Date   

Re: [PATCH 0/5] Upgrade nodejs to 12.22.12 and c-ares to 1.18.1

Ranjitsinh Rathod
 

Hi Armin,

I missed dunfell label during sending these patches.
Please consider this for dunfell branch and not for master ranch.

Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__________________________________________
KPIT | Follow us on LinkedIn


From: openembedded-devel@... <openembedded-devel@...> on behalf of Ranjitsinh Rathod via lists.openembedded.org <ranjitsinh.rathod=kpit.com@...>
Sent: Monday, August 8, 2022 7:39 PM
To: openembedded-devel@... <openembedded-devel@...>
Cc: akuster808@... <akuster808@...>; Ranjitsinh Rathod <ranjitsinhrathod1991@...>
Subject: [oe] [PATCH 0/5] Upgrade nodejs to 12.22.12 and c-ares to 1.18.1
 
Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe.

From: Ranjitsinh Rathod <ranjitsinhrathod1991@...>

This series upgrades nodejs to 12.22.12 which is the last release from
12.x branch
This nodejs has compile time dependencies with c-ares and so upgrade
c-ares to 1.18.1

Khem Raj (1):
  c-ares: Upgrade to 1.17.1 release

Ranjitsinh Rathod (1):
  nodejs: Upgrade to 12.22.12

Sinan Kaya (1):
  c-ares: remove custom patches

wangmy (2):
  c-ares: upgrade 1.17.1 -> 1.17.2
  c-ares: upgrade 1.17.2 -> 1.18.1

 .../nodejs/nodejs/CVE-2021-44532.patch        | 3090 -----------------
 .../{nodejs_12.22.2.bb => nodejs_12.22.12.bb} |    5 +-
 ...ror-mv-libcares.pc.cmakein-to-libcar.patch |   27 -
 ...-fix-formatting-and-handling-of-root.patch |  115 -
 ...d_name-should-escape-more-characters.patch |   90 -
 .../c-ares/cmake-install-libcares.pc.patch    |   84 -
 .../{c-ares_1.16.1.bb => c-ares_1.18.1.bb}    |   12 +-
 7 files changed, 4 insertions(+), 3419 deletions(-)
 delete mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-2021-44532.patch
 rename meta-oe/recipes-devtools/nodejs/{nodejs_12.22.2.bb => nodejs_12.22.12.bb} (97%)
 delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch
 delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch
 delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch
 delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch
 rename meta-oe/recipes-support/c-ares/{c-ares_1.16.1.bb => c-ares_1.18.1.bb} (53%)

--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[PATCH 1/5] nodejs: Upgrade to 12.22.12

Ranjitsinh Rathod
 

From: Ranjitsinh Rathod <ranjitsinh.rathod@...>

As per the below release note, it should be a last release for 12.x
stable LTS series.
Link: https://github.com/nodejs/node/releases/tag/v12.22.12

Remove CVE-2021-44532 fix as it already available in this release
v12.22.12

License-Update: src/gtest additional file in the LICENSE

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@...>
---
.../nodejs/nodejs/CVE-2021-44532.patch | 3090 -----------------
.../{nodejs_12.22.2.bb => nodejs_12.22.12.bb} | 5 +-
2 files changed, 2 insertions(+), 3093 deletions(-)
delete mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-2021-44532.patch
rename meta-oe/recipes-devtools/nodejs/{nodejs_12.22.2.bb => nodejs_12.22.12.bb} (97%)

