Fix FTBFS against GCC 7

Resolves: RHBZ 1423991

0001-disable-running-gyp-files-for-bundled-deps.patch

@@ -1,17 +1,19 @@
-From da4ed485ddd52cd156406f939225146e8539cabb Mon Sep 17 00:00:00 2001
+From 71a2912f95f287519a3c695417655a0cae4e1bc0 Mon Sep 17 00:00:00 2001
 From: Stephen Gallagher <sgallagh@redhat.com>
 Date: Tue, 1 Dec 2015 16:35:29 -0500
-Subject: [PATCH 1/3] disable running gyp files for bundled deps
+Subject: [PATCH 1/4] disable running gyp files for bundled deps
 
 ---
  Makefile | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index a8870a5..f7fc4a9 100644
+index 719b855559383a8011c8f6f073ed69a1cf21aeee..31cd25452dccb0624809c0570a738c5b49cc782c 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -70,7 +70,7 @@ $(NODE_G_EXE): config.gypi out/Makefile
+@@ -70,11 +70,11 @@ $(NODE_EXE): config.gypi out/Makefile
+ 
+ $(NODE_G_EXE): config.gypi out/Makefile
  	$(MAKE) -C out BUILDTYPE=Debug V=$(V)
  	ln -fs out/Debug/$(NODE_EXE) $@
  
@@ -20,6 +22,8 @@ index a8870a5..f7fc4a9 100644
  	$(PYTHON) tools/gyp_node.py -f make
  
  config.gypi: configure
+ 	$(error Missing or stale $@, please run ./$<)
+ 
 -- 
-2.9.0
+2.11.1
 

0002-Use-openssl-1.0.1.patch

@@ -1,7 +1,7 @@
-From 6cf8243a70e26843c7770f7b29b1a33b822d1c26 Mon Sep 17 00:00:00 2001
+From f614552e1698387dd4d245e07de6b75d9c023e65 Mon Sep 17 00:00:00 2001
 From: Haikel Guemar <hguemar@fedoraproject.org>
 Date: Tue, 26 Jul 2016 22:50:22 +0200
-Subject: [PATCH 2/3] Use openssl 1.0.1
+Subject: [PATCH 2/4] Use openssl 1.0.1
 
 Based on Solaris patches from upstream #2783
 https://github.com/nodejs/node/issues/2783
@@ -14,10 +14,12 @@ https://github.com/nodejs/node/issues/2783
  5 files changed, 223 insertions(+), 13 deletions(-)
 
 diff --git a/doc/api/tls.md b/doc/api/tls.md
-index 7feaff2..97ad7a5 100644
+index 488337a0764e4cc5e7c27bb8075c1b907696908b..292bbf26ddf5a8dd373cb15e97d220229b4cdcc1 100644
 --- a/doc/api/tls.md
 +++ b/doc/api/tls.md
-@@ -114,6 +114,12 @@ handshake extensions:
+@@ -112,10 +112,16 @@ handshake extensions:
+ * ALPN/NPN - Allows the use of one TLS server for multiple protocols (HTTP,
+   SPDY, HTTP/2)
  * SNI - Allows the use of one TLS server for multiple hostnames with different
    SSL certificates.
  
@@ -30,11 +32,15 @@ index 7feaff2..97ad7a5 100644
  *Note*: Use of ALPN is recommended over NPN. The NPN extension has never been
  formally defined or documented and generally not recommended for use.
  
+ ### Client-initiated renegotiation attack mitigation
+ 
 diff --git a/src/node_constants.cc b/src/node_constants.cc
-index 2e6be8d..239eadb 100644
+index 2e6be8df37c345a383d8a78898daf2a147d90630..239eadbac8ea8e601745a63347a8bb301c22d1b1 100644
 --- a/src/node_constants.cc
 +++ b/src/node_constants.cc
-@@ -14,7 +14,10 @@
+@@ -12,11 +12,14 @@
+ #include <signal.h>
+ #include <sys/types.h>
  #include <sys/stat.h>
  
