diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0238061 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/node-v6.9.1-stripped.tar.gz diff --git a/.rh-nodejs6-nodejs.metadata b/.rh-nodejs6-nodejs.metadata new file mode 100644 index 0000000..a8f9cc8 --- /dev/null +++ b/.rh-nodejs6-nodejs.metadata @@ -0,0 +1 @@ +4b7acde6607bc089355c750355577be732924d06 SOURCES/node-v6.9.1-stripped.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/0001-Disable-crypto-tests.patch b/SOURCES/0001-Disable-crypto-tests.patch new file mode 100644 index 0000000..d66c14c --- /dev/null +++ b/SOURCES/0001-Disable-crypto-tests.patch @@ -0,0 +1,77 @@ +From e90119932ce27998f5961dbad7ae30f7b6930cb1 Mon Sep 17 00:00:00 2001 +From: Zuzana Svetlikova +Date: Wed, 11 Jan 2017 14:54:02 +0100 +Subject: [PATCH] Disable crypto tests + +--- + test/{parallel => disabled}/test-crypto-dh.js | 0 + test/{parallel => disabled}/test-crypto-fips.js | 0 + test/{parallel => disabled}/test-tls-cnnic-whitelist.js | 0 + test/{parallel => disabled}/test-tls-dhe.js | 0 + test/{parallel => disabled}/test-tls-ecdh-disable.js | 0 + test/{parallel => disabled}/test-tls-ecdh.js | 0 + test/{parallel => disabled}/test-tls-empty-sni-context.js | 0 + test/{parallel => disabled}/test-tls-pfx-gh-5100-regr.js | 0 + test/{parallel => disabled}/test-tls-securepair-server.js | 0 + test/{parallel => disabled}/test-tls-sni-option.js | 0 + test/{parallel => disabled}/test-tls-sni-server-client.js | 0 + 11 files changed, 0 insertions(+), 0 deletions(-) + rename test/{parallel => disabled}/test-crypto-dh.js (100%) + rename test/{parallel => disabled}/test-crypto-fips.js (100%) + rename test/{parallel => disabled}/test-tls-cnnic-whitelist.js (100%) + rename test/{parallel => disabled}/test-tls-dhe.js (100%) + rename test/{parallel => disabled}/test-tls-ecdh-disable.js (100%) + rename test/{parallel => disabled}/test-tls-ecdh.js (100%) + rename test/{parallel => disabled}/test-tls-empty-sni-context.js (100%) + rename test/{parallel => disabled}/test-tls-pfx-gh-5100-regr.js (100%) + rename test/{parallel => disabled}/test-tls-securepair-server.js (100%) + rename test/{parallel => disabled}/test-tls-sni-option.js (100%) + rename test/{parallel => disabled}/test-tls-sni-server-client.js (100%) + +diff --git a/test/parallel/test-crypto-dh.js b/test/disabled/test-crypto-dh.js +similarity index 100% +rename from test/parallel/test-crypto-dh.js +rename to test/disabled/test-crypto-dh.js +diff --git a/test/parallel/test-crypto-fips.js b/test/disabled/test-crypto-fips.js +similarity index 100% +rename from test/parallel/test-crypto-fips.js +rename to test/disabled/test-crypto-fips.js +diff --git a/test/parallel/test-tls-cnnic-whitelist.js b/test/disabled/test-tls-cnnic-whitelist.js +similarity index 100% +rename from test/parallel/test-tls-cnnic-whitelist.js +rename to test/disabled/test-tls-cnnic-whitelist.js +diff --git a/test/parallel/test-tls-dhe.js b/test/disabled/test-tls-dhe.js +similarity index 100% +rename from test/parallel/test-tls-dhe.js +rename to test/disabled/test-tls-dhe.js +diff --git a/test/parallel/test-tls-ecdh-disable.js b/test/disabled/test-tls-ecdh-disable.js +similarity index 100% +rename from test/parallel/test-tls-ecdh-disable.js +rename to test/disabled/test-tls-ecdh-disable.js +diff --git a/test/parallel/test-tls-ecdh.js b/test/disabled/test-tls-ecdh.js +similarity index 100% +rename from test/parallel/test-tls-ecdh.js +rename to test/disabled/test-tls-ecdh.js +diff --git a/test/parallel/test-tls-empty-sni-context.js b/test/disabled/test-tls-empty-sni-context.js +similarity index 100% +rename from test/parallel/test-tls-empty-sni-context.js +rename to test/disabled/test-tls-empty-sni-context.js +diff --git a/test/parallel/test-tls-pfx-gh-5100-regr.js b/test/disabled/test-tls-pfx-gh-5100-regr.js +similarity index 100% +rename from test/parallel/test-tls-pfx-gh-5100-regr.js +rename to test/disabled/test-tls-pfx-gh-5100-regr.js +diff --git a/test/parallel/test-tls-securepair-server.js b/test/disabled/test-tls-securepair-server.js +similarity index 100% +rename from test/parallel/test-tls-securepair-server.js +rename to test/disabled/test-tls-securepair-server.js +diff --git a/test/parallel/test-tls-sni-option.js b/test/disabled/test-tls-sni-option.js +similarity index 100% +rename from test/parallel/test-tls-sni-option.js +rename to test/disabled/test-tls-sni-option.js +diff --git a/test/parallel/test-tls-sni-server-client.js b/test/disabled/test-tls-sni-server-client.js +similarity index 100% +rename from test/parallel/test-tls-sni-server-client.js +rename to test/disabled/test-tls-sni-server-client.js +-- +2.11.0 + diff --git a/SOURCES/0001-Disable-failing-tests.patch b/SOURCES/0001-Disable-failing-tests.patch new file mode 100644 index 0000000..6c61f33 --- /dev/null +++ b/SOURCES/0001-Disable-failing-tests.patch @@ -0,0 +1,29 @@ +From d8592f0df67e7bc7151b32e00db284db320fa27a Mon Sep 17 00:00:00 2001 +From: Zuzana Svetlikova +Date: Wed, 11 Jan 2017 14:57:25 +0100 +Subject: [PATCH] Disable failing tests + +--- + .../test-net-better-error-messages-port-hostname.js | 0 + test/{parallel => disabled}/test-net-connect-immediate-finish.js | 0 + test/{parallel => disabled}/test-npm-install.js | 0 + 3 files changed, 0 insertions(+), 0 deletions(-) + rename test/{parallel => disabled}/test-net-better-error-messages-port-hostname.js (100%) + rename test/{parallel => disabled}/test-net-connect-immediate-finish.js (100%) + rename test/{parallel => disabled}/test-npm-install.js (100%) + +diff --git a/test/parallel/test-net-better-error-messages-port-hostname.js b/test/disabled/test-net-better-error-messages-port-hostname.js +similarity index 100% +rename from test/parallel/test-net-better-error-messages-port-hostname.js +rename to test/disabled/test-net-better-error-messages-port-hostname.js +diff --git a/test/parallel/test-net-connect-immediate-finish.js b/test/disabled/test-net-connect-immediate-finish.js +similarity index 100% +rename from test/parallel/test-net-connect-immediate-finish.js +rename to test/disabled/test-net-connect-immediate-finish.js +diff --git a/test/parallel/test-npm-install.js b/test/disabled/test-npm-install.js +similarity index 100% +rename from test/parallel/test-npm-install.js +rename to test/disabled/test-npm-install.js +-- +2.11.0 + diff --git a/SOURCES/0002-Use-openssl-1.0.1.patch b/SOURCES/0002-Use-openssl-1.0.1.patch new file mode 100644 index 0000000..700e8fc --- /dev/null +++ b/SOURCES/0002-Use-openssl-1.0.1.patch @@ -0,0 +1,524 @@ +From 6cf8243a70e26843c7770f7b29b1a33b822d1c26 Mon Sep 17 00:00:00 2001 +From: Haikel Guemar +Date: Tue, 26 Jul 2016 22:50:22 +0200 +Subject: [PATCH 2/3] Use openssl 1.0.1 + +Based on Solaris patches from upstream #2783 +https://github.com/nodejs/node/issues/2783 +--- + doc/api/tls.md | 6 ++ + src/node_constants.cc | 5 ++ + src/node_crypto.cc | 201 ++++++++++++++++++++++++++++++++++++++++++++++---- + src/node_crypto.h | 16 ++++ + src/tls_wrap.cc | 8 ++ + 5 files changed, 223 insertions(+), 13 deletions(-) + +diff --git a/doc/api/tls.md b/doc/api/tls.md +index 7feaff2..97ad7a5 100644 +--- a/doc/api/tls.md ++++ b/doc/api/tls.md +@@ -114,6 +114,12 @@ handshake extensions: + * SNI - Allows the use of one TLS server for multiple hostnames with different + SSL certificates. + ++ **NOTE**: dueto a design flaw in node **SNI cannot be ++ used on the server side**, even so all parameters in related functions are ++ accepted for compatibility reasons. And thus the related events will not ++ fire unless one aranges this explicitly. This may change, when the OS ++ provides OpenSSL v1.0.2 or better and node gets linked to this version. ++ + *Note*: Use of ALPN is recommended over NPN. The NPN extension has never been + formally defined or documented and generally not recommended for use. + +diff --git a/src/node_constants.cc b/src/node_constants.cc +index 2e6be8d..239eadb 100644 +--- a/src/node_constants.cc ++++ b/src/node_constants.cc +@@ -14,7 +14,10 @@ + #include + + #if HAVE_OPENSSL ++# include ++# ifndef OPENSSL_NO_EC + # include ++# endif + # include + # ifndef OPENSSL_NO_ENGINE + # include +@@ -976,12 +979,14 @@ void DefineOpenSSLConstants(Local target) { + + #if HAVE_OPENSSL + // NOTE: These are not defines ++# ifndef OPENSSL_NO_EC + NODE_DEFINE_CONSTANT(target, POINT_CONVERSION_COMPRESSED); + + NODE_DEFINE_CONSTANT(target, POINT_CONVERSION_UNCOMPRESSED); + + NODE_DEFINE_CONSTANT(target, POINT_CONVERSION_HYBRID); + #endif ++#endif + } + + void DefineSystemConstants(Local target) { +diff --git a/src/node_crypto.cc b/src/node_crypto.cc +index 9cf216f..888a0f8 100644 +--- a/src/node_crypto.cc ++++ b/src/node_crypto.cc +@@ -24,6 +24,82 @@ + #include + #include + ++#ifndef SSL_get_server_tmp_key ++/* ++ 1.0.2 SSL_get_server_tmp_key(s, pk) "backport". BAD HACK!!! ++ NOTE: This imports "foreign" knowledge and thus will break, when SESS_CERT ++ or CERT_PKEY change, which is definitely the case for the later for ++ all OpenSSL lib vers != 1.0.1. So don't try to bind to something else! ++ */ ++# define SSL_PKEY_NUM 8 ++typedef struct cert_pkey_st { ++ X509 *x509; ++ EVP_PKEY *privatekey; ++ /* Digest to use when signing */ ++ const EVP_MD *digest; ++} CERT_PKEY; ++ ++typedef struct sess_cert_st { ++ STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ ++ /* The 'peer_...' members are used only by clients. */ ++ int peer_cert_type; ++ CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never ++ * NULL!) */ ++ CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; ++ /* ++ * Obviously we don't have the private keys of these, so maybe we ++ * shouldn't even use the CERT_PKEY type here. ++ */ ++# ifndef OPENSSL_NO_RSA ++ RSA *peer_rsa_tmp; /* not used for SSL 2 */ ++# endif ++# ifndef OPENSSL_NO_DH ++ DH *peer_dh_tmp; /* not used for SSL 2 */ ++# endif ++# ifndef OPENSSL_NO_ECDH ++ EC_KEY *peer_ecdh_tmp; ++# endif ++ int references; /* actually always 1 at the moment */ ++} SESS_CERT; ++ ++static long SSL_get_server_tmp_key(SSL *s, void *parg) { ++ if (s->server || !s->session || !s->session->sess_cert) ++ return 0; ++ else { ++ SESS_CERT *sc; ++ EVP_PKEY *ptmp; ++ int rv = 0; ++ sc = s->session->sess_cert; ++#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH) ++ if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp) ++ return 0; ++#endif ++ ptmp = EVP_PKEY_new(); ++ if (!ptmp) ++ return 0; ++ if (0) ; ++#ifndef OPENSSL_NO_RSA ++ else if (sc->peer_rsa_tmp) ++ rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp); ++#endif ++#ifndef OPENSSL_NO_DH ++ else if (sc->peer_dh_tmp) ++ rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp); ++#endif ++#ifndef OPENSSL_NO_ECDH ++ else if (sc->peer_ecdh_tmp) ++ rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp); ++#endif ++ if (rv) { ++ *(EVP_PKEY **)parg = ptmp; ++ return 1; ++ } ++ EVP_PKEY_free(ptmp); ++ return 0; ++ } ++} ++#endif /* SSL_get_server_tmp_key */ ++ + #define THROW_AND_RETURN_IF_NOT_STRING_OR_BUFFER(val, prefix) \ + do { \ + if (!Buffer::HasInstance(val) && !val->IsString()) { \ +@@ -160,7 +236,11 @@ template int SSLWrap::TLSExtStatusCallback(SSL* s, void* arg); + #endif + + template void SSLWrap::DestroySSL(); ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L + template int SSLWrap::SSLCertCallback(SSL* s, void* arg); ++#else ++template int SSLWrap::SSLCertCallback(SSL* s, X509 **x509, EVP_PKEY **pkey); ++#endif + template void SSLWrap::WaitForCertCb(CertCb cb, void* arg); + + #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation +@@ -280,8 +360,12 @@ void SecureContext::Initialize(Environment* env, Local target) { + env->SetProtoMethod(t, "addCRL", SecureContext::AddCRL); + env->SetProtoMethod(t, "addRootCerts", SecureContext::AddRootCerts); + env->SetProtoMethod(t, "setCiphers", SecureContext::SetCiphers); ++#ifndef OPENSSL_NO_ECDH + env->SetProtoMethod(t, "setECDHCurve", SecureContext::SetECDHCurve); ++#endif ++#ifndef OPENSSL_NO_DH + env->SetProtoMethod(t, "setDHParam", SecureContext::SetDHParam); ++#endif + env->SetProtoMethod(t, "setOptions", SecureContext::SetOptions); + env->SetProtoMethod(t, "setSessionIdContext", + SecureContext::SetSessionIdContext); +@@ -515,8 +599,20 @@ int SSL_CTX_use_certificate_chain(SSL_CTX* ctx, + for (int i = 0; i < sk_X509_num(extra_certs); i++) { + X509* ca = sk_X509_value(extra_certs, i); + +- // NOTE: Increments reference count on `ca` +- r = SSL_CTX_add1_chain_cert(ctx, ca); ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ // If ctx->cert->key != NULL create ctx->cert->key->chain if not ++ // already there, push 'ca' to this chain and finally increment the ca ++ // reference count by 1 (this is the diff between *_add1_* and *_add0_* ++ // - the later increments by 0 ;-)) and return 1. Otherwise or if ++ // something fails in between, return 0. ++ r = SSL_CTX_add1_chain_cert(ctx, ca); ++#else ++ // Create ctx->extra_certs if not already there, just push 'ca' to this ++ // chain and return 1. If something fails, return 0. ++ // NOTE: 1.0.1- does not support multiple certs having its own chain in ++ // a single context. There is just one: extra_chain! ++ r = SSL_CTX_add_extra_chain_cert(ctx, ca); ++#endif + + if (!r) { + ret = 0; +@@ -795,6 +891,7 @@ void SecureContext::SetCiphers(const FunctionCallbackInfo& args) { + } + + ++#ifndef OPENSSL_NO_ECDH + void SecureContext::SetECDHCurve(const FunctionCallbackInfo& args) { + SecureContext* sc; + ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder()); +@@ -822,8 +919,10 @@ void SecureContext::SetECDHCurve(const FunctionCallbackInfo& args) { + + EC_KEY_free(ecdh); + } ++#endif + + ++#ifndef OPENSSL_NO_DH + void SecureContext::SetDHParam(const FunctionCallbackInfo& args) { + SecureContext* sc; + ASSIGN_OR_RETURN_UNWRAP(&sc, args.This()); +@@ -862,6 +961,7 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo& args) { + if (!r) + return env->ThrowTypeError("Error setting temp DH parameter"); + } ++#endif + + + void SecureContext::SetOptions(const FunctionCallbackInfo& args) { +@@ -1872,6 +1972,7 @@ void SSLWrap::GetEphemeralKeyInfo( + info->Set(env->size_string(), + Integer::New(env->isolate(), EVP_PKEY_bits(key))); + break; ++#ifndef OPENSSL_NO_ECDH + case EVP_PKEY_EC: + { + EC_KEY* ec = EVP_PKEY_get1_EC_KEY(key); +@@ -1884,6 +1985,7 @@ void SSLWrap::GetEphemeralKeyInfo( + info->Set(env->size_string(), + Integer::New(env->isolate(), EVP_PKEY_bits(key))); + } ++#endif + } + EVP_PKEY_free(key); + } +@@ -2301,7 +2403,12 @@ void SSLWrap::WaitForCertCb(CertCb cb, void* arg) { + + + template ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L + int SSLWrap::SSLCertCallback(SSL* s, void* arg) { ++#else ++/* NOTE: For now this callback gets usually never called dueto design flaws */ ++int SSLWrap::SSLCertCallback(SSL* s, X509 **x509, EVP_PKEY **pkey) { ++#endif + Base* w = static_cast(SSL_get_app_data(s)); + + if (!w->is_server()) +@@ -2375,19 +2482,53 @@ void SSLWrap::CertCbDone(const FunctionCallbackInfo& args) { + w->sni_context_.Reset(env->isolate(), ctx); + + int rv; ++ X509* x509; ++ EVP_PKEY* pkey; ++ STACK_OF(X509)* chain; + + // NOTE: reference count is not increased by this API methods +- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_); +- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_); +- STACK_OF(X509)* chain; ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ x509 = SSL_CTX_get0_certificate(sc->ctx_); ++ pkey = SSL_CTX_get0_privatekey(sc->ctx_); ++ rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain); ++#else ++ SSL *ssl = SSL_new(sc->ctx_); ++ rv = SSL_CTX_get_extra_chain_certs(sc->ctx_, &chain); ++ if (ssl) { ++ SSL_set_connect_state(ssl); /* just cleanup/reset state - cheap */ ++ x509 = SSL_get_certificate(ssl); ++ SSL_free(ssl); ++ } else { ++ x509 = NULL; ++ pkey = NULL; ++ } ++#endif + +- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain); +- if (rv) +- rv = SSL_use_certificate(w->ssl_, x509); +- if (rv) +- rv = SSL_use_PrivateKey(w->ssl_, pkey); +- if (rv && chain != nullptr) +- rv = SSL_set1_chain(w->ssl_, chain); ++ if (rv) ++ rv = SSL_use_certificate(w->ssl_, x509); ++ if (rv) ++ rv = SSL_use_PrivateKey(w->ssl_, pkey); ++ if (rv && chain != nullptr) { ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ // replaces w->ssl_->cert->key->chain with a copy of the given chain, ++ // which is allowed to be NULL ++ rv = SSL_set1_chain(w->ssl_, chain); ++#else ++ // just replace the extra chain with the given chain - 1.0.1- does not ++ // support chain per cert ++ SSL_CTX_clear_extra_chain_certs(w->ssl_->ctx); ++ if (chain != NULL) { ++ int i; ++ SSL_CTX* ctx = w->ssl_->ctx; ++ for (i = 0; i < sk_X509_num(chain); i++) { ++ // can't do anything: however others might be ok and still ++ // satisfy requirements ++ SSL_CTX_add_extra_chain_cert(ctx, sk_X509_value(chain,i)); ++ } ++ } ++ rv = 1; ++#endif ++ } + if (rv) + rv = w->SetCACerts(sc); + if (!rv) { +@@ -2451,10 +2592,14 @@ void SSLWrap::SetSNIContext(SecureContext* sc) { + + template + int SSLWrap::SetCACerts(SecureContext* sc) { ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L + int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_)); + if (err != 1) + return err; +- ++#else ++ // there is no ssl_->cert->verify_store in <= 1.0.1. So no need to: free the ++ // old store, set the new one to it and increment its ref count. ++#endif + STACK_OF(X509_NAME)* list = SSL_dup_CA_list( + SSL_CTX_get_client_CA_list(sc->ctx_)); + +@@ -2732,7 +2877,11 @@ inline int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) { + SSL* ssl = static_cast( + X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); + ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (SSL_is_server(ssl)) ++#else ++ if (ssl->server) ++#endif + return 1; + + // Client needs to check if the server cert is listed in the +@@ -2815,7 +2964,21 @@ void Connection::New(const