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2021-44532.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2021-44532.patch
deleted file mode 100644
index dff7fe23a2..0000000000
--- a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2021-44532.patch
+++ /dev/null
@@ -1,3090 +0,0 @@
-From 19873abfb24dce75ffff042efe76dc5633052677 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@...>
-Date: Wed, 29 Dec 2021 19:30:57 -0500
-Subject: [PATCH] crypto,tls: implement safe x509 GeneralName format
-
-This change introduces JSON-compatible escaping rules for strings that
-include X.509 GeneralName components (see RFC 5280). This non-standard
-format avoids ambiguities and prevents injection attacks that could
-previously lead to X.509 certificates being accepted even though they
-were not valid for the target hostname.
-
-These changes affect the format of subject alternative names and the
-format of authority information access. The checkServerIdentity function
-has been modified to safely handle the new format, eliminating the
-possibility of injecting subject alternative names into the verification
-logic.
-
-Because each subject alternative name is only encoded as a JSON string
-literal if necessary for security purposes, this change will only be
-visible in rare cases.
-
-This addresses CVE-2021-44532.
-
-Co-authored-by: Akshay K <iit.akshay@...>
-CVE-ID: CVE-2021-44532
-Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/306
-PR-URL: https://github.com/nodejs-private/node-private/pull/300
-Reviewed-By: Michael Dawson <midawson@...>
-Reviewed-By: Rich Trott <rtrott@...>
-
-Upstream-Status: Backport [https://github.com/nodejs/node/commit/19873abfb24dce75ffff042efe76dc5633052677]
-
-CVE: CVE-2021-44532
-
-Signed-off-by: Virendra Thakur <virendra.thakur@...>
-
----
- doc/api/errors.md | 8 +
- lib/_tls_common.js | 9 +
- lib/internal/errors.js | 2 +
- lib/tls.js | 52 +-
- src/node_crypto_common.cc | 340 ++++++++++--
- test/common/index.js | 7 +
- test/fixtures/keys/Makefile | 14 +
- .../incorrect_san_correct_subject-cert.pem | 11 +
- .../incorrect_san_correct_subject-key.pem | 5 +
- test/fixtures/x509-escaping/.gitignore | 2 +
- test/fixtures/x509-escaping/alt-0-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-1-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-10-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-11-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-12-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-13-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-14-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-15-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-16-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-17-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-18-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-19-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-2-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-20-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-21-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-22-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-23-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-24-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-25-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-26-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-27-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-28-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-29-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-3-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-30-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-4-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-5-cert.pem | 29 +
- test/fixtures/x509-escaping/alt-6-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-7-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-8-cert.pem | 28 +
- test/fixtures/x509-escaping/alt-9-cert.pem | 28 +
- test/fixtures/x509-escaping/create-certs.js | 502 ++++++++++++++++++
- .../x509-escaping/google/intermediate.pem | 11 +
- test/fixtures/x509-escaping/google/key.pem | 5 +
- test/fixtures/x509-escaping/google/leaf0.pem | 10 +
- test/fixtures/x509-escaping/google/leaf1.pem | 10 +
- test/fixtures/x509-escaping/google/leaf2.pem | 10 +
- test/fixtures/x509-escaping/google/leaf3.pem | 10 +
- test/fixtures/x509-escaping/google/leaf4.pem | 10 +
- test/fixtures/x509-escaping/google/root.pem | 9 +
- test/fixtures/x509-escaping/info-0-cert.pem | 30 ++
- test/fixtures/x509-escaping/info-1-cert.pem | 31 ++
- test/fixtures/x509-escaping/info-2-cert.pem | 29 +
- test/fixtures/x509-escaping/info-3-cert.pem | 30 ++
- test/fixtures/x509-escaping/info-4-cert.pem | 29 +
- test/fixtures/x509-escaping/package.json | 12 +
- test/fixtures/x509-escaping/server-key.pem | 52 ++
- test/parallel/test-tls-0-dns-altname.js | 2 +-
- test/parallel/test-x509-escaping.js | 349 ++++++++++++
- 59 files changed, 2429 insertions(+), 42 deletions(-)
- create mode 100644 test/fixtures/keys/incorrect_san_correct_subject-cert.pem
- create mode 100644 test/fixtures/keys/incorrect_san_correct_subject-key.pem
- create mode 100644 test/fixtures/x509-escaping/.gitignore
- create mode 100644 test/fixtures/x509-escaping/alt-0-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-1-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-10-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-11-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-12-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-13-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-14-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-15-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-16-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-17-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-18-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-19-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-2-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-20-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-21-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-22-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-23-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-24-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-25-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-26-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-27-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-28-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-29-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-3-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-30-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-4-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-5-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-6-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-7-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-8-cert.pem
- create mode 100644 test/fixtures/x509-escaping/alt-9-cert.pem
- create mode 100644 test/fixtures/x509-escaping/create-certs.js
- create mode 100644 test/fixtures/x509-escaping/google/intermediate.pem
- create mode 100644 test/fixtures/x509-escaping/google/key.pem
- create mode 100644 test/fixtures/x509-escaping/google/leaf0.pem
- create mode 100644 test/fixtures/x509-escaping/google/leaf1.pem
- create mode 100644 test/fixtures/x509-escaping/google/leaf2.pem
- create mode 100644 test/fixtures/x509-escaping/google/leaf3.pem
- create mode 100644 test/fixtures/x509-escaping/google/leaf4.pem
- create mode 100644 test/fixtures/x509-escaping/google/root.pem
- create mode 100644 test/fixtures/x509-escaping/info-0-cert.pem
- create mode 100644 test/fixtures/x509-escaping/info-1-cert.pem
- create mode 100644 test/fixtures/x509-escaping/info-2-cert.pem
- create mode 100644 test/fixtures/x509-escaping/info-3-cert.pem
- create mode 100644 test/fixtures/x509-escaping/info-4-cert.pem
- create mode 100644 test/fixtures/x509-escaping/package.json
- create mode 100644 test/fixtures/x509-escaping/server-key.pem
- create mode 100644 test/parallel/test-x509-escaping.js
-
-diff --git a/doc/api/errors.md b/doc/api/errors.md
-index d5d8e1efa7..9d176d9048 100644
---- a/doc/api/errors.md
-+++ b/doc/api/errors.md
-@@ -1869,6 +1869,14 @@ An unspecified or non-specific system error has occurred within the Node.js
- process. The error object will have an `err.info` object property with
- additional details.
-
-+<a id="ERR_TLS_CERT_ALTNAME_FORMAT"></a>
-+### `ERR_TLS_CERT_ALTNAME_FORMAT`
-+
-+This error is thrown by `checkServerIdentity` if a user-supplied
-+`subjectaltname` property violates encoding rules. Certificate objects produced
-+by Node.js itself always comply with encoding rules and will never cause
-+this error.
-+
- <a id="ERR_TLS_CERT_ALTNAME_INVALID"></a>
- ### `ERR_TLS_CERT_ALTNAME_INVALID`
-
-diff --git a/lib/_tls_common.js b/lib/_tls_common.js
-index b7a3b70a24..a2a74813f1 100644
---- a/lib/_tls_common.js
-+++ b/lib/_tls_common.js
-@@ -23,6 +23,7 @@
-
- const {
- ArrayIsArray,
-+ JSONParse,
- ObjectCreate,
- } = primordials;
-
-@@ -323,6 +324,14 @@ exports.translatePeerCertificate = function translatePeerCertificate(c) {
-
- // XXX: More key validation?
- info.replace(/([^\n:]*):([^\n]*)(?:\n|$)/g, (all, key, val) => {
-+ if (val.charCodeAt(0) === 0x22) {
-+ // The translatePeerCertificate function is only
-+ // used on internally created legacy certificate
-+ // objects, and any value that contains a quote
-+ // will always be a valid JSON string literal,
-+ // so this should never throw.
-+ val = JSONParse(val);
-+ }
- if (key in c.infoAccess)
- c.infoAccess[key].push(val);
- else
-diff --git a/lib/internal/errors.js b/lib/internal/errors.js
-index 2cf7df436b..cd7153ad1a 100644
---- a/lib/internal/errors.js
-+++ b/lib/internal/errors.js
-@@ -1345,6 +1345,8 @@ E('ERR_STREAM_WRAP', 'Stream has StringDecoder set or is in objectMode', Error);
- E('ERR_STREAM_WRITE_AFTER_END', 'write after end', Error);
- E('ERR_SYNTHETIC', 'JavaScript Callstack', Error);
- E('ERR_SYSTEM_ERROR', 'A system error occurred', SystemError);
-+E('ERR_TLS_CERT_ALTNAME_FORMAT', 'Invalid subject alternative name string',
-+ SyntaxError);
- E('ERR_TLS_CERT_ALTNAME_INVALID', function(reason, host, cert) {
- this.reason = reason;
- this.host = host;
-diff --git a/lib/tls.js b/lib/tls.js
-index 2ccbe409c9..cefb47d10f 100644
---- a/lib/tls.js
-+++ b/lib/tls.js
-@@ -24,11 +24,19 @@
- const {
- Array,
- ArrayIsArray,
-+ ArrayPrototypePush,
-+ JSONParse,
- ObjectDefineProperty,
- ObjectFreeze,
-+ RegExpPrototypeExec,
-+ StringPrototypeIncludes,
-+ StringPrototypeIndexOf,
-+ StringPrototypeSplit,
-+ StringPrototypeSubstring,
- } = primordials;
-
- const {
-+ ERR_TLS_CERT_ALTNAME_FORMAT,
- ERR_TLS_CERT_ALTNAME_INVALID,
- ERR_OUT_OF_RANGE
- } = require('internal/errors').codes;
-@@ -207,6 +215,45 @@ function check(hostParts, pattern, wildcards) {
- return true;
- }
-
-+// This pattern is used to determine the length of escaped sequences within
-+// the subject alt names string. It allows any valid JSON string literal.
-+// This MUST match the JSON specification (ECMA-404 / RFC8259) exactly.
-+const jsonStringPattern =
-+ // eslint-disable-next-line no-control-regex
-+ /^"(?:[^"\\\u0000-\u001f]|\\(?:["\\/bfnrt]|u[0-9a-fA-F]{4}))*"/;
-+
-+function splitEscapedAltNames(altNames) {
-+ const result = [];
-+ let currentToken = '';
-+ let offset = 0;
-+ while (offset !== altNames.length) {
-+ const nextSep = StringPrototypeIndexOf(altNames, ', ', offset);
-+ const nextQuote = StringPrototypeIndexOf(altNames, '"', offset);
-+ if (nextQuote !== -1 && (nextSep === -1 || nextQuote < nextSep)) {
-+ // There is a quote character and there is no separator before the quote.
-+ currentToken += StringPrototypeSubstring(altNames, offset, nextQuote);
-+ const match = RegExpPrototypeExec(
-+ jsonStringPattern, StringPrototypeSubstring(altNames, nextQuote));
-+ if (!match) {
-+ throw new ERR_TLS_CERT_ALTNAME_FORMAT();
-+ }
-+ currentToken += JSONParse(match[0]);
-+ offset = nextQuote + match[0].length;
-+ } else if (nextSep !== -1) {
-+ // There is a separator and no quote before it.
-+ currentToken += StringPrototypeSubstring(altNames, offset, nextSep);
-+ ArrayPrototypePush(result, currentToken);
-+ currentToken = '';
-+ offset = nextSep + 2;
-+ } else {
-+ currentToken += StringPrototypeSubstring(altNames, offset);
-+ offset = altNames.length;
-+ }
-+ }
-+ ArrayPrototypePush(result, currentToken);
-+ return result;
-+}
-+
- let urlWarningEmitted = false;
- exports.checkServerIdentity = function checkServerIdentity(hostname, cert) {
- const subject = cert.subject;
-@@ -218,7 +265,10 @@ exports.checkServerIdentity = function checkServerIdentity(hostname, cert) {
- hostname = '' + hostname;
-
- if (altNames) {
-- for (const name of altNames.split(', ')) {
-+ const splitAltNames = StringPrototypeIncludes(altNames, '"') ?
-+ splitEscapedAltNames(altNames) :
-+ StringPrototypeSplit(altNames, ', ');
-+ for (const name of splitAltNames) {
- if (name.startsWith('DNS:')) {
- dnsNames.push(name.slice(4));
- } else if (name.startsWith('URI:')) {
-diff --git a/src/node_crypto_common.cc b/src/node_crypto_common.cc
-index 74bc0a9756..53fbc576ef 100644
---- a/src/node_crypto_common.cc
-+++ b/src/node_crypto_common.cc
-@@ -480,39 +480,320 @@ void AddFingerprintDigest(
- }
- }
-
--bool SafeX509ExtPrint(const BIOPointer& out, X509_EXTENSION* ext) {
-- const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext);
-+static inline bool IsSafeAltName(const char* name, size_t length, bool utf8) {
-+ for (size_t i = 0; i < length; i++) {
-+ char c = name[i];
-+ switch (c) {
-+ case '"':
-+ case '\\':
-+ // These mess with encoding rules.
-+ // Fall through.
-+ case ',':
-+ // Commas make it impossible to split the list of subject alternative
-+ // names unambiguously, which is why we have to escape.
-+ // Fall through.
-+ case '\'':
-+ // Single quotes are unlikely to appear in any legitimate values, but they
-+ // could be used to make a value look like it was escaped (i.e., enclosed
-+ // in single/double quotes).
-+ return false;
-+ default:
-+ if (utf8) {
-+ // In UTF8 strings, we require escaping for any ASCII control character,
-+ // but NOT for non-ASCII characters. Note that all bytes of any code
-+ // point that consists of more than a single byte have their MSB set.
-+ if (static_cast<unsigned char>(c) < ' ' || c == '\x7f') {
-+ return false;
-+ }
-+ } else {
-+ // Check if the char is a control character or non-ASCII character. Note
-+ // that char may or may not be a signed type. Regardless, non-ASCII
-+ // values will always be outside of this range.
-+ if (c < ' ' || c > '~') {
-+ return false;
-+ }
-+ }
-+ }
-+ }
-+ return true;
-+}
-
-- if (method != X509V3_EXT_get_nid(NID_subject_alt_name))
-- return false;
-+static inline void PrintAltName(const BIOPointer& out, const char* name,
-+ size_t length, bool utf8,
-+ const char* safe_prefix) {
-+ if (IsSafeAltName(name, length, utf8)) {
-+ // For backward-compatibility, append "safe" names without any
-+ // modifications.
-+ if (safe_prefix != nullptr) {
-+ BIO_printf(out.get(), "%s:", safe_prefix);
-+ }
-+ BIO_write(out.get(), name, length);
-+ } else {
-+ // If a name is not "safe", we cannot embed it without special
-+ // encoding. This does not usually happen, but we don't want to hide
-+ // it from the user either. We use JSON compatible escaping here.
-+ BIO_write(out.get(), "\"", 1);
-+ if (safe_prefix != nullptr) {
-+ BIO_printf(out.get(), "%s:", safe_prefix);
-+ }
-+ for (size_t j = 0; j < length; j++) {
-+ char c = static_cast<char>(name[j]);
-+ if (c == '\\') {
-+ BIO_write(out.get(), "\\\\", 2);
-+ } else if (c == '"') {
-+ BIO_write(out.get(), "\\\"", 2);
-+ } else if ((c >= ' ' && c != ',' && c <= '~') || (utf8 && (c & 0x80))) {
-+ // Note that the above condition explicitly excludes commas, which means
-+ // that those are encoded as Unicode escape sequences in the "else"
-+ // block. That is not strictly necessary, and Node.js itself would parse
-+ // it correctly either way. We only do this to account for third-party
-+ // code that might be splitting the string at commas (as Node.js itself
-+ // used to do).
-+ BIO_write(out.get(), &c, 1);
-+ } else {
-+ // Control character or non-ASCII character. We treat everything as
-+ // Latin-1, which corresponds to the first 255 Unicode code points.
-+ const char hex[] = "0123456789abcdef";
-+ char u[] = { '\\', 'u', '0', '0', hex[(c & 0xf0) >> 4], hex[c & 0x0f] };
-+ BIO_write(out.get(), u, sizeof(u));
-+ }
-+ }
-+ BIO_write(out.get(), "\"", 1);
-+ }
-+}
-+
-+static inline void PrintLatin1AltName(const BIOPointer& out,
-+ const ASN1_IA5STRING* name,
-+ const char* safe_prefix = nullptr) {
-+ PrintAltName(out, reinterpret_cast<const char*>(name->data), name->length,
-+ false, safe_prefix);
-+}
-+
-+static inline void PrintUtf8AltName(const BIOPointer& out,
-+ const ASN1_UTF8STRING* name,
-+ const char* safe_prefix = nullptr) {
-+ PrintAltName(out, reinterpret_cast<const char*>(name->data), name->length,
-+ true, safe_prefix);
-+}
-+
-+// This function currently emulates the behavior of i2v_GENERAL_NAME in a safer
-+// and less ambiguous way.
-+// TODO(tniessen): gradually improve the format in the next major version(s)
-+static bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) {
-+ if (gen->type == GEN_DNS) {
-+ ASN1_IA5STRING* name = gen->d.dNSName;
-+ BIO_write(out.get(), "DNS:", 4);
-+ // Note that the preferred name syntax (see RFCs 5280 and 1034) with
-+ // wildcards is a subset of what we consider "safe", so spec-compliant DNS
-+ // names will never need to be escaped.
-+ PrintLatin1AltName(out, name);
-+ } else if (gen->type == GEN_EMAIL) {
-+ ASN1_IA5STRING* name = gen->d.rfc822Name;
-+ BIO_write(out.get(), "email:", 6);
-+ PrintLatin1AltName(out, name);
-+ } else if (gen->type == GEN_URI) {
-+ ASN1_IA5STRING* name = gen->d.uniformResourceIdentifier;
-+ BIO_write(out.get(), "URI:", 4);
-+ // The set of "safe" names was designed to include just about any URI,
-+ // with a few exceptions, most notably URIs that contains commas (see
-+ // RFC 2396). In other words, most legitimate URIs will not require
-+ // escaping.
-+ PrintLatin1AltName(out, name);
-+ } else if (gen->type == GEN_DIRNAME) {
-+ // For backward compatibility, use X509_NAME_oneline to print the
-+ // X509_NAME object. The format is non standard and should be avoided
-+ // elsewhere, but conveniently, the function produces ASCII and the output
-+ // is unlikely to contains commas or other characters that would require
-+ // escaping. With that in mind, note that it SHOULD NOT produce ASCII
-+ // output since an RFC5280 AttributeValue may be a UTF8String.
-+ // TODO(tniessen): switch to RFC2253 rules in a major release
-+ BIO_printf(out.get(), "DirName:");
-+ char oline[256];
-+ if (X509_NAME_oneline(gen->d.dirn, oline, sizeof(oline)) != nullptr) {
-+ PrintAltName(out, oline, strlen(oline), false, nullptr);
-+ } else {
-+ return false;
-+ }
-+ } else if (gen->type == GEN_IPADD) {
-+ BIO_printf(out.get(), "IP Address:");
-+ const ASN1_OCTET_STRING* ip = gen->d.ip;
-+ const unsigned char* b = ip->data;
-+ if (ip->length == 4) {
-+ BIO_printf(out.get(), "%d.%d.%d.%d", b[0], b[1], b[2], b[3]);
-+ } else if (ip->length == 16) {
-+ for (unsigned int j = 0; j < 8; j++) {
-+ uint16_t pair = (b[2 * j] << 8) | b[2 * j + 1];
-+ BIO_printf(out.get(), (j == 0) ? "%X" : ":%X", pair);
-+ }
-+ } else {
-+#if OPENSSL_VERSION_MAJOR >= 3
-+ BIO_printf(out.get(), "<invalid length=%d>", ip->length);
-+#else
-+ BIO_printf(out.get(), "<invalid>");
-+#endif
-+ }
-+ } else if (gen->type == GEN_RID) {
-+ // TODO(tniessen): unlike OpenSSL's default implementation, never print the
-+ // OID as text and instead always print its numeric representation, which is
-+ // backward compatible in practice and more future proof (see OBJ_obj2txt).
-+ char oline[256];
-+ i2t_ASN1_OBJECT(oline, sizeof(oline), gen->d.rid);
-+ BIO_printf(out.get(), "Registered ID:%s", oline);
-+ } else if (gen->type == GEN_OTHERNAME) {
-+ // TODO(tniessen): the format that is used here is based on OpenSSL's
-+ // implementation of i2v_GENERAL_NAME (as of OpenSSL 3.0.1), mostly for
-+ // backward compatibility. It is somewhat awkward, especially when passed to
-+ // translatePeerCertificate, and should be changed in the future, probably
-+ // to the format used by GENERAL_NAME_print (in a major release).
-+ bool unicode = true;
-+ const char* prefix = nullptr;
-+ // OpenSSL 1.1.1 does not support othername in i2v_GENERAL_NAME and may not
-+ // define these NIDs.
-+#if OPENSSL_VERSION_MAJOR >= 3
-+ int nid = OBJ_obj2nid(gen->d.otherName->type_id);
-+ switch (nid) {
-+ case NID_id_on_SmtpUTF8Mailbox:
-+ prefix = " SmtpUTF8Mailbox:";
-+ break;
-+ case NID_XmppAddr:
-+ prefix = " XmppAddr:";
-+ break;
-+ case NID_SRVName:
-+ prefix = " SRVName:";
-+ unicode = false;
-+ break;
-+ case NID_ms_upn:
-+ prefix = " UPN:";
-+ break;
-+ case NID_NAIRealm:
-+ prefix = " NAIRealm:";
-+ break;
-+ }
-+#endif // OPENSSL_VERSION_MAJOR >= 3
-+ int val_type = gen->d.otherName->value->type;
-+ if (prefix == nullptr ||
-+ (unicode && val_type != V_ASN1_UTF8STRING) ||
-+ (!unicode && val_type != V_ASN1_IA5STRING)) {
-+ BIO_printf(out.get(), "othername:<unsupported>");
-+ } else {
-+ BIO_printf(out.get(), "othername:");
-+ if (unicode) {
-+ PrintUtf8AltName(out, gen->d.otherName->value->value.utf8string,
-+ prefix);
-+ } else {
-+ PrintLatin1AltName(out, gen->d.otherName->value->value.ia5string,
-+ prefix);
-+ }
-+ }
-+ } else if (gen->type == GEN_X400) {
-+ // TODO(tniessen): this is what OpenSSL does, implement properly instead
-+ BIO_printf(out.get(), "X400Name:<unsupported>");
-+ } else if (gen->type == GEN_EDIPARTY) {
-+ // TODO(tniessen): this is what OpenSSL does, implement properly instead
-+ BIO_printf(out.get(), "EdiPartyName:<unsupported>");
-+ } else {
-+ // This is safe because X509V3_EXT_d2i would have returned nullptr in this
-+ // case already.
-+ UNREACHABLE();
-+ }
-+
-+ return true;
-+}
-+
-+bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext) {
-+ const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext);
-+ CHECK(method == X509V3_EXT_get_nid(NID_subject_alt_name));
-
- GENERAL_NAMES* names = static_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(ext));
- if (names == nullptr)
- return false;
-
-+ bool ok = true;
-+
- for (int i = 0; i < sk_GENERAL_NAME_num(names); i++) {
- GENERAL_NAME* gen = sk_GENERAL_NAME_value(names, i);
-
- if (i != 0)
- BIO_write(out.get(), ", ", 2);
-
-- if (gen->type == GEN_DNS) {
-- ASN1_IA5STRING* name = gen->d.dNSName;
--
-- BIO_write(out.get(), "DNS:", 4);
-- BIO_write(out.get(), name->data, name->length);
-- } else {
-- STACK_OF(CONF_VALUE)* nval = i2v_GENERAL_NAME(
-- const_cast<X509V3_EXT_METHOD*>(method), gen, nullptr);
-- if (nval == nullptr)
-- return false;
-- X509V3_EXT_val_prn(out.get(), nval, 0, 0);
-- sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
-+ if (!(ok = PrintGeneralName(out, gen))) {
-+ break;
- }
- }
- sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
-
-- return true;
-+ return ok;
-+}
-+
-+bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext) {
-+ const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext);
-+ CHECK(method == X509V3_EXT_get_nid(NID_info_access));
-+
-+ AUTHORITY_INFO_ACCESS* descs =
-+ static_cast<AUTHORITY_INFO_ACCESS*>(X509V3_EXT_d2i(ext));
-+ if (descs == nullptr)
-+ return false;
-+
-+ bool ok = true;
-+
-+ for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(descs); i++) {
-+ ACCESS_DESCRIPTION* desc = sk_ACCESS_DESCRIPTION_value(descs, i);
-+
-+ if (i != 0)
-+ BIO_write(out.get(), "\n", 1);
-+
-+ char objtmp[80];
-+ i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method);
-+ BIO_printf(out.get(), "%s - ", objtmp);
-+ if (!(ok = PrintGeneralName(out, desc->location))) {
-+ break;
-+ }
-+ }
-+ sk_ACCESS_DESCRIPTION_pop_free(descs, ACCESS_DESCRIPTION_free);
-+
-+#if OPENSSL_VERSION_MAJOR < 3
-+ BIO_write(out.get(), "\n", 1);
-+#endif
-+
-+ return ok;
-+}
-+
-+v8::MaybeLocal<v8::Value> GetSubjectAltNameString(
-+ Environment* env,
-+ const BIOPointer& bio,
-+ X509* cert) {
-+ int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
-+ if (index < 0)
-+ return Undefined(env->isolate());
-+
-+ X509_EXTENSION* ext = X509_get_ext(cert, index);
-+ CHECK_NOT_NULL(ext);
-+
-+ if (!SafeX509SubjectAltNamePrint(bio, ext)) {
-+ USE(BIO_reset(bio.get()));
-+ return v8::Null(env->isolate());
-+ }
-+
-+ return ToV8Value(env, bio);
-+}
-+
-+v8::MaybeLocal<v8::Value> GetInfoAccessString(
-+ Environment* env,
-+ const BIOPointer& bio,
-+ X509* cert) {
-+ int index = X509_get_ext_by_NID(cert, NID_info_access, -1);
-+ if (index < 0)
-+ return Undefined(env->isolate());
-+
-+ X509_EXTENSION* ext = X509_get_ext(cert, index);
-+ CHECK_NOT_NULL(ext);
-+
-+ if (!SafeX509InfoAccessPrint(bio, ext)) {
-+ USE(BIO_reset(bio.get()));
-+ return v8::Null(env->isolate());
-+ }
-+
-+ return ToV8Value(env, bio);
- }
-
- MaybeLocal<Value> GetFingerprintDigest(
-@@ -628,27 +909,6 @@ MaybeLocal<Value> GetModulusString(
- return ToV8Value(env, bio);
- }
-
--template <int nid>
--MaybeLocal<Value> GetInfoString(
-- Environment* env,
-- const BIOPointer& bio,
-- X509* cert) {
-- int index = X509_get_ext_by_NID(cert, nid, -1);
-- if (index < 0)
-- return Undefined(env->isolate());
--
-- X509_EXTENSION* ext = X509_get_ext(cert, index);
-- CHECK_NOT_NULL(ext);
--
-- if (!SafeX509ExtPrint(bio, ext) &&
-- X509V3_EXT_print(bio.get(), ext, 0, 0) != 1) {
-- USE(BIO_reset(bio.get()));
-- return Null(env->isolate());
-- }
--
-- return ToV8Value(env, bio);
--}
--
- MaybeLocal<Value> GetIssuerString(
- Environment* env,
- const BIOPointer& bio,
-@@ -917,11 +1177,11 @@ MaybeLocal<Object> X509ToObject(Environment* env, X509* cert) {
- !Set<Value>(context,
- info,
- env->subjectaltname_string(),
-- GetInfoString<NID_subject_alt_name>(env, bio, cert)) ||
-+ GetSubjectAltNameString(env, bio, cert)) ||
- !Set<Value>(context,
- info,
- env->infoaccess_string(),
-- GetInfoString<NID_info_access>(env, bio, cert))) {
-+ GetInfoAccessString(env, bio, cert))) {
- return MaybeLocal<Object>();
- }
-
-diff --git a/test/common/index.js b/test/common/index.js
-index 8cd9841527..98b586cafd 100644
---- a/test/common/index.js
-+++ b/test/common/index.js
-@@ -51,6 +51,11 @@ const noop = () => {};
- const hasCrypto = Boolean(process.versions.openssl) &&
- !process.env.NODE_SKIP_CRYPTO;
-
-+const hasOpenSSL3 = hasCrypto &&
-+ require('crypto').constants.OPENSSL_VERSION_NUMBER >= 805306368;
-+
-+const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
-+
- // Check for flags. Skip this for workers (both, the `cluster` module and
- // `worker_threads`) and child processes.
- // If the binary was built without-ssl then the crypto flags are
-@@ -714,6 +719,8 @@ const common = {
- getTTYfd,
- hasIntl,
- hasCrypto,
-+ hasOpenSSL3,
-+ hasQuic,
- hasMultiLocalhost,
- invalidArgTypeHelper,
- isAIX,
-diff --git a/test/fixtures/keys/Makefile b/test/fixtures/keys/Makefile
-index 824704c724..49cc29ad1c 100644
---- a/test/fixtures/keys/Makefile
-+++ b/test/fixtures/keys/Makefile
-@@ -75,6 +75,8 @@ all: \
- ed448_public.pem \
- x448_private.pem \
- x448_public.pem \
-+ incorrect_san_correct_subject-cert.pem \
-+ incorrect_san_correct_subject-key.pem \
-
- #
- # Create Certificate Authority: ca1
-@@ -733,6 +735,18 @@ x448_private.pem:
- x448_public.pem: x448_private.pem
- openssl pkey -in x448_private.pem -pubout -out x448_public.pem
-
-+incorrect_san_correct_subject-cert.pem: incorrect_san_correct_subject-key.pem
-+ openssl req -x509 \
-+ -key incorrect_san_correct_subject-key.pem \
-+ -out incorrect_san_correct_subject-cert.pem \
-+ -sha256 \
-+ -days 3650 \
-+ -subj "/CN=good.example.com" \
-+ -addext "subjectAltName = DNS:evil.example.com"
-+
-+incorrect_san_correct_subject-key.pem:
-+ openssl ecparam -name prime256v1 -genkey -noout -out incorrect_san_correct_subject-key.pem
-+
- clean:
- rm -f *.pfx *.pem *.srl ca2-database.txt ca2-serial fake-startcom-root-serial *.print *.old fake-startcom-root-issued-certs/*.pem
- @> fake-startcom-root-database.txt
-diff --git a/test/fixtures/keys/incorrect_san_correct_subject-cert.pem b/test/fixtures/keys/incorrect_san_correct_subject-cert.pem
-new file mode 100644
-index 0000000000..787d9f1135
---- /dev/null
-+++ b/test/fixtures/keys/incorrect_san_correct_subject-cert.pem
-@@ -0,0 +1,11 @@
-+-----BEGIN CERTIFICATE-----
-+MIIBqDCCAU6gAwIBAgIUE3Kx4WUjkwuKy/fBOM+UJkb9aSAwCgYIKoZIzj0EAwIw
-+GzEZMBcGA1UEAwwQZ29vZC5leGFtcGxlLmNvbTAeFw0yMTEyMTExNjUxNDVaFw0z
-+MTEyMDkxNjUxNDVaMBsxGTAXBgNVBAMMEGdvb2QuZXhhbXBsZS5jb20wWTATBgcq
-+hkjOPQIBBggqhkjOPQMBBwNCAASQ/CKa5uMZuLYssnNOm7DPdw3I5Doa0Qpyf3cS
-+7aGatfK3tuY8qG7nJ5OGtl1WOL/gN0vRRN0/KA/iRJyjafzzo3AwbjAdBgNVHQ4E
-+FgQUFkpgPzE1ePjK5UsPcR0gk5uLsTUwHwYDVR0jBBgwFoAUFkpgPzE1ePjK5UsP
-+cR0gk5uLsTUwDwYDVR0TAQH/BAUwAwEB/zAbBgNVHREEFDASghBldmlsLmV4YW1w
-+bGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCMZAinQXkOEhfp+moxVnLbcUPAAqsl
-+1KCq3NRG91TGCgIgC4grmOhCRqJMF1RPNWobGogX/yNrYNjiGzNVyJzMR0s=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/keys/incorrect_san_correct_subject-key.pem b/test/fixtures/keys/incorrect_san_correct_subject-key.pem
-new file mode 100644
-index 0000000000..f7f51253a8
---- /dev/null
-+++ b/test/fixtures/keys/incorrect_san_correct_subject-key.pem
-@@ -0,0 +1,5 @@
-+-----BEGIN EC PRIVATE KEY-----
-+MHcCAQEEIOOVRgLS3H2T2fUhj4ASCFq60ySwO6yvSK6rvZHldAHuoAoGCCqGSM49
-+AwEHoUQDQgAEkPwimubjGbi2LLJzTpuwz3cNyOQ6GtEKcn93Eu2hmrXyt7bmPKhu
-+5yeThrZdVji/4DdL0UTdPygP4kSco2n88w==
-+-----END EC PRIVATE KEY-----
-diff --git a/test/fixtures/x509-escaping/.gitignore b/test/fixtures/x509-escaping/.gitignore
-new file mode 100644
-index 0000000000..504afef81f
---- /dev/null
-+++ b/test/fixtures/x509-escaping/.gitignore
-@@ -0,0 +1,2 @@
-+node_modules/
-+package-lock.json
-diff --git a/test/fixtures/x509-escaping/alt-0-cert.pem b/test/fixtures/x509-escaping/alt-0-cert.pem
-new file mode 100644
-index 0000000000..30e6fa6c3f
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-0-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+NTAzMDEGA1UdEQQqMCiCJmdvb2QuZXhhbXBsZS5jb20sIEROUzpldmlsLmV4YW1w
-+bGUuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQAcsy+PIduM8NRrdqcTqufiajsAajQz
-+eB5+5+lZLi9MliXqoS4HsdrDMDevMa2cC+wB+XZW9SJXjtqrwXAxTAHtEyhsCi25
-+XV0sJPWmZM+OQkGTtp7Ain12htr/t/DJ13YJpT03W6kYogA1kKJ5OMYMTcGT+7UB
-+zM4G2LUSrrSisxhfz9bF8Q9s1piG2gb5ACEQUiMLRrZXl8WLlaY59lloKyMa/9g6
-+i3TgLxhp7XNS/bh/f2tDx+7ZgdtHUlkNhl1MycIVQRGK3BaZBEd+sDxS52kwym5I
-+CWLXGLutU3OeaNgqyvZuMvy//2oER3PysizyjwNoFlUbIz3zMnXvBeEjeGtEHsCJ
-+EBtX+xBWwMhUKE2QcMLxQaZNJCZFVFw8fDeEgFjTdEBcLsZ1PngT3jgXSHEWA+YL
-+C3rQhFMjyjy2h8u1sjySFrTlbZPm8gC3q/+LaXxhf5i5xiZOOcVfeYiWFUa5gQal
-+FaWj2SlQFaN2nidPaQO62vRIYn0Y/qbtUQAPkq4VVeycgxiuZaVVWCdct8UCYb9F
-+b9QSMpK4r99MKy+s41RiJodDJy0XraOxy7hUDjyObL2fuuPUK6mQAFGwWtajv3qq
-+vrRMvBEXdOPVmbETyzIosUHvOXT+v8WoCbC14mqMZTWVywRg7bD/NTHJDRIBrqvi
-+O6Zqbod3EImVnQ==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-1-cert.pem b/test/fixtures/x509-escaping/alt-1-cert.pem
-new file mode 100644
-index 0000000000..63883c2bbf
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-1-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE0zCCArugAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+IjAgMB4GA1UdEQQXMBWGE2h0dHA6Ly9leGFtcGxlLmNvbS8wDQYJKoZIhvcNAQEL
-+BQADggIBACFwNHWQ5w3UBbyq17emn7Z0BT0Zm5iFr8Qeik75WzbyzXd5QIeFWewB
-+qmiuaoKGGZ674sGcuomnIwoZBCoqvzbBBqBHp+O3/6pq59THQxeE6vhjKAe8oaih
-+emdigRmkX+Qi8UwUh76B51wHtkp6zAZnLDn8M67qmP7bjNrrMQeE81wRWYz9ssfd
-+N63dzu2BdD3EGl4CepdszpfUYLkz6iiDwFkc1NaBcQbBDoGqn2ubNXTHAyGGeL5a
-+ulDCND0FQtg+jhHHE3zXBqh1nPg/cXXRUG2zjxzUnaU2eMs5b4yqoLN/2n7fb7mV
-+HRh0T6X1HZcYpf5BSsgmr3Ngd/9b3sYRvNXBkVmKAu8dH7zguksczsvbL9r/u2YX
-+hgGjNT3xSphJbZTzqsACcoDo67EFkJ5p25f0N1i/rxk7O6uLMtrUqnzOXs6NXgEQ
-+8lyfVEgLFrXzdKXuk2l/6bwym80Eqdpjv5yCckCl24cFVpc15MRP3MPwIHrtoOLw
-+bdNZA5NUAnppLmG6zTdPPgBWEmf5+4ei9WjmpG1hq72/nJ1qM2dLIgV5nLggr1UH
-+i+vih+ujceBLVumAu/naP440xO5HRvpPfDWI+eU/wuXjUyAqe6YlYS+Txu/5YnFh
-+aMHO+PIgudWwGPhkABtrc/1jC+Yfy+GCtih10zBagoN9/DSugh0H
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-10-cert.pem b/test/fixtures/x509-escaping/alt-10-cert.pem
-new file mode 100644
-index 0000000000..14bec45d28
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-10-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIExTCCAq2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+FDASMBAGA1UdEQQJMAeHBQAICAQEMA0GCSqGSIb3DQEBCwUAA4ICAQA+jnyjJ/9X
-+ENWXApq2g+GlWBM07KpsrxzwDXc6wsOnZCIiMoDqpcH96X8Q2Lahc4mZuz4yOZtv
-+z8Q9YUDTnJY+RtKYNDbxlz7wI1ASxKdP0X1qdzkYtHH752tG/zwVU2FSvqJLw+nl
-+rPJvQQ82/30BspejbW0JIfO7JnfN5BHPzzJp/V5tI1KQe+Wh0gEq6UvXjFrkCoeU
-+gaedPaG2RYDi1LWawRque7pnYzrcJCtc+wb8wiL1dRv7fDDmI7fFm3Bj6Rnid4/6
-+/CxK3WqLBQrXoGnPGwI4iR17Rx08hPCL2V8NvDuJlagJe/Vc6LzOEixofoHGx4rG
-+Cm0AKubKbak/ML/rjyP2TiUmOhhm3Xdml3xexedErkgTLtlvmC0jesYuc4MeypNx
-+Q0eKRnChRGZYT9kaNgXZG1Scq63vpxKhayVvwU4ahGQS+nmuZdbRMEMIH6YkGxo/
-+i5qmNxQPLMLE6HclSdDtUxN4ywQAQ49CaTCxVYq7dLTzpII3ldQ+KuefenaXrYGE
-+7TyqJBVdsTq0Bg2Ftf7GaoidJ/ZjjkB3Sj5uVQFMfU8uSATOolBOzh6fSiQJ60Zn
-+CtAAkb9uOwTl67Qijo4qAe9JRNqR9H5d65D0Vx+gdhcZVEriqIVhXVcgsvYQ55Ju
-+VGhc/foVd+vBuM3jXEdGR+DN/dEu+HZrhQ==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-11-cert.pem b/test/fixtures/x509-escaping/alt-11-cert.pem
-new file mode 100644
-index 0000000000..694cb7e9d8
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-11-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIExjCCAq6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+FTATMBEGA1UdEQQKMAiHBgABAgMEBTANBgkqhkiG9w0BAQsFAAOCAgEAp2nxfYla
-+giNJ9S2owtp/5DxB3jIhQJzmdSxuUKVwWBffmzxrTkOoK/IcGkq3hu27GIy+ICFc
-+YkSsAE3DfboSTStxhkVZKMVv+e5tXPQ0i+Z+CSgHZbrnaA7nH0UPEgFFddhqogGw
-+LGE54iZ3D7ZYebTw/ELCIHNu9KeOStF7j04WXG7qRrqza5NmKqlxTC5tGoWAljzN
-+cdC2BdK7H2+6de3c4dBsYqcL2IgwNhA1uKIsDjJwwkOPmCEPl+7DjleI3IAKpROh
-+vX66DLaAsLEkoHsN7XTienHF8o/avIMGUfb0rtNLbwW8tzfjeAaJ7iTSm7ibhBLP
-+fK+n7Osh9QH+lG0K7M2zez7Kd3u+eNgTEG63gVR+zDZQwkA2Hy1o4zmZ+a3iCtdi
-+w6JGq3TT8nfPNO4kSoq7EYs6daPnGi3sqNRC20t4FZw0jOpvI4Uw7rPcTTqmAeAw
-+9H37WU3URD2EP8BpkoZiOShMHzNGqlC9qbqr5dd83Lkdz9gN4w3ipdbiiGFGPXhT
-+YubUecjwXoBUUI+be/edVbg7RtSSuplDv5l4bBSy+BG8JEUL6CKAUEtt2Tpt2SVD
-+AIaj0B19/DSYq1e4x8IBVBsI2RnEEpP70bdLiSYLhVhMdzp0PRqDVDE+zt4mm0lx
-+NRDSdNS1/rJEH1gLQEh4SGMs9iY5Vv+kx28=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-12-cert.pem b/test/fixtures/x509-escaping/alt-12-cert.pem
-new file mode 100644
-index 0000000000..7e48ebdf05
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-12-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+HzAdMBsGA1UdEQQUMBKHEAoLDA0ODwAAAAAAAHp7fH0wDQYJKoZIhvcNAQELBQAD
-+ggIBAEMU6XcjSdQ+EG22BsyAYin2d3g9Fd0gljsuyEyw2qwFE1zeNqz2sFX7GdmP
-+hEmUVdzQ0EQsHtKiO2BIhU5fkLoGIkJQT0MY/Tkc3xCLjVBG9ryHNjhv4aYfcvZ2
-+K8LwWu5na5YtpmEHppFTmhQFHK9Yf2Jeh5Ms1VH2jwKR8iFM9dk0wcB74Y1WqyX0
-+bhNUzv0ISvz/DK6rN0CM0OiZ7D1toMFJIslEcZD/MCZ0icFwRgGLzooDbm1xtixo
-+NjgdswdiL0cS/wgSdzu9eIugUQZU2KvUWYXGqYMDpn7iukiZSKQuFhZGcuK17zyR
-+y6TkDFe9rTxVtw9SAxjlo94rEqWN9Cns0n7tqAI/Wg6ILHUjUFwqSdrZQTEgH4O3
-+tfhRkV4HCgP1Tzfz/20uMBqjCLbdt7xcSfLIiHgaxgwM0LGhH2Uk3oYinL2WIUDi
-+bZPI+1bzeyZ/tHw4sDxkGn3W3Nr44Td/5DAFz1lRMxAliVwHNzFTiY7IjCqmB0DL
-+z91agdgPMdh/huFvGJZHS/v7EXMSXyNLyIw+5JO12iwf4+pu8NLnOtMoHDB4yY0w
-+MEerc4e8SmygBQGF0MrcmirdT+7yiKRktZZFuyQoj4fBSKeBaBKUrnnk4UYw9H8f
-+j/EQwM87PmYjTwYPrJ0Kz5r4dmAUvq4z2ReLgM08Ve4SPa79
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-13-cert.pem b/test/fixtures/x509-escaping/alt-13-cert.pem
-new file mode 100644
-index 0000000000..574ad1ca8f
