summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChen, Chih-Chia <pigfoot@gmail.com>2018-10-19 10:10:25 +0800
committerChen, Chih-Chia <pigfoot@gmail.com>2018-10-19 10:10:25 +0800
commit031c3dca4c6add4a570b3d82219747ae3f63674e (patch)
treed49552aa3578079b37d2d66a3ed482c34c32b882
parent[app-admin/google-compute-engine] Version bump 2.8.3 (FIX#2) (diff)
downloadpigfoot-031c3dca4c6add4a570b3d82219747ae3f63674e.tar.gz
pigfoot-031c3dca4c6add4a570b3d82219747ae3f63674e.tar.bz2
pigfoot-031c3dca4c6add4a570b3d82219747ae3f63674e.zip
Bump for NodeJS-8.12.0
This is patched from stable version in gentoo portage
-rw-r--r--net-libs/nodejs/Manifest4
-rw-r--r--net-libs/nodejs/files/nodejs-10.3.0-global-npm-config.patch20
-rw-r--r--net-libs/nodejs/files/nodejs-4.6.1-libressl.patch587
-rw-r--r--net-libs/nodejs/files/nodejs-8.1.1-libressl.patch697
-rw-r--r--net-libs/nodejs/files/nodejs-8.11.1-libressl.patch (renamed from net-libs/nodejs/files/nodejs-8.1.0-libressl.patch)487
-rw-r--r--net-libs/nodejs/files/nodejs-8.12.0-libressl.patch (renamed from net-libs/nodejs/files/nodejs-8.11.4-libressl.patch)72
-rw-r--r--net-libs/nodejs/nodejs-8.11.1.ebuild (renamed from net-libs/nodejs/nodejs-8.11.4.ebuild)7
-rw-r--r--net-libs/nodejs/nodejs-8.12.0.ebuild (renamed from net-libs/nodejs/nodejs-6.11.5.ebuild)62
8 files changed, 443 insertions, 1493 deletions
diff --git a/net-libs/nodejs/Manifest b/net-libs/nodejs/Manifest
index d0273e9..6b03ec2 100644
--- a/net-libs/nodejs/Manifest
+++ b/net-libs/nodejs/Manifest
@@ -1,2 +1,2 @@
-DIST node-v6.11.5.tar.xz 15699404 BLAKE2B ba2df91bf5ef38cedb60b42919cf56f16807e619a81876fc92a5741e49da7ec91c4239d00f549c5e80d0bb8282bb9b396dd984507916cd18d61b403a3a7cef94 SHA512 62490725ef7957294c1bddf21ef0626c7472876791210168116501255ecee58457e9de9b044e10033706243299bbfd1495efeca169596fbf26f5eeba6d8fa4c9
-DIST node-v8.11.4.tar.xz 18323120 BLAKE2B 8deeb1d577ec5b8547fae79dd212d2aa92b567f249afd59f8668ee5cd323949546f744f9e42b37b4a1f2683d2589cde8842304ecd83c2a49204345dedcf1c93f SHA512 b1650148e9bdebeff639f0d313719589a9727fa620a9be46b4ceb9a60038b5c5f4f68e6e0f9806fa56e6bea03c3de1b0e5878a2548c3921dbccf8be3fe411f26
+DIST node-v8.11.1.tar.xz 18279516 BLAKE2B b06f31571c93455d16899e3ba57d1e5835951be7a644fafbfcac9cce1bf33ed8ca47929e0a5d0df72034a6c2b967c578e3c78a2ed27ba85e41c4af1de2307293 SHA512 0ca0dead15a1623ece7f972d420dec623141a795ddd984c32ce7e92ae32ead97bb0153ebd8c1c249b91a1bd6efcef7fb313105455f66d4d181473153c4e0736f
+DIST node-v8.12.0.tar.xz 18310452 BLAKE2B 79634fc57cd76a97e72bab4be37da91d5eff4d13cdaa2b48e83f013885fa3590ba4a28378baf036ed26b7304bf234753d1d4014f72571496f5bb6cd5b221e5f0 SHA512 665d2dba287d78bcd723d7b4d00a6897fb996f4aa69a541e010a3dfeb2614257892117fcce7123966b1ecaddc9269a6667e0e262df693baea1f476c96de55c42
diff --git a/net-libs/nodejs/files/nodejs-10.3.0-global-npm-config.patch b/net-libs/nodejs/files/nodejs-10.3.0-global-npm-config.patch
new file mode 100644
index 0000000..9c7fe68
--- /dev/null
+++ b/net-libs/nodejs/files/nodejs-10.3.0-global-npm-config.patch
@@ -0,0 +1,20 @@
+--- a/deps/npm/lib/config/core.js
++++ b/deps/npm/lib/config/core.js
+@@ -153,11 +153,12 @@
+ // Eg, `npm config get globalconfig --prefix ~/local` should
+ // return `~/local/etc/npmrc`
+ // annoying humans and their expectations!
+- if (conf.get('prefix')) {
+- var etc = path.resolve(conf.get('prefix'), 'etc')
+- defaults.globalconfig = path.resolve(etc, 'npmrc')
+- defaults.globalignorefile = path.resolve(etc, 'npmignore')
+- }
++ // gentoo deviates wrt global config; store in /etc/npm
++ var globalconfig = path.resolve('/etc', 'npm')
++ mkdirp(globalconfig, function () {
++ defaults.globalconfig = path.resolve(globalconfig, 'npmrc')
++ defaults.globalignorefile = path.resolve(globalconfig, 'npmignore')
++ })
+
+ conf.addFile(conf.get('globalconfig'), 'global')
+
diff --git a/net-libs/nodejs/files/nodejs-4.6.1-libressl.patch b/net-libs/nodejs/files/nodejs-4.6.1-libressl.patch
deleted file mode 100644
index 6cdb715..0000000
--- a/net-libs/nodejs/files/nodejs-4.6.1-libressl.patch
+++ /dev/null
@@ -1,587 +0,0 @@
-diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js
---- node-v4.6.1.orig/lib/_tls_wrap.js 2017-04-12 12:40:43.517228944 -0700
-+++ node-v4.6.1/lib/_tls_wrap.js 2017-04-12 12:49:51.155877106 -0700
-@@ -165,30 +165,33 @@
- if (err)
- return self.destroy(err);
-
-- self._handle.endParser();
-- });
--}
--
--
--function oncertcb(info) {
-- var self = this;
-- var servername = info.servername;
--
-- loadSNI(self, servername, function(err, ctx) {
-- if (err)
-- return self.destroy(err);
-- requestOCSP(self, info, ctx, function(err) {
-+ // Servername came from SSL session
-+ // NOTE: TLS Session ticket doesn't include servername information
-+ //
-+ // Another note, From RFC3546:
-+ //
-+ // If, on the other hand, the older
-+ // session is resumed, then the server MUST ignore extensions appearing
-+ // in the client hello, and send a server hello containing no
-+ // extensions; in this case the extension functionality negotiated
-+ // during the original session initiation is applied to the resumed
-+ // session.
-+ //
-+ // Therefore we should account session loading when dealing with servername
-+ var servername = session && session.servername || hello.servername;
-+ loadSNI(self, servername, function(err, ctx) {
- if (err)
- return self.destroy(err);
-
-- if (!self._handle)
-- return self.destroy(new Error('Socket is closed'));
-+ requestOCSP(self, info, ctx, function(err) {
-+ if (err)
-+ return self.destroy(err);
-+
-+ if (!self._handle)
-+ return self.destroy(new Error('Socket is closed'));
-
-- try {
-- self._handle.certCbDone();
-- } catch (e) {
-- self.destroy(e);
-- }
-+ self._handle.endParser();
-+ });
- });
- });
- }
-@@ -410,18 +413,15 @@
- ssl.onhandshakestart = () => onhandshakestart.call(this);
- ssl.onhandshakedone = () => onhandshakedone.call(this);
- ssl.onclienthello = (hello) => onclienthello.call(this, hello);
-- ssl.oncertcb = (info) => oncertcb.call(this, info);
- ssl.onnewsession = (key, session) => onnewsession.call(this, key, session);
- ssl.lastHandshakeTime = 0;
- ssl.handshakes = 0;
-
-- if (this.server) {
-- if (this.server.listenerCount('resumeSession') > 0 ||
-- this.server.listenerCount('newSession') > 0) {
-- ssl.enableSessionCallbacks();
-- }
-- if (this.server.listenerCount('OCSPRequest') > 0)
-- ssl.enableCertCb();
-+ if (this.server &&
-+ (this.server.listenerCount('resumeSession') > 0 ||
-+ this.server.listenerCount('newSession') > 0 ||
-+ this.server.listenerCount('OCSPRequest') > 0)) {
-+ ssl.enableSessionCallbacks();
- }
- } else {
- ssl.onhandshakestart = function() {};
-@@ -463,7 +463,7 @@
- options.server._contexts.length)) {
- assert(typeof options.SNICallback === 'function');
- this._SNICallback = options.SNICallback;
-- ssl.enableCertCb();
-+ ssl.enableHelloParser();
- }
-
- if (process.features.tls_npn && options.NPNProtocols)
-diff -Naur node-v4.6.1.orig/src/env.h node-v4.6.1/src/env.h
---- node-v4.6.1.orig/src/env.h 2017-04-12 12:40:43.536229174 -0700
-+++ node-v4.6.1/src/env.h 2017-04-12 12:50:02.055009418 -0700
-@@ -57,7 +57,6 @@
- V(bytes_read_string, "bytesRead") \
- V(callback_string, "callback") \
- V(change_string, "change") \
-- V(oncertcb_string, "oncertcb") \
- V(onclose_string, "_onclose") \
- V(code_string, "code") \
- V(compare_string, "compare") \
-diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
---- node-v4.6.1.orig/src/node_crypto.cc 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.cc 2017-04-12 12:52:59.371161636 -0700
-@@ -160,8 +160,6 @@
- #endif
-
- template void SSLWrap<TLSWrap>::DestroySSL();
--template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg);
--template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg);
-
-
- static void crypto_threadid_cb(CRYPTO_THREADID* tid) {
-@@ -525,8 +523,7 @@
- for (int i = 0; i < sk_X509_num(extra_certs); i++) {
- X509* ca = sk_X509_value(extra_certs, i);
-
-- // NOTE: Increments reference count on `ca`
-- r = SSL_CTX_add1_chain_cert(ctx, ca);
-+ r = SSL_CTX_add_extra_chain_cert(ctx, ca);
-
- if (!r) {
- ret = 0;
-@@ -1051,7 +1048,7 @@
- void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) {
- SecureContext* wrap = Unwrap<SecureContext>(args.Holder());
-
-- wrap->ctx_->freelist_max_len = args[0]->Int32Value();
-+ // wrap->ctx_->freelist_max_len = args[0]->Int32Value();
- }
-
-
-@@ -1188,7 +1185,6 @@
- env->SetProtoMethod(t, "verifyError", VerifyError);
- env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher);
- env->SetProtoMethod(t, "endParser", EndParser);
-- env->SetProtoMethod(t, "certCbDone", CertCbDone);
- env->SetProtoMethod(t, "renegotiate", Renegotiate);
- env->SetProtoMethod(t, "shutdownSSL", Shutdown);
- env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket);
-@@ -2079,129 +2075,6 @@
-
-
- template <class Base>
--void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) {
-- cert_cb_ = cb;
-- cert_cb_arg_ = arg;
--}
--
--
--template <class Base>
--int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) {
-- Base* w = static_cast<Base*>(SSL_get_app_data(s));
--
-- if (!w->is_server())
-- return 1;
--
-- if (!w->is_waiting_cert_cb())
-- return 1;
--
-- if (w->cert_cb_running_)
-- return -1;
--
-- Environment* env = w->env();
-- HandleScope handle_scope(env->isolate());
-- Context::Scope context_scope(env->context());
-- w->cert_cb_running_ = true;
--
-- Local<Object> info = Object::New(env->isolate());
--
-- SSL_SESSION* sess = SSL_get_session(s);
-- if (sess != nullptr) {
-- if (sess->tlsext_hostname == nullptr) {
-- info->Set(env->servername_string(), String::Empty(env->isolate()));
-- } else {
-- Local<String> servername = OneByteString(env->isolate(),
-- sess->tlsext_hostname,
-- strlen(sess->tlsext_hostname));
-- info->Set(env->servername_string(), servername);
-- }
-- info->Set(env->tls_ticket_string(),
-- Boolean::New(env->isolate(), sess->tlsext_ticklen != 0));
-- }
--
-- bool ocsp = false;
--#ifdef NODE__HAVE_TLSEXT_STATUS_CB
-- ocsp = s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp;
--#endif
--
-- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp));
--
-- Local<Value> argv[] = { info };
-- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv);
--
-- if (!w->cert_cb_running_)
-- return 1;
--
-- // Performing async action, wait...