FunctionCallbackInfo& args) { + + InitNPN(sc); + ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L + SSL_set_cert_cb(conn->ssl_, SSLWrap::SSLCertCallback, conn); ++#else ++ /* 1.0.1 and less have no general cert callback. The closest for a client is ++ SSL_CTX_set_client_cert_cb(conn->ssl_->ctx, SSLWrap::SSLCertCallback); ++ but on the client it is not needed/used by this implementation. Since this ++ the SSLCertCallback actually calls lib/_tls_wrap.js:oncertcb(), which in ++ turn loadSNI() and this the actual SNICallback of the JSON object, sets ++ the context and finally requestOCSP() and certCbDone(). Not sure, why ++ the SNICallback of the JSON object, doesn't get invoked via ++ SelectSNIContextCallback_() - design flaw because lets do 2 things at once ++ (i.e. do SNICallback and attach the certs ca chain), however, this means ++ no server side support for the SNI TLS/OCSP_state extension anymore. ++ */ ++#endif + + #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB + if (is_server) { +@@ -4404,6 +4567,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo& args) { + } + + ++#ifndef OPENSSL_NO_DH + void DiffieHellman::Initialize(Environment* env, Local target) { + Local t = env->NewFunctionTemplate(New); + +@@ -4805,8 +4969,10 @@ bool DiffieHellman::VerifyContext() { + verifyError_ = codes; + return true; + } ++#endif + + ++#ifndef OPENSSL_NO_ECDH + void ECDH::Initialize(Environment* env, Local target) { + HandleScope scope(env->isolate()); + +@@ -5034,6 +5200,7 @@ void ECDH::SetPrivateKey(const FunctionCallbackInfo& args) { + + EC_POINT_free(pub); + } ++#endif + + + void ECDH::SetPublicKey(const FunctionCallbackInfo& args) { +@@ -5587,6 +5754,7 @@ void GetHashes(const FunctionCallbackInfo& args) { + } + + ++# ifndef OPENSSL_NO_EC + void GetCurves(const FunctionCallbackInfo& args) { + Environment* env = Environment::GetCurrent(args); + const size_t num_curves = EC_get_builtin_curves(nullptr, 0); +@@ -5611,6 +5779,7 @@ void GetCurves(const FunctionCallbackInfo& args) { + + args.GetReturnValue().Set(arr); + } ++#endif + + + bool VerifySpkac(const char* data, unsigned int len) { +@@ -5886,8 +6055,12 @@ void InitCrypto(Local target, + SecureContext::Initialize(env, target); + Connection::Initialize(env, target); + CipherBase::Initialize(env, target); ++# ifndef OPENSSL_NO_EC + DiffieHellman::Initialize(env, target); ++#endif ++#ifndef OPENSSL_NO_ECDH + ECDH::Initialize(env, target); ++#endif + Hmac::Initialize(env, target); + Hash::Initialize(env, target); + Sign::Initialize(env, target); +@@ -5906,7 +6079,9 @@ void InitCrypto(Local target, + env->SetMethod(target, "getSSLCiphers", GetSSLCiphers); + env->SetMethod(target, "getCiphers", GetCiphers); + env->SetMethod(target, "getHashes", GetHashes); ++# ifndef OPENSSL_NO_EC + env->SetMethod(target, "getCurves", GetCurves); ++#endif + env->SetMethod(target, "publicEncrypt", + PublicKeyCipher::Cipher ++# ifndef OPENSSL_NO_EC + #include ++# endif ++# ifndef OPENSSL_NO_ECDH + #include ++# endif + #ifndef OPENSSL_NO_ENGINE + # include + #endif // !OPENSSL_NO_ENGINE +@@ -101,8 +105,12 @@ class SecureContext : public BaseObject { + static void AddCRL(const v8::FunctionCallbackInfo& args); + static void AddRootCerts(const v8::FunctionCallbackInfo& args); + static void SetCiphers(const v8::FunctionCallbackInfo& args); ++#ifndef OPENSSL_NO_ECDH + static void SetECDHCurve(const v8::FunctionCallbackInfo& args); ++#endif ++# ifndef OPENSSL_NO_DH + static void SetDHParam(const v8::FunctionCallbackInfo& args); ++#endif + static void SetOptions(const v8::FunctionCallbackInfo& args); + static void SetSessionIdContext( + const v8::FunctionCallbackInfo& args); +@@ -283,7 +291,11 @@ class SSLWrap { + unsigned int inlen, + void* arg); + static int TLSExtStatusCallback(SSL* s, void* arg); ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L + static int SSLCertCallback(SSL* s, void* arg); ++#else ++ static int SSLCertCallback(SSL* s, X509 **x509, EVP_PKEY **pkey); ++#endif + static void SSLGetter(v8::Local property, + const v8::PropertyCallbackInfo& info); + +@@ -645,6 +657,7 @@ class PublicKeyCipher { + static void Cipher(const v8::FunctionCallbackInfo& args); + }; + ++#ifndef OPENSSL_NO_DH + class DiffieHellman : public BaseObject { + public: + ~DiffieHellman() override { +@@ -690,7 +703,9 @@ class DiffieHellman : public BaseObject { + int verifyError_; + DH* dh; + }; ++#endif + ++# ifndef OPENSSL_NO_ECDH + class ECDH : public BaseObject { + public: + ~ECDH() override { +@@ -727,6 +742,7 @@ class ECDH : public BaseObject { + EC_KEY* key_; + const EC_GROUP* group_; + }; ++#endif + + bool EntropySource(unsigned char* buffer, size_t length); + #ifndef OPENSSL_NO_ENGINE +diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc +index 7c5df11..3e06621 100644 +--- a/src/tls_wrap.cc ++++ b/src/tls_wrap.cc +@@ -142,7 +142,15 @@ void TLSWrap::InitSSL() { + + InitNPN(sc_); + ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L + SSL_set_cert_cb(ssl_, SSLWrap::SSLCertCallback, this); ++#else ++ /* 1.0.1 and less have at most for the client side the function ++ SSL_CTX_set_client_cert_cb(ssl_->ctx, SSLWrap::SSLCertCallback); ++ but on the client it is not needed/used by this implementation. ++ For more info see comments in src/node_crypto.cc Connection::New(). ++ */ ++#endif + + if (is_server()) { + SSL_set_accept_state(ssl_); +-- +2.9.0 + diff --git a/SOURCES/nodejs-disable-gyp-deps.patch b/SOURCES/nodejs-disable-gyp-deps.patch new file mode 100644 index 0000000..91f0f09 --- /dev/null +++ b/SOURCES/nodejs-disable-gyp-deps.patch @@ -0,0 +1,25 @@ +From 8a53e16138f7fa4371eebde91d3bf216285e75a0 Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Tue, 1 Dec 2015 16:35:29 -0500 +Subject: [PATCH 1/2] disable running gyp files for bundled deps + +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 94eb419..a2b682b 100644 +--- a/Makefile ++++ b/Makefile +@@ -49,7 +49,7 @@ $(NODE_G_EXE): config.gypi out/Makefile + $(MAKE) -C out BUILDTYPE=Debug V=$(V) + ln -fs out/Debug/$(NODE_EXE) $@ + +-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp deps/zlib/zlib.gyp deps/v8/build/toolchain.gypi deps/v8/build/features.gypi deps/v8/tools/gyp/v8.gyp node.gyp config.gypi ++out/Makefile: common.gypi deps/v8/build/toolchain.gypi deps/v8/build/features.gypi deps/v8/tools/gyp/v8.gyp node.gyp config.gypi + $(PYTHON) tools/gyp_node.py -f make + + config.gypi: configure +-- +2.5.0 + diff --git a/SOURCES/nodejs-tarball.sh b/SOURCES/nodejs-tarball.sh new file mode 100755 index 0000000..e7e9613 --- /dev/null +++ b/SOURCES/nodejs-tarball.