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-13-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIEzzCCAregAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+HjAcMBoGA1UdEQQTMBGBD2Zvb0BleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOC
-+AgEAkx9jG86PMjL+/UxlhX0B/gIKHyTVrEt8j+/fn74uMnd7CV7toK6f5DANIxYp
-+3OJWAFYZ2lNS3MQMxpbjpd7D0BeNwhiJyBnRPhJ9KdsvdXnupF5ANNzr3oMioWwL
-+3WxvmQDEz35sorae5nzuZu8EpuwgodR0NCEmoPdW9JOUiB7k3Ku5goZHqlrdzM8f
-+YPbRDNOxSIpRqr5eqhEM9tEf+TF6qOM/NZJlXxtGDVdaDTbaULuCJGEW8TdVajnY
-+FfWWtIHwF64G5qJTgENqJjR1kkJy5vg2lFoDXE8MG+LvTHfyY0rMilncD2YOBLcj
-+gb3mBTxZGI2w2KZbchgEvA9+0heumAVJQPfdGs+pCUdvlhwWh8FCvu3aQb5X57OU
-+3D97vwvEs8Mxm0KHf0o0ZnTvaBWN5htX2bbpvYxGGB0SsWM8r1LIXj8bwGNdViV8
-+UWNrg37XyGCppL1jXJ1q+DDKOvi0JR384ocRmS8mWUf9qiAMOqveix38rHezWlEm
-+4TCscq4tv135nM194D6uilzv4mUxLAMTX8Lvag1R3aKuOHio9lCGep4v776kALE6
-+9/rekRGoMwNApoaC96x+V/dkbfnjWcxRXL5TvjDwVInl+RCcn6ijYZM0HYc+U1Dw
-+MwqBCbP2Y9Ee7xcnAgPbqH2svWG7XadQHAcOEDc/DFsPRG8=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-14-cert.pem b/test/fixtures/x509-escaping/alt-14-cert.pem
-new file mode 100644
-index 0000000000..0265b5992c
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-14-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE5TCCAs2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+NDAyMDAGA1UdEQQpMCeBJWZvb0BleGFtcGxlLmNvbSwgRE5TOmdvb2QuZXhhbXBs
-+ZS5jb20wDQYJKoZIhvcNAQELBQADggIBABf7bojDeoFEFyk/Xzo50sAL+5irJYzV
-+n//5aEvUotYxQt5coi7UnkKUgdiUhIXD8WaxD9KP3nUH+C3cxAQ+I7iVjFhjqFQB
-+X4c/ZjJA2QIX7VMWA3kpOFvR5N0HHest097Fi/HUEEXNkcUtCkRNtI2Msse9uz09
-+DIv9P0IQ2TFgBRCTJwq2ZfVebHk/xoQ5fV9b0b39ts6ToiuMvGJVng2zz8fVNMah
-+hycCn0WSb6dPi9k0ItSvRTYL6vp9X842+Q0Xkq0FxQPUcvzN7D1tSmHXDM7nYXp3
-+FB6DKASp0+nn+J88RXVSpO0JedEyRDEluxHJcan+hqhWJ4DgamlVTEPN3q5yE4lt
-+Jr/R5tnx0Lv0CxDTAfZLaFiKb2jz9nVhzbCh7t21mxyb2mOM+GAxRaIgxodeNJoY
-+QA6Ezz4cbjjA72Rgi+tBxy2abXpbbJ/vX7FUhs0ICFKZJHvFoxazgtSGgHHYNxhc
-+/+9o6Y9jhunwGn/MaoxWJsdSjZ8VX7HY0iOSU3z4d4PWvIz05n4sGoJET6s1JuKe
-+dZAAeQy0V5/EzxIu4GPGrzVtk2SQhNHVJZKponZeCRruruGT5Z1T+gF5YSqVM6BA
-+XA0ZVXwOEbZ5XRIzBBbaiX3Eeful50ILOiP/uxLlcZtTtOyT4wNBgijfJehRHbED
-+ppJk42EFZKb2
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-15-cert.pem b/test/fixtures/x509-escaping/alt-15-cert.pem
-new file mode 100644
-index 0000000000..70a98fb90b
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-15-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE4jCCAsqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+MTAvMC0GA1UdEQQmMCSkIjAgMQswCQYDVQQGEwJERTERMA8GA1UEBwwISGFubm92
-+ZXIwDQYJKoZIhvcNAQELBQADggIBABIv7Wlg5F1gh0+0v/+LnushmLeypcXQGqkg
-+E2IxXC2VnZxq8xTFCHy/m1qTBLPJK5VIg5qmtstL9zIk9rOUshQvusvNLplC0j3o
-+GuQdQJNKV7rrzYYpUZO1en11q27AgDsO6lwSNg4U+mqzJxxIHc8IMeJpfaGTkUz/
-+ZXXNz04JJalUff+W2436vSvu8Y82fD72/qNu6EMiOl0EHJFQ/7eCAlz6hSNleLT/
-+N2GztApNzujbPgH7+PHOeVpwppDuXY1rkmPJMxCqkY8yOwyM5dMov0bjIN1f+QXv
-+7voxVGMTefUajKADaNGMShH5rhgjIWBgujvdCyLPr6W2R4S1QPzjx4X26eTX1G8V
-+/eTsJ6mMc+3cd6CEmEahUnc6LdEdwm+1SMRG2nejea4o8c+crwYX5KQVrqx92FqB
-+SdkdCtS6qlnxJVvSz+HW6lEM0EShvjKEz/udsnttALQjhxfB7AHNWA073o/OiH25
-+Y9QpUudmWJjOoqRokN0SV4rDQnfNcLKIoVFPu+rG2CpBDjUsoxG3/aC8Owcd8Ceh
-+w+O/DqQXudXFS3RsePbz4rPfID9YtBHrihCE10B70DUutWPsbe5lKie3wJpQbqvl
-+zp5kkI5RffVU7OFD6os3+wPomdIG21Cf/fru56nV3FmkINCabLQddes7OarQcZ5y
-+xsumEzq+
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-16-cert.pem b/test/fixtures/x509-escaping/alt-16-cert.pem
-new file mode 100644
-index 0000000000..64f852ceeb
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-16-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE4jCCAsqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+MTAvMC0GA1UdEQQmMCSkIjAgMQswCQYDVQQGEwJERTERMA8GA1UEBwwITcO8bmNo
-+ZW4wDQYJKoZIhvcNAQELBQADggIBAEID22h5WK1YJrKUmmO0owley+tL519YwJbs
-+FwbwPz7+SJKA+UQNqVXYOGLwDJ6A6OzsV1TnJuwGotTmvNwr7eOVyLf03qggIYEj
-+5Twgk57gJmqE+Q8UXUq2ocALUcgReZhluhNoL1XYQMbDaHYwh9HSOP7udEszVQoE
-+m1D74cSiW803XnqPJGj0i1s9mD6AEewPl2k0mQ0hTMM3rlE1jOCj4Jx81tWH5KNY
-+LXn/LhFomeo/LAU4PCFTt65tAomKTNXq0GwuunU62fy8pwh9QUpD3Vfrkm4+08uz
-+WXSk9PeaF8tOs5pRwVMRr0GIdnQHa9GKuBBSZEvkGTxLM+cxO7jp5qSs2IRVpI5s
-+ztlJQcJpeTRNCEF7gM98nMqDqve/IySGle9s1RjpnBuSD9UKzbMGeBuZK8d0JfBt
-+7XF3i6Tu74EbBL/mP/0xoHausW9Yo8HZhXjm5k9P7m9xxlq2JSSXeQCLbKFT/SN+
-+Q3bS6rh0HaqLP8Gd3OyU+aOOy13Tr167LEFNK6DlfSadITuHwRMNvCk8UIDRDzAZ
-+kXVXdT5UfUe4IJU6OPVsFfntTX6G8s2/K4WropnjD5NjBJ0ppvPgCBqEA03mCGVt
-+IunRhQypiA0+SilM7BX6jD97IcmnbSyQ6fUkIdDBTMlX3MoYXkT00gDT3y8D/aKw
-+KTd5SKbD
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-17-cert.pem b/test/fixtures/x509-escaping/alt-17-cert.pem
-new file mode 100644
-index 0000000000..f09f41b918
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-17-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE9jCCAt6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+RTBDMEEGA1UdEQQ6MDikNjA0MQswCQYDVQQGEwJERTElMCMGA1UEBwwcQmVybGlu
-+LCBETlM6Z29vZC5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAchR9+hds
-+zMK0NKgiX32XxJJ79tlo2sRMCZqij8Lqfyz7JDlTMSvIVqcrmimlAMX5u8BxKRXG
-+99KzXhbJb6Hnj2i6fQobxpD6nKnPSUcoiiWccmp8jmcKQW7M6TuqOfEdEnKpf0BF
-+vNFBjXGxs0KqOArX/1d0DqYS1LTnxaC6NimgvjAqKVRm9mqj62pc9//ixCgHkqLJ
-+stuoSerbo/mO0ieY1wq9r9TZT1epacVrQpJFWeJWhow94WutMNesJSWLcxX63mH4
-+j0LHEEkHLa1UkMzM2RkHTVhKrthCiuyrtqrglLsdPInU7ZYVONyUrR2D1tMy52mB
-+b1HzzP43pomBJtp3OeEZtBDwmmGgD8RBdVK/T9hcK02cvB1w1yr4LHUeYLMqrZaP
-+SJHQ7kv9AV5Os64SYW9+7cqjt1q4VmaEqcuCqvB6mORHWHnsa6PQ19myA7OdqNpT
-+WAK3D94tpbGPTzfhUCHk0w0fPzJ4A1+S6g4eHX4iQQxxDg9sXV4ZRvAEKnJhs2S7
-+OhtXdfyu/1+lfaunN13SyxMwyyxHzylEU707Sisxse2usX1Zy2zxqD+LO/9iIu1S
-+76/rquhiOFRWxSpjb7ewpH97OGFmtzfH70vBBukn0alT4xjkje10NlBfzcFwHWQH
-+59nxPd5sUEqq+DxTjoAgwO91woU7UTs98lw=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-18-cert.pem b/test/fixtures/x509-escaping/alt-18-cert.pem
-new file mode 100644
-index 0000000000..341ac0b7ce
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-18-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIFBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+VjBUMFIGA1UdEQRLMEmkRzBFMQswCQYDVQQGEwJERTE2MDQGA1UEBwwtQmVybGlu
-+LCBETlM6Z29vZC5leGFtcGxlLmNvbQBldmlsLmV4YW1wbGUuY29tMA0GCSqGSIb3
-+DQEBCwUAA4ICAQBFUk2Z1E5Q4mW7S8dLz5h78AmfNbwx9eNtECc8iLQq2Q0MuIzQ
-+noURyNSHhH2hkohU4afXjolCr54DkJNYogrBwHaNDt3Y3wqGQXc+BKRnqblfr1+A
-+1EoIaqRFjv/Mu2gB0H4U3vBRYriZu7BhQFXiQHAr6hWLG91B1eN1i+my9zOSoSZF
-+7BuemB/9F4wjvwmDJieSwOgGk3FhNV64Ce9M95RwDKNSJBTBqOTLoyvOw2jgs22m
-+MntqW9oRywGeHdJ5EucPBrZQKDNysNFj3We8H7PedGNlnG/QknE6pzpRgqbRCAax
-+hcvGQIaMcUJ3oWhJuPNscjsJ/nfaitz58nH5raj4O8JhlS1h49NpbJO/pAWMHh0d
-+ZruXspxdEwW17aMJJ365q0XyVysRHiwQuIQYCo8L7oVUsH5FUJ9xxPH22b+PG05r
-+EABdID+aDV7X/MNwBxgeBOFVOgE5bfrH8NBjkx/F7ID/hjcQDLVWWoFnpIjekebC
-+EeqTRl5TcnoN9Dc7zkfwmuYGoaYJrGhj7WRvfFgcw1Cr1xujiJtoKbEbMoeD45+H
-+SQ8MwBb37Gm3aBNakpVmJlp/QZSJY403hA8QrZdjnqoS4THrC0+gN2q71aZ9ZCZY
-+3+OPNg659ZcYvo1onBSA0p1WGKEAWdHKqZCVRdsl5LnRg4H5gEVW4gmhjA==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-19-cert.pem b/test/fixtures/x509-escaping/alt-19-cert.pem
-new file mode 100644
-index 0000000000..f163184204
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-19-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIFCDCCAvCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+VzBVMFMGA1UdEQRMMEqkSDBGMQswCQYDVQQGEwJERTE3MDUGA1UEBwwuQmVybGlu
-+LCBETlM6Z29vZC5leGFtcGxlLmNvbVwAZXZpbC5leGFtcGxlLmNvbTANBgkqhkiG
-+9w0BAQsFAAOCAgEAWtSJOhwRpYdB/aq/AixRTIpwf5VR3MWaDNh7clpnpYhYoLDY
-+7dJ8cv3AR5dOScFXLrCZ2UYVD+tTPyt18opnYDT4h6If/U9TTHVu5tRSX0wGIdPc
-+j3zVVegty/HWMA5LfwygNTvZjgXhocckNND7hC42+BuXE2bqoqnkqMRer/R+9PmU
-+FXpyLk0aDl2QmspDAz86FYpEuxpMfmDNmM1nWDz+n+uBbeuriTttsFqFWkfOGoNN
-+/3tAmUjAt5IqkL+7rnDt6Lc9inY0z3uYGJEdqa0GJJFJ7U+8wcw8rUwvKETqAtW1
-+mBOswkoCImPeNDpiqiotwl4cfrsb1+j9gNpYTP2oSurh/bF0mxGLoJa1iDeibwqg
-++f6oWcCdYQ94ItvS3d+lNXT0MWM6HU6sHXf3+5SqvsvsKjUBRyy1Nvnug1bha6Qv
-+bdeErN0ZSGy12Vc90Y5fpl8kebmYiJc79OqvuTNDeRfgBm+U4ASAj/AEhtbN+wDd
-+HrUHbk/9U9h0UFRZ5s7Pqoy5PEoLRoFeA/jQQa/fLC8nl7YTSwidVgj8cyAy36sV
-+uaBNXrcgelqlR26SBynXM3APaFlv5IdSlF199swMCusQrGbiNajl21TUm+Iv+84g
-+x7rnUPnQ1grkLpMOBtGaraKc93e2VfH5bAZvyaIq99qdA10ERCtE2grvjik=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-2-cert.pem b/test/fixtures/x509-escaping/alt-2-cert.pem
-new file mode 100644
-index 0000000000..6ae58f5636
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-2-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+KjAoMCYGA1UdEQQfMB2GG2h0dHA6Ly9leGFtcGxlLmNvbS8/YT1iJmM9ZDANBgkq
-+hkiG9w0BAQsFAAOCAgEANTZFCjNmspLkZaVYkcAXfT2poPPWAu7wS/wG4VEmKwPV
-+A4dnFV2McXNW/iyABeoofeIjsjiYLpxTvz3teD2JJh+hidNED77PV7f4hj7vs4Dn
-+DGB3HKJvTD63AVOiPJ4bbfUyiuvLO5TwdxAGm+q9lsf/fWFraTF2qlnFwyWf6Qul
-++NQo3bM8mErvntZMscq7wo0cOdAXA0bNqxKS+IDnc+HLxoEr2egbRJmEagMgV4/U
-++AGVQ1sY+HrEszOPUA6NZ/OzLuXUT3swm+4rqJZEQ3AVr2BdqSzoiGHqqzmfKO33
-+sODcYXuED0sUkIhRZE1vW+wXR94WQsT5C4MtHabNjpPLSH7cVjGvEfTX8DJH/F7p
-+OdMmXxvPey0wLGJwoZMMhG/XC8Nb1g+qCLLou9WuA7KHMibfiYdBnPcMDg3fwWwg
-+pYzrvK/S6f5h6TS8y9zKxCJwTdfC7f4KT6EjxQFhgHCm8oFupOLSEZKF0UmLMeOA
-+J504ZnGdhEG5p9AqQNBlyBsGGmSyQkSJg1BPB6U7wFBSwrXS+3b2ph4J5RivH68O
-+CKjR7yWl7M75LOa1dt133GmhPUUGHLsjHTnuCDVB0eHcgboonKTjCSAmckNKm/uw
-+tAUMkO3puty5JM38b8AwFRDXLnlWdSsNr9j243SHOfKyFWidjwglRpVGBhoECtA=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-20-cert.pem b/test/fixtures/x509-escaping/alt-20-cert.pem
-new file mode 100644
-index 0000000000..eca176f2df
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-20-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE4jCCAsqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+MTAvMC0GA1UdEQQmMCSkIjAgMQswCQYDVQQGEwJERTERMA8GA1UEBwwIQmVybGlu
-+DQowDQYJKoZIhvcNAQELBQADggIBAKvkEHjR6lk0AlKiC7oltE+gp7SpVHdKs7I4
-+zswnbZ1EcddA9D6hjemU+nIUriLkt8BxY+KxNtkwDm5mvXZn5E4XDXzRDsCdNZXE
-+qx9og9LhkhfGbPJ1LPutQ0VmqPwY17mRUeaLhNIwOmD7g++oVHYmZWqA8tHVB9f+
-+gP5Ni2x/PX772Vt/hIpI14VoYIsMFs4Ewjc0Gc02DvOdsDT9eUmAo6GNOAbxeRS/
-+D2D0w6CQhwJ+cemcAo0lGw8KemCYfqzL+MQd8wUGPsiZgm5wQACOp+ImL4guy2gX
-+h60W9Gtxu77jsjF7n0n4LlInylrZAgw09CkehUfF4+cP2kZDTcsuqOoCVYATAGxa
-+49ZvuRHoo5Ine5PcfuARS09LmxgI0fdsjaRvRELYIRWHTvE+zCLlNkxkpwXULgZZ
-+bpJ08L52P+jz+HJPeiHZnYKXgtXyGLpwG1danS600tqiMmDh0G9Ss+UzwhS+jhN5
-+viIvpmns0zvI1Z1IWPw3y27pw7rmLVcFMbEZFK5mwHiT10iRrT4sxihWIT+sn6n5
-+5baup/od4kSJABQy9LAuhhuZHyCfxC2yPYz70sP8qGVtY+rA3LNe0ns6pY1L77DR
-+QIRD/Mm2hql91+U222mxikdT4WQEheh2cLwdg/T1uo/SQDruliNZncdNbTGDmnhc
-+cg1mw5tk
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-21-cert.pem b/test/fixtures/x509-escaping/alt-21-cert.pem
-new file mode 100644
-index 0000000000..16d5e7265b
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-21-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE9DCCAtygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+QzBBMD8GA1UdEQQ4MDakNDAyMQswCQYDVQQGEwJERTEjMCEGA1UEBwwaQmVybGlu
-+L0NOPWdvb2QuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggIBAHdccJEkqezS
-+GSNNVIWv9XffNTrZnejms90h66UDC4O9shHMy0aNWgmGuu7uFi1BK4sTciXT+ZR5
-+3+1ni3WKMhJ5Iu1aNlNeXULOlmuHKVJKrAj8BR7lflSFqj/MHnw22HU+BTmddZPj
-+F/OCl2W+O+eUNBTTmYI2+pZgmyyU9v8qEwLZn57qlpAJa4gpnSRYQS1xfSaUgAcM
-+xtZM/AE4F9mDFOdO86/RxXsYRyT0+sOGmaoJrlTWoKduoI7fhzQAIGHnhn9yBT60
-+0K6LmCR2dXRyLxxVTy0Laiz487IXpQTJ8jo6c0wT6SeiQBlE0W3FTH3IM8Shzd7b
-+5tbix0bCR1pUT2Q46oaB4xkEweKNGKS46kIps6mpTav3TMhNDVyalUfF4fOu4FQu
-+RLB6B/I1TI1KHiTeD9xfNInBAdO9ewjWQ9spFei3EExZmvnnWKZIA82mjG/9Wcdh
-+HFK/uEylzo1Nsxujv2V6ueMYc0pF4XH2U1Azjxb0+pWUZhoy537Nlf8b+PO/GSG8
-+del0yPwf6JP5AZdXfiV8vNqwEGCC/BEIPrbZ6Zz1q6lT+7GZAGkzbMYlfkzA1lXh
-+JteRIracA38WfQOHf3FOPYvTBOPlVHWB+tJbwlalYQqCPupMaaxxizCLPIsNvqdy
-+TAtC5Jbx6N1DdeyHpRuKRUe1M926oKTp
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-22-cert.pem b/test/fixtures/x509-escaping/alt-22-cert.pem
-new file mode 100644
-index 0000000000..5f89b00dfd
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-22-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIEyTCCArGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+GDAWMBQGA1UdEQQNMAuICSqGSIb3DQEBCzANBgkqhkiG9w0BAQsFAAOCAgEAE8vG
-+nLYo/G+3Cuzir4toX726vLOkCEqZrkRE18dc3px/CgmEI/6+4lWjp3u/9MxER+kT
-+t5o5Xin+vmg5F+hocR16mMeX6pjD6tXJ+uzDacTxDgRBFdbqX4x8Fjiig0FXsr3H
-+jFBY2c4UcKszFlCTqjH1/RfwLYJPU6Q1WZM+1iJotSKnhK7y4A/3jho7sL0PPuMG
-+WEoxbTBmpAf+jPT+LRe2MY++VnVJHjlPba+S4Y9PHOzizQuIJs7YnhNIqA9So7Iv
-+eA7Lp8GID+w/eY4DEq4z6CIuCplKZTrrWH0kQbG1sV4J5+W+JL0DOXDk91JwkOPH
-+rWf6aOb3akFRk5Z/PrrcTAlqtApPQF4uGycQBo8KgcatZyP/3HZZHyyxhEjF9sw/
-+STHm93GlCIwocJ+SkwjBmdupv6Yk8fRmA7LinjVvi7EnQQ7qcRE3oUCPPReDD96G
-+TuDsGkQbv5WQSh+0mBAiTFze3C6FSNcldQBrlWReqOj6pVWtUN49lpYOJ2XfLCQe
-+RjS7IUYNn7Ku3xXi2etgNzmJXcSnNXZkh+3henpFqkwEFJ5b5RgOHXULTwoqo9KS
-+YMs3eKHp62J6l0pQD+wTGUyVU8cJghJ0hR1WnNR7o32Bos2dfBmIQgET4ZH/P2+H
-+A2gtbJO5mRsTvuD+kZut1jxJvUzuO0yZoNpuUVQ=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-23-cert.pem b/test/fixtures/x509-escaping/alt-23-cert.pem
-new file mode 100644
-index 0000000000..5cd6795cde
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-23-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIExTCCAq2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+FDASMBAGA1UdEQQJMAeIBSvODwwiMA0GCSqGSIb3DQEBCwUAA4ICAQBps3VQshvW
-+9HDR2oDXSldWNW2SWksa+9npI4IEMDusiDbLdR0VBphw2R3iUuJ4IAPDc1s/SMi0
-+1t1o92lC5zVeTq9LvOOC1KxwbZXDubFDmdsuJ/DYPDkaRoDqoH7eFsJuIyD/TKqm
-+HXPYmWmjUNv51SSLTTqPRz2TmLQVA1Iw7J7H3fz2LExsAtczx6gRZJPIZGdMx6do
-+E67SUp/2RPYtkEmmCELOxCAh/Pzm6pBPncI86AMTNwppl+FpqaH0LPrqMre40tTt
-+cQq/0XrMWRoWsS3VU8uor+aGTnNp5VT3ZLVmXZNyG7nISW7ERaGCeTZJRcqwjeH/
-+yPxhQc7IpYCm5x+HN2sDuvVC7l/q1A7+CbO3jNR5Gb7aEEyGiKb5ZkElbsulfwom
-+JOg1K8+SBDGrErEf0MDCenKY2g0lhpKGBwu6O+RVmKbhlHEjt2/31/NCSBMLopdU
-+AmCNoBo3+KaRljo1lVf7tWbffNRCqsbPZPHtq9uXs0DliJTUroaJ584h92VrSLJB
-+SdAUVLAwzmwu2Pa4bp0STv5tJy1hFNJdVFQ4rgAfaFudXy41K9zqrDCB7RbzX7Yi
-+97TCDu/phzkoFpOZabqTrvcP13N0wfDeOx4Y9nx77aeqTAaQ0ooTG9IWrHmjuUKF
-+wpEXQBfkuXug5+xq/hlCllkPj67cIaldDQ==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-24-cert.pem b/test/fixtures/x509-escaping/alt-24-cert.pem
-new file mode 100644
-index 0000000000..2a858dd39a
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-24-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE1DCCArygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+IzAhMB8GA1UdEQQYMBagFAYIKwYBBQUHCAWgCAwGYWJjMTIzMA0GCSqGSIb3DQEB
-+CwUAA4ICAQCKRaPaQO4+oztra70h3g1qwmJurQ1vGBdcXh27nf9epFAwhU1zL5v7
-+7wN7iclY15BX3w3WrZ+ag74AvQLG6WQkDY1JCmidEjjt2bmVTxIus0H9Bb2AlUEw
-+BtVYMJrr+fiWbfSwRxhMQa9BQ6ZcUA7EluYQFApo2m7GIcMc4x51L/bwzmsXYj4t
-+2tjnkU7clL+7GR/w/+ZB7nIe80j7wYvIbOfMS3Yxh+uu0aQCNdoh9Tsdtu1jtmJv
-+4lJ5aZIDABE/XIFVkWRyHv2ou14J/LXUKE3HPEhSKWu7GShrdTeS+gZpOixM+uPG
-+ieHah1GfJMS69P82Z72Cr7XWpQY0NKwMB+ePhTzz1LMBHQ5ySXQCViQRClRMc5K+
-+cXZm8cs6oe4IEhMcf3kc/9xblgRWqxX7vsb6Gcrn1eXsfxco17S1yNBzTt75ybt9
-+kvPmrWqpg+sQ0r4473DjEASoSCPwlzCpd7AHOw+XxSwsOUNXkEnXMa2v2VHBjx06
-+QnrLenB/n7EQ5Vo9JLDMLM6ie4gfehHxfdyoBg21jN9eUPpKGnjARVvyfDWV+7rI
-+ZHU7wc2iMnqroAqm9FZ0YBqZ/eI8M4ZAYSvDKnGZQlUWfhdNDhI4FsHBPymMFtjW
-+ln5eFUNLMoitMGs12Ib+omr9WSTxRj97GvRkRTNK5Gxmo9Mi/Pkxng==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-25-cert.pem b/test/fixtures/x509-escaping/alt-25-cert.pem
-new file mode 100644
-index 0000000000..695b8ebba8
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-25-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE6jCCAtKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+OTA3MDUGA1UdEQQuMCygKgYIKwYBBQUHCAWgHgwcYWJjMTIzLCBETlM6Z29vZC5l
-+eGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAIgp7IrYYdLCoUqg7E4igLD3u
-+C68B896uoeenMmTKDfCzvB5svYKZlfIi3njJUZ2G6kgBNcSd/mwQ2ggex9AEUiGp
-+uaT7Dpev3RpwtCz5zpOZxN+B0LJk4hPzzE4sjJFrmHRgJVzADL5RdcEF7+GV81nP
-+X/cXviffkxSihAFALArAaOA6/hBoT6unvlDsY3cxgZWFl3ao76vTQFLs7ZNHYbHe
-+WDkkNpheWmNlOrVTEz0vjNCQz5wYOM6HJ0O3cxzR/6+OnhPQagZRCWApPopYGuxc
-+kXHAPbEkXpVzJTrNgHIvZ3l3JdJSHsh+DdGVz1NY4bogQNKCVa3xt+zLpUrr34XM
-+61Z91MekMijfjOsy7LGLSBdCPCZ00enXPkflDEhv1kRlbo/ZdYGHynzl6Xzu1A5B
-+nuwDbpsCzR6ij8fZDXGUS7F8Iemdfag4XTtrXnVXLgPpD/FMzJUx4kCIAjgh2MaP
-+0nUvZDVYt+GKGohCNDrSt2ByFtbYGaX5GeMIp8zW+GT8KUW/K7pp9PjsmzG6vvQd
-+kqxB45ddf87E8NoDWh/ptdj3pjfbDc5A1SeXKGXrt1TwgWHtUNW0zF8qOuG+PZ1P
-+u10lUx4gayyF3unaSLZwYu8nYq5C7mC9DjjnbjLhsh0VOIEEh+Q8vJH8OvZFkyti
-+l2ADXC+6evQTvqLwXi8=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-26-cert.pem b/test/fixtures/x509-escaping/alt-26-cert.pem
-new file mode 100644
-index 0000000000..1204d95a8a
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-26-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE5TCCAs2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+NDAyMDAGA1UdEQQpMCegJQYIKwYBBQUHCAWgGQwXZ29vZC5leGFtcGxlLmNvbQBh
-+YmMxMjMwDQYJKoZIhvcNAQELBQADggIBAKmgEHc9b/bscpyO5mTKrITyoYtbhz/P
-+0Uz2Uc4tKokUI9EBuuD/XX4EjtVzne9mssAAs9EhBSFmNhDjpAUYh9n2cFvAJQit
-+4d9EbaNbB3SuzG5onu8ZBtfLsABr5L5tQspO3tinamSM2ZuRo4dvcQ2a38C38LAQ
-+HBnvZ744Th3LckPMLTWNChe3E2jAt8Av0XA2yVJ/B+EeEaqSYDALKhI49CLeq96L
-+m/Vq/mqADborW51pMNFn7CAF1jxizQNHy6K0E95ziq8q/OL7j4+j8Erh4x7bcjrQ
-+X04Z+hrA9q5AjG++ieztKqGuGxHeSclqBhOdnU0UI528Vn0OXRxeMmbqMF+qhx17
-+nHuxxs4z5CIdTwHA6LgMUpDxcOhdUctIj32gwZM3UHI8lmdRTWn13y/Ht6CpIXCL
-+1ohSXne5y34z4AKeJQpdUfwQD552Ui8B+bhH1JBm5phjLn1fboXCYiCgnPQ+SJzx
-+3hsIv7Fji7lfk1UPkr0s7Ze8b/seYS8nVB5rg4qXEwFDMo9zsjCEIyg0tKwj5Ani
-+HlYzqjjsIK50TPjXYOA9J+NHcBDCDa3r8TBtRGtQqOXQGzvWTqAyT8Uwn7jimmh+
-+EGDr4PJSTJxv43EYL+of0sRHkOhnfFfJYF9vQLT+wD6l+6T1xNPE/gjX8DyQS9a3
-+zOgdOiTp0AKH
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-27-cert.pem b/test/fixtures/x509-escaping/alt-27-cert.pem
-new file mode 100644
-index 0000000000..268abdd300
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-27-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE0TCCArmgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+IDAeMBwGA1UdEQQVMBOgEQYFK84PDCKgCAwGYWJjMTIzMA0GCSqGSIb3DQEBCwUA
-+A4ICAQBtXT+t0fuBRClJdY6y01k1jqcsXEkmKOr4czznuiloGVEjpbjmxzxsgvzw
-+nz3od6Sx56SHG1xYbKDCapX9Ld2IDsPvpF2wdH2wpIS5DI7tQdBpLm7vr3vTYKwm
-+Wns+WKO5VBHDLCyuYvHNo37MJCAfBlr1ni7BCLOg3eycPiANJHPD2T9BnXlJm49K
-+166VMviuiLBEyO9tadhvQHGqCX3D4pW31zwsKHvS4wau15N4yt053Iac6eaysdTp
-+mspw5jX85tlQ9XxKNTftUVJU9Uzk2ll4A0Gvnq2FEjiqf6m3tye2nsqDI3C81Dwb
-+Y/+AeO7ZsVyLpIstfUBFmpLGPUoZ5MNmgrboGf8K8dPPgVbmbS0msrsI4LWSQb8P
-+R2hzj0F7bFvgbZad7rFXJW9FQOqTwvJrZBkkDpZpeNbhah14avV2Ftrc5+PtVfP0
-+jB1L3nhc5KGpGL4xqE19K+GVR/KBREgiFD7B7NYUOPt9NjFTrbbC3XA8L0MC7PNh
-+ySDN/NCiIF9K9MtpC8BYuNBlRt5C82L37qPY4Tw3z9sCyXK5oOQ4xdbdDEWdwzc5
-+F2S4zfQiB7y+C9RigOyGPChxBqDK/bCExrG1S2b95oP4QMuaL55iXnaG9ME8sCoa
-+cUd62cMPk7piQW29oFiQPYsStfo09u9JXbalKhol9oPrDtQfrQ==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-28-cert.pem b/test/fixtures/x509-escaping/alt-28-cert.pem
-new file mode 100644
-index 0000000000..147fba3aff
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-28-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE1DCCArygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+IzAhMB8GA1UdEQQYMBagFAYIKwYBBQUHCAegCBYGYWJjMTIzMA0GCSqGSIb3DQEB
-+CwUAA4ICAQA2KjgKCSLg/rDajrBTtVIu14rAP1pMwFZWrxcpTbN+fOs2dYQXZf7d
-+/GaozSMSchjPAJ8lTFfEB20Mur/E284LlQPuQKqHHn3gIh92VkHHBHjj0ohnfigg
-+eBHNMUisuGyNzKV7VI1+iwCoPBZC7ptbE4X08osVxxRESj+IT0TwtKDONTIIeogW
-+6VhsKTQ1HM6AMbhVe0Led/ENxFFMquB25GG/hVB4ZzPmsJZzNdZYNNMa34kNcMN3
-+5OFcxWV/4Hc77JYsqM9fE9gBaKC9pQE0XwIrOMQSaGYx+GO8Ty33YlM+oYBt6TMH
-+/9oU8HVvEYW9GAyptNbXPOwyv/wikNBsJyDGfvuDoiTZ9iMFb/bEoWHSK/rYmAgk
-+D272zxiPS3YgaZkvhlYZ+60w5CCgXoN5L0Zq9yAOTv92/VHFnMPrTP7zfD+4eUHY
-+lg+A7pOCIUK4cIDUXQefn1dU5/8DHJ8aM+KQDBfkKOH3me3GzIKjtKQjhwYFiJ8L
-+vD4V6+nq90GasShQDKUbMVbCxfyqlvrXOP0an+FxdknadnD5hRT3UsU9SRxAdkXi
-+3er2sXpuULYqOst55Ahnj7D5uDN4KBoatZwFd1iw0CVPoox7ixZ2zOAkwVqzaEAq
-+0yWyIlELm9/FdF78fu6LPrFKI1H4MH+0TQrF4MiyJWPvET7t8WKJsA==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-29-cert.pem b/test/fixtures/x509-escaping/alt-29-cert.pem
-new file mode 100644
-index 0000000000..434bda3e8e
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-29-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE1DCCArygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+IzAhMB8GA1UdEQQYMBagFAYIKwYBBQUHCAegCAwGYWJjMTIzMA0GCSqGSIb3DQEB
-+CwUAA4ICAQCIFfHE09aftJrS629ZBBRKjRiVcxN0/FjeEHWbnb+3Re/LoU/Y64BT
-+LmjMBB6wik3JxxUtLs2UYExQKfz3zmB+O99lR94of3V3RXPCe9Dz8C12iohYBvVO
-+q+WzXyg8g4zoIndn9+ByR+JJsuk+WVTZd50wRaRvssUB5yhpLaFdZpnLUBdV5J2d
-+shmefZxr0NgMb9p75wvWgZ2BiZQDeTR93+PWaZTMdSxZh6ynfG//5sxxw5fLm3pv
-+eVo3oQQ8px9j8G83ouiDZJn7XZgNfXYNq7wo3yaqXX0zlCE00K6tXGI6FkKJnVdQ
-+si+JYfGjzTM39JqFU9YYOOc3Gfw20iKIEQ0jnE0Z+z9Pv2GAel0UNdovluttxu9R
-+CJcPJOLS+TMd/sAwCAELvhPpeWsDLhfd+lG7ofE/nM6hzec6apWYyCqqlYIdE8WK
-+rtHXBIMGk/5Eo+2KDGQHgpMs/P8fNUL6FBx/i1pjm5nSHveDQryepEmOJq9NJCBW
-+1AJhE4jCXMv+43Fnr1OSATNiOd+1KfQ7KC5PFkpZLY4GDFZcbLBKYj1TWx4WzRnm
-+EW7cC/00Z3Cd76L5i+y1Xr44nbQcAMw6TlT6vvZjFCbCO+ZDUJSZBZMpWwBI/gAf
-+MNzYPltOGm+GZUuxib2MSF9Qy8c9NegENmsK+zyPT3N9mUHCl9nknA==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-3-cert.pem b/test/fixtures/x509-escaping/alt-3-cert.pem
-new file mode 100644
-index 0000000000..59185b64a4
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-3-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE1jCCAr6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+JTAjMCEGA1UdEQQaMBiGFmh0dHA6Ly9leGFtcGxlLmNvbS9hLGIwDQYJKoZIhvcN
-+AQELBQADggIBAEKwv45Zp5xJEGENPrOIwrGmuBDMtBPmXtSKydKSNUgrv08u4dHL
-+n295L7jIwQ3SnRjS8PrZWD8RQ46hgFRY9pqk1uTys4jB7lki0eAUBC7oPn7q0GUv
-+ojdSwOEjp5bfXyuRv7Z+3y2gD8pcCZsqcCjF5Svim6Q3pXMLRKQFhzhzL9k/gsNF
-+lJ8KcLBECJSm5nUrZIRHPdIGYmWJG+t8CfS3E6OIyHILK1xCc1MasEpmYVoY9uzT
-+2W2z+3pvwQqfdXO+lEOsT9dnjM/WbnkQMTWAn+++YFtkvA4kON4b/cp9imnXok02
-+vq7MCbN+b5CJXIhKMC5eNA36ez5hou0MUmnsNo9ai1gVJXRoL67YgUh1yMfcAaSM
-+Sfy3UBF++Az/yQo4AWtqWk4KPePdcsrYo9Fke1inUl+M12gkdIz+efbElHMqehbt
-+lunbyFI/7CY6/Tno+T1cDkQlTouHK8Ddb1cPhkJbE4euRuLGdtn2AcFSemYGtib0
-+ffuhnEBF8M8enPVyLjYA/3sELkmmaHMtgDTm0+XYQJtjIbvGcY7+bftPZgbXPVGv
-+7+tiYjwarIexXN5yzMasgFI5+7qLSQJHcmwrzOm8K+Bzx34f20vwR4M2FJ6cqUeN
-+qzdN1HSNp8aYNilaFa3+hfGRG9CZnVP8up8BwYx736EMu0G3yAp6UqqJ
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-30-cert.pem b/test/fixtures/x509-escaping/alt-30-cert.pem
-new file mode 100644
-index 0000000000..1b67d1f782
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-30-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE1TCCAr2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+JDAiMCAGA1UdEQQZMBegFQYIKwYBBQUHCAegCRYHYWJjAGRlZjANBgkqhkiG9w0B
-+AQsFAAOCAgEAgG06c7GRpPohHa1X/YQVQGWa/J/f3qok3cu1nrD2H5Dkw1eAVPcQ
-+lsng08lOxwSI0OgqJw0jl+ljLKuhHI3U68KbFmUO3Jw7uLDk1+UniRSNkfxVOrlc
-+7YTlmsxiDgQdX6/TAHu6bERx147NqVzB4/I6qpX7ouLv4E7xdQgjKuvhWlJ+Fg/0
-+pQ7EleQymRN6Y8qO6RwEWYao5pypg8/22cE3jgXleLM+5qWHqJs2ZewPQf7uo4Bf
-+IwSUV5H0weftiSN+kOLYiNfUago108VHuk5sCIKr92q4WAJgA5C6ylcUWaJCKbCv
-+HQYR/QG10Mrn4JCzzni90aBHrQoYQ8msEDH1QKyMJiNz6XXzwBP6bvgPlB2f7nPW
-+ERpH45M2I4Z3dZYFw8bF7CcOIUuR0/Zu2WN22IhqhjVQSZPzdRWJt5Rr1mFUz+Nv
-+Ymdi0w68KyRUiuOpKNLczDDnYpc9EqGBprnMOxALS4mQn1ySBXbZAXnTTdEzN5fM
-+L4CXWUzIBVKv56Mn5YskhbCd+N8GV9Nj/A6dBwa004CQxbgAj+ndNWc7+h4iSNlz
-+9VPHK2Kju6j4fVpe10jzSoEs0nnrsPy5Lxa6C4KhXBBJ3cPl6wWNe2mgbEqG9Pq2
-+KrCizuFkIfZTAeSrR+prZXLw6cjmKPPEtNbK2JbteL2SEDT/3AjmmZE=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-4-cert.pem b/test/fixtures/x509-escaping/alt-4-cert.pem
-new file mode 100644
-index 0000000000..086af8e02e
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-4-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE2DCCAsCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+JzAlMCMGA1UdEQQcMBqGGGh0dHA6Ly9leGFtcGxlLmNvbS9hJTJDYjANBgkqhkiG
-+9w0BAQsFAAOCAgEAPu7ubyZw1rOQJhFX6nBHyCYaBzaKxRZOHOFCjMrD/YQXPUNM
-+Hs+8ChOeQ4M82jTyiP7XgF8EumDcckDIlIYvGXGrCB/6VcCVL1vPPtzjSaiF3PlG
-+/dh0OlPvevr5Ajz7ZtFFwxeQ2EfsHiry8qnlDJSEjrh4Trcx9YzdkSZz8DaoODXz
-+ctR/p1JEnQ6h/Axa6hdqTzbzTsINN7gD5Wi3ObfQbK6Ug/CuH6Zr8bdTsmeGcnD0
-+fqHptuLVNcROykneYziXDzcqGwrZnYaOF54a4ibV/OfrBcgEKeDwsCrLs3nztSC4
-+whV7DXZwaLl2KWl4/suBNI1cIKbxII1xTFLTog+UYz0zSZGPrtbt7zrlM4yG033t
-+h9xIGUKebaNpQYkoxOc/+kKhbKCeL3klfxJoX+6Gf8DkTP7byX2HovfWV1rJbh57
-+YZ04Bh69VmyxE4iyb1tAh5xh1bArCR9m96eXS/0KIZbykxltQGyHf1jpWw/4Wi3n
-+oadkpMcyNX76M1xBJ5u03JL8+LWrXuzf/ScWdmPUWulAEhbo4fn4oRwP2C3l0vVQ
-+iL482cIq1zF91lssRwQ17k38phulRdm+7W65/VI7hLoG6lXiSiHLH8e39hHO8Jey
-+Z+BBvn8x+aFgIvpBK/MX35s0gSrl/UiIZPU9glnktSsX5D+aaQynbuvbOW8=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-5-cert.pem b/test/fixtures/x509-escaping/alt-5-cert.pem
-new file mode 100644
-index 0000000000..04a918008c
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-5-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE6jCCAtKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+OTA3MDUGA1UdEQQuMCyGKmh0dHA6Ly9leGFtcGxlLmNvbS9hLCBETlM6Z29vZC5l
-+eGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEANAyZnL8f81Aax/0Rhw3CCdcQ
-+SXF3dpAolObQB8rlirRZ7yOY1v3Poj411aV0x9zM6mjOJZwarUTL7kbO7odQxGhB
-+x7O0DvUoG15VTvs0XLNHTPgnXtNjKOZ7XXVMzb46APfYSqdzMqhRWfy+Iaikp494
-+urtqkVt05q2amzq7EXbXI8JQWhkJkhjBTowfZnpZUw4JeeqMNRZT9Ldv2XDZjaYS
-+lkHOLzTmSmm2mf1oxhKGcRCgUCr/pzVUfDA3RBz25a6PWAQt4b2r8k5jydWyOeCZ
-++sjacoK5/E1PcdaOFJAjuAfbRMeK/gz2+yJwaB39Yh77t/9vQC0G6aiAmO0HxjJE
-+L6Lb8BG/QNYBS7gGhzKFVXVVv5yXRioO9vMv0i8uxShqD2Lo/MbrNtRgi3eMFESd
-+3NxUPXS1jMq2/SaXrENdKqNNi06LbnLaYpI3BLZ/Katq0V9ESlhcC2nT5uNBPiLr
-+DNSekaIGobbTDkuV896L7jqsQpU+sgs4XqaISGgk2wAfnwbfpeiBCL8oH9yCYAO0
-+1YlevrMGjBNvhysoABv7qaorqeL97ffRhjOZ72/fm2axD5l9MvWEFIf7L5uOah0f
-+hF5vScQYgyWNuK8wjzT2tl0CuxvEyI7N4fkUEk+ZMkyI1Obx17p+d4SFyuq7wTXR
-+05oWMsCMDyzxvFDv92w=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-6-cert.pem b/test/fixtures/x509-escaping/alt-6-cert.pem
-new file mode 100644
-index 0000000000..6643519957
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-6-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIEyzCCArOgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+GjAYMBYGA1UdEQQPMA2CC2V45G1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBB
-+lBfIjUH7/PbpC00TWTOSR6sAzyBr681lSxYAgFLduDdfR/bTkI1p7txIAgennoUq
-++9slIIMaR799BUtQDfAQRYdbsWiG/+5Lj3JXs33LPPTdW1C97LOPlnnbRJh1sjbi
-+UfGdxvdPA6iuyWhfwPZd+4IrcN+kefkvEnRkvDMGwmfmKQDjbu2mSIAIe+ECyLLu
-+wdSI2sPBSUKQEKk+dABYq9TcdxlA+OSPjgs5ZF3NK3s/or7ay2r/i8be5TswY4Up
-+IwByEk+7AST6ijwi3P8EN0HAyyuOfpBelWZCQgdEGt40Mpa58AwBGqdrCZ5wDAz5
-+nBx6GscZUsqG9sVM71Tgq7Bc1b69FXUYAhmFucnXizHv1Ys0oGQVza1tkKbaLEFQ
-+WvXWc7zW/0hTzvmtogKn/oM6GoNcQiW8KCwaCJq1TTv7Tip9znfB496tDruOr+2w
-+HoqZTJ7ERklz0mlZ38ISTuaz+Qkn1KjBYh4tgP/wZIjIyppAaAr+JdqXzBejfb4M
-+6x0S1AG9QgvyR1xDv3Vljjkh3m55kktTWSOfjS6aSzomaAyVAgi/vhHkxhsoBhgQ
-+41+ffkhM9ps9wkmguwqOXsByQAZUQEJQigO39qYuGuJEDV8Bu8i/T5BuuJWP4BRF
-+X+now5ObP73ufyFwYGsSgblivHUX4z/zAt4kp4AMXw==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-7-cert.pem b/test/fixtures/x509-escaping/alt-7-cert.pem
-new file mode 100644
-index 0000000000..6c0f287a1b
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-7-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE0jCCArqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+ITAfMB0GA1UdEQQWMBSCEiJldmlsLmV4YW1wbGUuY29tIjANBgkqhkiG9w0BAQsF
-+AAOCAgEAKmYr4QEnNq1Sy9lYePNRR60jufFXk44bczNT/wA6kvXKgv472V9wltVb
-+yJVvYUWkTO8ahlELNLfqRcuih6myV64WJoewog8mwby0lBYr6bAz86DdeN/B9rFD
-+OYnev1Ux4um45l42XP8acgJCoqn8+EE+H4AeMrz2xxHt+IDy4vUOowZna82f1Pcp
-+O+vhod2uXlukfnhofVK4lMHl4++4kECkmUYl8U+L/zXwzOb4S3Yksffmadgo7ERk
-+rJYLMLztvCk6TtP+p4NcvrE90dmss7R8hfw3asfjXsRbAMigdfSMKzGB2IHoHeV6
-+fpmJy6kotfwulDrbr2QtrWOYdMrm1wT6ohT355KZQxcZr3VcK9gqEjcYafqIsXtA
-+wYAaorKXaz7UkmFCDbk/24UuHgNgCl4KkGsFNwW6whTMpb9WnvPR7F798tiIbOL+
-+FK6yA1q3Z2500lmloQWcUFBX48DViG3bsTJ9wmQ28aPqHVd5gTmTm/7W2iRGx36N
-+PmbAk17J/bUzUSORgrPi2FLNNFg64x40pfdAyrF9ZBNcsVCFCUgOQHgMh4OjX/n7
-+khmNbMYiOvJEoUbZ9flNr4AYY3ucpxQ2peTl4DNsVZZ8Xyh96h3URu63Ji9+xLrQ
-+jSUtNHUCJaC3E9yTaIDc8jMli9s5/ElDZRkPxRP8o4VOt9KcLvU=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-8-cert.pem b/test/fixtures/x509-escaping/alt-8-cert.pem
-new file mode 100644
-index 0000000000..201b520f8b
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-8-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIExDCCAqygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+EzARMA8GA1UdEQQIMAaHBAgICAgwDQYJKoZIhvcNAQELBQADggIBAHfvavrzBLuS
-+MMJwNkJGVt1W856zeZ6NZJ5vx2ZXziYxAkzw9N0pLHwgfzS8pXEPSZ6vMoeYMaH0
-+zr/S5tHSMGEwOp/dIoxE4Hm1uMzugHFxNp34hvqsaDbwKMpQQzEPhN1QvAkD9IXL
-+H2wOLqm+ZaTkT3OvOyJoml56wyUJ0nU746RuXgJHTFiWsUTPqT9bvofedC80MUyH
-+MX2lA1oy8nzJa9h7JqsxOE4uccRhpCRf+PxeYvOdsUxyDWw8+rjwe4Ulr0yVjwnD
-+x9ha/fTl96mYXyJGLtQvZmkllrctxcs0o82+wMZWBw4iPH/VnI7dj36b2uIHdrrf
-+cVurEPcVE03zLwukjQPZh9otleTwmQI1wqg/Gm2OahXy/0f0fpBDQnPycczn8nFw
-+nj6avmHubWVvzmEoKmOtavGEAbUn7ntQfsvM5JpiM+ck3MDMP9i9cMZvWKH8Eial
-+ZnYcXkgAatWwp4Cbsv4H7LMNisKjrcY+r+MpaYYIpTRNp/s/P5bMCIVt07yosePg
-+m9VWy03+hQJmD4/THeJsjuczPSBtsoJiKoTJ5TndmpFaG6J6lBVvpXJhoiW/QIgX
-+u2QIb8Z6bRK/eQ8UVYm0/ZQLN+OOzYiQfm0AFbFpYhl46o6QNZ03P6GRLshv+N3E
-+CX66ucPLd4QJitUy39LZjMlC0YxTZUry
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/alt-9-cert.pem b/test/fixtures/x509-escaping/alt-9-cert.pem
-new file mode 100644
-index 0000000000..660e65b8ed
---- /dev/null
-+++ b/test/fixtures/x509-escaping/alt-9-cert.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN CERTIFICATE-----
-+MIIExDCCAqygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+EzARMA8GA1UdEQQIMAaHBAgIBAQwDQYJKoZIhvcNAQELBQADggIBAIefUJjnOtt8
-+viFkr3lupabUMwSgtBXVCp+M9xhKqcSnYReSgg/LcqVDaXmU4s23n0Bc0M51HQMG
-+puTpfr34ZUSQiLup9huELm5L+lcpYANJsKrBo+vz1w+fkPlcxXvXHpLzgb393XSJ
-+/Prn7lNBrrh9b74azUEhz1KPmFbbMs7IwlhE1+stQ107VeSGvKlAOmaYdnVG1PXl
-+AG7KJynpE5Ex8XF1ONQLneTdvo8gXZueb07SY+my5wrCQhSlh4/6Y2MnE9h+9ugx
-+BfdU72okDaYRH1MAfFeAsUE7Y52cQqm26b7nBz0+IeP+uk7oqDLF+PGHfjeUGXGW
-+aGFfaLk8Dl2gMg1DsRE8zcT215Dl4rqOtwbhW8kX7XzYE0sA7cnyZ0daLrrtxwe6
-+MhrAOjYklRZpwUvy6E2IyipKwWSuKHLUk3mVxPrxVqvye2enZWW1PJeHNdL//Ogx
-+5Mm++BOTNR+61pg/UrATlO3GMK6ggAfkP8H1r3jp24hc/TkXRkoUuWZqtjC5+qwB
-+KVIPlr+/0zIhzDjNbN0TMgqv/Yz4/wCUjsmCPJu21C3+BP2O5ZD2e4hYe/X9kuhC
-+YGWTf8dpq0LgYgVHqwXo0gCU/Ich9KtaJmCgZRUrzMl1aIYhqpuR2EW8H1bs3a0P
-+/7wXhGudHCwm6j2H5/tbsREeYInl3mv4
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/create-certs.js b/test/fixtures/x509-escaping/create-certs.js
-new file mode 100644
-index 0000000000..b84547e1d0
---- /dev/null
-+++ b/test/fixtures/x509-escaping/create-certs.js
-@@ -0,0 +1,502 @@
-+'use strict';
-+
-+const asn1 = require('asn1.js');
-+const crypto = require('crypto');
-+const { writeFileSync } = require('fs');
-+const rfc5280 = require('asn1.js-rfc5280');
-+const BN = asn1.bignum;
-+
-+const oid = {
-+ commonName: [2, 5, 4, 3],
-+ countryName: [2, 5, 4, 6],
-+ localityName: [2, 5, 4, 7],
-+ rsaEncryption: [1, 2, 840, 113549, 1, 1, 1],
-+ sha256WithRSAEncryption: [1, 2, 840, 113549, 1, 1, 11],
-+ xmppAddr: [1, 3, 6, 1, 5, 5, 7, 8, 5],
-+ srvName: [1, 3, 6, 1, 5, 5, 7, 8, 7],
-+ ocsp: [1, 3, 6, 1, 5, 5, 7, 48, 1],
-+ caIssuers: [1, 3, 6, 1, 5, 5, 7, 48, 2],
-+ privateUnrecognized: [1, 3, 9999, 12, 34]
-+};
-+
-+const digest = 'SHA256';
-+
-+const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
-+ modulusLength: 4096,
-+ publicKeyEncoding: {
-+ type: 'pkcs1',
-+ format: 'der'
-+ }
-+});
-+
-+writeFileSync('server-key.pem', privateKey.export({
-+ type: 'pkcs8',
-+ format: 'pem'
-+}));
-+
-+const now = Date.now();
-+const days = 3650;
-+
-+function utilType(name, fn) {
-+ return asn1.define(name, function() {
-+ this[fn]();
-+ });
-+}
-+
-+const Null_ = utilType('Null_', 'null_');
-+const null_ = Null_.encode('der');
-+
-+const IA5String = utilType('IA5String', 'ia5str');
-+const PrintableString = utilType('PrintableString', 'printstr');
-+const UTF8String = utilType('UTF8String', 'utf8str');
-+
-+const subjectCommonName = PrintableString.encode('evil.example.com', 'der');
-+
-+const sans = [
-+ { type: 'dNSName', value: 'good.example.com, DNS:evil.example.com' },
-+ { type: 'uniformResourceIdentifier', value: 'http://example.com/' },
-+ { type: 'uniformResourceIdentifier', value: 'http://example.com/?a=b&c=d' },
-+ { type: 'uniformResourceIdentifier', value: 'http://example.com/a,b' },
-+ { type: 'uniformResourceIdentifier', value: 'http://example.com/a%2Cb' },
-+ {
-+ type: 'uniformResourceIdentifier',
-+ value: 'http://example.com/a, DNS:good.example.com'
-+ },
-+ { type: 'dNSName', value: Buffer.from('exämple.com', 'latin1') },
-+ { type: 'dNSName', value: '"evil.example.com"' },
-+ { type: 'iPAddress', value: Buffer.from('08080808', 'hex') },
-+ { type: 'iPAddress', value: Buffer.from('08080404', 'hex') },
-+ { type: 'iPAddress', value: Buffer.from('0008080404', 'hex') },
-+ { type: 'iPAddress', value: Buffer.from('000102030405', 'hex') },
-+ {
-+ type: 'iPAddress',
-+ value: Buffer.from('0a0b0c0d0e0f0000000000007a7b7c7d', 'hex')
-+ },
-+ { type: 'rfc822Name', value: 'foo@...' },
-+ { type: 'rfc822Name', value: 'foo@..., DNS:good.example.com' },
-+ {
-+ type: 'directoryName',
-+ value: {
-+ type: 'rdnSequence',
-+ value: [
-+ [
-+ {
-+ type: oid.countryName,
-+ value: PrintableString.encode('DE', 'der')
-+ }
-+ ],
-+ [
-+ {
-+ type: oid.localityName,
-+ value: UTF8String.encode('Hannover', 'der')
-+ }
-+ ]
-+ ]
-+ }
-+ },
-+ {
-+ type: 'directoryName',
-+ value: {
-+ type: 'rdnSequence',
-+ value: [
-+ [
-+ {
-+ type: oid.countryName,
-+ value: PrintableString.encode('DE', 'der')
-+ }
-+ ],
-+ [
-+ {
-+ type: oid.localityName,
-+ value: UTF8String.encode('München', 'der')
-+ }
-+ ]
-+ ]
-+ }
-+ },
-+ {
-+ type: 'directoryName',
-+ value: {
-+ type: 'rdnSequence',
-+ value: [
-+ [
-+ {
-+ type: oid.countryName,
-+ value: PrintableString.encode('DE', 'der')
-+ }
-+ ],
-+ [
-+ {
-+ type: oid.localityName,
-+ value: UTF8String.encode('Berlin, DNS:good.example.com', 'der')
-+ }
-+ ]
-+ ]
-+ }
-+ },
-+ {
-+ type: 'directoryName',
-+ value: {
-+ type: 'rdnSequence',
-+ value: [
-+ [
-+ {
-+ type: oid.countryName,
-+ value: PrintableString.encode('DE', 'der')
-+ }
-+ ],
-+ [
-+ {
-+ type: oid.localityName,
-+ value: UTF8String.encode('Berlin, DNS:good.example.com\0evil.example.com', 'der')
-+ }
-+ ]
-+ ]
-+ }
-+ },
-+ {
-+ type: 'directoryName',
-+ value: {
-+ type: 'rdnSequence',
-+ value: [
-+ [
-+ {
-+ type: oid.countryName,
-+ value: PrintableString.encode('DE', 'der')
-+ }
-+ ],
-+ [
-+ {
-+ type: oid.localityName,
-+ value: UTF8String.encode(
-+ 'Berlin, DNS:good.example.com\\\0evil.example.com', 'der')
-+ }
-+ ]
-+ ]
-+ }
-+ },
-+ {
-+ type: 'directoryName',
-+ value: {
-+ type: 'rdnSequence',
-+ value: [
-+ [
-+ {
-+ type: oid.countryName,
-+ value: PrintableString.encode('DE', 'der')
-+ }
-+ ],
-+ [
-+ {
-+ type: oid.localityName,
-+ value: UTF8String.encode('Berlin\r\n', 'der')
-+ }
-+ ]
-+ ]
-+ }
-+ },
-+ {
-+ type: 'directoryName',
-+ value: {
-+ type: 'rdnSequence',
-+ value: [
-+ [
-+ {
-+ type: oid.countryName,
-+ value: PrintableString.encode('DE', 'der')
-+ }
-+ ],
-+ [
-+ {
-+ type: oid.localityName,
-+ value: UTF8String.encode('Berlin/CN=good.example.com', 'der')
-+ }
-+ ]
-+ ]
-+ }
-+ },
-+ {
-+ type: 'registeredID',
-+ value: oid.sha256WithRSAEncryption
-+ },
-+ {
-+ type: 'registeredID',
-+ value: oid.privateUnrecognized
-+ },
-+ {
-+ type: 'otherName',
-+ value: {
-+ 'type-id': oid.xmppAddr,
-+ value: UTF8String.encode('abc123', 'der')
-+ }
-+ },
-+ {
-+ type: 'otherName',
-+ value: {
-+ 'type-id': oid.xmppAddr,
-+ value: UTF8String.encode('abc123, DNS:good.example.com', 'der')
-+ }
-+ },
-+ {
-+ type: 'otherName',
-+ value: {
-+ 'type-id': oid.xmppAddr,
-+ value: UTF8String.encode('good.example.com\0abc123', 'der')
-+ }
-+ },
-+ {
-+ type: 'otherName',
-+ value: {
-+ 'type-id': oid.privateUnrecognized,
-+ value: UTF8String.encode('abc123', 'der')
-+ }
-+ },
-+ {
-+ type: 'otherName',
-+ value: {
-+ 'type-id': oid.srvName,
-+ value: IA5String.encode('abc123', 'der')
-+ }
-+ },
-+ {
-+ type: 'otherName',
-+ value: {
-+ 'type-id': oid.srvName,
-+ value: UTF8String.encode('abc123', 'der')
-+ }
-+ },
-+ {
-+ type: 'otherName',
-+ value: {
-+ 'type-id': oid.srvName,
-+ value: IA5String.encode('abc\0def', 'der')
-+ }
-+ }
-+];
-+
-+for (let i = 0; i < sans.length; i++) {
-+ const san = sans[i];
-+
-+ const tbs = {
-+ version: 'v3',
-+ serialNumber: new BN('01', 16),
-+ signature: {
-+ algorithm: oid.sha256WithRSAEncryption,
