summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJory Pratt <anarchy@gentoo.org>2019-04-11 15:17:22 -0500
committerJory Pratt <anarchy@gentoo.org>2019-04-11 15:17:22 -0500
commitec206d5adb414eac8d3e7cd2479830889026a679 (patch)
treea75ebdbc257d72d5a2348d18326996bcea264be0
parentbump skalibs/s6 to version 2.8.0.0 to work on utmps (diff)
downloadanarchy-ec206d5adb414eac8d3e7cd2479830889026a679.tar.gz
anarchy-ec206d5adb414eac8d3e7cd2479830889026a679.tar.bz2
anarchy-ec206d5adb414eac8d3e7cd2479830889026a679.zip
net-libs/nodejs: add support for system libressl
Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Jory Pratt <anarchy@gentoo.org>
-rw-r--r--net-libs/nodejs/Manifest10
-rw-r--r--net-libs/nodejs/files/gentoo-global-npm-config.patch40
-rw-r--r--net-libs/nodejs/files/nodejs-4.6.1-libressl.patch587
-rw-r--r--net-libs/nodejs/files/nodejs-8.1.0-libressl.patch697
-rw-r--r--net-libs/nodejs/files/nodejs-8.1.1-libressl.patch697
-rw-r--r--net-libs/nodejs/metadata.xml12
-rw-r--r--net-libs/nodejs/nodejs-10.15.3.ebuild209
-rw-r--r--net-libs/nodejs/nodejs-11.13.0.ebuild11
8 files changed, 8 insertions, 2255 deletions
diff --git a/net-libs/nodejs/Manifest b/net-libs/nodejs/Manifest
index 4da3e0d..bc71a5d 100644
--- a/net-libs/nodejs/Manifest
+++ b/net-libs/nodejs/Manifest
@@ -1,11 +1,5 @@
-AUX gentoo-global-npm-config.patch 1511 BLAKE2B da2b127df9ac9babc87c1930272244e7f89ac1931543fa524e13fb3c53d2b5a9cbdf0d93dc0cae207822dee3c8f71e2a12fca3d608f6de8589ad2c0064f0855b SHA512 b6c8bf88bd44d5461cbad0354273a6f964429d1cde48ab4c8bef9f50452de22bfc5d15707c5c9adc2a0d8000a6b1be4cffdee039618b627fb0d291886309cc3f
AUX nodejs-10.3.0-global-npm-config.patch 819 BLAKE2B 5e40738091bd1f3f18d4cfb2b3a0b94c87c2a570967aec9d418544c182f2e93f28d2dbe564980a975856ca31ab8c115b28fb9374701889cbebe3bba73d4ac83a SHA512 abe27eab0beb3444186fb3c4ce3c67fbc05b684a606f8f8bc4a5bae570fd8fd988f1ad5d65c442842fb6c7b069dc6e3f82577ba6becb1d934ae1039dac074e03
-AUX nodejs-4.6.1-libressl.patch 19943 BLAKE2B 41c343ee457d92b54ba1f1807f0a620c3f964b9778c63685537018484710f64ffa7e8e2217c34c96818aca6f0de22dc468c7d8953632253763141ca810e32de0 SHA512 ec370da5c8d16810f2f737d33e6e3379f26da0bd486c70c0c8bb39a5a8f1667ad8546d2c3229888974c4354658e0d93c67f9e0d5425a19b3575579a75a7e6323
-AUX nodejs-8.1.0-libressl.patch 23442 BLAKE2B d47cefae3ce20517a4cf82b5a25e7d4e46f3703f5206c2f3ce98bf0e8e1047b466e0293dfef33b09d28277e103f8d0194e0e4f384eda98e0c58d94e4c675bc59 SHA512 38e69db4d4611624e29855bff142dc39de0b3fef5e64bf3022154d696b04462da3c42ccc8b641d9cd001fd045525b2a7110188caf38ff623b5b99decb361d619
-AUX nodejs-8.1.1-libressl.patch 23442 BLAKE2B d47cefae3ce20517a4cf82b5a25e7d4e46f3703f5206c2f3ce98bf0e8e1047b466e0293dfef33b09d28277e103f8d0194e0e4f384eda98e0c58d94e4c675bc59 SHA512 38e69db4d4611624e29855bff142dc39de0b3fef5e64bf3022154d696b04462da3c42ccc8b641d9cd001fd045525b2a7110188caf38ff623b5b99decb361d619
AUX nodejs-99999999-llhttp.patch 506 BLAKE2B eea449910b97dfc320247f20bf20467f6c5bfe46f7acc95761270928b3413ffaa04ee948d8dece9a8ba47288804144c75ebda1009af17169b36bcd5b39aa0c33 SHA512 13cdbaf73696b4feef1fec48ac43f6a6d80f59096a81308c746655e2cffa0b0ef78850facff103f27062fd25192d8abd7bc200b36bd25df7bd4b800f80da0c5c
-DIST node-v10.15.3.tar.xz 20262632 BLAKE2B d65d4e274fa829be5cda1970b0ebe7081e8476334cb825e5727324c3202bc015f4ba39589608284d0f8c0b722079c06d1587de5299a3c81ccb7b0eacbdaccf84 SHA512 cf741f733af7a7e1fbd37b0f98110078494b4771dbdfccacfda95a5ea4cda6cdcea4f8d31dddcf27477213614e4ab6cf7d1a1f900cb92936333730737ac4f9e8
DIST node-v11.13.0.tar.xz 22085284 BLAKE2B e771c6109b4ca60b3037ec6a4f8138af75b505f35584a239f30d2a349d6de68db2f2183b89a7d5a4bbe2aef1e29fbbea54bc93697362f56c12e2e0b54fcadcd3 SHA512 89411c9b9cbf1df09cbf2b5e3a910d7ef2e4046a27a5af858c53a20f51b9ab2f9aad4e4c7c41936520e1feed249118fc46e4e4458e7980a878f364082c24fd35
-EBUILD nodejs-10.15.3.ebuild 6558 BLAKE2B ae4666142a4281f8985ad07d96b9066a0a51fa5c1955293a790a6277541a4b05654615a7500ad20cd8fbc801153ebe3426ff417cffd63b6ca742826643eecb79 SHA512 39e9d8875ab498822401936d03d4390547cfe9a53a5b0105dbfaca18a2aa50c94ccbbd5d027e023eefae45d1d0b74ca63deca8f50eb03b72025f8591375e22b9
-EBUILD nodejs-11.13.0.ebuild 6602 BLAKE2B ae1306d725b81d785a298704979d84c60680f8c908de5ab11ef12a57674d62135d2d10b6d68892ba675e936970eaebabedac664c1b0af3d266c81c440254e308 SHA512 67294636de0c1c94e8f046292e529b58958509784bd7b09747f10b86c2bf048adac8fb2659630496d1ac3dcf2c5701f2d06ad63cd3beb6ed6a3721027522bc96
-MISC metadata.xml 806 BLAKE2B d922664ee6afa7000eb7b3dba6c0fc88e5b207173069fa382307c392ee7b9f5a8aea5f8c8eaf18089a35f6318aab0bb00b661983785196a69ac873373d6e4324 SHA512 50e98a83b630a141ce19f12841ee339c98013fafc5711f6b94ed4cdd8b3f0b6507faff25cf3d00c1e422bccacb30a0be62d24a0c38daf2dfa70622fef9212a20
+EBUILD nodejs-11.13.0.ebuild 6561 BLAKE2B 9daa044939fa0b97c1c03a643fde34659a463493c97fdc31b584fb5c849b1779c5e514d8ee98829b32d56b456a6100eaaa352ed3d3873511c65261fef61e5b3f SHA512 f5ad49024563586dfb933e814fdf25bdc28e9bd07a61a0ff4ca1d61fab883ec65daa976b97d70839922675cadea5a843b8629b11c3ec06634a3a236a97866aa7
+MISC metadata.xml 473 BLAKE2B c5c4f0ad6470bd70570d1f547d1355977be676a252416f3fe005733386fa84536aaac9b8e93fb70405fd76608ab2df281c586d80a2f9cc443acd5ca26dc8752a SHA512 f2911891d28329b3f6a21b56976f1507939bd51cb65581f73c2b5716c4610551cbc225450755be2e649e2070e1810ef41ca641d105155ceb1847e9a93ad2ee85
diff --git a/net-libs/nodejs/files/gentoo-global-npm-config.patch b/net-libs/nodejs/files/gentoo-global-npm-config.patch
deleted file mode 100644
index e7346b8..0000000
--- a/net-libs/nodejs/files/gentoo-global-npm-config.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-commit 46ac7cd4229eac5e0182ab62b7ed844c24a8c52e
-Author: Johan Bergström <bugs@bergstroem.nu>
-Date: Wed Feb 10 22:45:59 2016 +1100
-
- npm: set global config folder to /etc/npm
-
- npm previously assumed that the global config path would be
- based on $prefix/etc. Since gentoo installs nodejs into /usr,
- this means we're also creating /usr/etc which is less desirable.
-
- This patch will likely never go upstream.
-
-diff --git a/deps/npm/lib/config/core.js b/deps/npm/lib/config/core.js
-index d1306eb..bd2ef89 100644
---- a/deps/npm/lib/config/core.js
-+++ b/deps/npm/lib/config/core.js
-@@ -150,16 +150,14 @@ function load_ (builtin, rc, cli, cb) {
- // Eg, `npm config get globalconfig --prefix ~/local` should
- // return `~/local/etc/npmrc`
- // annoying humans and their expectations!
-- if (conf.get('prefix')) {
-- var etc = path.resolve(conf.get('prefix'), 'etc')
-- mkdirp(etc, function () {
-- defaults.globalconfig = path.resolve(etc, 'npmrc')
-- defaults.globalignorefile = path.resolve(etc, 'npmignore')
-- afterUserContinuation()
-- })
-- } else {
-+
-+ // gentoo deviates wrt global config; store in /etc/npm
-+ var globalconfig = path.resolve('/etc', 'npm')
-+ mkdirp(globalconfig, function () {
-+ defaults.globalconfig = path.resolve(globalconfig, 'npmrc')
-+ defaults.globalignorefile = path.resolve(globalconfig, 'npmignore')
- afterUserContinuation()
-- }
-+ })
- }
-
- function afterUserContinuation () {
diff --git a/net-libs/nodejs/files/nodejs-4.6.1-libressl.patch b/net-libs/nodejs/files/nodejs-4.6.1-libressl.patch
deleted file mode 100644
index 6cdb715..0000000
--- a/net-libs/nodejs/files/nodejs-4.6.1-libressl.patch
+++ /dev/null
@@ -1,587 +0,0 @@
-diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js
---- node-v4.6.1.orig/lib/_tls_wrap.js 2017-04-12 12:40:43.517228944 -0700
-+++ node-v4.6.1/lib/_tls_wrap.js 2017-04-12 12:49:51.155877106 -0700
-@@ -165,30 +165,33 @@
- if (err)
- return self.destroy(err);
-
-- self._handle.endParser();
-- });
--}
--
--
--function oncertcb(info) {
-- var self = this;
-- var servername = info.servername;
--
-- loadSNI(self, servername, function(err, ctx) {
-- if (err)
-- return self.destroy(err);
-- requestOCSP(self, info, ctx, function(err) {
-+ // Servername came from SSL session
-+ // NOTE: TLS Session ticket doesn't include servername information
-+ //
-+ // Another note, From RFC3546:
-+ //
-+ // If, on the other hand, the older
-+ // session is resumed, then the server MUST ignore extensions appearing
-+ // in the client hello, and send a server hello containing no
-+ // extensions; in this case the extension functionality negotiated
-+ // during the original session initiation is applied to the resumed
-+ // session.
