diff -Nru nodejs-8.10.0~dfsg/debian/changelog nodejs-8.10.0~dfsg/debian/changelog --- nodejs-8.10.0~dfsg/debian/changelog 2018-08-15 11:11:51.000000000 +0000 +++ nodejs-8.10.0~dfsg/debian/changelog 2018-11-07 16:49:05.000000000 +0000 @@ -1,15 +1,34 @@ -nodejs (8.10.0~dfsg-2ubuntu0.2~ubuntu16.04.1~ppa1) xenial; urgency=medium +nodejs (8.10.0~dfsg-2ubuntu0.4~ubuntu16.04.1~ppa1) xenial; urgency=medium * Backport to xenial: - Drop the nodejs-doc binary package and the node-js-yaml build-dependency; even after bootstrapping node-js-yaml, this fails to build API docs on xenial for unclear reasons. + - Revert to openssl and libssl1.0-dev, rather than openssl1.0 and + libssl1.0-dev which don't exist in xenial. - openssl-1.0.2g-compat.patch: Restore compatibility with OpenSSL 1.0.2g. - - test-tls-no-sslv3-xenial-compat.patch: Handle different -ssl3 error - message with xenial's OpenSSL. - -- Colin Watson Wed, 15 Aug 2018 12:11:51 +0100 + -- Colin Watson Wed, 07 Nov 2018 16:49:05 +0000 + +nodejs (8.10.0~dfsg-2ubuntu0.4) bionic; urgency=medium + + * Use openssl1.0 client binary in tests LP: #1798367 + - resurrect fix_sslv3_test.patch + - revert s_client_tls12.patch, as not needed with old ssl + - reenable-more-tests.patch - reenable openssl1.0 and zlib tests, they + should work + + -- Dimitri John Ledkov Wed, 17 Oct 2018 13:21:44 +0100 + +nodejs (8.10.0~dfsg-2ubuntu0.3) bionic; urgency=medium + + * Force dependency on openssl1.0 + The newer openssl has ABI change, and this version of nodejs + requires building with the older 1.0.2 version of openssl. + (LP: #1779863) + + -- Dan Streetman Mon, 23 Jul 2018 16:12:30 -0400 nodejs (8.10.0~dfsg-2ubuntu0.2) bionic-security; urgency=medium diff -Nru nodejs-8.10.0~dfsg/debian/patches/fix_sslv3_test.patch nodejs-8.10.0~dfsg/debian/patches/fix_sslv3_test.patch --- nodejs-8.10.0~dfsg/debian/patches/fix_sslv3_test.patch 1970-01-01 00:00:00.000000000 +0000 +++ nodejs-8.10.0~dfsg/debian/patches/fix_sslv3_test.patch 2018-10-17 12:11:02.000000000 +0000 @@ -0,0 +1,16 @@ +Description: properly handle how SSLv3 was disabled in openssl +Author: Marc Deslauriers +Last-Update: 2017-02-13 +Forwarded: not-needed + +--- a/test/parallel/test-tls-no-sslv3.js ++++ b/test/parallel/test-tls-no-sslv3.js +@@ -44,6 +44,8 @@ + process.on('exit', function() { + if (/unknown option -ssl3/.test(stderr)) { + common.printSkipMessage('`openssl s_client -ssl3` not supported.'); ++ } else if (/null ssl method passed/.test(stderr)) { ++ common.printSkipMessage('1..0 # Skipped: `openssl s_client -ssl3` is disabled.'); + } else { + assert.strictEqual(errors.length, 1); + // OpenSSL 1.0.x and 1.1.x report invalid client versions differently. diff -Nru nodejs-8.10.0~dfsg/debian/patches/reenable-more-tests.patch nodejs-8.10.0~dfsg/debian/patches/reenable-more-tests.patch --- nodejs-8.10.0~dfsg/debian/patches/reenable-more-tests.patch 1970-01-01 00:00:00.000000000 +0000 +++ nodejs-8.10.0~dfsg/debian/patches/reenable-more-tests.patch 2018-10-17 12:11:02.000000000 +0000 @@ -0,0 +1,19 @@ +Description: Re-enable tests that work with openssl1.0 and zlib + artful+ has new enough zlib +Author: Dimitri John Ledkov + +--- nodejs-8.11.4~dfsg.orig/test/parallel/parallel.status ++++ nodejs-8.11.4~dfsg/test/parallel/parallel.status +@@ -20,12 +20,6 @@ test-https-connect-address-family : SKIP + test-tls-connect-address-family : SKIP + test-dns-cancel-reverse-lookup: SKIP + +-# should have been disabled 'cause openssl 1.1.0 +-test-tls-ecdh-disable : SKIP +- +-# only works with zlib >= 1.2.11 +-test-zlib-failed-init: SKIP +- + # might fail, see https://github.com/nodejs/node/issues/17909 + test-fs-utimes: PASS,FLAKY + diff -Nru nodejs-8.10.0~dfsg/debian/patches/s_client_tls12.patch nodejs-8.10.0~dfsg/debian/patches/s_client_tls12.patch --- nodejs-8.10.0~dfsg/debian/patches/s_client_tls12.patch 2018-03-09 00:18:01.000000000 +0000 +++ nodejs-8.10.0~dfsg/debian/patches/s_client_tls12.