-+ parameters: null_
-+ },
-+ issuer: {
-+ type: 'rdnSequence',
-+ value: [
-+ [
-+ { type: oid.commonName, value: subjectCommonName }
-+ ]
-+ ]
-+ },
-+ validity: {
-+ notBefore: { type: 'utcTime', value: now },
-+ notAfter: { type: 'utcTime', value: now + days * 86400000 }
-+ },
-+ subject: {
-+ type: 'rdnSequence',
-+ value: [
-+ [
-+ { type: oid.commonName, value: subjectCommonName }
-+ ]
-+ ]
-+ },
-+ subjectPublicKeyInfo: {
-+ algorithm: {
-+ algorithm: oid.rsaEncryption,
-+ parameters: null_
-+ },
-+ subjectPublicKey: {
-+ unused: 0,
-+ data: publicKey
-+ }
-+ },
-+ extensions: [
-+ {
-+ extnID: 'subjectAlternativeName',
-+ critical: false,
-+ extnValue: [san]
-+ }
-+ ]
-+ };
-+
-+ // Self-sign the certificate.
-+ const tbsDer = rfc5280.TBSCertificate.encode(tbs, 'der');
-+ const signature = crypto.createSign(digest).update(tbsDer).sign(privateKey);
-+
-+ // Construct the signed certificate.
-+ const cert = {
-+ tbsCertificate: tbs,
-+ signatureAlgorithm: {
-+ algorithm: oid.sha256WithRSAEncryption,
-+ parameters: null_
-+ },
-+ signature: {
-+ unused: 0,
-+ data: signature
-+ }
-+ };
-+
-+ // Store the signed certificate.
-+ const pem = rfc5280.Certificate.encode(cert, 'pem', {
-+ label: 'CERTIFICATE'
-+ });
-+ writeFileSync(`./alt-${i}-cert.pem`, `${pem}\n`);
-+}
-+
-+const infoAccessExtensions = [
-+ [
-+ {
-+ accessMethod: oid.ocsp,
-+ accessLocation: {
-+ type: 'uniformResourceIdentifier',
-+ value: 'http://good.example.com/\nOCSP - URI:http://evil.example.com/',
-+ },
-+ },
-+ ],
-+ [
-+ {
-+ accessMethod: oid.caIssuers,
-+ accessLocation: {
-+ type: 'uniformResourceIdentifier',
-+ value: 'http://ca.example.com/\nOCSP - URI:http://evil.example.com',
-+ },
-+ },
-+ {
-+ accessMethod: oid.ocsp,
-+ accessLocation: {
-+ type: 'dNSName',
-+ value: 'good.example.com\nOCSP - URI:http://ca.nodejs.org/ca.cert',
-+ },
-+ },
-+ ],
-+ [
-+ {
-+ accessMethod: oid.privateUnrecognized,
-+ accessLocation: {
-+ type: 'uniformResourceIdentifier',
-+ value: 'http://ca.example.com/',
-+ },
-+ },
-+ ],
-+ [
-+ {
-+ accessMethod: oid.ocsp,
-+ accessLocation: {
-+ type: 'otherName',
-+ value: {
-+ 'type-id': oid.xmppAddr,
-+ value: UTF8String.encode('good.example.com', 'der'),
-+ },
-+ },
-+ },
-+ {
-+ accessMethod: oid.ocsp,
-+ accessLocation: {
-+ type: 'otherName',
-+ value: {
-+ 'type-id': oid.privateUnrecognized,
-+ value: UTF8String.encode('abc123', 'der')
-+ },
-+ },
-+ },
-+ {
-+ accessMethod: oid.ocsp,
-+ accessLocation: {
-+ type: 'otherName',
-+ value: {
-+ 'type-id': oid.srvName,
-+ value: IA5String.encode('abc123', 'der')
-+ }
-+ }
-+ },
-+ ],
-+ [
-+ {
-+ accessMethod: oid.ocsp,
-+ accessLocation: {
-+ type: 'otherName',
-+ value: {
-+ 'type-id': oid.xmppAddr,
-+ value: UTF8String.encode('good.example.com\0abc123', 'der'),
-+ },
-+ },
-+ },
-+ ],
-+];
-+
-+for (let i = 0; i < infoAccessExtensions.length; i++) {
-+ const infoAccess = infoAccessExtensions[i];
-+
-+ const tbs = {
-+ version: 'v3',
-+ serialNumber: new BN('01', 16),
-+ signature: {
-+ algorithm: oid.sha256WithRSAEncryption,
-+ parameters: null_
-+ },
-+ issuer: {
-+ type: 'rdnSequence',
-+ value: [
-+ [
-+ { type: oid.commonName, value: subjectCommonName }
-+ ]
-+ ]
-+ },
-+ validity: {
-+ notBefore: { type: 'utcTime', value: now },
-+ notAfter: { type: 'utcTime', value: now + days * 86400000 }
-+ },
-+ subject: {
-+ type: 'rdnSequence',
-+ value: [
-+ [
-+ { type: oid.commonName, value: subjectCommonName }
-+ ]
-+ ]
-+ },
-+ subjectPublicKeyInfo: {
-+ algorithm: {
-+ algorithm: oid.rsaEncryption,
-+ parameters: null_
-+ },
-+ subjectPublicKey: {
-+ unused: 0,
-+ data: publicKey
-+ }
-+ },
-+ extensions: [
-+ {
-+ extnID: 'authorityInformationAccess',
-+ critical: false,
-+ extnValue: infoAccess
-+ }
-+ ]
-+ };
-+
-+ // Self-sign the certificate.
-+ const tbsDer = rfc5280.TBSCertificate.encode(tbs, 'der');
-+ const signature = crypto.createSign(digest).update(tbsDer).sign(privateKey);
-+
-+ // Construct the signed certificate.
-+ const cert = {
-+ tbsCertificate: tbs,
-+ signatureAlgorithm: {
-+ algorithm: oid.sha256WithRSAEncryption,
-+ parameters: null_
-+ },
-+ signature: {
-+ unused: 0,
-+ data: signature
-+ }
-+ };
-+
-+ // Store the signed certificate.
-+ const pem = rfc5280.Certificate.encode(cert, 'pem', {
-+ label: 'CERTIFICATE'
-+ });
-+ writeFileSync(`./info-${i}-cert.pem`, `${pem}\n`);
-+}
-diff --git a/test/fixtures/x509-escaping/google/intermediate.pem b/test/fixtures/x509-escaping/google/intermediate.pem
-new file mode 100644
-index 0000000000..9d2aeb32c4
---- /dev/null
-+++ b/test/fixtures/x509-escaping/google/intermediate.pem
-@@ -0,0 +1,11 @@
-+-----BEGIN CERTIFICATE-----
-+MIIBjjCCATSgAwIBAgIBAjAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRSb290MCAX
-+DTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAXMRUwEwYDVQQDEwxJbnRl
-+cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjM
-+qxJVf/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkY
-+tM/Bo3cwdTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQlGcYbYohaK3S+XGeq
-+CTi4LLHeLTAfBgNVHSMEGDAWgBQlGcYbYohaK3S+XGeqCTi4LLHeLTAiBgNVHR4B
-+Af8EGDAWoBQwEoIQYXR0YWNrZXIuZXhhbXBsZTAKBggqhkjOPQQDAgNIADBFAiEA
-+uZhmF3buUdhzHjXLZQSOyT41DqUUX/VKBEraDu+gj+wCIG/R1arbHFRFnEuoVgZI
-+bihwUpUZjIZ5YwJcBu6yuXlZ
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/google/key.pem b/test/fixtures/x509-escaping/google/key.pem
-new file mode 100644
-index 0000000000..102a9d8816
---- /dev/null
-+++ b/test/fixtures/x509-escaping/google/key.pem
-@@ -0,0 +1,5 @@
-+-----BEGIN PRIVATE KEY-----
-+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgaNbpDxJET5xVHxd/
-+ig5x2u2KUIe0jaCVWqarpIN/582hRANCAAR7DaOQvpvA47q2XxjMqxJVf/FvZm2f
-+tiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkYtM/B
-+-----END PRIVATE KEY-----
-diff --git a/test/fixtures/x509-escaping/google/leaf0.pem b/test/fixtures/x509-escaping/google/leaf0.pem
-new file mode 100644
-index 0000000000..ce19dc9699
---- /dev/null
-+++ b/test/fixtures/x509-escaping/google/leaf0.pem
-@@ -0,0 +1,10 @@
-+-----BEGIN CERTIFICATE-----
-+MIIBajCCARCgAwIBAgIBAzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxJbnRlcm1l
-+ZGlhdGUwIBcNMDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMA8xDTALBgNV
-+BAMTBExlYWYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjM
-+qxJVf/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkY
-+tM/Bo1MwUTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCUZxhtiiFordL5cZ6oJ
-+OLgssd4tMCAGA1UdEQQZMBeCFWJsYWguYXR0YWNrZXIuZXhhbXBsZTAKBggqhkjO
-+PQQDAgNIADBFAiEA4NgHDxVrBjNW+So4MrRZMwDknvjRaBsB4j2IwVRKl4sCIDpg
-+Bhm4ZdHwlUYrALkXa3dFBy8kXBkVumY7UJpbB2mO
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/google/leaf1.pem b/test/fixtures/x509-escaping/google/leaf1.pem
-new file mode 100644
-index 0000000000..0b45056656
---- /dev/null
-+++ b/test/fixtures/x509-escaping/google/leaf1.pem
-@@ -0,0 +1,10 @@
-+-----BEGIN CERTIFICATE-----
-+MIIBdTCCARygAwIBAgIBBDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxJbnRlcm1l
-+ZGlhdGUwIBcNMDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMA8xDTALBgNV
-+BAMTBExlYWYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjM
-+qxJVf/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkY
-+tM/Bo18wXTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCUZxhtiiFordL5cZ6oJ
-+OLgssd4tMCwGA1UdEQQlMCOCCm5vZGVqcy5vcmeCFWJsYWguYXR0YWNrZXIuZXhh
-+bXBsZTAKBggqhkjOPQQDAgNHADBEAiAOFFOCfA6c/iZWxbDn5QMjNdtZbtJPBcRv
-+uEgSqWrGTAIgK5RK0xGK8UZb2aM2VjGNTYozlcwKaLgQukA+UnKrrJg=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/google/leaf2.pem b/test/fixtures/x509-escaping/google/leaf2.pem
-new file mode 100644
-index 0000000000..9cf03fae7d
---- /dev/null
-+++ b/test/fixtures/x509-escaping/google/leaf2.pem
-@@ -0,0 +1,10 @@
-+-----BEGIN CERTIFICATE-----
-+MIIBejCCASCgAwIBAgIBBTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxJbnRlcm1l
-+ZGlhdGUwIBcNMDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMA8xDTALBgNV
-+BAMTBExlYWYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjM
-+qxJVf/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkY
-+tM/Bo2MwYTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCUZxhtiiFordL5cZ6oJ
-+OLgssd4tMDAGA1UdEQQpMCeCJW5vZGVqcy5vcmcsIEROUzpibGFoLmF0dGFja2Vy
-+LmV4YW1wbGUwCgYIKoZIzj0EAwIDSAAwRQIgWfT1VXQA79PxgM0DsfeoiwZCc2Be
-+v3/RCRYoRky9DgICIQDUTjndnBQ0KeIWhuMjtSz1C5uPUYofKe7pV2qb/57kvA==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/google/leaf3.pem b/test/fixtures/x509-escaping/google/leaf3.pem
-new file mode 100644
-index 0000000000..55a64fdc89
---- /dev/null
-+++ b/test/fixtures/x509-escaping/google/leaf3.pem
-@@ -0,0 +1,10 @@
-+-----BEGIN CERTIFICATE-----
-+MIIBZzCCAQ2gAwIBAgIBBjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxJbnRlcm1l
-+ZGlhdGUwIBcNMDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMA8xDTALBgNV
-+BAMTBExlYWYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjM
-+qxJVf/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkY
-+tM/Bo1AwTjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCUZxhtiiFordL5cZ6oJ
-+OLgssd4tMB0GA1UdEQQWMBSGEmh0dHBzOi8vbm9kZWpzLm9yZzAKBggqhkjOPQQD
-+AgNIADBFAiEArZgaxFBuPYFWCXeFTkXhV57MKxG/tIJ2Z3Wzts2Im7QCICoukuRf
-+EsQN7g6h30fRuLOIdbfCCduc7YVpkkSlwe99
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/google/leaf4.pem b/test/fixtures/x509-escaping/google/leaf4.pem
-new file mode 100644
-index 0000000000..668a659f45
---- /dev/null
-+++ b/test/fixtures/x509-escaping/google/leaf4.pem
-@@ -0,0 +1,10 @@
-+-----BEGIN CERTIFICATE-----
-+MIIBdTCCARugAwIBAgIBBzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxJbnRlcm1l
-+ZGlhdGUwIBcNMDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMDwxHzAdBgNV
-+BAsMFm9yZyB1bml0CkNOPW5vZGVqcy5vcmcxGTAXBgNVBAMTEGF0dGFja2VyLmV4
-+YW1wbGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjMqxJV
-+f/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkYtM/B
-+ozEwLzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCUZxhtiiFordL5cZ6oJOLgs
-+sd4tMAoGCCqGSM49BAMCA0gAMEUCIQCpchwik2NT0v8ifDT8aMqOLv5YwqB7oeOu
-+LincYQYMagIgZc2U7DBrdEAWNfuAJx4I+ZkluIcswcdnOhbriOrTSHg=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/google/root.pem b/test/fixtures/x509-escaping/google/root.pem
-new file mode 100644
-index 0000000000..68eb00ae86
---- /dev/null
-+++ b/test/fixtures/x509-escaping/google/root.pem
-@@ -0,0 +1,9 @@
-+-----BEGIN CERTIFICATE-----
-+MIIBQTCB56ADAgECAgEBMAoGCCqGSM49BAMCMA8xDTALBgNVBAMTBFJvb3QwIBcN
-+MDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFJvb3Qw
-+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjMqxJVf/FvZm2f
-+tiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkYtM/BozIwMDAP
-+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQlGcYbYohaK3S+XGeqCTi4LLHeLTAK
-+BggqhkjOPQQDAgNJADBGAiEA+Y5oEpcG6aRK5qQFLYRi2FrOSSLF1/dI4HtBh0mk
-+GFoCIQD1DpNg6m5ZaogRW1mY1wmR5HFIr3gG8PYDRimQogXUxg==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/info-0-cert.pem b/test/fixtures/x509-escaping/info-0-cert.pem
-new file mode 100644
-index 0000000000..6872b9870a
---- /dev/null
-+++ b/test/fixtures/x509-escaping/info-0-cert.pem
-@@ -0,0 +1,30 @@
-+-----BEGIN CERTIFICATE-----
-+MIIFDTCCAvWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+XDBaMFgGCCsGAQUFBwEBBEwwSjBIBggrBgEFBQcwAYY8aHR0cDovL2dvb2QuZXhh
-+bXBsZS5jb20vCk9DU1AgLSBVUkk6aHR0cDovL2V2aWwuZXhhbXBsZS5jb20vMA0G
-+CSqGSIb3DQEBCwUAA4ICAQAAd/bIBmSIOJg+Rp96/BDpsZQYgYTyBNWrnBkuHQ0M
-+bovgqEEI/5xiYGEzXhrzmWrUoG40PDeVrpCSsW5m+bsO4zDQeWW5mXejbr0Iwflf
-+TYDxwGUUakAcZ1c5yJ/ABjKy0Tocb9bSzln+tc+HNStp86bbgrhb/wjddn6ca21V
-+cuNFZbN+0SM0LxcWO8oGKXF0HFo0durGhamcH5B/D38FYkaVR5QXoOsWVqtPFjW2
-+t67rmKS6XKaz2JhZDpWDZmDofCoFu/zlkPHXkq7yyrkJ/8qpJCznkZmLn+B1WA+y
-+SrSOYMpQ6RnzMx7wK5UafX5J+lMv16+LTb/n1KAd4zElcqt5eRPLcEuknIEgC2X/
-+AY1ooyN/Xb4QnqvtTmhzIDb7lzzMowi5QrG3rRYMldxG2Rdqwjc8qa5Tgh7EsiU8
-+A/n5X/6cxA1zoyakSHFXzGtazIkPc+zFfOaV1+gpJtd2vD2T+FrmkL1fgazuHXNZ
-+hAQq0RGZWPsCdxm7dG4w5bd3YgRKfD2ck+b9Imu0ta4pqMDHZYgncaeOuuHzHgXA
-+MIvxIG5JfwYUJLUqBUz8hwDVcNMpnscyn2msdpiwXK0AahucBQjbyZ6sovoxmgk5
-+xLdnq2GTtdghwdkF9DYK0ZekDlk1XWbP0tR5Cevo6WlMx+cbEBG+OSfNd8/dFrkd
-+aw==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/info-1-cert.pem b/test/fixtures/x509-escaping/info-1-cert.pem
-new file mode 100644
-index 0000000000..05247873d8
---- /dev/null
-+++ b/test/fixtures/x509-escaping/info-1-cert.pem
-@@ -0,0 +1,31 @@
-+-----BEGIN CERTIFICATE-----
-+MIIFVTCCAz2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+gaMwgaAwgZ0GCCsGAQUFBwEBBIGQMIGNMEUGCCsGAQUFBzAChjlodHRwOi8vY2Eu
-+ZXhhbXBsZS5jb20vCk9DU1AgLSBVUkk6aHR0cDovL2V2aWwuZXhhbXBsZS5jb20w
-+RAYIKwYBBQUHMAGCOGdvb2QuZXhhbXBsZS5jb20KT0NTUCAtIFVSSTpodHRwOi8v
-+Y2Eubm9kZWpzLm9yZy9jYS5jZXJ0MA0GCSqGSIb3DQEBCwUAA4ICAQCbwqw8YKIt
-+Ht9qegR076xpnxuiH0THPGsgazvhCmEr5YHJ68sR1LexjneQDhpNXcnpYpfk6J4d
-+Tu0ApMSbVypFyHcd88g0qVYI9JF+CTNnzut/Zn6xgnUjVjrSz6SZPhkMcBX9ahtY
-+tzswzcyTzso5Do5pxvCWDI+bshgIhC3CYNyAjyOyyhnQrwcOcoatlhDmX1fCk+dC
-+fhmzurBFNIz2gwDC7aRjcaUdTIlYnd6qHk5xLs3neBm44gNk17GazPIPo04LTKXs
-+ZYzvDEUAdJ2FJMiYqSvvEv4k9ozx5HtwtncZpu46El2PQRANgj1UhemYVmHfbdU+
-+7Q+rCv+Loq2v76fddhc1cM3gCQ+6SW2QmRo2rShRGxpuSuZiTngwgdQEGrkQq7Sv
-+r695V7NlHWJgvv1r49wGmqWkviH5l6A0QdzL6TNYhwqCRsjxgsvCZUpOlZPASiME
-+jhwBIOMy1YUSdEMnBrbuemawvbfocSuUlHaodwLZvwMgqHvNz/8ebMyRyyZrnmCx
-+TYh8d0JIcA57VvfaZvvsPPV7TO7WLoJgbmuqM02JzzkJMh0fbt2oi1cqJL65V5Sn
-+z0sXh/A/BzB4QawI93f9m0hX7RtuT1SolTNVyhg7dm1MwfO8khpfz5LLgflVwgN8
-+6egKc6L755SlqZRMT03txH2UCBizLz1gjA==
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/info-2-cert.pem b/test/fixtures/x509-escaping/info-2-cert.pem
-new file mode 100644
-index 0000000000..06212d4e12
---- /dev/null
-+++ b/test/fixtures/x509-escaping/info-2-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE5DCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+MzAxMC8GCCsGAQUFBwEBBCMwITAfBgUrzg8MIoYWaHR0cDovL2NhLmV4YW1wbGUu
-+Y29tLzANBgkqhkiG9w0BAQsFAAOCAgEABR5VyTZEQ0AQvdqlk+IDQT85qyf891eN
-+BREiSg5KCei9Kmubv3ZJGoNVwZgybr5sCi5GqWOtG7S0GXvzS6c2Qy+cW0R4DDYs
-+s6IIUn+ex1XygGrRHTDHu6tEUwSJMmOMKBh+iLjhtamD+YHjgOLG3MfadO5/9mvp
-+r412MPhU1VvQ3FC3dZmBUW2gIKNEU4mzwISgPkLJXmBsnxu8F9YqHPgppqsfJ9AF
-+KIc2nX7N3s8w9fCc03FrihdkE2C802jy71px5aPqa1xrIT/YBq/1fKTcYRAWF/pd
-+iy2G1v0pz0kYu2/yPIC/xlFcUgeFqR/biwxAD9T9rp7rq+dpIJA5BUCpXVULqhY1
-+SVZ22WKS0NR5rbu4BPDMShTOiwaDSwFQtI0OxM0g5zVFVjFOc6YbFu7ZyfLQ582S
-+vgVU5/vaHANnEsCSUegXyLofqxTMPbM1rqibFmv2A4pm1Mp18ZFmqwh8cm6C0f7F
-+qjdzBuSkcktTCq/dLX5yTm9aocyzye9cfNBjiGUregJEF7sD3nzsokEGj+S320w2
-+5yUl95xgrHr+5bdDUEox+trTeBnddC4VxrieeH+Wv45try0Go48yK7b1Aqfu9G4B
-+B/as+upQ+YjMG8mAe6JJ9JibpTvTmatYAsssEKT1vDZ5trqo4C5/utfbuyaf7qtx
-+O+jFfYToPtE=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/info-3-cert.pem b/test/fixtures/x509-escaping/info-3-cert.pem
-new file mode 100644
-index 0000000000..1825949bd3
---- /dev/null
-+++ b/test/fixtures/x509-escaping/info-3-cert.pem
-@@ -0,0 +1,30 @@
-+-----BEGIN CERTIFICATE-----
-+MIIFMDCCAxigAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+fzB9MHsGCCsGAQUFBwEBBG8wbTAqBggrBgEFBQcwAaAeBggrBgEFBQcIBaASDBBn
-+b29kLmV4YW1wbGUuY29tMB0GCCsGAQUFBzABoBEGBSvODwwioAgMBmFiYzEyMzAg
-+BggrBgEFBQcwAaAUBggrBgEFBQcIB6AIFgZhYmMxMjMwDQYJKoZIhvcNAQELBQAD
-+ggIBACR9nH4pRlcSIIF9DEExlJvLtkeFWHGIAYLBuauHmdzPdbq9Py9M5DOcc7yd
-+OQYVYwW26hASb+3CYzhRQaWKOR+T/OwP+QMUl5Y6nc3HzLdYTSen2LLAYHySXK3G
-+gTdOhmVQwdh+IzhpjLXC67/9gn/F1p73Ixv/0PBZzmC64DOp1ogso9RICu0xTAbo
-+h8mdN4/Tbh9Ikd89lb91x1Xf86NyC7ZvSA9dUO07/3B6B0kkqCdP9Ytlsrt2wbt3
-+2TVPp+ghjbPjdLrJUi3fbdC2CgjV2oLiYr1h7qn7SmYPNgOpDPKBI4Cei7UO+Wow
-+yLCxBO0HgLZKcZorJFofekPjqtQYYj1sw3OEIcifMAmoHT7H57onfoQbRDpt57k2
-+rHJKgzrRuT8Qbl3OHSkiWRE3u0S9kAg7QEq27e2fuvh23p+YHEiYIjAR9XLVh7/Q
-+EG5QDfDq3MvtgD/khAd36il61T5h8F4u3MhONFMuwJ/TYtGR6QINrv4DqLBM1pRr
-+LMApQYi0w/MCRj2wLeAro9NflE+PFDk+l44ojvnEUYAGUyIzWp80bjQrV7Up6sgQ
-+HehcmxxTrOmiqrfw08c1aHhmGeplmPpQEET1wIjnyj49sfdSPYxg5Lh+f/l79fLb
-+jFemE8otKfog84vNGbPFl/AHwxjKCeCA/MaNJz3y3RYVsZn6
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/info-4-cert.pem b/test/fixtures/x509-escaping/info-4-cert.pem
-new file mode 100644
-index 0000000000..8f1e69afec
---- /dev/null
-+++ b/test/fixtures/x509-escaping/info-4-cert.pem
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIE9jCCAt6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls
-+LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ
-+MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-+ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv
-+WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt
-+qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1
-+aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN
-+DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY
-+BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3
-+icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z
-+UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc
-+nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M
-+iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm
-+R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj
-+RTBDMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAaAlBggrBgEFBQcIBaAZDBdn
-+b29kLmV4YW1wbGUuY29tAGFiYzEyMzANBgkqhkiG9w0BAQsFAAOCAgEAQERLvjQB
-+E2fmTVgHbr4MVXPfse9Xxk9TK8/IhxDNnql4bor3xat5oP+tDHVRi2StajfIcJlX
-+C9blYOWg4w6QH3pmD6M7eQGOw7ntOUid4R2vhX3XiK3QB1h8lWSPFmSwBHA47mMJ
-+IkrKNIo9+M9b7M05YwbAENi3TPgT8h2Ej9V4DUjLIEhDcu8fSh3FkNpZ2HohZ2I3
-+QPe23FB052jX7uPfeZ9gcjL/iGxuTuPbKWxzZ/Gy2RmS8xfLkJESvvQ8a0H4f7Ij
-+yjn7qYUkY6FoHxyg5BU34YNaJCmfgzRIE53Kv2FMPwj2JaXmIguR+mSDAbc0xjw3
-+G3dRoCqhZugn8C6I5FhuXHdu6zSuuHtwOGEf07y5Im2sBsPVoq+Txh/mv3Zy9Ydy
-+0yCDuq87jKSZd7FKorHOEoQY94UMs33PYjS4h/hYWiysYUeR0mlbjr4gyv1KH6K8
-+JERGpI/OE+vzfOtgj/Z46/+wn7jF0LBCin7Jn5Zw1a1TNsiHKAjqW/P4vJxxUW++
-+FtYwJhI7XJehwNNFra9rSC5M4TkpaqAZnbPvWZWxWVJIEYFgNjnt+b/VOpRpv5bJ
-+7BOlVvP+56KF+vlmCnzVBmlHcr45sZUZ3mw3Sb6dcF0V0VaNQKw/F5EteQyafIIl
-+dvCwwV4OwLwPliPAvwYfVEI41Dv3mF4fN7k=
-+-----END CERTIFICATE-----
-diff --git a/test/fixtures/x509-escaping/package.json b/test/fixtures/x509-escaping/package.json
-new file mode 100644
-index 0000000000..37d9f2a938
---- /dev/null
-+++ b/test/fixtures/x509-escaping/package.json
-@@ -0,0 +1,12 @@
-+{
-+ "name": "x509-escaping",
-+ "version": "1.0.0",
-+ "description": "create certificates for x509-escaping test",
-+ "main": "createCert.js",
-+ "license": "SEE LICENSE IN ../../../LICENSE",
-+ "private": true,
-+ "dependencies": {
-+ "asn1.js": "^5.4.1",
-+ "asn1.js-rfc5280": "^3.0.0"
-+ }
-+}
-diff --git a/test/fixtures/x509-escaping/server-key.pem b/test/fixtures/x509-escaping/server-key.pem
-new file mode 100644
-index 0000000000..db1d2652d0
---- /dev/null
-+++ b/test/fixtures/x509-escaping/server-key.pem
-@@ -0,0 +1,52 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCxEWd00u9E9T/k
-+o6WcCKjhZ7tjnfVylnA7M0EHOwvdivgD46eAb1omsonLagiVrZrG7EpYuMhtz+g3
-+Yv1d0nvFvv8ge9UIdnN8EDTDzLpJ3KbNqHURraiXuBDqa3rdY4JBakCcuYHl1bj1
-+OTew7xl1FWc1je04rBTQGTFIRdmJZYyc9bIw9WkY6msod0w1PDcLhZS3emh/eYaL
-+4zAQWrVhQfWzf4rZzFaI/a5n0o75aUkTuvxDDQ51V2d6WkSU3KbOnf2JW+QJXfzs
-+NOeiYA9AnfY59evr4GEeG8VZdGuUG39uDCIWmAUT8elhXXqVq+NdBqc6VUNLDJbq
-+CmMx/Ecp48EHO6X5uXm0xViZIVPNIzqiiRhVt4nFfwPQZrTgaq2+tD7/zD1yED4O
-+1FhlDl5twH2N7+oG06HsEluQdLPrj7IedpneGVKMs078Ddov7j6icYv/RZHVetDl
-+rzDDHjLJWwxyAWzdGdkhtMGPd6B9i4TtF/PU3J3nbpLn5XfEBFu4jJ+w+5Wvk5a6
-+0gF1ERy/OLBM/e8sro2sEBIpp1tN1wJVBZOtTIi4VVDhwDRQUiwb2d1Re7GQ7+mc
-+z5D/01qxW6S+w0IKrpwJUjR3mpa0OU98KfKVJkeyeEBLkEhDdnGTDqZ9E/ickGos
-+rW2gAAYKgzXk725dpxTdpLEosfDbpwIDAQABAoICAAwUElkTPHQZQKsBiL38jzyU
-+/WDduQ0AexZmuCRcoEIUBTgKsvXdYqpqGmEwUfaX2YuBOc8Uh8OJ357Ll1nrjjre
-+fPvDxrPllJodZuQGVpzMOuqjd5zlmi8DRNAg1cg9TfjVXSPzuYsqiYvcw9JDdRqa
-+A6jRDiIEBwVs+oIiFaU8MpvQXL/fNbSX5QhlHuMwwNZ93beoV3F+ojFvpWswLNg+
-+DhsY86lIuYxttZRqdgtIZc49PpD6VoalmC7t8mivJofImi9g/8ytxx97umNGpzOy
-+ssWgY1/7NdS+czdXbDE1sPsaQ8cDxrDmGxPjswV7rK4/Um/1ufnoGXFMlRinS1lQ
-+nns4VAFefVUCk81LRyFb+X97NXPGC1p4zNlC1ZoihMgWKJBzH0uk5K/hURS/wDNZ
-+epm9ssnEQrFGJhEI+635srfn9SVRZ8xNh+oCguo5NaZm/BezC6iBQeoaBmVL2lY8
-+KLztN/JQd6MMZi3CWhTn0ZAtVNMxGjU9/yrdWIkX9EV8Sw68fqLGoKQXI67AOynQ
-+5AnUyEjhVu7M39gYL71l7BVpuG7qaX8l4brzBcgzFldvuhuNCx0SW4gU2/Nx4OwY
-+BLOX1LOrpD+5M9YwcbtSxcxz97nP8efb3hUK3QD2iuZ9Fa6zKWsoreMb7Jku38i7
-+e41lupAIkxxuxGBe1YrZAoIBAQDVF7Kru6tsaWtvJw5cbZpKxcuUHHQ0X3XRgA+H
-+uWfT8EbxmDpgcG8polqiYuXPFWcrElmtWeBCYXazGZocHRV8y+ri/9c2rMTH6Bni
-+TcYfsc4E8WY6adxfUqajgQ2zShdZbxZtBvSP50HheZ0a+L2qn2MWDUN/mbwYEmom
-+SonVx3MSJWm/Vrh5i4b/L/+9u7uumIjWYFK6pKdLerTfbXO7ZsNR9KDIOBLDnUcf
-++6K2vcclZN7aga1S7wTsrX+k9C/OQuj8ONMWQHCxryp5RAmgtArTBrJZq8el1lcG
-+518Vo4QuOqsqTdAhqiImoPKe4NNCs1iTS9BdCqNYiF8sbmeJAoIBAQDUuL5ebQ68
-+6vqTKYD47ZtCzeqziN3Y/0a1BsyZh0/snNmK5WIr4T0vX0Y/XG0EpkZdpW3odMBv
-+CemKs6Zm+pfOUGu20PTJcdSOXRbFiVYSeQnfa0l3iXZvY9Ottz/IU/mWPuU3hc18
-+hOZD9tKiwYDzZREg6L4XRizfT70UkD2eTz4lGBjR092TTj8WqSaI9GF6d9B6Aw9Y
-+OCZdTqV7hPe0Rnvd1XiGsk68HN2Np47HHwwPsKMCYj8YNKmsUF8QSXmCkijlDeJW
-+bC6TjAHlvnN6n1LjaLwULUs9Rb2fkNUOqsgR+T8YlqbclJbzC7gW53M/68c9eOQ1
-+Y01JnzsB3S2vAoIBAQDT8DP2djtzIg6GiNPRvfj9cWifMQWqqV8nNTU9Cnxn4MzO
-+sVcuX+VQBXgblj13D5SC1Ed5ELDplMJYM5iBabPbYX2GtGq6qG83XHOSD0SEdXWw
-+mN/SLUPPUwcGC+8yaPh8LO6jFY3cKmft9+T31Hnf35LPdfWyTZc0YexNlUkt5Kdg
-+XvGkKn5j9RAZcwXrEXMDnhZLEZZ2qBj0C2El71hyBS0ysBnRyWNwR1dcSgx1sJ8H
-+ZCH6NYvLtoqxU4Zm6684eHf9lA7uTL1JHC0kWzUwLqGtbTWp1h5FpL790NVTUkS/
-+Lf7bnnTpZqt8vAtTVc0IxBPOvFLKlzALd+cg69XxAoIBAQCv6Sbkh2NMrzUQRZ42
-+PKfMkuSoG2L6dABQ65J+0/swPHVZ+1830kf6yNsawqAU3DwMbSV6ujH4oUXUQcQ2
-+HL01DCRHRn1nqQ6RvEF8kZnwJNAZRmu2wqKCcxc17Ph9/ZPEv7ZmN+w6MN0LDy4Z
-+EdRFcyq7AD1SmeG5ugMu4ilSpU1K96ZuvrnZezeI0dDgKNgDotlwTN9/oM95EfSf
-+NNJy7ma4iDPnj8S0o1pELnBQEkizIOtsqTpsFgDKUpyKp3golh3jbZvixAuwUHOx
-+PdHZca/mB1KhjONPhEDPl8HZIznYQzn+Z3cNqoM58lMF/di834ogN7zguYHMhDUT
-+0YhZAoIBAHlYhuni+gyrn4tyZgep68VXW7wQxSvgSj8cpZAuT/w0UKAU53J5QTWZ
-+aGHeICXvgvpalUL+2dGwASlOvPa52ekcOPd2+qKWyss0zA4ksI7mNE2vjFUcOr+S
-+n9QSNvu3E8dYAjzSIsizcQbPTlk6A/TmytNJ4x67ZVGCmKXw1ZzzSrxSbAIdY254
-+TxSGchrfcy0ofXIL2HXq16FRmesORTJFkkyQaldzn4y7S6HJ/vGppImTfeac1MwG
-+jLYljIkIbt+nB1c8HeNvARmBa6M2pxB9f72oRMVqFdUUc5AxXuWP9v6xk227EuCq
-+TBORAafu9WxKVwUsHa1rE1uGgNEfRJ8=
-+-----END PRIVATE KEY-----
-diff --git a/test/parallel/test-tls-0-dns-altname.js b/test/parallel/test-tls-0-dns-altname.js
-index 4bc87e44cb..e5cb8e3d48 100644
---- a/test/parallel/test-tls-0-dns-altname.js
-+++ b/test/parallel/test-tls-0-dns-altname.js
-@@ -44,7 +44,7 @@ const server = tls.createServer({
- }, common.mustCall(() => {
- const cert = c.getPeerCertificate();
- assert.strictEqual(cert.subjectaltname,
-- 'DNS:good.example.org\0.evil.example.com, ' +
-+ 'DNS:"good.example.org\\u0000.evil.example.com", ' +
- 'DNS:just-another.example.com, ' +
- 'IP Address:8.8.8.8, ' +
- 'IP Address:8.8.4.4, ' +
-diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js
-new file mode 100644
-index 0000000000..4e0f82767d
---- /dev/null
-+++ b/test/parallel/test-x509-escaping.js
-@@ -0,0 +1,349 @@
-+'use strict';
-+
-+const common = require('../common');
-+if (!common.hasCrypto)
-+ common.skip('missing crypto');
-+
-+const assert = require('assert');
-+const tls = require('tls');
-+const fixtures = require('../common/fixtures');
-+
-+const { hasOpenSSL3 } = common;
-+
-+// Test that all certificate chains provided by the reporter are rejected.
-+{
-+ const rootPEM = fixtures.readSync('x509-escaping/google/root.pem');
-+ const intermPEM = fixtures.readSync('x509-escaping/google/intermediate.pem');
-+ const keyPEM = fixtures.readSync('x509-escaping/google/key.pem');
-+
-+ const numLeaves = 5;
-+
-+ for (let i = 0; i < numLeaves; i++) {
-+ // TODO(tniessen): this test case requires proper handling of URI SANs,
-+ // which node currently does not implement.
-+ if (i === 3) continue;
-+
-+ const name = `x509-escaping/google/leaf${i}.pem`;
-+ const leafPEM = fixtures.readSync(name, 'utf8');
-+
-+ const server = tls.createServer({
-+ key: keyPEM,
-+ cert: leafPEM + intermPEM,
-+ }, common.mustNotCall()).listen(common.mustCall(() => {
-+ const { port } = server.address();
-+ const socket = tls.connect(port, {
-+ ca: rootPEM,
-+ servername: 'nodejs.org',
-+ }, common.mustNotCall());
-+ socket.on('error', common.mustCall());
-+ })).unref();
-+ }
-+}
-+
-+// Test escaping rules for subject alternative names.
-+{
-+ const expectedSANs = [
-+ 'DNS:"good.example.com\\u002c DNS:evil.example.com"',
-+ // URIs should not require escaping.
-+ 'URI:http://example.com/',
-+ 'URI:http://example.com/?a=b&c=d',
-+ // Unless they contain commas.
-+ 'URI:"http://example.com/a\\u002cb"',
-+ // Percent encoding should not require escaping.
-+ 'URI:http://example.com/a%2Cb',
-+ // Malicious attempts should be escaped.
-+ 'URI:"http://example.com/a\\u002c DNS:good.example.com"',
-+ // Non-ASCII characters in DNS names should be treated as Latin-1.
-+ 'DNS:"ex\\u00e4mple.com"',
-+ // It should not be possible to cause unescaping without escaping.
-+ 'DNS:"\\"evil.example.com\\""',
-+ // IPv4 addresses should be represented as usual.
-+ 'IP Address:8.8.8.8',
-+ 'IP Address:8.8.4.4',
-+ // For backward-compatibility, include invalid IP address lengths.
-+ hasOpenSSL3 ? 'IP Address:<invalid length=5>' : 'IP Address:<invalid>',
-+ hasOpenSSL3 ? 'IP Address:<invalid length=6>' : 'IP Address:<invalid>',
-+ // IPv6 addresses are represented as OpenSSL does.
-+ 'IP Address:A0B:C0D:E0F:0:0:0:7A7B:7C7D',
-+ // Regular email addresses don't require escaping.
-+ 'email:foo@...',
-+ // ... but should be escaped if they contain commas.
-+ 'email:"foo@...\\u002c DNS:good.example.com"',
-+ 'DirName:/C=DE/L=Hannover',
-+ // TODO(tniessen): support UTF8 in DirName
-+ 'DirName:"/C=DE/L=M\\\\xC3\\\\xBCnchen"',
-+ 'DirName:"/C=DE/L=Berlin\\u002c DNS:good.example.com"',
-+ 'DirName:"/C=DE/L=Berlin\\u002c DNS:good.example.com\\\\x00' +
-+ 'evil.example.com"',
-+ 'DirName:"/C=DE/L=Berlin\\u002c DNS:good.example.com\\\\\\\\x00' +
-+ 'evil.example.com"',
-+ // These next two tests might be surprising. OpenSSL applies its own rules
-+ // first, which introduce backslashes, which activate node's escaping.
-+ // Unfortunately, there are also differences between OpenSSL 1.1.1 and 3.0.
-+ 'DirName:"/C=DE/L=Berlin\\\\x0D\\\\x0A"',
-+ hasOpenSSL3 ?
-+ 'DirName:"/C=DE/L=Berlin\\\\/CN=good.example.com"' :
-+ 'DirName:/C=DE/L=Berlin/CN=good.example.com',
-+ // TODO(tniessen): even OIDs that are well-known (such as the following,
-+ // which is sha256WithRSAEncryption) should be represented numerically only.
-+ 'Registered ID:sha256WithRSAEncryption',
-+ // This is an OID that will likely never be assigned to anything, thus
-+ // OpenSSL should not know it.
-+ 'Registered ID:1.3.9999.12.34',
-+ hasOpenSSL3 ?
-+ 'othername: XmppAddr::abc123' :
-+ 'othername:<unsupported>',
-+ hasOpenSSL3 ?
-+ 'othername:" XmppAddr::abc123\\u002c DNS:good.example.com"' :
-+ 'othername:<unsupported>',
-+ hasOpenSSL3 ?
-+ 'othername:" XmppAddr::good.example.com\\u0000abc123"' :
-+ 'othername:<unsupported>',
-+ // This is unsupported because the OID is not recognized.
-+ 'othername:<unsupported>',
-+ hasOpenSSL3 ? 'othername: SRVName::abc123' : 'othername:<unsupported>',
-+ // This is unsupported because it is an SRVName with a UTF8String value,
-+ // which is not allowed for SRVName.
-+ 'othername:<unsupported>',
-+ hasOpenSSL3 ?
-+ 'othername:" SRVName::abc\\u0000def"' :
-+ 'othername:<unsupported>',
-+ ];
-+
-+ const serverKey = fixtures.readSync('x509-escaping/server-key.pem', 'utf8');
-+
-+ for (let i = 0; i < expectedSANs.length; i++) {
-+ const pem = fixtures.readSync(`x509-escaping/alt-${i}-cert.pem`, 'utf8');
-+
-+ // X509Certificate interface is not supported in v12.x & v14.x. Disable
-+ // checks for subjectAltName with expectedSANs. The testcase is ported
-+ // from v17.x
-+ //
-+ // Test the subjectAltName property of the X509Certificate API.
-+ // const cert = new X509Certificate(pem);
-+ // assert.strictEqual(cert.subjectAltName, expectedSANs[i]);
-+
-+ // Test that the certificate obtained by checkServerIdentity has the correct
-+ // subjectaltname property.
-+ const server = tls.createServer({
-+ key: serverKey,
-+ cert: pem,
-+ }, common.mustCall((conn) => {
-+ conn.destroy();
-+ server.close();
-+ })).listen(common.mustCall(() => {
-+ const { port } = server.address();
-+ tls.connect(port, {
-+ ca: pem,
-+ servername: 'example.com',
-+ checkServerIdentity: (hostname, peerCert) => {
-+ assert.strictEqual(hostname, 'example.com');
-+ assert.strictEqual(peerCert.subjectaltname, expectedSANs[i]);
-+ },
-+ }, common.mustCall());
-+ }));
-+ }
-+}
-+
-+// Test escaping rules for authority info access.
-+{
-+ const expectedInfoAccess = [
-+ {
-+ text: 'OCSP - URI:"http://good.example.com/\\u000a' +
-+ 'OCSP - URI:http://evil.example.com/"',
-+ legacy: {
-+ 'OCSP - URI': [
-+ 'http://good.example.com/\nOCSP - URI:http://evil.example.com/',
-+ ],
-+ },
-+ },
-+ {
-+ text: 'CA Issuers - URI:"http://ca.example.com/\\u000a' +
-+ 'OCSP - URI:http://evil.example.com"\n' +
-+ 'OCSP - DNS:"good.example.com\\u000a' +
-+ 'OCSP - URI:http://ca.nodejs.org/ca.cert"',
-+ legacy: {
-+ 'CA Issuers - URI': [
-+ 'http://ca.example.com/\nOCSP - URI:http://evil.example.com',
-+ ],
-+ 'OCSP - DNS': [
-+ 'good.example.com\nOCSP - URI:http://ca.nodejs.org/ca.cert',
-+ ],
-+ },
-+ },
-+ {
-+ text: '1.3.9999.12.34 - URI:http://ca.example.com/',
-+ legacy: {
-+ '1.3.9999.12.34 - URI': [
-+ 'http://ca.example.com/',
-+ ],
-+ },
-+ },
-+ hasOpenSSL3 ? {
-+ text: 'OCSP - othername: XmppAddr::good.example.com\n' +
-+ 'OCSP - othername:<unsupported>\n' +
-+ 'OCSP - othername: SRVName::abc123',
-+ legacy: {
-+ 'OCSP - othername': [
-+ ' XmppAddr::good.example.com',
-+ '<unsupported>',
-+ ' SRVName::abc123',
-+ ],
-+ },
-+ } : {
-+ text: 'OCSP - othername:<unsupported>\n' +
-+ 'OCSP - othername:<unsupported>\n' +
-+ 'OCSP - othername:<unsupported>',
-+ legacy: {
-+ 'OCSP - othername': [
-+ '<unsupported>',
-+ '<unsupported>',
-+ '<unsupported>',
-+ ],
-+ },
-+ },
-+ hasOpenSSL3 ? {
-+ text: 'OCSP - othername:" XmppAddr::good.example.com\\u0000abc123"',
-+ legacy: {
-+ 'OCSP - othername': [
-+ ' XmppAddr::good.example.com\0abc123',
-+ ],
-+ },
-+ } : {
-+ text: 'OCSP - othername:<unsupported>',
-+ legacy: {
-+ 'OCSP - othername': [
-+ '<unsupported>',
-+ ],
-+ },
-+ },
-+ ];
-+
-+ const serverKey = fixtures.readSync('x509-escaping/server-key.pem', 'utf8');
-+
-+ for (let i = 0; i < expectedInfoAccess.length; i++) {
-+ const pem = fixtures.readSync(`x509-escaping/info-${i}-cert.pem`, 'utf8');
-+ const expected = expectedInfoAccess[i];
-+
-+ // X509Certificate interface is not supported in v12.x & v14.x. Disable
-+ // checks for cert.infoAccess with expected text. The testcase is ported
-+ // from v17.x
-+ // Test the subjectAltName property of the X509Certificate API.
-+ // const cert = new X509Certificate(pem);
-+ // assert.strictEqual(cert.infoAccess,
-+ // `${expected.text}${hasOpenSSL3 ? '' : '\n'}`);
-+
-+ // Test that the certificate obtained by checkServerIdentity has the correct
-+ // subjectaltname property.
-+ const server = tls.createServer({
-+ key: serverKey,
-+ cert: pem,
-+ }, common.mustCall((conn) => {
-+ conn.destroy();
-+ server.close();
-+ })).listen(common.mustCall(() => {
-+ const { port } = server.address();
-+ tls.connect(port, {
-+ ca: pem,
-+ servername: 'example.com',
-+ checkServerIdentity: (hostname, peerCert) => {
-+ assert.strictEqual(hostname, 'example.com');
-+ assert.deepStrictEqual(peerCert.infoAccess,
-+ Object.assign(Object.create(null),
-+ expected.legacy));
-+ },
-+ }, common.mustCall());
-+ }));
-+ }
-+}
-+
-+// The internal parsing logic must match the JSON specification exactly.
-+{
-+ // This list is partially based on V8's own JSON tests.
-+ const invalidJSON = [
-+ '"\\a invalid escape"',
-+ '"\\v invalid escape"',
-+ '"\\\' invalid escape"',
-+ '"\\x42 invalid escape"',
-+ '"\\u202 invalid escape"',
-+ '"\\012 invalid escape"',
-+ '"Unterminated string',
-+ '"Unterminated string\\"',
-+ '"Unterminated string\\\\\\"',
-+ '"\u0000 control character"',
-+ '"\u001e control character"',
-+ '"\u001f control character"',
-+ ];
-+
-+ for (const invalidStringLiteral of invalidJSON) {
-+ // Usually, checkServerIdentity returns an error upon verification failure.
-+ // In this case, however, it should throw an error since this is not a
-+ // verification error. Node.js itself will never produce invalid JSON string
-+ // literals, so this can only happen when users construct invalid subject
-+ // alternative name strings (that do not follow escaping rules).
-+ assert.throws(() => {
-+ tls.checkServerIdentity('example.com', {
-+ subjectaltname: `DNS:${invalidStringLiteral}`,
-+ });
-+ }, {
-+ code: 'ERR_TLS_CERT_ALTNAME_FORMAT',
-+ message: 'Invalid subject alternative name string'
-+ });
-+ }
-+}
-+
-+// While node does not produce commas within SAN entries, it should parse them
-+// correctly (i.e., not simply split at commas).
-+{
-+ // Regardless of the quotes, splitting this SAN string at commas would
-+ // cause checkServerIdentity to see 'DNS:b.example.com' and thus to accept
-+ // the certificate for b.example.com.
-+ const san = 'DNS:"a.example.com, DNS:b.example.com, DNS:c.example.com"';
-+
-+ // This is what node used to do, and which is not correct!
-+ const hostname = 'b.example.com';
-+ assert.strictEqual(san.split(', ')[1], `DNS:${hostname}`);
-+
-+ // The new implementation should parse the string correctly.
-+ const err = tls.checkServerIdentity(hostname, { subjectaltname: san });
-+ assert(err);
-+ assert.strictEqual(err.code, 'ERR_TLS_CERT_ALTNAME_INVALID');
-+ assert.strictEqual(err.message, 'Hostname/IP does not match certificate\'s ' +
-+ 'altnames: Host: b.example.com. is not in ' +
-+ 'the cert\'s altnames: DNS:"a.example.com, ' +
-+ 'DNS:b.example.com, DNS:c.example.com"');
-+}
-+
-+// The subject MUST be ignored if a dNSName subject alternative name exists.
-+{
-+ const key = fixtures.readKey('incorrect_san_correct_subject-key.pem');
-+ const cert = fixtures.readKey('incorrect_san_correct_subject-cert.pem');
-+
-+ // The hostname is the CN, but not a SAN entry.
-+ const servername = 'good.example.com';
-+
-+ // X509Certificate interface is not supported in v12.x & v14.x. Disable
-+ // checks for certX509.subject and certX509.subjectAltName with expected
-+ // value. The testcase is ported from v17.x
-+ //
-+ // const certX509 = new X509Certificate(cert);
-+ // assert.strictEqual(certX509.subject, `CN=${servername}`);
-+ // assert.strictEqual(certX509.subjectAltName, 'DNS:evil.example.com');
-+
-+ // Try connecting to a server that uses the self-signed certificate.
-+ const server = tls.createServer({ key, cert }, common.mustNotCall());
-+ server.listen(common.mustCall(() => {
-+ const { port } = server.address();
-+ const socket = tls.connect(port, {
-+ ca: cert,
-+ servername,
-+ }, common.mustNotCall());
-+ socket.on('error', common.mustCall((err) => {
-+ assert.strictEqual(err.code, 'ERR_TLS_CERT_ALTNAME_INVALID');
-+ assert.strictEqual(err.message, 'Hostname/IP does not match ' +
-+ "certificate's altnames: Host: " +
-+ "good.example.com. is not in the cert's" +
-+ ' altnames: DNS:evil.example.com');
-+ }));
-+ })).unref();
-+}
---
-2.17.1
-
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.2.bb b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb
similarity index 97%
rename from meta-oe/recipes-devtools/nodejs/nodejs_12.22.2.bb
rename to meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb
index 2c7d3b3edd..8dbdd088e9 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.2.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb
@@ -1,7 +1,7 @@
DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript"
HOMEPAGE = "http://nodejs.org"
LICENSE = "MIT & BSD & Artistic-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=8c66ff8861d9f96076a7cb61e3d75f54"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=93997aa7a45ba0f25f9c61aaab153ab8"