-+ //
-+ // Therefore we should account session loading when dealing with servername
-+ var servername = session && session.servername || hello.servername;
-+ loadSNI(self, servername, function(err, ctx) {
- if (err)
- return self.destroy(err);
-
-- if (!self._handle)
-- return self.destroy(new Error('Socket is closed'));
-+ requestOCSP(self, info, ctx, function(err) {
-+ if (err)
-+ return self.destroy(err);
-+
-+ if (!self._handle)
-+ return self.destroy(new Error('Socket is closed'));
-
-- try {
-- self._handle.certCbDone();
-- } catch (e) {
-- self.destroy(e);
-- }
-+ self._handle.endParser();
-+ });
- });
- });
- }
-@@ -410,18 +413,15 @@
- ssl.onhandshakestart = () => onhandshakestart.call(this);
- ssl.onhandshakedone = () => onhandshakedone.call(this);
- ssl.onclienthello = (hello) => onclienthello.call(this, hello);
-- ssl.oncertcb = (info) => oncertcb.call(this, info);
- ssl.onnewsession = (key, session) => onnewsession.call(this, key, session);
- ssl.lastHandshakeTime = 0;
- ssl.handshakes = 0;
-
-- if (this.server) {
-- if (this.server.listenerCount('resumeSession') > 0 ||
-- this.server.listenerCount('newSession') > 0) {
-- ssl.enableSessionCallbacks();
-- }
-- if (this.server.listenerCount('OCSPRequest') > 0)
-- ssl.enableCertCb();
-+ if (this.server &&
-+ (this.server.listenerCount('resumeSession') > 0 ||
-+ this.server.listenerCount('newSession') > 0 ||
-+ this.server.listenerCount('OCSPRequest') > 0)) {
-+ ssl.enableSessionCallbacks();
- }
- } else {
- ssl.onhandshakestart = function() {};
-@@ -463,7 +463,7 @@
- options.server._contexts.length)) {
- assert(typeof options.SNICallback === 'function');
- this._SNICallback = options.SNICallback;
-- ssl.enableCertCb();
-+ ssl.enableHelloParser();
- }
-
- if (process.features.tls_npn && options.NPNProtocols)
-diff -Naur node-v4.6.1.orig/src/env.h node-v4.6.1/src/env.h
---- node-v4.6.1.orig/src/env.h 2017-04-12 12:40:43.536229174 -0700
-+++ node-v4.6.1/src/env.h 2017-04-12 12:50:02.055009418 -0700
-@@ -57,7 +57,6 @@
- V(bytes_read_string, "bytesRead") \
- V(callback_string, "callback") \
- V(change_string, "change") \
-- V(oncertcb_string, "oncertcb") \
- V(onclose_string, "_onclose") \
- V(code_string, "code") \
- V(compare_string, "compare") \
-diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
---- node-v4.6.1.orig/src/node_crypto.cc 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.cc 2017-04-12 12:52:59.371161636 -0700
-@@ -160,8 +160,6 @@
- #endif
-
- template void SSLWrap<TLSWrap>::DestroySSL();
--template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg);
--template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg);
-
-
- static void crypto_threadid_cb(CRYPTO_THREADID* tid) {
-@@ -525,8 +523,7 @@
- for (int i = 0; i < sk_X509_num(extra_certs); i++) {
- X509* ca = sk_X509_value(extra_certs, i);
-
-- // NOTE: Increments reference count on `ca`
-- r = SSL_CTX_add1_chain_cert(ctx, ca);
-+ r = SSL_CTX_add_extra_chain_cert(ctx, ca);
-
- if (!r) {
- ret = 0;
-@@ -1051,7 +1048,7 @@
- void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) {
- SecureContext* wrap = Unwrap<SecureContext>(args.Holder());
-
-- wrap->ctx_->freelist_max_len = args[0]->Int32Value();
-+ // wrap->ctx_->freelist_max_len = args[0]->Int32Value();
- }
-
-
-@@ -1188,7 +1185,6 @@
- env->SetProtoMethod(t, "verifyError", VerifyError);
- env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher);
- env->SetProtoMethod(t, "endParser", EndParser);
-- env->SetProtoMethod(t, "certCbDone", CertCbDone);
- env->SetProtoMethod(t, "renegotiate", Renegotiate);
- env->SetProtoMethod(t, "shutdownSSL", Shutdown);
- env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket);
-@@ -2079,129 +2075,6 @@
-
-
- template <class Base>
--void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) {
-- cert_cb_ = cb;
-- cert_cb_arg_ = arg;
--}
--
--
--template <class Base>
--int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) {
-- Base* w = static_cast<Base*>(SSL_get_app_data(s));
--
-- if (!w->is_server())
-- return 1;
--
-- if (!w->is_waiting_cert_cb())
-- return 1;
--
-- if (w->cert_cb_running_)
-- return -1;
--
-- Environment* env = w->env();
-- HandleScope handle_scope(env->isolate());
-- Context::Scope context_scope(env->context());
-- w->cert_cb_running_ = true;
--
-- Local<Object> info = Object::New(env->isolate());
--
-- SSL_SESSION* sess = SSL_get_session(s);
-- if (sess != nullptr) {
-- if (sess->tlsext_hostname == nullptr) {
-- info->Set(env->servername_string(), String::Empty(env->isolate()));
-- } else {
-- Local<String> servername = OneByteString(env->isolate(),
-- sess->tlsext_hostname,
-- strlen(sess->tlsext_hostname));
-- info->Set(env->servername_string(), servername);
-- }
-- info->Set(env->tls_ticket_string(),
-- Boolean::New(env->isolate(), sess->tlsext_ticklen != 0));
-- }
--
-- bool ocsp = false;
--#ifdef NODE__HAVE_TLSEXT_STATUS_CB
-- ocsp = s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp;
--#endif
--
-- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp));
--
-- Local<Value> argv[] = { info };
-- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv);
--
-- if (!w->cert_cb_running_)
-- return 1;
--
-- // Performing async action, wait...
-- return -1;
--}
--
--
--template <class Base>
--void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) {
-- Base* w = Unwrap<Base>(args.Holder());
-- Environment* env = w->env();
--
-- CHECK(w->is_waiting_cert_cb() && w->cert_cb_running_);
--
-- Local<Object> object = w->object();
-- Local<Value> ctx = object->Get(env->sni_context_string());
-- Local<FunctionTemplate> cons = env->secure_context_constructor_template();
--
-- // Not an object, probably undefined or null
-- if (!ctx->IsObject())
-- goto fire_cb;
--
-- if (cons->HasInstance(ctx)) {
-- SecureContext* sc = Unwrap<SecureContext>(ctx.As<Object>());
-- w->sni_context_.Reset();
-- w->sni_context_.Reset(env->isolate(), ctx);
--
-- int rv;
--
-- // NOTE: reference count is not increased by this API methods
-- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_);
-- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_);
-- STACK_OF(X509)* chain;
--
-- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain);
-- if (rv)
-- rv = SSL_use_certificate(w->ssl_, x509);
-- if (rv)
-- rv = SSL_use_PrivateKey(w->ssl_, pkey);
-- if (rv && chain != nullptr)
-- rv = SSL_set1_chain(w->ssl_, chain);
-- if (rv)
-- rv = w->SetCACerts(sc);
-- if (!rv) {
-- unsigned long err = ERR_get_error(); // NOLINT(runtime/int)
-- if (!err)
-- return env->ThrowError("CertCbDone");
-- return ThrowCryptoError(env, err);
-- }
-- } else {
-- // Failure: incorrect SNI context object
-- Local<Value> err = Exception::TypeError(env->sni_context_err_string());
-- w->MakeCallback(env->onerror_string(), 1, &err);
-- return;
-- }
--
-- fire_cb:
-- CertCb cb;
-- void* arg;
--
-- cb = w->cert_cb_;
-- arg = w->cert_cb_arg_;
--
-- w->cert_cb_running_ = false;
-- w->cert_cb_ = nullptr;
-- w->cert_cb_arg_ = nullptr;
--
-- cb(arg);
--}
--
--
--template <class Base>
- void SSLWrap<Base>::SSLGetter(Local<String> property,
- const PropertyCallbackInfo<Value>& info) {
- SSL* ssl = Unwrap<Base>(info.This())->ssl_;
-@@ -2232,10 +2105,6 @@
-
- template <class Base>
- int SSLWrap<Base>::SetCACerts(SecureContext* sc) {
-- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_));
-- if (err != 1)
-- return err;
--
- STACK_OF(X509_NAME)* list = SSL_dup_CA_list(
- SSL_CTX_get_client_CA_list(sc->ctx_));
-
-@@ -2329,10 +2198,6 @@
- DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func);
- return 0;
-
-- } else if (err == SSL_ERROR_WANT_X509_LOOKUP) {
-- DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func);
-- return 0;
--
- } else if (err == SSL_ERROR_ZERO_RETURN) {
- HandleScope scope(ssl_env()->isolate());
-
-@@ -2513,7 +2378,7 @@
- SSL* ssl = static_cast<SSL*>(
- X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
-
-- if (SSL_is_server(ssl))
-+ if (ssl->server)
- return 1;
-
- // Client needs to check if the server cert is listed in the
-@@ -2540,7 +2405,7 @@
-
- // Call the SNI callback and use its return value as context
- if (!conn->sniObject_.IsEmpty()) {
-- conn->sni_context_.Reset();
-+ conn->sniContext_.Reset();
-
- Local<Object> sni_obj = PersistentToLocal(env->isolate(),
- conn->sniObject_);
-@@ -2556,7 +2421,7 @@
- Local<FunctionTemplate> secure_context_constructor_template =
- env->secure_context_constructor_template();
- if (secure_context_constructor_template->HasInstance(ret)) {
-- conn->sni_context_.Reset(env->isolate(), ret);
-+ conn->sniContext_.Reset(env->isolate(), ret);
- SecureContext* sc = Unwrap<SecureContext>(ret.As<Object>());
- conn->SetSNIContext(sc);
- } else {
-@@ -2594,8 +2459,6 @@
-
- InitNPN(sc);
-
-- SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn);
--
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- if (is_server) {
- SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_);
-diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
---- node-v4.6.1.orig/src/node_crypto.h 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.h 2017-04-12 12:55:08.867710808 -0700
-@@ -179,10 +179,7 @@
- kind_(kind),
- next_sess_(nullptr),
- session_callbacks_(false),
-- new_session_wait_(false),
-- cert_cb_(nullptr),
-- cert_cb_arg_(nullptr),
-- cert_cb_running_(false) {
-+ new_session_wait_(false) {
- ssl_ = SSL_new(sc->ctx_);
- env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
- CHECK_NE(ssl_, nullptr);
-@@ -199,9 +196,6 @@
- npn_protos_.Reset();
- selected_npn_proto_.Reset();
- #endif
--#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-- sni_context_.Reset();
--#endif
- #ifdef NODE__HAVE_TLSEXT_STATUS_CB
- ocsp_response_.Reset();
- #endif // NODE__HAVE_TLSEXT_STATUS_CB
-@@ -212,11 +206,8 @@
- inline bool is_server() const { return kind_ == kServer; }
- inline bool is_client() const { return kind_ == kClient; }
- inline bool is_waiting_new_session() const { return new_session_wait_; }
-- inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; }
-
- protected:
-- typedef void (*CertCb)(void* arg);
--
- // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
- // some for buffers.