-- return -1;
--}
--
--
--template <class Base>
--void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) {
-- Base* w = Unwrap<Base>(args.Holder());
-- Environment* env = w->env();
--
-- CHECK(w->is_waiting_cert_cb() && w->cert_cb_running_);
--
-- Local<Object> object = w->object();
-- Local<Value> ctx = object->Get(env->sni_context_string());
-- Local<FunctionTemplate> cons = env->secure_context_constructor_template();
--
-- // Not an object, probably undefined or null
-- if (!ctx->IsObject())
-- goto fire_cb;
--
-- if (cons->HasInstance(ctx)) {
-- SecureContext* sc = Unwrap<SecureContext>(ctx.As<Object>());
-- w->sni_context_.Reset();
-- w->sni_context_.Reset(env->isolate(), ctx);
--
-- int rv;
--
-- // NOTE: reference count is not increased by this API methods
-- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_);
-- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_);
-- STACK_OF(X509)* chain;
--
-- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain);
-- if (rv)
-- rv = SSL_use_certificate(w->ssl_, x509);
-- if (rv)
-- rv = SSL_use_PrivateKey(w->ssl_, pkey);
-- if (rv && chain != nullptr)
-- rv = SSL_set1_chain(w->ssl_, chain);
-- if (rv)
-- rv = w->SetCACerts(sc);
-- if (!rv) {
-- unsigned long err = ERR_get_error(); // NOLINT(runtime/int)
-- if (!err)
-- return env->ThrowError("CertCbDone");
-- return ThrowCryptoError(env, err);
-- }
-- } else {
-- // Failure: incorrect SNI context object
-- Local<Value> err = Exception::TypeError(env->sni_context_err_string());
-- w->MakeCallback(env->onerror_string(), 1, &err);
-- return;
-- }
--
-- fire_cb:
-- CertCb cb;
-- void* arg;
--
-- cb = w->cert_cb_;
-- arg = w->cert_cb_arg_;
--
-- w->cert_cb_running_ = false;
-- w->cert_cb_ = nullptr;
-- w->cert_cb_arg_ = nullptr;
--
-- cb(arg);
--}
--
--
--template <class Base>
- void SSLWrap<Base>::SSLGetter(Local<String> property,
- const PropertyCallbackInfo<Value>& info) {
- SSL* ssl = Unwrap<Base>(info.This())->ssl_;
-@@ -2232,10 +2105,6 @@
-
- template <class Base>
- int SSLWrap<Base>::SetCACerts(SecureContext* sc) {
-- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_));
-- if (err != 1)
-- return err;
--
- STACK_OF(X509_NAME)* list = SSL_dup_CA_list(
- SSL_CTX_get_client_CA_list(sc->ctx_));
-
-@@ -2329,10 +2198,6 @@
- DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func);
- return 0;
-
-- } else if (err == SSL_ERROR_WANT_X509_LOOKUP) {
-- DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func);
-- return 0;
--
- } else if (err == SSL_ERROR_ZERO_RETURN) {
- HandleScope scope(ssl_env()->isolate());
-
-@@ -2513,7 +2378,7 @@
- SSL* ssl = static_cast<SSL*>(
- X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
-
-- if (SSL_is_server(ssl))
-+ if (ssl->server)
- return 1;
-
- // Client needs to check if the server cert is listed in the
-@@ -2540,7 +2405,7 @@
-
- // Call the SNI callback and use its return value as context
- if (!conn->sniObject_.IsEmpty()) {
-- conn->sni_context_.Reset();
-+ conn->sniContext_.Reset();
-
- Local<Object> sni_obj = PersistentToLocal(env->isolate(),
- conn->sniObject_);
-@@ -2556,7 +2421,7 @@
- Local<FunctionTemplate> secure_context_constructor_template =
- env->secure_context_constructor_template();
- if (secure_context_constructor_template->HasInstance(ret)) {
-- conn->sni_context_.Reset(env->isolate(), ret);
-+ conn->sniContext_.Reset(env->isolate(), ret);
- SecureContext* sc = Unwrap<SecureContext>(ret.As<Object>());
- conn->SetSNIContext(sc);
- } else {
-@@ -2594,8 +2459,6 @@
-
- InitNPN(sc);
-
-- SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn);
--
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- if (is_server) {
- SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_);
-diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
---- node-v4.6.1.orig/src/node_crypto.h 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.h 2017-04-12 12:55:08.867710808 -0700
-@@ -179,10 +179,7 @@
- kind_(kind),
- next_sess_(nullptr),
- session_callbacks_(false),
-- new_session_wait_(false),
-- cert_cb_(nullptr),
-- cert_cb_arg_(nullptr),
-- cert_cb_running_(false) {
-+ new_session_wait_(false) {
- ssl_ = SSL_new(sc->ctx_);
- env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
- CHECK_NE(ssl_, nullptr);
-@@ -199,9 +196,6 @@
- npn_protos_.Reset();
- selected_npn_proto_.Reset();
- #endif
--#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-- sni_context_.Reset();
--#endif
- #ifdef NODE__HAVE_TLSEXT_STATUS_CB
- ocsp_response_.Reset();
- #endif // NODE__HAVE_TLSEXT_STATUS_CB
-@@ -212,11 +206,8 @@
- inline bool is_server() const { return kind_ == kServer; }
- inline bool is_client() const { return kind_ == kClient; }
- inline bool is_waiting_new_session() const { return new_session_wait_; }
-- inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; }
-
- protected:
-- typedef void (*CertCb)(void* arg);
--
- // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
- // some for buffers.
- // NOTE: Actually it is much more than this
-@@ -244,7 +235,6 @@
- static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
-- static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args);
-@@ -273,12 +263,10 @@
- void* arg);
- #endif // OPENSSL_NPN_NEGOTIATED
- static int TLSExtStatusCallback(SSL* s, void* arg);
-- static int SSLCertCallback(SSL* s, void* arg);
- static void SSLGetter(v8::Local<v8::String> property,
- const v8::PropertyCallbackInfo<v8::Value>& info);
-
- void DestroySSL();
-- void WaitForCertCb(CertCb cb, void* arg);
- void SetSNIContext(SecureContext* sc);
- int SetCACerts(SecureContext* sc);
-
-@@ -293,11 +281,6 @@
- bool session_callbacks_;
- bool new_session_wait_;
-
-- // SSL_set_cert_cb
-- CertCb cert_cb_;
-- void* cert_cb_arg_;
-- bool cert_cb_running_;
--
- ClientHelloParser hello_parser_;
-
- #ifdef NODE__HAVE_TLSEXT_STATUS_CB
-@@ -309,10 +292,6 @@
- v8::Persistent<v8::Value> selected_npn_proto_;
- #endif // OPENSSL_NPN_NEGOTIATED
-
--#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-- v8::Persistent<v8::Value> sni_context_;
--#endif
--
- friend class SecureContext;
- };
-
-@@ -324,6 +303,7 @@
- ~Connection() override {
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- sniObject_.Reset();
-+ sniContext_.Reset();
- servername_.Reset();
- #endif
- }
-@@ -338,6 +318,7 @@
-
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- v8::Persistent<v8::Object> sniObject_;
-+ v8::Persistent<v8::Value> sniContext_;
- v8::Persistent<v8::String> servername_;
- #endif
-
-diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc
---- node-v4.6.1.orig/src/tls_wrap.cc 2017-04-12 12:40:43.557229429 -0700
-+++ node-v4.6.1/src/tls_wrap.cc 2017-04-12 13:36:49.323009154 -0700
-@@ -141,8 +141,6 @@
-
- InitNPN(sc_);
-
-- SSL_set_cert_cb(ssl_, SSLWrap<TLSWrap>::SSLCertCallback, this);
--
- if (is_server()) {
- SSL_set_accept_state(ssl_);
- } else if (is_client()) {
-@@ -353,7 +351,6 @@
- case SSL_ERROR_NONE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
-- case SSL_ERROR_WANT_X509_LOOKUP:
- break;
- case SSL_ERROR_ZERO_RETURN:
- return scope.Escape(env()->zero_return_string());
-@@ -769,6 +766,11 @@
- "EnableSessionCallbacks after destroySSL");
- }
- wrap->enable_session_callbacks();
-+ EnableHelloParser(args);
-+}
-+
-+void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) {
-+ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder());
- NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength);
- wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello,
- OnClientHelloParseEnd,
-@@ -793,12 +795,6 @@
- }
-
-
--void TLSWrap::EnableCertCb(const FunctionCallbackInfo<Value>& args) {
-- TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder());
-- wrap->WaitForCertCb(OnClientHelloParseEnd, wrap);
--}
--
--
- void TLSWrap::OnClientHelloParseEnd(void* arg) {
- TLSWrap* c = static_cast<TLSWrap*>(arg);
- c->Cycle();
-@@ -896,8 +892,8 @@
- env->SetProtoMethod(t, "start", Start);
- env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode);
- env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks);
-+ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser);
- env->SetProtoMethod(t, "destroySSL", DestroySSL);
-- env->SetProtoMethod(t, "enableCertCb", EnableCertCb);
-
- StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev);
- SSLWrap<TLSWrap>::AddMethods(env, t);
-diff -Naur node-v4.6.1.orig/src/tls_wrap.h node-v4.6.1/src/tls_wrap.h
---- node-v4.6.1.orig/src/tls_wrap.h 2017-04-12 12:40:43.558229441 -0700
-+++ node-v4.6.1/src/tls_wrap.h 2017-04-12 13:35:51.214213644 -0700
-@@ -132,7 +132,7 @@
- static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void EnableSessionCallbacks(
- const v8::FunctionCallbackInfo<v8::Value>& args);
-- static void EnableCertCb(
-+ static void EnableHelloParser(
- const v8::FunctionCallbackInfo<v8::Value>& args);
- static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args);
-
-@@ -160,6 +160,10 @@
- // If true - delivered EOF to the js-land, either after `close_notify`, or
- // after the `UV_EOF` on socket.
- bool eof_;
-+
-+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-+ v8::Persistent<v8::Value> sni_context_;
-+#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- };
-
- } // namespace node
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js
---- node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:40:43.865233168 -0700
-+++ node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:58:14.901936343 -0700
-@@ -53,7 +53,9 @@
- port: undefined,
- rejectUnauthorized: true
- },
-- errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
-+ // LibreSSL returns CERT_UNTRUSTED in this case, OpenSSL UNABLE_TO_GET_ISSUER_CERT_LOCALLY.