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -Description: some tests use openssl client options that were dropped in version 1.1.0f-4, - namely, -tls1, -tls1.1. -Forwarded: not-needed -Last-Update: 2017-08-16 -Author: Jérémy Lal ---- a/test/parallel/parallel.status -+++ b/test/parallel/parallel.status -@@ -6,6 +6,8 @@ - - [true] # This section applies to all platforms - -+test-tls-alert: SKIP -+ - [$system==win32] - - [$system==linux] ---- a/test/parallel/test-tls-session-cache.js -+++ b/test/parallel/test-tls-session-cache.js -@@ -97,7 +97,6 @@ - server.listen(0, function() { - const args = [ - 's_client', -- '-tls1', - '-connect', `localhost:${this.address().port}`, - '-servername', 'ohgod', - '-key', fixtures.path('agent.key'), diff -Nru nodejs-8.10.0~dfsg/debian/patches/series nodejs-8.10.0~dfsg/debian/patches/series --- nodejs-8.10.0~dfsg/debian/patches/series 2018-08-15 11:11:51.000000000 +0000 +++ nodejs-8.10.0~dfsg/debian/patches/series 2018-11-07 16:47:04.000000000 +0000 @@ -1,4 +1,3 @@ -s_client_tls12.patch use_system_node_gyp.patch privacy_breach.patch build-doc-using-js-yaml.patch @@ -9,8 +8,9 @@ fix_disable_cctest.patch benchmark_without_alice.patch test-http2-connect-upstream-fix.patch +fix_sslv3_test.patch +reenable-more-tests.patch CVE-2018-7161.patch regen-test-certs.patch openssl-1.0.2g-compat.patch -test-tls-no-sslv3-xenial-compat.patch diff -Nru nodejs-8.10.0~dfsg/debian/patches/test_ci_buildd.patch nodejs-8.10.0~dfsg/debian/patches/test_ci_buildd.patch --- nodejs-8.10.0~dfsg/debian/patches/test_ci_buildd.patch 2018-03-16 00:22:35.000000000 +0000 +++ nodejs-8.10.0~dfsg/debian/patches/test_ci_buildd.patch 2018-10-17 12:11:02.000000000 +0000 @@ -44,7 +44,7 @@ +test-net-better-error-messages-port-hostname : SKIP + +# in debian build env, skip because it somehow tries to access network -+test-https-connect-address-family : SKIP ++test-https-connect-address-family : SKIP +test-tls-connect-address-family : SKIP +test-dns-cancel-reverse-lookup: SKIP + @@ -57,10 +57,10 @@ +# might fail, see https://github.com/nodejs/node/issues/17909 +test-fs-utimes: PASS,FLAKY + - test-tls-alert: SKIP - [$system==win32] -@@ -17,6 +40,10 @@ + + [$system==linux] +@@ -15,6 +38,10 @@ [$arch==arm || $arch==arm64] test-npm-install: PASS,FLAKY diff -Nru nodejs-8.10.0~dfsg/debian/patches/test-tls-no-sslv3-xenial-compat.patch nodejs-8.10.0~dfsg/debian/patches/test-tls-no-sslv3-xenial-compat.patch --- nodejs-8.10.0~dfsg/debian/patches/test-tls-no-sslv3-xenial-compat.patch 2018-08-15 11:11:26.000000000 +0000 +++ nodejs-8.10.0~dfsg/debian/patches/test-tls-no-sslv3-xenial-compat.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -Description: Handle different -ssl3 error message with xenial's OpenSSL -Author: Colin Watson - -Index: b/test/parallel/test-tls-no-sslv3.js -=================================================================== ---- a/test/parallel/test-tls-no-sslv3.js -+++ b/test/parallel/test-tls-no-sslv3.js -@@ -42,7 +42,8 @@ - server.on('tlsClientError', (err) => errors.push(err)); - - process.on('exit', function() { -- if (/unknown option -ssl3/.test(stderr)) { -+ if (/unknown option -ssl3/.test(stderr) || -+ /null ssl method passed/.test(stderr)) { - common.printSkipMessage('`openssl s_client -ssl3` not supported.'); - } else { - assert.strictEqual(errors.length, 1); diff -Nru nodejs-8.10.0~dfsg/debian/tests/control nodejs-8.10.0~dfsg/debian/tests/control --- nodejs-8.10.0~dfsg/debian/tests/control 2018-03-09 00:06:39.000000000 +0000 +++ nodejs-8.10.0~dfsg/debian/tests/control 2018-11-07 16:48:13.000000000 +0000 @@ -1,2 +1,2 @@ Test-Command: ./debian/rules check -Depends: @, ca-certificates, cdbs, python, procps, curl, build-essential +Depends: @, ca-certificates, cdbs, python, procps, curl, build-essential, openssl