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1) +wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz +tar -zxf node-v${version}.tar.gz +rm -rf node-v${version}/deps/openssl +tar -zcf node-v${version}-stripped.tar.gz node-v${version} diff --git a/SOURCES/nodejs-use-system-certs.patch b/SOURCES/nodejs-use-system-certs.patch new file mode 100644 index 0000000..1704407 --- /dev/null +++ b/SOURCES/nodejs-use-system-certs.patch @@ -0,0 +1,87 @@ +From e0aac817a87c927f70a6f8edb63a4103a4109dfc Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Tue, 1 Dec 2015 16:29:07 -0500 +Subject: [PATCH 2/2] Do not bundle CA Certificates +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CA Certificates are provided by Fedora. + +Forwarded: need some feedback before submitting the matter upstream +Author: Jérémy Lal +Last-Update: 2014-03-02 + +Modified 2014-05-02 by T.C. Hollingsworth with the +correct path for Fedora + +Modified 2015-12-01 by Stephen Gallagher to update for +Node.js 4.2 + +Modified 2016-03-04 by Stephen Gallagher to update for +Node.js 5.7.1 +--- + src/node_crypto.cc | 28 ++++++++-------------------- + 1 file changed, 8 insertions(+), 20 deletions(-) + +diff --git a/src/node_crypto.cc b/src/node_crypto.cc +index acd83e9f2f41ade75ee9a3c8061acfa8b3dbf0f4..70ffe035f8be24b2eb6daf71185649d8ae7d579f 100644 +--- a/src/node_crypto.cc ++++ b/src/node_crypto.cc +@@ -119,11 +119,11 @@ static X509_NAME *cnnic_ev_name = + sizeof(CNNIC_EV_ROOT_CA_SUBJECT_DATA)-1); + + static Mutex* mutexes; + + const char* const root_certs[] = { +-#include "node_root_certs.h" // NOLINT(build/include_order) ++ NULL + }; + + X509_STORE* root_cert_store; + + // Just to generate static methods +@@ -748,33 +748,21 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo& args) { + (void) &clear_error_on_return; // Silence compiler warning. + + CHECK_EQ(sc->ca_store_, nullptr); + + if (!root_cert_store) { +- root_cert_store = X509_STORE_new(); +- +- for (size_t i = 0; i < arraysize(root_certs); i++) { +- BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i])); +- if (bp == nullptr) { +- return; +- } +- +- X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr); +- if (x509 == nullptr) { +- BIO_free_all(bp); +- return; +- } +- +- X509_STORE_add_cert(root_cert_store, x509); +- +- BIO_free_all(bp); +- X509_free(x509); ++ if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/pki/tls/certs/ca-bundle.crt", NULL) == 1) { ++ root_cert_store = SSL_CTX_get_cert_store(sc->ctx_); ++ } else { ++ // empty store ++ root_cert_store = X509_STORE_new(); + } ++ } else { ++ SSL_CTX_set_cert_store(sc->ctx_, root_cert_store); + } + + sc->ca_store_ = root_cert_store; +- SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_); + } + + + void SecureContext::SetCiphers(const FunctionCallbackInfo& args) { + SecureContext* sc; +-- +2.7.2 + diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec new file mode 100644 index 0000000..eb0816b --- /dev/null +++ b/SPECS/nodejs.spec @@ -0,0 +1,587 @@ +%{?scl:%scl_package nodejs} +%{!?scl:%global pkg_name %{name}} +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} + +%global with_debug 1 + +# ARM builds currently break on the Debug builds, so we'll just +# build the standard runtime until that gets sorted out. +%ifarch %{arm} aarch64 %{power64} +%global with_debug 0 +%endif + +Name: %{?scl_prefix}nodejs +Version: 6.9.1 +Release: 2%{?dist} +Summary: JavaScript runtime +License: MIT and ASL 2.0 and ISC and BSD +URL: http://nodejs.org/ + +ExclusiveArch: %{nodejs_arches} + +# nodejs bundles openssl, but we use the system version in Fedora +# because openssl contains prohibited code, we remove openssl completely from +# the tarball, using the script in Source100 +Source0: node-v%{version}-stripped.tar.gz +Source100: %{pkg_name}-tarball.sh + +# The native module Requires generator remains in the nodejs SRPM, so it knows +# the nodejs and v8 versions. The remainder has migrated to the +# nodejs-packaging SRPM. +#Source7: nodejs_native.attr + +# Disable running gyp on bundled deps we don't use +Patch1: nodejs-disable-gyp-deps.patch + +# use system certificates instead of the bundled ones +# modified version of Debian patch: +# http://patch-tracker.debian.org/patch/series/view/nodejs/0.10.26~dfsg1-1/2014_donotinclude_root_certs.patch +Patch2: nodejs-use-system-certs.patch + +# openssl-1.0.2 isn't in RHEL yet, so we use old one +Patch3: 0002-Use-openssl-1.0.1.patch + +# some tests are failing, we turn them off +Patch4: 0001-Disable-crypto-tests.patch +Patch5: 0001-Disable-failing-tests.patch + + +# V8 presently breaks ABI at least every x.y release while never bumping SONAME +#%global v8_version 5.1.281.84 +%global v8_abi 5.1 + +BuildRequires: %{?scl_prefix}gyp +BuildRequires: %{?scl_prefix}scldevel +BuildRequires: python-devel +BuildRequires: %{?scl_prefix}libuv-devel >= 1.9.1 +BuildRequires: %{?scl_prefix}http-parser-devel >= 2.7.0 +BuildRequires: zlib-devel +BuildRequires: openssl-devel +BuildRequires: procps-ng +Requires: %{?scl_prefix}libuv >= 1.9.1 +Requires: %{?scl_prefix}http-parser >= 2.7.0 +Requires: openssl + +# Node.js requires some features from openssl 1.0.1 for SPDY support +#BuildRequires: openssl-devel >= 1:1.0.2 + +# we need the system certificate store when Patch2 is applied +Requires: ca-certificates + +#we need