Skip to content

webpack: Replace md4 hash with 256-bit sha2.#13021

Merged
rillian merged 1 commit intomasterfrom
webpack-hash
Apr 19, 2022
Merged

webpack: Replace md4 hash with 256-bit sha2.#13021
rillian merged 1 commit intomasterfrom
webpack-hash

Conversation

@rillian
Copy link
Contributor

@rillian rillian commented Apr 14, 2022
edited
Loading

OpenSSL 3.x removed the md4 hash, which is hardcoded by webpack
versions prior to 6. This breaks the build on systems providing
the current OpenSSL release, such as Ubuntu 22.04 or Fedora 36.

Work around by monkey-patching the crypto module to use the sha256
hash instead in our webpack invocations.

See webpack/webpack#13572

Resolves brave/brave-browser#22305

Submitter Checklist:

  • I confirm that no security/privacy review is needed, or that I have requested one
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

@rillian rillian requested a review from petemill April 14, 2022 18:07
@rillian rillian self-assigned this Apr 14, 2022
@petemill petemill mentioned this pull request Apr 15, 2022
Closed
petemill
petemill reviewed Apr 15, 2022
View reviewed changes
components/webpack/webpack.config.js

const tsConfigPath = path.join(process.env.ROOT_GEN_DIR, 'tsconfig-webpack.json')

// OpenSSL 3 no longer supports the insecure md4 hash, but webpack < 6
Copy link
Member

@petemill petemill Apr 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I think that PR fix landed on webpack 5.54.0

Copy link
Contributor Author

@rillian rillian Apr 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see a futureDefaults flag that selects xxhash64 instead, but I don't think we set that? The linked issue says the don't intend to change the default because it breaks reproducibility.

@rillian
webpack: Replace md4 hash with 256-bit sha2.
786995b 
OpenSSL 3.x removed the md4 hash, which is hardcoded by webpack
versions prior to 6. This breaks the build on systems providing
the current OpenSSL release, such as Ubuntu 22.04 or Fedora 36.

Work around by monkey-patching the crypto module to use the sha256
hash instead in our webpack invocations.

See webpack/webpack#13572

Resolves brave/brave-browser#22305
@rillian
Copy link
Contributor Author

rillian commented Apr 18, 2022

Rebased to re-trigger ci.

@rillian rillian merged commit 6adc5b3 into master Apr 19, 2022
@rillian rillian deleted the webpack-hash branch April 19, 2022 00:08
@rillian rillian added this to the 1.39.x - Nightly milestone Apr 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@petemill petemill petemill approved these changes

Assignees

@rillian rillian

Labels

None yet

Projects

None yet

Milestone

1.39.x - Release

Development

Successfully merging this pull request may close these issues.

OpenSSL 3 breaks webpack build

2 participants

@rillian @petemill