teldra/vp-build
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nodejs: update to 0.12.7.

Browse Source
This commit is contained in:
Juan RP 2015-07-10 07:46:06 +02:00
parent 14902a61e6
commit 4d7d303677
3 changed files with 3 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
srcpkgs/nodejs/patches/X509_verify_cert.patch
View File

@ -1,75 +0,0 @@
--- deps/openssl/openssl/crypto/x509/x509_vfy.c
+++ deps/openssl/openssl/crypto/x509/x509_vfy.c
@@ -193,6 +193,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
return -1;
}
+ if (ctx->chain != NULL) {
+ /*
+ * This X509_STORE_CTX has already been used to verify a cert. We
+ * cannot do another one.
+ */
+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
cb = ctx->verify_cb;
@@ -200,15 +208,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
* first we make sure the chain we are going to build is present and that
* the first entry is in place
*/
- if (ctx->chain == NULL) {
- if (((ctx->chain = sk_X509_new_null()) == NULL) ||
- (!sk_X509_push(ctx->chain, ctx->cert))) {
- X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
- goto end;
- }
- CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
- ctx->last_untrusted = 1;
+ if (((ctx->chain = sk_X509_new_null()) == NULL) ||
+ (!sk_X509_push(ctx->chain, ctx->cert))) {
+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ goto end;
}
+ CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
+ ctx->last_untrusted = 1;
/* We use a temporary STACK so we can chop and hack at it */
if (ctx->untrusted != NULL
--- deps/openssl/openssl/doc/crypto/X509_STORE_CTX_new.pod
+++ deps/openssl/openssl/doc/crypto/X509_STORE_CTX_new.pod
@@ -40,10 +40,15 @@ is no longer valid.
If B<ctx> is NULL nothing is done.
X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
-The trusted certificate store is set to B<store>, the end entity certificate
-to be verified is set to B<x509> and a set of additional certificates (which
-will be untrusted but may be used to build the chain) in B<chain>. Any or
-all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
+It must be called before each call to X509_verify_cert(), i.e. a B<ctx> is only
+good for one call to X509_verify_cert(); if you want to verify a second
+certificate with the same B<ctx> then you must call X509_XTORE_CTX_cleanup()
+and then X509_STORE_CTX_init() again before the second call to
+X509_verify_cert(). The trusted certificate store is set to B<store>, the end
+entity certificate to be verified is set to B<x509> and a set of additional
+certificates (which will be untrusted but may be used to build the chain) in
+B<chain>. Any or all of the B<store>, B<x509> and B<chain> parameters can be
+B<NULL>.
X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
to B<sk>. This is an alternative way of specifying trusted certificates
diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod
index e5cfc6f..48055b0 100644
--- deps/openssl/openssl/doc/crypto/X509_verify_cert.pod
+++ deps/openssl/openssl/doc/crypto/X509_verify_cert.pod
@@ -32,7 +32,8 @@ OpenSSL internally for certificate validation, in both the S/MIME and
SSL/TLS code.
The negative return value from X509_verify_cert() can only occur if no
-certificate is set in B<ctx> (due to a programming error) or if a retry
+certificate is set in B<ctx> (due to a programming error); if X509_verify_cert()
+twice without reinitialising B<ctx> in between; or if a retry
operation is requested during internal lookups (which never happens with
standard lookup methods). It is however recommended that application check
for <= 0 return value on error.

12
srcpkgs/nodejs/patches/alternate_chains_certificate_forgery.patch
View File

@ -1,12 +0,0 @@
--- deps/openssl/openssl/crypto/x509/x509_vfy.c
+++ deps/openssl/openssl/crypto/x509/x509_vfy.c
@@ -392,8 +392,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
xtmp = sk_X509_pop(ctx->chain);
X509_free(xtmp);
num--;
- ctx->last_untrusted--;
}
+ ctx->last_untrusted = sk_X509_num(ctx->chain);
retry = 1;
break;
}

6
srcpkgs/nodejs/template
View File

@ -1,7 +1,7 @@
# Template file for 'nodejs' # Template file for 'nodejs'
pkgname=nodejs pkgname=nodejs
version=0.12.6 version=0.12.7
revision=2 revision=1
wrksrc=node-v${version} wrksrc=node-v${version}
hostmakedepends="pkg-config python" hostmakedepends="pkg-config python"
makedepends="zlib-devel python-devel makedepends="zlib-devel python-devel
@ -13,7 +13,7 @@ maintainer="Juan RP <xtraeme@voidlinux.eu>"
license="MIT" license="MIT"
homepage="http://nodejs.org/" homepage="http://nodejs.org/"
distfiles="${homepage}/dist/v${version}/node-v${version}.tar.gz" distfiles="${homepage}/dist/v${version}/node-v${version}.tar.gz"
checksum=7a3b5ac351973a9dee8edbf0684bc8d0dea44b231e42274ffb008141ffa19ad2 checksum=b23d64df051c9c969b0c583f802d5d71de342e53067127a5061415be7e12f39d
build_options="ssl libuv http_parser" build_options="ssl libuv http_parser"
desc_option_libuv="Enable shared libuv" desc_option_libuv="Enable shared libuv"