Revert upstream change that is incompatible with OpenSSL 1.0.1
Fixes: rhbz#1436445
This commit is contained in:
parent
41af04f2a3
commit
9f1c95f794
30
EPEL01-openssl101-compat.patch
Normal file
30
EPEL01-openssl101-compat.patch
Normal file
@ -0,0 +1,30 @@
|
||||
diff -ru a/src/node_crypto.cc b/src/node_crypto.cc
|
||||
--- a/src/node_crypto.cc 2017-03-31 22:39:56.483283868 +0200
|
||||
+++ b/src/node_crypto.cc 2017-03-31 22:45:36.250267750 +0200
|
||||
@@ -851,8 +851,6 @@
|
||||
}
|
||||
}
|
||||
|
||||
- // Increment reference count so global store is not deleted along with CTX.
|
||||
- X509_STORE_up_ref(root_cert_store);
|
||||
SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
|
||||
}
|
||||
|
||||
diff -ru a/src/node_crypto.h b/src/node_crypto.h
|
||||
--- a/src/node_crypto.h 2017-03-21 20:43:33.000000000 +0100
|
||||
+++ b/src/node_crypto.h 2017-03-31 22:43:15.548183432 +0200
|
||||
@@ -145,6 +145,13 @@
|
||||
}
|
||||
|
||||
env()->isolate()->AdjustAmountOfExternalAllocatedMemory(-kExternalSize);
|
||||
+ if (ctx_->cert_store == root_cert_store) {
|
||||
+ // SSL_CTX_free() will attempt to free the cert_store as well.
|
||||
+ // Since we want our root_cert_store to stay around forever
|
||||
+ // we just clear the field. Hopefully OpenSSL will not modify this
|
||||
+ // struct in future versions.
|
||||
+ ctx_->cert_store = nullptr;
|
||||
+ }
|
||||
SSL_CTX_free(ctx_);
|
||||
if (cert_ != nullptr)
|
||||
X509_free(cert_);
|
||||
|
11
nodejs.spec
11
nodejs.spec
@ -19,7 +19,7 @@
|
||||
%global nodejs_patch 1
|
||||
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
|
||||
%global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
|
||||
%global nodejs_release 1
|
||||
%global nodejs_release 2
|
||||
|
||||
# == Bundled Dependency Versions ==
|
||||
# v8 - from deps/v8/include/v8-version.h
|
||||
@ -105,6 +105,10 @@ Patch3: 0003-crypto-Use-system-CAs-instead-of-using-bundled-ones.patch
|
||||
# https://github.com/nodejs/node/issues/10388#issuecomment-283120731
|
||||
Patch4: 0004-Fix-compatibility-with-GCC-7.patch
|
||||
|
||||
# RHEL 7 still uses OpenSSL 1.0.1 for now, and it segfaults on SSL
|
||||
# Revert this upstream patch until RHEL 7 upgrades to 1.0.2
|
||||
Patch5: EPEL01-openssl101-compat.patch
|
||||
|
||||
BuildRequires: python-devel
|
||||
BuildRequires: libuv-devel >= 1:1.9.1
|
||||
Requires: libuv >= 1:1.9.1
|
||||
@ -252,6 +256,7 @@ rm -rf deps/icu-small \
|
||||
|
||||
%if 0%{?epel}
|
||||
%patch2 -p1
|
||||
%patch5 -p1
|
||||
%endif
|
||||
|
||||
|
||||
@ -414,6 +419,10 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node -
|
||||
%{_pkgdocdir}/npm/doc
|
||||
|
||||
%changelog
|
||||
* Mon Apr 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:6.10.1-2
|
||||
- Revert upstream change that is incompatible with OpenSSL 1.0.1
|
||||
- Fixes: rhbz#1436445
|
||||
|
||||
* Wed Mar 22 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:6.10.1-1
|
||||
- Update to 6.10.1
|
||||
- remove small-icu from deps
|
||||
|
Loading…
Reference in New Issue
Block a user