Browse Source

node: Update to 8.14.1

Mainly CVE fixes.

Added a patch to fix compilation without deprecated OpenSSL APIs.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
lilik-openwrt-22.03
Rosen Penev 6 years ago
committed by Yousong Zhou
parent
commit
2a758a1c68
2 changed files with 99 additions and 3 deletions
  1. +3
    -3
      lang/node/Makefile
  2. +96
    -0
      lang/node/patches/004-openssl-deprecated.patch

+ 3
- 3
lang/node/Makefile View File

@ -8,11 +8,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=node
PKG_VERSION:=v8.12.0
PKG_RELEASE:=2
PKG_VERSION:=v8.14.1
PKG_RELEASE:=1
PKG_SOURCE:=node-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://nodejs.org/dist/${PKG_VERSION}
PKG_HASH:=5a9dff58016c18fb4bf902d963b124ff058a550ebcd9840c677757387bce419a
PKG_HASH:=b1df87803ddffb76fc6739f025f69f6b8288514fcd2f278f0d675ac3d52a6b9b
HOST_BUILD_DEPENDS:=python/host
PKG_BUILD_DEPENDS:=python/host


+ 96
- 0
lang/node/patches/004-openssl-deprecated.patch View File

@ -0,0 +1,96 @@
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index c3779c0..611fb43 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -43,6 +43,11 @@
#include <string.h>
#include <vector>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_get0_notBefore X509_get_notBefore
+#define X509_get0_notAfter X509_get_notAfter
+#endif
+
#define THROW_AND_RETURN_IF_NOT_STRING_OR_BUFFER(val, prefix) \
do { \
if (!Buffer::HasInstance(val) && !val->IsString()) { \
@@ -536,6 +541,7 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
method = SSLv23_server_method();
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) {
method = SSLv23_client_method();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) {
method = TLSv1_method();
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) {
@@ -554,6 +560,14 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
method = TLSv1_2_server_method();
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) {
method = TLSv1_2_client_method();
+#else
+ } else if (strcmp(*sslmethod, "TLS_method") == 0) {
+ method = TLS_method();
+ } else if (strcmp(*sslmethod, "TLS_server_method") == 0) {
+ method = TLS_server_method();
+ } else if (strcmp(*sslmethod, "TLS_client_method") == 0) {
+ method = TLS_client_method();
+#endif
} else {
return env->ThrowError("Unknown method");
}
@@ -1799,7 +1813,7 @@ static Local<Object> X509ToObject(Environment* env, X509* cert) {
rsa = nullptr;
}
- ASN1_TIME_print(bio, X509_get_notBefore(cert));
+ ASN1_TIME_print(bio, X509_get0_notBefore(cert));
BIO_get_mem_ptr(bio, &mem);
info->Set(context, env->valid_from_string(),
String::NewFromUtf8(env->isolate(), mem->data,
@@ -1807,7 +1821,7 @@ static Local<Object> X509ToObject(Environment* env, X509* cert) {
mem->length)).FromJust();
(void) BIO_reset(bio);
- ASN1_TIME_print(bio, X509_get_notAfter(cert));
+ ASN1_TIME_print(bio, X509_get0_notAfter(cert));
BIO_get_mem_ptr(bio, &mem);
info->Set(context, env->valid_to_string(),
String::NewFromUtf8(env->isolate(), mem->data,
@@ -6194,8 +6208,12 @@ void TimingSafeEqual(const FunctionCallbackInfo<Value>& args) {
}
void InitCryptoOnce() {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings();
OPENSSL_no_config();
+#else
+ OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL);
+#endif
// --openssl-config=...
if (!openssl_config.empty()) {
@@ -6217,10 +6235,10 @@ void InitCryptoOnce() {
}
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_library_init();
OpenSSL_add_all_algorithms();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
crypto_lock_init();
CRYPTO_set_locking_callback(crypto_lock_cb);
CRYPTO_THREADID_set_callback(crypto_threadid_cb);
diff --git a/src/node_crypto.h b/src/node_crypto.h
index 58f5b72..875a787 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -37,6 +37,9 @@
#include "v8.h"
#include <openssl/ssl.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dh.h>
#include <openssl/ec.h>
#include <openssl/ecdh.h>
#ifndef OPENSSL_NO_ENGINE

Loading…
Cancel
Save