-+ errorCode: 'CERT_UNTRUSTED'
-+ // errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
- }
- ];
-
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js node-v4.6.1/test/parallel/test-tls-sni-server-client.js
---- node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js 2017-04-12 12:40:43.878233326 -0700
-+++ node-v4.6.1/test/parallel/test-tls-sni-server-client.js 2017-04-12 13:00:18.804418594 -0700
-@@ -36,39 +36,37 @@
- 'asterisk.test.com': {
- key: loadPEM('agent3-key'),
- cert: loadPEM('agent3-cert')
-- },
-- 'chain.example.com': {
-- key: loadPEM('agent6-key'),
-- // NOTE: Contains ca3 chain cert
-- cert: loadPEM('agent6-cert')
- }
- };
-
- var clientsOptions = [{
- port: undefined,
-+ key: loadPEM('agent1-key'),
-+ cert: loadPEM('agent1-cert'),
- ca: [loadPEM('ca1-cert')],
- servername: 'a.example.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent2-key'),
-+ cert: loadPEM('agent2-cert'),
- ca: [loadPEM('ca2-cert')],
- servername: 'b.test.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent2-key'),
-+ cert: loadPEM('agent2-cert'),
- ca: [loadPEM('ca2-cert')],
- servername: 'a.b.test.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent3-key'),
-+ cert: loadPEM('agent3-cert'),
- ca: [loadPEM('ca1-cert')],
- servername: 'c.wrong.com',
- rejectUnauthorized: false
--}, {
-- port: undefined,
-- ca: [loadPEM('ca1-cert')],
-- servername: 'chain.example.com',
-- rejectUnauthorized: false
- }];
-
- const serverResults = [];
-@@ -80,7 +78,6 @@
-
- server.addContext('a.example.com', SNIContexts['a.example.com']);
- server.addContext('*.test.com', SNIContexts['asterisk.test.com']);
--server.addContext('chain.example.com', SNIContexts['chain.example.com']);
-
- server.listen(0, startTest);
-
-@@ -109,8 +106,7 @@
-
- process.on('exit', function() {
- assert.deepEqual(serverResults, [
-- 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com',
-- 'chain.example.com'
-+ 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com'
- ]);
-- assert.deepEqual(clientResults, [true, true, false, false, true]);
-+ assert.deepEqual(clientResults, [true, true, false, false]);
- });
diff --git a/net-libs/nodejs/files/nodejs-8.1.1-libressl.patch b/net-libs/nodejs/files/nodejs-8.1.1-libressl.patch
deleted file mode 100644
index 31493be..0000000
--- a/net-libs/nodejs/files/nodejs-8.1.1-libressl.patch
+++ /dev/null
@@ -1,697 +0,0 @@
-diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js
---- node-v4.6.1.orig/lib/_tls_wrap.js 2017-04-12 12:40:43.517228944 -0700
-+++ node-v4.6.1/lib/_tls_wrap.js 2017-04-12 12:49:51.155877106 -0700
-@@ -165,30 +165,33 @@
- if (err)
- return self.destroy(err);
-
-- self._handle.endParser();
-- });
--}
--
--
--function oncertcb(info) {
-- var self = this;
-- var servername = info.servername;
--
-- loadSNI(self, servername, function(err, ctx) {
-- if (err)
-- return self.destroy(err);
-- requestOCSP(self, info, ctx, function(err) {
-+ // Servername came from SSL session
-+ // NOTE: TLS Session ticket doesn't include servername information
-+ //
-+ // Another note, From RFC3546:
-+ //
-+ // If, on the other hand, the older
-+ // session is resumed, then the server MUST ignore extensions appearing
-+ // in the client hello, and send a server hello containing no
-+ // extensions; in this case the extension functionality negotiated
-+ // during the original session initiation is applied to the resumed
-+ // session.
-+ //
-+ // Therefore we should account session loading when dealing with servername
-+ var servername = session && session.servername || hello.servername;
-+ loadSNI(self, servername, function(err, ctx) {
- if (err)
- return self.destroy(err);
-
-- if (!self._handle)
-- return self.destroy(new Error('Socket is closed'));
-+ requestOCSP(self, info, ctx, function(err) {
-+ if (err)
-+ return self.destroy(err);
-+
-+ if (!self._handle)
-+ return self.destroy(new Error('Socket is closed'));
-
-- try {
-- self._handle.certCbDone();
-- } catch (e) {
-- self.destroy(e);
-- }
-+ self._handle.endParser();
-+ });
- });
- });
- }
-@@ -410,18 +413,15 @@
- ssl.onhandshakestart = () => onhandshakestart.call(this);
- ssl.onhandshakedone = () => onhandshakedone.call(this);
- ssl.onclienthello = (hello) => onclienthello.call(this, hello);
-- ssl.oncertcb = (info) => oncertcb.call(this, info);
- ssl.onnewsession = (key, session) => onnewsession.call(this, key, session);
- ssl.lastHandshakeTime = 0;
- ssl.handshakes = 0;
-
-- if (this.server) {
-- if (this.server.listenerCount('resumeSession') > 0 ||
-- this.server.listenerCount('newSession') > 0) {
-- ssl.enableSessionCallbacks();
-- }
-- if (this.server.listenerCount('OCSPRequest') > 0)
-- ssl.enableCertCb();
-+ if (this.server &&
-+ (this.server.listenerCount('resumeSession') > 0 ||
-+ this.server.listenerCount('newSession') > 0 ||
-+ this.server.listenerCount('OCSPRequest') > 0)) {
-+ ssl.enableSessionCallbacks();
- }
- } else {
- ssl.onhandshakestart = function() {};
-@@ -463,7 +463,7 @@
- options.server._contexts.length)) {
- assert(typeof options.SNICallback === 'function');
- this._SNICallback = options.SNICallback;
-- ssl.enableCertCb();
-+ ssl.enableHelloParser();
- }
-
- if (process.features.tls_npn && options.NPNProtocols)
-diff -Naur node-v4.6.1.orig/src/env.h node-v4.6.1/src/env.h
---- node-v4.6.1.orig/src/env.h 2017-04-12 12:40:43.536229174 -0700
-+++ node-v4.6.1/src/env.h 2017-04-12 12:50:02.055009418 -0700
-@@ -57,7 +57,6 @@
- V(bytes_read_string, "bytesRead") \
- V(callback_string, "callback") \
- V(change_string, "change") \
-- V(oncertcb_string, "oncertcb") \
- V(onclose_string, "_onclose") \
- V(code_string, "code") \
- V(compare_string, "compare") \
-diff -Naur node-v4.6.1.orig/src/node.cc node-v4.6.1/src/node.cc
---- node-v4.6.1.orig/src/node.cc 2017-06-08 05:31:34.000000000 -0500
-+++ node-v4.6.1/src/node.cc 2017-06-30 10:26:59.945166636 -0500
-@@ -202,7 +202,7 @@
- false;
- #endif
-
--# if NODE_FIPS_MODE
-+# if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- // used by crypto module
- bool enable_fips_crypto = false;
- bool force_fips_crypto = false;
-@@ -3676,7 +3676,7 @@
- " (default)"
- #endif
- "\n"
--#if NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- " --enable-fips enable FIPS crypto at startup\n"
- " --force-fips force FIPS crypto (cannot be disabled)\n"
- #endif /* NODE_FIPS_MODE */
-@@ -3926,7 +3926,7 @@
- } else if (strncmp(arg, "--use-bundled-ca", 16) == 0) {
- use_bundled_ca = true;
- ssl_openssl_cert_store = false;
--#if NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- } else if (strcmp(arg, "--enable-fips") == 0) {
- enable_fips_crypto = true;
- } else if (strcmp(arg, "--force-fips") == 0) {
-@@ -4624,7 +4624,7 @@
- if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs))
- crypto::UseExtraCaCerts(extra_ca_certs);
- }
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- // In the case of FIPS builds we should make sure
- // the random source is properly initialized first.
- OPENSSL_init();
-diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
---- node-v4.6.1.orig/src/node_crypto.cc 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.cc 2017-04-12 12:52:59.371161636 -0700
-@@ -160,8 +160,6 @@
- #endif
-
- template void SSLWrap<TLSWrap>::DestroySSL();
--template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg);
--template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg);
-
-
- static void crypto_threadid_cb(CRYPTO_THREADID* tid) {
-@@ -525,8 +523,7 @@
- for (int i = 0; i < sk_X509_num(extra_certs); i++) {
- X509* ca = sk_X509_value(extra_certs, i);
-
-- // NOTE: Increments reference count on `ca`
-- r = SSL_CTX_add1_chain_cert(ctx, ca);
-+ r = SSL_CTX_add_extra_chain_cert(ctx, ca);
-
- if (!r) {
- ret = 0;
-@@ -717,7 +717,7 @@
- }
-
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)) || defined(LIBRESSL_VERSION_NUMBER)
- // This section contains OpenSSL 1.1.0 functions reimplemented for OpenSSL
- // 1.0.2 so that the following code can be written without lots of #if lines.
-
-@@ -725,11 +725,12 @@
- CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
- return 1;
- }
--
-+#if !defined(LIBRESSL_VERSION_NUMBER)
- static int X509_up_ref(X509* cert) {
- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
- return 1;
- }
-+#endif
- #endif // OPENSSL_VERSION_NUMBER < 0x10100000L && !OPENSSL_IS_BORINGSSL
-
-
-@@ -1194,7 +1194,7 @@
- SecureContext* wrap;
- ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
-
-- wrap->ctx_->freelist_max_len = args[0]->Int32Value();
-+ //wrap->ctx_->freelist_max_len = args[0]->Int32Value();
- #endif
- }
-
-@@ -1188,7 +1185,6 @@
- env->SetProtoMethod(t, "verifyError", VerifyError);
- env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher);
- env->SetProtoMethod(t, "endParser", EndParser);
-- env->SetProtoMethod(t, "certCbDone", CertCbDone);
- env->SetProtoMethod(t, "renegotiate", Renegotiate);
- env->SetProtoMethod(t, "shutdownSSL", Shutdown);
- env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket);
-@@ -2411,126 +2411,6 @@
-
-
- template <class Base>
--void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) {
-- cert_cb_ = cb;
-- cert_cb_arg_ = arg;
--}
--
--
--template <class Base>
--int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) {
-- Base* w = static_cast<Base*>(SSL_get_app_data(s));
--
-- if (!w->is_server())
-- return 1;
--
-- if (!w->is_waiting_cert_cb())
-- return 1;
--
-- if (w->cert_cb_running_)
-- return -1;
--
-- Environment* env = w->env();
-- HandleScope handle_scope(env->isolate());
-- Context::Scope context_scope(env->context());
-- w->cert_cb_running_ = true;
--
-- Local<Object> info = Object::New(env->isolate());
--
-- const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-- if (servername == nullptr) {
-- info->Set(env->servername_string(), String::Empty(env->isolate()));
-- } else {
-- Local<String> str = OneByteString(env->isolate(), servername,
-- strlen(servername));
-- info->Set(env->servername_string(), str);
-- }
--
-- bool ocsp = false;
--#ifdef NODE__HAVE_TLSEXT_STATUS_CB
-- ocsp = s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp;
--#endif
--
-- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp));
--
-- Local<Value> argv[] = { info };
-- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv);
--
-- if (!w->cert_cb_running_)
-- return 1;
--
-- // Performing async action, wait...
