From ecbebed7ef7eece8cffc878fc2e6a95530f92f46 Mon Sep 17 00:00:00 2001 From: Enno Boland Date: Fri, 10 Jul 2015 07:51:47 +0200 Subject: [PATCH] iojs: update to 2.3.4. --- srcpkgs/iojs/patches/X509_verify_cert.patch | 75 ------------------- ...alternate_chains_certificate_forgery.patch | 12 --- srcpkgs/iojs/template | 6 +- 3 files changed, 3 insertions(+), 90 deletions(-) delete mode 100644 srcpkgs/iojs/patches/X509_verify_cert.patch delete mode 100644 srcpkgs/iojs/patches/alternate_chains_certificate_forgery.patch diff --git a/srcpkgs/iojs/patches/X509_verify_cert.patch b/srcpkgs/iojs/patches/X509_verify_cert.patch deleted file mode 100644 index 5a439c6367..0000000000 --- a/srcpkgs/iojs/patches/X509_verify_cert.patch +++ /dev/null @@ -1,75 +0,0 @@ ---- deps/openssl/openssl/crypto/x509/x509_vfy.c -+++ deps/openssl/openssl/crypto/x509/x509_vfy.c -@@ -193,6 +193,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); - return -1; - } -+ if (ctx->chain != NULL) { -+ /* -+ * This X509_STORE_CTX has already been used to verify a cert. We -+ * cannot do another one. -+ */ -+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return -1; -+ } - - cb = ctx->verify_cb; - -@@ -200,15 +208,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - * first we make sure the chain we are going to build is present and that - * the first entry is in place - */ -- if (ctx->chain == NULL) { -- if (((ctx->chain = sk_X509_new_null()) == NULL) || -- (!sk_X509_push(ctx->chain, ctx->cert))) { -- X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -- goto end; -- } -- CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); -- ctx->last_untrusted = 1; -+ if (((ctx->chain = sk_X509_new_null()) == NULL) || -+ (!sk_X509_push(ctx->chain, ctx->cert))) { -+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -+ goto end; - } -+ CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); -+ ctx->last_untrusted = 1; - - /* We use a temporary STACK so we can chop and hack at it */ - if (ctx->untrusted != NULL ---- deps/openssl/openssl/doc/crypto/X509_STORE_CTX_new.pod -+++ deps/openssl/openssl/doc/crypto/X509_STORE_CTX_new.pod -@@ -40,10 +40,15 @@ is no longer valid. - If B is NULL nothing is done. - - X509_STORE_CTX_init() sets up B for a subsequent verification operation. --The trusted certificate store is set to B, the end entity certificate --to be verified is set to B and a set of additional certificates (which --will be untrusted but may be used to build the chain) in B. Any or --all of the B, B and B parameters can be B. -+It must be called before each call to X509_verify_cert(), i.e. a B is only -+good for one call to X509_verify_cert(); if you want to verify a second -+certificate with the same B then you must call X509_XTORE_CTX_cleanup() -+and then X509_STORE_CTX_init() again before the second call to -+X509_verify_cert(). The trusted certificate store is set to B, the end -+entity certificate to be verified is set to B and a set of additional -+certificates (which will be untrusted but may be used to build the chain) in -+B. Any or all of the B, B and B parameters can be -+B. - - X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B - to B. This is an alternative way of specifying trusted certificates -diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod -index e5cfc6f..48055b0 100644 ---- deps/openssl/openssl/doc/crypto/X509_verify_cert.pod -+++ deps/openssl/openssl/doc/crypto/X509_verify_cert.pod -@@ -32,7 +32,8 @@ OpenSSL internally for certificate validation, in both the S/MIME and - SSL/TLS code. - - The negative return value from X509_verify_cert() can only occur if no --certificate is set in B (due to a programming error) or if a retry -+certificate is set in B (due to a programming error); if X509_verify_cert() -+twice without reinitialising B in between; or if a retry - operation is requested during internal lookups (which never happens with - standard lookup methods). It is however recommended that application check - for <= 0 return value on error. diff --git a/srcpkgs/iojs/patches/alternate_chains_certificate_forgery.patch b/srcpkgs/iojs/patches/alternate_chains_certificate_forgery.patch deleted file mode 100644 index cecbc12ab7..0000000000 --- a/srcpkgs/iojs/patches/alternate_chains_certificate_forgery.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- deps/openssl/openssl/crypto/x509/x509_vfy.c -+++ deps/openssl/openssl/crypto/x509/x509_vfy.c -@@ -392,8 +392,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - xtmp = sk_X509_pop(ctx->chain); - X509_free(xtmp); - num--; -- ctx->last_untrusted--; - } -+ ctx->last_untrusted = sk_X509_num(ctx->chain); - retry = 1; - break; - } diff --git a/srcpkgs/iojs/template b/srcpkgs/iojs/template index 055ce6e7c3..8d95ba9a7d 100644 --- a/srcpkgs/iojs/template +++ b/srcpkgs/iojs/template @@ -1,7 +1,7 @@ # Template file for 'iojs' pkgname=iojs -version=2.3.3 -revision=2 +version=2.3.4 +revision=1 wrksrc=iojs-v${version} hostmakedepends="pkg-config python" makedepends="zlib-devel python-devel @@ -13,7 +13,7 @@ maintainer="Enno Boland " license="MIT" homepage="http://iojs.org/" distfiles="${homepage}/dist/v${version}/${pkgname}-v${version}.tar.gz" -checksum=0384ea20739124c27dc9b47b8079f0c75efb33c7011c45f02243e9a015f8cd89 +checksum=18aeb8ad79b549f45caf6e4baa421046a0cd8f60102ac0986f19b19174962cc1 provides="nodejs-0.12.1_1" conflicts="nodejs>=0" build_options="ssl libuv http_parser"