Fixes security vulnerabilites [1]:
- CVE-2016-2086
- CVE-2016-2216
Also switch to the xz compressed tar file now available for v0.10 builds from
v0.10.42 onward.
[1] https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is an important security release. See
https://nodejs.org/en/blog/release/v5.6.0/ for further details
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patches from 5.3.0 have been copied over with the following exceptions:
- Removed 0005-Fix-crash-in-GetInterfaceAddresses.patch as this has
been applied upstream
- Renamed 0006-Fix-support-for-uClibc-ng.patch to
0005-Fix-support-for-uClibc-ng.patch
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove 0.12.9 to rationalise the number of nodejs releases supported by
buildroot. Going forward buildroot will only support the latest release
of nodejs and the 0.10.x branch for armv5 support.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Replace 4.2.3 with 5.3.0. 5.3.0 is the current Stable release. See
https://nodejs.org/en/blog/release/v5.3.0 for details on the release.
Copied 4.2.3 patched to 5.3.0 with the following exceptions:
- Removed 0004-fix-arm-vfpv2.patch, committed upstream and included in
5.3.0. See https://github.com/nodejs/node/commit/84dea1bd0c
- Added 0004-Fix-va_list-not-declared.patch, fix for a new bug. This
has already been fixed upstream but is not in 5.3.0
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patch #4 was applied upstream, however a new bug was introduced which breaks
building nodejs without OpenSSL support. We replace the applied patch with a
new patch to fix:
error: ‘ALLOW_INSECURE_SERVER_DHPARAM’ was not declared in this scope
ALLOW_INSECURE_SERVER_DHPARAM = true;
Patch #4 status: Sent upstream [1]
[1] https://github.com/nodejs/node/pull/4201
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also remove a patch applied upstream.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We add a new version, because it is not API-compatible with the previous
versions.
Also, nodejs-4.1.2 requires gcc >= 4.8.
Forward-port patches from 0.12.7:
- 0001-Remove-dependency-on-Python-bz2-module.patch partially applied
upstream;
- 0002-gyp-force-link-command-to-use-CXX.patch slightly refreshed;
- 0003-Use-a-python-variable-instead-of-hardcoding-Python.patch
largely refreshed to address new occurences of hard-coded calls;
- 0004-fix-build-error-without-OpenSSL-support.patch applied upstream
- 0005-Fix-typo-for-arm-predefined-macro-in-atomicops_inte.patch
applied upstream.
New patch:
- 0004-fix-arm-vfpv2.patch to fix the gcc -mfpu option for VFPv2.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Martin Bark <martin@barkynet.com>
Cc: Jaap Crezee <jaap@jcz.nl>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The version of the V8 JavaScript engine used by node.js v0.12.5 requires
at least an ARMv6 architecture with VFPv2. For this reason v0.10.39
remains the default for ARMv5 targets, all other targets now default to
v0.12.5.
Signed-off-by: Martin Bark <martin@barkynet.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Version 0.10.38 upgrades OpenSSL to version 1.0.1m, which includes fixes for
several CVEs:
- CVE-2015-0204
- CVE-2015-0286
- CVE-2015-0287
- CVE-2015-0289
- CVE-2015-0292
- CVE-2015-0293
- CVE-2015-0209
- CVE-2015-0288
Version 0.10.37 comes with a fix for CVE-2015-0278.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