-- return -1;
--}
--
--
--template <class Base>
--void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) {
-- Base* w;
-- ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
-- Environment* env = w->env();
--
-- CHECK(w->is_waiting_cert_cb() && w->cert_cb_running_);
--
-- Local<Object> object = w->object();
-- Local<Value> ctx = object->Get(env->sni_context_string());
-- Local<FunctionTemplate> cons = env->secure_context_constructor_template();
--
-- // Not an object, probably undefined or null
-- if (!ctx->IsObject())
-- goto fire_cb;
--
-- if (cons->HasInstance(ctx)) {
-- SecureContext* sc;
-- ASSIGN_OR_RETURN_UNWRAP(&sc, ctx.As<Object>());
-- w->sni_context_.Reset();
-- w->sni_context_.Reset(env->isolate(), ctx);
--
-- int rv;
--
-- // NOTE: reference count is not increased by this API methods
-- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_);
-- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_);
-- STACK_OF(X509)* chain;
--
-- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain);
-- if (rv)
-- rv = SSL_use_certificate(w->ssl_, x509);
-- if (rv)
-- rv = SSL_use_PrivateKey(w->ssl_, pkey);
-- if (rv && chain != nullptr)
-- rv = SSL_set1_chain(w->ssl_, chain);
-- if (rv)
-- rv = w->SetCACerts(sc);
-- if (!rv) {
-- unsigned long err = ERR_get_error(); // NOLINT(runtime/int)
-- if (!err)
-- return env->ThrowError("CertCbDone");
-- return ThrowCryptoError(env, err);
-- }
-- } else {
-- // Failure: incorrect SNI context object
-- Local<Value> err = Exception::TypeError(env->sni_context_err_string());
-- w->MakeCallback(env->onerror_string(), 1, &err);
-- return;
-- }
--
-- fire_cb:
-- CertCb cb;
-- void* arg;
--
-- cb = w->cert_cb_;
-- arg = w->cert_cb_arg_;
--
-- w->cert_cb_running_ = false;
-- w->cert_cb_ = nullptr;
-- w->cert_cb_arg_ = nullptr;
--
-- cb(arg);
--}
--
--
--template <class Base>
- void SSLWrap<Base>::SSLGetter(Local<String> property,
- const PropertyCallbackInfo<Value>& info) {
- Base* base;
-@@ -2232,10 +2105,6 @@
-
- template <class Base>
- int SSLWrap<Base>::SetCACerts(SecureContext* sc) {
-- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_));
-- if (err != 1)
-- return err;
--
- STACK_OF(X509_NAME)* list = SSL_dup_CA_list(
- SSL_CTX_get_client_CA_list(sc->ctx_));
-
-@@ -2329,10 +2198,6 @@
- DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func);
- return 0;
-
-- } else if (err == SSL_ERROR_WANT_X509_LOOKUP) {
-- DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func);
-- return 0;
--
- } else if (err == SSL_ERROR_ZERO_RETURN) {
- HandleScope scope(ssl_env()->isolate());
-
-@@ -2875,7 +2755,8 @@
- SSL* ssl = static_cast<SSL*>(
- X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
-
-- if (SSL_is_server(ssl))
-+ //if (SSL_is_server(ssl))
-+ if(ssl->server)
- return CHECK_OK;
-
- // Client needs to check if the server cert is listed in the
-@@ -2540,7 +2405,7 @@
-
- // Call the SNI callback and use its return value as context
- if (!conn->sniObject_.IsEmpty()) {
-- conn->sni_context_.Reset();
-+ conn->sniContext_.Reset();
-
- Local<Object> sni_obj = PersistentToLocal(env->isolate(),
- conn->sniObject_);
-@@ -2918,7 +2799,7 @@
- Local<FunctionTemplate> secure_context_constructor_template =
- env->secure_context_constructor_template();
- if (secure_context_constructor_template->HasInstance(ret)) {
-- conn->sni_context_.Reset(env->isolate(), ret);
-+ conn->sniContext_.Reset(env->isolate(), ret);
- SecureContext* sc;
- ASSIGN_OR_RETURN_UNWRAP(&sc, ret.As<Object>(), SSL_TLSEXT_ERR_NOACK);
- conn->SetSNIContext(sc);
-@@ -2594,8 +2459,6 @@
-
- InitNPN(sc);
-
-- SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn);
--
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- if (is_server) {
- SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_);
-@@ -3335,7 +3335,7 @@
- int key_buf_len) {
- HandleScope scope(env()->isolate());
-
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- if (FIPS_mode()) {
- return env()->ThrowError(
- "crypto.createCipher() is not supported in FIPS mode.");
-@@ -4185,7 +4185,7 @@
- if (pkey == nullptr || 0 != ERR_peek_error())
- goto exit;
-
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- /* Validate DSA2 parameters from FIPS 186-4 */
- if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) {
- size_t L = BN_num_bits(pkey->pkey.dsa->p);
-@@ -6132,7 +6132,7 @@
- CRYPTO_set_locking_callback(crypto_lock_cb);
- CRYPTO_THREADID_set_callback(crypto_threadid_cb);
-
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- /* Override FIPS settings in cnf file, if needed. */
- unsigned long err = 0; // NOLINT(runtime/int)
- if (enable_fips_crypto || force_fips_crypto) {
-@@ -6201,16 +6201,20 @@
- #endif // !OPENSSL_NO_ENGINE
-
- void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- if (FIPS_mode()) {
- args.GetReturnValue().Set(1);
- } else {
- args.GetReturnValue().Set(0);
- }
-+#else
-+ args.GetReturnValue().Set(0);
-+#endif
- }
-
- void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
- Environment* env = Environment::GetCurrent(args);
--#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- bool mode = args[0]->BooleanValue();
- if (force_fips_crypto) {
- return env->ThrowError(
-diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
---- node-v4.6.1.orig/src/node_crypto.h 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.h 2017-04-12 12:55:08.867710808 -0700
-@@ -179,10 +179,7 @@
- kind_(kind),
- next_sess_(nullptr),
- session_callbacks_(false),
-- new_session_wait_(false),
-- cert_cb_(nullptr),
-- cert_cb_arg_(nullptr),
-- cert_cb_running_(false) {
-+ new_session_wait_(false) {
- ssl_ = SSL_new(sc->ctx_);
- env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
- CHECK_NE(ssl_, nullptr);
-@@ -200,9 +200,6 @@
- next_sess_ = nullptr;
- }
-
--#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-- sni_context_.Reset();
--#endif
-
- #ifdef NODE__HAVE_TLSEXT_STATUS_CB
- ocsp_response_.Reset();
-@@ -212,11 +206,8 @@
- inline bool is_server() const { return kind_ == kServer; }
- inline bool is_client() const { return kind_ == kClient; }
- inline bool is_waiting_new_session() const { return new_session_wait_; }
-- inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; }
-
- protected:
-- typedef void (*CertCb)(void* arg);
--
- // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
- // some for buffers.
- // NOTE: Actually it is much more than this
-@@ -244,7 +235,6 @@
- static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
-- static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args);
-@@ -273,12 +263,10 @@
- void* arg);
- #endif // OPENSSL_NPN_NEGOTIATED
- static int TLSExtStatusCallback(SSL* s, void* arg);
-- static int SSLCertCallback(SSL* s, void* arg);
- static void SSLGetter(v8::Local<v8::String> property,
- const v8::PropertyCallbackInfo<v8::Value>& info);
-
- void DestroySSL();
-- void WaitForCertCb(CertCb cb, void* arg);
- void SetSNIContext(SecureContext* sc);
- int SetCACerts(SecureContext* sc);
-
-@@ -293,11 +281,6 @@
- bool session_callbacks_;
- bool new_session_wait_;
-
-- // SSL_set_cert_cb
-- CertCb cert_cb_;
-- void* cert_cb_arg_;
-- bool cert_cb_running_;
--
- ClientHelloParser hello_parser_;
-
- #ifdef NODE__HAVE_TLSEXT_STATUS_CB
-@@ -309,10 +292,6 @@
- v8::Persistent<v8::Value> selected_npn_proto_;
- #endif // OPENSSL_NPN_NEGOTIATED
-
--#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-- v8::Persistent<v8::Value> sni_context_;
--#endif
--
- friend class SecureContext;
- };
-
-@@ -324,6 +303,7 @@
- ~Connection() override {
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- sniObject_.Reset();
-+ sniContext_.Reset();
- servername_.Reset();
- #endif
- }
-@@ -338,6 +318,7 @@
-
- #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- v8::Persistent<v8::Object> sniObject_;
-+ v8::Persistent<v8::Value> sniContext_;
- v8::Persistent<v8::String> servername_;
- #endif
-
-diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc
---- node-v4.6.1.orig/src/tls_wrap.cc 2017-04-12 12:40:43.557229429 -0700
-+++ node-v4.6.1/src/tls_wrap.cc 2017-04-12 13:36:49.323009154 -0700
-@@ -141,8 +141,6 @@
-
- InitNPN(sc_);
-
-- SSL_set_cert_cb(ssl_, SSLWrap<TLSWrap>::SSLCertCallback, this);
--
- if (is_server()) {
- SSL_set_accept_state(ssl_);
- } else if (is_client()) {
-@@ -353,7 +351,6 @@
- case SSL_ERROR_NONE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
-- case SSL_ERROR_WANT_X509_LOOKUP:
- break;
- case SSL_ERROR_ZERO_RETURN:
- return scope.Escape(env()->zero_return_string());
-@@ -769,6 +766,11 @@
- "EnableSessionCallbacks after destroySSL");
- }
- wrap->enable_session_callbacks();
-+ EnableHelloParser(args);
-+}
-+
-+void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) {
-+ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder());
- NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength);
- wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello,
- OnClientHelloParseEnd,
-@@ -833,13 +833,6 @@
- }
-
-
--void TLSWrap::EnableCertCb(const FunctionCallbackInfo<Value>& args) {
-- TLSWrap* wrap;
-- ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
-- wrap->WaitForCertCb(OnClientHelloParseEnd, wrap);
--}
--
--
- void TLSWrap::OnClientHelloParseEnd(void* arg) {
- TLSWrap* c = static_cast<TLSWrap*>(arg);
- c->Cycle();
-@@ -896,8 +892,8 @@
- env->SetProtoMethod(t, "start", Start);
- env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode);
- env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks);
-+ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser);
- env->SetProtoMethod(t, "destroySSL", DestroySSL);
-- env->SetProtoMethod(t, "enableCertCb", EnableCertCb);
-
- StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev);
- SSLWrap<TLSWrap>::AddMethods(env, t);
-diff -Naur node-v4.6.1.orig/src/tls_wrap.h node-v4.6.1/src/tls_wrap.h
---- node-v4.6.1.orig/src/tls_wrap.h 2017-04-12 12:40:43.558229441 -0700
-+++ node-v4.6.1/src/tls_wrap.h 2017-04-12 13:35:51.214213644 -0700
-@@ -132,7 +132,7 @@
- static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void EnableSessionCallbacks(
- const v8::FunctionCallbackInfo<v8::Value>& args);
-- static void EnableCertCb(
-+ static void EnableHelloParser(
- const v8::FunctionCallbackInfo<v8::Value>& args);
- static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args);
-
-@@ -160,6 +160,10 @@
- // If true - delivered EOF to the js-land, either after `close_notify`, or
- // after the `UV_EOF` on socket.
- bool eof_;
-+
-+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-+ v8::Persistent<v8::Value> sni_context_;
-+#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- };
-
- } // namespace node
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js
---- node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:40:43.865233168 -0700
-+++ node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:58:14.901936343 -0700
-@@ -53,7 +53,9 @@
- port: undefined,
- rejectUnauthorized: true
- },
-- errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
-+ // LibreSSL returns CERT_UNTRUSTED in this case, OpenSSL UNABLE_TO_GET_ISSUER_CERT_LOCALLY.