DEPENDS = "openssl"
DEPENDS_append_class-target = " nodejs-native"
@@ -22,12 +22,11 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
file://big-endian.patch \
file://mips-warnings.patch \
file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \
- file://CVE-2021-44532.patch \
"
SRC_URI_append_class-target = " \
file://0002-Using-native-binaries.patch \
"
-SRC_URI[sha256sum] = "7fd805571df106f086f4c45e131efed98bfd62628d9dec96bd62f8c11b0c48dc"
+SRC_URI[sha256sum] = "bc42b7f8495b9bfc7f7850dd180bb02a5bdf139cc232b8c6f02a6967e20714f2"

S = "${WORKDIR}/node-v${PV}"

--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[PATCH 2/5] c-ares: Upgrade to 1.17.1 release

Ranjitsinh Rathod
 

From: Khem Raj <raj.khem@...>

Forward port cmake-install-libcares.pc.patch, drop the need to install
pkgconfig files as its already being done by main Makefile

Remove below two patches as well
ares_expand_name-fix-formatting-and-handling-of-root.patch
ares_expand_name-should-escape-more-characters.patch

Conflicts:
meta-oe/recipes-support/c-ares/c-ares_1.17.1.bb

Signed-off-by: Khem Raj <raj.khem@...>
(cherry picked from commit b65f2904191b8d309b3971d4e65c5e1701156b1c)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@...>
---
...-fix-formatting-and-handling-of-root.patch | 115 ------------------
...d_name-should-escape-more-characters.patch | 90 --------------
.../c-ares/cmake-install-libcares.pc.patch | 27 ++--
.../{c-ares_1.16.1.bb => c-ares_1.17.1.bb} | 6 +-
4 files changed, 12 insertions(+), 226 deletions(-)
delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch
delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch
rename meta-oe/recipes-support/c-ares/{c-ares_1.16.1.bb => c-ares_1.17.1.bb} (76%)

diff --git a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch b/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch
deleted file mode 100644
index d1cb54aefb..0000000000
--- a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From: bradh352 <brad@...>
-Date: Fri, 11 Jun 2021 12:39:24 -0400
-Subject: [2/2] ares_expand_name(): fix formatting and handling of root name
- response
-Origin: https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3672
-
-Fixes issue introduced in prior commit with formatting and handling
-of parsing a root name response which should not be escaped.
-
-Fix By: Brad House
-CVE: CVE-2021-3672
-Upstream-Status: Backport [http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz]
-Signed-off-by: Neetika Singh <Neetika.Singh@...>
----
- ares_expand_name.c | 62 ++++++++++++++++++++++++--------------
- 1 file changed, 40 insertions(+), 22 deletions(-)
-
-diff --git a/ares_expand_name.c b/ares_expand_name.c
-index f1c874a97cfc..eb9268c1ff0a 100644
---- a/ares_expand_name.c
-+++ b/ares_expand_name.c
-@@ -127,27 +127,37 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
- }
- else
- {
-- len = *p;
-+ int name_len = *p;
-+ len = name_len;
- p++;
-+
- while (len--)
- {
-- if (!isprint(*p)) {
-- /* Output as \DDD for consistency with RFC1035 5.1 */
-- *q++ = '\\';
-- *q++ = '0' + *p / 100;
-- *q++ = '0' + (*p % 100) / 10;
-- *q++ = '0' + (*p % 10);
-- } else if (is_reservedch(*p)) {
-- *q++ = '\\';
-- *q++ = *p;
-- } else {
-- *q++ = *p;
-- }
-+ /* Output as \DDD for consistency with RFC1035 5.1, except
-+ * for the special case of a root name response */
-+ if (!isprint(*p) && !(name_len == 1 && *p == 0))
-+ {
-+
-+ *q++ = '\\';
-+ *q++ = '0' + *p / 100;
-+ *q++ = '0' + (*p % 100) / 10;
-+ *q++ = '0' + (*p % 10);
-+ }
-+ else if (is_reservedch(*p))
-+ {
-+ *q++ = '\\';
-+ *q++ = *p;
-+ }
-+ else
-+ {
-+ *q++ = *p;
-+ }
- p++;
- }
- *q++ = '.';
- }
-- }
-+ }
-+
- if (!indir)
- *enclen = aresx_uztosl(p + 1U - encoded);
-
-@@ -194,21 +204,29 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
- }
- else if (top == 0x00)
- {
-- offset = *encoded;
-+ int name_len = *encoded;
-+ offset = name_len;
- if (encoded + offset + 1 >= abuf + alen)
- return -1;
- encoded++;
-+
- while (offset--)
- {
-- if (!isprint(*encoded)) {
-- n += 4;
-- } else if (is_reservedch(*encoded)) {
-- n += 2;
-- } else {
-- n += 1;
-- }
-+ if (!isprint(*encoded) && !(name_len == 1 && *encoded == 0))
-+ {
-+ n += 4;
-+ }
-+ else if (is_reservedch(*encoded))
-+ {
-+ n += 2;
-+ }
-+ else
-+ {
-+ n += 1;
-+ }
- encoded++;
- }
-+
- n++;
- }
- else
---
-2.32.0
-
diff --git a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch b/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch
deleted file mode 100644
index 3603ef1278..0000000000
--- a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From: bradh352 <brad@...>
-Date: Fri, 11 Jun 2021 11:27:45 -0400
-Subject: [1/2] ares_expand_name() should escape more characters
-Origin: https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3672
-
-RFC1035 5.1 specifies some reserved characters and escaping sequences
-that are allowed to be specified. Expand the list of reserved characters
-and also escape non-printable characters using the \DDD format as
-specified in the RFC.
-
-Bug Reported By: philipp.jeitner@...
-Fix By: Brad House (@bradh352)
-CVE: CVE-2021-3672
-Upstream-Status: Backport [http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz]
-Signed-off-by: Neetika Singh <Neetika.Singh@...>
----
- ares_expand_name.c | 41 +++++++++++++++++++++++++++++++++++---
- 1 file changed, 38 insertions(+), 3 deletions(-)
-
-diff --git a/ares_expand_name.c b/ares_expand_name.c
-index 407200ef5b4b..f1c874a97cfc 100644
---- a/ares_expand_name.c
-+++ b/ares_expand_name.c
-@@ -32,6 +32,26 @@
- static int name_length(const unsigned char *encoded, const unsigned char *abuf,
- int alen);
-
-+/* Reserved characters for names that need to be escaped */
-+static int is_reservedch(int ch)
-+{
-+ switch (ch) {
-+ case '"':
-+ case '.':
-+ case ';':
-+ case '\\':
-+ case '(':
-+ case ')':
-+ case '@':
-+ case '$':
-+ return 1;
-+ default:
-+ break;
-+ }
-+
-+ return 0;
-+}
-+
- /* Expand an RFC1035-encoded domain name given by encoded. The
- * containing message is given by abuf and alen. The result given by
- * *s, which is set to a NUL-terminated allocated buffer. *enclen is
-@@ -111,9 +131,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
- p++;
- while (len--)
- {
-- if (*p == '.' || *p == '\\')
-+ if (!isprint(*p)) {
-+ /* Output as \DDD for consistency with RFC1035 5.1 */
-+ *q++ = '\\';
-+ *q++ = '0' + *p / 100;
-+ *q++ = '0' + (*p % 100) / 10;
-+ *q++ = '0' + (*p % 10);
-+ } else if (is_reservedch(*p)) {
- *q++ = '\\';
-- *q++ = *p;
-+ *q++ = *p;
-+ } else {
-+ *q++ = *p;
-+ }
- p++;
- }
- *q++ = '.';
-@@ -171,7 +200,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
- encoded++;
- while (offset--)
- {
-- n += (*encoded == '.' || *encoded == '\\') ? 2 : 1;
-+ if (!isprint(*encoded)) {
-+ n += 4;
-+ } else if (is_reservedch(*encoded)) {
-+ n += 2;
-+ } else {
-+ n += 1;
-+ }
- encoded++;
- }
- n++;
---
-2.32.0
-
diff --git a/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch b/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch
index 0eb7e4bbb3..c6f9c6de61 100644
--- a/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch
+++ b/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch
@@ -1,4 +1,4 @@
-From 12414304245cce6ef0e8b9547949be5109845353 Mon Sep 17 00:00:00 2001
+From 2cc41bee63223cb398ea932aad6ecc94ff5b61dd Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@...>
Date: Tue, 24 Jul 2018 13:33:33 +0800
Subject: [PATCH] cmake: Install libcares.pc
@@ -11,12 +11,13 @@ Signed-off-by: Alexey Firago <alexey_firago@...>
update to 1.14.0, fix patch warning

Signed-off-by: Changqing Li <changqing.li@...>
+
---
- CMakeLists.txt | 28 +++++++++++++++++++++++-----
- 1 file changed, 23 insertions(+), 5 deletions(-)
+ CMakeLists.txt | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
-index fd123e1..3a5878d 100644
+index 08c0247..0020d6b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -214,22 +214,25 @@ ADD_DEFINITIONS(${SYSFLAGS})
@@ -50,9 +51,9 @@ index fd123e1..3a5878d 100644

# When checking for symbols, we need to make sure we set the proper
# headers, libraries, and definitions for the detection to work properly
-@@ -554,6 +557,15 @@ CONFIGURE_FILE (ares_build.h.cmake ${PROJECT_BINARY_DIR}/ares_build.h)
- # Write ares_config.h configuration file. This is used only for the build.
- CONFIGURE_FILE (ares_config.h.cmake ${PROJECT_BINARY_DIR}/ares_config.h)
+@@ -551,6 +554,15 @@ ENDIF()
+ # Record toplevel CMakeLists.txt path
+ set(CARES_TOPLEVEL_DIR "${CMAKE_CURRENT_SOURCE_DIR}")

+# Pass required CFLAGS to pkg-config in case of static library
+IF (CARES_STATIC)
@@ -66,19 +67,11 @@ index fd123e1..3a5878d 100644

# TRANSFORM_MAKEFILE_INC
#
-@@ -728,6 +740,12 @@ IF (CARES_INSTALL)
+@@ -624,7 +636,6 @@ IF (CARES_INSTALL)
INSTALL (FILES "${CMAKE_CURRENT_BINARY_DIR}/libcares.pc" COMPONENT Devel DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
ENDIF ()

-+# pkg-config file
-+IF (CARES_INSTALL)
-+ SET (PKGCONFIG_INSTALL_DIR "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
-+ INSTALL (FILES "${CMAKE_CURRENT_BINARY_DIR}/libcares.pc" DESTINATION ${PKGCONFIG_INSTALL_DIR})
-+ENDIF ()
-+
+-
# Legacy chain-building variables (provided for compatibility with old code).
# Don't use these, external code should be updated to refer to the aliases directly (e.g., Cares::cares).
SET (CARES_FOUND 1 CACHE INTERNAL "CARES LIBRARY FOUND")
---
-2.17.1
-
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.17.1.bb
similarity index 76%
rename from meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb
rename to meta-oe/recipes-support/c-ares/c-ares_1.17.1.bb
index 692a5f0d6e..de27d736ad 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.17.1.bb
@@ -5,16 +5,14 @@ SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006"

-PV = "1.16.1+gitr${SRCPV}"
+PV = "1.17.1"

SRC_URI = "\
git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
file://cmake-install-libcares.pc.patch \
file://0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch \
- file://ares_expand_name-should-escape-more-characters.patch \
- file://ares_expand_name-fix-formatting-and-handling-of-root.patch \
"
-SRCREV = "74a1426ba60e2cd7977e53a22ef839c87415066e"
+SRCREV = "39c73b503d9ef70a58ad1f4a4643f15b01407c66"

UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)"

--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[PATCH 5/5] c-ares: upgrade 1.17.2 -> 1.18.1

Ranjitsinh Rathod
 

From: wangmy <wangmy@...>

c-ares version 1.18.1 - Oct 27 2021
Bug fixes:

ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 adddresses
rather than the sizeof(struct sockaddr_in6)

Conflicts:
meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb

Signed-off-by: Wang Mingyu <wangmy@...>
Signed-off-by: Khem Raj <raj.khem@...>
(cherry picked from commit e251d7b827d63277a36f1b8094d992303329b866)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@...>
---
.../c-ares/{c-ares_1.17.2.bb => c-ares_1.18.1.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-oe/recipes-support/c-ares/{c-ares_1.17.2.bb => c-ares_1.18.1.bb} (91%)

diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
similarity index 91%
rename from meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb
rename to meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
index 80d711a36f..6e0d0fc38f 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
@@ -6,7 +6,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006"

SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https"
-SRCREV = "6654436a307a5a686b008c1d4c93b0085da6e6d8"
+SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed"

UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)"

--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[PATCH 4/5] c-ares: remove custom patches

Ranjitsinh Rathod
 

From: Sinan Kaya <okaya@...>

Current patch is breaking the library dependencies added by cmake
especially when you are static linking.

Applications need the ws2_32 library to be linked for mingw32
and with the existing patch this is not getting passed to the users.

Current patch seems to address this issue:
https://github.com/c-ares/c-ares/issues/373

Both issues are resolved in 1.17.2:

1.17.2-r0/git $ find . | grep c-ares-config.cmake.in
./c-ares-config.cmake.in
1.17.2-r0/git $ find . | grep libcares.pc.cmake
./libcares.pc.cmake

Conflicts:
meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb

Signed-off-by: Sinan Kaya <okaya@...>
Signed-off-by: Khem Raj <raj.khem@...>
(cherry picked from commit 621bdc1993d2e8da08b9b240043dc13481cd644f)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@...>
---
...ror-mv-libcares.pc.cmakein-to-libcar.patch | 27 -------
.../c-ares/cmake-install-libcares.pc.patch | 77 -------------------
.../recipes-support/c-ares/c-ares_1.17.2.bb | 5 +-
3 files changed, 1 insertion(+), 108 deletions(-)
delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch
delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch

diff --git a/meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch b/meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch
deleted file mode 100644
index 8f15f8424c..0000000000
--- a/meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From f2f1e134bf5d9d0789942848e03006af8d926cf8 Mon Sep 17 00:00:00 2001
-From: Wang Mingyu <wangmy@...>
-Date: Tue, 17 Mar 2020 12:53:35 +0800
-Subject: [PATCH] fix configure error : mv libcares.pc.cmakein to
- libcares.pc.cmake
-
-Signed-off-by: Wang Mingyu <wangmy@...>
----
- CMakeLists.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 3a5878d..c2e5740 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -563,7 +563,7 @@ IF (CARES_STATIC)
- ENDIF()
-
- # Write ares_config.h configuration file. This is used only for the build.
--CONFIGURE_FILE (libcares.pc.cmakein ${PROJECT_BINARY_DIR}/libcares.pc @ONLY)
-+CONFIGURE_FILE (libcares.pc.cmake ${PROJECT_BINARY_DIR}/libcares.pc @ONLY)
-
-
-
---
-2.17.1
-
diff --git a/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch b/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch
deleted file mode 100644
index c6f9c6de61..0000000000
--- a/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 2cc41bee63223cb398ea932aad6ecc94ff5b61dd Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@...>
-Date: Tue, 24 Jul 2018 13:33:33 +0800
-Subject: [PATCH] cmake: Install libcares.pc
-
-Prepare and install libcares.pc file during cmake build, so libraries
-using pkg-config to find libcares will not fail.
-
-Signed-off-by: Alexey Firago <alexey_firago@...>
-
-update to 1.14.0, fix patch warning
-
-Signed-off-by: Changqing Li <changqing.li@...>
-
----
- CMakeLists.txt | 23 +++++++++++++++++------
- 1 file changed, 17 insertions(+), 6 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 08c0247..0020d6b 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -214,22 +214,25 @@ ADD_DEFINITIONS(${SYSFLAGS})
-
-
- # Tell C-Ares about libraries to depend on
-+# Also pass these libraries to pkg-config file
-+SET(CARES_PRIVATE_LIBS_LIST)
- IF (HAVE_LIBRESOLV)
-- LIST (APPEND CARES_DEPENDENT_LIBS resolv)
-+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lresolv")
- ENDIF ()
- IF (HAVE_LIBNSL)
-- LIST (APPEND CARES_DEPENDENT_LIBS nsl)
-+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lnsl")
- ENDIF ()
- IF (HAVE_LIBSOCKET)
-- LIST (APPEND CARES_DEPENDENT_LIBS socket)
-+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lsocket")
- ENDIF ()
- IF (HAVE_LIBRT)
-- LIST (APPEND CARES_DEPENDENT_LIBS rt)
-+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lrt")
- ENDIF ()
- IF (WIN32)
-- LIST (APPEND CARES_DEPENDENT_LIBS ws2_32 Advapi32)
-+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lws2_32")
- ENDIF ()
-
-+string (REPLACE ";" " " CARES_PRIVATE_LIBS "${CARES_PRIVATE_LIBS_LIST}")
-
- # When checking for symbols, we need to make sure we set the proper
- # headers, libraries, and definitions for the detection to work properly
-@@ -551,6 +554,15 @@ ENDIF()
- # Record toplevel CMakeLists.txt path
- set(CARES_TOPLEVEL_DIR "${CMAKE_CURRENT_SOURCE_DIR}")
-
-+# Pass required CFLAGS to pkg-config in case of static library
-+IF (CARES_STATIC)
-+ SET (CPPFLAG_CARES_STATICLIB "-DCARES_STATICLIB")
-+ENDIF()
-+
-+# Write ares_config.h configuration file. This is used only for the build.
-+CONFIGURE_FILE (libcares.pc.cmakein ${PROJECT_BINARY_DIR}/libcares.pc @ONLY)
-+
-+
-
- # TRANSFORM_MAKEFILE_INC
- #
-@@ -624,7 +636,6 @@ IF (CARES_INSTALL)
- INSTALL (FILES "${CMAKE_CURRENT_BINARY_DIR}/libcares.pc" COMPONENT Devel DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
- ENDIF ()
-
--
- # Legacy chain-building variables (provided for compatibility with old code).
- # Don't use these, external code should be updated to refer to the aliases directly (e.g., Cares::cares).
- SET (CARES_FOUND 1 CACHE INTERNAL "CARES LIBRARY FOUND")
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb b/meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb
index 19e35db2d7..80d711a36f 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb
@@ -5,10 +5,7 @@ SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006"

-SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
- file://cmake-install-libcares.pc.patch \
- file://0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch \
- "
+SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https"
SRCREV = "6654436a307a5a686b008c1d4c93b0085da6e6d8"

UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[PATCH 3/5] c-ares: upgrade 1.17.1 -> 1.17.2

Ranjitsinh Rathod
 

From: wangmy <wangmy@...>

Conflicts:
meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb

Signed-off-by: Wang Mingyu <wangmy@...>
Signed-off-by: Khem Raj <raj.khem@...>
(cherry picked from commit c49173b09c998bb3893ae873f68823647f1a7e18)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@...>
---
.../c-ares/{c-ares_1.17.1.bb => c-ares_1.17.2.bb} | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
rename meta-oe/recipes-support/c-ares/{c-ares_1.17.1.bb => c-ares_1.17.2.bb} (63%)

diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.17.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb
similarity index 63%
rename from meta-oe/recipes-support/c-ares/c-ares_1.17.1.bb
rename to meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb
index de27d736ad..19e35db2d7 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.17.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb
@@ -5,14 +5,11 @@ SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006"

-PV = "1.17.1"
-
-SRC_URI = "\
- git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
- file://cmake-install-libcares.pc.patch \
- file://0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch \
-"
-SRCREV = "39c73b503d9ef70a58ad1f4a4643f15b01407c66"
+SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
+ file://cmake-install-libcares.pc.patch \
+ file://0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch \
+ "
+SRCREV = "6654436a307a5a686b008c1d4c93b0085da6e6d8"

UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)"

--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[PATCH 0/5] Upgrade nodejs to 12.22.12 and c-ares to 1.18.1

Ranjitsinh Rathod
 

From: Ranjitsinh Rathod <ranjitsinhrathod1991@...>

This series upgrades nodejs to 12.22.12 which is the last release from
12.x branch
This nodejs has compile time dependencies with c-ares and so upgrade
c-ares to 1.18.1

Khem Raj (1):
c-ares: Upgrade to 1.17.1 release

Ranjitsinh Rathod (1):
nodejs: Upgrade to 12.22.12

Sinan Kaya (1):
c-ares: remove custom patches

wangmy (2):
c-ares: upgrade 1.17.1 -> 1.17.2
c-ares: upgrade 1.17.2 -> 1.18.1

.../nodejs/nodejs/CVE-2021-44532.patch | 3090 -----------------
.../{nodejs_12.22.2.bb => nodejs_12.22.12.bb} | 5 +-
...ror-mv-libcares.pc.cmakein-to-libcar.patch | 27 -
...-fix-formatting-and-handling-of-root.patch | 115 -
...d_name-should-escape-more-characters.patch | 90 -
.../c-ares/cmake-install-libcares.pc.patch | 84 -
.../{c-ares_1.16.1.bb => c-ares_1.18.1.bb} | 12 +-
7 files changed, 4 insertions(+), 3419 deletions(-)
delete mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-2021-44532.patch
rename meta-oe/recipes-devtools/nodejs/{nodejs_12.22.2.bb => nodejs_12.22.12.bb} (97%)
delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch
delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch
delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch
delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch
rename meta-oe/recipes-support/c-ares/{c-ares_1.16.1.bb => c-ares_1.18.1.bb} (53%)

--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[meta-oe] [PATCH] xrdp: Fix buildpaths warning.

leimaohui
 

Don't print configure message.

Signed-off-by: Lei Maohui <leimaohui@...>
---
meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb | 1 +
1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb
index 7ec6ae15f..947ca7538 100644
--- a/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb
+++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb
@@ -49,6 +49,7 @@ do_configure:prepend() {

do_compile:prepend() {
sed -i 's/(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am/(MAKE) $(AM_MAKEFLAGS) install-exec-am/g' ${S}/keygen/Makefile.in
+ echo "" > ${B}/xrdp_configure_options.h
}

do_install:append() {
--
2.25.1


[meta-oe] [PATCH] dnf-plugin-tui: Fix somw issue in postinstall process.

leimaohui
 

Signed-off-by: Lei Maohui <leimaohui@...>
---
.../dnf-plugin-tui/dnf-plugin-tui_git.bb | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb b/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb
index ccbea58f1..f170b9f82 100644
--- a/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb
+++ b/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb
@@ -4,7 +4,7 @@ LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"

SRC_URI = "git://github.com/ubinux/dnf-plugin-tui.git;branch=master;protocol=https"
-SRCREV = "f6ee3fa8fe6f3d7ca8d5b104aa73c1a5c938a403"
+SRCREV = "bac88927b253cdcfe0d06ac7dc5afb876cd2d996"
PV = "1.3"

SRC_URI:append:class-target = " file://oe-remote.repo.sample"
@@ -28,7 +28,14 @@ do_install:append:class-target() {
install -m 0644 ${WORKDIR}/oe-remote.repo.sample ${D}${sysconfdir}/yum.repos.d
}

+do_install:append:class-nativesdk() {
+ install -d -p ${D}/${SDKPATH}/postinst-intercepts
+ cp -r ${COREBASE}/scripts/postinst-intercepts/* ${D}/${SDKPATH}/postinst-intercepts/
+ sed -i -e 's/STAGING_DIR_NATIVE/NATIVE_ROOT/g' ${D}/${SDKPATH}/postinst-intercepts/*
+}
+
FILES:${PN} += "${datadir}/dnf"
+FILES:${PN} += "${SDKPATH}/postinst-intercepts"

RDEPENDS:${PN} += " \
bash \
--
2.25.1


[meta-oe][PATCH] waylandpp: add recipe

Markus Volk
 

This adds C++ bindings for Wayland as used e.g. in the Kodi project

Signed-off-by: Markus Volk <f_l_k@...>
---
.../wayland/waylandpp_1.0.0.bb | 37 +++++++++++++++++++
1 file changed, 37 insertions(+)
create mode 100644 meta-oe/recipes-graphics/wayland/waylandpp_1.0.0.bb

diff --git a/meta-oe/recipes-graphics/wayland/waylandpp_1.0.0.bb b/meta-o=
e/recipes-graphics/wayland/waylandpp_1.0.0.bb
new file mode 100644
index 000000000..f075f2a3a
--- /dev/null
+++ b/meta-oe/recipes-graphics/wayland/waylandpp_1.0.0.bb
@@ -0,0 +1,37 @@
+SUMMARY =3D " C++ binding for Wayland using the most modern C++ technolo=
gy"
+LICENSE =3D "MIT"
+LIC_FILES_CHKSUM =3D "file://LICENSE;md5=3D3aae28cc66d61975114c2b14df215=
407"
+
+SRC_URI =3D "git://github.com/NilsBrause/waylandpp.git;protocol=3Dhttps;=
branch=3Dmaster"
+
+DEPENDS =3D "pugixml"
+DEPENDS:append:class-target =3D " waylandpp-native wayland virtual/egl v=
irtual/libgles2"
+
+S =3D "${WORKDIR}/git"
+SRCREV =3D "4321ed5c7b4bffa41b8a2a13dc7f3ece1191f4f3"
+
+inherit cmake pkgconfig
+
+EXTRA_OECMAKE:class-native =3D " \
+ -DBUILD_SCANNER=3DON \
+ -DBUILD_LIBRARIES=3DOFF \
+ -DBUILD_DOCUMENTATION=3DOFF \
+ -DCMAKE_BUILD_TYPE=3DRelease \
+ -DCMAKE_VERBOSE_MAKEFILE=3DTRUE \
+"
+
+EXTRA_OECMAKE:class-target =3D " \
+ -DBUILD_SCANNER=3DON \
+ -DBUILD_LIBRARIES=3DON \
+ -DBUILD_DOCUMENTATION=3DOFF \
+ -DBUILD_EXAMPLES=3DOFF \
+ -DOPENGL_LIBRARY=3D"-lEGL -lGLESv2" \
+ -DOPENGL_opengl_LIBRARY=3D-lEGL \
+ -DOPENGL_glx_LIBRARY=3D-lEGL \
+ -DWAYLAND_SCANNERPP=3D"${STAGING_BINDIR_NATIVE}/wayland-scanner++" \
+ -DCMAKE_BUILD_TYPE=3DRelease \
+ -DCMAKE_VERBOSE_MAKEFILE=3DTRUE \
+ -DCMAKE_EXE_LINKER_FLAGS=3D"-Wl,--enable-new-dtags" \
+"
+
+BBCLASSEXTEND +=3D "native nativesdk"
--=20
2.34.1


Re: [meta-oe][PATCH][master-next] nodejs : upgrade 16.14.2 -> 16.16.0

Khem Raj
 

Hi Jason

This patch is not applying cleanly on master-next, can you please rebase on latest master-next and use git format-patch to re-generate the patch and send again ?

