From 55857230369b2cdb264044845e004a58ebca5bf3 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 3 Apr 2017 13:37:43 -0400 Subject: [PATCH] Revert upstream change that is incompatible with OpenSSL 1.0.1 Fixes: rhbz#1436445 --- EPEL01-openssl101-compat.patch | 30 ++++++++++++++++++++++++++++++ nodejs.spec | 11 ++++++++++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 EPEL01-openssl101-compat.patch diff --git a/EPEL01-openssl101-compat.patch b/EPEL01-openssl101-compat.patch new file mode 100644 index 0000000..f419f95 --- /dev/null +++ b/EPEL01-openssl101-compat.patch @@ -0,0 +1,30 @@ +diff -ru a/src/node_crypto.cc b/src/node_crypto.cc +--- a/src/node_crypto.cc 2017-03-31 22:39:56.483283868 +0200 ++++ b/src/node_crypto.cc 2017-03-31 22:45:36.250267750 +0200 +@@ -851,8 +851,6 @@ + } + } + +- // Increment reference count so global store is not deleted along with CTX. +- X509_STORE_up_ref(root_cert_store); + SSL_CTX_set_cert_store(sc->ctx_, root_cert_store); + } + +diff -ru a/src/node_crypto.h b/src/node_crypto.h +--- a/src/node_crypto.h 2017-03-21 20:43:33.000000000 +0100 ++++ b/src/node_crypto.h 2017-03-31 22:43:15.548183432 +0200 +@@ -145,6 +145,13 @@ + } + + env()->isolate()->AdjustAmountOfExternalAllocatedMemory(-kExternalSize); ++ if (ctx_->cert_store == root_cert_store) { ++ // SSL_CTX_free() will attempt to free the cert_store as well. ++ // Since we want our root_cert_store to stay around forever ++ // we just clear the field. Hopefully OpenSSL will not modify this ++ // struct in future versions. ++ ctx_->cert_store = nullptr; ++ } + SSL_CTX_free(ctx_); + if (cert_ != nullptr) + X509_free(cert_); + diff --git a/nodejs.spec b/nodejs.spec index 8d0da96..94f6c09 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -19,7 +19,7 @@ %global nodejs_patch 1 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch} -%global nodejs_release 1 +%global nodejs_release 2 # == Bundled Dependency Versions == # v8 - from deps/v8/include/v8-version.h @@ -105,6 +105,10 @@ Patch3: 0003-crypto-Use-system-CAs-instead-of-using-bundled-ones.patch # https://github.com/nodejs/node/issues/10388#issuecomment-283120731 Patch4: 0004-Fix-compatibility-with-GCC-7.patch +# RHEL 7 still uses OpenSSL 1.0.1 for now, and it segfaults on SSL +# Revert this upstream patch until RHEL 7 upgrades to 1.0.2 +Patch5: EPEL01-openssl101-compat.patch + BuildRequires: python-devel BuildRequires: libuv-devel >= 1:1.9.1 Requires: libuv >= 1:1.9.1 @@ -252,6 +256,7 @@ rm -rf deps/icu-small \ %if 0%{?epel} %patch2 -p1 +%patch5 -p1 %endif @@ -412,6 +417,10 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node - %{_pkgdocdir}/npm/doc %changelog +* Mon Apr 03 2017 Stephen Gallagher - 1:6.10.1-2 +- Revert upstream change that is incompatible with OpenSSL 1.0.1 +- Fixes: rhbz#1436445 + * Wed Mar 22 2017 Zuzana Svetlikova - 1:6.10.1-1 - Update to 6.10.1 - remove small-icu from deps