-+ errorCode: 'CERT_UNTRUSTED'
-+ // errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
- }
- ];
-
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js node-v4.6.1/test/parallel/test-tls-sni-server-client.js
---- node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js 2017-04-12 12:40:43.878233326 -0700
-+++ node-v4.6.1/test/parallel/test-tls-sni-server-client.js 2017-04-12 13:00:18.804418594 -0700
-@@ -56,39 +56,37 @@
- 'asterisk.test.com': {
- key: loadPEM('agent3-key'),
- cert: loadPEM('agent3-cert')
-- },
-- 'chain.example.com': {
-- key: loadPEM('agent6-key'),
-- // NOTE: Contains ca3 chain cert
-- cert: loadPEM('agent6-cert')
- }
- };
-
- const clientsOptions = [{
- port: undefined,
-+ key: loadPEM('agent1-key'),
-+ cert: loadPEM('agent1-cert'),
- ca: [loadPEM('ca1-cert')],
- servername: 'a.example.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent2-key'),
-+ cert: loadPEM('agent2-cert'),
- ca: [loadPEM('ca2-cert')],
- servername: 'b.test.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent2-key'),
-+ cert: loadPEM('agent2-cert'),
- ca: [loadPEM('ca2-cert')],
- servername: 'a.b.test.com',
- rejectUnauthorized: false
- }, {
- port: undefined,
-+ key: loadPEM('agent3-key'),
-+ cert: loadPEM('agent3-cert'),
- ca: [loadPEM('ca1-cert')],
- servername: 'c.wrong.com',
- rejectUnauthorized: false
--}, {
-- port: undefined,
-- ca: [loadPEM('ca1-cert')],
-- servername: 'chain.example.com',
-- rejectUnauthorized: false
- }];
-
- const serverResults = [];
-@@ -80,7 +78,6 @@
-
- server.addContext('a.example.com', SNIContexts['a.example.com']);
- server.addContext('*.test.com', SNIContexts['asterisk.test.com']);
--server.addContext('chain.example.com', SNIContexts['chain.example.com']);
-
- server.listen(0, startTest);
-
-@@ -128,8 +126,7 @@
-
- process.on('exit', function() {
- assert.deepStrictEqual(serverResults, [
-- 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com',
-- 'chain.example.com'
-+ 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com'
- ]);
-- assert.deepStrictEqual(clientResults, [true, true, false, false, true]);
-+ assert.deepStrictEqual(clientResults, [true, true, false, false]);
- });
diff --git a/net-libs/nodejs/files/nodejs-8.1.0-libressl.patch b/net-libs/nodejs/files/nodejs-8.11.1-libressl.patch
index 31493be..0fe414b 100644
--- a/net-libs/nodejs/files/nodejs-8.1.0-libressl.patch
+++ b/net-libs/nodejs/files/nodejs-8.11.1-libressl.patch
@@ -1,7 +1,7 @@
-diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js
---- node-v4.6.1.orig/lib/_tls_wrap.js 2017-04-12 12:40:43.517228944 -0700
-+++ node-v4.6.1/lib/_tls_wrap.js 2017-04-12 12:49:51.155877106 -0700
-@@ -165,30 +165,33 @@
+diff -Naur node-v8.11.1.orig/lib/_tls_wrap.js node-v8.11.1/lib/_tls_wrap.js
+--- node-v8.11.1.orig/lib/_tls_wrap.js 2018-07-18 17:37:43.066250635 +0800
++++ node-v8.11.1/lib/_tls_wrap.js 2018-07-18 17:38:37.198012271 +0800
+@@ -181,30 +181,33 @@
if (err)
return self.destroy(err);
@@ -41,21 +41,21 @@ diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js
+ requestOCSP(self, info, ctx, function(err) {
+ if (err)
+ return self.destroy(err);
-+
-+ if (!self._handle)
-+ return self.destroy(new Error('Socket is closed'));
- try {
- self._handle.certCbDone();
- } catch (e) {
- self.destroy(e);
- }
++ if (!self._handle)
++ return self.destroy(new Error('Socket is closed'));
++
+ self._handle.endParser();
+ });
});
});
}
-@@ -410,18 +413,15 @@
+@@ -451,18 +454,15 @@
ssl.onhandshakestart = () => onhandshakestart.call(this);
ssl.onhandshakedone = () => onhandshakedone.call(this);
ssl.onclienthello = (hello) => onclienthello.call(this, hello);
@@ -79,7 +79,7 @@ diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js
}
} else {
ssl.onhandshakestart = function() {};
-@@ -463,7 +463,7 @@
+@@ -506,7 +506,7 @@
options.server._contexts.length)) {
assert(typeof options.SNICallback === 'function');
this._SNICallback = options.SNICallback;
@@ -88,69 +88,127 @@ diff -Naur node-v4.6.1.orig/lib/_tls_wrap.js node-v4.6.1/lib/_tls_wrap.js
}
if (process.features.tls_npn && options.NPNProtocols)
-diff -Naur node-v4.6.1.orig/src/env.h node-v4.6.1/src/env.h
---- node-v4.6.1.orig/src/env.h 2017-04-12 12:40:43.536229174 -0700
-+++ node-v4.6.1/src/env.h 2017-04-12 12:50:02.055009418 -0700
-@@ -57,7 +57,6 @@
- V(bytes_read_string, "bytesRead") \
- V(callback_string, "callback") \
- V(change_string, "change") \
+diff -Naur node-v8.11.1.orig/src/env.h node-v8.11.1/src/env.h
+--- node-v8.11.1.orig/src/env.h 2018-07-18 17:37:43.066250635 +0800
++++ node-v8.11.1/src/env.h 2018-07-18 17:38:37.198012271 +0800
+@@ -113,7 +113,6 @@
+ V(channel_string, "channel") \
+ V(chunks_sent_since_last_write_string, "chunksSentSinceLastWrite") \
+ V(constants_string, "constants") \
- V(oncertcb_string, "oncertcb") \
V(onclose_string, "_onclose") \
V(code_string, "code") \
- V(compare_string, "compare") \
-diff -Naur node-v4.6.1.orig/src/node.cc node-v4.6.1/src/node.cc
---- node-v4.6.1.orig/src/node.cc 2017-06-08 05:31:34.000000000 -0500
-+++ node-v4.6.1/src/node.cc 2017-06-30 10:26:59.945166636 -0500
-@@ -202,7 +202,7 @@
+ V(configurable_string, "configurable") \
+diff -Naur node-v8.11.1.orig/src/node.cc node-v8.11.1/src/node.cc
+--- node-v8.11.1.orig/src/node.cc 2018-07-18 17:37:43.066250635 +0800
++++ node-v8.11.1/src/node.cc 2018-07-18 17:38:37.198012271 +0800
+@@ -214,7 +214,7 @@
false;
#endif
-# if NODE_FIPS_MODE
-+# if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
++#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER)
// used by crypto module
bool enable_fips_crypto = false;
bool force_fips_crypto = false;
-@@ -3676,7 +3676,7 @@
+@@ -3869,7 +3869,7 @@
" (default)"
#endif
"\n"
-#if NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
++#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER)
" --enable-fips enable FIPS crypto at startup\n"
" --force-fips force FIPS crypto (cannot be disabled)\n"
#endif /* NODE_FIPS_MODE */
-@@ -3926,7 +3926,7 @@
+@@ -4167,7 +4167,7 @@
} else if (strncmp(arg, "--use-bundled-ca", 16) == 0) {
use_bundled_ca = true;
ssl_openssl_cert_store = false;
-#if NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
++#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER)
} else if (strcmp(arg, "--enable-fips") == 0) {
enable_fips_crypto = true;
} else if (strcmp(arg, "--force-fips") == 0) {
-@@ -4624,7 +4624,7 @@
+@@ -4882,7 +4882,7 @@
if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs))
crypto::UseExtraCaCerts(extra_ca_certs);
}
-#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
++#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER)
// In the case of FIPS builds we should make sure
// the random source is properly initialized first.
OPENSSL_init();
-diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
---- node-v4.6.1.orig/src/node_crypto.cc 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.cc 2017-04-12 12:52:59.371161636 -0700
-@@ -160,8 +160,6 @@
+diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
+--- node-v8.11.1.orig/src/node_crypto.cc 2018-07-19 00:04:56.069430789 +0800
++++ node-v8.11.1/src/node_crypto.cc 2018-07-19 00:20:25.147879168 +0800
+@@ -108,7 +108,7 @@
+ using v8::Value;
+
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if !defined(_OPENSSL_11_COMPAT)
+ static void RSA_get0_key(const RSA* r, const BIGNUM** n, const BIGNUM** e,
+ const BIGNUM** d) {
+ if (n != nullptr) {
+@@ -197,10 +197,12 @@
+ return 1;
+ }
+
++#if !defined(LIBRESSL_VERSION_NUMBER)
+ static int X509_up_ref(X509* cert) {
+ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+ return 1;
+ }
++#endif
+
+ #define EVP_MD_CTX_new EVP_MD_CTX_create
+ #define EVP_MD_CTX_free EVP_MD_CTX_destroy
+@@ -218,7 +220,7 @@
+ HMAC_CTX_cleanup(ctx);
+ free(ctx);
+ }
+-#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
++#endif // _OPENSSL_11_COMPAT
+
+ static const char* const root_certs[] = {
+ #include "node_root_certs.h" // NOLINT(build/include_order)
+@@ -236,7 +238,7 @@
+ template void SSLWrap<TLSWrap>::InitNPN(SecureContext* sc);
+ template void SSLWrap<TLSWrap>::SetSNIContext(SecureContext* sc);
+ template int SSLWrap<TLSWrap>::SetCACerts(SecureContext* sc);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if !defined(_OPENSSL_11_COMPAT)
+ template SSL_SESSION* SSLWrap<TLSWrap>::GetSessionCallback(
+ SSL* s,
+ unsigned char* key,
+@@ -275,8 +277,6 @@
#endif
template void SSLWrap<TLSWrap>::DestroySSL();
-template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg);
-template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg);
+ #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ template int SSLWrap<TLSWrap>::SelectALPNCallback(
+@@ -288,7 +288,7 @@
+ void* arg);
+ #endif // TLSEXT_TYPE_application_layer_protocol_negotiation
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if !defined(_OPENSSL_11_COMPAT)
+ static Mutex* mutexes;
static void crypto_threadid_cb(CRYPTO_THREADID* tid) {
-@@ -525,8 +523,7 @@
+@@ -574,7 +574,7 @@
+ SSL_CTX_sess_set_get_cb(sc->ctx_, SSLWrap<Connection>::GetSessionCallback);
+ SSL_CTX_sess_set_new_cb(sc->ctx_, SSLWrap<Connection>::NewSessionCallback);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if defined(_OPENSSL_11_COMPAT)
+ // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was
+ // exposed in the public API. To retain compatibility, install a callback
+ // which restores the old algorithm.
+@@ -693,8 +693,7 @@
for (int i = 0; i < sk_X509_num(extra_certs); i++) {
X509* ca = sk_X509_value(extra_certs, i);
@@ -160,39 +218,59 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
if (!r) {
ret = 0;
-@@ -717,7 +717,7 @@
- }
-
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)) || defined(LIBRESSL_VERSION_NUMBER)
- // This section contains OpenSSL 1.1.0 functions reimplemented for OpenSSL
- // 1.0.2 so that the following code can be written without lots of #if lines.
-
-@@ -725,11 +725,12 @@
- CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
- return 1;
- }
--
-+#if !defined(LIBRESSL_VERSION_NUMBER)
- static int X509_up_ref(X509* cert) {
- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
- return 1;
- }
-+#endif
- #endif // OPENSSL_VERSION_NUMBER < 0x10100000L && !OPENSSL_IS_BORINGSSL
-
-
-@@ -1194,7 +1194,7 @@
+@@ -1043,7 +1042,7 @@
+
+ node::Utf8Value curve(env->isolate(), args[0]);
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if !defined(_OPENSSL_11_COMPAT)
+ SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE);
+ SSL_CTX_set_ecdh_auto(sc->ctx_, 1);
+ #endif
+@@ -1265,7 +1264,7 @@
+ ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
+
+ Local<Object> buff = Buffer::New(wrap->env(), 48).ToLocalChecked();
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if defined(_OPENSSL_11_COMPAT)
+ memcpy(Buffer::Data(buff), wrap->ticket_key_name_, 16);
+ memcpy(Buffer::Data(buff) + 16, wrap->ticket_key_hmac_, 16);
+ memcpy(Buffer::Data(buff) + 32, wrap->ticket_key_aes_, 16);
+@@ -1298,7 +1297,7 @@
+ return env->ThrowTypeError("Ticket keys length must be 48 bytes");
+ }
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if defined(_OPENSSL_11_COMPAT)
+ memcpy(wrap->ticket_key_name_, Buffer::Data(args[0]), 16);
+ memcpy(wrap->ticket_key_hmac_, Buffer::Data(args[0]) + 16, 16);
+ memcpy(wrap->ticket_key_aes_, Buffer::Data(args[0]) + 32, 16);
+@@ -1316,13 +1315,13 @@
+
+
+ void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if !defined(_OPENSSL_11_COMPAT)
+ // |freelist_max_len| was removed in OpenSSL 1.1.0. In that version OpenSSL
+ // mallocs and frees buffers directly, without the use of a freelist.
