Revert upstream change that is incompatible with OpenSSL 1.0.1

Fixes: rhbz#1436445
This commit is contained in:
Stephen Gallagher 2017-04-03 13:37:43 -04:00
parent 41af04f2a3
commit 9f1c95f794
No known key found for this signature in database
GPG Key ID: 7A25556236BAA3A3
2 changed files with 40 additions and 1 deletions

View File

@ -0,0 +1,30 @@
diff -ru a/src/node_crypto.cc b/src/node_crypto.cc
--- a/src/node_crypto.cc 2017-03-31 22:39:56.483283868 +0200
+++ b/src/node_crypto.cc 2017-03-31 22:45:36.250267750 +0200
@@ -851,8 +851,6 @@
}
}
- // Increment reference count so global store is not deleted along with CTX.
- X509_STORE_up_ref(root_cert_store);
SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
}
diff -ru a/src/node_crypto.h b/src/node_crypto.h
--- a/src/node_crypto.h 2017-03-21 20:43:33.000000000 +0100
+++ b/src/node_crypto.h 2017-03-31 22:43:15.548183432 +0200
@@ -145,6 +145,13 @@
}
env()->isolate()->AdjustAmountOfExternalAllocatedMemory(-kExternalSize);
+ if (ctx_->cert_store == root_cert_store) {
+ // SSL_CTX_free() will attempt to free the cert_store as well.
+ // Since we want our root_cert_store to stay around forever
+ // we just clear the field. Hopefully OpenSSL will not modify this
+ // struct in future versions.
+ ctx_->cert_store = nullptr;
+ }
SSL_CTX_free(ctx_);
if (cert_ != nullptr)
X509_free(cert_);

View File

@ -19,7 +19,7 @@
%global nodejs_patch 1
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
%global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
%global nodejs_release 1
%global nodejs_release 2
# == Bundled Dependency Versions ==
# v8 - from deps/v8/include/v8-version.h
@ -105,6 +105,10 @@ Patch3: 0003-crypto-Use-system-CAs-instead-of-using-bundled-ones.patch
# https://github.com/nodejs/node/issues/10388#issuecomment-283120731
Patch4: 0004-Fix-compatibility-with-GCC-7.patch
# RHEL 7 still uses OpenSSL 1.0.1 for now, and it segfaults on SSL
# Revert this upstream patch until RHEL 7 upgrades to 1.0.2
Patch5: EPEL01-openssl101-compat.patch
BuildRequires: python-devel
BuildRequires: libuv-devel >= 1:1.9.1
Requires: libuv >= 1:1.9.1
@ -252,6 +256,7 @@ rm -rf deps/icu-small \
%if 0%{?epel}
%patch2 -p1
%patch5 -p1
%endif
@ -414,6 +419,10 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node -
%{_pkgdocdir}/npm/doc
%changelog
* Mon Apr 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 1:6.10.1-2
- Revert upstream change that is incompatible with OpenSSL 1.0.1
- Fixes: rhbz#1436445
* Wed Mar 22 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:6.10.1-1
- Update to 6.10.1
- remove small-icu from deps