diff options
Diffstat (limited to 'net-libs')
-rw-r--r-- | net-libs/nodejs/Manifest | 10 | ||||
-rw-r--r-- | net-libs/nodejs/files/gentoo-global-npm-config.patch | 40 | ||||
-rw-r--r-- | net-libs/nodejs/files/nodejs-4.6.1-libressl.patch | 587 | ||||
-rw-r--r-- | net-libs/nodejs/files/nodejs-8.1.0-libressl.patch | 697 | ||||
-rw-r--r-- | net-libs/nodejs/files/nodejs-8.1.1-libressl.patch | 697 | ||||
-rw-r--r-- | net-libs/nodejs/metadata.xml | 12 | ||||
-rw-r--r-- | net-libs/nodejs/nodejs-10.15.3.ebuild | 209 | ||||
-rw-r--r-- | net-libs/nodejs/nodejs-11.13.0.ebuild | 11 |
8 files changed, 8 insertions, 2255 deletions
diff --git a/net-libs/nodejs/Manifest b/net-libs/nodejs/Manifest index 4da3e0d..bc71a5d 100644 --- a/net-libs/nodejs/Manifest +++ b/net-libs/nodejs/Manifest @@ -1,11 +1,5 @@ -AUX gentoo-global-npm-config.patch 1511 BLAKE2B da2b127df9ac9babc87c1930272244e7f89ac1931543fa524e13fb3c53d2b5a9cbdf0d93dc0cae207822dee3c8f71e2a12fca3d608f6de8589ad2c0064f0855b SHA512 b6c8bf88bd44d5461cbad0354273a6f964429d1cde48ab4c8bef9f50452de22bfc5d15707c5c9adc2a0d8000a6b1be4cffdee039618b627fb0d291886309cc3f AUX nodejs-10.3.0-global-npm-config.patch 819 BLAKE2B 5e40738091bd1f3f18d4cfb2b3a0b94c87c2a570967aec9d418544c182f2e93f28d2dbe564980a975856ca31ab8c115b28fb9374701889cbebe3bba73d4ac83a SHA512 abe27eab0beb3444186fb3c4ce3c67fbc05b684a606f8f8bc4a5bae570fd8fd988f1ad5d65c442842fb6c7b069dc6e3f82577ba6becb1d934ae1039dac074e03 -AUX nodejs-4.6.1-libressl.patch 19943 BLAKE2B 41c343ee457d92b54ba1f1807f0a620c3f964b9778c63685537018484710f64ffa7e8e2217c34c96818aca6f0de22dc468c7d8953632253763141ca810e32de0 SHA512 ec370da5c8d16810f2f737d33e6e3379f26da0bd486c70c0c8bb39a5a8f1667ad8546d2c3229888974c4354658e0d93c67f9e0d5425a19b3575579a75a7e6323 -AUX nodejs-8.1.0-libressl.patch 23442 BLAKE2B d47cefae3ce20517a4cf82b5a25e7d4e46f3703f5206c2f3ce98bf0e8e1047b466e0293dfef33b09d28277e103f8d0194e0e4f384eda98e0c58d94e4c675bc59 SHA512 38e69db4d4611624e29855bff142dc39de0b3fef5e64bf3022154d696b04462da3c42ccc8b641d9cd001fd045525b2a7110188caf38ff623b5b99decb361d619 -AUX nodejs-8.1.1-libressl.patch 23442 BLAKE2B d47cefae3ce20517a4cf82b5a25e7d4e46f3703f5206c2f3ce98bf0e8e1047b466e0293dfef33b09d28277e103f8d0194e0e4f384eda98e0c58d94e4c675bc59 SHA512 38e69db4d4611624e29855bff142dc39de0b3fef5e64bf3022154d696b04462da3c42ccc8b641d9cd001fd045525b2a7110188caf38ff623b5b99decb361d619 AUX nodejs-99999999-llhttp.patch 506 BLAKE2B eea449910b97dfc320247f20bf20467f6c5bfe46f7acc95761270928b3413ffaa04ee948d8dece9a8ba47288804144c75ebda1009af17169b36bcd5b39aa0c33 SHA512 13cdbaf73696b4feef1fec48ac43f6a6d80f59096a81308c746655e2cffa0b0ef78850facff103f27062fd25192d8abd7bc200b36bd25df7bd4b800f80da0c5c -DIST node-v10.15.3.tar.xz 20262632 BLAKE2B d65d4e274fa829be5cda1970b0ebe7081e8476334cb825e5727324c3202bc015f4ba39589608284d0f8c0b722079c06d1587de5299a3c81ccb7b0eacbdaccf84 SHA512 cf741f733af7a7e1fbd37b0f98110078494b4771dbdfccacfda95a5ea4cda6cdcea4f8d31dddcf27477213614e4ab6cf7d1a1f900cb92936333730737ac4f9e8 DIST node-v11.13.0.tar.xz 22085284 BLAKE2B e771c6109b4ca60b3037ec6a4f8138af75b505f35584a239f30d2a349d6de68db2f2183b89a7d5a4bbe2aef1e29fbbea54bc93697362f56c12e2e0b54fcadcd3 SHA512 89411c9b9cbf1df09cbf2b5e3a910d7ef2e4046a27a5af858c53a20f51b9ab2f9aad4e4c7c41936520e1feed249118fc46e4e4458e7980a878f364082c24fd35 -EBUILD nodejs-10.15.3.ebuild 6558 BLAKE2B ae4666142a4281f8985ad07d96b9066a0a51fa5c1955293a790a6277541a4b05654615a7500ad20cd8fbc801153ebe3426ff417cffd63b6ca742826643eecb79 SHA512 39e9d8875ab498822401936d03d4390547cfe9a53a5b0105dbfaca18a2aa50c94ccbbd5d027e023eefae45d1d0b74ca63deca8f50eb03b72025f8591375e22b9 -EBUILD nodejs-11.13.0.ebuild 6602 BLAKE2B ae1306d725b81d785a298704979d84c60680f8c908de5ab11ef12a57674d62135d2d10b6d68892ba675e936970eaebabedac664c1b0af3d266c81c440254e308 SHA512 67294636de0c1c94e8f046292e529b58958509784bd7b09747f10b86c2bf048adac8fb2659630496d1ac3dcf2c5701f2d06ad63cd3beb6ed6a3721027522bc96 -MISC metadata.xml 806 BLAKE2B d922664ee6afa7000eb7b3dba6c0fc88e5b207173069fa382307c392ee7b9f5a8aea5f8c8eaf18089a35f6318aab0bb00b661983785196a69ac873373d6e4324 SHA512 50e98a83b630a141ce19f12841ee339c98013fafc5711f6b94ed4cdd8b3f0b6507faff25cf3d00c1e422bccacb30a0be62d24a0c38daf2dfa70622fef9212a20 +EBUILD nodejs-11.13.0.ebuild 6561 BLAKE2B 9daa044939fa0b97c1c03a643fde34659a463493c97fdc31b584fb5c849b1779c5e514d8ee98829b32d56b456a6100eaaa352ed3d3873511c65261fef61e5b3f SHA512 f5ad49024563586dfb933e814fdf25bdc28e9bd07a61a0ff4ca1d61fab883ec65daa976b97d70839922675cadea5a843b8629b11c3ec06634a3a236a97866aa7 +MISC metadata.xml 473 BLAKE2B c5c4f0ad6470bd70570d1f547d1355977be676a252416f3fe005733386fa84536aaac9b8e93fb70405fd76608ab2df281c586d80a2f9cc443acd5ca26dc8752a SHA512 f2911891d28329b3f6a21b56976f1507939bd51cb65581f73c2b5716c4610551cbc225450755be2e649e2070e1810ef41ca641d105155ceb1847e9a93ad2ee85 diff --git a/net-libs/nodejs/files/gentoo-global-npm-config.patch b/net-libs/nodejs/files/gentoo-global-npm-config.patch deleted file mode 100644 index e7346b8..0000000 --- a/net-libs/nodejs/files/gentoo-global-npm-config.patch +++ /dev/null @@ -1,40 +0,0 @@ -commit 46ac7cd4229eac5e0182ab62b7ed844c24a8c52e -Author: Johan Bergström <bugs@bergstroem.nu> -Date: Wed Feb 10 22:45:59 2016 +1100 - - npm: set global config folder to /etc/npm - - npm previously assumed that the global config path would be - based on $prefix/etc. Since gentoo installs nodejs into /usr, - this means we're also creating /usr/etc which is less desirable. - - This patch will likely never go upstream. - -diff --git a/deps/npm/lib/config/core.js b/deps/npm/lib/config/core.js -index d1306eb..bd2ef89 100644 ---- a/deps/npm/lib/config/core.js -+++ b/deps/npm/lib/config/core.js -@@ -150,16 +150,14 @@ function load_ (builtin, rc, cli, cb) { - // Eg, `npm config get globalconfig --prefix ~/local` should - // return `~/local/etc/npmrc` - // annoying humans and their expectations! -- if (conf.get('prefix')) { -- var etc = path.resolve(conf.get('prefix'), 'etc') -- mkdirp(etc, function () { -- defaults.globalconfig = path.resolve(etc, 'npmrc') -- defaults.globalignorefile = path.resolve(etc, 'npmignore') -- afterUserContinuation() -- }) -- } else { -+ -+ // gentoo deviates wrt global config; store in /etc/npm -+ var globalconfig = path.resolve('/etc', 'npm') -+ mkdirp(globalconfig, function () { -+ defaults.globalconfig = path.resolve(globalconfig, 'npmrc') -+ defaults.globalignorefile = path.resolve(globalconfig, 'npmignore') - afterUserContinuation() -- } -+ }) - } - - function afterUserContinuation () { diff --git a/net-libs/nodejs/files/nodejs-4.6.1-libressl.patch b/net-libs/nodejs/files/nodejs-4.6.1-libressl.patch deleted file mode 100644 index 6cdb715..0000000 --- a/net-libs/nodejs/files/nodejs-4.6.1-libressl.patch +++ /dev/null @@ -1,587 +0,0 @@ -diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js ---- node-v4.6.1.orig/lib/_tls_wrap.js 2017-04-12 12:40:43.517228944 -0700 -+++ node-v4.6.1/lib/_tls_wrap.js 2017-04-12 12:49:51.155877106 -0700 -@@ -165,30 +165,33 @@ - if (err) - return self.destroy(err); - -- self._handle.endParser(); -- }); --} -- -- --function oncertcb(info) { -- var self = this; -- var servername = info.servername; -- -- loadSNI(self, servername, function(err, ctx) { -- if (err) -- return self.destroy(err); -- requestOCSP(self, info, ctx, function(err) { -+ // Servername came from SSL session -+ // NOTE: TLS Session ticket doesn't include servername information -+ // -+ // Another note, From RFC3546: -+ // -+ // If, on the other hand, the older -+ // session is resumed, then the server MUST ignore extensions appearing -+ // in the client hello, and send a server hello containing no -+ // extensions; in this case the extension functionality negotiated -+ // during the original session initiation is applied to the resumed -+ // session. -+ // -+ // Therefore we should account session loading when dealing with servername -+ var servername = session && session.servername || hello.servername; -+ loadSNI(self, servername, function(err, ctx) { - if (err) - return self.destroy(err); - -- if (!self._handle) -- return self.destroy(new Error('Socket is closed')); -+ requestOCSP(self, info, ctx, function(err) { -+ if (err) -+ return self.destroy(err); -+ -+ if (!self._handle) -+ return self.destroy(new Error('Socket is closed')); - -- try { -- self._handle.certCbDone(); -- } catch (e) { -- self.destroy(e); -- } -+ self._handle.endParser(); -+ }); - }); - }); - } -@@ -410,18 +413,15 @@ - ssl.onhandshakestart = () => onhandshakestart.call(this); - ssl.onhandshakedone = () => onhandshakedone.call(this); - ssl.onclienthello = (hello) => onclienthello.call(this, hello); -- ssl.oncertcb = (info) => oncertcb.call(this, info); - ssl.onnewsession = (key, session) => onnewsession.call(this, key, session); - ssl.lastHandshakeTime = 0; - ssl.handshakes = 0; - -- if (this.server) { -- if (this.server.listenerCount('resumeSession') > 0 || -- this.server.listenerCount('newSession') > 0) { -- ssl.enableSessionCallbacks(); -- } -- if (this.server.listenerCount('OCSPRequest') > 0) -- ssl.enableCertCb(); -+ if (this.server && -+ (this.server.listenerCount('resumeSession') > 0 || -+ this.server.listenerCount('newSession') > 0 || -+ this.server.listenerCount('OCSPRequest') > 0)) { -+ ssl.enableSessionCallbacks(); - } - } else { - ssl.onhandshakestart = function() {}; -@@ -463,7 +463,7 @@ - options.server._contexts.length)) { - assert(typeof options.SNICallback === 'function'); - this._SNICallback = options.SNICallback; -- ssl.enableCertCb(); -+ ssl.enableHelloParser(); - } - - if (process.features.tls_npn && options.NPNProtocols) -diff -Naur node-v4.6.1.orig/src/env.h node-v4.6.1/src/env.h ---- node-v4.6.1.orig/src/env.h 2017-04-12 12:40:43.536229174 -0700 -+++ node-v4.6.1/src/env.h 2017-04-12 12:50:02.055009418 -0700 -@@ -57,7 +57,6 @@ - V(bytes_read_string, "bytesRead") \ - V(callback_string, "callback") \ - V(change_string, "change") \ -- V(oncertcb_string, "oncertcb") \ - V(onclose_string, "_onclose") \ - V(code_string, "code") \ - V(compare_string, "compare") \ -diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc ---- node-v4.6.1.orig/src/node_crypto.cc 2017-04-12 12:40:43.541229235 -0700 -+++ node-v4.6.1/src/node_crypto.cc 2017-04-12 12:52:59.371161636 -0700 -@@ -160,8 +160,6 @@ - #endif - - template void SSLWrap<TLSWrap>::DestroySSL(); --template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg); --template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg); - - - static void crypto_threadid_cb(CRYPTO_THREADID* tid) { -@@ -525,8 +523,7 @@ - for (int i = 0; i < sk_X509_num(extra_certs); i++) { - X509* ca = sk_X509_value(extra_certs, i); - -- // NOTE: Increments reference count on `ca` -- r = SSL_CTX_add1_chain_cert(ctx, ca); -+ r = SSL_CTX_add_extra_chain_cert(ctx, ca); - - if (!r) { - ret = 0; -@@ -1051,7 +1048,7 @@ - void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) { - SecureContext* wrap = Unwrap<SecureContext>(args.Holder()); - -- wrap->ctx_->freelist_max_len = args[0]->Int32Value(); -+ // wrap->ctx_->freelist_max_len = args[0]->Int32Value(); - } - - -@@ -1188,7 +1185,6 @@ - env->SetProtoMethod(t, "verifyError", VerifyError); - env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher); - env->SetProtoMethod(t, "endParser", EndParser); -- env->SetProtoMethod(t, "certCbDone", CertCbDone); - env->SetProtoMethod(t, "renegotiate", Renegotiate); - env->SetProtoMethod(t, "shutdownSSL", Shutdown); - env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket); -@@ -2079,129 +2075,6 @@ - - - template <class Base> --void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) { -- cert_cb_ = cb; -- cert_cb_arg_ = arg; --} -- -- --template <class Base> --int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) { -- Base* w = static_cast<Base*>(SSL_get_app_data(s)); -- -- if (!w->is_server()) -- return 1; -- -- if (!w->is_waiting_cert_cb()) -- return 1; -- -- if (w->cert_cb_running_) -- return -1; -- -- Environment* env = w->env(); -- HandleScope handle_scope(env->isolate()); -- Context::Scope context_scope(env->context()); -- w->cert_cb_running_ = true; -- -- Local<Object> info = Object::New(env->isolate()); -- -- SSL_SESSION* sess = SSL_get_session(s); -- if (sess != nullptr) { -- if (sess->tlsext_hostname == nullptr) { -- info->Set(env->servername_string(), String::Empty(env->isolate())); -- } else { -- Local<String> servername = OneByteString(env->isolate(), -- sess->tlsext_hostname, -- strlen(sess->tlsext_hostname)); -- info->Set(env->servername_string(), servername); -- } -- info->Set(env->tls_ticket_string(), -- Boolean::New(env->isolate(), sess->tlsext_ticklen != 0)); -- } -- -- bool ocsp = false; --#ifdef NODE__HAVE_TLSEXT_STATUS_CB -- ocsp = s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp; --#endif -- -- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp)); -- -- Local<Value> argv[] = { info }; -- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv); -- -- if (!w->cert_cb_running_) -- return 1; -- -- // Performing async action, wait... -- return -1; --} -- -- --template <class Base> --void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) { -- Base* w = Unwrap<Base>(args.Holder()); -- Environment* env = w->env(); -- -- CHECK(w->is_waiting_cert_cb() && w->cert_cb_running_); -- -- Local<Object> object = w->object(); -- Local<Value> ctx = object->Get(env->sni_context_string()); -- Local<FunctionTemplate> cons = env->secure_context_constructor_template(); -- -- // Not an object, probably undefined or null -- if (!ctx->IsObject()) -- goto fire_cb; -- -- if (cons->HasInstance(ctx)) { -- SecureContext* sc = Unwrap<SecureContext>(ctx.As<Object>()); -- w->sni_context_.Reset(); -- w->sni_context_.Reset(env->isolate(), ctx); -- -- int rv; -- -- // NOTE: reference count is not increased by this API methods -- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_); -- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_); -- STACK_OF(X509)* chain; -- -- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain); -- if (rv) -- rv = SSL_use_certificate(w->ssl_, x509); -- if (rv) -- rv = SSL_use_PrivateKey(w->ssl_, pkey); -- if (rv && chain != nullptr) -- rv = SSL_set1_chain(w->ssl_, chain); -- if (rv) -- rv = w->SetCACerts(sc); -- if (!rv) { -- unsigned long err = ERR_get_error(); // NOLINT(runtime/int) -- if (!err) -- return env->ThrowError("CertCbDone"); -- return ThrowCryptoError(env, err); -- } -- } else { -- // Failure: incorrect SNI context object -- Local<Value> err = Exception::TypeError(env->sni_context_err_string()); -- w->MakeCallback(env->onerror_string(), 1, &err); -- return; -- } -- -- fire_cb: -- CertCb cb; -- void* arg; -- -- cb = w->cert_cb_; -- arg = w->cert_cb_arg_; -- -- w->cert_cb_running_ = false; -- w->cert_cb_ = nullptr; -- w->cert_cb_arg_ = nullptr; -- -- cb(arg); --} -- -- --template <class Base> - void SSLWrap<Base>::SSLGetter(Local<String> property, - const PropertyCallbackInfo<Value>& info) { - SSL* ssl = Unwrap<Base>(info.This())->ssl_; -@@ -2232,10 +2105,6 @@ - - template <class Base> - int SSLWrap<Base>::SetCACerts(SecureContext* sc) { -- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_)); -- if (err != 1) -- return err; -- - STACK_OF(X509_NAME)* list = SSL_dup_CA_list( - SSL_CTX_get_client_CA_list(sc->ctx_)); - -@@ -2329,10 +2198,6 @@ - DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func); - return 0; - -- } else if (err == SSL_ERROR_WANT_X509_LOOKUP) { -- DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func); -- return 0; -- - } else if (err == SSL_ERROR_ZERO_RETURN) { - HandleScope scope(ssl_env()->isolate()); - -@@ -2513,7 +2378,7 @@ - SSL* ssl = static_cast<SSL*>( - X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); - -- if (SSL_is_server(ssl)) -+ if (ssl->server) - return 1; - - // Client needs to check if the server cert is listed in the -@@ -2540,7 +2405,7 @@ - - // Call the SNI callback and use its return value as context - if (!conn->sniObject_.IsEmpty()) { -- conn->sni_context_.Reset(); -+ conn->sniContext_.Reset(); - - Local<Object> sni_obj = PersistentToLocal(env->isolate(), - conn->sniObject_); -@@ -2556,7 +2421,7 @@ - Local<FunctionTemplate> secure_context_constructor_template = - env->secure_context_constructor_template(); - if (secure_context_constructor_template->HasInstance(ret)) { -- conn->sni_context_.Reset(env->isolate(), ret); -+ conn->sniContext_.Reset(env->isolate(), ret); - SecureContext* sc = Unwrap<SecureContext>(ret.As<Object>()); - conn->SetSNIContext(sc); - } else { -@@ -2594,8 +2459,6 @@ - - InitNPN(sc); - -- SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn); -- - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - if (is_server) { - SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_); -diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h ---- node-v4.6.1.orig/src/node_crypto.h 2017-04-12 12:40:43.541229235 -0700 -+++ node-v4.6.1/src/node_crypto.h 2017-04-12 12:55:08.867710808 -0700 -@@ -179,10 +179,7 @@ - kind_(kind), - next_sess_(nullptr), - session_callbacks_(false), -- new_session_wait_(false), -- cert_cb_(nullptr), -- cert_cb_arg_(nullptr), -- cert_cb_running_(false) { -+ new_session_wait_(false) { - ssl_ = SSL_new(sc->ctx_); - env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize); - CHECK_NE(ssl_, nullptr); -@@ -199,9 +196,6 @@ - npn_protos_.Reset(); - selected_npn_proto_.Reset(); - #endif --#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -- sni_context_.Reset(); --#endif - #ifdef NODE__HAVE_TLSEXT_STATUS_CB - ocsp_response_.Reset(); - #endif // NODE__HAVE_TLSEXT_STATUS_CB -@@ -212,11 +206,8 @@ - inline bool is_server() const { return kind_ == kServer; } - inline bool is_client() const { return kind_ == kClient; } - inline bool is_waiting_new_session() const { return new_session_wait_; } -- inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; } - - protected: -- typedef void (*CertCb)(void* arg); -- - // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and - // some for buffers. - // NOTE: Actually it is much more than this -@@ -244,7 +235,6 @@ - static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args); - static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args); -- static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args); - static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args); -@@ -273,12 +263,10 @@ - void* arg); - #endif // OPENSSL_NPN_NEGOTIATED - static int TLSExtStatusCallback(SSL* s, void* arg); -- static int SSLCertCallback(SSL* s, void* arg); - static void SSLGetter(v8::Local<v8::String> property, - const v8::PropertyCallbackInfo<v8::Value>& info); - - void DestroySSL(); -- void WaitForCertCb(CertCb cb, void* arg); - void SetSNIContext(SecureContext* sc); - int SetCACerts(SecureContext* sc); - -@@ -293,11 +281,6 @@ - bool session_callbacks_; - bool new_session_wait_; - -- // SSL_set_cert_cb -- CertCb cert_cb_; -- void* cert_cb_arg_; -- bool cert_cb_running_; -- - ClientHelloParser hello_parser_; - - #ifdef NODE__HAVE_TLSEXT_STATUS_CB -@@ -309,10 +292,6 @@ - v8::Persistent<v8::Value> selected_npn_proto_; - #endif // OPENSSL_NPN_NEGOTIATED - --#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -- v8::Persistent<v8::Value> sni_context_; --#endif -- - friend class SecureContext; - }; - -@@ -324,6 +303,7 @@ - ~Connection() override { - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - sniObject_.Reset(); -+ sniContext_.Reset(); - servername_.Reset(); - #endif - } -@@ -338,6 +318,7 @@ - - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - v8::Persistent<v8::Object> sniObject_; -+ v8::Persistent<v8::Value> sniContext_; - v8::Persistent<v8::String> servername_; - #endif - -diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc ---- node-v4.6.1.orig/src/tls_wrap.cc 2017-04-12 12:40:43.557229429 -0700 -+++ node-v4.6.1/src/tls_wrap.cc 2017-04-12 13:36:49.323009154 -0700 -@@ -141,8 +141,6 @@ - - InitNPN(sc_); - -- SSL_set_cert_cb(ssl_, SSLWrap<TLSWrap>::SSLCertCallback, this); -- - if (is_server()) { - SSL_set_accept_state(ssl_); - } else if (is_client()) { -@@ -353,7 +351,6 @@ - case SSL_ERROR_NONE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: -- case SSL_ERROR_WANT_X509_LOOKUP: - break; - case SSL_ERROR_ZERO_RETURN: - return scope.Escape(env()->zero_return_string()); -@@ -769,6 +766,11 @@ - "EnableSessionCallbacks after destroySSL"); - } - wrap->enable_session_callbacks(); -+ EnableHelloParser(args); -+} -+ -+void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) { -+ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder()); - NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength); - wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello, - OnClientHelloParseEnd, -@@ -793,12 +795,6 @@ - } - - --void TLSWrap::EnableCertCb(const FunctionCallbackInfo<Value>& args) { -- TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder()); -- wrap->WaitForCertCb(OnClientHelloParseEnd, wrap); --} -- -- - void TLSWrap::OnClientHelloParseEnd(void* arg) { - TLSWrap* c = static_cast<TLSWrap*>(arg); - c->Cycle(); -@@ -896,8 +892,8 @@ - env->SetProtoMethod(t, "start", Start); - env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode); - env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks); -+ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser); - env->SetProtoMethod(t, "destroySSL", DestroySSL); -- env->SetProtoMethod(t, "enableCertCb", EnableCertCb); - - StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev); - SSLWrap<TLSWrap>::AddMethods(env, t); -diff -Naur node-v4.6.1.orig/src/tls_wrap.h node-v4.6.1/src/tls_wrap.h ---- node-v4.6.1.orig/src/tls_wrap.h 2017-04-12 12:40:43.558229441 -0700 -+++ node-v4.6.1/src/tls_wrap.h 2017-04-12 13:35:51.214213644 -0700 -@@ -132,7 +132,7 @@ - static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EnableSessionCallbacks( - const v8::FunctionCallbackInfo<v8::Value>& args); -- static void EnableCertCb( -+ static void EnableHelloParser( - const v8::FunctionCallbackInfo<v8::Value>& args); - static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args); - -@@ -160,6 +160,10 @@ - // If true - delivered EOF to the js-land, either after `close_notify`, or - // after the `UV_EOF` on socket. - bool eof_; -+ -+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -+ v8::Persistent<v8::Value> sni_context_; -+#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - }; - - } // namespace node -diff -Naur node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js ---- node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:40:43.865233168 -0700 -+++ node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:58:14.901936343 -0700 -@@ -53,7 +53,9 @@ - port: undefined, - rejectUnauthorized: true - }, -- errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' -+ // LibreSSL returns CERT_UNTRUSTED in this case, OpenSSL UNABLE_TO_GET_ISSUER_CERT_LOCALLY. -+ errorCode: 'CERT_UNTRUSTED' -+ // errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' - } - ]; - -diff -Naur node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js node-v4.6.1/test/parallel/test-tls-sni-server-client.js ---- node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js 2017-04-12 12:40:43.878233326 -0700 -+++ node-v4.6.1/test/parallel/test-tls-sni-server-client.js 2017-04-12 13:00:18.804418594 -0700 -@@ -36,39 +36,37 @@ - 'asterisk.test.com': { - key: loadPEM('agent3-key'), - cert: loadPEM('agent3-cert') -- }, -- 'chain.example.com': { -- key: loadPEM('agent6-key'), -- // NOTE: Contains ca3 chain cert -- cert: loadPEM('agent6-cert') - } - }; - - var clientsOptions = [{ - port: undefined, -+ key: loadPEM('agent1-key'), -+ cert: loadPEM('agent1-cert'), - ca: [loadPEM('ca1-cert')], - servername: 'a.example.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent2-key'), -+ cert: loadPEM('agent2-cert'), - ca: [loadPEM('ca2-cert')], - servername: 'b.test.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent2-key'), -+ cert: loadPEM('agent2-cert'), - ca: [loadPEM('ca2-cert')], - servername: 'a.b.test.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent3-key'), -+ cert: loadPEM('agent3-cert'), - ca: [loadPEM('ca1-cert')], - servername: 'c.wrong.com', - rejectUnauthorized: false --}, { -- port: undefined, -- ca: [loadPEM('ca1-cert')], -- servername: 'chain.example.com', -- rejectUnauthorized: false - }]; - - const serverResults = []; -@@ -80,7 +78,6 @@ - - server.addContext('a.example.com', SNIContexts['a.example.com']); - server.addContext('*.test.com', SNIContexts['asterisk.test.com']); --server.addContext('chain.example.com', SNIContexts['chain.example.com']); - - server.listen(0, startTest); - -@@ -109,8 +106,7 @@ - - process.on('exit', function() { - assert.deepEqual(serverResults, [ -- 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com', -- 'chain.example.com' -+ 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com' - ]); -- assert.deepEqual(clientResults, [true, true, false, false, true]); -+ assert.deepEqual(clientResults, [true, true, false, false]); - }); diff --git a/net-libs/nodejs/files/nodejs-8.1.0-libressl.patch b/net-libs/nodejs/files/nodejs-8.1.0-libressl.patch deleted file mode 100644 index 31493be..0000000 --- a/net-libs/nodejs/files/nodejs-8.1.0-libressl.patch +++ /dev/null @@ -1,697 +0,0 @@ -diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js ---- node-v4.6.1.orig/lib/_tls_wrap.js 2017-04-12 12:40:43.517228944 -0700 -+++ node-v4.6.1/lib/_tls_wrap.js 2017-04-12 12:49:51.155877106 -0700 -@@ -165,30 +165,33 @@ - if (err) - return self.destroy(err); - -- self._handle.endParser(); -- }); --} -- -- --function oncertcb(info) { -- var self = this; -- var servername = info.servername; -- -- loadSNI(self, servername, function(err, ctx) { -- if (err) -- return self.destroy(err); -- requestOCSP(self, info, ctx, function(err) { -+ // Servername came from SSL session -+ // NOTE: TLS Session ticket doesn't include servername information -+ // -+ // Another note, From RFC3546: -+ // -+ // If, on the other hand, the older -+ // session is resumed, then the server MUST ignore extensions appearing -+ // in the client hello, and send a server hello containing no -+ // extensions; in this case the extension functionality negotiated -+ // during the original session initiation is applied to the resumed -+ // session. -+ // -+ // Therefore we should account session loading when dealing with servername -+ var servername = session && session.servername || hello.servername; -+ loadSNI(self, servername, function(err, ctx) { - if (err) - return self.destroy(err); - -- if (!self._handle) -- return self.destroy(new Error('Socket is closed')); -+ requestOCSP(self, info, ctx, function(err) { -+ if (err) -+ return self.destroy(err); -+ -+ if (!self._handle) -+ return self.destroy(new Error('Socket is closed')); - -- try { -- self._handle.certCbDone(); -- } catch (e) { -- self.destroy(e); -- } -+ self._handle.endParser(); -+ }); - }); - }); - } -@@ -410,18 +413,15 @@ - ssl.onhandshakestart = () => onhandshakestart.call(this); - ssl.onhandshakedone = () => onhandshakedone.call(this); - ssl.onclienthello = (hello) => onclienthello.call(this, hello); -- ssl.oncertcb = (info) => oncertcb.call(this, info); - ssl.onnewsession = (key, session) => onnewsession.call(this, key, session); - ssl.lastHandshakeTime = 0; - ssl.handshakes = 0; - -- if (this.server) { -- if (this.server.listenerCount('resumeSession') > 0 || -- this.server.listenerCount('newSession') > 0) { -- ssl.enableSessionCallbacks(); -- } -- if (this.server.listenerCount('OCSPRequest') > 0) -- ssl.enableCertCb(); -+ if (this.server && -+ (this.server.listenerCount('resumeSession') > 0 || -+ this.server.listenerCount('newSession') > 0 || -+ this.server.listenerCount('OCSPRequest') > 0)) { -+ ssl.enableSessionCallbacks(); - } - } else { - ssl.onhandshakestart = function() {}; -@@ -463,7 +463,7 @@ - options.server._contexts.length)) { - assert(typeof options.SNICallback === 'function'); - this._SNICallback = options.SNICallback; -- ssl.enableCertCb(); -+ ssl.enableHelloParser(); - } - - if (process.features.tls_npn && options.NPNProtocols) -diff -Naur node-v4.6.1.orig/src/env.h node-v4.6.1/src/env.h ---- node-v4.6.1.orig/src/env.h 2017-04-12 12:40:43.536229174 -0700 -+++ node-v4.6.1/src/env.h 2017-04-12 12:50:02.055009418 -0700 -@@ -57,7 +57,6 @@ - V(bytes_read_string, "bytesRead") \ - V(callback_string, "callback") \ - V(change_string, "change") \ -- V(oncertcb_string, "oncertcb") \ - V(onclose_string, "_onclose") \ - V(code_string, "code") \ - V(compare_string, "compare") \ -diff -Naur node-v4.6.1.orig/src/node.cc node-v4.6.1/src/node.cc ---- node-v4.6.1.orig/src/node.cc 2017-06-08 05:31:34.000000000 -0500 -+++ node-v4.6.1/src/node.cc 2017-06-30 10:26:59.945166636 -0500 -@@ -202,7 +202,7 @@ - false; - #endif - --# if NODE_FIPS_MODE -+# if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - // used by crypto module - bool enable_fips_crypto = false; - bool force_fips_crypto = false; -@@ -3676,7 +3676,7 @@ - " (default)" - #endif - "\n" --#if NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - " --enable-fips enable FIPS crypto at startup\n" - " --force-fips force FIPS crypto (cannot be disabled)\n" - #endif /* NODE_FIPS_MODE */ -@@ -3926,7 +3926,7 @@ - } else if (strncmp(arg, "--use-bundled-ca", 16) == 0) { - use_bundled_ca = true; - ssl_openssl_cert_store = false; --#if NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - } else if (strcmp(arg, "--enable-fips") == 0) { - enable_fips_crypto = true; - } else if (strcmp(arg, "--force-fips") == 0) { -@@ -4624,7 +4624,7 @@ - if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs)) - crypto::UseExtraCaCerts(extra_ca_certs); - } --#ifdef NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - // In the case of FIPS builds we should make sure - // the random source is properly initialized first. - OPENSSL_init(); -diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc ---- node-v4.6.1.orig/src/node_crypto.cc 2017-04-12 12:40:43.541229235 -0700 -+++ node-v4.6.1/src/node_crypto.cc 2017-04-12 12:52:59.371161636 -0700 -@@ -160,8 +160,6 @@ - #endif - - template void SSLWrap<TLSWrap>::DestroySSL(); --template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg); --template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg); - - - static void crypto_threadid_cb(CRYPTO_THREADID* tid) { -@@ -525,8 +523,7 @@ - for (int i = 0; i < sk_X509_num(extra_certs); i++) { - X509* ca = sk_X509_value(extra_certs, i); - -- // NOTE: Increments reference count on `ca` -- r = SSL_CTX_add1_chain_cert(ctx, ca); -+ r = SSL_CTX_add_extra_chain_cert(ctx, ca); - - if (!r) { - ret = 0; -@@ -717,7 +717,7 @@ - } - - --#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL) -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)) || defined(LIBRESSL_VERSION_NUMBER) - // This section contains OpenSSL 1.1.0 functions reimplemented for OpenSSL - // 1.0.2 so that the following code can be written without lots of #if lines. - -@@ -725,11 +725,12 @@ - CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); - return 1; - } -- -+#if !defined(LIBRESSL_VERSION_NUMBER) - static int X509_up_ref(X509* cert) { - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); - return 1; - } -+#endif - #endif // OPENSSL_VERSION_NUMBER < 0x10100000L && !OPENSSL_IS_BORINGSSL - - -@@ -1194,7 +1194,7 @@ - SecureContext* wrap; - ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); - -- wrap->ctx_->freelist_max_len = args[0]->Int32Value(); -+ //wrap->ctx_->freelist_max_len = args[0]->Int32Value(); - #endif - } - -@@ -1188,7 +1185,6 @@ - env->SetProtoMethod(t, "verifyError", VerifyError); - env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher); - env->SetProtoMethod(t, "endParser", EndParser); -- env->SetProtoMethod(t, "certCbDone", CertCbDone); - env->SetProtoMethod(t, "renegotiate", Renegotiate); - env->SetProtoMethod(t, "shutdownSSL", Shutdown); - env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket); -@@ -2411,126 +2411,6 @@ - - - template <class Base> --void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) { -- cert_cb_ = cb; -- cert_cb_arg_ = arg; --} -- -- --template <class Base> --int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) { -- Base* w = static_cast<Base*>(SSL_get_app_data(s)); -- -- if (!w->is_server()) -- return 1; -- -- if (!w->is_waiting_cert_cb()) -- return 1; -- -- if (w->cert_cb_running_) -- return -1; -- -- Environment* env = w->env(); -- HandleScope handle_scope(env->isolate()); -- Context::Scope context_scope(env->context()); -- w->cert_cb_running_ = true; -- -- Local<Object> info = Object::New(env->isolate()); -- -- const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); -- if (servername == nullptr) { -- info->Set(env->servername_string(), String::Empty(env->isolate())); -- } else { -- Local<String> str = OneByteString(env->isolate(), servername, -- strlen(servername)); -- info->Set(env->servername_string(), str); -- } -- -- bool ocsp = false; --#ifdef NODE__HAVE_TLSEXT_STATUS_CB -- ocsp = s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp; --#endif -- -- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp)); -- -- Local<Value> argv[] = { info }; -- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv); -- -- if (!w->cert_cb_running_) -- return 1; -- -- // Performing async action, wait... -- return -1; --} -- -- --template <class Base> --void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) { -- Base* w; -- ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); -- Environment* env = w->env(); -- -- CHECK(w->is_waiting_cert_cb() && w->cert_cb_running_); -- -- Local<Object> object = w->object(); -- Local<Value> ctx = object->Get(env->sni_context_string()); -- Local<FunctionTemplate> cons = env->secure_context_constructor_template(); -- -- // Not an object, probably undefined or null -- if (!ctx->IsObject()) -- goto fire_cb; -- -- if (cons->HasInstance(ctx)) { -- SecureContext* sc; -- ASSIGN_OR_RETURN_UNWRAP(&sc, ctx.As<Object>()); -- w->sni_context_.Reset(); -- w->sni_context_.Reset(env->isolate(), ctx); -- -- int rv; -- -- // NOTE: reference count is not increased by this API methods -- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_); -- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_); -- STACK_OF(X509)* chain; -- -- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain); -- if (rv) -- rv = SSL_use_certificate(w->ssl_, x509); -- if (rv) -- rv = SSL_use_PrivateKey(w->ssl_, pkey); -- if (rv && chain != nullptr) -- rv = SSL_set1_chain(w->ssl_, chain); -- if (rv) -- rv = w->SetCACerts(sc); -- if (!rv) { -- unsigned long err = ERR_get_error(); // NOLINT(runtime/int) -- if (!err) -- return env->ThrowError("CertCbDone"); -- return ThrowCryptoError(env, err); -- } -- } else { -- // Failure: incorrect SNI context object -- Local<Value> err = Exception::TypeError(env->sni_context_err_string()); -- w->MakeCallback(env->onerror_string(), 1, &err); -- return; -- } -- -- fire_cb: -- CertCb cb; -- void* arg; -- -- cb = w->cert_cb_; -- arg = w->cert_cb_arg_; -- -- w->cert_cb_running_ = false; -- w->cert_cb_ = nullptr; -- w->cert_cb_arg_ = nullptr; -- -- cb(arg); --} -- -- --template <class Base> - void SSLWrap<Base>::SSLGetter(Local<String> property, - const PropertyCallbackInfo<Value>& info) { - Base* base; -@@ -2232,10 +2105,6 @@ - - template <class Base> - int SSLWrap<Base>::SetCACerts(SecureContext* sc) { -- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_)); -- if (err != 1) -- return err; -- - STACK_OF(X509_NAME)* list = SSL_dup_CA_list( - SSL_CTX_get_client_CA_list(sc->ctx_)); - -@@ -2329,10 +2198,6 @@ - DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func); - return 0; - -- } else if (err == SSL_ERROR_WANT_X509_LOOKUP) { -- DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func); -- return 0; -- - } else if (err == SSL_ERROR_ZERO_RETURN) { - HandleScope scope(ssl_env()->isolate()); - -@@ -2875,7 +2755,8 @@ - SSL* ssl = static_cast<SSL*>( - X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); - -- if (SSL_is_server(ssl)) -+ //if (SSL_is_server(ssl)) -+ if(ssl->server) - return CHECK_OK; - - // Client needs to check if the server cert is listed in the -@@ -2540,7 +2405,7 @@ - - // Call the SNI callback and use its return value as context - if (!conn->sniObject_.IsEmpty()) { -- conn->sni_context_.Reset(); -+ conn->sniContext_.Reset(); - - Local<Object> sni_obj = PersistentToLocal(env->isolate(), - conn->sniObject_); -@@ -2918,7 +2799,7 @@ - Local<FunctionTemplate> secure_context_constructor_template = - env->secure_context_constructor_template(); - if (secure_context_constructor_template->HasInstance(ret)) { -- conn->sni_context_.Reset(env->isolate(), ret); -+ conn->sniContext_.Reset(env->isolate(), ret); - SecureContext* sc; - ASSIGN_OR_RETURN_UNWRAP(&sc, ret.As<Object>(), SSL_TLSEXT_ERR_NOACK); - conn->SetSNIContext(sc); -@@ -2594,8 +2459,6 @@ - - InitNPN(sc); - -- SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn); -- - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - if (is_server) { - SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_); -@@ -3335,7 +3335,7 @@ - int key_buf_len) { - HandleScope scope(env()->isolate()); - --#ifdef NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - if (FIPS_mode()) { - return env()->ThrowError( - "crypto.createCipher() is not supported in FIPS mode."); -@@ -4185,7 +4185,7 @@ - if (pkey == nullptr || 0 != ERR_peek_error()) - goto exit; - --#ifdef NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - /* Validate DSA2 parameters from FIPS 186-4 */ - if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) { - size_t L = BN_num_bits(pkey->pkey.dsa->p); -@@ -6132,7 +6132,7 @@ - CRYPTO_set_locking_callback(crypto_lock_cb); - CRYPTO_THREADID_set_callback(crypto_threadid_cb); - --#ifdef NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - /* Override FIPS settings in cnf file, if needed. */ - unsigned long err = 0; // NOLINT(runtime/int) - if (enable_fips_crypto || force_fips_crypto) { -@@ -6201,16 +6201,20 @@ - #endif // !OPENSSL_NO_ENGINE - - void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) { -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - if (FIPS_mode()) { - args.GetReturnValue().Set(1); - } else { - args.GetReturnValue().Set(0); - } -+#else -+ args.GetReturnValue().Set(0); -+#endif - } - - void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) { - Environment* env = Environment::GetCurrent(args); --#ifdef NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - bool mode = args[0]->BooleanValue(); - if (force_fips_crypto) { - return env->ThrowError( -diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h ---- node-v4.6.1.orig/src/node_crypto.h 2017-04-12 12:40:43.541229235 -0700 -+++ node-v4.6.1/src/node_crypto.h 2017-04-12 12:55:08.867710808 -0700 -@@ -179,10 +179,7 @@ - kind_(kind), - next_sess_(nullptr), - session_callbacks_(false), -- new_session_wait_(false), -- cert_cb_(nullptr), -- cert_cb_arg_(nullptr), -- cert_cb_running_(false) { -+ new_session_wait_(false) { - ssl_ = SSL_new(sc->ctx_); - env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize); - CHECK_NE(ssl_, nullptr); -@@ -200,9 +200,6 @@ - next_sess_ = nullptr; - } - --#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -- sni_context_.Reset(); --#endif - - #ifdef NODE__HAVE_TLSEXT_STATUS_CB - ocsp_response_.Reset(); -@@ -212,11 +206,8 @@ - inline bool is_server() const { return kind_ == kServer; } - inline bool is_client() const { return kind_ == kClient; } - inline bool is_waiting_new_session() const { return new_session_wait_; } -- inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; } - - protected: -- typedef void (*CertCb)(void* arg); -- - // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and - // some for buffers. - // NOTE: Actually it is much more than this -@@ -244,7 +235,6 @@ - static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args); - static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args); -- static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args); - static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args); -@@ -273,12 +263,10 @@ - void* arg); - #endif // OPENSSL_NPN_NEGOTIATED - static int TLSExtStatusCallback(SSL* s, void* arg); -- static int SSLCertCallback(SSL* s, void* arg); - static void SSLGetter(v8::Local<v8::String> property, - const v8::PropertyCallbackInfo<v8::Value>& info); - - void DestroySSL(); -- void WaitForCertCb(CertCb cb, void* arg); - void SetSNIContext(SecureContext* sc); - int SetCACerts(SecureContext* sc); - -@@ -293,11 +281,6 @@ - bool session_callbacks_; - bool new_session_wait_; - -- // SSL_set_cert_cb -- CertCb cert_cb_; -- void* cert_cb_arg_; -- bool cert_cb_running_; -- - ClientHelloParser hello_parser_; - - #ifdef NODE__HAVE_TLSEXT_STATUS_CB -@@ -309,10 +292,6 @@ - v8::Persistent<v8::Value> selected_npn_proto_; - #endif // OPENSSL_NPN_NEGOTIATED - --#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -- v8::Persistent<v8::Value> sni_context_; --#endif -- - friend class SecureContext; - }; - -@@ -324,6 +303,7 @@ - ~Connection() override { - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - sniObject_.Reset(); -+ sniContext_.Reset(); - servername_.Reset(); - #endif - } -@@ -338,6 +318,7 @@ - - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - v8::Persistent<v8::Object> sniObject_; -+ v8::Persistent<v8::Value> sniContext_; - v8::Persistent<v8::String> servername_; - #endif - -diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc ---- node-v4.6.1.orig/src/tls_wrap.cc 2017-04-12 12:40:43.557229429 -0700 -+++ node-v4.6.1/src/tls_wrap.cc 2017-04-12 13:36:49.323009154 -0700 -@@ -141,8 +141,6 @@ - - InitNPN(sc_); - -- SSL_set_cert_cb(ssl_, SSLWrap<TLSWrap>::SSLCertCallback, this); -- - if (is_server()) { - SSL_set_accept_state(ssl_); - } else if (is_client()) { -@@ -353,7 +351,6 @@ - case SSL_ERROR_NONE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: -- case SSL_ERROR_WANT_X509_LOOKUP: - break; - case SSL_ERROR_ZERO_RETURN: - return scope.Escape(env()->zero_return_string()); -@@ -769,6 +766,11 @@ - "EnableSessionCallbacks after destroySSL"); - } - wrap->enable_session_callbacks(); -+ EnableHelloParser(args); -+} -+ -+void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) { -+ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder()); - NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength); - wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello, - OnClientHelloParseEnd, -@@ -833,13 +833,6 @@ - } - - --void TLSWrap::EnableCertCb(const FunctionCallbackInfo<Value>& args) { -- TLSWrap* wrap; -- ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); -- wrap->WaitForCertCb(OnClientHelloParseEnd, wrap); --} -- -- - void TLSWrap::OnClientHelloParseEnd(void* arg) { - TLSWrap* c = static_cast<TLSWrap*>(arg); - c->Cycle(); -@@ -896,8 +892,8 @@ - env->SetProtoMethod(t, "start", Start); - env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode); - env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks); -+ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser); - env->SetProtoMethod(t, "destroySSL", DestroySSL); -- env->SetProtoMethod(t, "enableCertCb", EnableCertCb); - - StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev); - SSLWrap<TLSWrap>::AddMethods(env, t); -diff -Naur node-v4.6.1.orig/src/tls_wrap.h node-v4.6.1/src/tls_wrap.h ---- node-v4.6.1.orig/src/tls_wrap.h 2017-04-12 12:40:43.558229441 -0700 -+++ node-v4.6.1/src/tls_wrap.h 2017-04-12 13:35:51.214213644 -0700 -@@ -132,7 +132,7 @@ - static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EnableSessionCallbacks( - const v8::FunctionCallbackInfo<v8::Value>& args); -- static void EnableCertCb( -+ static void EnableHelloParser( - const v8::FunctionCallbackInfo<v8::Value>& args); - static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args); - -@@ -160,6 +160,10 @@ - // If true - delivered EOF to the js-land, either after `close_notify`, or - // after the `UV_EOF` on socket. - bool eof_; -+ -+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -+ v8::Persistent<v8::Value> sni_context_; -+#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - }; - - } // namespace node -diff -Naur node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js ---- node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:40:43.865233168 -0700 -+++ node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:58:14.901936343 -0700 -@@ -53,7 +53,9 @@ - port: undefined, - rejectUnauthorized: true - }, -- errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' -+ // LibreSSL returns CERT_UNTRUSTED in this case, OpenSSL UNABLE_TO_GET_ISSUER_CERT_LOCALLY. -+ errorCode: 'CERT_UNTRUSTED' -+ // errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' - } - ]; - -diff -Naur node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js node-v4.6.1/test/parallel/test-tls-sni-server-client.js ---- node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js 2017-04-12 12:40:43.878233326 -0700 -+++ node-v4.6.1/test/parallel/test-tls-sni-server-client.js 2017-04-12 13:00:18.804418594 -0700 -@@ -56,39 +56,37 @@ - 'asterisk.test.com': { - key: loadPEM('agent3-key'), - cert: loadPEM('agent3-cert') -- }, -- 'chain.example.com': { -- key: loadPEM('agent6-key'), -- // NOTE: Contains ca3 chain cert -- cert: loadPEM('agent6-cert') - } - }; - - const clientsOptions = [{ - port: undefined, -+ key: loadPEM('agent1-key'), -+ cert: loadPEM('agent1-cert'), - ca: [loadPEM('ca1-cert')], - servername: 'a.example.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent2-key'), -+ cert: loadPEM('agent2-cert'), - ca: [loadPEM('ca2-cert')], - servername: 'b.test.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent2-key'), -+ cert: loadPEM('agent2-cert'), - ca: [loadPEM('ca2-cert')], - servername: 'a.b.test.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent3-key'), -+ cert: loadPEM('agent3-cert'), - ca: [loadPEM('ca1-cert')], - servername: 'c.wrong.com', - rejectUnauthorized: false --}, { -- port: undefined, -- ca: [loadPEM('ca1-cert')], -- servername: 'chain.example.com', -- rejectUnauthorized: false - }]; - - const serverResults = []; -@@ -80,7 +78,6 @@ - - server.addContext('a.example.com', SNIContexts['a.example.com']); - server.addContext('*.test.com', SNIContexts['asterisk.test.com']); --server.addContext('chain.example.com', SNIContexts['chain.example.com']); - - server.listen(0, startTest); - -@@ -128,8 +126,7 @@ - - process.on('exit', function() { - assert.deepStrictEqual(serverResults, [ -- 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com', -- 'chain.example.com' -+ 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com' - ]); -- assert.deepStrictEqual(clientResults, [true, true, false, false, true]); -+ assert.deepStrictEqual(clientResults, [true, true, false, false]); - }); diff --git a/net-libs/nodejs/files/nodejs-8.1.1-libressl.patch b/net-libs/nodejs/files/nodejs-8.1.1-libressl.patch deleted file mode 100644 index 31493be..0000000 --- a/net-libs/nodejs/files/nodejs-8.1.1-libressl.patch +++ /dev/null @@ -1,697 +0,0 @@ -diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js ---- node-v4.6.1.orig/lib/_tls_wrap.js 2017-04-12 12:40:43.517228944 -0700 -+++ node-v4.6.1/lib/_tls_wrap.js 2017-04-12 12:49:51.155877106 -0700 -@@ -165,30 +165,33 @@ - if (err) - return self.destroy(err); - -- self._handle.endParser(); -- }); --} -- -- --function oncertcb(info) { -- var self = this; -- var servername = info.servername; -- -- loadSNI(self, servername, function(err, ctx) { -- if (err) -- return self.destroy(err); -- requestOCSP(self, info, ctx, function(err) { -+ // Servername came from SSL session -+ // NOTE: TLS Session ticket doesn't include servername information -+ // -+ // Another note, From RFC3546: -+ // -+ // If, on the other hand, the older -+ // session is resumed, then the server MUST ignore extensions appearing -+ // in the client hello, and send a server hello containing no -+ // extensions; in this case the extension functionality negotiated -+ // during the original session initiation is applied to the resumed -+ // session. -+ // -+ // Therefore we should account session loading when dealing with servername -+ var servername = session && session.servername || hello.servername; -+ loadSNI(self, servername, function(err, ctx) { - if (err) - return self.destroy(err); - -- if (!self._handle) -- return self.destroy(new Error('Socket is closed')); -+ requestOCSP(self, info, ctx, function(err) { -+ if (err) -+ return self.destroy(err); -+ -+ if (!self._handle) -+ return self.destroy(new Error('Socket is