Skip to content

net-libs/nodejs: add bundled-openssl useflag#2693

Closed
soredake wants to merge 1 commit intogentoo:masterfrom
soredake:nodejs-static-openssl
Closed

net-libs/nodejs: add bundled-openssl useflag#2693
soredake wants to merge 1 commit intogentoo:masterfrom
soredake:nodejs-static-openssl

Conversation

@soredake
Copy link
Contributor

@soredake soredake commented Oct 29, 2016

No description provided.

@soredake soredake changed the title net-libs/nodejs: add static-openssl useflag, to allow libressl install net-libs/nodejs: add bundled-openssl useflag Oct 29, 2016
@gentoo-repo-qa-bot
Copy link
Collaborator

gentoo-repo-qa-bot commented Oct 29, 2016

👍 All QA issues have been fixed!

@mgorny
Copy link
Member

mgorny commented Oct 31, 2016

You really need a very good reason to get this through. OpenSSL is a frequent recipient of CVEs, so bundling an old version is a guaranteed security issue.

@soredake
Copy link
Contributor Author

soredake commented Oct 31, 2016
edited
Loading

I switched my system to libressl, and i need nodejs installed, it's my reason.

@gktrk
Copy link
Contributor

gktrk commented Nov 1, 2016

@gentoo/proxy-maint @patricklauer

@gktrk gktrk added enhancement assigned PR successfully assigned to the package maintainer(s). labels Nov 1, 2016
@patricklauer
Copy link
Contributor

patricklauer commented Nov 1, 2016

CAN YOU PLEASE STOP SPAMMING ME.

Thanks you for your voluntary cooperation with this mandatory policy.

mgorny
mgorny requested changes Nov 1, 2016
View reviewed changes
Copy link
Member

@mgorny mgorny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I switched my system to libressl, and i need nodejs installed, it's my reason.

I'm sorry but that really doesn't outweigh the dangers imposed by bundled OpenSSL. Could you try to fix NodeJS to support LibreSSL instead?

@soredake
Copy link
Contributor Author

soredake commented Nov 1, 2016
edited
Loading

@mgorny i see void linux using libressl with node without patches now (old patch for old versions is here https://github.com/voidlinux/void-packages/pull/2574/commits/00b70d7d42308fb969827fea6f0840d7263b38e4), https://github.com/voidlinux/void-packages/blob/master/srcpkgs/nodejs/template#L8, but i have no luck with this.
nodejs/node#9376 is the only hope

@soredake soredake closed this Nov 5, 2016
@soredake soredake deleted the nodejs-static-openssl branch November 5, 2016 21:15
@ghost ghost mentioned this pull request Jan 15, 2017
Closed
@llacroix
Copy link

llacroix commented Feb 17, 2017

Could make sense to make a new patch, it's been 2 years and the old patch isn't working with more recent version such as >=7.2.x

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mgorny mgorny mgorny requested changes

Assignees

No one assigned

Labels

assigned PR successfully assigned to the package maintainer(s).

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@soredake @gentoo-repo-qa-bot @mgorny @gktrk @patricklauer @llacroix