- // NOTE: Actually it is much more than this
-@@ -244,7 +235,6 @@
- static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
-- static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args);
-@@ -273,12 +263,10 @@
- void* arg);
- #endif // OPENSSL_NPN_NEGOTIATED
- static int TLSExtStatusCallback(SSL* s, void* arg);
-- static int SSLCertCallback(SSL* s, void* arg);
- static void SSLGetter(v8::Local<v8::String> property,
- const v8::PropertyCallbackInfo<v8::Value>& info);
-
- void DestroySSL();
-- void WaitForCertCb(CertCb cb, void* arg);
- void SetSNIContext(SecureContext* sc);
- int SetCACerts(SecureContext* sc);
-
-@@ -293,11 +281,6 @@
- bool session_callbacks_;
- bool new_session_wait_;
-
-- // SSL_set_cert_cb
-- CertCb cert_cb_;
-- void* cert_cb_arg_;
-- bool cert_cb_running_;
--
- ClientHelloParser hello_parser_;
-
- #ifdef NODE__HAVE_TLSEXT_STATUS_CB
-@@ -309,10 +292,6 @@
- v8::Persistent<v8::Value> selected_npn_proto_;
- #endif // OPENSSL_NPN_NEGOTIATED
-
--#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-- v8::Persistent<v8::Value> sni_context_;
--#endif
--
- friend class SecureContext;
- };
-
-@@ -324,6 +303,7 @@
- ~Connection() override {
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- sniObject_.Reset();
-+ sniContext_.Reset();
- servername_.Reset();
- #endif
- }
-@@ -338,6 +318,7 @@
-
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- v8::Persistent<v8::Object> sniObject_;
-+ v8::Persistent<v8::Value> sniContext_;
- v8::Persistent<v8::String> servername_;
- #endif
-
-diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc
---- node-v4.6.1.orig/src/tls_wrap.cc 2017-04-12 12:40:43.557229429 -0700
-+++ node-v4.6.1/src/tls_wrap.cc 2017-04-12 13:36:49.323009154 -0700
-@@ -141,8 +141,6 @@
-
- InitNPN(sc_);
-
-- SSL_set_cert_cb(ssl_, SSLWrap<TLSWrap>::SSLCertCallback, this);
--
- if (is_server()) {
- SSL_set_accept_state(ssl_);
- } else if (is_client()) {
-@@ -353,7 +351,6 @@
- case SSL_ERROR_NONE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
-- case SSL_ERROR_WANT_X509_LOOKUP:
- break;
- case SSL_ERROR_ZERO_RETURN:
- return scope.Escape(env()->zero_return_string());
-@@ -769,6 +766,11 @@
- "EnableSessionCallbacks after destroySSL");
- }
- wrap->enable_session_callbacks();
-+ EnableHelloParser(args);
-+}
-+
-+void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) {
-+ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder());
- NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength);
- wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello,
- OnClientHelloParseEnd,
-@@ -793,12 +795,6 @@
- }
-
-
--void TLSWrap::EnableCertCb(const FunctionCallbackInfo<Value>& args) {
-- TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder());
-- wrap->WaitForCertCb(OnClientHelloParseEnd, wrap);
--}
--
--
- void TLSWrap::OnClientHelloParseEnd(void* arg) {
- TLSWrap* c = static_cast<TLSWrap*>(arg);
- c->Cycle();
-@@ -896,8 +892,8 @@
- env->SetProtoMethod(t, "start", Start);
- env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode);
- env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks);
-+ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser);
- env->SetProtoMethod(t, "destroySSL", DestroySSL);
-- env->SetProtoMethod(t, "enableCertCb", EnableCertCb);
-
- StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev);
- SSLWrap<TLSWrap>::AddMethods(env, t);
-diff -Naur node-v4.6.1.orig/src/tls_wrap.h node-v4.6.1/src/tls_wrap.h
---- node-v4.6.1.orig/src/tls_wrap.h 2017-04-12 12:40:43.558229441 -0700
-+++ node-v4.6.1/src/tls_wrap.h 2017-04-12 13:35:51.214213644 -0700
-@@ -132,7 +132,7 @@
- static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void EnableSessionCallbacks(
- const v8::FunctionCallbackInfo<v8::Value>& args);
-- static void EnableCertCb(
-+ static void EnableHelloParser(
- const v8::FunctionCallbackInfo<v8::Value>& args);
- static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args);
-
-@@ -160,6 +160,10 @@
- // If true - delivered EOF to the js-land, either after `close_notify`, or
- // after the `UV_EOF` on socket.
- bool eof_;
-+
-+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-+ v8::Persistent<v8::Value> sni_context_;
-+#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- };
-
- } // namespace node
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js
---- node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:40:43.865233168 -0700
-+++ node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:58:14.901936343 -0700
-@@ -53,7 +53,9 @@
- port: undefined,
- rejectUnauthorized: true
- },
-- errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
-+ // LibreSSL returns CERT_UNTRUSTED in this case, OpenSSL UNABLE_TO_GET_ISSUER_CERT_LOCALLY.
-+ errorCode: 'CERT_UNTRUSTED'
-+ // errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
- }
- ];
-
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js node-v4.6.1/test/parallel/test-tls-sni-server-client.js
---- node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js 2017-04-12 12:40:43.878233326 -0700
-+++ node-v4.6.1/test/parallel/test-tls-sni-server-client.js 2017-04-12 13:00:18.804418594 -0700
-@@ -36,39 +36,37 @@
- 'asterisk.test.com': {
- key: loadPEM('agent3-key'),
- cert: loadPEM('agent3-cert')
-- },
-- 'chain.example.com': {
-- key: loadPEM('agent6-key'),
-- // NOTE: Contains ca3 chain cert
-- cert: loadPEM('agent6-cert')
- }
- };
-
- var clientsOptions = [{
- port: undefined,
-+ key: loadPEM('agent1-key'),
-+ cert: loadPEM('agent1-cert'),
- ca: [loadPEM('ca1-cert')],
- servername: 'a.example.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent2-key'),
-+ cert: loadPEM('agent2-cert'),
- ca: [loadPEM('ca2-cert')],
- servername: 'b.test.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent2-key'),
-+ cert: loadPEM('agent2-cert'),
- ca: [loadPEM('ca2-cert')],
- servername: 'a.b.test.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent3-key'),
-+ cert: loadPEM('agent3-cert'),
- ca: [loadPEM('ca1-cert')],
- servername: 'c.wrong.com',
- rejectUnauthorized: false
--}, {
-- port: undefined,
-- ca: [loadPEM('ca1-cert')],
-- servername: 'chain.example.com',
-- rejectUnauthorized: false
- }];
-
- const serverResults = [];
-@@ -80,7 +78,6 @@
-
- server.addContext('a.example.com', SNIContexts['a.example.com']);
- server.addContext('*.test.com', SNIContexts['asterisk.test.com']);
--server.addContext('chain.example.com', SNIContexts['chain.example.com']);
-
- server.listen(0, startTest);
-
-@@ -109,8 +106,7 @@
-
- process.on('exit', function() {
- assert.deepEqual(serverResults, [
-- 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com',
-- 'chain.example.com'
-+ 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com'
- ]);
-- assert.deepEqual(clientResults, [true, true, false, false, true]);
-+ assert.deepEqual(clientResults, [true, true, false, false]);
- });
diff --git a/net-libs/nodejs/files/nodejs-8.1.0-libressl.patch b/net-libs/nodejs/files/nodejs-8.1.0-libressl.patch
deleted file mode 100644
index 31493be..0000000
--- a/net-libs/nodejs/files/nodejs-8.1.0-libressl.patch
+++ /dev/null
@@ -1,697 +0,0 @@
-diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js
---- node-v4.6.1.orig/lib/_tls_wrap.js 2017-04-12 12:40:43.517228944 -0700
-+++ node-v4.6.1/lib/_tls_wrap.js 2017-04-12 12:49:51.155877106 -0700
-@@ -165,30 +165,33 @@
- if (err)
- return self.destroy(err);
-
-- self._handle.endParser();
-- });
--}
--
--
--function oncertcb(info) {
-- var self = this;
-- var servername = info.servername;
--
-- loadSNI(self, servername, function(err, ctx) {
-- if (err)
-- return self.destroy(err);
-- requestOCSP(self, info, ctx, function(err) {
-+ // Servername came from SSL session
-+ // NOTE: TLS Session ticket doesn't include servername information
-+ //
-+ // Another note, From RFC3546:
-+ //
-+ // If, on the other hand, the older
-+ // session is resumed, then the server MUST ignore extensions appearing
-+ // in the client hello, and send a server hello containing no
-+ // extensions; in this case the extension functionality negotiated
-+ // during the original session initiation is applied to the resumed
-+ // session.