closed')); - -- try { -- self._handle.certCbDone(); -- } catch (e) { -- self.destroy(e); -- } -+ self._handle.endParser(); -+ }); - }); - }); - } -@@ -410,18 +413,15 @@ - ssl.onhandshakestart = () => onhandshakestart.call(this); - ssl.onhandshakedone = () => onhandshakedone.call(this); - ssl.onclienthello = (hello) => onclienthello.call(this, hello); -- ssl.oncertcb = (info) => oncertcb.call(this, info); - ssl.onnewsession = (key, session) => onnewsession.call(this, key, session); - ssl.lastHandshakeTime = 0; - ssl.handshakes = 0; - -- if (this.server) { -- if (this.server.listenerCount('resumeSession') > 0 || -- this.server.listenerCount('newSession') > 0) { -- ssl.enableSessionCallbacks(); -- } -- if (this.server.listenerCount('OCSPRequest') > 0) -- ssl.enableCertCb(); -+ if (this.server && -+ (this.server.listenerCount('resumeSession') > 0 || -+ this.server.listenerCount('newSession') > 0 || -+ this.server.listenerCount('OCSPRequest') > 0)) { -+ ssl.enableSessionCallbacks(); - } - } else { - ssl.onhandshakestart = function() {}; -@@ -463,7 +463,7 @@ - options.server._contexts.length)) { - assert(typeof options.SNICallback === 'function'); - this._SNICallback = options.SNICallback; -- ssl.enableCertCb(); -+ ssl.enableHelloParser(); - } - - if (process.features.tls_npn && options.NPNProtocols) -diff -Naur node-v4.6.1.orig/src/env.h node-v4.6.1/src/env.h ---- node-v4.6.1.orig/src/env.h 2017-04-12 12:40:43.536229174 -0700 -+++ node-v4.6.1/src/env.h 2017-04-12 12:50:02.055009418 -0700 -@@ -57,7 +57,6 @@ - V(bytes_read_string, "bytesRead") \ - V(callback_string, "callback") \ - V(change_string, "change") \ -- V(oncertcb_string, "oncertcb") \ - V(onclose_string, "_onclose") \ - V(code_string, "code") \ - V(compare_string, "compare") \ -diff -Naur node-v4.6.1.orig/src/node.cc node-v4.6.1/src/node.cc ---- node-v4.6.1.orig/src/node.cc 2017-06-08 05:31:34.000000000 -0500 -+++ node-v4.6.1/src/node.cc 2017-06-30 10:26:59.945166636 -0500 -@@ -202,7 +202,7 @@ - false; - #endif - --# if NODE_FIPS_MODE -+# if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - // used by crypto module - bool enable_fips_crypto = false; - bool force_fips_crypto = false; -@@ -3676,7 +3676,7 @@ - " (default)" - #endif - "\n" --#if NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - " --enable-fips enable FIPS crypto at startup\n" - " --force-fips force FIPS crypto (cannot be disabled)\n" - #endif /* NODE_FIPS_MODE */ -@@ -3926,7 +3926,7 @@ - } else if (strncmp(arg, "--use-bundled-ca", 16) == 0) { - use_bundled_ca = true; - ssl_openssl_cert_store = false; --#if NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - } else if (strcmp(arg, "--enable-fips") == 0) { - enable_fips_crypto = true; - } else if (strcmp(arg, "--force-fips") == 0) { -@@ -4624,7 +4624,7 @@ - if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs)) - crypto::UseExtraCaCerts(extra_ca_certs); - } --#ifdef NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - // In the case of FIPS builds we should make sure - // the random source is properly initialized first. - OPENSSL_init(); -diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc ---- node-v4.6.1.orig/src/node_crypto.cc 2017-04-12 12:40:43.541229235 -0700 -+++ node-v4.6.1/src/node_crypto.cc 2017-04-12 12:52:59.371161636 -0700 -@@ -160,8 +160,6 @@ - #endif - - template void SSLWrap<TLSWrap>::DestroySSL(); --template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg); --template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg); - - - static void crypto_threadid_cb(CRYPTO_THREADID* tid) { -@@ -525,8 +523,7 @@ - for (int i = 0; i < sk_X509_num(extra_certs); i++) { - X509* ca = sk_X509_value(extra_certs, i); - -- // NOTE: Increments reference count on `ca` -- r = SSL_CTX_add1_chain_cert(ctx, ca); -+ r = SSL_CTX_add_extra_chain_cert(ctx, ca); - - if (!r) { - ret = 0; -@@ -717,7 +717,7 @@ - } - - --#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL) -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)) || defined(LIBRESSL_VERSION_NUMBER) - // This section contains OpenSSL 1.1.0 functions reimplemented for OpenSSL - // 1.0.2 so that the following code can be written without lots of #if lines. - -@@ -725,11 +725,12 @@ - CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); - return 1; - } -- -+#if !defined(LIBRESSL_VERSION_NUMBER) - static int X509_up_ref(X509* cert) { - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); - return 1; - } -+#endif - #endif // OPENSSL_VERSION_NUMBER < 0x10100000L && !OPENSSL_IS_BORINGSSL - - -@@ -1194,7 +1194,7 @@ - SecureContext* wrap; - ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); - -- wrap->ctx_->freelist_max_len = args[0]->Int32Value(); -+ //wrap->ctx_->freelist_max_len = args[0]->Int32Value(); - #endif - } - -@@ -1188,7 +1185,6 @@ - env->SetProtoMethod(t, "verifyError", VerifyError); - env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher); - env->SetProtoMethod(t, "endParser", EndParser); -- env->SetProtoMethod(t, "certCbDone", CertCbDone); - env->SetProtoMethod(t, "renegotiate", Renegotiate); - env->SetProtoMethod(t, "shutdownSSL", Shutdown); - env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket); -@@ -2411,126 +2411,6 @@ - - - template <class Base> --void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) { -- cert_cb_ = cb; -- cert_cb_arg_ = arg; --} -- -- --template <class Base> --int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) { -- Base* w = static_cast<Base*>(SSL_get_app_data(s)); -- -- if (!w->is_server()) -- return 1; -- -- if (!w->is_waiting_cert_cb()) -- return 1; -- -- if (w->cert_cb_running_) -- return -1; -- -- Environment* env = w->env(); -- HandleScope handle_scope(env->isolate()); -- Context::Scope context_scope(env->context()); -- w->cert_cb_running_ = true; -- -- Local<Object> info = Object::New(env->isolate()); -- -- const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); -- if (servername == nullptr) { -- info->Set(env->servername_string(), String::Empty(env->isolate())); -- } else { -- Local<String> str = OneByteString(env->isolate(), servername, -- strlen(servername)); -- info->Set(env->servername_string(), str); -- } -- -- bool ocsp = false; --#ifdef NODE__HAVE_TLSEXT_STATUS_CB -- ocsp = s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp; --#endif -- -- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp)); -- -- Local<Value> argv[] = { info }; -- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv); -- -- if (!w->cert_cb_running_) -- return 1; -- -- // Performing async action, wait... -- return -1; --} -- -- --template <class Base> --void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) { -- Base* w; -- ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); -- Environment* env = w->env(); -- -- CHECK(w->is_waiting_cert_cb() && w->cert_cb_running_); -- -- Local<Object> object = w->object(); -- Local<Value> ctx = object->Get(env->sni_context_string()); -- Local<FunctionTemplate> cons = env->secure_context_constructor_template(); -- -- // Not an object, probably undefined or null -- if (!ctx->IsObject()) -- goto fire_cb; -- -- if (cons->HasInstance(ctx)) { -- SecureContext* sc; -- ASSIGN_OR_RETURN_UNWRAP(&sc, ctx.As<Object>()); -- w->sni_context_.Reset(); -- w->sni_context_.Reset(env->isolate(), ctx); -- -- int rv; -- -- // NOTE: reference count is not increased by this API methods -- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_); -- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_); -- STACK_OF(X509)* chain; -- -- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain); -- if (rv) -- rv = SSL_use_certificate(w->ssl_, x509); -- if (rv) -- rv = SSL_use_PrivateKey(w->ssl_, pkey); -- if (rv && chain != nullptr) -- rv = SSL_set1_chain(w->ssl_, chain); -- if (rv) -- rv = w->SetCACerts(sc); -- if (!rv) { -- unsigned long err = ERR_get_error(); // NOLINT(runtime/int) -- if (!err) -- return env->ThrowError("CertCbDone"); -- return ThrowCryptoError(env, err); -- } -- } else { -- // Failure: incorrect SNI context object -- Local<Value> err = Exception::TypeError(env->sni_context_err_string()); -- w->MakeCallback(env->onerror_string(), 1, &err); -- return; -- } -- -- fire_cb: -- CertCb cb; -- void* arg; -- -- cb = w->cert_cb_; -- arg = w->cert_cb_arg_; -- -- w->cert_cb_running_ = false; -- w->cert_cb_ = nullptr; -- w->cert_cb_arg_ = nullptr; -- -- cb(arg); --} -- -- --template <class Base> - void SSLWrap<Base>::SSLGetter(Local<String> property, - const PropertyCallbackInfo<Value>& info) { - Base* base; -@@ -2232,10 +2105,6 @@ - - template <class Base> - int SSLWrap<Base>::SetCACerts(SecureContext* sc) { -- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_)); -- if (err != 1) -- return err; -- - STACK_OF(X509_NAME)* list = SSL_dup_CA_list( - SSL_CTX_get_client_CA_list(sc->ctx_)); - -@@ -2329,10 +2198,6 @@ - DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func); - return 0; - -- } else if (err == SSL_ERROR_WANT_X509_LOOKUP) { -- DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func); -- return 0; -- - } else if (err == SSL_ERROR_ZERO_RETURN) { - HandleScope scope(ssl_env()->isolate()); - -@@ -2875,7 +2755,8 @@ - SSL* ssl = static_cast<SSL*>( - X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); - -- if (SSL_is_server(ssl)) -+ //if (SSL_is_server(ssl)) -+ if(ssl->server) - return CHECK_OK; - - // Client needs to check if the server cert is listed in the -@@ -2540,7 +2405,7 @@ - - // Call the SNI callback and use its return value as context - if (!conn->sniObject_.IsEmpty()) { -- conn->sni_context_.Reset(); -+ conn->sniContext_.Reset(); - - Local<Object> sni_obj = PersistentToLocal(env->isolate(), - conn->sniObject_); -@@ -2918,7 +2799,7 @@ - Local<FunctionTemplate> secure_context_constructor_template = - env->secure_context_constructor_template(); - if (secure_context_constructor_template->HasInstance(ret)) { -- conn->sni_context_.Reset(env->isolate(), ret); -+ conn->sniContext_.Reset(env->isolate(), ret); - SecureContext* sc; - ASSIGN_OR_RETURN_UNWRAP(&sc, ret.As<Object>(), SSL_TLSEXT_ERR_NOACK); - conn->SetSNIContext(sc); -@@ -2594,8 +2459,6 @@ - - InitNPN(sc); - -- SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn); -- - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - if (is_server) { - SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_); -@@ -3335,7 +3335,7 @@ - int key_buf_len) { - HandleScope scope(env()->isolate()); - --#ifdef NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - if (FIPS_mode()) { - return env()->ThrowError( - "crypto.createCipher() is not supported in FIPS mode."); -@@ -4185,7 +4185,7 @@ - if (pkey == nullptr || 0 != ERR_peek_error()) - goto exit; - --#ifdef NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - /* Validate DSA2 parameters from FIPS 186-4 */ - if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) { - size_t L = BN_num_bits(pkey->pkey.dsa->p); -@@ -6132,7 +6132,7 @@ - CRYPTO_set_locking_callback(crypto_lock_cb); - CRYPTO_THREADID_set_callback(crypto_threadid_cb); - --#ifdef NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - /* Override FIPS settings in cnf file, if needed. */ - unsigned long err = 0; // NOLINT(runtime/int) - if (enable_fips_crypto || force_fips_crypto) { -@@ -6201,16 +6201,20 @@ - #endif // !OPENSSL_NO_ENGINE - - void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) { -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - if (FIPS_mode()) { - args.GetReturnValue().Set(1); - } else { - args.GetReturnValue().Set(0); - } -+#else -+ args.GetReturnValue().Set(0); -+#endif - } - - void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) { - Environment* env = Environment::GetCurrent(args); --#ifdef NODE_FIPS_MODE -+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER) - bool mode = args[0]->BooleanValue(); - if (force_fips_crypto) { - return env->ThrowError( -diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h ---- node-v4.6.1.orig/src/node_crypto.h 2017-04-12 12:40:43.541229235 -0700 -+++ node-v4.6.1/src/node_crypto.h 2017-04-12 12:55:08.867710808 -0700 -@@ -179,10 +179,7 @@ - kind_(kind), - next_sess_(nullptr), - session_callbacks_(false), -- new_session_wait_(false), -- cert_cb_(nullptr), -- cert_cb_arg_(nullptr), -- cert_cb_running_(false) { -+ new_session_wait_(false) { - ssl_ = SSL_new(sc->ctx_); - env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize); - CHECK_NE(ssl_, nullptr); -@@ -200,9 +200,6 @@ - next_sess_ = nullptr; - } - --#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -- sni_context_.Reset(); --#endif - - #ifdef NODE__HAVE_TLSEXT_STATUS_CB - ocsp_response_.Reset(); -@@ -212,11 +206,8 @@ - inline bool is_server() const { return kind_ == kServer; } - inline bool is_client() const { return kind_ == kClient; } - inline bool is_waiting_new_session() const { return new_session_wait_; } -- inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; } - - protected: -- typedef void (*CertCb)(void* arg); -- - // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and - // some for buffers. - // NOTE: Actually it is much more than this -@@ -244,7 +235,6 @@ - static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args); - static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args); -- static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args); - static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args); -@@ -273,12 +263,10 @@ - void* arg); - #endif // OPENSSL_NPN_NEGOTIATED - static int TLSExtStatusCallback(SSL* s, void* arg); -- static int SSLCertCallback(SSL* s, void* arg); - static void SSLGetter(v8::Local<v8::String> property, - const v8::PropertyCallbackInfo<v8::Value>& info); - - void DestroySSL(); -- void WaitForCertCb(CertCb cb, void* arg); - void SetSNIContext(SecureContext* sc); - int SetCACerts(SecureContext* sc); - -@@ -293,11 +281,6 @@ - bool session_callbacks_; - bool new_session_wait_; - -- // SSL_set_cert_cb -- CertCb cert_cb_; -- void* cert_cb_arg_; -- bool cert_cb_running_; -- - ClientHelloParser hello_parser_; - - #ifdef NODE__HAVE_TLSEXT_STATUS_CB -@@ -309,10 +292,6 @@ - v8::Persistent<v8::Value> selected_npn_proto_; - #endif // OPENSSL_NPN_NEGOTIATED - --#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -- v8::Persistent<v8::Value> sni_context_; --#endif -- - friend class SecureContext; - }; - -@@ -324,6 +303,7 @@ - ~Connection() override { - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - sniObject_.Reset(); -+ sniContext_.Reset(); - servername_.Reset(); - #endif - } -@@ -338,6 +318,7 @@ - - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - v8::Persistent<v8::Object> sniObject_; -+ v8::Persistent<v8::Value> sniContext_; - v8::Persistent<v8::String> servername_; - #endif - -diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc ---- node-v4.6.1.orig/src/tls_wrap.cc 2017-04-12 12:40:43.557229429 -0700 -+++ node-v4.6.1/src/tls_wrap.cc 2017-04-12 13:36:49.323009154 -0700 -@@ -141,8 +141,6 @@ - - InitNPN(sc_); - -- SSL_set_cert_cb(ssl_, SSLWrap<TLSWrap>::SSLCertCallback, this); -- - if (is_server()) { - SSL_set_accept_state(ssl_); - } else if (is_client()) { -@@ -353,7 +351,6 @@ - case SSL_ERROR_NONE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: -- case SSL_ERROR_WANT_X509_LOOKUP: - break; - case SSL_ERROR_ZERO_RETURN: - return scope.Escape(env()->zero_return_string()); -@@ -769,6 +766,11 @@ - "EnableSessionCallbacks after destroySSL"); - } - wrap->enable_session_callbacks(); -+ EnableHelloParser(args); -+} -+ -+void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) { -+ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder()); - NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength); - wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello, - OnClientHelloParseEnd, -@@ -833,13 +833,6 @@ - } - - --void TLSWrap::EnableCertCb(const FunctionCallbackInfo<Value>& args) { -- TLSWrap* wrap; -- ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); -- wrap->WaitForCertCb(OnClientHelloParseEnd, wrap); --} -- -- - void TLSWrap::OnClientHelloParseEnd(void* arg) { - TLSWrap* c = static_cast<TLSWrap*>(arg); - c->Cycle(); -@@ -896,8 +892,8 @@ - env->SetProtoMethod(t, "start", Start); - env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode); - env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks); -+ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser); - env->SetProtoMethod(t, "destroySSL", DestroySSL); -- env->SetProtoMethod(t, "enableCertCb", EnableCertCb); - - StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev); - SSLWrap<TLSWrap>::AddMethods(env, t); -diff -Naur node-v4.6.1.orig/src/tls_wrap.h node-v4.6.1/src/tls_wrap.h ---- node-v4.6.1.orig/src/tls_wrap.h 2017-04-12 12:40:43.558229441 -0700 -+++ node-v4.6.1/src/tls_wrap.h 2017-04-12 13:35:51.214213644 -0700 -@@ -132,7 +132,7 @@ - static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EnableSessionCallbacks( - const v8::FunctionCallbackInfo<v8::Value>& args); -- static void EnableCertCb( -+ static void EnableHelloParser( - const v8::FunctionCallbackInfo<v8::Value>& args); - static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args); - -@@ -160,6 +160,10 @@ - // If true - delivered EOF to the js-land, either after `close_notify`, or - // after the `UV_EOF` on socket. - bool eof_; -+ -+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -+ v8::Persistent<v8::Value> sni_context_; -+#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - }; - - } // namespace node -diff -Naur node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js ---- node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:40:43.865233168 -0700 -+++ node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:58:14.901936343 -0700 -@@ -53,7 +53,9 @@ - port: undefined, - rejectUnauthorized: true - }, -- errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' -+ // LibreSSL returns CERT_UNTRUSTED in this case, OpenSSL UNABLE_TO_GET_ISSUER_CERT_LOCALLY. -+ errorCode: 'CERT_UNTRUSTED' -+ // errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' - } - ]; - -diff -Naur node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js node-v4.6.1/test/parallel/test-tls-sni-server-client.js ---- node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js 2017-04-12 12:40:43.878233326 -0700 -+++ node-v4.6.1/test/parallel/test-tls-sni-server-client.js 2017-04-12 13:00:18.804418594 -0700 -@@ -56,39 +56,37 @@ - 'asterisk.test.com': { - key: loadPEM('agent3-key'), - cert: loadPEM('agent3-cert') -- }, -- 'chain.example.com': { -- key: loadPEM('agent6-key'), -- // NOTE: Contains ca3 chain cert -- cert: loadPEM('agent6-cert') - } - }; - - const clientsOptions = [{ - port: undefined, -+ key: loadPEM('agent1-key'), -+ cert: loadPEM('agent1-cert'), - ca: [loadPEM('ca1-cert')], - servername: 'a.example.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent2-key'), -+ cert: loadPEM('agent2-cert'), - ca: [loadPEM('ca2-cert')], - servername: 'b.test.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent2-key'), -+ cert: loadPEM('agent2-cert'), - ca: [loadPEM('ca2-cert')], - servername: 'a.b.test.