Skip to content

UPSTREAM PR #3302: Bump openssl from 0.10.73 to 0.10.78#136

Open
loci-dev wants to merge 1 commit into
mainfrom
loci/pr-3302-dependabot-cargo-openssl-0.10.78
Open

UPSTREAM PR #3302: Bump openssl from 0.10.73 to 0.10.78#136
loci-dev wants to merge 1 commit into
mainfrom
loci/pr-3302-dependabot-cargo-openssl-0.10.78

Conversation

@loci-dev
Copy link
Copy Markdown

@loci-dev loci-dev commented Apr 23, 2026

Note

Source pull request: nextest-rs/nextest#3302

Bumps openssl from 0.10.73 to 0.10.78.

Release notes

Sourced from openssl's releases.

openssl-v0.10.78

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.77...openssl-v0.10.78

openssl-v0.10.77

What's Changed

New Contributors

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.76...openssl-v0.10.77

openssl-v0.10.76

What's Changed

... (truncated)

Commits
  • a6debf5 Release openssl v0.10.78 and openssl-sys v0.9.114 (#2609)
  • 09b425e Check derive output buffer length on OpenSSL 1.1.x (#2606)
  • 826c388 Error for short out in MdCtxRef::digest_final() (#2608)
  • 1d10902 Validate callback-returned lengths in PSK and cookie trampolines (#2607)
  • 5af6895 Reject oversized length returns from password callback trampoline (#2605)
  • 718d07f fix inverted bounds assertion in AES key unwrap (#2604)
  • 53cc69d Add support for LibreSSL 4.3.x (#2603)
  • 0b41e79 Fix dangling stack pointer in custom extension add callback (#2599)
  • cbdedf8 Avoid panic for overlong OIDs (#2598)
  • 1fc51ef openssl 4 support (#2591)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump openssl from 0.10.73 to 0.10.78
f0e7ff5 
Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.73 to 0.10.78.
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.73...openssl-v0.10.78)

---
updated-dependencies:
- dependency-name: openssl
  dependency-version: 0.10.78
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@loci-review
Copy link
Copy Markdown

loci-review Bot commented Apr 23, 2026

Overview

A single OpenSSL security update (0.10.73 → 0.10.78) triggered widespread compiler optimization changes affecting 9,826 functions (27.6% of total). Core test execution hot paths remain unaffected. Main impact: compression subsystem shifted to sophisticated multi-threaded ZSTD operations, trading CPU time for 40-60% better compression ratios.

Function Counts: 35,547 total | 9,826 modified | 10,617 new | 9,467 removed | 5,637 unchanged

Power Consumption Changes:

  • target.aarch64-unknown-linux-gnu.release.cargo-nextest: +0.76% (main binary)
  • target.aarch64-unknown-linux-gnu.release.build-seed-archive: +15.18%
  • target.aarch64-unknown-linux-gnu.release.fake-interceptor: +18.34%
  • target.aarch64-unknown-linux-gnu.release.zstd-dict: +3.39%
  • target.aarch64-unknown-linux-gnu.release.grab-foreground: +18.19%
  • target.aarch64-unknown-linux-gnu.release.internal-test: +18.29%
  • target.aarch64-unknown-linux-gnu.release.large-alloc: +18.17%
  • target.aarch64-unknown-linux-gnu.release.passthrough: +18.06%
  • target.aarch64-unknown-linux-gnu.release.rustc-shim: +18.48%

Function Analysis

Major Regressions (Compression Pipeline):

  • zstd::Writer::write: Response +1,192,803ns (+113,354%), Throughput +19ns (+6.3%). Now performs full multi-threaded compression with Huffman/FSE entropy coding vs. simple compression. Affects recording subsystem (background thread with backpressure).

  • zstd::Writer::finish: Response +1,193,048ns (+133,722%), Throughput +38ns (+18.5%). Full ZSTD finalization with entropy statistics and block optimization added. Called once per recording session during cleanup.

  • RunRecorder::write_log_impl: Response +1,192,747ns (+79,884%), Throughput -130ns (-36.5% improvement). Called twice per test event in recording path. Own code improved 36.5%, but underlying compression dominates response time.

Decompression Pipeline:

  • zstd::Reader::read: Response +679,695ns (+70,143%), Throughput -174ns (-28.1% improvement). Full ZSTD decompression with multi-version codec support. Affects replay operations only, not test execution.

  • default_read_exact: Response +679,650ns (+53,937%), Throughput -212ns (-39% improvement). Standard library function now integrated with decompression. Own code 39% faster.

Major Improvement:

  • std::io::Write::write_fmt: Response -13,214ns (-97.7%), Throughput +152ns. Called 442+ times in reporter code. Eliminated expensive complete_io bottleneck, providing significant cumulative benefit for test output.

Self-Update Operations:

  • SelfCommand::exec: Response +7,100,588ns (+160,180%). Now executes full self-update workflow (network I/O, file extraction) vs. stub. Expected for user-initiated command, not test execution.

  • Once::call_once_force: Response +64,516ns (+90,966%). One-time rustls crypto provider initialization for HTTPS. Acceptable for infrequent self-update operations.

Other analyzed functions (serialization, configuration parsing, UI cleanup, memory management) showed changes in non-critical paths with negligible real-world impact.

Flame Graph Comparison

Function: zstd::Writer::write (illustrates compression pipeline transformation)

Base version:

Flame Graph

Target version:

Flame Graph

The target version shows dramatic expansion from shallow 2-level calls to 10-level deep stack with extensive ZSTD compression operations (dictionary matching, entropy encoding, parallel histogram counting) consuming 99.9% of execution time.

Additional Findings

Architectural Isolation Effective: Recording subsystem's separate thread with 128-event bounded channel successfully isolates compression regressions from test execution hot paths. The 1.2ms compression overhead per write doesn't block test spawning or output capture.

No Source Code Changes: All performance variations stem from compiler optimization differences triggered by the dependency update, not nextest code modifications. This demonstrates how dependency updates can cause significant performance shifts through code generation changes.

Test Execution Preserved: Critical paths (ExecutorContext::run_test_instance, TestCommand::spawn, ChildAccumulator::fill_buf, DispatcherContext::run) show no changes, maintaining nextest's core performance characteristics.

💬 Questions? Tag @loci-dev

@loci-dev loci-dev force-pushed the main branch 5 times, most recently from b27abae to 6b3869e Compare April 29, 2026 05:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@loci-dev