ABI virtual provides where SONAMEs aren't enough/not present so deps +#break when binary compatibility is broken +%global nodejs_abi 6.9 +Provides: %{?scl_prefix}nodejs(abi) = %{nodejs_abi} +Provides: %{?scl_prefix}nodejs(v8-abi) = %{v8_abi} + +#this corresponds to the "engine" requirement in package.json +Provides: %{?scl_prefix}nodejs(engine) = %{version} + +# Node.js currently has a conflict with the 'node' package in Fedora +# The ham-radio group has agreed to rename their binary for us, but +# in the meantime, we're setting an explicit Conflicts: here +Conflicts: %{?scl_prefix}node <= 0.3.2-12 + +# The punycode module was absorbed into the standard library in v0.6. +# It still exists as a seperate package for the benefit of users of older +# versions. Since we've never shipped anything older than v0.10 in Fedora, +# we don't need the seperate nodejs-punycode package, so we Provide it here so +# dependent packages don't need to override the dependency generator. +# See also: RHBZ#11511811 +# UPDATE: punycode will be unabsorbed from node in v7/v8 release +Provides: %{?scl_prefix}nodejs-punycode = 2.0.0 +Provides: %{?scl_prefix}npm(punycode) = 2.0.0 + + +# Node.js has forked c-ares from upstream in an incompatible way, so we need +# to carry the bundled version internally. +# See https://github.com/nodejs/node/commit/766d063e0578c0f7758c3a965c971763f43fec85 +Provides: %{?scl_prefix}bundled(c-ares) = 1.10.1 + +# Node.js is closely tied to the version of v8 that is used with it. It makes +# sense to use the bundled version because upstream consistently breaks ABI +# even in point releases. Node.js upstream has now removed the ability to build +# against a shared system version entirely. +# See https://github.com/nodejs/node/commit/d726a177ed59c37cf5306983ed00ecd858cfbbef +Provides: %{?scl_prefix}bundled(v8) = 5.1.281.84 + +# Node.js and http-parser share an upstream. The http-parser upstream does not +# do releases often and is almost always far behind the bundled version +#Provides: %%{?scl_prefix}bundled(http-parser) = 2.5.1 + +%description +Node.js is a platform built on Chrome's JavaScript runtime +for easily building fast, scalable network applications. +Node.js uses an event-driven, non-blocking I/O model that +makes it lightweight and efficient, perfect for data-intensive +real-time applications that run across distributed devices. + +%package devel +Summary: JavaScript runtime - development headers +Requires: %{?scl_prefix}%{pkg_name}%{?_isa} == %{version}-%{release} +Requires: %{?scl_prefix}libuv-devel%{?_isa} %{?scl_prefix}http-parser-devel%{?_isa} +Requires: openssl-devel%{?_isa} zlib-devel%{?_isa} +Requires: %{?scl_prefix}runtime + +%description devel +Development headers for the Node.js JavaScript runtime. + +%package docs +Summary: Node.js API documentation +Group: Documentation +BuildArch: noarch + +%description docs +The API documentation for the Node.js JavaScript runtime. + +%prep +%setup -q -n node-v%{version} + +# remove bundled dependencies that we aren't building +%patch1 -p1 +rm -rf deps/npm \ + deps/uv \ + deps/http-parser \ + deps/zlib + +# remove bundled CA certificates +%patch2 -p1 +rm -f src/node_root_certs.h + +# use old openssl +%patch3 -p1 + +# disable tests +%patch4 -p1 +%patch5 -p1 + +%build +# build with debugging symbols and add defines from libuv (#892601) +# Node's v8 breaks with GCC 8 because of incorrect usage of methods on +# NULL objects. We need to pass -fno-delete-null-pointer-checks +export CFLAGS='%{optflags} -g \ + -D_LARGEFILE_SOURCE \ + -D_FILE_OFFSET_BITS=64 \ + -DZLIB_CONST \ + -fno-delete-null-pointer-checks' + +export CXXFLAGS='%{optflags} -g \ + -D_LARGEFILE_SOURCE \ + -D_FILE_OFFSET_BITS=64 \ + -DZLIB_CONST \ + -fno-delete-null-pointer-checks -I%{_includedir}' + +export LDFLAGS='%{optflags} -L%{_libdir}' + +./configure --prefix=%{_prefix} \ + --shared-http-parser \ + --shared-zlib \ + --shared-libuv \ + --without-npm \ + --without-dtrace \ + --shared-openssl + + +%if %{?with_debug} == 1 +# Setting BUILDTYPE=Debug builds both release and debug binaries +%{?scl:scl enable %{scl} - << \EOF} +make BUILDTYPE=Debug %{?_smp_mflags} +%{?scl:EOF} +%else +%{?scl:scl enable %{scl} - << \EOF} +make BUILDTYPE=Release %{?_smp_mflags} +%{?scl:EOF} +%endif + +%install +./tools/install.py install %{buildroot} %{_prefix} + +# and remove dtrace file again +rm -rf %{buildroot}/%{_prefix}/lib/dtrace + +# Set the binary permissions properly +chmod 0755 %{buildroot}/%{_bindir}/node + +%if %{?with_debug} == 1 +# Install the debug binary and set its permissions +install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g +%endif + +# own the sitelib directory +mkdir -p %{buildroot}%{_prefix}/lib/node_modules + +# ensure Requires are added to every native module that match the Provides from +# the nodejs build in the buildroot +#install -Dpm0644 %%{SOURCE7} %%{buildroot}%{_rpmconfigdir}/fileattrs/nodejs_native.attr +#cat << EOF > %{buildroot}%{_rpmconfigdir}/nodejs_native.req +#!/bin/sh +#echo 'nodejs(abi) = %nodejs_abi' +#echo 'nodejs(v8-abi) = %v8_abi' +#EOF +#chmod 0755 %{buildroot}%{_rpmconfigdir}/nodejs_native.req + +#install documentation +mkdir -p %{buildroot}%{_pkgdocdir}/html +cp -pr doc/* %{buildroot}%{_pkgdocdir}/html +rm -f %{buildroot}%{_pkgdocdir}/html/nodejs.1 + +#node-gyp needs common.gypi too +mkdir -p %{buildroot}%{_datadir}/node +cp -p common.gypi %{buildroot}%{_datadir}/node + +# Install the GDB init tool into the documentation directory +mv %{buildroot}/%{_datadir}/doc/node/gdbinit %{buildroot}/%{_pkgdocdir}/gdbinit + +%check +%{?scl:scl enable %{scl} "} +python tools/test.py --mode=release parallel -J +%{?scl:"} + +%files +%{_bindir}/node +%{_mandir}/man1/node.