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent3-key'), -+ cert: loadPEM('agent3-cert'), - ca: [loadPEM('ca1-cert')], - servername: 'c.wrong.com', - rejectUnauthorized: false --}, { -- port: undefined, -- ca: [loadPEM('ca1-cert')], -- servername: 'chain.example.com', -- rejectUnauthorized: false - }]; - - const serverResults = []; -@@ -80,7 +78,6 @@ - - server.addContext('a.example.com', SNIContexts['a.example.com']); - server.addContext('*.test.com', SNIContexts['asterisk.test.com']); --server.addContext('chain.example.com', SNIContexts['chain.example.com']); - - server.listen(0, startTest); - -@@ -128,8 +126,7 @@ - - process.on('exit', function() { - assert.deepStrictEqual(serverResults, [ -- 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com', -- 'chain.example.com' -+ 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com' - ]); -- assert.deepStrictEqual(clientResults, [true, true, false, false, true]); -+ assert.deepStrictEqual(clientResults, [true, true, false, false]); - }); diff --git a/net-libs/nodejs/metadata.xml b/net-libs/nodejs/metadata.xml index 42430c7..aaaba18 100644 --- a/net-libs/nodejs/metadata.xml +++ b/net-libs/nodejs/metadata.xml @@ -2,19 +2,9 @@ <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <maintainer type="person"> - <email>bugs@bergstroem.nu</email> - <name>Johan Bergstroem</name> - </maintainer> - <maintainer type="person"> - <email>patrick@gentoo.org</email> - <name>Patrick Lauer</name> - </maintainer> - <maintainer type="project"> - <email>proxy-maint@gentoo.org</email> - <name>Proxy Maintainers</name> + <email>jer@gentoo.org</email> </maintainer> <use> - <flag name="bundled-ssl">Use bundled version of OpenSSL (hack)</flag> <flag name="inspector">Enable V8 inspector</flag> <flag name="npm">Enable NPM package manager</flag> <flag name="snapshot">Enable snapshot creation for faster startup</flag> diff --git a/net-libs/nodejs/nodejs-10.15.3.ebuild b/net-libs/nodejs/nodejs-10.15.3.ebuild deleted file mode 100644 index 21bd6e0..0000000 --- a/net-libs/nodejs/nodejs-10.15.3.ebuild +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -PYTHON_COMPAT=( python2_7 ) -PYTHON_REQ_USE="threads" - -inherit bash-completion-r1 eutils flag-o-matic pax-utils python-single-r1 toolchain-funcs - -DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine" -HOMEPAGE="https://nodejs.org/" -SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz" - -LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos" -IUSE="bundled-ssl cpu_flags_x86_sse2 debug doc icu inspector libressl +npm +snapshot +ssl systemtap test" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - inspector? ( icu ssl ) - npm? ( ssl ) - libressl? ( bundled-ssl ) - bundled-ssl? ( ssl ) -" - -RDEPEND=" - >=dev-libs/libuv-1.23.2:= - >=net-dns/c-ares-1.15.0 - >=net-libs/http-parser-2.9.0:= - >=net-libs/nghttp2-1.34.0 - sys-libs/zlib - icu? ( >=dev-libs/icu-62.1:= ) - ssl? ( - !bundled-ssl? ( =dev-libs/openssl-1.1.0*:0= ) - ) -" -DEPEND=" - ${RDEPEND} - ${PYTHON_DEPS} - systemtap? ( dev-util/systemtap ) - test? ( net-misc/curl ) -" -PATCHES=( - "${FILESDIR}"/${PN}-10.3.0-global-npm-config.patch -) -S="${WORKDIR}/node-v${PV}" - -pkg_pretend() { - (use x86 && ! use cpu_flags_x86_sse2) && \ - die "Your CPU doesn't support the required SSE2 instruction." - - ( [[ ${MERGE_TYPE} != "binary" ]] && ! test-flag-CXX -std=c++11 ) && \ - die "Your compiler doesn't support C++11. Use GCC 4.8, Clang 3.3 or newer." -} - -src_prepare() { - tc-export CC CXX PKG_CONFIG - export V=1 - export BUILDTYPE=Release - - # fix compilation on Darwin - # https://code.google.com/p/gyp/issues/detail?id=260 - sed -i -e "/append('-arch/d" tools/gyp/pylib/gyp/xcode_emulation.py || die - - # make sure we use python2.* while using gyp - sed -i -e "s/python/${EPYTHON}/" deps/npm/node_modules/node-gyp/gyp/gyp || die - sed -i -e "s/|| 'python2'/|| '${EPYTHON}'/" deps/npm/node_modules/node-gyp/lib/configure.js || die - - # less verbose install output (stating the same as portage, basically) - sed -i -e "/print/d" tools/install.py || die - - # proper libdir, hat tip @ryanpcmcquen https://github.com/iojs/io.js/issues/504 - local LIBDIR=$(get_libdir) - sed -i -e "s|lib/|${LIBDIR}/|g" tools/install.py || die - sed -i -e "s/'lib'/'${LIBDIR}'/" deps/npm/lib/npm.js || die - - # Avoid writing a depfile, not useful - sed -i -e "/DEPFLAGS =/d" tools/gyp/pylib/gyp/generator/make.py || die - - sed -i -e "/'-O3'/d" common.gypi deps/v8/gypfiles/toolchain.gypi || die - - # Avoid a test that I've only been able to reproduce from emerge. It doesnt - # seem sandbox related either (invoking it from a sandbox works fine). - # The issue is that no stdin handle is openened when asked for one. - # It doesn't really belong upstream , so it'll just be removed until someone - # with more gentoo-knowledge than me (jbergstroem) figures it out. - rm test/parallel/test-stdout-close-unref.js || die - - # debug builds. change install path, remove optimisations and override buildtype - if use debug; then - sed -i -e "s|out/Release/|out/Debug/|g" tools/install.py || die - BUILDTYPE=Debug - fi - - default -} - -src_configure() { - local myconf=( --shared-cares --shared-http-parser --shared-libuv --shared-nghttp2 --shared-zlib ) - use debug && myconf+=( --debug ) - use icu && myconf+=( --with-intl=system-icu ) || myconf+=( --with-intl=none ) - use inspector || myconf+=( --without-inspector ) - use npm || myconf+=( --without-npm ) - use snapshot && myconf+=( --with-snapshot ) - use ssl && ( use bundled-ssl || myconf+=( --shared-openssl ) ) || myconf+=( --without-ssl ) - - local myarch="" - case ${ABI} in - amd64) myarch="x64";; - arm) myarch="arm";; - arm64) myarch="arm64";; - ppc64) myarch="ppc64";; - x32) myarch="x32";; - x86) myarch="ia32";; - *) myarch="${ABI}";; - esac - - GYP_DEFINES="linux_use_gold_flags=0 - linux_use_bundled_binutils=0 - linux_use_bundled_gold=0" \ - "${PYTHON}" configure \ - --prefix="${EPREFIX}"/usr \ - --dest-cpu=${myarch} \ - $(use_with systemtap dtrace) \ - "${myconf[@]}" || die -} - -src_compile() { - emake -C out mksnapshot - pax-mark m "out/${BUILDTYPE}/mksnapshot" - emake -C out -} - -src_install() { - local LIBDIR="${ED}/usr/$(get_libdir)" - emake install DESTDIR="${D}" - pax-mark -m "${ED}"usr/bin/node - - # set up a symlink structure that node-gyp expects.. - dodir /usr/include/node/deps/{v8,uv} - dosym . /usr/include/node/src - for var in deps/{uv,v8}/include; do - dosym ../.. /usr/include/node/${var} - done - - if use doc; then - # Patch docs to make them offline readable - for i in `grep -rl 'fonts.googleapis.com' "${S}"/out/doc/api/*`; do - sed -i '/fonts.googleapis.com/ d' $i; - done - # Install docs - docinto html - dodoc -r "${S}"/doc/* - fi - - if use npm; then - dodir /etc/npm - - # Install bash completion for `npm` - # We need to temporarily replace default config path since - # npm otherwise tries to write outside of the sandbox - local npm_config="usr/$(get_libdir)/node_modules/npm/lib/config/core.js" - sed -i -e "s|'/etc'|'${ED}/etc'|g" "${ED}/${npm_config}" || die - local tmp_npm_completion_file="$(emktemp)" - "${ED}/usr/bin/npm" completion > "${tmp_npm_completion_file}" - newbashcomp "${tmp_npm_completion_file}" npm - sed -i -e "s|'${ED}/etc'|'/etc'|g" "${ED}/${npm_config}" || die - - # Move man pages - doman "${LIBDIR}"/node_modules/npm/man/man{1,5,7}/* - - # Clean up - rm "${LIBDIR}"/node_modules/npm/{.mailmap,.npmignore,Makefile} || die - rm -rf "${LIBDIR}"/node_modules/npm/{doc,html,man} || die - - local find_exp="-or -name" - local find_name=() - for match in "AUTHORS*" "CHANGELOG*" "CONTRIBUT*" "README*" \ - ".travis.yml" ".eslint*" ".wercker.yml" ".npmignore" \ - "*.md" "*.markdown" "*.bat" "*.cmd"; do - find_name+=( ${find_exp} "${match}" ) - done - - # Remove various development and/or inappropriate files and - # useless docs of dependend packages. - find "${LIBDIR}"/node_modules \ - \( -type d -name examples \) -or \( -type f \( \ - -iname "LICEN?E*" \ - "${find_name[@]}" \ - \) \) -exec rm -rf "{}" \; - fi - - mv "${D}"/usr/share/doc/node "${D}"/usr/share/doc/${PF} || die -} - -src_test() { - out/${BUILDTYPE}/cctest || die - "${PYTHON}" tools/test.py --mode=${BUILDTYPE,,} -J message parallel sequential || die -} - -pkg_postinst() { - einfo "The global npm config lives in /etc/npm. This deviates slightly" - einfo "from upstream which otherwise would have it live in /usr/etc/." - einfo "" - einfo "Protip: When using node-gyp to install native modules, you can" - einfo "avoid having to download extras by doing the following:" - einfo "$ node-gyp --nodedir /usr/include/node <command>" -} diff --git a/net-libs/nodejs/nodejs-11.13.0.ebuild b/net-libs/nodejs/nodejs-11.13.0.ebuild index 56b0eee..8d17fd1 100644 --- a/net-libs/nodejs/nodejs-11.13.0.ebuild +++ b/net-libs/nodejs/nodejs-11.13.0.ebuild @@ -15,13 +15,11 @@ SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz" LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" SLOT="0" KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos" -IUSE="bundled-ssl cpu_flags_x86_sse2 debug doc icu inspector libressl +npm +snapshot +ssl systemtap test" +IUSE="cpu_flags_x86_sse2 debug doc icu inspector libressl +npm +snapshot +ssl systemtap test" REQUIRED_USE=" ${PYTHON_REQUIRED_USE} inspector? ( icu ssl ) npm? ( ssl ) - libressl? ( bundled-ssl ) - bundled-ssl? ( ssl ) " RDEPEND=" @@ -32,7 +30,8 @@ RDEPEND=" sys-libs/zlib icu? ( >=dev-libs/icu-63.1:= ) ssl? ( - !bundled-ssl? ( =dev-libs/openssl-1.1.0*:0= ) + !libressl? ( >=dev-libs/openssl-1.1.0:0= ) + libressl? ( dev-libs/libressl:0= ) ) " DEPEND=" @@ -106,8 +105,8 @@ src_configure() { use icu && myconf+=( --with-intl=system-icu ) || myconf+=( --with-intl=none ) use inspector || myconf+=( --without-inspector ) use npm || myconf+=( --without-npm ) - use snapshot && myconf+=( --with-snapshot ) - use ssl && ( use bundled-ssl || myconf+=( --shared-openssl ) ) || myconf+=( --without-ssl ) + use snapshot || myconf+=( --without-snapshot ) + use ssl && myconf+=( --shared-openssl ) || myconf+=( --without-ssl ) local myarch="" case ${ABI} in |