  #if HAVE_OPENSSL
@@ -45,7 +51,11 @@ index 2e6be8d..239eadb 100644
  # include <openssl/ssl.h>
  # ifndef OPENSSL_NO_ENGINE
  #  include <openssl/engine.h>
-@@ -976,12 +979,14 @@ void DefineOpenSSLConstants(Local<Object> target) {
+ # endif  // !OPENSSL_NO_ENGINE
+ #endif
+@@ -974,16 +977,18 @@ void DefineOpenSSLConstants(Local<Object> target) {
+     NODE_DEFINE_CONSTANT(target, RSA_PKCS1_PSS_PADDING);
+ #endif
  
  #if HAVE_OPENSSL
    // NOTE: These are not defines
@@ -60,11 +70,15 @@ index 2e6be8d..239eadb 100644
  }
  
  void DefineSystemConstants(Local<Object> target) {
+   // file access modes
+   NODE_DEFINE_CONSTANT(target, O_RDONLY);
 diff --git a/src/node_crypto.cc b/src/node_crypto.cc
-index 9cf216f..888a0f8 100644
+index b83794a770d672d492a5b01aee9a46fcaa39be85..89cd651248361d4fff3c442d5e36cc66e6f49bf4 100644
 --- a/src/node_crypto.cc
 +++ b/src/node_crypto.cc
-@@ -24,6 +24,82 @@
+@@ -22,10 +22,86 @@
+ #include <limits.h>  // INT_MAX
+ #include <math.h>
  #include <stdlib.h>
  #include <string.h>
  
@@ -147,7 +161,11 @@ index 9cf216f..888a0f8 100644
  #define THROW_AND_RETURN_IF_NOT_STRING_OR_BUFFER(val, prefix)                  \
    do {                                                                         \
      if (!Buffer::HasInstance(val) && !val->IsString()) {                       \
-@@ -160,7 +236,11 @@ template int SSLWrap<TLSWrap>::TLSExtStatusCallback(SSL* s, void* arg);
+       return env->ThrowTypeError(prefix " must be a string or a buffer");      \
+     }                                                                          \
+@@ -158,11 +234,15 @@ template int SSLWrap<TLSWrap>::SelectNextProtoCallback(
+ #ifdef NODE__HAVE_TLSEXT_STATUS_CB
+ template int SSLWrap<TLSWrap>::TLSExtStatusCallback(SSL* s, void* arg);
  #endif
  
  template void SSLWrap<TLSWrap>::DestroySSL();
@@ -159,7 +177,11 @@ index 9cf216f..888a0f8 100644
  template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg);
  
  #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
-@@ -280,8 +360,12 @@ void SecureContext::Initialize(Environment* env, Local<Object> target) {
+ template int SSLWrap<TLSWrap>::SelectALPNCallback(
+     SSL* s,
+@@ -278,12 +358,16 @@ void SecureContext::Initialize(Environment* env, Local<Object> target) {
+   env->SetProtoMethod(t, "setCert", SecureContext::SetCert);
+   env->SetProtoMethod(t, "addCACert", SecureContext::AddCACert);
    env->SetProtoMethod(t, "addCRL", SecureContext::AddCRL);
    env->SetProtoMethod(t, "addRootCerts", SecureContext::AddRootCerts);
    env->SetProtoMethod(t, "setCiphers", SecureContext::SetCiphers);
@@ -172,7 +194,11 @@ index 9cf216f..888a0f8 100644
    env->SetProtoMethod(t, "setOptions", SecureContext::SetOptions);
    env->SetProtoMethod(t, "setSessionIdContext",
                        SecureContext::SetSessionIdContext);
-@@ -515,8 +599,20 @@ int SSL_CTX_use_certificate_chain(SSL_CTX* ctx,
+   env->SetProtoMethod(t, "setSessionTimeout",
+                       SecureContext::SetSessionTimeout);
+@@ -513,12 +597,24 @@ int SSL_CTX_use_certificate_chain(SSL_CTX* ctx,
+     SSL_CTX_clear_extra_chain_certs(ctx);
+ 
      for (int i = 0; i < sk_X509_num(extra_certs); i++) {
        X509* ca = sk_X509_value(extra_certs, i);
  