-+ //
-+ // Therefore we should account session loading when dealing with servername
-+ var servername = session && session.servername || hello.servername;
-+ loadSNI(self, servername, function(err, ctx) {
- if (err)
- return self.destroy(err);
-
-- if (!self._handle)
-- return self.destroy(new Error('Socket is closed'));
-+ requestOCSP(self, info, ctx, function(err) {
-+ if (err)
-+ return self.destroy(err);
-+
-+ if (!self._handle)
-+ return self.destroy(new Error('Socket is closed'));
-
-- try {
-- self._handle.certCbDone();
-- } catch (e) {
-- self.destroy(e);
-- }
-+ self._handle.endParser();
-+ });
- });
- });
- }
-@@ -410,18 +413,15 @@
- ssl.onhandshakestart = () => onhandshakestart.call(this);
- ssl.onhandshakedone = () => onhandshakedone.call(this);
- ssl.onclienthello = (hello) => onclienthello.call(this, hello);
-- ssl.oncertcb = (info) => oncertcb.call(this, info);
- ssl.onnewsession = (key, session) => onnewsession.call(this, key, session);
- ssl.lastHandshakeTime = 0;
- ssl.handshakes = 0;
-
-- if (this.server) {
-- if (this.server.listenerCount('resumeSession') > 0 ||
-- this.server.listenerCount('newSession') > 0) {
-- ssl.enableSessionCallbacks();
-- }
-- if (this.server.listenerCount('OCSPRequest') > 0)
-- ssl.enableCertCb();
-+ if (this.server &&
-+ (this.server.listenerCount('resumeSession') > 0 ||
-+ this.server.listenerCount('newSession') > 0 ||
-+ this.server.listenerCount('OCSPRequest') > 0)) {
-+ ssl.enableSessionCallbacks();
- }
- } else {
- ssl.onhandshakestart = function() {};
-@@ -463,7 +463,7 @@
- options.server._contexts.length)) {
- assert(typeof options.SNICallback === 'function');
- this._SNICallback = options.SNICallback;
-- ssl.enableCertCb();
-+ ssl.enableHelloParser();
- }
-
- if (process.features.tls_npn && options.NPNProtocols)
-diff -Naur node-v4.6.1.orig/src/env.h node-v4.6.1/src/env.h
---- node-v4.6.1.orig/src/env.h 2017-04-12 12:40:43.536229174 -0700
-+++ node-v4.6.1/src/env.h 2017-04-12 12:50:02.055009418 -0700
-@@ -57,7 +57,6 @@
- V(bytes_read_string, "bytesRead") \
- V(callback_string, "callback") \
- V(change_string, "change") \
-- V(oncertcb_string, "oncertcb") \
- V(onclose_string, "_onclose") \
- V(code_string, "code") \
- V(compare_string, "compare") \
-diff -Naur node-v4.6.1.orig/src/node.cc node-v4.6.1/src/node.cc
---- node-v4.6.1.orig/src/node.cc 2017-06-08 05:31:34.000000000 -0500
-+++ node-v4.6.1/src/node.cc 2017-06-30 10:26:59.945166636 -0500
-@@ -202,7 +202,7 @@
- false;
- #endif
-
--# if NODE_FIPS_MODE
-+# if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- // used by crypto module
- bool enable_fips_crypto = false;
- bool force_fips_crypto = false;
-@@ -3676,7 +3676,7 @@
- " (default)"
- #endif
- "\n"
--#if NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- " --enable-fips enable FIPS crypto at startup\n"
- " --force-fips force FIPS crypto (cannot be disabled)\n"
- #endif /* NODE_FIPS_MODE */
-@@ -3926,7 +3926,7 @@
- } else if (strncmp(arg, "--use-bundled-ca", 16) == 0) {
- use_bundled_ca = true;
- ssl_openssl_cert_store = false;
--#if NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- } else if (strcmp(arg, "--enable-fips") == 0) {
- enable_fips_crypto = true;
- } else if (strcmp(arg, "--force-fips") == 0) {
-@@ -4624,7 +4624,7 @@
- if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs))
- crypto::UseExtraCaCerts(extra_ca_certs);
- }
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- // In the case of FIPS builds we should make sure
- // the random source is properly initialized first.
- OPENSSL_init();
-diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
---- node-v4.6.1.orig/src/node_crypto.cc 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.cc 2017-04-12 12:52:59.371161636 -0700
-@@ -160,8 +160,6 @@
- #endif
-
- template void SSLWrap<TLSWrap>::DestroySSL();
--template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg);
--template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg);
-
-
- static void crypto_threadid_cb(CRYPTO_THREADID* tid) {
-@@ -525,8 +523,7 @@
- for (int i = 0; i < sk_X509_num(extra_certs); i++) {
- X509* ca = sk_X509_value(extra_certs, i);
-
-- // NOTE: Increments reference count on `ca`
-- r = SSL_CTX_add1_chain_cert(ctx, ca);
-+ r = SSL_CTX_add_extra_chain_cert(ctx, ca);
-
- if (!r) {
- ret = 0;
-@@ -717,7 +717,7 @@
- }
-
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)) || defined(LIBRESSL_VERSION_NUMBER)
- // This section contains OpenSSL 1.1.0 functions reimplemented for OpenSSL
- // 1.0.2 so that the following code can be written without lots of #if lines.
-
-@@ -725,11 +725,12 @@
- CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
- return 1;
- }
--
-+#if !defined(LIBRESSL_VERSION_NUMBER)
- static int X509_up_ref(X509* cert) {
- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
- return 1;
- }
-+#endif
- #endif // OPENSSL_VERSION_NUMBER < 0x10100000L && !OPENSSL_IS_BORINGSSL
-
-
-@@ -1194,7 +1194,7 @@
- SecureContext* wrap;
- ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
-
-- wrap->ctx_->freelist_max_len = args[0]->Int32Value();
-+ //wrap->ctx_->freelist_max_len = args[0]->Int32Value();
- #endif
- }
-
-@@ -1188,7 +1185,6 @@
- env->SetProtoMethod(t, "verifyError", VerifyError);
- env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher);
- env->SetProtoMethod(t, "endParser", EndParser);
-- env->SetProtoMethod(t, "certCbDone", CertCbDone);
- env->SetProtoMethod(t, "renegotiate", Renegotiate);
- env->SetProtoMethod(t, "shutdownSSL", Shutdown);
- env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket);
-@@ -2411,126 +2411,6 @@
-
-
- template <class Base>
--void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) {
-- cert_cb_ = cb;
-- cert_cb_arg_ = arg;
--}
--
--
--template <class Base>
--int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) {
-- Base* w = static_cast<Base*>(SSL_get_app_data(s));
--
-- if (!w->is_server())
-- return 1;
--
-- if (!w->is_waiting_cert_cb())
-- return 1;
--
-- if (w->cert_cb_running_)
-- return -1;
--
-- Environment* env = w->env();
-- HandleScope handle_scope(env->isolate());
-- Context::Scope context_scope(env->context());
-- w->cert_cb_running_ = true;
--
-- Local<Object> info = Object::New(env->isolate());
--
-- const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-- if (servername == nullptr) {
-- info->Set(env->servername_string(), String::Empty(env->isolate()));
-- } else {
-- Local<String> str = OneByteString(env->isolate(), servername,
-- strlen(servername));
-- info->Set(env->servername_string(), str);
-- }
--
-- bool ocsp = false;
--#ifdef NODE__HAVE_TLSEXT_STATUS_CB
-- ocsp = s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp;
--#endif
--
-- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp));
--
-- Local<Value> argv[] = { info };
-- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv);
--
-- if (!w->cert_cb_running_)
-- return 1;
--
-- // Performing async action, wait...
-- return -1;
--}
--
--
--template <class Base>
--void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) {
-- Base* w;
-- ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
-- Environment* env = w->env();
--
-- CHECK(w->is_waiting_cert_cb() && w->cert_cb_running_);
--
-- Local<Object> object = w->object();
-- Local<Value> ctx = object->Get(env->sni_context_string());
-- Local<FunctionTemplate> cons = env->secure_context_constructor_template();
--
-- // Not an object, probably undefined or null
-- if (!ctx->IsObject())
-- goto fire_cb;
--
-- if (cons->HasInstance(ctx)) {
-- SecureContext* sc;
-- ASSIGN_OR_RETURN_UNWRAP(&sc, ctx.As<Object>());
-- w->sni_context_.Reset();
-- w->sni_context_.Reset(env->isolate(), ctx);
--
-- int rv;
--
-- // NOTE: reference count is not increased by this API methods
-- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_);
-- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_);
-- STACK_OF(X509)* chain;
--
-- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain);
-- if (rv)
-- rv = SSL_use_certificate(w->ssl_, x509);
-- if (rv)
-- rv = SSL_use_PrivateKey(w->ssl_, pkey);
-- if (rv && chain != nullptr)
-- rv = SSL_set1_chain(w->ssl_, chain);
-- if (rv)
-- rv = w->SetCACerts(sc);
-- if (!rv) {
-- unsigned long err = ERR_get_error(); // NOLINT(runtime/int)
-- if (!err)
-- return env->ThrowError("CertCbDone");
-- return ThrowCryptoError(env, err);
-- }
-- } else {
-- // Failure: incorrect SNI context object
-- Local<Value> err = Exception::TypeError(env->sni_context_err_string());
-- w->MakeCallback(env->onerror_string(), 1, &err);
-- return;
-- }
--
-- fire_cb:
-- CertCb cb;
-- void* arg;
--
-- cb = w->cert_cb_;
-- arg = w->cert_cb_arg_;
--
-- w->cert_cb_running_ = false;
-- w->cert_cb_ = nullptr;
-- w->cert_cb_arg_ = nullptr;
--
-- cb(arg);
--}
--
--
--template <class Base>
- void SSLWrap<Base>::SSLGetter(Local<String> property,
- const PropertyCallbackInfo<Value>& info) {
- Base* base;
-@@ -2232,10 +2105,6 @@
-
- template <class Base>
- int SSLWrap<Base>::SetCACerts(SecureContext* sc) {
-- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_));
-- if (err != 1)
-- return err;
--
- STACK_OF(X509_NAME)* list = SSL_dup_CA_list(
- SSL_CTX_get_client_CA_list(sc->ctx_));
-
-@@ -2329,10 +2198,6 @@
- DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func);
- return 0;
-
-- } else if (err == SSL_ERROR_WANT_X509_LOOKUP) {
-- DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func);
-- return 0;
--
- } else if (err == SSL_ERROR_ZERO_RETURN) {
- HandleScope scope(ssl_env()->isolate());
-
-@@ -2875,7 +2755,8 @@
- SSL* ssl = static_cast<SSL*>(
- X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
-
-- if (SSL_is_server(ssl))
-+ //if (SSL_is_server(ssl))
-+ if(ssl->server)
- return CHECK_OK;
-
- // Client needs to check if the server cert is listed in the
-@@ -2540,7 +2405,7 @@
-
- // Call the SNI callback and use its return value as context
- if (!conn->sniObject_.IsEmpty()) {
-- conn->sni_context_.Reset();
-+ conn->sniContext_.Reset();
-
- Local<Object> sni_obj = PersistentToLocal(env->isolate(),
- conn->sniObject_);
-@@ -2918,7 +2799,7 @@
- Local<FunctionTemplate> secure_context_constructor_template =
- env->secure_context_constructor_template();
- if (secure_context_constructor_template->HasInstance(ret)) {
-- conn->sni_context_.Reset(env->isolate(), ret);
-+ conn->sniContext_.Reset(env->isolate(), ret);
- SecureContext* sc;
- ASSIGN_OR_RETURN_UNWRAP(&sc, ret.As<Object>(), SSL_TLSEXT_ERR_NOACK);
- conn->SetSNIContext(sc);
-@@ -2594,8 +2459,6 @@
-
- InitNPN(sc);
-
-- SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn);
--
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- if (is_server) {
- SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_);
-@@ -3335,7 +3335,7 @@
- int key_buf_len) {
- HandleScope scope(env()->isolate());
-
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- if (FIPS_mode()) {
- return env()->ThrowError(
- "crypto.createCipher() is not supported in FIPS mode.");
-@@ -4185,7 +4185,7 @@
- if (pkey == nullptr || 0 != ERR_peek_error())
- goto exit;
-
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- /* Validate DSA2 parameters from FIPS 186-4 */
- if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) {
- size_t L = BN_num_bits(pkey->pkey.dsa->p);
-@@ -6132,7 +6132,7 @@
- CRYPTO_set_locking_callback(crypto_lock_cb);
- CRYPTO_THREADID_set_callback(crypto_threadid_cb);
-
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- /* Override FIPS settings in cnf file, if needed. */
- unsigned long err = 0; // NOLINT(runtime/int)
- if (enable_fips_crypto || force_fips_crypto) {
-@@ -6201,16 +6201,20 @@
- #endif // !OPENSSL_NO_ENGINE
-
- void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- if (FIPS_mode()) {
- args.GetReturnValue().Set(1);
- } else {
- args.GetReturnValue().Set(0);
- }
-+#else
-+ args.GetReturnValue().Set(0);
-+#endif
- }
-
- void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
- Environment* env = Environment::GetCurrent(args);
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- bool mode = args[0]->BooleanValue();
- if (force_fips_crypto) {
- return env->ThrowError(
-diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
---- node-v4.6.1.orig/src/node_crypto.h 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.h 2017-04-12 12:55:08.867710808 -0700
-@@ -179,10 +179,7 @@
- kind_(kind),
- next_sess_(nullptr),
- session_callbacks_(false),
-- new_session_wait_(false),
-- cert_cb_(nullptr),
-- cert_cb_arg_(nullptr),
-- cert_cb_running_(false) {
-+ new_session_wait_(false) {
- ssl_ = SSL_new(sc->ctx_);
- env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
- CHECK_NE(ssl_, nullptr);
-@@ -200,9 +200,6 @@
- next_sess_ = nullptr;
- }
-
--#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-- sni_context_.Reset();
--#endif
-
- #ifdef NODE__HAVE_TLSEXT_STATUS_CB
- ocsp_response_.Reset();
-@@ -212,11 +206,8 @@
- inline bool is_server() const { return kind_ == kServer; }
- inline bool is_client() const { return kind_ == kClient; }
- inline bool is_waiting_new_session() const { return new_session_wait_; }
-- inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; }
-
- protected:
-- typedef void (*CertCb)(void* arg);
--
- // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
- // some for buffers.