On 8/7/22 8:26 PM, J. S. wrote:
From 337d466bd4433159492b0e18a9f654b6047cc73c Mon Sep 17 00:00:00 2001
From: Jason Schonberg <schonm@...>
Date: Sun, 7 Aug 2022 22:44:49 -0400
Subject: [PATCH] Upgrade Nodejs from 16.14.2 to 16.16.0. This is the latest
LTS version of node.
The license file check sum changes because the new license file
mentions undici which is licensed under an MIT license.
This upgrade provides support for openssl 1.1.1q
Additional information about changes since the 16.14.2 release can be
found at https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md
The existing 16.14.2 patches applied with fuzz against the 16.16.0
release. So they have been updated with devtool.
Built against master-next
commit 8dee3f24aafab5574db396770342fd62ebbbad17
Signed-off-by: Jason Schonberg <schonm@...>
---
...e-running-gyp-files-for-bundled-deps.patch | 6 +--
...-liftoff-Correct-function-signatures.patch | 30 +++++++++-----
...Use-32bit-cast-for-operand-on-mips32.patch | 6 +--
...Install-both-binaries-and-use-libdir.patch | 33 ++++++----------
.../nodejs/0002-Using-native-binaries.patch | 22 ++++++-----
.../0004-v8-don-t-override-ARM-CFLAGS.patch | 12 +++---
...5-add-openssl-legacy-provider-option.patch | 30 +++++++-------
.../nodejs/nodejs/big-endian.patch | 14 ++++++-
.../nodejs/nodejs/mips-less-memory.patch | 39 ++++++++++++-------
.../nodejs/nodejs/system-c-ares.patch | 11 +++++-
.../{nodejs_16.14.2.bb => nodejs_16.16.0.bb} | 4 +-
11 files changed, 121 insertions(+), 86 deletions(-)
rename meta-oe/recipes-devtools/nodejs/{nodejs_16.14.2.bb =>
nodejs_16.16.0.bb} (97%)
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch
index d6e439ba2..d30a4d06b 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch
@@ -1,4 +1,4 @@
-From 7d94bfe53beeb2d25eb5f2ff6b1d509df7e6ab80 Mon Sep 17 00:00:00 2001
+From 7e9d0939b803c07262d53ba2ea96ead44a4791fa Mon Sep 17 00:00:00 2001
From: Zuzana Svetlikova <zsvetlik@...>
Date: Thu, 27 Apr 2017 14:25:42 +0200
Subject: [PATCH] Disable running gyp on shared deps
@@ -8,10 +8,10 @@ Subject: [PATCH] Disable running gyp on shared deps
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
-index 93d63110..79caaec2 100644
+index 3c48653..8b5a93b 100644
--- a/Makefile
+++ b/Makefile
-@@ -138,7 +138,7 @@ with-code-cache test-code-cache:
+@@ -147,7 +147,7 @@ with-code-cache test-code-cache:
$(warning '$@' target is a noop)
out/Makefile: config.gypi common.gypi node.gyp \
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-liftoff-Correct-function-signatures.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0001-liftoff-Correct-function-signatures.patch
index d7005ae97..e7f67875f 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0001-liftoff-Correct-function-signatures.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-liftoff-Correct-function-signatures.patch
@@ -1,7 +1,7 @@
-From dc3652c0abcdf8573fd044907b19d8eda7ca1124 Mon Sep 17 00:00:00 2001
+From 2b6e124f1959a7f20c37dd1589a0794499e4d9e5 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@...>
Date: Wed, 20 Oct 2021 12:49:58 -0700
-Subject: [PATCH] [liftoff] Correct function signatures
+Subject: [PATCH] Correct function signatures
Fixes builds on mips where clang reports an error
../deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h:661:5:
error: no matching member function for call to 'Move'
@@ -10,13 +10,19 @@ Fixes builds on mips where clang reports an error
Upstream-Status: Submitted
[https://chromium-review.googlesource.com/c/v8/v8/+/3235674]
Signed-off-by: Khem Raj <raj.khem@...>
+
---
- src/wasm/baseline/liftoff-assembler.h | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
+ deps/v8/src/wasm/baseline/liftoff-assembler.h | 6 +++---
+ deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h | 2 +-
+ deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64.h | 2 +-
+ .../src/wasm/baseline/riscv64/liftoff-assembler-riscv64.h | 2 +-
+ 4 files changed, 6 insertions(+), 6 deletions(-)
+diff --git a/deps/v8/src/wasm/baseline/liftoff-assembler.h
b/deps/v8/src/wasm/baseline/liftoff-assembler.h
+index 19611fb..b035154 100644
--- a/deps/v8/src/wasm/baseline/liftoff-assembler.h
+++ b/deps/v8/src/wasm/baseline/liftoff-assembler.h
-@@ -613,7 +613,7 @@ class LiftoffAssembler : public TurboAss
+@@ -613,7 +613,7 @@ class LiftoffAssembler : public TurboAssembler {
void FinishCall(const ValueKindSig*, compiler::CallDescriptor*);
// Move {src} into {dst}. {src} and {dst} must be different.
@@ -25,7 +31,7 @@ Signed-off-by: Khem Raj <raj.khem@...>
// Parallel register move: For a list of tuples <dst, src, kind>, move the
// {src} register of kind {kind} into {dst}. If {src} equals {dst}, ignore
-@@ -759,8 +759,8 @@ class LiftoffAssembler : public TurboAss
+@@ -759,8 +759,8 @@ class LiftoffAssembler : public TurboAssembler {
inline void MoveStackValue(uint32_t dst_offset, uint32_t src_offset,
ValueKind);
@@ -36,9 +42,11 @@ Signed-off-by: Khem Raj <raj.khem@...>
inline void Spill(int offset, LiftoffRegister, ValueKind);
inline void Spill(int offset, WasmValue);
+diff --git a/deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h
b/deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h
+index 4ab036d..20ddf00 100644
--- a/deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h
+++ b/deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h
-@@ -658,7 +658,7 @@ void LiftoffAssembler::Store(Register ds
+@@ -658,7 +658,7 @@ void LiftoffAssembler::Store(Register dst_addr,
Register offset_reg,
pinned = pinned | LiftoffRegList::ForRegs(dst_op.rm(), src);
LiftoffRegister tmp = GetUnusedRegister(src.reg_class(), pinned);
// Save original value.
@@ -47,9 +55,11 @@ Signed-off-by: Khem Raj <raj.khem@...>
src = tmp;
pinned.set(tmp);
+diff --git a/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
b/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
+index 0a23c19..7d816fc 100644
--- a/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
+++ b/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
-@@ -596,7 +596,7 @@ void LiftoffAssembler::Store(Register ds
+@@ -596,7 +596,7 @@ void LiftoffAssembler::Store(Register dst_addr,
Register offset_reg,
pinned.set(dst_op.rm());
LiftoffRegister tmp = GetUnusedRegister(src.reg_class(), pinned);
// Save original value.
@@ -58,9 +68,11 @@ Signed-off-by: Khem Raj <raj.khem@...>
src = tmp;
pinned.set(tmp);
+diff --git a/deps/v8/src/wasm/baseline/riscv64/liftoff-assembler-riscv64.h
b/deps/v8/src/wasm/baseline/riscv64/liftoff-assembler-riscv64.h
+index fef5947..2bf79ee 100644
--- a/deps/v8/src/wasm/baseline/riscv64/liftoff-assembler-riscv64.h
+++ b/deps/v8/src/wasm/baseline/riscv64/liftoff-assembler-riscv64.h
-@@ -580,7 +580,7 @@ void LiftoffAssembler::Store(Register ds
+@@ -580,7 +580,7 @@ void LiftoffAssembler::Store(Register dst_addr,
Register offset_reg,
pinned.set(dst_op.rm());
LiftoffRegister tmp = GetUnusedRegister(src.reg_class(), pinned);
// Save original value.
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-mips-Use-32bit-cast-for-operand-on-mips32.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0001-mips-Use-32bit-cast-for-operand-on-mips32.patch
index a0242d8e1..4932de06e 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0001-mips-Use-32bit-cast-for-operand-on-mips32.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-mips-Use-32bit-cast-for-operand-on-mips32.patch
@@ -1,4 +1,4 @@
-From e65dde8db17da5acddeef7eb9316199c4e5e0811 Mon Sep 17 00:00:00 2001
+From b978652dc3e9c2b74334b91b2a2c9e3ffa13710c Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@...>
Date: Tue, 19 Apr 2022 12:40:25 -0700
Subject: [PATCH] mips: Use 32bit cast for operand on mips32
@@ -12,6 +12,7 @@
deps/v8/src/compiler/backend/mips/code-generator-mips.cc: In member
function 'vo
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@...>
+
---
deps/v8/src/compiler/backend/mips/code-generator-mips.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
@@ -29,6 +30,3 @@ index 2b8197e..b226140 100644
}
}
// Functions with JS linkage have at least one parameter (the receiver).
---
-2.36.0
-
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
index 5cb2e9701..71d921d59 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
@@ -1,7 +1,10 @@
-From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 2001
+From ffda0714bd301cb9d68ee095ab70e026f61e11aa Mon Sep 17 00:00:00 2001
From: Elliott Sales de Andrade <quantum.analyst@...>
Date: Tue, 19 Mar 2019 23:22:40 -0400
-Subject: [PATCH 2/2] Install both binaries and use libdir.
+Subject: [PATCH] Install both binaries and use libdir.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
This allows us to build with a shared library for other users while
still providing the normal executable.
@@ -13,18 +16,17 @@ Upstream-Status: Pending
Signed-off-by: Elliott Sales de Andrade <quantum.analyst@...>
Signed-off-by: Andreas Müller <schnitzeltony@...>
Signed-off-by: Khem Raj <raj.khem@...>
+
---
configure.py | 7 +++++++
tools/install.py | 21 +++++++++------------
2 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/configure.py b/configure.py
-index 6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537abf9f0f0
100755
+index fed2688..7989076 100755
--- a/configure.py
+++ b/configure.py
-@@ -721,10 +721,16 @@ parser.add_argument('--shared',
- dest='shared',
- default=None,
+@@ -739,6 +739,12 @@ parser.add_argument('--shared',
help='compile shared library for embedding node in another project. ' +
'(This mode is not officially supported for regular applications)')
@@ -37,11 +39,7 @@ index
6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537
parser.add_argument('--without-v8-platform',
action='store_true',
dest='without_v8_platform',
- default=False,
- help='do not initialize v8 platform during node.js startup. ' +
-@@ -1305,10 +1311,11 @@ def configure_node(o):
- o['variables']['debug_nghttp2'] = 'false'
-
+@@ -1348,6 +1354,7 @@ def configure_node(o):
o['variables']['node_no_browser_globals'] = b(options.no_browser_globals)
o['variables']['node_shared'] = b(options.shared)
@@ -49,15 +47,11 @@ index
6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537
node_module_version = getmoduleversion.get_version()
if options.dest_os == 'android':
- shlib_suffix = 'so'
- elif sys.platform == 'darwin':
diff --git a/tools/install.py b/tools/install.py
-index 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c239a7e9263
100755
+index 8a050df..40357ad 100755
--- a/tools/install.py
+++ b/tools/install.py
-@@ -128,26 +128,23 @@ def subdir_files(path, dest, action):
- for subdir, files_in_path in ret.items():
- action(files_in_path, subdir + '/')
+@@ -130,22 +130,19 @@ def subdir_files(path, dest, action):
def files(action):
is_windows = sys.platform == 'win32'
@@ -89,8 +83,3 @@ index
41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c23
if 'true' == variables.get('node_use_dtrace'):
action(['out/Release/node.d'], 'lib/dtrace/node.d')
-
- # behave similarly for systemtap
---
-2.33.0
-
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch
index 8db1f1dd5..b85863f1a 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch
@@ -1,16 +1,18 @@
-From 6c3ac20477a4bac643088f24df3c042e627fafa9 Mon Sep 17 00:00:00 2001
+From c2380b906832f0c4aebd0554a22cfa33ed8a5b8b Mon Sep 17 00:00:00 2001
From: Guillaume Burel <guillaume.burel@...>
Date: Fri, 3 Jan 2020 11:25:54 +0100
Subject: [PATCH] Using native binaries
---
- node.gyp | 4 ++--
- tools/v8_gypfiles/v8.gyp | 11 ++++-------
- 2 files changed, 6 insertions(+), 9 deletions(-)
+ node.gyp | 2 ++
+ tools/v8_gypfiles/v8.gyp | 5 +++++
+ 2 files changed, 7 insertions(+)
+diff --git a/node.gyp b/node.gyp
+index 74e9f9c..d53465b 100644
--- a/node.gyp
+++ b/node.gyp
-@@ -294,6 +294,7 @@
+@@ -295,6 +295,7 @@
'action_name': 'run_mkcodecache',
'process_outputs_as_sources': 1,
'inputs': [
@@ -18,7 +20,7 @@ Subject: [PATCH] Using native binaries
'<(mkcodecache_exec)',
],
'outputs': [
-@@ -319,6 +320,7 @@
+@@ -320,6 +321,7 @@
'action_name': 'node_mksnapshot',
'process_outputs_as_sources': 1,
'inputs': [
@@ -26,6 +28,8 @@ Subject: [PATCH] Using native binaries
'<(node_mksnapshot_exec)',
],
'outputs': [
+diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp
+index 39b9680..e7b7d90 100644
--- a/tools/v8_gypfiles/v8.gyp
+++ b/tools/v8_gypfiles/v8.gyp
@@ -68,6 +68,7 @@
@@ -44,7 +48,7 @@ Subject: [PATCH] Using native binaries
'<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)',
'-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated',
'-v8-root', '<(V8_ROOT)',
-@@ -225,6 +227,7 @@
+@@ -211,6 +213,7 @@
{
'action_name': 'generate_bytecode_builtins_list_action',
'inputs': [
@@ -52,7 +56,7 @@ Subject: [PATCH] Using native binaries
'<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)',
],
'outputs': [
-@@ -415,6 +418,7 @@
+@@ -395,6 +398,7 @@
],
},
'inputs': [
@@ -60,7 +64,7 @@ Subject: [PATCH] Using native binaries
'<(mksnapshot_exec)',
],
'outputs': [
-@@ -1548,6 +1552,7 @@
+@@ -1503,6 +1507,7 @@
{
'action_name': 'run_gen-regexp-special-case_action',
'inputs': [
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0004-v8-don-t-override-ARM-CFLAGS.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0004-v8-don-t-override-ARM-CFLAGS.patch
index 97ed972ce..501235f23 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0004-v8-don-t-override-ARM-CFLAGS.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0004-v8-don-t-override-ARM-CFLAGS.patch
@@ -1,4 +1,4 @@
-From 47ee5cc5501289205d3e8e9f27ea9daf18cebac1 Mon Sep 17 00:00:00 2001
+From e90d7249975d336dd77664923138aa3e2dcd23ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@...>
Date: Sat, 9 Nov 2019 14:45:30 +0000
Subject: [PATCH] v8: don't override ARM CFLAGS
@@ -23,15 +23,16 @@ problems have been noted during compilation or runtime.
Upstream-Status: Inappropriate [oe-specific]
Signed-off-by: André Draszik <git@...>
+
---
tools/v8_gypfiles/toolchain.gypi | 52 ++------------------------------
1 file changed, 2 insertions(+), 50 deletions(-)
diff --git a/tools/v8_gypfiles/toolchain.gypi
b/tools/v8_gypfiles/toolchain.gypi
-index 264b3e478e..0b41848145 100644
+index ecbd63b..0030ced 100644
--- a/tools/v8_gypfiles/toolchain.gypi
+++ b/tools/v8_gypfiles/toolchain.gypi
-@@ -211,31 +211,7 @@
+@@ -177,31 +177,7 @@
'target_conditions': [
['_toolset=="host"', {
'conditions': [
@@ -64,7 +65,7 @@ index 264b3e478e..0b41848145 100644
# Host not built with an Arm CXX compiler (simulator build).
'conditions': [
[ 'arm_float_abi=="hard"', {
-@@ -254,31 +230,7 @@
+@@ -220,31 +196,7 @@
}], # _toolset=="host"
['_toolset=="target"', {
'conditions': [
@@ -97,6 +98,3 @@ index 264b3e478e..0b41848145 100644
# Target not built with an Arm CXX compiler (simulator build).
'conditions': [
[ 'arm_float_abi=="hard"', {
---
-2.20.1
-
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
index 4d238c03f..04321132c 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
@@ -1,4 +1,4 @@
-From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001
+From 21a93c6305c1a02eb94e6fec62015d3ebb171d9f Mon Sep 17 00:00:00 2001
From: Daniel Bevenius <daniel.bevenius@...>
Date: Sat, 16 Oct 2021 08:50:16 +0200
Subject: [PATCH] src: add --openssl-legacy-provider option
@@ -22,19 +22,20 @@ Hash {
Co-authored-by: Richard Lau <rlau@...>
Signed-off-by: Signed-off-by: Andrej Valek <andrej.valek@...>
Upstream-Status: Backport [https://github.com/nodejs/node/issues/40455]
+
---
doc/api/cli.md | 10 ++++++++++
src/crypto/crypto_util.cc | 10 ++++++++++
- src/node_options.cc | 10 ++++++++++
+ src/node_options.cc | 3 +++
src/node_options.h | 7 +++++++
.../test-process-env-allowed-flags-are-documented.js | 5 +++++
- 5 files changed, 42 insertions(+)
+ 5 files changed, 35 insertions(+)
diff --git a/doc/api/cli.md b/doc/api/cli.md
-index 74057706bf8d..608b9cdeddf1 100644
+index 475894d..b0c49d4 100644
--- a/doc/api/cli.md
+++ b/doc/api/cli.md
-@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup.
Among other uses, this can be
+@@ -732,6 +732,14 @@ Load an OpenSSL configuration file on startup.
Among other uses, this can be
used to enable FIPS-compliant crypto if Node.js is built
against FIPS-enabled OpenSSL.
@@ -49,7 +50,7 @@ index 74057706bf8d..608b9cdeddf1 100644
### `--pending-deprecation`
<!-- YAML
-@@ -1544,6 +1552,7 @@ Node.js options that are allowed are:
+@@ -1592,6 +1600,7 @@ Node.js options that are allowed are:
* `--no-warnings`
* `--node-memory-debug`
* `--openssl-config`
@@ -57,7 +58,7 @@ index 74057706bf8d..608b9cdeddf1 100644
* `--pending-deprecation`
* `--policy-integrity`
* `--preserve-symlinks-main`
-@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js
+@@ -1988,6 +1997,7 @@ $ node --max-old-space-size=1536 index.js
[emit_warning]: process.md#processemitwarningwarning-options
[jitless]: https://v8.dev/blog/jitless
[libuv threadpool documentation]:
https://docs.libuv.org/en/latest/threadpool.html
@@ -66,7 +67,7 @@ index 74057706bf8d..608b9cdeddf1 100644
[security warning]:
#warning-binding-inspector-to-a-public-ipport-combination-is-insecure
[timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
-index 7e0c8ba3eb60..796ea3025e41 100644
+index e1ef170..e93edd4 100644
--- a/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
@@ -148,6 +148,16 @@ void InitCryptoOnce() {
@@ -87,12 +88,12 @@ index 7e0c8ba3eb60..796ea3025e41 100644
OPENSSL_INIT_free(settings);
settings = nullptr;
diff --git a/src/node_options.cc b/src/node_options.cc
-index 00bdc6688a4c..3363860919a9 100644
+index 3192faa..296fed0 100644
--- a/src/node_options.cc
+++ b/src/node_options.cc
-@@ -4,6 +4,9 @@
- #include "env-inl.h"
+@@ -5,6 +5,9 @@
#include "node_binding.h"
+ #include "node_external_reference.h"
#include "node_internals.h"
+#if HAVE_OPENSSL
+#include "openssl/opensslv.h"
@@ -101,7 +102,7 @@ index 00bdc6688a4c..3363860919a9 100644
#include <errno.h>
#include <sstream>
diff --git a/src/node_options.h b/src/node_options.h
-index fd772478d04d..1c0e018ab16f 100644
+index 40d1c02..07bf244 100644
--- a/src/node_options.h
+++ b/src/node_options.h
@@ -11,6 +11,10 @@
@@ -115,7 +116,7 @@ index fd772478d04d..1c0e018ab16f 100644
namespace node {
class HostPort {
-@@ -251,6 +255,9 @@ class PerProcessOptions : public Options {
+@@ -252,6 +256,9 @@ class PerProcessOptions : public Options {
bool enable_fips_crypto = false;
bool force_fips_crypto = false;
#endif
@@ -126,7 +127,7 @@ index fd772478d04d..1c0e018ab16f 100644
// Per-process because reports can be triggered outside a known V8 context.
bool report_on_fatalerror = false;
diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js
b/test/parallel/test-process-env-allowed-flags-are-documented.js
-index 64626b71f019..8a4e35997907 100644
+index a2738f0..f4dd77e 100644
--- a/test/parallel/test-process-env-allowed-flags-are-documented.js
+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines,
...v8OptionsLines]) {
@@ -148,4 +149,3 @@ index 64626b71f019..8a4e35997907 100644
'--tls-cipher-list',
'--use-bundled-ca',
'--use-openssl-ca',
-
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/big-endian.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/big-endian.patch
index 529381842..cb92dffa7 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/big-endian.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/big-endian.patch
@@ -1,3 +1,8 @@
+From 6eff8d3cd15abf9f983f5f7237cbefc8106ee04d Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@...>
+Date: Thu, 23 Jan 2020 14:12:40 -0800
+Subject: [PATCH]
+ https://github.com/v8/v8/commit/878ccb33bd3cf0e6dc018ff8d15843f585ac07be
https://github.com/v8/v8/commit/878ccb33bd3cf0e6dc018ff8d15843f585ac07be
@@ -5,9 +10,16 @@ did some automated cleanups but it missed big-endian code.
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@...>
+
+---
+ deps/v8/src/runtime/runtime-utils.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/deps/v8/src/runtime/runtime-utils.h
b/deps/v8/src/runtime/runtime-utils.h
+index 170c0bc..a7e02ae 100644
--- a/deps/v8/src/runtime/runtime-utils.h
+++ b/deps/v8/src/runtime/runtime-utils.h
-@@ -126,7 +126,7 @@ static inline ObjectPair MakePair(Object
+@@ -136,7 +136,7 @@ static inline ObjectPair MakePair(Object x, Object y) {
#if defined(V8_TARGET_LITTLE_ENDIAN)
return x.ptr() | (static_cast<ObjectPair>(y.ptr()) << 32);
#elif defined(V8_TARGET_BIG_ENDIAN)
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory.patch
index 56e93c50c..eff5261b2 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory.patch
@@ -1,5 +1,9 @@
+From a3d514aeace0fc2e0f4fb375f18742fc084460d3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lal?= <kapouer@...>
+Date: Mon, 19 Apr 2021 13:51:26 -0700
+Subject: [PATCH] nodejs: Fix build on mips
+
Description: mksnapshot uses too much memory on 32-bit mipsel
-Author: Jérémy Lal <kapouer@...>
Last-Update: 2020-06-03
Forwarded: https://bugs.chromium.org/p/v8/issues/detail?id=10586
@@ -8,20 +12,16 @@ ensures that qemu-mips can allocate such large ranges
Signed-off-by: Khem Raj <raj.khem@...>
---- a/deps/v8/src/common/globals.h
-+++ b/deps/v8/src/common/globals.h
-@@ -224,7 +224,7 @@ constexpr size_t kMinimumCodeRangeSize =
- constexpr size_t kMinExpectedOSPageSize = 64 * KB; // OS page on PPC Linux
- #elif V8_TARGET_ARCH_MIPS
- constexpr bool kPlatformRequiresCodeRange = false;
--constexpr size_t kMaximalCodeRangeSize = 2048LL * MB;
-+constexpr size_t kMaximalCodeRangeSize = 512 * MB;
- constexpr size_t kMinimumCodeRangeSize = 0 * MB;
- constexpr size_t kMinExpectedOSPageSize = 4 * KB; // OS page.
- #else
+---
+ deps/v8/src/codegen/mips/constants-mips.h | 2 +-
+ deps/v8/src/common/globals.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/deps/v8/src/codegen/mips/constants-mips.h
b/deps/v8/src/codegen/mips/constants-mips.h
+index 5ed338e..700a433 100644
--- a/deps/v8/src/codegen/mips/constants-mips.h
+++ b/deps/v8/src/codegen/mips/constants-mips.h
-@@ -140,7 +140,7 @@ const uint32_t kLeastSignificantByteInIn
+@@ -140,7 +140,7 @@ const uint32_t kLeastSignificantByteInInt32Offset = 3;
namespace v8 {
namespace internal {
@@ -30,3 +30,16 @@ Signed-off-by: Khem Raj <raj.khem@...>
// -----------------------------------------------------------------------------
// Registers and FPURegisters.
+diff --git a/deps/v8/src/common/globals.h b/deps/v8/src/common/globals.h
+index 6aee59e..bf7d800 100644
+--- a/deps/v8/src/common/globals.h
++++ b/deps/v8/src/common/globals.h
+@@ -272,7 +272,7 @@ constexpr size_t kMinimumCodeRangeSize = 0 * MB;
+ constexpr size_t kMinExpectedOSPageSize = 64 * KB; // OS page on PPC Linux
+ #elif V8_TARGET_ARCH_MIPS
+ constexpr bool kPlatformRequiresCodeRange = false;
+-constexpr size_t kMaximalCodeRangeSize = 2048LL * MB;
++constexpr size_t kMaximalCodeRangeSize = 512 * MB;
+ constexpr size_t kMinimumCodeRangeSize = 0 * MB;
+ constexpr size_t kMinExpectedOSPageSize = 4 * KB; // OS page.
+ #else
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/system-c-ares.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/system-c-ares.patch
index 141889ad2..cb8a7f58b 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/system-c-ares.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/system-c-ares.patch
@@ -1,8 +1,17 @@
-keep nodejs compatible with c-ares 1.17.1
+From d8354118fd817650f8a6f9c9b77f6b000a06b7b3 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@...>
+Date: Wed, 20 Oct 2021 12:21:42 -0700
+Subject: [PATCH] keep nodejs compatible with c-ares 1.17.1
Upstream-Status: Inappropriate [c-ares specific]
Signed-off-by: Khem Raj <raj.khem@...>
+---
+ src/cares_wrap.h | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/cares_wrap.h b/src/cares_wrap.h
+index 60f99e6..aee46a9 100644
--- a/src/cares_wrap.h
+++ b/src/cares_wrap.h
@@ -22,7 +22,15 @@
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb
b/meta-oe/recipes-devtools/nodejs/nodejs_16.16.0.bb
similarity index 97%
rename from meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb
rename to meta-oe/recipes-devtools/nodejs/nodejs_16.16.0.bb
index 62188f94a..7f24c8ff1 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.16.0.bb
@@ -1,7 +1,7 @@
DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript"
HOMEPAGE = "http://nodejs.org"
LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6ba5b21ac7a505195ca69344d3d7a94a"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2e2857f5cd9803e878099e6a228d5f1c"
DEPENDS = "openssl"
DEPENDS:append:class-target = " qemu-native"
@@ -37,7 +37,7 @@ SRC_URI:append:toolchain-clang:x86 = " \
SRC_URI:append:toolchain-clang:powerpc64le = " \
file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
"
-SRC_URI[sha256sum] =
"e922e215cc68eb5f94d33e8a0b61e2c863b7731cc8600ab955d3822da90ff8d1"
+SRC_URI[sha256sum] =
"145151eff3b2aa5ebe73384009c52271a83740ae687a93c98c628cd7d52736eb"
S = "${WORKDIR}/node-v${PV}"


[meta-oe][PATCH][master-next] nodejs : upgrade 16.14.2 -> 16.16.0

J. S.
 

From 337d466bd4433159492b0e18a9f654b6047cc73c Mon Sep 17 00:00:00 2001
From: Jason Schonberg <schonm@...>
Date: Sun, 7 Aug 2022 22:44:49 -0400
Subject: [PATCH] Upgrade Nodejs from 16.14.2 to 16.16.0. This is the latest
LTS version of node.

The license file check sum changes because the new license file
mentions undici which is licensed under an MIT license.

This upgrade provides support for openssl 1.1.1q
Additional information about changes since the 16.14.2 release can be
found at https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md

The existing 16.14.2 patches applied with fuzz against the 16.16.0
release. So they have been updated with devtool.

Built against master-next
commit 8dee3f24aafab5574db396770342fd62ebbbad17

Signed-off-by: Jason Schonberg <schonm@...>
---
...e-running-gyp-files-for-bundled-deps.patch | 6 +--
...-liftoff-Correct-function-signatures.patch | 30 +++++++++-----
...Use-32bit-cast-for-operand-on-mips32.patch | 6 +--
...Install-both-binaries-and-use-libdir.patch | 33 ++++++----------
.../nodejs/0002-Using-native-binaries.patch | 22 ++++++-----
.../0004-v8-don-t-override-ARM-CFLAGS.patch | 12 +++---
...5-add-openssl-legacy-provider-option.patch | 30 +++++++-------
.../nodejs/nodejs/big-endian.patch | 14 ++++++-
.../nodejs/nodejs/mips-less-memory.patch | 39 ++++++++++++-------
.../nodejs/nodejs/system-c-ares.patch | 11 +++++-
.../{nodejs_16.14.2.bb => nodejs_16.16.0.bb} | 4 +-
11 files changed, 121 insertions(+), 86 deletions(-)
rename meta-oe/recipes-devtools/nodejs/{nodejs_16.14.2.bb =>
nodejs_16.16.0.bb} (97%)

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch
index d6e439ba2..d30a4d06b 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch
@@ -1,4 +1,4 @@
-From 7d94bfe53beeb2d25eb5f2ff6b1d509df7e6ab80 Mon Sep 17 00:00:00 2001
+From 7e9d0939b803c07262d53ba2ea96ead44a4791fa Mon Sep 17 00:00:00 2001
From: Zuzana Svetlikova <zsvetlik@...>
Date: Thu, 27 Apr 2017 14:25:42 +0200
Subject: [PATCH] Disable running gyp on shared deps
@@ -8,10 +8,10 @@ Subject: [PATCH] Disable running gyp on shared deps
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
-index 93d63110..79caaec2 100644
+index 3c48653..8b5a93b 100644
--- a/Makefile
+++ b/Makefile
-@@ -138,7 +138,7 @@ with-code-cache test-code-cache:
+@@ -147,7 +147,7 @@ with-code-cache test-code-cache:
$(warning '$@' target is a noop)

out/Makefile: config.gypi common.gypi node.gyp \
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-liftoff-Correct-function-signatures.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0001-liftoff-Correct-function-signatures.patch
index d7005ae97..e7f67875f 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0001-liftoff-Correct-function-signatures.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-liftoff-Correct-function-signatures.patch
@@ -1,7 +1,7 @@
-From dc3652c0abcdf8573fd044907b19d8eda7ca1124 Mon Sep 17 00:00:00 2001
+From 2b6e124f1959a7f20c37dd1589a0794499e4d9e5 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@...>
Date: Wed, 20 Oct 2021 12:49:58 -0700
-Subject: [PATCH] [liftoff] Correct function signatures
+Subject: [PATCH] Correct function signatures

Fixes builds on mips where clang reports an error
../deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h:661:5:
error: no matching member function for call to 'Move'
@@ -10,13 +10,19 @@ Fixes builds on mips where clang reports an error

Upstream-Status: Submitted
[https://chromium-review.googlesource.com/c/v8/v8/+/3235674]
Signed-off-by: Khem Raj <raj.khem@...>
+
---
- src/wasm/baseline/liftoff-assembler.h | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
+ deps/v8/src/wasm/baseline/liftoff-assembler.h | 6 +++---
+ deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h | 2 +-
+ deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64.h | 2 +-
+ .../src/wasm/baseline/riscv64/liftoff-assembler-riscv64.h | 2 +-
+ 4 files changed, 6 insertions(+), 6 deletions(-)

+diff --git a/deps/v8/src/wasm/baseline/liftoff-assembler.h
b/deps/v8/src/wasm/baseline/liftoff-assembler.h
+index 19611fb..b035154 100644
--- a/deps/v8/src/wasm/baseline/liftoff-assembler.h
+++ b/deps/v8/src/wasm/baseline/liftoff-assembler.h
-@@ -613,7 +613,7 @@ class LiftoffAssembler : public TurboAss
+@@ -613,7 +613,7 @@ class LiftoffAssembler : public TurboAssembler {
void FinishCall(const ValueKindSig*, compiler::CallDescriptor*);

// Move {src} into {dst}. {src} and {dst} must be different.
@@ -25,7 +31,7 @@ Signed-off-by: Khem Raj <raj.khem@...>

// Parallel register move: For a list of tuples <dst, src, kind>, move the
// {src} register of kind {kind} into {dst}. If {src} equals {dst}, ignore
-@@ -759,8 +759,8 @@ class LiftoffAssembler : public TurboAss
+@@ -759,8 +759,8 @@ class LiftoffAssembler : public TurboAssembler {
inline void MoveStackValue(uint32_t dst_offset, uint32_t src_offset,
ValueKind);

@@ -36,9 +42,11 @@ Signed-off-by: Khem Raj <raj.khem@...>

inline void Spill(int offset, LiftoffRegister, ValueKind);
inline void Spill(int offset, WasmValue);
+diff --git a/deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h
b/deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h
+index 4ab036d..20ddf00 100644
--- a/deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h
+++ b/deps/v8/src/wasm/baseline/mips/liftoff-assembler-mips.h
-@@ -658,7 +658,7 @@ void LiftoffAssembler::Store(Register ds
+@@ -658,7 +658,7 @@ void LiftoffAssembler::Store(Register dst_addr,
Register offset_reg,
pinned = pinned | LiftoffRegList::ForRegs(dst_op.rm(), src);
LiftoffRegister tmp = GetUnusedRegister(src.reg_class(), pinned);
// Save original value.
@@ -47,9 +55,11 @@ Signed-off-by: Khem Raj <raj.khem@...>

src = tmp;
pinned.set(tmp);
+diff --git a/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
b/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
+index 0a23c19..7d816fc 100644
--- a/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
+++ b/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
-@@ -596,7 +596,7 @@ void LiftoffAssembler::Store(Register ds
+@@ -596,7 +596,7 @@ void LiftoffAssembler::Store(Register dst_addr,
Register offset_reg,
pinned.set(dst_op.rm());
LiftoffRegister tmp = GetUnusedRegister(src.reg_class(), pinned);
// Save original value.
@@ -58,9 +68,11 @@ Signed-off-by: Khem Raj <raj.khem@...>

src = tmp;
pinned.set(tmp);
+diff --git a/deps/v8/src/wasm/baseline/riscv64/liftoff-assembler-riscv64.h
b/deps/v8/src/wasm/baseline/riscv64/liftoff-assembler-riscv64.h
+index fef5947..2bf79ee 100644
--- a/deps/v8/src/wasm/baseline/riscv64/liftoff-assembler-riscv64.h
+++ b/deps/v8/src/wasm/baseline/riscv64/liftoff-assembler-riscv64.h
-@@ -580,7 +580,7 @@ void LiftoffAssembler::Store(Register ds
+@@ -580,7 +580,7 @@ void LiftoffAssembler::Store(Register dst_addr,
Register offset_reg,
pinned.set(dst_op.rm());
LiftoffRegister tmp = GetUnusedRegister(src.reg_class(), pinned);
// Save original value.
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-mips-Use-32bit-cast-for-operand-on-mips32.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0001-mips-Use-32bit-cast-for-operand-on-mips32.patch
index a0242d8e1..4932de06e 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0001-mips-Use-32bit-cast-for-operand-on-mips32.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-mips-Use-32bit-cast-for-operand-on-mips32.patch
@@ -1,4 +1,4 @@
-From e65dde8db17da5acddeef7eb9316199c4e5e0811 Mon Sep 17 00:00:00 2001
+From b978652dc3e9c2b74334b91b2a2c9e3ffa13710c Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@...>
Date: Tue, 19 Apr 2022 12:40:25 -0700
Subject: [PATCH] mips: Use 32bit cast for operand on mips32
@@ -12,6 +12,7 @@
deps/v8/src/compiler/backend/mips/code-generator-mips.cc: In member
function 'vo
Upstream-Status: Pending

Signed-off-by: Khem Raj <raj.khem@...>
+
---
deps/v8/src/compiler/backend/mips/code-generator-mips.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
@@ -29,6 +30,3 @@ index 2b8197e..b226140 100644
}
}
// Functions with JS linkage have at least one parameter (the receiver).
---
-2.36.0
-
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
index 5cb2e9701..71d921d59 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
@@ -1,7 +1,10 @@
-From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 2001
+From ffda0714bd301cb9d68ee095ab70e026f61e11aa Mon Sep 17 00:00:00 2001
From: Elliott Sales de Andrade <quantum.analyst@...>
Date: Tue, 19 Mar 2019 23:22:40 -0400
-Subject: [PATCH 2/2] Install both binaries and use libdir.
+Subject: [PATCH] Install both binaries and use libdir.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit

This allows us to build with a shared library for other users while
still providing the normal executable.
@@ -13,18 +16,17 @@ Upstream-Status: Pending
Signed-off-by: Elliott Sales de Andrade <quantum.analyst@...>
Signed-off-by: Andreas Müller <schnitzeltony@...>
Signed-off-by: Khem Raj <raj.khem@...>
+
---
configure.py | 7 +++++++
tools/install.py | 21 +++++++++------------
2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/configure.py b/configure.py
-index 6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537abf9f0f0
100755
+index fed2688..7989076 100755
--- a/configure.py
+++ b/configure.py
-@@ -721,10 +721,16 @@ parser.add_argument('--shared',
- dest='shared',
- default=None,
+@@ -739,6 +739,12 @@ parser.add_argument('--shared',
help='compile shared library for embedding node in another project. ' +
'(This mode is not officially supported for regular applications)')

@@ -37,11 +39,7 @@ index
6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537
parser.add_argument('--without-v8-platform',
action='store_true',
dest='without_v8_platform',
- default=False,
- help='do not initialize v8 platform during node.js startup. ' +
-@@ -1305,10 +1311,11 @@ def configure_node(o):
- o['variables']['debug_nghttp2'] = 'false'
-
+@@ -1348,6 +1354,7 @@ def configure_node(o):
o['variables']['node_no_browser_globals'] = b(options.no_browser_globals)

o['variables']['node_shared'] = b(options.shared)
@@ -49,15 +47,11 @@ index
6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537
node_module_version = getmoduleversion.get_version()

if options.dest_os == 'android':
- shlib_suffix = 'so'
- elif sys.platform == 'darwin':
diff --git a/tools/install.py b/tools/install.py
-index 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c239a7e9263
100755
+index 8a050df..40357ad 100755
--- a/tools/install.py
+++ b/tools/install.py
-@@ -128,26 +128,23 @@ def subdir_files(path, dest, action):
- for subdir, files_in_path in ret.items():
- action(files_in_path, subdir + '/')
+@@ -130,22 +130,19 @@ def subdir_files(path, dest, action):

def files(action):
is_windows = sys.platform == 'win32'
@@ -89,8 +83,3 @@ index
41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c23

if 'true' == variables.get('node_use_dtrace'):
action(['out/Release/node.d'], 'lib/dtrace/node.d')
-
- # behave similarly for systemtap
---
-2.33.0
-
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch
index 8db1f1dd5..b85863f1a 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch
@@ -1,16 +1,18 @@
-From 6c3ac20477a4bac643088f24df3c042e627fafa9 Mon Sep 17 00:00:00 2001
+From c2380b906832f0c4aebd0554a22cfa33ed8a5b8b Mon Sep 17 00:00:00 2001
From: Guillaume Burel <guillaume.burel@...>
Date: Fri, 3 Jan 2020 11:25:54 +0100
Subject: [PATCH] Using native binaries

---
- node.gyp | 4 ++--
- tools/v8_gypfiles/v8.gyp | 11 ++++-------
- 2 files changed, 6 insertions(+), 9 deletions(-)
+ node.gyp | 2 ++
+ tools/v8_gypfiles/v8.gyp | 5 +++++
+ 2 files changed, 7 insertions(+)

+diff --git a/node.gyp b/node.gyp
+index 74e9f9c..d53465b 100644
--- a/node.gyp
+++ b/node.gyp
-@@ -294,6 +294,7 @@
+@@ -295,6 +295,7 @@
'action_name': 'run_mkcodecache',
'process_outputs_as_sources': 1,
'inputs': [
@@ -18,7 +20,7 @@ Subject: [PATCH] Using native binaries
'<(mkcodecache_exec)',
],
'outputs': [
-@@ -319,6 +320,7 @@
+@@ -320,6 +321,7 @@
'action_name': 'node_mksnapshot',
'process_outputs_as_sources': 1,
'inputs': [
@@ -26,6 +28,8 @@ Subject: [PATCH] Using native binaries
'<(node_mksnapshot_exec)',
],
'outputs': [
+diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp
+index 39b9680..e7b7d90 100644
--- a/tools/v8_gypfiles/v8.gyp
+++ b/tools/v8_gypfiles/v8.gyp
@@ -68,6 +68,7 @@
@@ -44,7 +48,7 @@ Subject: [PATCH] Using native binaries
'<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)',
'-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated',
'-v8-root', '<(V8_ROOT)',
-@@ -225,6 +227,7 @@
+@@ -211,6 +213,7 @@
{
'action_name': 'generate_bytecode_builtins_list_action',
'inputs': [
@@ -52,7 +56,7 @@ Subject: [PATCH] Using native binaries
'<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)',
],
'outputs': [
-@@ -415,6 +418,7 @@
+@@ -395,6 +398,7 @@
],
},
'inputs': [
@@ -60,7 +64,7 @@ Subject: [PATCH] Using native binaries
'<(mksnapshot_exec)',
],
'outputs': [
-@@ -1548,6 +1552,7 @@
+@@ -1503,6 +1507,7 @@
{
'action_name': 'run_gen-regexp-special-case_action',
'inputs': [
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0004-v8-don-t-override-ARM-CFLAGS.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0004-v8-don-t-override-ARM-CFLAGS.patch
index 97ed972ce..501235f23 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0004-v8-don-t-override-ARM-CFLAGS.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0004-v8-don-t-override-ARM-CFLAGS.patch
@@ -1,4 +1,4 @@
-From 47ee5cc5501289205d3e8e9f27ea9daf18cebac1 Mon Sep 17 00:00:00 2001
+From e90d7249975d336dd77664923138aa3e2dcd23ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@...>
Date: Sat, 9 Nov 2019 14:45:30 +0000
Subject: [PATCH] v8: don't override ARM CFLAGS
@@ -23,15 +23,16 @@ problems have been noted during compilation or runtime.

Upstream-Status: Inappropriate [oe-specific]
Signed-off-by: André Draszik <git@...>
+
---
tools/v8_gypfiles/toolchain.gypi | 52 ++------------------------------
1 file changed, 2 insertions(+), 50 deletions(-)

diff --git a/tools/v8_gypfiles/toolchain.gypi
b/tools/v8_gypfiles/toolchain.gypi
-index 264b3e478e..0b41848145 100644
+index ecbd63b..0030ced 100644
--- a/tools/v8_gypfiles/toolchain.gypi
+++ b/tools/v8_gypfiles/toolchain.gypi
-@@ -211,31 +211,7 @@
+@@ -177,31 +177,7 @@
'target_conditions': [
['_toolset=="host"', {
'conditions': [
@@ -64,7 +65,7 @@ index 264b3e478e..0b41848145 100644
# Host not built with an Arm CXX compiler (simulator build).
'conditions': [
[ 'arm_float_abi=="hard"', {
-@@ -254,31 +230,7 @@
+@@ -220,31 +196,7 @@
}], # _toolset=="host"
['_toolset=="target"', {
'conditions': [
@@ -97,6 +98,3 @@ index 264b3e478e..0b41848145 100644
# Target not built with an Arm CXX compiler (simulator build).
'conditions': [
[ 'arm_float_abi=="hard"', {
---
-2.20.1
-
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
index 4d238c03f..04321132c 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
@@ -1,4 +1,4 @@
-From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001
+From 21a93c6305c1a02eb94e6fec62015d3ebb171d9f Mon Sep 17 00:00:00 2001
From: Daniel Bevenius <daniel.bevenius@...>
Date: Sat, 16 Oct 2021 08:50:16 +0200
Subject: [PATCH] src: add --openssl-legacy-provider option
@@ -22,19 +22,20 @@ Hash {
Co-authored-by: Richard Lau <rlau@...>
Signed-off-by: Signed-off-by: Andrej Valek <andrej.valek@...>
Upstream-Status: Backport [https://github.com/nodejs/node/issues/40455]
+
---
doc/api/cli.md | 10 ++++++++++
src/crypto/crypto_util.cc | 10 ++++++++++
- src/node_options.cc | 10 ++++++++++
+ src/node_options.cc | 3 +++
src/node_options.h | 7 +++++++
.../test-process-env-allowed-flags-are-documented.js | 5 +++++
- 5 files changed, 42 insertions(+)
+ 5 files changed, 35 insertions(+)

diff --git a/doc/api/cli.md b/doc/api/cli.md
-index 74057706bf8d..608b9cdeddf1 100644
+index 475894d..b0c49d4 100644
--- a/doc/api/cli.md
+++ b/doc/api/cli.md
-@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup.
Among other uses, this can be
+@@ -732,6 +732,14 @@ Load an OpenSSL configuration file on startup.
Among other uses, this can be
used to enable FIPS-compliant crypto if Node.js is built
against FIPS-enabled OpenSSL.

@@ -49,7 +50,7 @@ index 74057706bf8d..608b9cdeddf1 100644
### `--pending-deprecation`

<!-- YAML
-@@ -1544,6 +1552,7 @@ Node.js options that are allowed are:
+@@ -1592,6 +1600,7 @@ Node.js options that are allowed are:
* `--no-warnings`
* `--node-memory-debug`
* `--openssl-config`
@@ -57,7 +58,7 @@ index 74057706bf8d..608b9cdeddf1 100644
* `--pending-deprecation`
* `--policy-integrity`
* `--preserve-symlinks-main`
-@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js
+@@ -1988,6 +1997,7 @@ $ node --max-old-space-size=1536 index.js
[emit_warning]: process.md#processemitwarningwarning-options
[jitless]: https://v8.dev/blog/jitless
[libuv threadpool documentation]:
https://docs.libuv.org/en/latest/threadpool.html
@@ -66,7 +67,7 @@ index 74057706bf8d..608b9cdeddf1 100644
[security warning]:
#warning-binding-inspector-to-a-public-ipport-combination-is-insecure
[timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
-index 7e0c8ba3eb60..796ea3025e41 100644
+index e1ef170..e93edd4 100644
--- a/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
@@ -148,6 +148,16 @@ void InitCryptoOnce() {
@@ -87,12 +88,12 @@ index 7e0c8ba3eb60..796ea3025e41 100644
OPENSSL_INIT_free(settings);
settings = nullptr;
diff --git a/src/node_options.cc b/src/node_options.cc
-index 00bdc6688a4c..3363860919a9 100644
+index 3192faa..296fed0 100644
--- a/src/node_options.cc
+++ b/src/node_options.cc
-@@ -4,6 +4,9 @@
- #include "env-inl.h"
+@@ -5,6 +5,9 @@
#include "node_binding.h"
+ #include "node_external_reference.h"
#include "node_internals.h"
+#if HAVE_OPENSSL
+#include "openssl/opensslv.h"
@@ -101,7 +102,7 @@ index 00bdc6688a4c..3363860919a9 100644
#include <errno.h>
#include <sstream>
diff --git a/src/node_options.h b/src/node_options.h
-index fd772478d04d..1c0e018ab16f 100644
+index 40d1c02..07bf244 100644
--- a/src/node_options.h
+++ b/src/node_options.h
@@ -11,6 +11,10 @@
@@ -115,7 +116,7 @@ index fd772478d04d..1c0e018ab16f 100644
namespace node {

class HostPort {
-@@ -251,6 +255,9 @@ class PerProcessOptions : public Options {
+@@ -252,6 +256,9 @@ class PerProcessOptions : public Options {
bool enable_fips_crypto = false;
bool force_fips_crypto = false;
#endif
@@ -126,7 +127,7 @@ index fd772478d04d..1c0e018ab16f 100644
// Per-process because reports can be triggered outside a known V8 context.
bool report_on_fatalerror = false;
diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js
b/test/parallel/test-process-env-allowed-flags-are-documented.js
-index 64626b71f019..8a4e35997907 100644
+index a2738f0..f4dd77e 100644
--- a/test/parallel/test-process-env-allowed-flags-are-documented.js
+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines,
...v8OptionsLines]) {
@@ -148,4 +149,3 @@ index 64626b71f019..8a4e35997907 100644
'--tls-cipher-list',
'--use-bundled-ca',
'--use-openssl-ca',
-
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/big-endian.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/big-endian.patch
index 529381842..cb92dffa7 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/big-endian.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/big-endian.patch
@@ -1,3 +1,8 @@
+From 6eff8d3cd15abf9f983f5f7237cbefc8106ee04d Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@...>
+Date: Thu, 23 Jan 2020 14:12:40 -0800
+Subject: [PATCH]
+ https://github.com/v8/v8/commit/878ccb33bd3cf0e6dc018ff8d15843f585ac07be

https://github.com/v8/v8/commit/878ccb33bd3cf0e6dc018ff8d15843f585ac07be

@@ -5,9 +10,16 @@ did some automated cleanups but it missed big-endian code.

Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@...>
+
+---
+ deps/v8/src/runtime/runtime-utils.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/deps/v8/src/runtime/runtime-utils.h
b/deps/v8/src/runtime/runtime-utils.h
+index 170c0bc..a7e02ae 100644
--- a/deps/v8/src/runtime/runtime-utils.h
+++ b/deps/v8/src/runtime/runtime-utils.h
-@@ -126,7 +126,7 @@ static inline ObjectPair MakePair(Object
+@@ -136,7 +136,7 @@ static inline ObjectPair MakePair(Object x, Object y) {
#if defined(V8_TARGET_LITTLE_ENDIAN)
return x.ptr() | (static_cast<ObjectPair>(y.ptr()) << 32);
#elif defined(V8_TARGET_BIG_ENDIAN)
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory.patch
index 56e93c50c..eff5261b2 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory.patch
@@ -1,5 +1,9 @@
+From a3d514aeace0fc2e0f4fb375f18742fc084460d3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lal?= <kapouer@...>
+Date: Mon, 19 Apr 2021 13:51:26 -0700
+Subject: [PATCH] nodejs: Fix build on mips
+
Description: mksnapshot uses too much memory on 32-bit mipsel
-Author: Jérémy Lal <kapouer@...>
Last-Update: 2020-06-03
Forwarded: https://bugs.chromium.org/p/v8/issues/detail?id=10586

@@ -8,20 +12,16 @@ ensures that qemu-mips can allocate such large ranges

Signed-off-by: Khem Raj <raj.khem@...>

---- a/deps/v8/src/common/globals.h
-+++ b/deps/v8/src/common/globals.h
-@@ -224,7 +224,7 @@ constexpr size_t kMinimumCodeRangeSize =
- constexpr size_t kMinExpectedOSPageSize = 64 * KB; // OS page on PPC Linux
- #elif V8_TARGET_ARCH_MIPS
- constexpr bool kPlatformRequiresCodeRange = false;
--constexpr size_t kMaximalCodeRangeSize = 2048LL * MB;
-+constexpr size_t kMaximalCodeRangeSize = 512 * MB;
- constexpr size_t kMinimumCodeRangeSize = 0 * MB;
- constexpr size_t kMinExpectedOSPageSize = 4 * KB; // OS page.
- #else
+---
+ deps/v8/src/codegen/mips/constants-mips.h | 2 +-
+ deps/v8/src/common/globals.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/deps/v8/src/codegen/mips/constants-mips.h
b/deps/v8/src/codegen/mips/constants-mips.h
+index 5ed338e..700a433 100644
--- a/deps/v8/src/codegen/mips/constants-mips.h
+++ b/deps/v8/src/codegen/mips/constants-mips.h
-@@ -140,7 +140,7 @@ const uint32_t kLeastSignificantByteInIn
+@@ -140,7 +140,7 @@ const uint32_t kLeastSignificantByteInInt32Offset = 3;
namespace v8 {
namespace internal {

@@ -30,3 +30,16 @@ Signed-off-by: Khem Raj <raj.khem@...>

// -----------------------------------------------------------------------------
// Registers and FPURegisters.
+diff --git a/deps/v8/src/common/globals.h b/deps/v8/src/common/globals.h
+index 6aee59e..bf7d800 100644
+--- a/deps/v8/src/common/globals.h
++++ b/deps/v8/src/common/globals.h
+@@ -272,7 +272,7 @@ constexpr size_t kMinimumCodeRangeSize = 0 * MB;
+ constexpr size_t kMinExpectedOSPageSize = 64 * KB; // OS page on PPC Linux
+ #elif V8_TARGET_ARCH_MIPS
+ constexpr bool kPlatformRequiresCodeRange = false;
+-constexpr size_t kMaximalCodeRangeSize = 2048LL * MB;
++constexpr size_t kMaximalCodeRangeSize = 512 * MB;
+ constexpr size_t kMinimumCodeRangeSize = 0 * MB;
+ constexpr size_t kMinExpectedOSPageSize = 4 * KB; // OS page.
+ #else
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/system-c-ares.patch
b/meta-oe/recipes-devtools/nodejs/nodejs/system-c-ares.patch
index 141889ad2..cb8a7f58b 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/system-c-ares.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/system-c-ares.patch
@@ -1,8 +1,17 @@
-keep nodejs compatible with c-ares 1.17.1
+From d8354118fd817650f8a6f9c9b77f6b000a06b7b3 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@...>
+Date: Wed, 20 Oct 2021 12:21:42 -0700
+Subject: [PATCH] keep nodejs compatible with c-ares 1.17.1

Upstream-Status: Inappropriate [c-ares specific]
Signed-off-by: Khem Raj <raj.khem@...>

+---
+ src/cares_wrap.h | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/cares_wrap.h b/src/cares_wrap.h
+index 60f99e6..aee46a9 100644
--- a/src/cares_wrap.h
+++ b/src/cares_wrap.h
@@ -22,7 +22,15 @@
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb
b/meta-oe/recipes-devtools/nodejs/nodejs_16.16.0.bb
similarity index 97%
rename from meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb
rename to meta-oe/recipes-devtools/nodejs/nodejs_16.16.0.bb
index 62188f94a..7f24c8ff1 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.16.0.bb
@@ -1,7 +1,7 @@
DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript"
HOMEPAGE = "http://nodejs.org"
LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6ba5b21ac7a505195ca69344d3d7a94a"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2e2857f5cd9803e878099e6a228d5f1c"

DEPENDS = "openssl"
DEPENDS:append:class-target = " qemu-native"
@@ -37,7 +37,7 @@ SRC_URI:append:toolchain-clang:x86 = " \
SRC_URI:append:toolchain-clang:powerpc64le = " \
file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
"
-SRC_URI[sha256sum] =
"e922e215cc68eb5f94d33e8a0b61e2c863b7731cc8600ab955d3822da90ff8d1"
+SRC_URI[sha256sum] =
"145151eff3b2aa5ebe73384009c52271a83740ae687a93c98c628cd7d52736eb"

S = "${WORKDIR}/node-v${PV}"

--
2.34.1


Re: [meta-oe][ 1/1] fluentbit Upgrade to 1.3.5 -> 1.9.6

Khem Raj
 

On Sat, Aug 6, 2022 at 9:05 AM Khem Raj <raj.khem@...> wrote:



On 8/1/22 07:28, Paulo Neves wrote:
Thanks for the review. Some more stuff was wrong after all and i am
reworking the patch.

I looked at the usrmerge patch and indeed i removed it incorrectly.

I tried to rework it so that it uses systemd.pc's systemdunitdir
variable but that variable relies on rootprefix. I cannot find a reason
why we are not setting systemd ROOTFSPREFIX in systemd and instead are
using
meta/recipes-core/systemd/systemd/0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch.
Is there any mismatch where prefix would not match? Would ROOTFSPREFIX
only be valid when usrmerge is active?
well rootprefix is set to root_prefix which varies depending upon
usrmerge feature being enabled or not.


root_prefix = "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge',
'${exec_prefix}', '${base_prefix}', d)}"

so in theory it should fall in place if we used root_prefix here

Paulo Neves

On 7/29/22 04:44, Khem Raj wrote:
Hi Paulo


On Thu, Jul 28, 2022 at 10:03 AM Paulo Neves <ptsneves@...> wrote:
Signed-off-by: Paulo Neves <ptsneves@...>
---
...t-Do-not-use-private-makefile-target.patch | 68 +++++++++++++++
...nit-install-location-with-SYSTEM_DIR.patch | 28 -------
...caused-by-using-flb_free-instead-of-.patch | 43 ----------
...-ppc-Fix-signature-for-co_create-API.patch | 38 ---------
...-not-hardcode-compilation-directorie.patch | 26 ++++++
...GV-caused-by-using-flb_free-instead-.patch | 82 -------------------
...0003-mbedtls-Do-not-overwrite-CFLAGS.patch | 25 ++++++
.../fluentbit/fluentbit/builtin-nan.patch | 27 ------
.../cross-build-init-system-detection.patch | 38 ---------
...{fluentbit_1.3.5.bb => fluentbit_1.9.6.bb} | 44 +++++-----
10 files changed, 139 insertions(+), 280 deletions(-)
create mode 100644
meta-oe/recipes-extended/fluentbit/fluentbit/0001-CMakeLists.txt-Do-not-use-private-makefile-target.patch

delete mode 100644
meta-oe/recipes-extended/fluentbit/fluentbit/0001-Control-sytemd-unit-install-location-with-SYSTEM_DIR.patch

delete mode 100644
meta-oe/recipes-extended/fluentbit/fluentbit/0001-bin-fix-SIGSEGV-caused-by-using-flb_free-instead-of-.patch

delete mode 100644
meta-oe/recipes-extended/fluentbit/fluentbit/0001-ppc-Fix-signature-for-co_create-API.patch

create mode 100644
meta-oe/recipes-extended/fluentbit/fluentbit/0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch

delete mode 100644
meta-oe/recipes-extended/fluentbit/fluentbit/0002-parser-Fix-SIGSEGV-caused-by-using-flb_free-instead-.patch

create mode 100644
meta-oe/recipes-extended/fluentbit/fluentbit/0003-mbedtls-Do-not-overwrite-CFLAGS.patch

delete mode 100644
meta-oe/recipes-extended/fluentbit/fluentbit/builtin-nan.patch
delete mode 100644
meta-oe/recipes-extended/fluentbit/fluentbit/cross-build-init-system-detection.patch

rename meta-oe/recipes-extended/fluentbit/{fluentbit_1.3.5.bb =>
fluentbit_1.9.6.bb} (53%)

diff --git
a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-CMakeLists.txt-Do-not-use-private-makefile-target.patch
b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-CMakeLists.txt-Do-not-use-private-makefile-target.patch

new file mode 100644
index 000000000..0a80a92ed
--- /dev/null
+++
b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-CMakeLists.txt-Do-not-use-private-makefile-target.patch

@@ -0,0 +1,68 @@
+From 6a704ab7bf69cd5d6970b3a7d3ae7798b26027c1 Mon Sep 17 00:00:00 2001
+From: Paulo Neves <ptsneves@...>
+Date: Thu, 28 Jul 2022 11:28:41 +0200
+Subject: [PATCH] CMakeLists.txt Do not use private makefile $< target
+
+$< is a private detail from the Makefile generated by CMakefile and
+are not under control or to be used at the CMakeLists level. In 3.20
+that private generation changed pre-requisite targets[1] and now logs
+contain the path compiler_depend.ts instead of the actual file.
+---
+ CMakeLists.txt | 6 +-----
+ lib/chunkio/CMakeLists.txt | 7 +------
+ lib/cmetrics/CMakeLists.txt | 7 +------
+ 3 files changed, 3 insertions(+), 17 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 3dba5a8..d94b988 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -46,11 +46,7 @@ else()
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall")
+ endif()
+
+-if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Windows")
+- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst
${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
+-else()
+- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+-endif()
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+
+ if(${CMAKE_SYSTEM_PROCESSOR} MATCHES "armv7l")
+ set(CMAKE_C_LINK_FLAGS "${CMAKE_C_LINK_FLAGS} -latomic")
+diff --git a/lib/chunkio/CMakeLists.txt b/lib/chunkio/CMakeLists.txt
+index bbe1f39..809ea93 100644
+--- a/lib/chunkio/CMakeLists.txt
++++ b/lib/chunkio/CMakeLists.txt
+@@ -14,12 +14,7 @@ else()
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall ")
+ endif()
+
+-# Set __FILENAME__
+-if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Windows")
+- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst
${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
+-else()
+- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+-endif()
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+
+ include(cmake/macros.cmake)
+
+diff --git a/lib/cmetrics/CMakeLists.txt b/lib/cmetrics/CMakeLists.txt
+index 60e8774..e3d6149 100644
+--- a/lib/cmetrics/CMakeLists.txt
++++ b/lib/cmetrics/CMakeLists.txt
+@@ -34,12 +34,7 @@ set(CMT_VERSION_MINOR 3)
+ set(CMT_VERSION_PATCH 5)
+ set(CMT_VERSION_STR
"${CMT_VERSION_MAJOR}.${CMT_VERSION_MINOR}.${CMT_VERSION_PATCH}")
+
+-# Define __FILENAME__ consistently across Operating Systems
+-if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Windows")
+- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst
${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
+-else()
+- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+-endif()
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+
+ # Configuration options
+ option(CMT_DEV "Enable development
mode" No)
diff --git
a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-Control-sytemd-unit-install-location-with-SYSTEM_DIR.patch
b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-Control-sytemd-unit-install-location-with-SYSTEM_DIR.patch

deleted file mode 100644
index bf4cda08f..000000000
---
a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-Control-sytemd-unit-install-location-with-SYSTEM_DIR.patch

+++ /dev/null
@@ -1,28 +0,0 @@
-From 5571f949fa2048b79c197b5b10a11ecb1891cbe9 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@...>
-Date: Sat, 23 Apr 2022 08:24:34 -0700
-Subject: [PATCH] Control sytemd unit install location with SYSTEM_DIR
-
-This helps building when usrmerge is on
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@...>
----
- src/CMakeLists.txt | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
---- a/src/CMakeLists.txt
-+++ b/src/CMakeLists.txt
-@@ -323,7 +323,11 @@ if(FLB_BINARY)
- "${PROJECT_SOURCE_DIR}/init/systemd.in"
- ${FLB_SYSTEMD_SCRIPT}
- )
-- install(FILES ${FLB_SYSTEMD_SCRIPT} DESTINATION
/lib/systemd/system)
-+ if(SYSTEMD_DIR)
-+ install(FILES ${FLB_SYSTEMD_SCRIPT} DESTINATION
${SYSTEMD_DIR})
-+ else()
-+ install(FILES ${FLB_SYSTEMD_SCRIPT} DESTINATION
/lib/systemd/system)
-+ endif()
- install(DIRECTORY DESTINATION ${FLB_INSTALL_CONFDIR})
- elseif(FLB_UPSTART)
- set(FLB_UPSTART_SCRIPT
"${PROJECT_SOURCE_DIR}/init/${FLB_OUT_NAME}.conf")
diff --git
a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-bin-fix-SIGSEGV-caused-by-using-flb_free-instead-of-.patch
b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-bin-fix-SIGSEGV-caused-by-using-flb_free-instead-of-.patch

deleted file mode 100644
index a6ff5991c..000000000
---
a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-bin-fix-SIGSEGV-caused-by-using-flb_free-instead-of-.patch

+++ /dev/null
@@ -1,43 +0,0 @@
-From 3d7390c89c2205d1eed0384be0bb65adb675e60d Mon Sep 17 00:00:00 2001
-From: Ramon Fried <ramon@...>
-Date: Tue, 9 Feb 2021 18:59:59 +0200
-Subject: [PATCH] bin: fix SIGSEGV caused by using flb_free instead of
- mk_mem_free
-
-Upstream-Status: Accepted
-Signed-off-by: Ramon Fried <ramon@...>
----
- src/fluent-bit.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/fluent-bit.c b/src/fluent-bit.c
-index c0c73b4..989cfde 100644
---- a/src/fluent-bit.c
-+++ b/src/fluent-bit.c
-@@ -289,7 +289,7 @@ static int input_set_property(struct
flb_input_instance *in, char *kv)
- in->p->name, key);
- }
-
-- flb_free(key);
-+ mk_mem_free(key);
- return ret;
- }
-
-@@ -314,7 +314,7 @@ static int output_set_property(struct
flb_output_instance *out, char *kv)
- }
-
- ret = flb_output_set_property(out, key, value);
-- flb_free(key);
-+ mk_mem_free(key);
- return ret;
- }
-
-@@ -340,7 +340,7 @@ static int filter_set_property(struct
flb_filter_instance *filter, char *kv)
- }
-
- ret = flb_filter_set_property(filter, key, value);
-- flb_free(key);
-+ mk_mem_free(key);
- return ret;
- }
-
diff --git
a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-ppc-Fix-signature-for-co_create-API.patch
b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-ppc-Fix-signature-for-co_create-API.patch

deleted file mode 100644
index 1f36c657e..000000000
---
a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-ppc-Fix-signature-for-co_create-API.patch

+++ /dev/null
@@ -1,38 +0,0 @@
-From be4032079c931704f52e29f5da5c01cde24ac842 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@...>
-Date: Thu, 16 Jan 2020 10:44:58 -0800
-Subject: [PATCH] ppc: Fix signature for co_create API
-
-Upstream-Status: Submitted
[https://github.com/fluent/fluent-bit/pull/1886]
-Signed-off-by: Khem Raj <raj.khem@...>
----
- lib/flb_libco/ppc.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/lib/flb_libco/ppc.c b/lib/flb_libco/ppc.c
-index e6536d56..533256b3 100644
---- a/lib/flb_libco/ppc.c
-+++ b/lib/flb_libco/ppc.c
-@@ -279,7 +279,9 @@ static uint32_t* co_create_(unsigned size,
uintptr_t entry) {
- return t;
- }
-
--cothread_t co_create(unsigned int size, void (*entry_)(void)) {
-+cothread_t co_create(unsigned int size, void (*entry_)(void),
-+ size_t *out_size) {
-+
- uintptr_t entry = (uintptr_t)entry_;
- uint32_t* t = 0;
-
-@@ -325,7 +327,7 @@ cothread_t co_create(unsigned int size, void
(*entry_)(void)) {
- t[10] = (uint32_t)(sp >> shift >> shift);
- t[11] = (uint32_t)sp;
- }
--
-+ *out_size = size;
- return t;
- }
-
---
-2.25.0
-
diff --git
a/meta-oe/recipes-extended/fluentbit/fluentbit/0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch
b/meta-oe/recipes-extended/fluentbit/fluentbit/0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch

new file mode 100644
index 000000000..4358b2a51
--- /dev/null
+++
b/meta-oe/recipes-extended/fluentbit/fluentbit/0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch

@@ -0,0 +1,26 @@
+From 71dab751a27a2e582b711de22873065dd28f4b65 Mon Sep 17 00:00:00 2001
+From: Paulo Neves <ptsneves@...>
+Date: Thu, 28 Jul 2022 11:42:31 +0200
+Subject: [PATCH] flb_info.h.in: Do not hardcode compilation directories
+
+Including the source dir in the header makes the header not
+reproducible and contaminates it with host builder paths. Instead
+make it take CMAKE_DEBUG_SRCDIR that can be set to a known
+reproducible value
+---
+ include/fluent-bit/flb_info.h.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/fluent-bit/flb_info.h.in
b/include/fluent-bit/flb_info.h.in
+index a89485c..2579afc 100644
+--- a/include/fluent-bit/flb_info.h.in
++++ b/include/fluent-bit/flb_info.h.in
+@@ -23,7 +23,7 @@
+ #define STR_HELPER(s) #s
+ #define STR(s) STR_HELPER(s)
+
+-#define FLB_SOURCE_DIR "@CMAKE_SOURCE_DIR@"
++#define FLB_SOURCE_DIR "@CMAKE_DEBUG_SRCDIR@"
+
+ /* General flags set by CMakeLists.txt */
+ @FLB_BUILD_FLAGS@
diff --git
a/meta-oe/recipes-extended/fluentbit/fluentbit/0002-parser-Fix-SIGSEGV-caused-by-using-flb_free-instead-.patch
b/meta-oe/recipes-extended/fluentbit/fluentbit/0002-parser-Fix-SIGSEGV-caused-by-using-flb_free-instead-.patch

deleted file mode 100644
index 91675dfc6..000000000
---
a/meta-oe/recipes-extended/fluentbit/fluentbit/0002-parser-Fix-SIGSEGV-caused-by-using-flb_free-instead-.patch

+++ /dev/null
@@ -1,82 +0,0 @@
-From 7c3b1dfb174312594d3317c24ed71c60398f653f Mon Sep 17 00:00:00 2001
-From: Ramon Fried <ramon@...>
-Date: Wed, 10 Feb 2021 04:23:36 +0200
-Subject: [PATCH] parser: Fix SIGSEGV caused by using flb_free
instead of
- mk_mem_free
-
-Upstream-Status: Backport (fix only for 1.3.5)
-Signed-off-by: Ramon Fried <ramon@...>
----
- src/flb_parser.c | 28 ++++++++++++++--------------
- 1 file changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/src/flb_parser.c b/src/flb_parser.c
-index d35c568..7c20e12 100644
---- a/src/flb_parser.c
-+++ b/src/flb_parser.c
-@@ -490,7 +490,7 @@ int flb_parser_conf_file(const char *file,
struct flb_config *config)
- MK_RCONF_STR);
- if (str) {
- time_keep = flb_utils_bool(str);
-- flb_free(str);
-+ mk_mem_free(str);
- }
- else {
- time_keep = FLB_FALSE;
-@@ -522,23 +522,23 @@ int flb_parser_conf_file(const char *file,
struct flb_config *config)
-
- flb_debug("[parser] new parser registered: %s", name);
-
-- flb_free(name);
-- flb_free(format);
-+ mk_mem_free(name);
-+ mk_mem_free(format);
-
- if (regex) {
-- flb_free(regex);
-+ mk_mem_free(regex);
- }
- if (time_fmt) {
-- flb_free(time_fmt);
-+ mk_mem_free(time_fmt);
- }
- if (time_key) {
-- flb_free(time_key);
-+ mk_mem_free(time_key);
- }
- if (time_offset) {
-- flb_free(time_offset);
-+ mk_mem_free(time_offset);
- }
- if (types_str) {
-- flb_free(types_str);
-+ mk_mem_free(types_str);
- }
-
- decoders = NULL;
-@@ -548,19 +548,19 @@ int flb_parser_conf_file(const char *file,
struct flb_config *config)
- return 0;
-
- fconf_error:
-- flb_free(name);
-- flb_free(format);
-+ mk_mem_free(name);
-+ mk_mem_free(format);
- if (regex) {
-- flb_free(regex);
-+ mk_mem_free(regex);
- }
- if (time_fmt) {
-- flb_free(time_fmt);
-+ mk_mem_free(time_fmt);
- }
- if (time_key) {
-- flb_free(time_key);
-+ mk_mem_free(time_key);
- }
- if (types_str) {
-- flb_free(types_str);
-+ mk_mem_free(types_str);
- }
- if (decoders) {
- flb_parser_decoder_list_destroy(decoders);
diff --git
a/meta-oe/recipes-extended/fluentbit/fluentbit/0003-mbedtls-Do-not-overwrite-CFLAGS.patch
b/meta-oe/recipes-extended/fluentbit/fluentbit/0003-mbedtls-Do-not-overwrite-CFLAGS.patch

new file mode 100644
index 000000000..0611af9ec
--- /dev/null
+++
b/meta-oe/recipes-extended/fluentbit/fluentbit/0003-mbedtls-Do-not-overwrite-CFLAGS.patch

@@ -0,0 +1,25 @@
+From 8486b912281ae85db0c9fc05bb546f16872e114c Mon Sep 17 00:00:00 2001
+From: Paulo Neves <ptsneves@...>
+Date: Thu, 28 Jul 2022 14:37:18 +0200
+Subject: [PATCH] mbedtls: Do not overwrite CFLAGS
+
+bitbake passes CFLAGS that are often in conflict with the ones set
+in mbedtls' CMakeLists.txt. Such conflicts are the inability to use
+FORTIFY_SOURCE=2 except in release mode
+---
+ lib/mbedtls-2.28.0/CMakeLists.txt | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/lib/mbedtls-2.28.0/CMakeLists.txt
b/lib/mbedtls-2.28.0/CMakeLists.txt
+index d76bddc..e717846 100644
+--- a/lib/mbedtls-2.28.0/CMakeLists.txt
++++ b/lib/mbedtls-2.28.0/CMakeLists.txt
+@@ -204,8 +204,6 @@ if(CMAKE_COMPILER_IS_GNU)
+ if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION
VERSION_EQUAL 7.0)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2
-Wformat-truncation")
+ endif()
+- set(CMAKE_C_FLAGS_RELEASE "-O2")
+- set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
+ set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
+ set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common
-fsanitize=undefined -fno-sanitize-recover=all -O3")
+ set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common
-fsanitize=undefined -fno-sanitize-recover=all -O1 -g3
-fno-omit-frame-pointer -fno-optimize-sibling-calls")
diff --git
a/meta-oe/recipes-extended/fluentbit/fluentbit/builtin-nan.patch
b/meta-oe/recipes-extended/fluentbit/fluentbit/builtin-nan.patch
deleted file mode 100644
index 8ffc3be3e..000000000
--- a/meta-oe/recipes-extended/fluentbit/fluentbit/builtin-nan.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-help complier to use intrinsics, clang in few cases e.g. aarch64 can
not
-and then requires linking with libm, its the only function needed
from libm then
-its good to avoid needing it.
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@...>
-
---- a/include/fluent-bit/stream_processor/flb_sp_timeseries.h
-+++ b/include/fluent-bit/stream_processor/flb_sp_timeseries.h
-@@ -207,7 +207,7 @@ void cb_forecast_calc(struct timeseries
- result = b0 + b1 * (val->f64 + *forecast->latest_x);
- break;
- default:
-- result = nan("");
-+ result = __builtin_nan("");
- break;
- }
-
-@@ -283,7 +283,7 @@ void cb_forecast_r_calc(struct timeserie
- result = ((val->i64 - b0) / b1) - *forecast->latest_x;
- break;
- default:
-- result = nan("");
-+ result = __builtin_nan("");
- break;
- }
-
diff --git
a/meta-oe/recipes-extended/fluentbit/fluentbit/cross-build-init-system-detection.patch
b/meta-oe/recipes-extended/fluentbit/fluentbit/cross-build-init-system-detection.patch

deleted file mode 100644
index d3822fc8d..000000000
---
a/meta-oe/recipes-extended/fluentbit/fluentbit/cross-build-init-system-detection.patch

+++ /dev/null
@@ -1,38 +0,0 @@
-Define CMake variables to indicate init system for target
-incase of cross compile, detecting systemd support based on
-host directory structure is not right thing to do
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.kheem@...>
-
---- a/src/CMakeLists.txt
-+++ b/src/CMakeLists.txt
-@@ -317,7 +317,7 @@ if(FLB_BINARY)
- install(TARGETS fluent-bit-bin RUNTIME DESTINATION
${FLB_INSTALL_BINDIR})
-
- # Detect init system, install upstart, systemd or init.d script
-- if(IS_DIRECTORY /lib/systemd/system)
-+ if(FLB_SYSTEMD)
- set(FLB_SYSTEMD_SCRIPT
"${PROJECT_SOURCE_DIR}/init/${FLB_OUT_NAME}.service")
- configure_file(
- "${PROJECT_SOURCE_DIR}/init/systemd.in"
-@@ -325,7 +325,7 @@ if(FLB_BINARY)
- )
- install(FILES ${FLB_SYSTEMD_SCRIPT} DESTINATION
/lib/systemd/system)
- install(DIRECTORY DESTINATION ${FLB_INSTALL_CONFDIR})
-- elseif(IS_DIRECTORY /usr/share/upstart)
-+ elseif(FLB_UPSTART)
- set(FLB_UPSTART_SCRIPT
"${PROJECT_SOURCE_DIR}/init/${FLB_OUT_NAME}.conf")
- configure_file(
- "${PROJECT_SOURCE_DIR}/init/upstart.in"
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -70,6 +70,8 @@ option(FLB_RECORD_ACCESSOR "Enable re
- option(FLB_SYSTEM_STRPTIME "Use strptime in system libc" Yes)
- option(FLB_STATIC_CONF "Build binary using static
configuration")
- option(FLB_STREAM_PROCESSOR "Enable Stream Processor" Yes)
-+option(FLB_SYSTEMD "Enable systemd init system" No)
-+option(FLB_UPSTART "Enable upstart init system" No)
- option(FLB_CORO_STACK_SIZE "Set coroutine stack size")
-
- # Metrics: Experimental Feature, disabled by default on 0.12 series
diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit_1.3.5.bb
b/meta-oe/recipes-extended/fluentbit/fluentbit_1.9.6.bb
similarity index 53%
rename from meta-oe/recipes-extended/fluentbit/fluentbit_1.3.5.bb
rename to meta-oe/recipes-extended/fluentbit/fluentbit_1.9.6.bb
index b231cc287..1ff62767d 100644
--- a/meta-oe/recipes-extended/fluentbit/fluentbit_1.3.5.bb
+++ b/meta-oe/recipes-extended/fluentbit/fluentbit_1.9.6.bb
@@ -11,25 +11,28 @@ LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM =
"file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93"
SECTION = "net"

-SRC_URI = "http://fluentbit.io/releases/1.3/fluent-bit-${PV}.tar.gz \
+PR = "r0"
We don't need to set PR in recipe anymore

+PV = "1.9.6"
We don't need PV either since it's in the recipe name already.

+
+SRC_URI =
"https://releases.fluentbit.io/1.9/source-${PV}.tar.gz;subdir=fluent-bit-${PV}
\
+
file://0001-CMakeLists.txt-Do-not-use-private-makefile-target.patch \
+
file://0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch \
+ file://0003-mbedtls-Do-not-overwrite-CFLAGS.patch \
file://jemalloc.patch \
- file://cross-build-init-system-detection.patch \
- file://builtin-nan.patch \
- file://0001-ppc-Fix-signature-for-co_create-API.patch \
-
file://0001-bin-fix-SIGSEGV-caused-by-using-flb_free-instead-of-.patch \
-
file://0002-parser-Fix-SIGSEGV-caused-by-using-flb_free-instead-.patch \
-
file://0001-Control-sytemd-unit-install-location-with-SYSTEM_DIR.patch \
does this work without patch with usrmerge distro feature on ?

"
-SRC_URI[md5sum] = "6eae6dfd0a874e5dd270c36e9c68f747"
-SRC_URI[sha256sum] =
"e037c76c89269c8dc4027a08e442fefd2751b0f1e0f9c38f9a4b12d781a9c789"
+SRC_URI[md5sum] = "ad65bb3ca55d203a467a63426e17bfae"
we don't need md5sum anymore.

+SRC_URI[sha256sum] =
"5ef7dd97e10936269fe5f4e5d3ebf16559333066f7d6757ba12464a9d6186570"

S = "${WORKDIR}/fluent-bit-${PV}"
-DEPENDS = "zlib bison-native flex-native"
+DEPENDS = "zlib bison-native flex-native openssl"
DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
-
+PACKAGECONFIG[yaml] = "-DFLB_CONFIG_YAML=On,-DFLB_CONFIG_YAML=Off,
yaml,"
+PACKAGECONFIG[kafka] =
"-DFLB_OUT_KAFKA=On,-DFLB_OUT_KAFKA=Off,librdkafka"
+PACKAGECONFIG[examples] = "-DFLB_EXAMPLES=On,-DFLB_EXAMPLES=Off"
+PACKAGECONFIG[jemalloc] =
"-DFLB_JEMALLOC=On,-DFLB_JEMALLOC=Off,jemalloc"
DEPENDS:append:libc-musl = " fts "

-INSANE_SKIP:${PN}-dev += "dev-elf"
+PACKAGECONFIG ?= "yaml"
There is no recipe providing yaml in core or meta-oe, perhaps you
meant libyaml maybe ?

LTO = ""

@@ -40,13 +43,13 @@ OECMAKE_GENERATOR ?= "Unix Makefiles"
# ========================

# Host related setup
-EXTRA_OECMAKE += "-DGNU_HOST=${HOST_SYS} -DFLB_ALL=ON -DFLB_TD=1"
+EXTRA_OECMAKE += "-DGNU_HOST=${HOST_SYS} -DFLB_TD=1"

# Disable LuaJIT and filter_lua support
EXTRA_OECMAKE += "-DFLB_LUAJIT=Off -DFLB_FILTER_LUA=Off "

# Disable Library and examples
-EXTRA_OECMAKE += "-DFLB_SHARED_LIB=Off -DFLB_EXAMPLES=Off "
+EXTRA_OECMAKE += "-DFLB_SHARED_LIB=Off"

# Enable systemd iff systemd is in DISTRO_FEATURES
EXTRA_OECMAKE +=
"${@bb.utils.contains('DISTRO_FEATURES','systemd','-DFLB_SYSTEMD=On
-DSYSTEMD_DIR=${systemd_system_unitdir}','-DFLB_SYSTEMD=Off',d)}"
@@ -54,16 +57,9 @@ EXTRA_OECMAKE +=
"${@bb.utils.contains('DISTRO_FEATURES','systemd','-DFLB_SYSTEM
EXTRA_OECMAKE:append:riscv64 = " -DFLB_DEPS='atomic'"
EXTRA_OECMAKE:append:riscv32 = " -DFLB_DEPS='atomic'"

-# Kafka Output plugin (disabled by default): note that when
-# enabling Kafka output plugin, the backend library librdkafka
-# requires 'openssl' as a dependency.
-#
-# DEPENDS += "openssl "
-# EXTRA_OECMAKE += "-DFLB_OUT_KAFKA=On "
-
inherit cmake systemd

-CFLAGS += "-fcommon"
-
SYSTEMD_SERVICE:${PN} = "td-agent-bit.service"
-TARGET_CC_ARCH:append = " ${SELECTED_OPTIMIZATION}"
+
+EXTRA_OECMAKE +=
"-DCMAKE_DEBUG_SRCDIR=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/"
+TARGET_CC_ARCH += " ${SELECTED_OPTIMIZATION}"
--
2.25.1




[meta-networking][PATCH 5/5] autofs: Fix build with glibc 2.36

Khem Raj
 

Signed-off-by: Khem Raj <raj.khem@...>
---
.../autofs/autofs/mount_conflict.patch | 30 +++++++++++++++++++
.../recipes-daemons/autofs/autofs_5.1.8.bb | 1 +
2 files changed, 31 insertions(+)
create mode 100644 meta-networking/recipes-daemons/autofs/autofs/mount_conflict.patch

diff --git a/meta-networking/recipes-daemons/autofs/autofs/mount_conflict.patch b/meta-networking/recipes-daemons/autofs/autofs/mount_conflict.patch
new file mode 100644
index 0000000000..e2a94bf825
--- /dev/null
+++ b/meta-networking/recipes-daemons/autofs/autofs/mount_conflict.patch
@@ -0,0 +1,30 @@
+Avoid conflicts between sys/mount.h and linux/mount.h
+
+linux/fs.h includes linux/mount.h and this include file is unused so
+do not include it and avoid conflict too with glibc 2.36+ see [1]
+
+[1] https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@...>
+--- a/modules/parse_amd.c
++++ b/modules/parse_amd.c
+@@ -27,7 +27,6 @@
+ #include <sys/utsname.h>
+ #include <netinet/in.h>
+ #include <sys/mount.h>
+-#include <linux/fs.h>
+
+ #define MODULE_PARSE
+ #include "automount.h"
+--- a/modules/parse_sun.c
++++ b/modules/parse_sun.c
+@@ -30,7 +30,6 @@
+ #include <sys/utsname.h>
+ #include <netinet/in.h>
+ #include <sys/mount.h>
+-#include <linux/fs.h>
+
+ #define MODULE_PARSE
+ #include "automount.h"
diff --git a/meta-networking/recipes-daemons/autofs/autofs_5.1.8.bb b/meta-networking/recipes-daemons/autofs/autofs_5.1.8.bb
index 1f87bddbee..cb80844586 100644
--- a/meta-networking/recipes-daemons/autofs/autofs_5.1.8.bb
+++ b/meta-networking/recipes-daemons/autofs/autofs_5.1.8.bb
@@ -26,6 +26,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/daemons/autofs/v5/autofs-${PV}.tar.gz \
file://0001-Do-not-hardcode-path-for-pkg.m4.patch \
file://0001-Bug-fix-for-pid_t-not-found-on-musl.patch \
file://0001-Define-__SWORD_TYPE-if-undefined.patch \
+ file://mount_conflict.patch \
"
SRC_URI[sha256sum] = "0bd401c56f0eb1ca6251344c3a3d70bface3eccf9c67117cd184422c4cace30c"

--
2.37.1


[meta-filesystems][PATCH 4/5] xfstests: Upgrade to v2022.07.10

Khem Raj
 

Signed-off-by: Khem Raj <raj.khem@...>
---
meta-filesystems/recipes-utils/xfstests/xfstests_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-filesystems/recipes-utils/xfstests/xfstests_git.bb b/meta-filesystems/recipes-utils/xfstests/xfstests_git.bb
index 868fa0330f..a6fc89d606 100644
--- a/meta-filesystems/recipes-utils/xfstests/xfstests_git.bb
+++ b/meta-filesystems/recipes-utils/xfstests/xfstests_git.bb
@@ -9,8 +9,8 @@ SRC_URI = "\
git://github.com/amir73il/unionmount-testsuite.git;branch=master;protocol=https;name=unionmount;destsuffix=unionmount-testsuite \
"

-SRCREV_xfstests = "37881397f1aa62df3c63468049c80b301b0e89eb"
-SRCREV_unionmount = "cec4c51a3bf8ba80bb99fc74b302749d4e3d2f1d"
+SRCREV_xfstests = "47ed066309716c73a97fff9b7f557f72d90bffb4"
+SRCREV_unionmount = "e3825b16b46f4c4574a1a69909944c059835f914"

S = "${WORKDIR}/git"

--
2.37.1


[meta-oe][PATCH V2 3/5] sdbus-c++-libsystemd: Fix build with glibc 2.36

Khem Raj
 

Signed-off-by: Khem Raj <raj.khem@...>
---
...lude-linux-fs.h-to-resolve-fsconfig_.patch | 74 +++++++++++++++++++
.../sdbus-c++/sdbus-c++-libsystemd_250.3.bb | 1 +
2 files changed, 75 insertions(+)
create mode 100644 meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd/0001-glibc-Remove-include-linux-fs.h-to-resolve-fsconfig_.patch

diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd/0001-glibc-Remove-include-linux-fs.h-to-resolve-fsconfig_.patch b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd/0001-glibc-Remove-include-linux-fs.h-to-resolve-fsconfig_.patch
new file mode 100644
index 0000000000..01afd37a37
--- /dev/null
+++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd/0001-glibc-Remove-include-linux-fs.h-to-resolve-fsconfig_.patch
@@ -0,0 +1,74 @@
+From b0933e76c6f0594c10cf8a9a70b34e15b68066d1 Mon Sep 17 00:00:00 2001
+From: Rudi Heitbaum <rudi@...>
+Date: Sat, 23 Jul 2022 10:38:49 +0000
+Subject: [PATCH] glibc: Remove #include <linux/fs.h> to resolve fsconfig_command/mount_attr conflict with glibc 2.36
+
+Upstream-Status: Backport [https://github.com/systemd/systemd/pull/23992/commits/21c03ad5e9d8d0350e30dae92a5e15da318a1539]
+Signed-off-by: Khem Raj <raj.khem@...>
+---
+ meson.build | 13 ++++++++++++-
+ src/basic/fd-util.c | 2 ++
+ src/core/namespace.c | 2 ++
+ src/shared/mount-util.c | 2 ++
+ 4 files changed, 18 insertions(+), 1 deletion(-)
+
+--- a/meson.build
++++ b/meson.build
+@@ -474,7 +474,6 @@ decl_headers = '''
+ #include <uchar.h>
+ #include <sys/mount.h>
+ #include <sys/stat.h>
+-#include <linux/fs.h>
+ '''
+
+ foreach decl : ['char16_t',
+@@ -486,6 +485,17 @@ foreach decl : ['char16_t',
+ # We get -1 if the size cannot be determined
+ have = cc.sizeof(decl, prefix : decl_headers, args : '-D_GNU_SOURCE') > 0
+
++ if decl == 'struct mount_attr'
++ if have
++ want_linux_fs_h = false
++ else
++ have = cc.sizeof(decl,
++ prefix : decl_headers + '#include <linux/fs.h>',
++ args : '-D_GNU_SOURCE') > 0
++ want_linux_fs_h = have
++ endif
++ endif
++
+ if decl == 'struct statx'
+ if have
+ want_linux_stat_h = false
+@@ -501,6 +511,7 @@ foreach decl : ['char16_t',
+ endforeach
+
+ conf.set10('WANT_LINUX_STAT_H', want_linux_stat_h)
++conf.set10('WANT_LINUX_FS_H', want_linux_fs_h)
+
+ foreach ident : ['secure_getenv', '__secure_getenv']
+ conf.set10('HAVE_' + ident.to_upper(), cc.has_function(ident))
+--- a/src/core/namespace.c
++++ b/src/core/namespace.c
+@@ -6,7 +6,9 @@
+ #include <stdio.h>
+ #include <sys/mount.h>
+ #include <unistd.h>
++#if WANT_LINUX_FS_H
+ #include <linux/fs.h>
++#endif
+
+ #include "alloc-util.h"
+ #include "base-filesystem.h"
+--- a/src/shared/mount-util.c
++++ b/src/shared/mount-util.c
+@@ -7,7 +7,9 @@
+ #include <sys/statvfs.h>
+ #include <unistd.h>
+ #include <linux/loop.h>
++#if WANT_LINUX_FS_H
+ #include <linux/fs.h>
++#endif
+
+ #include "alloc-util.h"
+ #include "chase-symlinks.h"
diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd_250.3.bb b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd_250.3.bb
index d5c799aac3..853cc20b67 100644
--- a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd_250.3.bb
+++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd_250.3.bb
@@ -14,6 +14,7 @@ SRCREV = "73be9643910c3f7f3ff84765d63060846c110016"
SRCBRANCH = "v250-stable"
SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH} \
file://static-libsystemd-pkgconfig.patch \
+ file://0001-glibc-Remove-include-linux-fs.h-to-resolve-fsconfig_.patch \
"

