main/nodejs: upgrade to 7.2.0

I also rewrote patch for using system-provided CA certificates, because
the patched code has changed a lot.

3 files changed, 64 insertions, 72 deletions

diff --git a/main/nodejs/APKBUILD b/main/nodejs/APKBUILD
index efa15e52c7..292efebbcb 100644
--- a/main/nodejs/APKBUILD
+++ b/main/nodejs/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
 # Maintainer: Jose-Luis Rivas <ghostbar@riseup.net>
 pkgname=nodejs
-pkgver=6.7.0
-pkgrel=1
+pkgver=7.2.0
+pkgrel=0
 pkgdesc="JavaScript runtime built on V8 engine"
 url="http://nodejs.org/"
 arch="all"
@@ -56,12 +57,12 @@ package() {
 	done
 }
 
-md5sums="a42b7ab2bcf5f8d94a432163d90f3026  node-v6.7.0.tar.gz
-14ce8e0fb44d5bf75974026900e0d8c2  use-system-ca-certs.patch
-5d99a53ef07e15fe882d449ed995bd91  dont-run-gyp-files-for-bundled-deps.patch"
-sha256sums="02b8ee1719a11b9ab22bef9279519efaaf31dd0d39cba4c3a1176ccda400b8d6  node-v6.7.0.tar.gz
-fcd2becd2cb9a62537ae11f51f448fd1061aaae17835bb0f2d2aa71bdf9652c0  use-system-ca-certs.patch
-c20a62b9dd64591b91a0c1dae649ac04cf7aec402672b349f8daa04f2a08a77b  dont-run-gyp-files-for-bundled-deps.patch"
-sha512sums="3cd095adc0866b780519006098b434e3b126f67a453e44863c773829de4ce29f573d13efa1c50af001009bdb433728309ef7109e144517ffc5dd5e3251b1f511  node-v6.7.0.tar.gz
-c540878495761f4c38f3cccd61da75fa5619637ba9887b7946964a7cef790178e26678fe0aabe400e32c8f0f65e97a519ceee1534bbf18a1a14bc6e9fe067637  use-system-ca-certs.patch
-a8be538158b7c96341a407acba30450ddc5c3ad764e7efe728d1ceff64efc3067b177855b9ef91b54400be6a02600d83da4c21a07ae9d7dc0774f92b2006ea8b  dont-run-gyp-files-for-bundled-deps.patch"
+md5sums="ea2dd2de3e93b601f576bf24c1ab56ec  node-v7.2.0.tar.gz
+a785f2e6018cdace456b0ab518474453  use-system-ca-certs.patch
+5b1b27a33063602990f5495d3b01b587  dont-run-gyp-files-for-bundled-deps.patch"
+sha256sums="c3f53a5d8cea145e25706bb21cdac62f1b3314db35785bcf468558a29cfc352f  node-v7.2.0.tar.gz
+e0384006b04fef35c2c5e65d0cde6aae7efbc314d38c3c9ade0ae599f2b77bc2  use-system-ca-certs.patch
+6886ee83f76eb68dc948da844e548f060caf360ca039bb2c1ee7ea0cd2d8dbf3  dont-run-gyp-files-for-bundled-deps.patch"
+sha512sums="80a3eab891894064a7669ea08659eb2f675076476e5436b0a1b78f83ea0ebfcfd226dfe1847b5368a07a1f1bbe3038d3011013b3cbe8d8ed093ec7caa29c9603  node-v7.2.0.tar.gz
+877669ed466606bc6afd67083d82b365a969b6626f4248a7f41249958a96e7bb6a6c656715c7b80e763bb53c6cf5789e604e15e05ff74f58e5441acc560350af  use-system-ca-certs.patch
+ba95f21b1e80717ef63941854e7ed412f64a91da068c0dbf0d6d9697333ee266c9f4cd7bf1a01111eeb28aa66adefd8a58cfb3e82debb84b43e35e9dc914dd36  dont-run-gyp-files-for-bundled-deps.patch"
diff --git a/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch b/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch
index d65b456aaf..ba521dc4fc 100644
--- a/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch
+++ b/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch
@@ -1,18 +1,21 @@
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Tue, 1 Dec 2015 16:35:29 -0500
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Sat, 26 Nov 2016 01:32:00 +0200
 Subject: Disable running gyp files for bundled deps
 
+Author: Stephen Gallagher <sgallagh@redhat.com>
+
+Modified 2016-11-26 by Jakub Jirutka <jakub@jirutka.cz> to update for
+Node.js 7.2.0
+
 --- a/Makefile
 +++ b/Makefile
-@@ -70,7 +70,7 @@ $(NODE_G_EXE): config.gypi out/Makefile
+@@ -72,8 +72,7 @@
  	$(MAKE) -C out BUILDTYPE=Debug V=$(V)
  	ln -fs out/Debug/$(NODE_EXE) $@
  