@@ -195,7 +221,11 @@ index 9cf216f..888a0f8 100644
  
        if (!r) {
          ret = 0;
-@@ -795,6 +891,7 @@ void SecureContext::SetCiphers(const FunctionCallbackInfo<Value>& args) {
+         *issuer = nullptr;
+         goto end;
+@@ -793,10 +889,11 @@ void SecureContext::SetCiphers(const FunctionCallbackInfo<Value>& args) {
+   const node::Utf8Value ciphers(args.GetIsolate(), args[0]);
+   SSL_CTX_set_cipher_list(sc->ctx_, *ciphers);
  }
  
  
@@ -203,7 +233,11 @@ index 9cf216f..888a0f8 100644
  void SecureContext::SetECDHCurve(const FunctionCallbackInfo<Value>& args) {
    SecureContext* sc;
    ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
-@@ -822,8 +919,10 @@ void SecureContext::SetECDHCurve(const FunctionCallbackInfo<Value>& args) {
+   Environment* env = sc->env();
+ 
+@@ -820,12 +917,14 @@ void SecureContext::SetECDHCurve(const FunctionCallbackInfo<Value>& args) {
+   SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE);
+   SSL_CTX_set_tmp_ecdh(sc->ctx_, ecdh);
  
    EC_KEY_free(ecdh);
  }
@@ -214,7 +248,11 @@ index 9cf216f..888a0f8 100644
  void SecureContext::SetDHParam(const FunctionCallbackInfo<Value>& args) {
    SecureContext* sc;
    ASSIGN_OR_RETURN_UNWRAP(&sc, args.This());
-@@ -862,6 +961,7 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo<Value>& args) {
+   Environment* env = sc->env();
+   ClearErrorOnReturn clear_error_on_return;
+@@ -860,10 +959,11 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo<Value>& args) {
+   DH_free(dh);
+ 
    if (!r)
      return env->ThrowTypeError("Error setting temp DH parameter");
  }
@@ -222,7 +260,11 @@ index 9cf216f..888a0f8 100644
  
  
  void SecureContext::SetOptions(const FunctionCallbackInfo<Value>& args) {
-@@ -1872,6 +1972,7 @@ void SSLWrap<Base>::GetEphemeralKeyInfo(
+   SecureContext* sc;
+   ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
+@@ -1870,10 +1970,11 @@ void SSLWrap<Base>::GetEphemeralKeyInfo(
+         info->Set(env->type_string(),
+                   FIXED_ONE_BYTE_STRING(env->isolate(), "DH"));
          info->Set(env->size_string(),
                    Integer::New(env->isolate(), EVP_PKEY_bits(key)));
          break;
@@ -230,7 +272,11 @@ index 9cf216f..888a0f8 100644
        case EVP_PKEY_EC:
          {
            EC_KEY* ec = EVP_PKEY_get1_EC_KEY(key);
-@@ -1884,6 +1985,7 @@ void SSLWrap<Base>::GetEphemeralKeyInfo(
+           int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+           EC_KEY_free(ec);
+@@ -1882,10 +1983,11 @@ void SSLWrap<Base>::GetEphemeralKeyInfo(
+           info->Set(env->name_string(),
+                     OneByteString(args.GetIsolate(), OBJ_nid2sn(nid)));
            info->Set(env->size_string(),
                      Integer::New(env->isolate(), EVP_PKEY_bits(key)));
          }
@@ -238,7 +284,11 @@ index 9cf216f..888a0f8 100644
      }
      EVP_PKEY_free(key);
    }
-@@ -2301,7 +2403,12 @@ void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) {
+ 
+   return args.GetReturnValue().Set(info);
+@@ -2300,11 +2402,16 @@ void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) {
+   cert_cb_arg_ = arg;
+ }
  
  
  template <class Base>
@@ -251,7 +301,11 @@ index 9cf216f..888a0f8 100644
    Base* w = static_cast<Base*>(SSL_get_app_data(s));
  
    if (!w->is_server())
-@@ -2375,19 +2482,53 @@ void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) {
+     return 1;
+ 
+@@ -2369,23 +2476,57 @@ void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) {
+     ASSIGN_OR_RETURN_UNWRAP(&sc, ctx.As<Object>());
+     w->sni_context_.Reset();
      w->sni_context_.Reset(env->isolate(), ctx);
  
