Update to 6.11.0

This commit is contained in:
Zuzana Svetlikova 2017-06-09 16:46:25 +02:00
commit 648f5bae12
4 changed files with 13 additions and 99 deletions

1
.gitignore vendored
View File

@ -67,3 +67,4 @@
/node-v6.10.1-stripped.tar.gz /node-v6.10.1-stripped.tar.gz
/node-v6.10.2-stripped.tar.gz /node-v6.10.2-stripped.tar.gz
/node-v6.10.3-stripped.tar.gz /node-v6.10.3-stripped.tar.gz
/node-v6.11.0-stripped.tar.gz

View File

@ -1,84 +0,0 @@
From f1a0660b9186c3f4d55d7c07219126e199c787f9 Mon Sep 17 00:00:00 2001
From: Adam Majer <amajer@suse.de>
Date: Wed, 21 Dec 2016 11:16:38 +0100
Subject: [PATCH 3/4] crypto: Use system CAs instead of using bundled ones
NodeJS can already use an external, shared OpenSSL library. This
library knows where to look for OS managed certificates. Allow
a compile-time option to use this CA store by default instead of
using bundled certificates.
In case when using bundled OpenSSL, the paths are also valid for
majority of Linux systems without additional intervention. If
this is not set, we can use SSL_CERT_DIR to point it to correct
location.
Fixes: https://github.com/nodejs/node/issues/3159
PR-URL: https://github.com/nodejs/node/pull/8334
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
---
configure | 7 +++++++
src/node_crypto.cc | 4 ++++
2 files changed, 11 insertions(+)
diff --git a/configure b/configure
index 821b8771bc8909d8453bc31e3c8d8dc65368c0e4..e64bad9a030693b726e0974f48aefa6e1ad87723 100755
--- a/configure
+++ b/configure
@@ -142,10 +142,15 @@ parser.add_option("--openssl-no-asm",
parser.add_option('--openssl-fips',
action='store',
dest='openssl_fips',
help='Build OpenSSL using FIPS canister .o file in supplied folder')
+parser.add_option('--openssl-use-def-ca-store',
+ action='store_true',
+ dest='use_openssl_ca_store',
+ help='Use OpenSSL supplied CA store instead of compiled-in Mozilla CA copy.')
+
shared_optgroup.add_option('--shared-http-parser',
action='store_true',
dest='shared_http_parser',
help='link to a shared http_parser DLL instead of static linking')
@@ -937,10 +942,12 @@ def configure_v8(o):
def configure_openssl(o):
o['variables']['node_use_openssl'] = b(not options.without_ssl)
o['variables']['node_shared_openssl'] = b(options.shared_openssl)
o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0
+ if options.use_openssl_ca_store:
+ o['defines'] += ['NODE_OPENSSL_CERT_STORE']
if options.openssl_fips:
o['variables']['openssl_fips'] = options.openssl_fips
fips_dir = os.path.join(root_dir, 'deps', 'openssl', 'fips')
fips_ld = os.path.abspath(os.path.join(fips_dir, 'fipsld'))
o['make_fips_settings'] = [
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index c5630f30d0bef75ced53b36062bb1f0324dbdb9d..873b37d71b51aa62c8ebd56ea5b182567675e2dd 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -803,14 +803,18 @@ static X509_STORE* NewRootCertStore() {
root_certs_vector->push_back(x509);
}
}
X509_STORE* store = X509_STORE_new();
+#if defined(NODE_OPENSSL_CERT_STORE)
+ X509_STORE_set_default_paths(store);
+#else
for (auto& cert : *root_certs_vector) {
X509_up_ref(cert);
X509_STORE_add_cert(store, cert);
}
+#endif
return store;
}
--
2.12.0

View File

@ -1,6 +1,6 @@
%global with_debug 1 %global with_debug 1
%{!?_with_bootstrap: %global bootstrap 1} %{!?_with_bootstrap: %global bootstrap 0}
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -17,18 +17,18 @@
# than a Fedora release lifecycle. # than a Fedora release lifecycle.
%global nodejs_epoch 1 %global nodejs_epoch 1
%global nodejs_major 6 %global nodejs_major 6
%global nodejs_minor 10 %global nodejs_minor 11
%global nodejs_patch 3 %global nodejs_patch 0
%global nodejs_abi %{nodejs_major}.%{nodejs_minor} %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
%global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch} %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
%global nodejs_release 3 %global nodejs_release 1
# == Bundled Dependency Versions == # == Bundled Dependency Versions ==
# v8 - from deps/v8/include/v8-version.h # v8 - from deps/v8/include/v8-version.h
%global v8_major 5 %global v8_major 5
%global v8_minor 1 %global v8_minor 1
%global v8_build 281 %global v8_build 281
%global v8_patch 101 %global v8_patch 102
# V8 presently breaks ABI at least every x.y release while never bumping SONAME # V8 presently breaks ABI at least every x.y release while never bumping SONAME
%global v8_abi %{v8_major}.%{v8_minor} %global v8_abi %{v8_major}.%{v8_minor}
%global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@ -99,10 +99,6 @@ Patch1: 0001-Disable-running-gyp-files-for-bundled-deps.patch
# EPEL only has OpenSSL 1.0.1, so we need to carry a patch on that platform # EPEL only has OpenSSL 1.0.1, so we need to carry a patch on that platform
Patch2: 0002-Use-openssl-1.0.1.patch Patch2: 0002-Use-openssl-1.0.1.patch
# use system certificates instead of the bundled ones
# Backported from upstream 7.5.0+
Patch3: 0003-crypto-Use-system-CAs-instead-of-using-bundled-ones.patch
# Backported upstream patch to allow building with GCC 7 from # Backported upstream patch to allow building with GCC 7 from
# https://github.com/nodejs/node/commit/2bbee49e6f170a5d6628444a7c9a2235fe0dd929 # https://github.com/nodejs/node/commit/2bbee49e6f170a5d6628444a7c9a2235fe0dd929
Patch4: 0004-Fix-compatibility-with-GCC-7.patch Patch4: 0004-Fix-compatibility-with-GCC-7.patch
@ -255,9 +251,6 @@ rm -rf deps/icu-small \
deps/uv \ deps/uv \
deps/zlib deps/zlib
# Use system CA certificates
%patch3 -p1
# Fix GCC7 build # Fix GCC7 build
%patch4 -p1 %patch4 -p1
@ -450,9 +443,13 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node -
%{_pkgdocdir}/npm/doc %{_pkgdocdir}/npm/doc
%changelog %changelog
* Tue Jun 06 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:6.10.3-3 * Fri Jun 09 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:6.11.0-1
- Update to 6.11.0
- remove system CA patch since it was merged upstream
- https://github.com/nodejs/node/pull/8334
* Fri May 12 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:6.10.3-3
- Require http-parser-devel when using system http-parser - Require http-parser-devel when using system http-parser
- enable bootstraping
* Thu May 11 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:6.10.3-2 * Thu May 11 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:6.10.3-2
- Provide bundled http-parser in case of boostraping - Provide bundled http-parser in case of boostraping

View File

@ -1 +1 @@
SHA512 (node-v6.10.3-stripped.tar.gz) = 0750e6c1597c2379df59fafb5945d3af7d59f371c7996c56394f0cac5361627cebde3f6e46468ef76b0eb6d242e77538ec0c8136f75b98c140f1c6235df596bd SHA512 (node-v6.11.0-stripped.tar.gz) = a23e0d8461dcf87048555d2e4e62c0bacecf6d2a6a8d6d27ed08f6f0911ec31f9a7abc48ab45478eaf3ba6af593714e628a194340168581f2f9c3c8dbf0c7a1d