* +%dir %{_prefix}/lib/node_modules +%dir %{_datadir}/node +%dir %{_datadir}/systemtap +%dir %{_datadir}/systemtap/tapset +%{_datadir}/systemtap/tapset/node.stp +#%%{_rpmconfigdir}/fileattrs/nodejs_native.attr +#%%{_rpmconfigdir}/nodejs_native.req +%dir %{_pkgdocdir} +%license LICENSE +%doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md +%doc ROADMAP.md WORKING_GROUPS.md + + +%files devel +%if %{?with_debug} == 1 +%{_bindir}/node_g +%endif +%{_includedir}/node +%{_datadir}/node/common.gypi +%{_pkgdocdir}/gdbinit + +%files docs +%dir %{_pkgdocdir} +%{_pkgdocdir}/html + +%changelog +* Wed Jan 11 2017 Zuzana Svetlikova - 6.9.1-2 +- Rebuild from zvetlik/rh-nodejs6 +- newer releases have problems with debug +- add procps-ng for tests +- remove unused patches + +* Thu Nov 03 2016 Zuzana Svetlikova - 6.9.1-1 +- Update to 6.9.1 + +* Wed Oct 19 2016 Zuzana Svetlikova - 6.9.0-1 +- update to v6.9.0 LTS + +* Tue Oct 04 2016 Zuzana Svetlikova - 6.7.0-5 +- Disable failing crypto tests + +* Tue Oct 04 2016 Zuzana Svetlikova - 6.7.0-4 +- Require openssl + +* Tue Oct 04 2016 Zuzana Svetlikova - 6.7.0-2 +- Build with shared openssl with EPEL7 patch + +* Mon Oct 03 2016 Zuzana Svetlikova - 6.7.0-1 +- Update to 6.7.0 + +* Wed Aug 31 2016 Zuzana Svetlikova - 6.5.0-1 +- Update to 6.5.0, meanwhile built with bundled openssl +- update system-certs patch + +* Wed Apr 06 2016 Tomas Hrcka - 4.4.2-1 +- Rebase to latest upstream LTS release 4.4.2 +- https://nodejs.org/en/blog/release/v4.4.1/ + +* Tue Apr 05 2016 Tomas Hrcka - 4.4.1-2 +- Rebase to latest upstream LTS release 4.4.1 +- https://nodejs.org/en/blog/release/v4.4.1/ + +* Thu Mar 17 2016 Tomas Hrcka - 4.4.0-1 +- Rebase to latest upstream LTS release 4.4.0 + +* Tue Mar 01 2016 Tomas Hrcka - 4.3.0-5 +- New upstream release 4.3.0 +- https://nodejs.org/en/blog/release/v4.3.0/ +- Build with bundled openssl, this will be reverted ASAP +- Unbundled http-parser + +* Thu Jul 16 2015 Tomas Hrcka - 0.10.40-1 +- Rebase to latest upstream release + +* Wed Jul 01 2015 Tomas Hrcka - 0.10.39-1 +- Rebase to latest upstream release + +* Wed Mar 25 2015 Tomas Hrcka - 0.10.35-4 +- Enable tests during build time + +* Tue Mar 17 2015 Tomas Hrcka - 0.10.35-2 +- Reflect dependency on specific ABI changes in v8 +- RHBZ#1197110 + +* Wed Jan 07 2015 Tomas Hrcka - 0.10.35-1 +- New upstream release 0.10.35 + +* Sun Feb 02 2014 Tomas Hrcka - 0.10.25-1 +- New upstream release 0.10.25 + +* Tue Jan 14 2014 Tomas Hrcka - 0.10.24-1 +- new upstream release 0.10.24 + +* Tue Nov 26 2013 Tomas Hrcka - 0.10.21-3 +- rebuilt with v8314 collection + +* Tue Nov 12 2013 T.C. Hollingsworth - 0.10.22-1 +- new upstream release 0.10.22 + http://blog.nodejs.org/2013/11/12/node-v0-10-22-stable/ + +* Mon Oct 21 2013 Tomas Hrcka - 0.10.21-2 +- Build with system wide c-ares + +* Fri Oct 18 2013 T.C. Hollingsworth - 0.10.21-1 +- new upstream release 0.10.21 + http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/ +- resolves an undisclosed security vulnerability in the http module + +* Tue Oct 01 2013 T.C. Hollingsworth - 0.10.20-1 +- new upstream release 0.10.20 + http://blog.nodejs.org/2013/09/30/node-v0-10-20-stable/ + +* Wed Sep 25 2013 T.C. Hollingsworth - 0.10.19-1 +- new upstream release 0.10.19 + http://blog.nodejs.org/2013/09/24/node-v0-10-19-stable/ + +* Fri Sep 06 2013 T.C. Hollingsworth - 0.10.18-1 +- new upstream release 0.10.18 + http://blog.nodejs.org/2013/09/04/node-v0-10-18-stable/ + +* Tue Aug 27 2013 T.C. Hollingsworth - 0.10.17-1 +- new upstream release 0.10.17 + http://blog.nodejs.org/2013/08/21/node-v0-10-17-stable/ + +* Sat Aug 17 2013 T.C. Hollingsworth - 0.10.16-1 +- new upstream release 0.10.16 + http://blog.nodejs.org/2013/08/16/node-v0-10-16-stable/ +- add v8-devel to -devel Requires +- restrict -devel Requires to the same architecture + +* Wed Aug 14 2013 T.C. Hollingsworth - 0.10.14-3 +- fix typo in _isa macro in v8 Requires + +* Wed Aug 07 2013 Tomas Hrcka - 0.10.5-6 + - Remove badly licensed fonts in script instead of patch + +* Thu Jul 25 2013 T.C. Hollingsworth - 0.10.14-1 +- new upstream release 0.10.14 + http://blog.nodejs.org/2013/07/25/node-v0-10-14-stable/ + +* Wed Jul 10 2013 T.C. Hollingsworth - 0.10.13-1 +- new upstream release 0.10.13 + http://blog.nodejs.org/2013/07/09/node-v0-10-13-stable/ +- remove RPM macros, etc. now that they've migrated to nodejs-packaging + +* Wed Jun 19 2013 Tomas Hrcka - 0.10.5-5 + - added patch to remove badly licensed web fonts + +* Wed Jun 19 2013 Tomas Hrcka - 0.10.5-5 + - added patch to remove badly licensed web fonts + +* Wed Jun 19 2013 Tomas Hrcka - 0.10.5-4 + - strip openssl from the tarball it contains prohibited code (RHBZ#967736) + - patch makefile so it do not use bundled deps + - new stripped tarball + +* Wed Jun 19 2013 T.C. Hollingsworth - 0.10.12-1 +- new upstream release 0.10.12 + http://blog.nodejs.org/2013/06/18/node-v0-10-12-stable/ +- split off a -packaging subpackage with RPM macros, etc. +- build -docs as noarch +- copy mutiple version logic from nodejs-packaging SRPM for now + +* Fri May 31 2013 T.C. Hollingsworth - 0.10.9-1 +- new upstream release 0.10.9 + http://blog.nodejs.org/2013/05/30/node-v0-10-9-stable/ + +* Wed May 29 2013 T.C. Hollingsworth - 0.10.8-1 +- new upstream release 0.10.8 + http://blog.nodejs.org/2013/05/24/node-v0-10-8-stable/ + +* Wed May 29 2013 T.C. Hollingsworth - 0.10.7-1 +- new upstream release 0.10.7 + http://blog.nodejs.org/2013/05/17/node-v0-10-7-stable/ +- strip openssl from the tarball; it contains prohibited code (RHBZ#967736) +- patch Makefile so we can just remove all bundled deps completely + +* Wed May 15 2013 T.C. Hollingsworth - 0.10.6-1 +- new upstream release 0.10.6 + http://blog.nodejs.org/2013/05/14/node-v0-10-6-stable/ + +* Tue May 14 2013 Tomas Hrcka - 0.10.5-3.1 + - updated to latest upstream stable release + +* Mon May 06 2013 T.C. Hollingsworth - 0.10.5-3 +- nodejs-fixdep: work properly when a package has no dependencies + +* Mon Apr 29 2013 T.C. Hollingsworth - 0.10.5-2 +- nodejs-symlink-deps: make it work when --check is used and just + devDependencies exist + +* Wed Apr 24 2013 T.C. Hollingsworth - 0.10.5-1 +- new upstream