# patches needed by musl
--
2.37.1


[meta-oe][PATCH 2/5] ostree: Upgrade to 2022.5 release

Khem Raj
 

Backport a fix for building with glibc 2.36+ while here

Signed-off-by: Khem Raj <raj.khem@...>
---
...01-Remove-unused-linux-fs.h-includes.patch | 42 +++++++++++++++++++
...bostree-Remove-including-sys-mount.h.patch | 29 +++++++++++++
...-se-luks-gencpio-There-is-no-bashism.patch | 25 +++++++++++
.../{ostree_2022.2.bb => ostree_2022.5.bb} | 5 ++-
4 files changed, 100 insertions(+), 1 deletion(-)
create mode 100644 meta-oe/recipes-extended/ostree/ostree/0001-Remove-unused-linux-fs.h-includes.patch
create mode 100644 meta-oe/recipes-extended/ostree/ostree/0001-libostree-Remove-including-sys-mount.h.patch
create mode 100644 meta-oe/recipes-extended/ostree/ostree/0001-s390x-se-luks-gencpio-There-is-no-bashism.patch
rename meta-oe/recipes-extended/ostree/{ostree_2022.2.bb => ostree_2022.5.bb} (96%)

diff --git a/meta-oe/recipes-extended/ostree/ostree/0001-Remove-unused-linux-fs.h-includes.patch b/meta-oe/recipes-extended/ostree/ostree/0001-Remove-unused-linux-fs.h-includes.patch
new file mode 100644
index 0000000000..2659e4696d
--- /dev/null
+++ b/meta-oe/recipes-extended/ostree/ostree/0001-Remove-unused-linux-fs.h-includes.patch
@@ -0,0 +1,42 @@
+From 7d32c352f628747cfadabf9fe7fcc13608e5dfe6 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@...>
+Date: Wed, 3 Aug 2022 10:37:40 -0400
+Subject: [PATCH] Remove unused `linux/fs.h` includes
+
+Prep for fixing conflicts introduced by newer glibc.
+cc https://github.com/ostreedev/ostree/issues/2685
+
+Upstream-Status: Backport [https://github.com/ostreedev/ostree/commit/edba4b33be10c05253bfa94895dfbc8477e44d76]
+Signed-off-by: Khem Raj <raj.khem@...>
+---
+ src/libostree/ostree-repo-commit.c | 1 -
+ src/ostree/ot-main.c | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/src/libostree/ostree-repo-commit.c b/src/libostree/ostree-repo-commit.c
+index afab3fdf..35b16c71 100644
+--- a/src/libostree/ostree-repo-commit.c
++++ b/src/libostree/ostree-repo-commit.c
+@@ -30,7 +30,6 @@
+ #include <sys/xattr.h>
+ #include <glib/gprintf.h>
+ #include <sys/ioctl.h>
+-#include <linux/fs.h>
+ #include <ext2fs/ext2_fs.h>
+
+ #include "otutil.h"
+diff --git a/src/ostree/ot-main.c b/src/ostree/ot-main.c
+index b7b50d67..7a4405a5 100644
+--- a/src/ostree/ot-main.c
++++ b/src/ostree/ot-main.c
+@@ -28,7 +28,6 @@
+ #include <string.h>
+ #include <sys/statvfs.h>
+ #include <sys/mount.h>
+-#include <linux/fs.h>
+
+ #include "ot-main.h"
+ #include "ostree.h"
+--
+2.37.1
+
diff --git a/meta-oe/recipes-extended/ostree/ostree/0001-libostree-Remove-including-sys-mount.h.patch b/meta-oe/recipes-extended/ostree/ostree/0001-libostree-Remove-including-sys-mount.h.patch
new file mode 100644
index 0000000000..5c2792cf89
--- /dev/null
+++ b/meta-oe/recipes-extended/ostree/ostree/0001-libostree-Remove-including-sys-mount.h.patch
@@ -0,0 +1,29 @@
+From 7ff956e4088e0bdc6bfd429f99124a8a9256c181 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@...>
+Date: Sat, 6 Aug 2022 21:44:11 -0700
+Subject: [PATCH] libostree: Remove including sys/mount.h
+
+This conflicts with linux/mount.h which is included by linux/fs.h
+with glibc 2.36+
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@...>
+---
+ src/libostree/ostree-sysroot-deploy.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c
+index 2dc9f58b..61b19e42 100644
+--- a/src/libostree/ostree-sysroot-deploy.c
++++ b/src/libostree/ostree-sysroot-deploy.c
+@@ -23,7 +23,6 @@
+ #include <gio/gunixoutputstream.h>
+ #include <glib-unix.h>
+ #include <stdint.h>
+-#include <sys/mount.h>
+ #include <sys/statvfs.h>
+ #include <sys/socket.h>
+ #include <sys/ioctl.h>
+--
+2.37.1
+
diff --git a/meta-oe/recipes-extended/ostree/ostree/0001-s390x-se-luks-gencpio-There-is-no-bashism.patch b/meta-oe/recipes-extended/ostree/ostree/0001-s390x-se-luks-gencpio-There-is-no-bashism.patch
new file mode 100644
index 0000000000..5cf5784f14
--- /dev/null
+++ b/meta-oe/recipes-extended/ostree/ostree/0001-s390x-se-luks-gencpio-There-is-no-bashism.patch
@@ -0,0 +1,25 @@
+From dd55633e49aa43dede3c8e1770ae8761487f050e Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@...>
+Date: Sat, 6 Aug 2022 21:52:31 -0700
+Subject: [PATCH] s390x-se-luks-gencpio: There is no bashism
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@...>
+---
+ src/libostree/s390x-se-luks-gencpio | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libostree/s390x-se-luks-gencpio b/src/libostree/s390x-se-luks-gencpio
+index e821e2fe..96c1d123 100755
+--- a/src/libostree/s390x-se-luks-gencpio
++++ b/src/libostree/s390x-se-luks-gencpio
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ # This script creates new initramdisk with LUKS config within
+ set -euo pipefail
+
+--
+2.37.1
+
diff --git a/meta-oe/recipes-extended/ostree/ostree_2022.2.bb b/meta-oe/recipes-extended/ostree/ostree_2022.5.bb
similarity index 96%
rename from meta-oe/recipes-extended/ostree/ostree_2022.2.bb
rename to meta-oe/recipes-extended/ostree/ostree_2022.5.bb
index 50d0548cc7..b3d9ec56b7 100644
--- a/meta-oe/recipes-extended/ostree/ostree_2022.2.bb
+++ b/meta-oe/recipes-extended/ostree/ostree_2022.5.bb
@@ -19,9 +19,12 @@ DEPENDS = " \

SRC_URI = " \
gitsm://github.com/ostreedev/ostree;branch=main;protocol=https \
+ file://0001-Remove-unused-linux-fs.h-includes.patch \
+ file://0001-libostree-Remove-including-sys-mount.h.patch \
+ file://0001-s390x-se-luks-gencpio-There-is-no-bashism.patch \
file://run-ptest \
"
-SRCREV = "fbc6d21c2f71099fbab44cbdd74222b91f61c667"
+SRCREV = "15740d042c9c5258a1c082b5e228cf6f115edbb0"

UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+\.\d+)"

--
2.37.1


[meta-networking][PATCH 1/5] kronosnet: Upgrade to 1.24

Khem Raj
 

Remove upstreamed patches

Signed-off-by: Khem Raj <raj.khem@...>
---
...ests-Correct-include-path-for-poll.h.patch | 29 -------------------
.../{kronosnet_1.22.bb => kronosnet_1.24.bb} | 3 +-
2 files changed, 1 insertion(+), 31 deletions(-)
delete mode 100644 meta-networking/recipes-extended/kronosnet/kronosnet/0001-libknet-tests-Correct-include-path-for-poll.h.patch
rename meta-networking/recipes-extended/kronosnet/{kronosnet_1.22.bb => kronosnet_1.24.bb} (92%)

diff --git a/meta-networking/recipes-extended/kronosnet/kronosnet/0001-libknet-tests-Correct-include-path-for-poll.h.patch b/meta-networking/recipes-extended/kronosnet/kronosnet/0001-libknet-tests-Correct-include-path-for-poll.h.patch
deleted file mode 100644
index 0d261fd4ef..0000000000
--- a/meta-networking/recipes-extended/kronosnet/kronosnet/0001-libknet-tests-Correct-include-path-for-poll.h.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From cae68083fda5d4ca832ff3cc8a533454df2efe23 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@...>
-Date: Tue, 12 Oct 2021 20:35:53 -0700
-Subject: [PATCH] libknet/tests: Correct include path for poll.h
-
-Fixes
-/usr/include/sys/poll.h:1:2: error: redirec
-ting incorrect #include <sys/poll.h> to <poll.h> [-Werror,-W#warnings]
-| #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
-
-Upstream-Status: Submitted [https://github.com/kronosnet/kronosnet/pull/363]
-Signed-off-by: Khem Raj <raj.khem@...>
----
- libknet/tests/test-common.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libknet/tests/test-common.c b/libknet/tests/test-common.c
-index 86b76b0..8f8b6ca 100644
---- a/libknet/tests/test-common.c
-+++ b/libknet/tests/test-common.c
-@@ -20,7 +20,7 @@
- #include <pthread.h>
- #include <dirent.h>
- #include <sys/select.h>
--#include <sys/poll.h>
-+#include <poll.h>
-
- #include "libknet.h"
- #include "test-common.h"
diff --git a/meta-networking/recipes-extended/kronosnet/kronosnet_1.22.bb b/meta-networking/recipes-extended/kronosnet/kronosnet_1.24.bb
similarity index 92%
rename from meta-networking/recipes-extended/kronosnet/kronosnet_1.22.bb
rename to meta-networking/recipes-extended/kronosnet/kronosnet_1.24.bb
index 0b0bc29452..cbd5e7a0fd 100644
--- a/meta-networking/recipes-extended/kronosnet/kronosnet_1.22.bb
+++ b/meta-networking/recipes-extended/kronosnet/kronosnet_1.24.bb
@@ -11,9 +11,8 @@ LIC_FILES_CHKSUM = "file://COPYING.applications;md5=751419260aa954499f7abaabaa88
SECTION = "libs"
DEPENDS = "doxygen-native libqb-native libxml2-native bzip2 libqb libxml2 libnl lksctp-tools lz4 lzo openssl nss xz zlib zstd"

-SRCREV = "0123ecebce0ad6aba3cdb320027192e15fd71e23"
+SRCREV = "f8f80fd7f9b85f2626d2c6452612962ad8efca9e"
SRC_URI = "git://github.com/kronosnet/kronosnet;protocol=https;branch=stable1 \
- file://0001-libknet-tests-Correct-include-path-for-poll.h.patch \
file://0001-links.c-Fix-build-with-gcc-12.patch \
"

--
2.37.1


Re: [meta-oe][ 1/1] fluentbit Upgrade to 1.3.5 -> 1.9.6

Khem Raj
 

On 8/1/22 07:28, Paulo Neves wrote:
Thanks for the review. Some more stuff was wrong after all and i am reworking the patch.
I looked at the usrmerge patch and indeed i removed it incorrectly.
I tried to rework it so that it uses systemd.pc's systemdunitdir variable but that variable relies on rootprefix. I cannot find a reason why we are not setting systemd ROOTFSPREFIX in systemd and instead are using meta/recipes-core/systemd/systemd/0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch. Is there any mismatch where prefix would not match? Would ROOTFSPREFIX only be valid when usrmerge is active?
well rootprefix is set to root_prefix which varies depending upon usrmerge feature being enabled or not.


root_prefix = "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', '${exec_prefix}', '${base_prefix}', d)}"

so in theory it should fall in place if we used root_prefix here

Paulo Neves
On 7/29/22 04:44, Khem Raj wrote:
Hi Paulo


On Thu, Jul 28, 2022 at 10:03 AM Paulo Neves <ptsneves@...> wrote:
Signed-off-by: Paulo Neves <ptsneves@...>
---
  ...t-Do-not-use-private-makefile-target.patch | 68 +++++++++++++++
  ...nit-install-location-with-SYSTEM_DIR.patch | 28 -------
  ...caused-by-using-flb_free-instead-of-.patch | 43 ----------
  ...-ppc-Fix-signature-for-co_create-API.patch | 38 ---------
  ...-not-hardcode-compilation-directorie.patch | 26 ++++++
  ...GV-caused-by-using-flb_free-instead-.patch | 82 -------------------
  ...0003-mbedtls-Do-not-overwrite-CFLAGS.patch | 25 ++++++
  .../fluentbit/fluentbit/builtin-nan.patch     | 27 ------
  .../cross-build-init-system-detection.patch   | 38 ---------
  ...{fluentbit_1.3.5.bb => fluentbit_1.9.6.bb} | 44 +++++-----
  10 files changed, 139 insertions(+), 280 deletions(-)
  create mode 100644 meta-oe/recipes-extended/fluentbit/fluentbit/0001-CMakeLists.txt-Do-not-use-private-makefile-target.patch
  delete mode 100644 meta-oe/recipes-extended/fluentbit/fluentbit/0001-Control-sytemd-unit-install-location-with-SYSTEM_DIR.patch
  delete mode 100644 meta-oe/recipes-extended/fluentbit/fluentbit/0001-bin-fix-SIGSEGV-caused-by-using-flb_free-instead-of-.patch
  delete mode 100644 meta-oe/recipes-extended/fluentbit/fluentbit/0001-ppc-Fix-signature-for-co_create-API.patch
  create mode 100644 meta-oe/recipes-extended/fluentbit/fluentbit/0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch
  delete mode 100644 meta-oe/recipes-extended/fluentbit/fluentbit/0002-parser-Fix-SIGSEGV-caused-by-using-flb_free-instead-.patch
  create mode 100644 meta-oe/recipes-extended/fluentbit/fluentbit/0003-mbedtls-Do-not-overwrite-CFLAGS.patch
  delete mode 100644 meta-oe/recipes-extended/fluentbit/fluentbit/builtin-nan.patch
  delete mode 100644 meta-oe/recipes-extended/fluentbit/fluentbit/cross-build-init-system-detection.patch
  rename meta-oe/recipes-extended/fluentbit/{fluentbit_1.3.5.bb => fluentbit_1.9.6.bb} (53%)

diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-CMakeLists.txt-Do-not-use-private-makefile-target.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-CMakeLists.txt-Do-not-use-private-makefile-target.patch
new file mode 100644
index 000000000..0a80a92ed
--- /dev/null
+++ b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-CMakeLists.txt-Do-not-use-private-makefile-target.patch
@@ -0,0 +1,68 @@
+From 6a704ab7bf69cd5d6970b3a7d3ae7798b26027c1 Mon Sep 17 00:00:00 2001
+From: Paulo Neves <ptsneves@...>
+Date: Thu, 28 Jul 2022 11:28:41 +0200
+Subject: [PATCH] CMakeLists.txt Do not use private makefile $< target
+
+$< is a private detail from the Makefile generated by CMakefile and
+are not under control or to be used at the CMakeLists level. In 3.20
+that private generation changed pre-requisite targets[1] and now logs
+contain the path compiler_depend.ts instead of the actual file.
+---
+ CMakeLists.txt              | 6 +-----
+ lib/chunkio/CMakeLists.txt  | 7 +------
+ lib/cmetrics/CMakeLists.txt | 7 +------
+ 3 files changed, 3 insertions(+), 17 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 3dba5a8..d94b988 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -46,11 +46,7 @@ else()
+   set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall")
+ endif()
+
+-if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Windows")
+-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
+-else()
+-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+-endif()
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+
+ if(${CMAKE_SYSTEM_PROCESSOR} MATCHES "armv7l")
+   set(CMAKE_C_LINK_FLAGS "${CMAKE_C_LINK_FLAGS} -latomic")
+diff --git a/lib/chunkio/CMakeLists.txt b/lib/chunkio/CMakeLists.txt
+index bbe1f39..809ea93 100644
+--- a/lib/chunkio/CMakeLists.txt
++++ b/lib/chunkio/CMakeLists.txt
+@@ -14,12 +14,7 @@ else()
+   set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall ")
+ endif()
+
+-# Set __FILENAME__
+-if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Windows")
+-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
+-else()
+-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+-endif()
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+
+ include(cmake/macros.cmake)
+
+diff --git a/lib/cmetrics/CMakeLists.txt b/lib/cmetrics/CMakeLists.txt
+index 60e8774..e3d6149 100644
+--- a/lib/cmetrics/CMakeLists.txt
++++ b/lib/cmetrics/CMakeLists.txt
+@@ -34,12 +34,7 @@ set(CMT_VERSION_MINOR  3)
+ set(CMT_VERSION_PATCH  5)
+ set(CMT_VERSION_STR "${CMT_VERSION_MAJOR}.${CMT_VERSION_MINOR}.${CMT_VERSION_PATCH}")
+
+-# Define __FILENAME__ consistently across Operating Systems
+-if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Windows")
+-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
+-else()
+-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+-endif()
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+
+ # Configuration options
+ option(CMT_DEV             "Enable development mode"                   No)
diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-Control-sytemd-unit-install-location-with-SYSTEM_DIR.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-Control-sytemd-unit-install-location-with-SYSTEM_DIR.patch
deleted file mode 100644
index bf4cda08f..000000000
---
a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-Control-sytemd-unit-install-location-with-SYSTEM_DIR.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 5571f949fa2048b79c197b5b10a11ecb1891cbe9 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@...>
-Date: Sat, 23 Apr 2022 08:24:34 -0700
-Subject: [PATCH] Control sytemd unit install location with SYSTEM_DIR
-
-This helps building when usrmerge is on
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@...>
----
- src/CMakeLists.txt | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
---- a/src/CMakeLists.txt
-+++ b/src/CMakeLists.txt
-@@ -323,7 +323,11 @@ if(FLB_BINARY)
-       "${PROJECT_SOURCE_DIR}/init/systemd.in"
-       ${FLB_SYSTEMD_SCRIPT}
-       )
--    install(FILES ${FLB_SYSTEMD_SCRIPT} DESTINATION /lib/systemd/system)
-+    if(SYSTEMD_DIR)
-+        install(FILES ${FLB_SYSTEMD_SCRIPT} DESTINATION ${SYSTEMD_DIR})
-+    else()
-+        install(FILES ${FLB_SYSTEMD_SCRIPT} DESTINATION /lib/systemd/system)
-+    endif()
-     install(DIRECTORY DESTINATION ${FLB_INSTALL_CONFDIR})
-   elseif(FLB_UPSTART)
-     set(FLB_UPSTART_SCRIPT "${PROJECT_SOURCE_DIR}/init/${FLB_OUT_NAME}.conf")
diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-bin-fix-SIGSEGV-caused-by-using-flb_free-instead-of-.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-bin-fix-SIGSEGV-caused-by-using-flb_free-instead-of-.patch
deleted file mode 100644
index a6ff5991c..000000000
---
a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-bin-fix-SIGSEGV-caused-by-using-flb_free-instead-of-.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 3d7390c89c2205d1eed0384be0bb65adb675e60d Mon Sep 17 00:00:00 2001
-From: Ramon Fried <ramon@...>
-Date: Tue, 9 Feb 2021 18:59:59 +0200
-Subject: [PATCH] bin: fix SIGSEGV caused by using flb_free instead of
- mk_mem_free
-
-Upstream-Status: Accepted
-Signed-off-by: Ramon Fried <ramon@...>
----
- src/fluent-bit.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/fluent-bit.c b/src/fluent-bit.c
-index c0c73b4..989cfde 100644
---- a/src/fluent-bit.c
-+++ b/src/fluent-bit.c
-@@ -289,7 +289,7 @@ static int input_set_property(struct flb_input_instance *in, char *kv)
-                 in->p->name, key);
-     }
-
--    flb_free(key);
-+    mk_mem_free(key);
-     return ret;
- }
-
-@@ -314,7 +314,7 @@ static int output_set_property(struct flb_output_instance *out, char *kv)
-     }
-
-     ret = flb_output_set_property(out, key, value);
--    flb_free(key);
-+    mk_mem_free(key);
-     return ret;
- }
-
-@@ -340,7 +340,7 @@ static int filter_set_property(struct flb_filter_instance *filter, char *kv)
-     }
-
-     ret = flb_filter_set_property(filter, key, value);
--    flb_free(key);
-+    mk_mem_free(key);
-     return ret;
- }
-
diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-ppc-Fix-signature-for-co_create-API.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-ppc-Fix-signature-for-co_create-API.patch
deleted file mode 100644
index 1f36c657e..000000000
---
a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-ppc-Fix-signature-for-co_create-API.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From be4032079c931704f52e29f5da5c01cde24ac842 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@...>
-Date: Thu, 16 Jan 2020 10:44:58 -0800
-Subject: [PATCH] ppc: Fix signature for co_create API
-
-Upstream-Status: Submitted [https://github.com/fluent/fluent-bit/pull/1886]
-Signed-off-by: Khem Raj <raj.khem@...>
----
- lib/flb_libco/ppc.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/lib/flb_libco/ppc.c b/lib/flb_libco/ppc.c
-index e6536d56..533256b3 100644
---- a/lib/flb_libco/ppc.c
-+++ b/lib/flb_libco/ppc.c
-@@ -279,7 +279,9 @@ static uint32_t* co_create_(unsigned size, uintptr_t entry) {
-   return t;
- }
-
--cothread_t co_create(unsigned int size, void (*entry_)(void)) {
-+cothread_t co_create(unsigned int size, void (*entry_)(void),
-+                     size_t *out_size) {
-+
-   uintptr_t entry = (uintptr_t)entry_;
-   uint32_t* t = 0;
-
-@@ -325,7 +327,7 @@ cothread_t co_create(unsigned int size, void (*entry_)(void)) {
-     t[10] = (uint32_t)(sp >> shift >> shift);
-     t[11] = (uint32_t)sp;
-   }
--
-+  *out_size = size;
-   return t;
- }
-
---
-2.25.0
-
diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch
new file mode 100644
index 000000000..4358b2a51
--- /dev/null
+++ b/meta-oe/recipes-extended/fluentbit/fluentbit/0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch
@@ -0,0 +1,26 @@
+From 71dab751a27a2e582b711de22873065dd28f4b65 Mon Sep 17 00:00:00 2001
+From: Paulo Neves <ptsneves@...>
+Date: Thu, 28 Jul 2022 11:42:31 +0200
+Subject: [PATCH] flb_info.h.in: Do not hardcode compilation directories
+
+Including the source dir in the header makes the header not
+reproducible and contaminates it with host builder paths. Instead
+make it take CMAKE_DEBUG_SRCDIR that can be set to a known
+reproducible value
+---
+ include/fluent-bit/flb_info.h.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/fluent-bit/flb_info.h.in b/include/fluent-bit/flb_info.h.in
+index a89485c..2579afc 100644
+--- a/include/fluent-bit/flb_info.h.in
++++ b/include/fluent-bit/flb_info.h.in
+@@ -23,7 +23,7 @@
+ #define STR_HELPER(s)      #s
+ #define STR(s)             STR_HELPER(s)
+
+-#define FLB_SOURCE_DIR "@CMAKE_SOURCE_DIR@"
++#define FLB_SOURCE_DIR "@CMAKE_DEBUG_SRCDIR@"
+
+ /* General flags set by CMakeLists.txt */
+ @FLB_BUILD_FLAGS@
diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/0002-parser-Fix-SIGSEGV-caused-by-using-flb_free-instead-.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/0002-parser-Fix-SIGSEGV-caused-by-using-flb_free-instead-.patch
deleted file mode 100644
index 91675dfc6..000000000
---
a/meta-oe/recipes-extended/fluentbit/fluentbit/0002-parser-Fix-SIGSEGV-caused-by-using-flb_free-instead-.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 7c3b1dfb174312594d3317c24ed71c60398f653f Mon Sep 17 00:00:00 2001
-From: Ramon Fried <ramon@...>
-Date: Wed, 10 Feb 2021 04:23:36 +0200
-Subject: [PATCH] parser: Fix SIGSEGV caused by using flb_free instead of
- mk_mem_free
-
-Upstream-Status: Backport (fix only for 1.3.5)
-Signed-off-by: Ramon Fried <ramon@...>
----
- src/flb_parser.c | 28 ++++++++++++++--------------
- 1 file changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/src/flb_parser.c b/src/flb_parser.c
-index d35c568..7c20e12 100644
---- a/src/flb_parser.c
-+++ b/src/flb_parser.c
-@@ -490,7 +490,7 @@ int flb_parser_conf_file(const char *file, struct flb_config *config)
-                                        MK_RCONF_STR);
-         if (str) {
-             time_keep = flb_utils_bool(str);
--            flb_free(str);
-+            mk_mem_free(str);
-         }
-         else {
-             time_keep = FLB_FALSE;
-@@ -522,23 +522,23 @@ int flb_parser_conf_file(const char *file, struct flb_config *config)
-
-         flb_debug("[parser] new parser registered: %s", name);
-
--        flb_free(name);
--        flb_free(format);
-+        mk_mem_free(name);
-+        mk_mem_free(format);
-
-         if (regex) {
--            flb_free(regex);
-+            mk_mem_free(regex);
-         }
-         if (time_fmt) {
--            flb_free(time_fmt);
-+            mk_mem_free(time_fmt);
-         }
-         if (time_key) {
--            flb_free(time_key);
-+            mk_mem_free(time_key);
-         }
-         if (time_offset) {
--            flb_free(time_offset);
-+            mk_mem_free(time_offset);
-         }
-         if (types_str) {
--            flb_free(types_str);
-+            mk_mem_free(types_str);
-         }
-
-         decoders = NULL;
-@@ -548,19 +548,19 @@ int flb_parser_conf_file(const char *file, struct flb_config *config)
-     return 0;
-
-  fconf_error:
--    flb_free(name);
--    flb_free(format);
-+    mk_mem_free(name);
-+    mk_mem_free(format);
-     if (regex) {
--        flb_free(regex);
-+        mk_mem_free(regex);
-     }
-     if (time_fmt) {
--        flb_free(time_fmt);
-+        mk_mem_free(time_fmt);
-     }
-     if (time_key) {
--        flb_free(time_key);
-+        mk_mem_free(time_key);
-     }
-     if (types_str) {
--        flb_free(types_str);
-+        mk_mem_free(types_str);
-     }
-     if (decoders) {
-         flb_parser_decoder_list_destroy(decoders);
diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/0003-mbedtls-Do-not-overwrite-CFLAGS.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/0003-mbedtls-Do-not-overwrite-CFLAGS.patch
new file mode 100644
index 000000000..0611af9ec
--- /dev/null
+++ b/meta-oe/recipes-extended/fluentbit/fluentbit/0003-mbedtls-Do-not-overwrite-CFLAGS.patch
@@ -0,0 +1,25 @@
+From 8486b912281ae85db0c9fc05bb546f16872e114c Mon Sep 17 00:00:00 2001
+From: Paulo Neves <ptsneves@...>
+Date: Thu, 28 Jul 2022 14:37:18 +0200
+Subject: [PATCH] mbedtls: Do not overwrite CFLAGS
+
+bitbake passes CFLAGS that are often in conflict with the ones set
+in mbedtls' CMakeLists.txt. Such conflicts are the inability to use
+FORTIFY_SOURCE=2 except in release mode
+---
+ lib/mbedtls-2.28.0/CMakeLists.txt | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/lib/mbedtls-2.28.0/CMakeLists.txt b/lib/mbedtls-2.28.0/CMakeLists.txt
+index d76bddc..e717846 100644
+--- a/lib/mbedtls-2.28.0/CMakeLists.txt
++++ b/lib/mbedtls-2.28.0/CMakeLists.txt
+@@ -204,8 +204,6 @@ if(CMAKE_COMPILER_IS_GNU)
+     if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0)
+       set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation")
+     endif()
+-    set(CMAKE_C_FLAGS_RELEASE     "-O2")
+-    set(CMAKE_C_FLAGS_DEBUG       "-O0 -g3")
+     set(CMAKE_C_FLAGS_COVERAGE    "-O0 -g3 --coverage")
+     set(CMAKE_C_FLAGS_ASAN        "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+     set(CMAKE_C_FLAGS_ASANDBG     "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/builtin-nan.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/builtin-nan.patch
deleted file mode 100644
index 8ffc3be3e..000000000
--- a/meta-oe/recipes-extended/fluentbit/fluentbit/builtin-nan.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-help complier to use intrinsics, clang in few cases e.g. aarch64 can not
-and then requires linking with libm, its the only function needed from libm then
-its good to avoid needing it.
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@...>
-
---- a/include/fluent-bit/stream_processor/flb_sp_timeseries.h
-+++ b/include/fluent-bit/stream_processor/flb_sp_timeseries.h
-@@ -207,7 +207,7 @@ void cb_forecast_calc(struct timeseries
-         result = b0 + b1 * (val->f64 + *forecast->latest_x);
-         break;
-     default:
--        result = nan("");
-+        result = __builtin_nan("");
-         break;
-     }
-
-@@ -283,7 +283,7 @@ void cb_forecast_r_calc(struct timeserie
-             result = ((val->i64 - b0) / b1) - *forecast->latest_x;
-             break;
-         default:
--            result = nan("");
-+            result = __builtin_nan("");
-             break;
-         }
-
diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/cross-build-init-system-detection.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/cross-build-init-system-detection.patch
deleted file mode 100644
index d3822fc8d..000000000
---
a/meta-oe/recipes-extended/fluentbit/fluentbit/cross-build-init-system-detection.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Define CMake variables to indicate init system for target
-incase of cross compile, detecting systemd support based on
-host directory structure is not right thing to do
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.kheem@...>
-
---- a/src/CMakeLists.txt
-+++ b/src/CMakeLists.txt
-@@ -317,7 +317,7 @@ if(FLB_BINARY)
-   install(TARGETS fluent-bit-bin RUNTIME DESTINATION ${FLB_INSTALL_BINDIR})
-
-   # Detect init system, install upstart, systemd or init.d script
--  if(IS_DIRECTORY /lib/systemd/system)
-+  if(FLB_SYSTEMD)
-     set(FLB_SYSTEMD_SCRIPT "${PROJECT_SOURCE_DIR}/init/${FLB_OUT_NAME}.service")
-     configure_file(
-       "${PROJECT_SOURCE_DIR}/init/systemd.in"
-@@ -325,7 +325,7 @@ if(FLB_BINARY)
-       )
-     install(FILES ${FLB_SYSTEMD_SCRIPT} DESTINATION /lib/systemd/system)
-     install(DIRECTORY DESTINATION ${FLB_INSTALL_CONFDIR})
--  elseif(IS_DIRECTORY /usr/share/upstart)
-+  elseif(FLB_UPSTART)
-     set(FLB_UPSTART_SCRIPT "${PROJECT_SOURCE_DIR}/init/${FLB_OUT_NAME}.conf")
-     configure_file(
-       "${PROJECT_SOURCE_DIR}/init/upstart.in"
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -70,6 +70,8 @@ option(FLB_RECORD_ACCESSOR    "Enable re
- option(FLB_SYSTEM_STRPTIME    "Use strptime in system libc"  Yes)
- option(FLB_STATIC_CONF        "Build binary using static configuration")
- option(FLB_STREAM_PROCESSOR   "Enable Stream Processor"      Yes)
-+option(FLB_SYSTEMD            "Enable systemd init system"   No)
-+option(FLB_UPSTART            "Enable upstart init system"   No)
- option(FLB_CORO_STACK_SIZE    "Set coroutine stack size")
-
- # Metrics: Experimental Feature, disabled by default on 0.12 series
diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit_1.3.5.bb b/meta-oe/recipes-extended/fluentbit/fluentbit_1.9.6.bb
similarity index 53%
rename from meta-oe/recipes-extended/fluentbit/fluentbit_1.3.5.bb
rename to meta-oe/recipes-extended/fluentbit/fluentbit_1.9.6.bb
index b231cc287..1ff62767d 100644
--- a/meta-oe/recipes-extended/fluentbit/fluentbit_1.3.5.bb
+++ b/meta-oe/recipes-extended/fluentbit/fluentbit_1.9.6.bb
@@ -11,25 +11,28 @@ LICENSE = "Apache-2.0"
  LIC_FILES_CHKSUM = "file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93"
  SECTION = "net"

-SRC_URI = "http://fluentbit.io/releases/1.3/fluent-bit-${PV}.tar.gz \
+PR = "r0"
We don't need to set PR in recipe anymore

+PV = "1.9.6"
We don't need PV either since it's in the recipe name already.

+
+SRC_URI = "https://releases.fluentbit.io/1.9/source-${PV}.tar.gz;subdir=fluent-bit-${PV} \
+ file://0001-CMakeLists.txt-Do-not-use-private-makefile-target.patch \
+ file://0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch \
+           file://0003-mbedtls-Do-not-overwrite-CFLAGS.patch \
             file://jemalloc.patch \
-           file://cross-build-init-system-detection.patch \
-           file://builtin-nan.patch \
-           file://0001-ppc-Fix-signature-for-co_create-API.patch \
- file://0001-bin-fix-SIGSEGV-caused-by-using-flb_free-instead-of-.patch \
- file://0002-parser-Fix-SIGSEGV-caused-by-using-flb_free-instead-.patch \
- file://0001-Control-sytemd-unit-install-location-with-SYSTEM_DIR.patch \
does this work without patch with usrmerge distro feature on ?

             "
-SRC_URI[md5sum] = "6eae6dfd0a874e5dd270c36e9c68f747"
-SRC_URI[sha256sum] = "e037c76c89269c8dc4027a08e442fefd2751b0f1e0f9c38f9a4b12d781a9c789"
+SRC_URI[md5sum] = "ad65bb3ca55d203a467a63426e17bfae"
we don't need md5sum anymore.

+SRC_URI[sha256sum] = "5ef7dd97e10936269fe5f4e5d3ebf16559333066f7d6757ba12464a9d6186570"

  S = "${WORKDIR}/fluent-bit-${PV}"
-DEPENDS = "zlib bison-native flex-native"
+DEPENDS = "zlib bison-native flex-native openssl"
  DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
-
+PACKAGECONFIG[yaml] = "-DFLB_CONFIG_YAML=On,-DFLB_CONFIG_YAML=Off, yaml,"
+PACKAGECONFIG[kafka] = "-DFLB_OUT_KAFKA=On,-DFLB_OUT_KAFKA=Off,librdkafka"
+PACKAGECONFIG[examples] = "-DFLB_EXAMPLES=On,-DFLB_EXAMPLES=Off"
+PACKAGECONFIG[jemalloc] = "-DFLB_JEMALLOC=On,-DFLB_JEMALLOC=Off,jemalloc"
  DEPENDS:append:libc-musl = " fts "

-INSANE_SKIP:${PN}-dev += "dev-elf"
+PACKAGECONFIG ?= "yaml"
There is no recipe providing yaml in core or meta-oe, perhaps you
meant libyaml maybe ?

  LTO = ""

@@ -40,13 +43,13 @@ OECMAKE_GENERATOR ?= "Unix Makefiles"
  # ========================

  # Host related setup
-EXTRA_OECMAKE += "-DGNU_HOST=${HOST_SYS} -DFLB_ALL=ON -DFLB_TD=1"
+EXTRA_OECMAKE += "-DGNU_HOST=${HOST_SYS} -DFLB_TD=1"

  # Disable LuaJIT and filter_lua support
  EXTRA_OECMAKE += "-DFLB_LUAJIT=Off -DFLB_FILTER_LUA=Off "

  # Disable Library and examples
-EXTRA_OECMAKE += "-DFLB_SHARED_LIB=Off -DFLB_EXAMPLES=Off "
+EXTRA_OECMAKE += "-DFLB_SHARED_LIB=Off"

  # Enable systemd iff systemd is in DISTRO_FEATURES
  EXTRA_OECMAKE += "${@bb.utils.contains('DISTRO_FEATURES','systemd','-DFLB_SYSTEMD=On -DSYSTEMD_DIR=${systemd_system_unitdir}','-DFLB_SYSTEMD=Off',d)}"
@@ -54,16 +57,9 @@ EXTRA_OECMAKE += "${@bb.utils.contains('DISTRO_FEATURES','systemd','-DFLB_SYSTEM
  EXTRA_OECMAKE:append:riscv64 = " -DFLB_DEPS='atomic'"
  EXTRA_OECMAKE:append:riscv32 = " -DFLB_DEPS='atomic'"

-# Kafka Output plugin (disabled by default): note that when
-# enabling Kafka output plugin, the backend library librdkafka
-# requires 'openssl' as a dependency.
-#
-# DEPENDS += "openssl "
-# EXTRA_OECMAKE += "-DFLB_OUT_KAFKA=On "
-
  inherit cmake systemd

-CFLAGS += "-fcommon"
-
  SYSTEMD_SERVICE:${PN} = "td-agent-bit.service"
-TARGET_CC_ARCH:append = " ${SELECTED_OPTIMIZATION}"
+
+EXTRA_OECMAKE += "-DCMAKE_DEBUG_SRCDIR=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/"
+TARGET_CC_ARCH += " ${SELECTED_OPTIMIZATION}"
--
2.25.1



[meta-gnome][PATCH V2] ibus: Swith to use main branch instead of master

Khem Raj
 

Upstream has switched to using main for tip of trunk, therefore follow
it here in SRC_URI as well.

Signed-off-by: Khem Raj <raj.khem@...>
Suggested-by: Fabio Estevam <festevam@...>
Reported-by: Markus Volk <f_l_k@...>
---
meta-gnome/recipes-support/ibus/ibus.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-gnome/recipes-support/ibus/ibus.inc b/meta-gnome/recipes-support/ibus/ibus.inc
index 37a490abe0..bb662f2ec9 100644
--- a/meta-gnome/recipes-support/ibus/ibus.inc
+++ b/meta-gnome/recipes-support/ibus/ibus.inc
@@ -10,7 +10,7 @@ PV = "1.5.26"
DEPENDS = "unicode-ucd"

SRC_URI = " \
- git://github.com/ibus/ibus.git;branch=master;protocol=https \
+ git://github.com/ibus/ibus.git;branch=main;protocol=https \
file://0001-Do-not-try-to-start-dbus-we-do-not-have-dbus-lauch.patch \
"
SRCREV = "6a70ab0338206bd1c7d01a4e1874ea0ee5b3a9d3"
--
2.37.1

1681 - 1700 of 99837