--out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp deps/zlib/zlib.gyp deps/v8/build/toolchain.gypi deps/v8/build/features.gypi deps/v8/tools/gyp/v8.gyp node.gyp config.gypi
-+out/Makefile: common.gypi deps/v8/build/toolchain.gypi deps/v8/build/features.gypi deps/v8/tools/gyp/v8.gyp node.gyp config.gypi
+-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \
+-              deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \
++out/Makefile: common.gypi deps/v8/gypfiles/toolchain.gypi \
+               deps/v8/gypfiles/features.gypi deps/v8/src/v8.gyp node.gyp \
+               config.gypi
  	$(PYTHON) tools/gyp_node.py -f make
- 
- config.gypi: configure
--- 
-2.9.0
-
diff --git a/main/nodejs/use-system-ca-certs.patch b/main/nodejs/use-system-ca-certs.patch
index 014b1cedf1..6e46c74b40 100644
--- a/main/nodejs/use-system-ca-certs.patch
+++ b/main/nodejs/use-system-ca-certs.patch
@@ -1,28 +1,10 @@
 From: Jakub Jirutka <jakub@jirutka.cz>
-Date: Sat, 26 Nov 2016 01:32:00 +0200
+Date: Sat, 26 Nov 2016 21:18:00 +0200
 Subject: Use system-provided CA certificates instead of bundled ones
 
-Forwarded: need some feedback before submitting the matter upstream
-Author: Jérémy Lal <kapouer@melix.org>
-Last-Update: 2014-03-02
-
-Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth@gmail.com> with the
-correct path for Fedora
-
-Modified 2015-12-01 by Stephen Gallagher <sgallagh@redhat.com> to update for
-Node.js 4.2
-
-Modified 2016-03-04 by Stephen Gallagher <sgallagh@redhat.com> to update for
-Node.js 5.4.1
-
-Modified 2016-07-26 by Haikel Guemar <hguemar@fedoraproject.org> to update for
-Node.js 4.4.7
-
-Modified 2016-11-26 by Jakub Jirutka <jakub@jirutka.cz> for Alpine Linux
-
 --- a/src/node_crypto.cc
 +++ b/src/node_crypto.cc
-@@ -192,8 +192,8 @@ static X509_NAME *cnnic_ev_name =
+@@ -116,8 +116,8 @@
  
  static Mutex* mutexes;
  
@@ -33,43 +15,49 @@ Modified 2016-11-26 by Jakub Jirutka <jakub@jirutka.cz> for Alpine Linux
  };
  
  X509_STORE* root_cert_store;
-@@ -847,29 +847,17 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
-   CHECK_EQ(sc->ca_store_, nullptr);
+@@ -688,25 +688,33 @@
+ 
+ 
+ static X509_STORE* NewRootCertStore() {
++  X509_STORE* store = X509_STORE_new();
++
+   if (!root_certs_vector) {
+     root_certs_vector = new std::vector<X509*>;
  
-   if (!root_cert_store) {
--    root_cert_store = X509_STORE_new();
--
 -    for (size_t i = 0; i < arraysize(root_certs); i++) {
 -      BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i]));
--      if (bp == nullptr) {
--        return;
--      }
--
 -      X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr);
+-      BIO_free(bp);
+-
 -      if (x509 == nullptr) {
--        BIO_free_all(bp);
--        return;
+-        // Parse errors from the built-in roots are fatal.
+-        ABORT();
+-        return nullptr;
 -      }
--
--      X509_STORE_add_cert(root_cert_store, x509);
--
--      BIO_free_all(bp);
--      X509_free(x509);
-+    if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/ssl/certs/ca-certificates.crt", NULL) == 1) {
-+      root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
-+    } else {
-+      // empty store
-+      root_cert_store = X509_STORE_new();
++    BIO* bio = BIO_new(BIO_s_file());
++    if (bio == nullptr) {
++      abort();
++      return nullptr;
++    }
++
++    if (BIO_read_filename(bio, "/etc/ssl/certs/ca-certificates.crt") == 1) {
++      STACK_OF(X509_INFO)* certs = PEM_X509_INFO_read_bio(bio, nullptr, nullptr, nullptr);
+ 
+-      root_certs_vector->push_back(x509);
++      for (int i = 0; i < sk_X509_INFO_num(certs); i++) {
++        X509* cert = sk_X509_INFO_value(certs, i)->x509;
++
++        if (cert) {
++          X509_up_ref(cert);
++          root_certs_vector->push_back(cert);
++        }
++      }
++      sk_X509_INFO_pop_free(certs, X509_INFO_free);
      }
-+  } else {
-+    SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
++    BIO_free_all(bio);
    }
  
-   sc->ca_store_ = root_cert_store;
--  SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);
- }
- 
- 
--- 
-2.9.0
-
+-  X509_STORE* store = X509_STORE_new();
+   for (auto& cert : *root_certs_vector) {
+     X509_up_ref(cert);
+     X509_STORE_add_cert(store, cert);