SecureContext* wrap;
ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
-
+
- wrap->ctx_->freelist_max_len = args[0]->Int32Value();
+ //wrap->ctx_->freelist_max_len = args[0]->Int32Value();
#endif
}
-
-@@ -1188,7 +1185,6 @@
+
+@@ -1419,7 +1418,7 @@
+ }
+
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if defined(_OPENSSL_11_COMPAT)
+ int SecureContext::TicketCompatibilityCallback(SSL* ssl,
+ unsigned char* name,
+ unsigned char* iv,
+@@ -1503,7 +1502,6 @@
env->SetProtoMethod(t, "verifyError", VerifyError);
env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher);
env->SetProtoMethod(t, "endParser", EndParser);
@@ -200,9 +278,18 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
env->SetProtoMethod(t, "renegotiate", Renegotiate);
env->SetProtoMethod(t, "shutdownSSL", Shutdown);
env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket);
-@@ -2411,126 +2411,6 @@
-
-
+@@ -1559,7 +1557,7 @@
+ }
+
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if !defined(_OPENSSL_11_COMPAT)
+ template <class Base>
+ SSL_SESSION* SSLWrap<Base>::GetSessionCallback(SSL* s,
+ unsigned char* key,
+@@ -2576,126 +2574,6 @@
+
+
template <class Base>
-void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) {
- cert_cb_ = cb;
@@ -241,7 +328,7 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
-
- bool ocsp = false;
-#ifdef NODE__HAVE_TLSEXT_STATUS_CB
-- ocsp = s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp;
+- ocsp = SSL_get_tlsext_status_type(s) == TLSEXT_STATUSTYPE_ocsp;
-#endif
-
- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp));
@@ -327,18 +414,17 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
void SSLWrap<Base>::SSLGetter(Local<String> property,
const PropertyCallbackInfo<Value>& info) {
Base* base;
-@@ -2232,10 +2105,6 @@
+@@ -2728,9 +2606,6 @@
template <class Base>
int SSLWrap<Base>::SetCACerts(SecureContext* sc) {
- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_));
- if (err != 1)
- return err;
--
+
STACK_OF(X509_NAME)* list = SSL_dup_CA_list(
SSL_CTX_get_client_CA_list(sc->ctx_));
-
-@@ -2329,10 +2198,6 @@
+@@ -2824,10 +2699,6 @@
DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func);
return 0;
@@ -349,17 +435,7 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
} else if (err == SSL_ERROR_ZERO_RETURN) {
HandleScope scope(ssl_env()->isolate());
-@@ -2875,7 +2755,8 @@
- SSL* ssl = static_cast<SSL*>(
- X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
-
-- if (SSL_is_server(ssl))
-+ //if (SSL_is_server(ssl))
-+ if(ssl->server)
- return CHECK_OK;
-
- // Client needs to check if the server cert is listed in the
-@@ -2540,7 +2405,7 @@
+@@ -2982,7 +2853,7 @@
// Call the SNI callback and use its return value as context
if (!conn->sniObject_.IsEmpty()) {
@@ -368,7 +444,7 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
Local<Object> sni_obj = PersistentToLocal(env->isolate(),
conn->sniObject_);
-@@ -2918,7 +2799,7 @@
+@@ -2998,7 +2869,7 @@
Local<FunctionTemplate> secure_context_constructor_template =
env->secure_context_constructor_template();
if (secure_context_constructor_template->HasInstance(ret)) {
@@ -377,7 +453,7 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
SecureContext* sc;
ASSIGN_OR_RETURN_UNWRAP(&sc, ret.As<Object>(), SSL_TLSEXT_ERR_NOACK);
conn->SetSNIContext(sc);
-@@ -2594,8 +2459,6 @@
+@@ -3038,8 +2909,6 @@
InitNPN(sc);
@@ -386,38 +462,85 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
if (is_server) {
SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_);
-@@ -3335,7 +3335,7 @@
+@@ -3403,7 +3272,7 @@
int key_buf_len) {
HandleScope scope(env()->isolate());
-
+
-#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
++#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER)
if (FIPS_mode()) {
return env()->ThrowError(
"crypto.createCipher() is not supported in FIPS mode.");
-@@ -4185,7 +4185,7 @@
+@@ -3439,8 +3308,10 @@
+ cipher_type);
+ }
+
++#if !defined(LIBRESSL_VERSION_NUMBER)
+ if (mode == EVP_CIPH_WRAP_MODE)
+ EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
++#endif
+
+ CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_, key_len));
+
+@@ -3494,8 +3365,10 @@
+
+ ctx_ = EVP_CIPHER_CTX_new();
+
++#if !defined(LIBRESSL_VERSION_NUMBER)
+ if (mode == EVP_CIPH_WRAP_MODE)
+ EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
++#endif
+
+ const bool encrypt = (kind_ == kCipher);
+ EVP_CipherInit_ex(ctx_, cipher, nullptr, nullptr, nullptr, encrypt);
+@@ -4052,7 +3925,7 @@
+
+ SignBase::Error SignBase::Init(const char* sign_type) {
+ CHECK_EQ(mdctx_, nullptr);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if defined(_OPENSSL_11_COMPAT)
+ // Historically, "dss1" and "DSS1" were DSA aliases for SHA-1
+ // exposed through the public API.
+ if (strcmp(sign_type, "dss1") == 0 ||
+@@ -4258,7 +4131,7 @@
if (pkey == nullptr || 0 != ERR_peek_error())
goto exit;
-
+
-#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
++#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER)
/* Validate DSA2 parameters from FIPS 186-4 */
if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) {
size_t L = BN_num_bits(pkey->pkey.dsa->p);
-@@ -6132,7 +6132,7 @@
+@@ -5027,7 +4900,7 @@
+
+ void DiffieHellman::SetPrivateKey(const FunctionCallbackInfo<Value>& args) {
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
+- OPENSSL_VERSION_NUMBER < 0x10100070L
++ OPENSSL_VERSION_NUMBER < 0x10100070L && !defined(LIBRESSL_VERSION_NUMBER)
+ // Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for
+ // Node. See https://github.com/openssl/openssl/pull/4384.
+ #error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported"
+@@ -6111,13 +5984,13 @@
+ SSL_library_init();
+ OpenSSL_add_all_algorithms();
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if !defined(_OPENSSL_11_COMPAT)
+ crypto_lock_init();
CRYPTO_set_locking_callback(crypto_lock_cb);
CRYPTO_THREADID_set_callback(crypto_threadid_cb);
-
+ #endif
+
-#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
++#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER)
/* Override FIPS settings in cnf file, if needed. */
unsigned long err = 0; // NOLINT(runtime/int)
if (enable_fips_crypto || force_fips_crypto) {
-@@ -6201,16 +6201,20 @@
+@@ -6187,16 +6060,20 @@
#endif // !OPENSSL_NO_ENGINE
-
+
void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
++#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER)
if (FIPS_mode()) {
args.GetReturnValue().Set(1);
} else {
@@ -427,18 +550,56 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.cc node-v4.6.1/src/node_crypto.cc
+ args.GetReturnValue().Set(0);
+#endif
}
-
+
void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);
-#ifdef NODE_FIPS_MODE
-+#if NODE_FIPS_MODE && !defined(LIBRESSL_VERSION_NUMBER)
- bool mode = args[0]->BooleanValue();
- if (force_fips_crypto) {
- return env->ThrowError(
-diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
---- node-v4.6.1.orig/src/node_crypto.h 2017-04-12 12:40:43.541229235 -0700
-+++ node-v4.6.1/src/node_crypto.h 2017-04-12 12:55:08.867710808 -0700
-@@ -179,10 +179,7 @@
++#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER)
+ const bool enabled = FIPS_mode();
+ const bool enable = args[0]->BooleanValue();
+ if (enable == enabled)
+diff -Naur node-v8.11.1.orig/src/node_crypto.h node-v8.11.1/src/node_crypto.h
+--- node-v8.11.1.orig/src/node_crypto.h 2018-07-18 17:37:43.066250635 +0800
++++ node-v8.11.1/src/node_crypto.h 2018-07-18 19:07:31.798362764 +0800
+@@ -55,6 +55,11 @@
+ # define NODE__HAVE_TLSEXT_STATUS_CB
+ #endif // !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb)
+
++#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) \
++ || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
++#define _OPENSSL_11_COMPAT
++#endif
++
+ namespace node {
+ namespace crypto {
+
+@@ -103,14 +108,14 @@
+ static const int kTicketKeyNameIndex = 3;
+ static const int kTicketKeyIVIndex = 4;
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if defined(_OPENSSL_11_COMPAT)
+ unsigned char ticket_key_name_[16];
+ unsigned char ticket_key_aes_[16];
+ unsigned char ticket_key_hmac_[16];
+ #endif
+
+ protected:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if !defined(_OPENSSL_11_COMPAT)
+ static const int64_t kExternalSize = sizeof(SSL_CTX);
+ #else
+ // OpenSSL 1.1.0 has opaque structures. This is an estimate based on the size
+@@ -154,7 +159,7 @@
+ HMAC_CTX* hctx,
+ int enc);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if defined(_OPENSSL_11_COMPAT)
+ static int TicketCompatibilityCallback(SSL* ssl,
+ unsigned char* name,
+ unsigned char* iv,
+@@ -204,10 +209,7 @@
kind_(kind),
next_sess_(nullptr),
session_callbacks_(false),
@@ -450,17 +611,18 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
ssl_ = SSL_new(sc->ctx_);
env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
CHECK_NE(ssl_, nullptr);
-@@ -200,9 +200,6 @@
+@@ -220,10 +222,6 @@
next_sess_ = nullptr;
}
-
+
-#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- sni_context_.Reset();
-#endif
-
+-
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
ocsp_response_.Reset();
-@@ -212,11 +206,8 @@
+ #endif // NODE__HAVE_TLSEXT_STATUS_CB
+@@ -234,12 +232,9 @@
inline bool is_server() const { return kind_ == kServer; }
inline bool is_client() const { return kind_ == kClient; }
inline bool is_waiting_new_session() const { return new_session_wait_; }
@@ -469,10 +631,21 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
protected:
- typedef void (*CertCb)(void* arg);
-
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if !defined(_OPENSSL_11_COMPAT)
// Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
// some for buffers.
// NOTE: Actually it is much more than this
-@@ -244,7 +235,6 @@
+@@ -254,7 +249,7 @@
+ static void InitNPN(SecureContext* sc);
+ static void AddMethods(Environment* env, v8::Local<v8::FunctionTemplate> t);
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if !defined(_OPENSSL_11_COMPAT)
+ static SSL_SESSION* GetSessionCallback(SSL* s,
+ unsigned char* key,
+ int len,
+@@ -279,7 +274,6 @@
static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -480,9 +653,9 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args);
-@@ -273,12 +263,10 @@
- void* arg);
- #endif // OPENSSL_NPN_NEGOTIATED
+@@ -321,12 +315,10 @@
+ unsigned int inlen,
+ void* arg);
static int TLSExtStatusCallback(SSL* s, void* arg);
- static int SSLCertCallback(SSL* s, void* arg);
static void SSLGetter(v8::Local<v8::String> property,
@@ -493,7 +666,7 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
void SetSNIContext(SecureContext* sc);
int SetCACerts(SecureContext* sc);
-@@ -293,11 +281,6 @@
+@@ -341,21 +333,12 @@
bool session_callbacks_;
bool new_session_wait_;
@@ -505,9 +678,8 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
ClientHelloParser hello_parser_;
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
-@@ -309,10 +292,6 @@
- v8::Persistent<v8::Value> selected_npn_proto_;
- #endif // OPENSSL_NPN_NEGOTIATED
+ v8::Persistent<v8::Object> ocsp_response_;
+ #endif // NODE__HAVE_TLSEXT_STATUS_CB
-#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- v8::Persistent<v8::Value> sni_context_;
@@ -516,7 +688,7 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
friend class SecureContext;
};
-@@ -324,6 +303,7 @@
+@@ -367,6 +350,7 @@
~Connection() override {
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
sniObject_.Reset();
@@ -524,18 +696,44 @@ diff -Naur node-v4.6.1.orig/src/node_crypto.h node-v4.6.1/src/node_crypto.h
servername_.Reset();
#endif
}
-@@ -338,6 +318,7 @@
+@@ -381,6 +365,7 @@
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
v8::Persistent<v8::Object> sniObject_;
+ v8::Persistent<v8::Value> sniContext_;
v8::Persistent<v8::String> servername_;
#endif
-
-diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc
---- node-v4.6.1.orig/src/tls_wrap.cc 2017-04-12 12:40:43.557229429 -0700
-+++ node-v4.6.1/src/tls_wrap.cc 2017-04-12 13:36:49.323009154 -0700
-@@ -141,8 +141,6 @@
+
+diff -Naur node-v8.11.1.orig/src/node_crypto_bio.cc node-v8.11.1/src/node_crypto_bio.cc
+--- node-v8.11.1.orig/src/node_crypto_bio.cc 2018-03-30 07:17:17.000000000 +0800
++++ node-v8.11.1/src/node_crypto_bio.cc 2018-07-20 00:38:51.080302783 +0800
+@@ -28,7 +28,12 @@
+ namespace node {
+ namespace crypto {
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) \
++ || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
++#define _OPENSSL_11_COMPAT
++#endif
++
++#if !defined(_OPENSSL_11_COMPAT)
+ #define BIO_set_data(bio, data) bio->ptr = data
+ #define BIO_get_data(bio) bio->ptr
+ #define BIO_set_shutdown(bio, shutdown_) bio->shutdown = shutdown_
+@@ -237,7 +242,7 @@
+
+
+ const BIO_METHOD* NodeBIO::GetMethod() {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if !defined(_OPENSSL_11_COMPAT)
+ static const BIO_METHOD method = {
+ BIO_TYPE_MEM,
+ "node.js SSL buffer",
+diff -Naur node-v8.11.1.orig/src/tls_wrap.cc node-v8.11.1/src/tls_wrap.cc
+--- node-v8.11.1.orig/src/tls_wrap.cc 2018-03-30 07:17:18.000000000 +0800
++++ node-v8.11.1/src/tls_wrap.cc 2018-07-18 19:13:49.731685588 +0800
+@@ -171,8 +171,6 @@
InitNPN(sc_);
@@ -544,7 +742,7 @@ diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc
if (is_server()) {
SSL_set_accept_state(ssl_);
} else if (is_client()) {
-@@ -353,7 +351,6 @@
+@@ -389,7 +387,6 @@
case SSL_ERROR_NONE:
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
@@ -552,7 +750,7 @@ diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc
break;
case SSL_ERROR_ZERO_RETURN:
return scope.Escape(env()->zero_return_string());
-@@ -769,6 +766,11 @@
+@@ -830,6 +827,11 @@
"EnableSessionCallbacks after destroySSL");
}
wrap->enable_session_callbacks();
@@ -561,10 +759,10 @@ diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc
+
+void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) {
+ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder());
- NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength);
+ crypto::NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength);
wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello,
OnClientHelloParseEnd,
-@@ -833,13 +833,6 @@
+@@ -855,13 +857,6 @@
}
@@ -578,20 +776,20 @@ diff -Naur node-v4.6.1.orig/src/tls_wrap.cc node-v4.6.1/src/tls_wrap.cc
void TLSWrap::OnClientHelloParseEnd(void* arg) {
TLSWrap* c = static_cast<TLSWrap*>(arg);
c->Cycle();
-@@ -896,8 +892,8 @@
+@@ -980,8 +975,8 @@
env->SetProtoMethod(t, "start", Start);
env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode);
env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks);
+ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser);
env->SetProtoMethod(t, "destroySSL", DestroySSL);
- env->SetProtoMethod(t, "enableCertCb", EnableCertCb);
+ env->SetProtoMethod(t, "updateWriteQueueSize", UpdateWriteQueueSize);
StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev);
- SSLWrap<TLSWrap>::AddMethods(env, t);
-diff -Naur node-v4.6.1.orig/src/tls_wrap.h node-v4.6.1/src/tls_wrap.h
---- node-v4.6.1.orig/src/tls_wrap.h 2017-04-12 12:40:43.558229441 -0700
-+++ node-v4.6.1/src/tls_wrap.h 2017-04-12 13:35:51.214213644 -0700
-@@ -132,7 +132,7 @@
+diff -Naur node-v8.11.1.orig/src/tls_wrap.h node-v8.11.1/src/tls_wrap.h
+--- node-v8.11.1.orig/src/tls_wrap.h 2018-03-30 07:17:18.000000000 +0800
++++ node-v8.11.1/src/tls_wrap.h 2018-07-18 19:17:45.799658124 +0800
+@@ -159,7 +159,7 @@
static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args);
static void EnableSessionCallbacks(
const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -600,21 +798,20 @@ diff -Naur node-v4.6.1.orig/src/tls_wrap.h node-v4.6.1/src/tls_wrap.h
const v8::FunctionCallbackInfo<v8::Value>& args);
static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args);
-@@ -160,6 +160,10 @@
+@@ -187,6 +187,9 @@
// If true - delivered EOF to the js-land, either after `close_notify`, or
// after the `UV_EOF` on socket.