      int rv;
@@ -315,7 +369,11 @@ index 9cf216f..888a0f8 100644
      if (rv)
        rv = w->SetCACerts(sc);
      if (!rv) {
-@@ -2451,10 +2592,14 @@ void SSLWrap<Base>::SetSNIContext(SecureContext* sc) {
+       unsigned long err = ERR_get_error();  // NOLINT(runtime/int)
+       if (!err)
+@@ -2445,14 +2586,18 @@ void SSLWrap<Base>::SetSNIContext(SecureContext* sc) {
+ }
+ 
  
  template <class Base>
  int SSLWrap<Base>::SetCACerts(SecureContext* sc) {
@@ -331,7 +389,11 @@ index 9cf216f..888a0f8 100644
    STACK_OF(X509_NAME)* list = SSL_dup_CA_list(
        SSL_CTX_get_client_CA_list(sc->ctx_));
  
-@@ -2732,7 +2877,11 @@ inline int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) {
+   // NOTE: `SSL_set_client_CA_list` takes the ownership of `list`
+   SSL_set_client_CA_list(ssl_, list);
+@@ -2726,11 +2871,15 @@ inline int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) {
+ 
+   // Server does not need to check the whitelist.
    SSL* ssl = static_cast<SSL*>(
        X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
  
@@ -343,7 +405,11 @@ index 9cf216f..888a0f8 100644
      return 1;
  
    // Client needs to check if the server cert is listed in the
-@@ -2815,7 +2964,21 @@ void Connection::New(const FunctionCallbackInfo<Value>& args) {
+   // whitelist when it is issued by the specific rootCAs.
+   CheckResult ret = CheckWhitelistedServerCert(ctx);
+@@ -2809,11 +2958,25 @@ void Connection::New(const FunctionCallbackInfo<Value>& args) {
+   if (is_server)
+     SSL_set_info_callback(conn->ssl_, SSLInfoCallback);
  
    InitNPN(sc);
  
@@ -365,7 +431,11 @@ index 9cf216f..888a0f8 100644
  
  #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
    if (is_server) {
-@@ -4404,6 +4567,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
+     SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_);
+   } else if (args[2]->IsString()) {
+@@ -4394,10 +4557,11 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
+   args.GetReturnValue().Set(vbuf);
+   delete[] out_value;
  }
  
  
@@ -373,7 +443,11 @@ index 9cf216f..888a0f8 100644
  void DiffieHellman::Initialize(Environment* env, Local<Object> target) {
    Local<FunctionTemplate> t = env->NewFunctionTemplate(New);
  
-@@ -4805,8 +4969,10 @@ bool DiffieHellman::VerifyContext() {
+   const PropertyAttribute attributes =
+       static_cast<PropertyAttribute>(v8::ReadOnly | v8::DontDelete);
+@@ -4795,12 +4959,14 @@ bool DiffieHellman::VerifyContext() {
+   if (!DH_check(dh, &codes))
+     return false;
    verifyError_ = codes;
    return true;
  }
@@ -384,7 +458,11 @@ index 9cf216f..888a0f8 100644
  void ECDH::Initialize(Environment* env, Local<Object> target) {
    HandleScope scope(env->isolate());
  
-@@ -5034,6 +5200,7 @@ void ECDH::SetPrivateKey(const FunctionCallbackInfo<Value>& args) {
+   Local<FunctionTemplate> t = env->NewFunctionTemplate(New);
+ 
+@@ -5024,10 +5190,11 @@ void ECDH::SetPrivateKey(const FunctionCallbackInfo<Value>& args) {
+     return env->ThrowError("Failed to set generated public key");
+   }
  
    EC_POINT_free(pub);
  }
@@ -392,7 +470,11 @@ index 9cf216f..888a0f8 100644
  
  
  void ECDH::SetPublicKey(const FunctionCallbackInfo<Value>& args) {
-@@ -5587,6 +5754,7 @@ void GetHashes(const FunctionCallbackInfo<Value>& args) {
+   Environment* env = Environment::GetCurrent(args);
+ 
+@@ -5577,10 +5744,11 @@ void GetHashes(const FunctionCallbackInfo<Value>& args) {
+   EVP_MD_do_all_sorted(array_push_back<EVP_MD>, &ctx);
+   args.GetReturnValue().Set(ctx.arr);
  }
  
