc.so - -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libc.so - -- Path : /usr/local/openresty/lualib/librestysignal.so - Needed : - - libc.so - -- Path : /usr/local/openresty/lualib/rds/parser.so - Needed : - - libc.so - -- Path : /usr/local/openresty/lualib/redis/parser.so - Needed : - - libc.so - -- Path : /usr/local/openresty/nginx/sbin/nginx - Needed : - - libluajit-5.1.so.2 - - libssl.so.1.1 - - libcrypto.so.1.1 - - libz.so.1 - - libc.so - Rpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib:/usr/local/openresty/lualib - Modules : - - lua-kong-nginx-module - - lua-kong-nginx-module/stream - - lua-resty-events - - lua-resty-lmdb - OpenSSL : OpenSSL 1.1.1t 7 Feb 2023 - DWARF : True - DWARF - ngx_http_request_t related DWARF DIEs: True - diff --git a/scripts/explain_manifest/fixtures/alpine-arm64.txt b/scripts/explain_manifest/fixtures/alpine-arm64.txt deleted file mode 100644 index b5bf1a0fa46..00000000000 --- a/scripts/explain_manifest/fixtures/alpine-arm64.txt +++ /dev/null @@ -1,145 +0,0 @@ -- Path : /usr/local/kong/include/google - Type : directory - -- Path : /usr/local/kong/include/kong - Type : directory - -- Path : /usr/local/kong/lib/engines-1.1/afalg.so - Needed : - - libcrypto.so.1.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/kong/lib/engines-1.1/capi.so - Needed : - - libcrypto.so.1.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/kong/lib/engines-1.1/padlock.so - Needed : - - libcrypto.so.1.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/kong/lib/libcrypto.so.1.1 - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/kong/lib/libexpat.so.1.8.10 - Needed : - - libc.so - -- Path : /usr/local/kong/lib/libssl.so.1.1 - Needed : - - libcrypto.so.1.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lfs.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lpeg.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lsyslog.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lua_pack.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lua_system_constants.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/lxp.so - Needed : - - libexpat.so.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/mime/core.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/pb.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/socket/core.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/socket/serial.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/socket/unix.so - Needed : - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/ssl.so - Needed : - - libssl.so.1.1 - - libcrypto.so.1.1 - - libc.so - Rpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/yaml.so - Needed : - - libyaml-0.so.2 - - libc.so - -- Path : /usr/local/openresty/lualib/cjson.so - Needed : - - libc.so - -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libc.so - -- Path : /usr/local/openresty/lualib/librestysignal.so - Needed : - - libc.so - -- Path : /usr/local/openresty/lualib/rds/parser.so - Needed : - - libc.so - -- Path : /usr/local/openresty/lualib/redis/parser.so - Needed : - - libc.so - -- Path : /usr/local/openresty/nginx/sbin/nginx - Needed : - - libluajit-5.1.so.2 - - libssl.so.1.1 - - libcrypto.so.1.1 - - libz.so.1 - - libc.so - Rpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib:/usr/local/openresty/lualib - Modules : - - lua-kong-nginx-module - - lua-kong-nginx-module/stream - - lua-resty-events - - lua-resty-lmdb - OpenSSL : OpenSSL 1.1.1t 7 Feb 2023 - DWARF : True - DWARF - ngx_http_request_t related DWARF DIEs: True - diff --git a/scripts/explain_manifest/fixtures/amazonlinux-2-amd64.txt b/scripts/explain_manifest/fixtures/amazonlinux-2-amd64.txt index d3bda328408..b0d0b772ff0 100644 --- a/scripts/explain_manifest/fixtures/amazonlinux-2-amd64.txt +++ b/scripts/explain_manifest/fixtures/amazonlinux-2-amd64.txt @@ -202,7 +202,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/amazonlinux-2023-amd64.txt b/scripts/explain_manifest/fixtures/amazonlinux-2023-amd64.txt index e85d7e57852..3c348b455c8 100644 --- a/scripts/explain_manifest/fixtures/amazonlinux-2023-amd64.txt +++ b/scripts/explain_manifest/fixtures/amazonlinux-2023-amd64.txt @@ -188,7 +188,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/amazonlinux-2023-arm64.txt b/scripts/explain_manifest/fixtures/amazonlinux-2023-arm64.txt index 0db6e70743c..48576d505f1 100644 --- a/scripts/explain_manifest/fixtures/amazonlinux-2023-arm64.txt +++ b/scripts/explain_manifest/fixtures/amazonlinux-2023-arm64.txt @@ -170,7 +170,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/debian-10-amd64.txt