bool eof_;
-+
+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+ v8::Persistent<v8::Value> sni_context_;
+#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- };
- } // namespace node
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js
---- node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:40:43.865233168 -0700
-+++ node-v4.6.1/test/parallel/test-tls-cnnic-whitelist.js 2017-04-12 12:58:14.901936343 -0700
-@@ -53,7 +53,9 @@
+ private:
+ static void UpdateWriteQueueSize(
+diff -Naur node-v8.11.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v8.11.1/test/parallel/test-tls-cnnic-whitelist.js
+--- node-v8.11.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2018-03-30 07:17:18.000000000 +0800
++++ node-v8.11.1/test/parallel/test-tls-cnnic-whitelist.js 2018-07-18 19:17:45.799658124 +0800
+@@ -46,7 +46,9 @@
port: undefined,
rejectUnauthorized: true
},
@@ -625,10 +822,10 @@ diff -Naur node-v4.6.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v4.6.
}
];
-diff -Naur node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js node-v4.6.1/test/parallel/test-tls-sni-server-client.js
---- node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js 2017-04-12 12:40:43.878233326 -0700
-+++ node-v4.6.1/test/parallel/test-tls-sni-server-client.js 2017-04-12 13:00:18.804418594 -0700
-@@ -56,39 +56,37 @@
+diff -Naur node-v8.11.1.orig/test/parallel/test-tls-sni-server-client.js node-v8.11.1/test/parallel/test-tls-sni-server-client.js
+--- node-v8.11.1.orig/test/parallel/test-tls-sni-server-client.js 2018-03-30 07:17:18.000000000 +0800
++++ node-v8.11.1/test/parallel/test-tls-sni-server-client.js 2018-07-18 19:17:45.799658124 +0800
+@@ -49,39 +49,37 @@
'asterisk.test.com': {
key: loadPEM('agent3-key'),
cert: loadPEM('agent3-cert')
@@ -676,7 +873,7 @@ diff -Naur node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js node-v4.
}];
const serverResults = [];
-@@ -80,7 +78,6 @@
+@@ -93,7 +91,6 @@
server.addContext('a.example.com', SNIContexts['a.example.com']);
server.addContext('*.test.com', SNIContexts['asterisk.test.com']);
@@ -684,7 +881,7 @@ diff -Naur node-v4.6.1.orig/test/parallel/test-tls-sni-server-client.js node-v4.
server.listen(0, startTest);
-@@ -128,8 +126,7 @@
+@@ -122,8 +119,7 @@
process.on('exit', function() {
assert.deepStrictEqual(serverResults, [
diff --git a/net-libs/nodejs/files/nodejs-8.11.4-libressl.patch b/net-libs/nodejs/files/nodejs-8.12.0-libressl.patch
index b0ce88a..bf87416 100644
--- a/net-libs/nodejs/files/nodejs-8.11.4-libressl.patch
+++ b/net-libs/nodejs/files/nodejs-8.12.0-libressl.patch
@@ -55,7 +55,7 @@ diff -Naur node-v8.11.1.orig/lib/_tls_wrap.js node-v8.11.1/lib/_tls_wrap.js
});
});
}
-@@ -451,18 +454,15 @@
+@@ -455,18 +458,15 @@
ssl.onhandshakestart = () => onhandshakestart.call(this);
ssl.onhandshakedone = () => onhandshakedone.call(this);
ssl.onclienthello = (hello) => onclienthello.call(this, hello);
@@ -79,7 +79,7 @@ diff -Naur node-v8.11.1.orig/lib/_tls_wrap.js node-v8.11.1/lib/_tls_wrap.js
}
} else {
ssl.onhandshakestart = function() {};
-@@ -506,7 +506,7 @@
+@@ -510,7 +510,7 @@
options.server._contexts.length)) {
assert(typeof options.SNICallback === 'function');
this._SNICallback = options.SNICallback;
@@ -102,7 +102,7 @@ diff -Naur node-v8.11.1.orig/src/env.h node-v8.11.1/src/env.h
diff -Naur node-v8.11.1.orig/src/node.cc node-v8.11.1/src/node.cc
--- node-v8.11.1.orig/src/node.cc 2018-07-18 17:37:43.066250635 +0800
+++ node-v8.11.1/src/node.cc 2018-07-18 17:38:37.198012271 +0800
-@@ -214,7 +214,7 @@
+@@ -213,7 +213,7 @@
false;
#endif
@@ -111,7 +111,7 @@ diff -Naur node-v8.11.1.orig/src/node.cc node-v8.11.1/src/node.cc
// used by crypto module
bool enable_fips_crypto = false;
bool force_fips_crypto = false;
-@@ -3875,7 +3875,7 @@
+@@ -3166,7 +3166,7 @@
" (default)"
#endif
"\n"
@@ -120,7 +120,7 @@ diff -Naur node-v8.11.1.orig/src/node.cc node-v8.11.1/src/node.cc
" --enable-fips enable FIPS crypto at startup\n"
" --force-fips force FIPS crypto (cannot be disabled)\n"
#endif /* NODE_FIPS_MODE */
-@@ -4173,7 +4173,7 @@
+@@ -3477,7 +3477,7 @@
} else if (strncmp(arg, "--use-bundled-ca", 16) == 0) {
use_bundled_ca = true;
ssl_openssl_cert_store = false;
@@ -129,7 +129,7 @@ diff -Naur node-v8.11.1.orig/src/node.cc node-v8.11.1/src/node.cc
} else if (strcmp(arg, "--enable-fips") == 0) {
enable_fips_crypto = true;
} else if (strcmp(arg, "--force-fips") == 0) {
-@@ -4888,7 +4888,7 @@
+@@ -4219,7 +4219,7 @@
if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs))
crypto::UseExtraCaCerts(extra_ca_certs);
}
@@ -270,7 +270,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
int SecureContext::TicketCompatibilityCallback(SSL* ssl,
unsigned char* name,
unsigned char* iv,
-@@ -1505,7 +1504,6 @@
+@@ -1507,7 +1506,6 @@
env->SetProtoMethod(t, "verifyError", VerifyError);
env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher);
env->SetProtoMethod(t, "endParser", EndParser);
@@ -278,7 +278,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
env->SetProtoMethod(t, "renegotiate", Renegotiate);
env->SetProtoMethod(t, "shutdownSSL", Shutdown);
env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket);
-@@ -1564,7 +1562,7 @@
+@@ -1566,7 +1564,7 @@
}
@@ -287,7 +287,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
template <class Base>
SSL_SESSION* SSLWrap<Base>::GetSessionCallback(SSL* s,
unsigned char* key,
-@@ -2581,126 +2579,6 @@
+@@ -2650,130 +2648,6 @@
template <class Base>
@@ -311,19 +311,22 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
- return -1;
-
- Environment* env = w->env();
+- Local<Context> context = env->context();
- HandleScope handle_scope(env->isolate());
-- Context::Scope context_scope(env->context());
+- Context::Scope context_scope(context);
- w->cert_cb_running_ = true;
-
- Local<Object> info = Object::New(env->isolate());
-
- const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
- if (servername == nullptr) {
-- info->Set(env->servername_string(), String::Empty(env->isolate()));
+- info->Set(context,
+- env->servername_string(),
+- String::Empty(env->isolate())).FromJust();
- } else {
- Local<String> str = OneByteString(env->isolate(), servername,
- strlen(servername));
-- info->Set(env->servername_string(), str);
+- info->Set(context, env->servername_string(), str).FromJust();
- }
-
- bool ocsp = false;
@@ -331,7 +334,8 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
- ocsp = SSL_get_tlsext_status_type(s) == TLSEXT_STATUSTYPE_ocsp;
-#endif
-
-- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp));
+- info->Set(context, env->ocsp_request_string(),
+- Boolean::New(env->isolate(), ocsp)).FromJust();
-
- Local<Value> argv[] = { info };
- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv);
@@ -414,7 +418,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
void SSLWrap<Base>::SSLGetter(const FunctionCallbackInfo<Value>& info) {
Base* base;
ASSIGN_OR_RETURN_UNWRAP(&base, info.This());
-@@ -2732,9 +2610,6 @@
+@@ -2805,9 +2679,6 @@
template <class Base>
int SSLWrap<Base>::SetCACerts(SecureContext* sc) {
@@ -424,7 +428,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
STACK_OF(X509_NAME)* list = SSL_dup_CA_list(
SSL_CTX_get_client_CA_list(sc->ctx_));
-@@ -2828,10 +2823,6 @@
+@@ -2901,10 +2772,6 @@
DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func);
return 0;
@@ -435,7 +439,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
} else if (err == SSL_ERROR_ZERO_RETURN) {
HandleScope scope(ssl_env()->isolate());
-@@ -2986,7 +2977,7 @@
+@@ -3059,7 +2926,7 @@
// Call the SNI callback and use its return value as context
if (!conn->sniObject_.IsEmpty()) {
@@ -444,7 +448,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
Local<Object> sni_obj = PersistentToLocal(env->isolate(),
conn->sniObject_);
-@@ -3002,7 +2993,7 @@
+@@ -3075,7 +2942,7 @@
Local<FunctionTemplate> secure_context_constructor_template =
env->secure_context_constructor_template();
if (secure_context_constructor_template->HasInstance(ret)) {
@@ -453,7 +457,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
SecureContext* sc;
ASSIGN_OR_RETURN_UNWRAP(&sc, ret.As<Object>(), SSL_TLSEXT_ERR_NOACK);
conn->SetSNIContext(sc);
-@@ -3042,8 +3033,6 @@
+@@ -3115,8 +2982,6 @@
InitNPN(sc);
@@ -462,7 +466,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
if (is_server) {
SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_);
-@@ -3407,7 +3396,7 @@
+@@ -3480,7 +3345,7 @@
int key_buf_len) {
HandleScope scope(env()->isolate());
@@ -471,7 +475,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
if (FIPS_mode()) {
return env()->ThrowError(
"crypto.createCipher() is not supported in FIPS mode.");
-@@ -3443,8 +3432,10 @@
+@@ -3516,8 +3381,10 @@
cipher_type);
}
@@ -482,7 +486,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_, key_len));
-@@ -3498,8 +3489,10 @@
+@@ -3580,8 +3447,10 @@
ctx_ = EVP_CIPHER_CTX_new();
@@ -493,7 +497,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
const bool encrypt = (kind_ == kCipher);
EVP_CipherInit_ex(ctx_, cipher, nullptr, nullptr, nullptr, encrypt);
-@@ -4056,7 +4049,7 @@
+@@ -4150,7 +4019,7 @@
SignBase::Error SignBase::Init(const char* sign_type) {
CHECK_EQ(mdctx_, nullptr);
@@ -502,7 +506,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
// Historically, "dss1" and "DSS1" were DSA aliases for SHA-1
// exposed through the public API.