  
@@ -400,7 +482,11 @@ index 9cf216f..888a0f8 100644
  void GetCurves(const FunctionCallbackInfo<Value>& args) {
    Environment* env = Environment::GetCurrent(args);
    const size_t num_curves = EC_get_builtin_curves(nullptr, 0);
-@@ -5611,6 +5779,7 @@ void GetCurves(const FunctionCallbackInfo<Value>& args) {
+   Local<Array> arr = Array::New(env->isolate(), num_curves);
+   EC_builtin_curve* curves;
+@@ -5601,10 +5769,11 @@ void GetCurves(const FunctionCallbackInfo<Value>& args) {
+     free(curves);
+   }
  
    args.GetReturnValue().Set(arr);
  }
@@ -408,7 +494,11 @@ index 9cf216f..888a0f8 100644
  
  
  bool VerifySpkac(const char* data, unsigned int len) {
-@@ -5886,8 +6055,12 @@ void InitCrypto(Local<Object> target,
+   bool i = 0;
+   EVP_PKEY* pkey = nullptr;
+@@ -5913,12 +6082,16 @@ void InitCrypto(Local<Object> target,
+ 
+   Environment* env = Environment::GetCurrent(context);
    SecureContext::Initialize(env, target);
    Connection::Initialize(env, target);
    CipherBase::Initialize(env, target);
@@ -421,7 +511,11 @@ index 9cf216f..888a0f8 100644
    Hmac::Initialize(env, target);
    Hash::Initialize(env, target);
    Sign::Initialize(env, target);
-@@ -5906,7 +6079,9 @@ void InitCrypto(Local<Object> target,
+   Verify::Initialize(env, target);
+ 
+@@ -5934,11 +6107,13 @@ void InitCrypto(Local<Object> target,
+   env->SetMethod(target, "randomBytes", RandomBytes);
+   env->SetMethod(target, "timingSafeEqual", TimingSafeEqual);
    env->SetMethod(target, "getSSLCiphers", GetSSLCiphers);
    env->SetMethod(target, "getCiphers", GetCiphers);
    env->SetMethod(target, "getHashes", GetHashes);
@@ -431,11 +525,15 @@ index 9cf216f..888a0f8 100644
    env->SetMethod(target, "publicEncrypt",
                   PublicKeyCipher::Cipher<PublicKeyCipher::kPublic,
                                           EVP_PKEY_encrypt_init,
+                                          EVP_PKEY_encrypt>);
+   env->SetMethod(target, "privateDecrypt",
 diff --git a/src/node_crypto.h b/src/node_crypto.h
-index 24ac773..2b1b6ae 100644
+index 24ac77365cf45578f2be359f18b8e9c347209531..2b1b6ae80f668149c0691c44aa4e295f21a82b8e 100644
 --- a/src/node_crypto.h
 +++ b/src/node_crypto.h
-@@ -18,8 +18,12 @@
+@@ -16,12 +16,16 @@
+ #include "base-object-inl.h"
+ 
  #include "v8.h"
  