- // NOTE: Actually it is much more than this
-@@ -244,7 +235,6 @@
- static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
-- static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args);
-@@ -273,12 +263,10 @@
- void* arg);
- #endif // OPENSSL_NPN_NEGOTIATED
- static int TLSExtStatusCallback(SSL* s, void* arg);
-- static int SSLCertCallback(SSL* s, void* arg);
- static void SSLGetter(v8::Local<v8::String> property,
- const v8::PropertyCallbackInfo<v8::Value>& info);
-
- void DestroySSL();
-- void WaitForCertCb(CertCb cb, void* arg);
- void SetSNIContext(SecureContext* sc);
- int SetCACerts(SecureContext* sc);
-
-@@ -293,11 +281,6 @@
- bool session_callbacks_;
- bool new_session_wait_;
-
-- // SSL_set_cert_cb
-- CertCb cert_cb_;
-- void* cert_cb_arg_;
-- bool cert_cb_running_;
--
- ClientHelloParser hello_parser_;
-
- #ifdef NODE__HAVE_TLSEXT_STATUS_CB
-@@ -309,10 +292,6 @@
- v8::Persistent<v8::Value> selected_npn_proto_;
- #endif // OPENSSL_NPN_NEGOTIATED
-
--#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-- v8::Persistent<v8::Value> sni_context_;
--#endif
--
- friend class SecureContext;
- };
-
-@@ -324,6 +303,7 @@
- ~Connection() override {
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- sniObject_.Reset();
-+ sniContext_.Reset();
- servername_.Reset();
- #endif
- }
-@@ -338,6 +318,7 @@
-
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- v8::Persistent<v8::Object> sniObject_;
-+ v8::Persistent<v8::Value> sniContext_;
- v8::Persistent<v8::String> servername_;
- #endif
-
-diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc
---- node-v4.6.1.orig/src/tls_wrap.cc 2017-04-12 12:40:43.557229429 -0700
-+++ node-v4.6.1/src/tls_wrap.cc 2017-04-12 13:36:49.323009154 -0700
-@@ -141,8 +141,6 @@
-
- InitNPN(sc_);
-
-- SSL_set_cert_cb(ssl_, SSLWrap<TLSWrap>::SSLCertCallback, this);
--
- if (is_server()) {
- SSL_set_accept_state(ssl_);
- } else if (is_client()) {
-@@ -353,7 +351,6 @@
- case SSL_ERROR_NONE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
-- case SSL_ERROR_WANT_X509_LOOKUP:
- break;
- case SSL_ERROR_ZERO_RETURN:
- return scope.Escape(env()->zero_return_string());
-@@ -769,6 +766,11 @@
- "EnableSessionCallbacks after destroySSL");
- }
- wrap->enable_session_callbacks();
-+ EnableHelloParser(args);
-+}
-+
-+void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) {
-+ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder());
- NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength);
- wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello,
- OnClientHelloParseEnd,
-@@ -833,13 +833,6 @@
- }
-
-
--void TLSWrap::EnableCertCb(const FunctionCallbackInfo<Value>& args) {
-- TLSWrap* wrap;
-- ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
-- wrap->WaitForCertCb(OnClientHelloParseEnd, wrap);
--}
--
--
- void TLSWrap::OnClientHelloParseEnd(void* arg) {
- TLSWrap* c = static_cast<TLSWrap*>(arg);
- c->Cycle();
-@@ -896,8 +892,8 @@
- env->SetProtoMethod(t, "start", Start);
- env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode);
- env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks);
-+ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser);
- env->SetProtoMethod(t, "destroySSL", DestroySSL);
-- env->SetProtoMethod(t, "enableCertCb", EnableCertCb);
-
- StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev);
- SSLWrap<TLSWrap>::AddMethods(env, t);
-diff -Naur node-v4.6.1.orig/src/tls_wrap.h node-v4.6.1/src/tls_wrap.h
---- node-v4.6.1.orig/src/tls_wrap.h 2017-04-12 12:40:43.558229441 -0700
-+++ node-v4.6.1/src/tls_wrap.h 2017-04-12 13:35:51.214213644 -0700
-@@ -132,7 +132,7 @@
- static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void EnableSessionCallbacks(
- const v8::FunctionCallbackInfo<v8::Value>& args);
-- static void EnableCertCb(
-+ static void EnableHelloParser(
- const v8::FunctionCallbackInfo<v8::Value>& args);
- static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args);
-
-@@ -160,6 +160,10 @@
- // If true - delivered EOF to the js-land, either after `close_notify`, or
- // after the `UV_EOF` on socket.
- bool eof_;
-+
-+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-+ v8::Persistent<v8::Value> sni_context_;
-+#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- };
-
- } // namespace node
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js
---- node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:40:43.865233168 -0700
-+++ node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:58:14.901936343 -0700
-@@ -53,7 +53,9 @@
- port: undefined,
- rejectUnauthorized: true
- },
-- errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
-+ // LibreSSL returns CERT_UNTRUSTED in this case, OpenSSL UNABLE_TO_GET_ISSUER_CERT_LOCALLY.
-+ errorCode: 'CERT_UNTRUSTED'
-+ // errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
- }
- ];
-
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js node-v4.6.1/test/parallel/test-tls-sni-server-client.js
---- node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js 2017-04-12 12:40:43.878233326 -0700
-+++ node-v4.6.1/test/parallel/test-tls-sni-server-client.js 2017-04-12 13:00:18.804418594 -0700
-@@ -56,39 +56,37 @@
- 'asterisk.test.com': {
- key: loadPEM('agent3-key'),
- cert: loadPEM('agent3-cert')
-- },
-- 'chain.example.com': {
-- key: loadPEM('agent6-key'),
-- // NOTE: Contains ca3 chain cert
-- cert: loadPEM('agent6-cert')
- }
- };
-
- const clientsOptions = [{
- port: undefined,
-+ key: loadPEM('agent1-key'),
-+ cert: loadPEM('agent1-cert'),
- ca: [loadPEM('ca1-cert')],
- servername: 'a.example.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent2-key'),
-+ cert: loadPEM('agent2-cert'),
- ca: [loadPEM('ca2-cert')],
- servername: 'b.test.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent2-key'),
-+ cert: loadPEM('agent2-cert'),
- ca: [loadPEM('ca2-cert')],
- servername: 'a.b.test.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent3-key'),
-+ cert: loadPEM('agent3-cert'),
- ca: [loadPEM('ca1-cert')],
- servername: 'c.wrong.com',
- rejectUnauthorized: false
--}, {
-- port: undefined,
-- ca: [loadPEM('ca1-cert')],
-- servername: 'chain.example.com',
-- rejectUnauthorized: false
- }];
-
- const serverResults = [];
-@@ -80,7 +78,6 @@
-
- server.addContext('a.example.com', SNIContexts['a.example.com']);
- server.addContext('*.test.com', SNIContexts['asterisk.test.com']);
--server.addContext('chain.example.com', SNIContexts['chain.example.com']);
-
- server.listen(0, startTest);
-
-@@ -128,8 +126,7 @@
-
- process.on('exit', function() {
- assert.deepStrictEqual(serverResults, [
-- 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com',
-- 'chain.example.com'
-+ 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com'
- ]);
-- assert.deepStrictEqual(clientResults, [true, true, false, false, true]);
-+ assert.deepStrictEqual(clientResults, [true, true, false, false]);
- });
diff --git a/net-libs/nodejs/files/nodejs-8.1.1-libressl.patch b/net-libs/nodejs/files/nodejs-8.1.1-libressl.patch
deleted file mode 100644
index 31493be..0000000
--- a/net-libs/nodejs/files/nodejs-8.1.1-libressl.patch
+++ /dev/null
@@ -1,697 +0,0 @@
-diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js
---- node-v4.6.1.orig/lib/_tls_wrap.js 2017-04-12 12:40:43.517228944 -0700
-+++ node-v4.6.1/lib/_tls_wrap.js 2017-04-12 12:49:51.155877106 -0700
-@@ -165,30 +165,33 @@
- if (err)
- return self.destroy(err);
-
-- self._handle.endParser();
-- });
--}
--
--
--function oncertcb(info) {
-- var self = this;
-- var servername = info.servername;
--
-- loadSNI(self, servername, function(err, ctx) {
-- if (err)
-- return self.destroy(err);
-- requestOCSP(self, info, ctx, function(err) {
-+ // Servername came from SSL session
-+ // NOTE: TLS Session ticket doesn't include servername information
-+ //
-+ // Another note, From RFC3546:
-+ //
-+ // If, on the other hand, the older
-+ // session is resumed, then the server MUST ignore extensions appearing
-+ // in the client hello, and send a server hello containing no
-+ // extensions; in this case the extension functionality negotiated
-+ // during the original session initiation is applied to the resumed
-+ // session.