release 0.10.5 + http://blog.nodejs.org/2013/04/23/node-v0-10-5-stable/ + +* Mon Apr 15 2013 T.C. Hollingsworth - 0.10.4-1 +- new upstream release 0.10.4 + http://blog.nodejs.org/2013/04/11/node-v0-10-4-stable/ +- drop dependency generator files not supported on EL6 +- port nodejs_default_filter to EL6 +- add nodejs_find_provides_and_requires macro to invoke dependency generator +- invoke the standard RPM provides and requires generators from the Node.js ones +- write native module Requires from nodejs.req +- change the c-ares-devel Requires in -devel to match the BuildRequires + +* Tue Apr 09 2013 Stephen Gallagher - 0.10.3-2.1 +- Build against c-ares 1.9 + +* Mon Apr 08 2013 Stanislav Ochotnicky - 0.10.3-3 +- Add support for software collections +- Move rpm macros and tooling to separate package +- add no-op macro to permit spec compatibility with EPEL + +* Thu Apr 04 2013 T.C. Hollingsworth - 0.10.3-2 +- nodejs-symlink-deps: symlink unconditionally in the buildroot + +* Wed Apr 03 2013 T.C. Hollingsworth - 0.10.3-1 +- new upstream release 0.10.3 + http://blog.nodejs.org/2013/04/03/node-v0-10-3-stable/ +- nodejs-symlink-deps: only create symlink if target exists +- nodejs-symlink-deps: symlink devDependencies when --check is used + +* Sun Mar 31 2013 T.C. Hollingsworth - 0.10.2-1 +- new upstream release 0.10.2 + http://blog.nodejs.org/2013/03/28/node-v0-10-2-stable/ +- remove %%nodejs_arches macro since it will only be useful if it is present in + the redhat-rpm-config package +- add default filtering macro to remove unwanted Provides from native modules +- nodejs-symlink-deps now supports multiple modules in one SRPM properly +- nodejs-symlink-deps also now supports a --check argument that works in the + current working directry instead of the buildroot + +* Fri Mar 22 2013 T.C. Hollingsworth - 0.10.1-1 +- new upstream release 0.10.1 + http://blog.nodejs.org/2013/03/21/node-v0-10-1-stable/ + +* Wed Mar 20 2013 T.C. Hollingsworth - 0.10.0-4 +- fix escaping in dependency generator regular expressions (RHBZ#923941) + +* Wed Mar 13 2013 T.C. Hollingsworth - 0.10.0-3 +- add virtual ABI provides for node and v8 so binary module's deps break when + binary compatibility is broken +- automatically add matching Requires to nodejs binary modules +- add %%nodejs_arches macro to future-proof ExcluseArch stanza in dependent + packages + +* Tue Mar 12 2013 Stephen Gallagher - 0.10.0-2 +- Fix up documentation subpackage + +* Mon Mar 11 2013 Stephen Gallagher - 0.10.0-1 +- Update to stable 0.10.0 release +- https://raw.github.com/joyent/node/v0.10.0/ChangeLog + +* Thu Feb 14 2013 Fedora Release Engineering - 0.9.5-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Jan 22 2013 T.C. Hollingsworth - 0.9.5-10 +- minor bugfixes to RPM magic + - nodejs-symlink-deps: don't create an empty node_modules dir when a module + has no dependencies + - nodes-fixdep: support adding deps when none exist +- Add the full set of headers usually bundled with node as deps to nodejs-devel. + This way `npm install` for native modules that assume the stuff bundled with + node exists will usually "just work". +-move RPM magic to nodejs-devel as requested by FPC + +* Sat Jan 12 2013 T.C. Hollingsworth - 0.9.5-9 +- fix brown paper bag bug in requires generation script + +* Thu Jan 10 2013 Stephen Gallagher - 0.9.5-8 +- Build debug binary and install it in the nodejs-devel subpackage + +* Thu Jan 10 2013 T.C. Hollingsworth - 0.9.5-7 +- don't use make install since it rebuilds everything + +* Thu Jan 10 2013 T.C. Hollingsworth - 0.9.5-6 +- add %%{?isa}, epoch to v8 deps + +* Wed Jan 09 2013 T.C. Hollingsworth - 0.9.5-5 +- add defines to match libuv (#892601) +- make v8 dependency explicit (and thus more accurate) +- add -g to $C(XX)FLAGS instead of patching configure to add it +- don't write pointless 'npm(foo) > 0' deps + +* Sat Jan 05 2013 T.C. Hollingsworth - 0.9.5-4 +- install development headers +- add nodejs_sitearch macro + +* Wed Jan 02 2013 T.C. Hollingsworth - 0.9.5-3 +- make nodejs-symlink-deps actually work + +* Tue Jan 01 2013 T.C. Hollingsworth - 0.9.5-2 +- provide nodejs-devel so modules can BuildRequire it (and be consistent + with other interpreted languages in the distro) + +* Tue Jan 01 2013 T.C. Hollingsworth - 0.9.5-1 +- new upstream release 0.9.5 +- provide nodejs-devel for the moment +- fix minor bugs in RPM magic +- add nodejs_fixdep macro so packagers can easily adjust dependencies in + package.json files + +* Wed Dec 26 2012 T.C. Hollingsworth - 0.9.4-1 +- new upstream release 0.9.4 +- system library patches are now upstream +- respect optflags +- include documentation in subpackage +- add RPM dependency generation and related magic +- guard libuv depedency so it always gets bumped when nodejs does +- add -devel subpackage with enough to make node-gyp happy + +* Thu Dec 20 2012 Stephen Gallagher - 0.9.3-9 +- Drop requirement on openssl 1.0.1 + +* Wed Dec 19 2012 Dan Horák - 0.9.3-8 +- set exclusive arch list to match v8 + +* Tue Dec 18 2012 Stephen Gallagher - 0.9.3-7 +- Add remaining changes from code review +- Remove unnecessary BuildRequires on findutils +- Remove %%clean section + +* Fri Dec 14 2012 Stephen Gallagher - 0.9.3-6 +- Fixes from code review +- Fix executable permissions +- Correct the License field +- Build debuginfo properly + +* Thu Dec 13 2012 Stephen Gallagher - 0.9.3-5 +- Return back to using the standard binary name +- Temporarily adding a conflict against the ham radio node package until they + complete an agreed rename of their binary. + +* Wed Nov 28 2012 Stephen Gallagher - 0.9.3-4 +- Rename binary and manpage to nodejs + +* Mon Nov 19 2012 Stephen Gallagher - 0.9.3-3 +- Update to latest upstream development release 0.9.3 +- Include upstreamed patches to unbundle dependent libraries + +* Tue Oct 23 2012 Adrian Alves 0.8.12-1 +- Fixes and Patches suggested by Matthias Runge + +* Mon Apr 09 2012 Adrian Alves 0.6.5 +- First build.