  #include <openssl/ssl.h>
@@ -448,7 +546,11 @@ index 24ac773..2b1b6ae 100644
  #ifndef OPENSSL_NO_ENGINE
  # include <openssl/engine.h>
  #endif  // !OPENSSL_NO_ENGINE
-@@ -101,8 +105,12 @@ class SecureContext : public BaseObject {
+ #include <openssl/err.h>
+ #include <openssl/evp.h>
+@@ -99,12 +103,16 @@ class SecureContext : public BaseObject {
+   static void SetCert(const v8::FunctionCallbackInfo<v8::Value>& args);
+   static void AddCACert(const v8::FunctionCallbackInfo<v8::Value>& args);
    static void AddCRL(const v8::FunctionCallbackInfo<v8::Value>& args);
    static void AddRootCerts(const v8::FunctionCallbackInfo<v8::Value>& args);
    static void SetCiphers(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -461,7 +563,11 @@ index 24ac773..2b1b6ae 100644
    static void SetOptions(const v8::FunctionCallbackInfo<v8::Value>& args);
    static void SetSessionIdContext(
        const v8::FunctionCallbackInfo<v8::Value>& args);
-@@ -283,7 +291,11 @@ class SSLWrap {
+   static void SetSessionTimeout(
+       const v8::FunctionCallbackInfo<v8::Value>& args);
+@@ -281,11 +289,15 @@ class SSLWrap {
+                                 unsigned char* outlen,
+                                 const unsigned char* in,
                                  unsigned int inlen,
                                  void* arg);
    static int TLSExtStatusCallback(SSL* s, void* arg);
@@ -473,7 +579,11 @@ index 24ac773..2b1b6ae 100644
    static void SSLGetter(v8::Local<v8::String> property,
                          const v8::PropertyCallbackInfo<v8::Value>& info);
  
-@@ -645,6 +657,7 @@ class PublicKeyCipher {
+   void DestroySSL();
+   void WaitForCertCb(CertCb cb, void* arg);
+@@ -643,10 +655,11 @@ class PublicKeyCipher {
+             EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init,
+             EVP_PKEY_cipher_t EVP_PKEY_cipher>
    static void Cipher(const v8::FunctionCallbackInfo<v8::Value>& args);
  };
  
@@ -481,7 +591,11 @@ index 24ac773..2b1b6ae 100644
  class DiffieHellman : public BaseObject {
   public:
    ~DiffieHellman() override {
-@@ -690,7 +703,9 @@ class DiffieHellman : public BaseObject {
+     if (dh != nullptr) {
+       DH_free(dh);
+@@ -688,11 +701,13 @@ class DiffieHellman : public BaseObject {
+ 
+   bool initialised_;
    int verifyError_;
    DH* dh;
  };
@@ -491,7 +605,11 @@ index 24ac773..2b1b6ae 100644
  class ECDH : public BaseObject {
   public:
    ~ECDH() override {
-@@ -727,6 +742,7 @@ class ECDH : public BaseObject {
+     if (key_ != nullptr)
+       EC_KEY_free(key_);
+@@ -725,10 +740,11 @@ class ECDH : public BaseObject {
+   bool IsKeyValidForCurve(const BIGNUM* private_key);
+ 
    EC_KEY* key_;
    const EC_GROUP* group_;
  };
@@ -499,11 +617,15 @@ index 24ac773..2b1b6ae 100644
  
  bool EntropySource(unsigned char* buffer, size_t length);
  #ifndef OPENSSL_NO_ENGINE
+ void SetEngine(const v8::FunctionCallbackInfo<v8::Value>& args);
+ #endif  // !OPENSSL_NO_ENGINE
 diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
-index 7c5df11..3e06621 100644
+index d1b1aeccdd95b00b3fd0421c08fd7816cd70d182..a6e63d7c1ccc81e6f7d782dffe833234b003de15 100644
 --- a/src/tls_wrap.cc
 +++ b/src/tls_wrap.cc
-@@ -142,7 +142,15 @@ void TLSWrap::InitSSL() {
+@@ -140,11 +140,19 @@ void TLSWrap::InitSSL() {
+   }
+ #endif  // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
  
    InitNPN(sc_);
  
@@ -519,6 +641,8 @@ index 7c5df11..3e06621 100644
  
    if (is_server()) {
      SSL_set_accept_state(ssl_);
+   } else if (is_client()) {
+     // Enough space for server response (hello, cert)
 -- 
-2.9.0
+2.11.1
 