if (strcmp(sign_type, "dss1") == 0 ||
-@@ -4262,7 +4255,7 @@
+@@ -4356,7 +4225,7 @@
if (pkey == nullptr || 0 != ERR_peek_error())
goto exit;
@@ -511,7 +515,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
/* Validate DSA2 parameters from FIPS 186-4 */
if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) {
size_t L = BN_num_bits(pkey->pkey.dsa->p);
-@@ -5037,7 +5030,7 @@
+@@ -5131,7 +5000,7 @@
void DiffieHellman::SetPrivateKey(const FunctionCallbackInfo<Value>& args) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
@@ -520,7 +524,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for
// Node. See https://github.com/openssl/openssl/pull/4384.
#error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported"
-@@ -6120,13 +6113,13 @@
+@@ -6220,13 +6089,13 @@
SSL_library_init();
OpenSSL_add_all_algorithms();
@@ -536,7 +540,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc
/* Override FIPS settings in cnf file, if needed. */
unsigned long err = 0; // NOLINT(runtime/int)
if (enable_fips_crypto || force_fips_crypto) {
-@@ -6196,16 +6189,20 @@
+@@ -6296,16 +6165,20 @@
#endif // !OPENSSL_NO_ENGINE
void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
@@ -645,7 +649,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.h node-v8.11.1/src/node_crypto.h
static SSL_SESSION* GetSessionCallback(SSL* s,
unsigned char* key,
int len,
-@@ -278,7 +273,6 @@
+@@ -280,7 +275,6 @@
static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -653,7 +657,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.h node-v8.11.1/src/node_crypto.h
static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args);
-@@ -320,11 +314,9 @@
+@@ -322,11 +316,9 @@
unsigned int inlen,
void* arg);
static int TLSExtStatusCallback(SSL* s, void* arg);
@@ -665,7 +669,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.h node-v8.11.1/src/node_crypto.h
void SetSNIContext(SecureContext* sc);
int SetCACerts(SecureContext* sc);
-@@ -339,21 +331,12 @@
+@@ -341,21 +333,12 @@
bool session_callbacks_;
bool new_session_wait_;
@@ -687,7 +691,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.h node-v8.11.1/src/node_crypto.h
friend class SecureContext;
};
-@@ -365,6 +348,7 @@
+@@ -367,6 +350,7 @@
~Connection() override {
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
sniObject_.Reset();
@@ -695,7 +699,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto.h node-v8.11.1/src/node_crypto.h
servername_.Reset();
#endif
}
-@@ -379,6 +363,7 @@
+@@ -381,6 +365,7 @@
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
v8::Persistent<v8::Object> sniObject_;
@@ -720,7 +724,7 @@ diff -Naur node-v8.11.1.orig/src/node_crypto_bio.cc node-v8.11.1/src/node_crypto
#define BIO_set_data(bio, data) bio->ptr = data
#define BIO_get_data(bio) bio->ptr
#define BIO_set_shutdown(bio, shutdown_) bio->shutdown = shutdown_
-@@ -237,7 +242,7 @@
+@@ -235,7 +240,7 @@
const BIO_METHOD* NodeBIO::GetMethod() {
@@ -810,7 +814,7 @@ diff -Naur node-v8.11.1.orig/src/tls_wrap.h node-v8.11.1/src/tls_wrap.h
diff -Naur node-v8.11.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v8.11.1/test/parallel/test-tls-cnnic-whitelist.js
--- node-v8.11.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2018-03-30 07:17:18.000000000 +0800
+++ node-v8.11.1/test/parallel/test-tls-cnnic-whitelist.js 2018-07-18 19:17:45.799658124 +0800
-@@ -46,7 +46,9 @@
+@@ -30,7 +30,9 @@
port: undefined,
rejectUnauthorized: true
},
@@ -821,7 +825,7 @@ diff -Naur node-v8.11.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v8.1
}
];
-diff -Naur node-v8.11.1.orig/test/parallel/test-tls-sni-server-client.js node-v8.11.1/test/parallel/test-tls-sni-server-client.js
+diff -Naur node-v8.@@ -976,8 +971,8 @@2lel/test-tls-sni-server-client.js node-v8.11.1/test/parallel/test-tls-sni-server-client.js
--- node-v8.11.1.orig/test/parallel/test-tls-sni-server-client.js 2018-03-30 07:17:18.000000000 +0800
+++ node-v8.11.1/test/parallel/test-tls-sni-server-client.js 2018-07-18 19:17:45.799658124 +0800
@@ -49,39 +49,37 @@
diff --git a/net-libs/nodejs/nodejs-8.11.4.ebuild b/net-libs/nodejs/nodejs-8.11.1.ebuild
index 56bbd90..fe093d5 100644
--- a/net-libs/nodejs/nodejs-8.11.4.ebuild
+++ b/net-libs/nodejs/nodejs-8.11.1.ebuild
@@ -15,18 +15,17 @@ SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz"
LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos"
IUSE="cpu_flags_x86_sse2 debug doc icu inspector libressl +npm +snapshot +ssl systemtap test"
REQUIRED_USE="
${PYTHON_REQUIRED_USE}
inspector? ( icu ssl )
- npm? ( ssl )
"
RDEPEND="
>=dev-libs/libuv-1.19.1:=
>=net-libs/http-parser-2.8.0:=
- >=net-libs/nghttp2-1.32.0
+ >=net-libs/nghttp2-1.25.0
sys-libs/zlib
icu? ( >=dev-libs/icu-60.1:= )
ssl? (
@@ -93,7 +92,7 @@ src_prepare() {
fi
if use libressl; then
- epatch "${FILESDIR}"/nodejs-8.11.4-libressl.patch
+ epatch "${FILESDIR}"/nodejs-8.11.1-libressl.patch
fi
default
diff --git a/net-libs/nodejs/nodejs-6.11.5.ebuild b/net-libs/nodejs/nodejs-8.12.0.ebuild
index db8bc4f..e13622d 100644
--- a/net-libs/nodejs/nodejs-6.11.5.ebuild
+++ b/net-libs/nodejs/nodejs-8.12.0.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
@@ -15,26 +15,35 @@ SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz"
LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT"
SLOT="0"
-KEYWORDS="amd64 arm ~arm64 ppc ppc64 x86 ~amd64-linux ~x64-macos"
-IUSE="bundled-ssl cpu_flags_x86_sse2 debug doc icu libressl +npm +snapshot +ssl test"
-
-RDEPEND="icu? ( >=dev-libs/icu-56:= )
- npm? ( ${PYTHON_DEPS} )
- >=net-libs/http-parser-2.6.2:=
- >=dev-libs/libuv-1.9.0:=
- !bundled-ssl? ( >=dev-libs/openssl-1.0.2g:0=[-bindist] )
- sys-libs/zlib"
+KEYWORDS="amd64 ~arm ~arm64 ppc ppc64 x86 ~amd64-linux ~x64-macos"
+IUSE="cpu_flags_x86_sse2 debug doc icu inspector libressl +npm +snapshot +ssl systemtap test"
+REQUIRED_USE="
+ ${PYTHON_REQUIRED_USE}
+ inspector? ( icu ssl )
+ npm? ( ssl )
+"
+
+RDEPEND="
+ >=dev-libs/libuv-1.19.2:=
+ >=net-libs/http-parser-2.8.0:=
+ >=net-libs/nghttp2-1.32.0
+ sys-libs/zlib
+ icu? ( >=dev-libs/icu-60.1:= )
+ ssl? (
+ libressl? ( >=dev-libs/openssl-1.0.2n:0=[-bindist] )
+ libressl? ( dev-libs/libressl:= )
+ )
+"
+
DEPEND="${RDEPEND}
${PYTHON_DEPS}
+ systemtap? ( dev-util/systemtap )
test? ( net-misc/curl )"
S="${WORKDIR}/node-v${PV}"
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
- libressl? ( bundled-ssl )
- bundled-ssl? ( ssl )"
PATCHES=(
- "${FILESDIR}"/gentoo-global-npm-config.patch
+ "${FILESDIR}"/nodejs-10.3.0-global-npm-config.patch
)
pkg_pretend() {
@@ -56,7 +65,7 @@ src_prepare() {
# make sure we use python2.* while using gyp
sed -i -e "s/python/${EPYTHON}/" deps/npm/node_modules/node-gyp/gyp/gyp || die
- sed -i -e "s/|| 'python'/|| '${EPYTHON}'/" deps/npm/node_modules/node-gyp/lib/configure.js || die
+ sed -i -e "s/|| 'python2'/|| '${EPYTHON}'/" deps/npm/node_modules/node-gyp/lib/configure.js || die
# less verbose install output (stating the same as portage, basically)
sed -i -e "/print/d" tools/install.py || die
@@ -64,12 +73,13 @@ src_prepare() {
# proper libdir, hat tip @ryanpcmcquen https://github.com/iojs/io.js/issues/504
local LIBDIR=$(get_libdir)
sed -i -e "s|lib/|${LIBDIR}/|g" tools/install.py || die
- sed -i -e "s/'lib'/'${LIBDIR}'/" lib/module.js || die
- sed -i -e "s|\"lib\"|\"${LIBDIR}\"|" deps/npm/lib/npm.js || die
+ sed -i -e "s/'lib'/'${LIBDIR}'/" lib/module.js deps/npm/lib/npm.js || die
# Avoid writing a depfile, not useful
sed -i -e "/DEPFLAGS =/d" tools/gyp/pylib/gyp/generator/make.py || die
+ sed -i -e "/'-O3'/d" common.gypi deps/v8/gypfiles/toolchain.gypi || die
+
# Avoid a test that I've only been able to reproduce from emerge. It doesnt
# seem sandbox related either (invoking it from a sandbox works fine).
# The issue is that no stdin handle is openened when asked for one.
@@ -83,19 +93,23 @@ src_prepare() {
BUILDTYPE=Debug
fi
+ if use libressl; then
+ epatch "${FILESDIR}"/nodejs-${PV}-libressl.patch
+ fi
+
default
}
src_configure() {
- local myarch=""
- local myconf=( --shared-libuv --shared-http-parser --shared-zlib )
+ local myconf=( --shared-http-parser --shared-libuv --shared-nghttp2 --shared-zlib )
+ use debug && myconf+=( --debug )
+ use icu && myconf+=( --with-intl=system-icu ) || myconf+=( --with-intl=none )
+ use inspector || myconf+=( --without-inspector )
use npm || myconf+=( --without-npm )
- use icu && myconf+=( --with-intl=system-icu )
use snapshot && myconf+=( --with-snapshot )
- use bundled-ssl || myconf+=( --shared-openssl )
- use ssl || myconf+=( --without-ssl )
- use debug && myconf+=( --debug )
+ use ssl && myconf+=( --shared-openssl ) || myconf+=( --without-ssl )
+ local myarch=""
case ${ABI} in
amd64) myarch="x64";;
arm) myarch="arm";;
@@ -112,7 +126,7 @@ src_configure() {
"${PYTHON}" configure \
--prefix="${EPREFIX}"/usr \
--dest-cpu=${myarch} \
- --without-dtrace \
+ $(use_with systemtap dtrace) \
"${myconf[@]}" || die
}