-+ //
-+ // Therefore we should account session loading when dealing with servername
-+ var servername = session && session.servername || hello.servername;
-+ loadSNI(self, servername, function(err, ctx) {
- if (err)
- return self.destroy(err);
-
-- if (!self._handle)
-- return self.destroy(new Error('Socket is closed'));
-+ requestOCSP(self, info, ctx, function(err) {
-+ if (err)
-+ return self.destroy(err);
-+
-+ if (!self._handle)
-+ return self.destroy(new Error('Socket is closed'));
-
-- try {
-- self._handle.certCbDone();
-- } catch (e) {
-- self.destroy(e);
-- }
-+ self._handle.endParser();
-+ });
- });
- });
- }
-@@ -410,18 +413,15 @@
- ssl.onhandshakestart = () => onhandshakestart.call(this);
- ssl.onhandshakedone = () => onhandshakedone.call(this);
- ssl.onclienthello = (hello) => onclienthello.call(this, hello);
-- ssl.oncertcb = (info) => oncertcb.call(this, info);
- ssl.onnewsession = (key, session) => onnewsession.call(this, key, session);
- ssl.lastHandshakeTime = 0;
- ssl.handshakes = 0;
-
-- if (this.server) {
-- if (this.server.listenerCount('resumeSession') > 0 ||
-- this.server.listenerCount('newSession') > 0) {
-- ssl.enableSessionCallbacks();
-- }
-- if (this.server.listenerCount('OCSPRequest') > 0)
-- ssl.enableCertCb();
-+ if (this.server &&
-+ (this.server.listenerCount('resumeSession') > 0 ||
-+ this.server.listenerCount('newSession') > 0 ||
-+ this.server.listenerCount('OCSPRequest') > 0)) {
-+ ssl.enableSessionCallbacks();
- }
- } else {
- ssl.onhandshakestart = function() {};
-@@ -463,7 +463,7 @@
- options.server._contexts.length)) {
- assert(typeof options.SNICallback === 'function');
- this._SNICallback = options.SNICallback;
-- ssl.enableCertCb();
-+ ssl.enableHelloParser();
- }
-
- if (process.features.tls_npn && options.NPNProtocols)
-diff -Naur node-v4.6.1.orig/src/env.h node-v4.6.1/src/env.h
---- node-v4.6.1.orig/src/env.h 2017-04-12 12:40:43.536229174 -0700
-+++ node-v4.6.1/src/env.h 2017-04-12 12:50:02.055009418 -0700
-@@ -57,7 +57,6 @@
- V(bytes_read_string, "bytesRead") \
- V(callback_string, "callback") \
- V(change_string, "change") \
-- V(oncertcb_string, "oncertcb") \
- V(onclose_string, "_onclose") \
- V(code_string, "code") \
- V(compare_string, "compare") \
-diff -Naur node-v4.6.1.orig/src/node.cc node-v4.6.1/src/node.cc
---- node-v4.6.1.orig/src/node.cc 2017-06-08 05:31:34.000000000 -0500
-+++ node-v4.6.1/src/node.cc 2017-06-30 10:26:59.945166636 -0500
-@@ -202,7 +202,7 @@
- false;
- #endif
-
--# if NODE_FIPS_MODE
-+# if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- // used by crypto module
- bool enable_fips_crypto = false;
- bool force_fips_crypto = false;
-@@ -3676,7 +3676,7 @@
- " (default)"
- #endif
- "\n"
--#if NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- " --enable-fips enable FIPS crypto at startup\n"
- " --force-fips force FIPS crypto (cannot be disabled)\n"
- #endif /* NODE_FIPS_MODE */
-@@ -3926,7 +3926,7 @@
- } else if (strncmp(arg, "--use-bundled-ca", 16) == 0) {
- use_bundled_ca = true;
- ssl_openssl_cert_store = false;
--#if NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- } else if (strcmp(arg, "--enable-fips") == 0) {
- enable_fips_crypto = true;
- } else if (strcmp(arg, "--force-fips") == 0) {
-@@ -4624,7 +4624,7 @@
- if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs))
- crypto::UseExtraCaCerts(extra_ca_certs);
- }
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- // In the case of FIPS builds we should make sure
- // the random source is properly initialized first.
- OPENSSL_init();
-diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
---- node-v4.6.1.orig/src/node_crypto.cc 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.cc 2017-04-12 12:52:59.371161636 -0700
-@@ -160,8 +160,6 @@
- #endif
-
- template void SSLWrap<TLSWrap>::DestroySSL();
--template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg);
--template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg);
-
-
- static void crypto_threadid_cb(CRYPTO_THREADID* tid) {
-@@ -525,8 +523,7 @@
- for (int i = 0; i < sk_X509_num(extra_certs); i++) {
- X509* ca = sk_X509_value(extra_certs, i);
-
-- // NOTE: Increments reference count on `ca`
-- r = SSL_CTX_add1_chain_cert(ctx, ca);
-+ r = SSL_CTX_add_extra_chain_cert(ctx, ca);
-
- if (!r) {
- ret = 0;
-@@ -717,7 +717,7 @@
- }
-
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)) || defined(LIBRESSL_VERSION_NUMBER)
- // This section contains OpenSSL 1.1.0 functions reimplemented for OpenSSL
- // 1.0.2 so that the following code can be written without lots of #if lines.
-
-@@ -725,11 +725,12 @@
- CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
- return 1;
- }
--
-+#if !defined(LIBRESSL_VERSION_NUMBER)
- static int X509_up_ref(X509* cert) {
- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
- return 1;
- }
-+#endif
- #endif // OPENSSL_VERSION_NUMBER < 0x10100000L && !OPENSSL_IS_BORINGSSL
-
-
-@@ -1194,7 +1194,7 @@
- SecureContext* wrap;
- ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
-
-- wrap->ctx_->freelist_max_len = args[0]->Int32Value();
-+ //wrap->ctx_->freelist_max_len = args[0]->Int32Value();
- #endif
- }
-
-@@ -1188,7 +1185,6 @@
- env->SetProtoMethod(t, "verifyError", VerifyError);
- env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher);
- env->SetProtoMethod(t, "endParser", EndParser);
-- env->SetProtoMethod(t, "certCbDone", CertCbDone);
- env->SetProtoMethod(t, "renegotiate", Renegotiate);
- env->SetProtoMethod(t, "shutdownSSL", Shutdown);
- env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket);
-@@ -2411,126 +2411,6 @@
-
-
- template <class Base>
--void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) {
-- cert_cb_ = cb;
-- cert_cb_arg_ = arg;
--}
--
--
--template <class Base>
--int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) {
-- Base* w = static_cast<Base*>(SSL_get_app_data(s));
--
-- if (!w->is_server())
-- return 1;
--
-- if (!w->is_waiting_cert_cb())
-- return 1;
--
-- if (w->cert_cb_running_)
-- return -1;
--
-- Environment* env = w->env();
-- HandleScope handle_scope(env->isolate());
-- Context::Scope context_scope(env->context());
-- w->cert_cb_running_ = true;
--
-- Local<Object> info = Object::New(env->isolate());
--
-- const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-- if (servername == nullptr) {
-- info->Set(env->servername_string(), String::Empty(env->isolate()));
-- } else {
-- Local<String> str = OneByteString(env->isolate(), servername,
-- strlen(servername));
-- info->Set(env->servername_string(), str);
-- }
--
-- bool ocsp = false;
--#ifdef NODE__HAVE_TLSEXT_STATUS_CB
-- ocsp = s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp;
--#endif
--
-- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp));
--
-- Local<Value> argv[] = { info };
-- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv);
--
-- if (!w->cert_cb_running_)
-- return 1;
--
-- // Performing async action, wait...
-- return -1;
--}
--
--
--template <class Base>
--void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) {
-- Base* w;
-- ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
-- Environment* env = w->env();
--
-- CHECK(w->is_waiting_cert_cb() && w->cert_cb_running_);
--
-- Local<Object> object = w->object();
-- Local<Value> ctx = object->Get(env->sni_context_string());
-- Local<FunctionTemplate> cons = env->secure_context_constructor_template();
--
-- // Not an object, probably undefined or null
-- if (!ctx->IsObject())
-- goto fire_cb;
--
-- if (cons->HasInstance(ctx)) {
-- SecureContext* sc;
-- ASSIGN_OR_RETURN_UNWRAP(&sc, ctx.As<Object>());
-- w->sni_context_.Reset();
-- w->sni_context_.Reset(env->isolate(), ctx);
--
-- int rv;
--
-- // NOTE: reference count is not increased by this API methods
-- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_);
-- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_);
-- STACK_OF(X509)* chain;
--
-- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain);
-- if (rv)
-- rv = SSL_use_certificate(w->ssl_, x509);
-- if (rv)
-- rv = SSL_use_PrivateKey(w->ssl_, pkey);
-- if (rv && chain != nullptr)
-- rv = SSL_set1_chain(w->ssl_, chain);
-- if (rv)
-- rv = w->SetCACerts(sc);
-- if (!rv) {
-- unsigned long err = ERR_get_error(); // NOLINT(runtime/int)
-- if (!err)
-- return env->ThrowError("CertCbDone");
-- return ThrowCryptoError(env, err);
-- }
-- } else {
-- // Failure: incorrect SNI context object
-- Local<Value> err = Exception::TypeError(env->sni_context_err_string());
-- w->MakeCallback(env->onerror_string(), 1, &err);
-- return;
-- }
--
-- fire_cb:
-- CertCb cb;
-- void* arg;
--
-- cb = w->cert_cb_;
-- arg = w->cert_cb_arg_;
--
-- w->cert_cb_running_ = false;
-- w->cert_cb_ = nullptr;
-- w->cert_cb_arg_ = nullptr;
--
-- cb(arg);
--}
--
--
--template <class Base>
- void SSLWrap<Base>::SSLGetter(Local<String> property,
- const PropertyCallbackInfo<Value>& info) {
- Base* base;
-@@ -2232,10 +2105,6 @@
-
- template <class Base>
- int SSLWrap<Base>::SetCACerts(SecureContext* sc) {
-- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_));
-- if (err != 1)
-- return err;
--
- STACK_OF(X509_NAME)* list = SSL_dup_CA_list(
- SSL_CTX_get_client_CA_list(sc->ctx_));
-
-@@ -2329,10 +2198,6 @@
- DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func);
- return 0;
-
-- } else if (err == SSL_ERROR_WANT_X509_LOOKUP) {
-- DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func);
-- return 0;
--
- } else if (err == SSL_ERROR_ZERO_RETURN) {
- HandleScope scope(ssl_env()->isolate());
-
-@@ -2875,7 +2755,8 @@
- SSL* ssl = static_cast<SSL*>(
- X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
-
-- if (SSL_is_server(ssl))
-+ //if (SSL_is_server(ssl))
-+ if(ssl->server)
- return CHECK_OK;
-
- // Client needs to check if the server cert is listed in the
-@@ -2540,7 +2405,7 @@
-
- // Call the SNI callback and use its return value as context
- if (!conn->sniObject_.IsEmpty()) {
-- conn->sni_context_.Reset();
-+ conn->sniContext_.Reset();
-
- Local<Object> sni_obj = PersistentToLocal(env->isolate(),
- conn->sniObject_);
-@@ -2918,7 +2799,7 @@
- Local<FunctionTemplate> secure_context_constructor_template =
- env->secure_context_constructor_template();
- if (secure_context_constructor_template->HasInstance(ret)) {
-- conn->sni_context_.Reset(env->isolate(), ret);
-+ conn->sniContext_.Reset(env->isolate(), ret);
- SecureContext* sc;
- ASSIGN_OR_RETURN_UNWRAP(&sc, ret.As<Object>(), SSL_TLSEXT_ERR_NOACK);
- conn->SetSNIContext(sc);
-@@ -2594,8 +2459,6 @@
-
- InitNPN(sc);
-
-- SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn);
--
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- if (is_server) {
- SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_);
-@@ -3335,7 +3335,7 @@
- int key_buf_len) {
- HandleScope scope(env()->isolate());
-
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- if (FIPS_mode()) {
- return env()->ThrowError(
- "crypto.createCipher() is not supported in FIPS mode.");
-@@ -4185,7 +4185,7 @@
- if (pkey == nullptr || 0 != ERR_peek_error())
- goto exit;
-
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- /* Validate DSA2 parameters from FIPS 186-4 */
- if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) {
- size_t L = BN_num_bits(pkey->pkey.dsa->p);
-@@ -6132,7 +6132,7 @@
- CRYPTO_set_locking_callback(crypto_lock_cb);
- CRYPTO_THREADID_set_callback(crypto_threadid_cb);
-
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- /* Override FIPS settings in cnf file, if needed. */
- unsigned long err = 0; // NOLINT(runtime/int)
- if (enable_fips_crypto || force_fips_crypto) {
-@@ -6201,16 +6201,20 @@
- #endif // !OPENSSL_NO_ENGINE
-
- void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- if (FIPS_mode()) {
- args.GetReturnValue().Set(1);
- } else {
- args.GetReturnValue().Set(0);
- }
-+#else
-+ args.GetReturnValue().Set(0);
-+#endif
- }
-
- void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
- Environment* env = Environment::GetCurrent(args);
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- bool mode = args[0]->BooleanValue();
- if (force_fips_crypto) {
- return env->ThrowError(
-diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
---- node-v4.6.1.orig/src/node_crypto.h 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.h 2017-04-12 12:55:08.867710808 -0700
-@@ -179,10 +179,7 @@
- kind_(kind),
- next_sess_(nullptr),
- session_callbacks_(false),
-- new_session_wait_(false),
-- cert_cb_(nullptr),
-- cert_cb_arg_(nullptr),
-- cert_cb_running_(false) {
-+ new_session_wait_(false) {
- ssl_ = SSL_new(sc->ctx_);
- env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
- CHECK_NE(ssl_, nullptr);
-@@ -200,9 +200,6 @@
- next_sess_ = nullptr;
- }
-
--#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-- sni_context_.Reset();
--#endif
-
- #ifdef NODE__HAVE_TLSEXT_STATUS_CB
- ocsp_response_.Reset();
-@@ -212,11 +206,8 @@
- inline bool is_server() const { return kind_ == kServer; }
- inline bool is_client() const { return kind_ == kClient; }
- inline bool is_waiting_new_session() const { return new_session_wait_; }
-- inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; }
-
- protected:
-- typedef void (*CertCb)(void* arg);
--
- // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
- // some for buffers.