b/scripts/explain_manifest/fixtures/debian-10-amd64.txt index 013e8586181..951fb52d982 100644 --- a/scripts/explain_manifest/fixtures/debian-10-amd64.txt +++ b/scripts/explain_manifest/fixtures/debian-10-amd64.txt @@ -202,7 +202,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/debian-11-amd64.txt b/scripts/explain_manifest/fixtures/debian-11-amd64.txt index fe586a0c091..3a9420610de 100644 --- a/scripts/explain_manifest/fixtures/debian-11-amd64.txt +++ b/scripts/explain_manifest/fixtures/debian-11-amd64.txt @@ -190,7 +190,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/debian-12-amd64.txt b/scripts/explain_manifest/fixtures/debian-12-amd64.txt index fecba88d42b..d8a45bc54db 100644 --- a/scripts/explain_manifest/fixtures/debian-12-amd64.txt +++ b/scripts/explain_manifest/fixtures/debian-12-amd64.txt @@ -177,7 +177,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/el7-amd64.txt b/scripts/explain_manifest/fixtures/el7-amd64.txt index d3bda328408..b0d0b772ff0 100644 --- a/scripts/explain_manifest/fixtures/el7-amd64.txt +++ b/scripts/explain_manifest/fixtures/el7-amd64.txt @@ -202,7 +202,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/el8-amd64.txt b/scripts/explain_manifest/fixtures/el8-amd64.txt index c7933610e0a..b0817c9bdc3 100644 --- a/scripts/explain_manifest/fixtures/el8-amd64.txt +++ b/scripts/explain_manifest/fixtures/el8-amd64.txt @@ -201,7 +201,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/el9-amd64.txt b/scripts/explain_manifest/fixtures/el9-amd64.txt index e4dbbaa6537..a9eb5944492 100644 --- a/scripts/explain_manifest/fixtures/el9-amd64.txt +++ b/scripts/explain_manifest/fixtures/el9-amd64.txt @@ -188,7 +188,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/el9-arm64.txt b/scripts/explain_manifest/fixtures/el9-arm64.txt index 0db6e70743c..48576d505f1 100644 --- a/scripts/explain_manifest/fixtures/el9-arm64.txt +++ b/scripts/explain_manifest/fixtures/el9-arm64.txt @@ -170,7 +170,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt b/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt index e4b2a539646..f909b112e2a 100644 --- a/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt +++ b/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt @@ -194,6 +194,6 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt b/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt index 6d22a3f711b..b924206af82 100644 --- a/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt +++ b/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt @@ -181,7 +181,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt b/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt index 8dc1f94a1b9..70700de3e9a 100644 --- a/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt +++ b/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt @@ -179,7 +179,7 @@ - lua-resty-events - lua-resty-lmdb - ngx_wasm_module - OpenSSL : OpenSSL 3.1.4 24 Oct 2023 + OpenSSL : OpenSSL 3.2.0 23 Nov 2023 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True diff --git a/scripts/explain_manifest/suites.py b/scripts/explain_manifest/suites.py index b1a19b9c846..413e92c0653 100644 --- a/scripts/explain_manifest/suites.py +++ b/scripts/explain_manifest/suites.py @@ -71,14 +71,14 @@ def common_suites(expect, libxcrypt_no_obsolete_api: bool = False): expect("/usr/local/openresty/nginx/sbin/nginx", "nginx should link libxcrypt.so.1") \ .needed_libraries.contain("libcrypt.so.1") - expect("/usr/local/openresty/nginx/sbin/nginx", "nginx compiled with OpenSSL 3.1.x") \ - .nginx_compiled_openssl.matches("OpenSSL 3.1.\d") \ - .version_requirement.key("libssl.so.3").less_than("OPENSSL_3.2.0") \ - .version_requirement.key("libcrypto.so.3").less_than("OPENSSL_3.2.0") \ - - expect("**/*.so", "dynamic libraries are compiled with OpenSSL 3.1.x") \ - .version_requirement.key("libssl.so.3").less_than("OPENSSL_3.2.0") \ - .version_requirement.key("libcrypto.so.3").less_than("OPENSSL_3.2.0") \ + expect("/usr/local/openresty/nginx/sbin/nginx", "nginx compiled with OpenSSL 3.2.x") \ + .nginx_compiled_openssl.matches("OpenSSL 3.2.\d") \ + .version_requirement.key("libssl.so.3").less_than("OPENSSL_3.3.0") \ + .version_requirement.key("libcrypto.so.3").less_than("OPENSSL_3.3.0") \ + + expect("**/*.so", "dynamic libraries are compiled with OpenSSL 3.2.x") \ + .version_requirement.key("libssl.so.3").less_than("OPENSSL_3.3.0") \ + .version_requirement.key("libcrypto.so.3").less_than("OPENSSL_3.3.0") \ def libc_libcpp_suites(expect, libc_max_version: str = None, libcxx_max_version: str = None, cxxabi_max_version: str = None):