0003-CA-Certificates-are-provided-by-Fedora.patch

@@ -1,7 +1,7 @@
-From 08305ba6b7fddab1f35c59dc82a3c6b11ceceae3 Mon Sep 17 00:00:00 2001
+From 4ea8ba0dcc7fe20c8fff7f574304e749bd37ecea Mon Sep 17 00:00:00 2001
 From: Haikel Guemar <hguemar@fedoraproject.org>
 Date: Tue, 26 Jul 2016 22:00:25 +0200
-Subject: [PATCH 3/3] CA Certificates are provided by Fedora.
+Subject: [PATCH 3/4] CA Certificates are provided by Fedora.
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -26,10 +26,12 @@ Node.js 4.4.7
  1 file changed, 9 insertions(+), 21 deletions(-)
 
 diff --git a/src/node_crypto.cc b/src/node_crypto.cc
-index 888a0f8..3feff0e 100644
+index 89cd651248361d4fff3c442d5e36cc66e6f49bf4..4fadc0a001422dea3aeade330f8f596c0dab36ee 100644
 --- a/src/node_crypto.cc
 +++ b/src/node_crypto.cc
-@@ -192,8 +192,8 @@ static X509_NAME *cnnic_ev_name =
+@@ -190,12 +190,12 @@ static X509_NAME *cnnic_ev_name =
+     d2i_X509_NAME(nullptr, &cnnic_ev_p,
+                   sizeof(CNNIC_EV_ROOT_CA_SUBJECT_DATA)-1);
  
  static Mutex* mutexes;
  
@@ -40,7 +42,11 @@ index 888a0f8..3feff0e 100644
  };
  
  X509_STORE* root_cert_store;
-@@ -847,29 +847,17 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
+ 
+ // Just to generate static methods
+@@ -845,33 +845,21 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
+   (void) &clear_error_on_return;  // Silence compiler warning.
+ 
    CHECK_EQ(sc->ca_store_, nullptr);
  
    if (!root_cert_store) {
@@ -77,6 +83,8 @@ index 888a0f8..3feff0e 100644
  }
  
  
+ void SecureContext::SetCiphers(const FunctionCallbackInfo<Value>& args) {
+   SecureContext* sc;
 -- 
-2.9.0
+2.11.1
 

0004-Fix-compatibility-with-GCC-7.patch

@@ -0,0 +1,103 @@
+From c5a932e20110008273acbde5066c4231293d3a54 Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Tue, 28 Feb 2017 13:56:40 -0500
+Subject: [PATCH 4/4] Fix compatibility with GCC 7
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+---
+ deps/v8/src/objects-body-descriptors.h |  2 +-
+ deps/v8/src/objects-inl.h              | 21 +++++++++++++++++++++
+ deps/v8/src/objects.h                  | 20 ++++----------------
+ 3 files changed, 26 insertions(+), 17 deletions(-)
+
+diff --git a/deps/v8/src/objects-body-descriptors.h b/deps/v8/src/objects-body-descriptors.h
+index 91cb8883be88739eab2b10df71f6f0d08aab436e..a1c3634bd762d7e03b4c87d38aa14a9a3ce318e4 100644
+--- a/deps/v8/src/objects-body-descriptors.h
++++ b/deps/v8/src/objects-body-descriptors.h
+@@ -97,11 +97,11 @@ class FixedBodyDescriptor final : public BodyDescriptorBase {
+     IterateBodyImpl<StaticVisitor>(heap, obj, start_offset, end_offset);
+   }
+ 
+   template <typename StaticVisitor>
+   static inline void IterateBody(HeapObject* obj, int object_size) {
+-    IterateBody(obj);
++    IterateBody<StaticVisitor>(obj);
+   }
+ };
+ 
+ 
+ // This class describes a body of an object of a variable size
+diff --git a/deps/v8/src/objects-inl.h b/deps/v8/src/objects-inl.h
+index b75dd1c969a498d66584143adf0f03140a69bbd6..690a338a023c25646863715466f777850bc7f437 100644
+--- a/deps/v8/src/objects-inl.h
++++ b/deps/v8/src/objects-inl.h
+@@ -34,10 +34,31 @@
+ #include "src/v8memory.h"
+ 
+ namespace v8 {
+ namespace internal {
+ 
++template <typename Derived, typename Shape, typename Key>
++uint32_t HashTable<Derived, Shape, Key>::Hash(Key key) {
++  if (Shape::UsesSeed) {
++    return Shape::SeededHash(key, GetHeap()->HashSeed());
++  } else {
++    return Shape::Hash(key);
++  }
++}
++
++
++template <typename Derived, typename Shape, typename Key>
++uint32_t HashTable<Derived, Shape, Key>::HashForObject(Key key,
++                                                       Object* object) {
++  if (Shape::UsesSeed) {
++    return Shape::SeededHashForObject(key, GetHeap()->HashSeed(), object);
++  } else {
++    return Shape::HashForObject(key, object);
++  }
++}
++
++
+ PropertyDetails::PropertyDetails(Smi* smi) {
+   value_ = smi->value();
+ }
+ 
+ 
+diff --git a/deps/v8/src/objects.h b/deps/v8/src/objects.h
+index abced2d4bad50ca2e01373ac5ad3330cdbbdd682..e507dba665bfbd64f5ee5851b08a507de0a2519a 100644
+--- a/deps/v8/src/objects.h
++++ b/deps/v8/src/objects.h
+@@ -3259,26 +3259,14 @@ class HashTableBase : public FixedArray {
+ 
+ 
+ template <typename Derived, typename Shape, typename Key>
+ class HashTable : public HashTableBase {
+  public:
+-  // Wrapper methods
+-  inline uint32_t Hash(Key key) {
+-    if (Shape::UsesSeed) {
+-      return Shape::SeededHash(key, GetHeap()->HashSeed());
+-    } else {
+-      return Shape::Hash(key);
+-    }
+-  }
+-
+-  inline uint32_t HashForObject(Key key, Object* object) {
+-    if (Shape::UsesSeed) {
+-      return Shape::SeededHashForObject(key, GetHeap()->HashSeed(), object);
+-    } else {
+-      return Shape::HashForObject(key, object);
+-    }
+-  }
++  // Wrapper methods.  Defined in src/objects-inl.h
++  // to break a cycle with src/heap/heap.h.
++  inline uint32_t Hash(Key key);
++  inline uint32_t HashForObject(Key key, Object* object);
+ 
+   // Returns a new HashTable object.
+   MUST_USE_RESULT static Handle<Derived> New(
+       Isolate* isolate, int at_least_space_for,
+       MinimumCapacity capacity_option = USE_DEFAULT_MINIMUM_CAPACITY,
+-- 
+2.11.1
+