- // NOTE: Actually it is much more than this
-@@ -244,7 +235,6 @@
- static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
-- static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args);
-@@ -273,12 +263,10 @@
- void* arg);
- #endif // OPENSSL_NPN_NEGOTIATED
- static int TLSExtStatusCallback(SSL* s, void* arg);
-- static int SSLCertCallback(SSL* s, void* arg);
- static void SSLGetter(v8::Local<v8::String> property,
- const v8::PropertyCallbackInfo<v8::Value>& info);
-
- void DestroySSL();
-- void WaitForCertCb(CertCb cb, void* arg);
- void SetSNIContext(SecureContext* sc);
- int SetCACerts(SecureContext* sc);
-
-@@ -293,11 +281,6 @@
- bool session_callbacks_;
- bool new_session_wait_;
-
-- // SSL_set_cert_cb
-- CertCb cert_cb_;
-- void* cert_cb_arg_;
-- bool cert_cb_running_;
--
- ClientHelloParser hello_parser_;
-
- #ifdef NODE__HAVE_TLSEXT_STATUS_CB
-@@ -309,10 +292,6 @@
- v8::Persistent<v8::Value> selected_npn_proto_;
- #endif // OPENSSL_NPN_NEGOTIATED
-
--#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-- v8::Persistent<v8::Value> sni_context_;
--#endif
--
- friend class SecureContext;
- };
-
-@@ -324,6 +303,7 @@
- ~Connection() override {
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- sniObject_.Reset();
-+ sniContext_.Reset();
- servername_.Reset();
- #endif
- }
-@@ -338,6 +318,7 @@
-
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- v8::Persistent<v8::Object> sniObject_;
-+ v8::Persistent<v8::Value> sniContext_;
- v8::Persistent<v8::String> servername_;
- #endif
-
-diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc
---- node-v4.6.1.orig/src/tls_wrap.cc 2017-04-12 12:40:43.557229429 -0700
-+++ node-v4.6.1/src/tls_wrap.cc 2017-04-12 13:36:49.323009154 -0700
-@@ -141,8 +141,6 @@
-
- InitNPN(sc_);
-
-- SSL_set_cert_cb(ssl_, SSLWrap<TLSWrap>::SSLCertCallback, this);
--
- if (is_server()) {
- SSL_set_accept_state(ssl_);
- } else if (is_client()) {
-@@ -353,7 +351,6 @@
- case SSL_ERROR_NONE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
-- case SSL_ERROR_WANT_X509_LOOKUP:
- break;
- case SSL_ERROR_ZERO_RETURN:
- return scope.Escape(env()->zero_return_string());
-@@ -769,6 +766,11 @@
- "EnableSessionCallbacks after destroySSL");
- }
- wrap->enable_session_callbacks();
-+ EnableHelloParser(args);
-+}
-+
-+void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) {
-+ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder());
- NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength);
- wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello,
- OnClientHelloParseEnd,
-@@ -833,13 +833,6 @@
- }
-
-
--void TLSWrap::EnableCertCb(const FunctionCallbackInfo<Value>& args) {
-- TLSWrap* wrap;
-- ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
-- wrap->WaitForCertCb(OnClientHelloParseEnd, wrap);
--}
--
--
- void TLSWrap::OnClientHelloParseEnd(void* arg) {
- TLSWrap* c = static_cast<TLSWrap*>(arg);
- c->Cycle();
-@@ -896,8 +892,8 @@
- env->SetProtoMethod(t, "start", Start);
- env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode);
- env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks);
-+ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser);
- env->SetProtoMethod(t, "destroySSL", DestroySSL);
-- env->SetProtoMethod(t, "enableCertCb", EnableCertCb);
-
- StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev);
- SSLWrap<TLSWrap>::AddMethods(env, t);
-diff -Naur node-v4.6.1.orig/src/tls_wrap.h node-v4.6.1/src/tls_wrap.h
---- node-v4.6.1.orig/src/tls_wrap.h 2017-04-12 12:40:43.558229441 -0700
-+++ node-v4.6.1/src/tls_wrap.h 2017-04-12 13:35:51.214213644 -0700
-@@ -132,7 +132,7 @@
- static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void EnableSessionCallbacks(
- const v8::FunctionCallbackInfo<v8::Value>& args);
-- static void EnableCertCb(
-+ static void EnableHelloParser(
- const v8::FunctionCallbackInfo<v8::Value>& args);
- static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args);
-
-@@ -160,6 +160,10 @@
- // If true - delivered EOF to the js-land, either after `close_notify`, or
- // after the `UV_EOF` on socket.
- bool eof_;
-+
-+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-+ v8::Persistent<v8::Value> sni_context_;
-+#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- };
-
- } // namespace node
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js
---- node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:40:43.865233168 -0700
-+++ node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:58:14.901936343 -0700
-@@ -53,7 +53,9 @@
- port: undefined,
- rejectUnauthorized: true
- },
-- errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
-+ // LibreSSL returns CERT_UNTRUSTED in this case, OpenSSL UNABLE_TO_GET_ISSUER_CERT_LOCALLY.
-+ errorCode: 'CERT_UNTRUSTED'
-+ // errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
- }
- ];
-
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js node-v4.6.1/test/parallel/test-tls-sni-server-client.js
---- node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js 2017-04-12 12:40:43.878233326 -0700
-+++ node-v4.6.1/test/parallel/test-tls-sni-server-client.js 2017-04-12 13:00:18.804418594 -0700
-@@ -56,39 +56,37 @@
- 'asterisk.test.com': {
- key: loadPEM('agent3-key'),
- cert: loadPEM('agent3-cert')
-- },
-- 'chain.example.com': {
-- key: loadPEM('agent6-key'),
-- // NOTE: Contains ca3 chain cert
-- cert: loadPEM('agent6-cert')
- }
- };
-
- const clientsOptions = [{
- port: undefined,
-+ key: loadPEM('agent1-key'),
-+ cert: loadPEM('agent1-cert'),
- ca: [loadPEM('ca1-cert')],
- servername: 'a.example.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent2-key'),
-+ cert: loadPEM('agent2-cert'),
- ca: [loadPEM('ca2-cert')],
- servername: 'b.test.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent2-key'),
-+ cert: loadPEM('agent2-cert'),
- ca: [loadPEM('ca2-cert')],
- servername: 'a.b.test.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent3-key'),
-+ cert: loadPEM('agent3-cert'),
- ca: [loadPEM('ca1-cert')],
- servername: 'c.wrong.com',
- rejectUnauthorized: false
--}, {
-- port: undefined,
-- ca: [loadPEM('ca1-cert')],
-- servername: 'chain.example.com',
-- rejectUnauthorized: false
- }];
-
- const serverResults = [];
-@@ -80,7 +78,6 @@
-
- server.addContext('a.example.com', SNIContexts['a.example.com']);
- server.addContext('*.test.com', SNIContexts['asterisk.test.com']);
--server.addContext('chain.example.com', SNIContexts['chain.example.com']);
-
- server.listen(0, startTest);
-
-@@ -128,8 +126,7 @@
-
- process.on('exit', function() {
- assert.deepStrictEqual(serverResults, [
-- 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com',
-- 'chain.example.com'
-+ 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com'
- ]);
-- assert.deepStrictEqual(clientResults, [true, true, false, false, true]);
-+ assert.deepStrictEqual(clientResults, [true, true, false, false]);
- });
diff --git a/net-libs/nodejs/metadata.xml b/net-libs/nodejs/metadata.xml
index 42430c7..aaaba18 100644
--- a/net-libs/nodejs/metadata.xml
+++ b/net-libs/nodejs/metadata.xml
@@ -2,19 +2,9 @@
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
- <email>bugs@bergstroem.nu</email>
- <name>Johan Bergstroem</name>
- </maintainer>
- <maintainer type="person">
- <email>patrick@gentoo.org</email>
- <name>Patrick Lauer</name>
- </maintainer>
- <maintainer type="project">
- <email>proxy-maint@gentoo.org</email>
- <name>Proxy Maintainers</name>
+ <email>jer@gentoo.org</email>
</maintainer>
<use>
- <flag name="bundled-ssl">Use bundled version of OpenSSL (hack)</flag>
<flag name="inspector">Enable V8 inspector</flag>
<flag name="npm">Enable NPM package manager</flag>
<flag name="snapshot">Enable snapshot creation for faster startup</flag>
diff --git a/net-libs/nodejs/nodejs-10.15.3.ebuild b/net-libs/nodejs/nodejs-10.15.3.ebuild
deleted file mode 100644
index 21bd6e0..0000000
--- a/net-libs/nodejs/nodejs-10.15.3.ebuild
+++ /dev/null
@@ -1,209 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="threads"
-
-inherit bash-completion-r1 eutils flag-o-matic pax-utils python-single-r1 toolchain-funcs
-
-DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine"
-HOMEPAGE="https://nodejs.org/"
-SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz"
-
-LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos"
-IUSE="bundled-ssl cpu_flags_x86_sse2 debug doc icu inspector libressl +npm +snapshot +ssl systemtap test"
-REQUIRED_USE="
- ${PYTHON_REQUIRED_USE}
- inspector? ( icu ssl )
- npm? ( ssl )
- libressl? ( bundled-ssl )
- bundled-ssl? ( ssl )
-"
-
-RDEPEND="
- >=dev-libs/libuv-1.23.2:=
- >=net-dns/c-ares-1.15.0
- >=net-libs/http-parser-2.9.0:=
- >=net-libs/nghttp2-1.34.0
- sys-libs/zlib
- icu? ( >=dev-libs/icu-62.1:= )
- ssl? (
- !bundled-ssl? ( =dev-libs/openssl-1.1.0*:0= )
- )
-"
-DEPEND="
- ${RDEPEND}
- ${PYTHON_DEPS}
- systemtap? ( dev-util/systemtap )
- test? ( net-misc/curl )
-"
-PATCHES=(
- "${FILESDIR}"/${PN}-10.3.0-global-npm-config.patch
-)
-S="${WORKDIR}/node-v${PV}"
-
-pkg_pretend() {
- (use x86 && ! use cpu_flags_x86_sse2) && \
- die "Your CPU doesn't support the required SSE2 instruction."
-
- ( [[ ${MERGE_TYPE} != "binary" ]] && ! test-flag-CXX -std=c++11 ) && \
- die "Your compiler doesn't support C++11. Use GCC 4.8, Clang 3.3 or newer."
-}
-
-src_prepare() {
- tc-export CC CXX PKG_CONFIG
- export V=1
- export BUILDTYPE=Release
-
- # fix compilation on Darwin
- # https://code.google.com/p/gyp/issues/detail?id=260
- sed -i -e "/append('-arch/d" tools/gyp/pylib/gyp/xcode_emulation.py || die
-
- # make sure we use python2.* while using gyp
- sed -i -e "s/python/${EPYTHON}/" deps/npm/node_modules/node-gyp/gyp/gyp || die
- sed -i -e "s/|| 'python2'/|| '${EPYTHON}'/" deps/npm/node_modules/node-gyp/lib/configure.js || die
-
- # less verbose install output (stating the same as portage, basically)
- sed -i -e "/print/d" tools/install.py || die
-
- # proper libdir, hat tip @ryanpcmcquen https://github.com/iojs/io.js/issues/504
- local LIBDIR=$(get_libdir)
- sed -i -e "s|lib/|${LIBDIR}/|g" tools/install.py || die
- sed -i -e "s/'lib'/'${LIBDIR}'/" deps/npm/lib/npm.js || die
-
- # Avoid writing a depfile, not useful
- sed -i -e "/DEPFLAGS =/d" tools/gyp/pylib/gyp/generator/make.py || die
-
- sed -i -e "/'-O3'/d" common.gypi deps/v8/gypfiles/toolchain.gypi || die
-
- # Avoid a test that I've only been able to reproduce from emerge. It doesnt
- # seem sandbox related either (invoking it from a sandbox works fine).
- # The issue is that no stdin handle is openened when asked for one.
- # It doesn't really belong upstream , so it'll just be removed until someone
- # with more gentoo-knowledge than me (jbergstroem) figures it out.
- rm test/parallel/test-stdout-close-unref.js || die
-
- # debug builds. change install path, remove optimisations and override buildtype
- if use debug; then
- sed -i -e "s|out/Release/|out/Debug/|g" tools/install.py || die
- BUILDTYPE=Debug
- fi
-
- default
-}
-
-src_configure() {
- local myconf=( --shared-cares --shared-http-parser --shared-libuv --shared-nghttp2 --shared-zlib )
- use debug && myconf+=( --debug )
- use icu && myconf+=( --with-intl=system-icu ) || myconf+=( --with-intl=none )
- use inspector || myconf+=( --without-inspector )
- use npm || myconf+=( --without-npm )
- use snapshot && myconf+=( --with-snapshot )
- use ssl && ( use bundled-ssl || myconf+=( --shared-openssl ) ) || myconf+=( --without-ssl )
-
- local myarch=""
- case ${ABI} in
- amd64) myarch="x64";;
- arm) myarch="arm";;
- arm64) myarch="arm64";;
- ppc64) myarch="ppc64";;
- x32) myarch="x32";;
- x86) myarch="ia32";;
- *) myarch="${ABI}";;
- esac
-
- GYP_DEFINES="linux_use_gold_flags=0
- linux_use_bundled_binutils=0
- linux_use_bundled_gold=0" \
- "${PYTHON}" configure \
- --prefix="${EPREFIX}"/usr \
- --dest-cpu=${myarch} \
- $(use_with systemtap dtrace) \
- "${myconf[@]}" || die
-}
-
-src_compile() {
- emake -C out mksnapshot
- pax-mark m "out/${BUILDTYPE}/mksnapshot"
- emake -C out
-}
-
-src_install() {
- local LIBDIR="${ED}/usr/$(get_libdir)"
- emake install DESTDIR="${D}"
- pax-mark -m "${ED}"usr/bin/node
-
- # set up a symlink structure that node-gyp expects..
- dodir /usr/include/node/deps/{v8,uv}
- dosym . /usr/include/node/src
- for var in deps/{uv,v8}/include; do
- dosym ../.. /usr/include/node/${var}
- done
-
- if use doc; then
- # Patch docs to make them offline readable
- for i in `grep -rl 'fonts.googleapis.com' "${S}"/out/doc/api/*`; do
- sed -i '/fonts.googleapis.com/ d' $i;
- done
- # Install docs
- docinto html
- dodoc -r "${S}"/doc/*
- fi
-
- if use npm; then
- dodir /etc/npm
-
- # Install bash completion for `npm`
- # We need to temporarily replace default config path since
- # npm otherwise tries to write outside of the sandbox
- local npm_config="usr/$(get_libdir)/node_modules/npm/lib/config/core.js"
- sed -i -e "s|'/etc'|'${ED}/etc'|g" "${ED}/${npm_config}" || die
- local tmp_npm_completion_file="$(emktemp)"
- "${ED}/usr/bin/npm" completion > "${tmp_npm_completion_file}"
- newbashcomp "${tmp_npm_completion_file}" npm
- sed -i -e "s|'${ED}/etc'|'/etc'|g" "${ED}/${npm_config}" || die
-
- # Move man pages
- doman "${LIBDIR}"/node_modules/npm/man/man{1,5,7}/*
-
- # Clean up
- rm "${LIBDIR}"/node_modules/npm/{.mailmap,.npmignore,Makefile} || die
- rm -rf "${LIBDIR}"/node_modules/npm/{doc,html,man} || die
-
- local find_exp="-or -name"
- local find_name=()
- for match in "AUTHORS*" "CHANGELOG*" "CONTRIBUT*" "README*" \
- ".travis.yml" ".eslint*" ".wercker.yml" ".npmignore" \
- "*.md" "*.markdown" "*.bat" "*.cmd"; do
- find_name+=( ${find_exp} "${match}" )
- done
-
- # Remove various development and/or inappropriate files and
- # useless docs of dependend packages.
- find "${LIBDIR}"/node_modules \
- \( -type d -name examples \) -or \( -type f \( \
- -iname "LICEN?E*" \
- "${find_name[@]}" \
- \) \) -exec rm -rf "{}" \;
- fi
-
- mv "${D}"/usr/share/doc/node "${D}"/usr/share/doc/${PF} || die
-}
-
-src_test() {
- out/${BUILDTYPE}/cctest || die
- "${PYTHON}" tools/test.py --mode=${BUILDTYPE,,} -J message parallel sequential || die
-}
-
-pkg_postinst() {
- einfo "The global npm config lives in /etc/npm. This deviates slightly"
- einfo "from upstream which otherwise would have it live in /usr/etc/."
- einfo ""
- einfo "Protip: When using node-gyp to install native modules, you can"
- einfo "avoid having to download extras by doing the following:"
- einfo "$ node-gyp --nodedir /usr/include/node <command>"
-}
diff --git a/net-libs/nodejs/nodejs-11.13.0.ebuild b/net-libs/nodejs/nodejs-11.13.0.ebuild
index 56b0eee..8d17fd1 100644
--- a/net-libs/nodejs/nodejs-11.13.0.ebuild
+++ b/net-libs/nodejs/nodejs-11.13.0.ebuild
@@ -15,13 +15,11 @@ SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz"
LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos"
-IUSE="bundled-ssl cpu_flags_x86_sse2 debug doc icu inspector libressl +npm +snapshot +ssl systemtap test"
+IUSE="cpu_flags_x86_sse2 debug doc icu inspector libressl +npm +snapshot +ssl systemtap test"
REQUIRED_USE="
${PYTHON_REQUIRED_USE}
inspector? ( icu ssl )
npm? ( ssl )
- libressl? ( bundled-ssl )
- bundled-ssl? ( ssl )
"
RDEPEND="
@@ -32,7 +30,8 @@ RDEPEND="
sys-libs/zlib
icu? ( >=dev-libs/icu-63.1:= )
ssl? (
- !bundled-ssl? ( =dev-libs/openssl-1.1.0*:0= )
+ !libressl? ( >=dev-libs/openssl-1.1.0:0= )
+ libressl? ( dev-libs/libressl:0= )
)
"
DEPEND="
@@ -106,8 +105,8 @@ src_configure() {
use icu && myconf+=( --with-intl=system-icu ) || myconf+=( --with-intl=none )
use inspector || myconf+=( --without-inspector )
use npm || myconf+=( --without-npm )
- use snapshot && myconf+=( --with-snapshot )
- use ssl && ( use bundled-ssl || myconf+=( --shared-openssl ) ) || myconf+=( --without-ssl )
+ use snapshot || myconf+=( --without-snapshot )
+ use ssl && myconf+=( --shared-openssl ) || myconf+=( --without-ssl )
local myarch=""
case ${ABI} in