nodejs.spec

@@ -19,7 +19,7 @@
 %global nodejs_patch 5
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
-%global nodejs_release 1
+%global nodejs_release 2
 
 # == Bundled Dependency Versions ==
 # v8 - from deps/v8/include/v8-version.h
@@ -72,7 +72,7 @@
 Name: nodejs
 Epoch: %{nodejs_epoch}
 Version: %{nodejs_version}
-Release: %{nodejs_release}%{?dist}.1
+Release: %{nodejs_release}%{?dist}
 Summary: JavaScript runtime
 License: MIT and ASL 2.0 and ISC and BSD
 Group: Development/Languages
@@ -102,6 +102,10 @@ Patch2: 0002-Use-openssl-1.0.1.patch
 # http://patch-tracker.debian.org/patch/series/view/nodejs/0.10.26~dfsg1-1/2014_donotinclude_root_certs.patch
 Patch3: 0003-CA-Certificates-are-provided-by-Fedora.patch
 
+# Patch to allow building with GCC 7 from
+# https://github.com/nodejs/node/issues/10388#issuecomment-283120731
+Patch4: 0004-Fix-compatibility-with-GCC-7.patch
+
 BuildRequires: python-devel
 BuildRequires: libuv-devel >= 1:1.9.1
 Requires: libuv >= 1:1.9.1
@@ -244,6 +248,9 @@ rm -rf deps/uv \
 rm -f src/node_root_certs.h
 %patch3 -p1
 
+# Fix GCC7 build
+%patch4 -p1
+
 %if 0%{?epel}
 %patch2 -p1
 %endif
@@ -407,6 +414,10 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node -
 %{_pkgdocdir}/npm/doc
 
 %changelog
+* Tue Feb 28 2017 Stephen Gallagher <sgallagh@redhat.com> - -
+- Fix FTBFS against GCC 7
+- Resolves: RHBZ 1423991
+
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:6.9.5-1.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild