Fixes security vulnerabilites [1]:
- CVE-2016-2086
- CVE-2016-2216
Also switch to the xz compressed tar file now available for v0.10 builds from
v0.10.42 onward.
[1] https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove the choice of nodejs version. Now automatically pick nodejs 0.10.x
for armv5 architectures only and the latest nodejs for all other
supported architectures.
Note that the removal of BR2_PACKAGE_NODEJS_5_X is not handled in
Config.in.legacy because buildroot has never been released with this
option included.
Signed-off-by: Martin Bark <martin@barkynet.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patches from 5.3.0 have been copied over with the following exceptions:
- Removed 0005-Fix-crash-in-GetInterfaceAddresses.patch as this has
been applied upstream
- Renamed 0006-Fix-support-for-uClibc-ng.patch to
0005-Fix-support-for-uClibc-ng.patch
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In Kconfig, when there is an item (like a comment) between a symbol and
its dependees, then the indentation is not in effect.
Move the symbol to the top of the file to guarantee the indentation in
menuconfig.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
The nodejs options incorrectly started BR2_BR2_xxx. This change corrects
the name for 0.10.x releases to BR2_PACKAGE_NODEJS_0_10_X
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix segmentation fault in node.js when using uClibc-ng.
This patch fixes bug #8296, see
https://bugs.busybox.net/show_bug.cgi?id=8296.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
nodejs is only selected for mips hard float however the comment is
displayed for hard and soft float. Correct this by adding the missing
!BR2_MIPS_SOFT_FLOAT to the comment.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove 0.12.9 to rationalise the number of nodejs releases supported by
buildroot. Going forward buildroot will only support the latest release
of nodejs and the 0.10.x branch for armv5 support.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Replace 4.2.3 with 5.3.0. 5.3.0 is the current Stable release. See
https://nodejs.org/en/blog/release/v5.3.0 for details on the release.
Copied 4.2.3 patched to 5.3.0 with the following exceptions:
- Removed 0004-fix-arm-vfpv2.patch, committed upstream and included in
5.3.0. See https://github.com/nodejs/node/commit/84dea1bd0c
- Added 0004-Fix-va_list-not-declared.patch, fix for a new bug. This
has already been fixed upstream but is not in 5.3.0
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patch #4 was applied upstream, however a new bug was introduced which breaks
building nodejs without OpenSSL support. We replace the applied patch with a
new patch to fix:
error: ‘ALLOW_INSECURE_SERVER_DHPARAM’ was not declared in this scope
ALLOW_INSECURE_SERVER_DHPARAM = true;
Patch #4 status: Sent upstream [1]
[1] https://github.com/nodejs/node/pull/4201
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also remove a patch applied upstream.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Set npm_config_prefix to $(TARGET_DIR)/usr so that npm -g will correctly
install global modules to $(TARGET_DIR)/usr/lib/node_modules.
By using npm -g to install global modules npm will now automatically create
the symlinks to executables under $(TARGET_DIR)/usr/bin.
See https://docs.npmjs.com/misc/config#global and
https://docs.npmjs.com/files/folders for information on how the prefix
setting is used by global installs.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We add a new version, because it is not API-compatible with the previous
versions.
Also, nodejs-4.1.2 requires gcc >= 4.8.
Forward-port patches from 0.12.7:
- 0001-Remove-dependency-on-Python-bz2-module.patch partially applied
upstream;
- 0002-gyp-force-link-command-to-use-CXX.patch slightly refreshed;
- 0003-Use-a-python-variable-instead-of-hardcoding-Python.patch
largely refreshed to address new occurences of hard-coded calls;
- 0004-fix-build-error-without-OpenSSL-support.patch applied upstream
- 0005-Fix-typo-for-arm-predefined-macro-in-atomicops_inte.patch
applied upstream.
New patch:
- 0004-fix-arm-vfpv2.patch to fix the gcc -mfpu option for VFPv2.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Martin Bark <martin@barkynet.com>
Cc: Jaap Crezee <jaap@jcz.nl>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
On ARM, starting with v0.12.x, the V8 JS engine is now requires at least
an armv6 and at least a VFPv2.
Since we're about to introduce the v4.x version, which has the same
requirements, introduce an intermediate variable to hold that condition.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Martin Bark <martin@barkynet.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add patch to fix typo for arm predefined macrco in (__ARM_ARCH_6KZ__
vs. __ARM_ARCH_6ZK__) in atomicops_internals_arm_gcc.h
Fixes#8391: Node.js 0.12.7 fails to build on raspberry_pi defconfig
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The musl C library does not understand the feature test macro __USE_MISC and so
libuv (built-in dependency of nodejs) does not use the correct struct stat
definition for musl:
error: ‘uv_statbuf_t’ has no member named ‘st_ctimensec’
error: ‘uv_statbuf_t’ has no member named ‘st_mtimensec’
The macro __USE_MISC is defined by glibc if _BSD_SOURCE or _SVID_SOURCE is
defined.
The libuv build system enables the feature test macro _GNU_SOURCE for linux
builds.
Since glibc 2.19, defining _GNU_SOURCE also has the effect of implicitly
defining _DEFAULT_SOURCE - the replacement for _BSD_SOURCE and _SVID_SOURCE.
In glibc versions before 2.20, defining _GNU_SOURCE also had the effect of
implicitly defining _BSD_SOURCE and _SVID_SOURCE. This is also true for uClibc.
Alltogether, we can safely replace __USE_MISC by _GNU_SOURCE to support building
nodejs 0.10.x with the musl C library.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop the minor version from the Kconfig symbol, so we can seamlessly
update the versions without having to handle legacy stuff.
Note: not adding legacy handling, as we haven't had any release with
those symbols yet.
Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Chris Becker <goabonga@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Other nodejs-related packages will need to call npm with the same set of
arguments as is currently used by the nodejs package itself.
To avoid duplicating this code, set the NPM variable so those packages can
re-use it.
Signed-off-by: Martin Bark <martin@barkynet.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Many packages use node-pre-gyp as a way of deploying precompiled binary
dependencies with fall back to compilation for other targets. Currently
installing node modules that use node-pre-gyp can fail to use the correct
binary for the target. This patch fixes this issue by correctly
configuring node-pre-gyp.
Firstly, node-gyp uses the option --arch to determine its target
architecture (which is already set correctly), however, node-pre-gyp uses
--target-arch. Without this set node.js packages that uses node-pre-gyp
will pick the wrong target architecture.
Secondly, the use of precompiled binary packages is not desirable due to
potential security and licensing issues. To solve this we use the
--build-from-source option to force node-pre-gyp to always build the C++
code.
This patch passes npm_config_target_arch and npm_config_build_from_source
to npm which causes --target-arch and --build-from-source to be passed to
node-pre-gyp.
I have tested this using the node.js package serialport which now
successfully builds and runs.
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch symlinks all executables in /usr/lib/node_modules/.bin
to /usr/bin so that node.js modules installed using
BR2_PACKAGE_NODEJS_MODULES_ADDITIONAL are accessible from the command line.
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The version of the V8 JavaScript engine used by node.js v0.12.5 requires
at least an ARMv6 architecture with VFPv2. For this reason v0.10.39
remains the default for ARMv5 targets, all other targets now default to
v0.12.5.
Signed-off-by: Martin Bark <martin@barkynet.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: fix minor Config.in formatting issues pointed by Yann.]
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that IPv6 is mandatory remove package dependencies and conditionals
for it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that largefile is mandatory removes package dependencies and
conditionals.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit doesn't touch infra packages.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Version 0.10.38 upgrades OpenSSL to version 1.0.1m, which includes fixes for
several CVEs:
- CVE-2015-0204
- CVE-2015-0286
- CVE-2015-0287
- CVE-2015-0289
- CVE-2015-0292
- CVE-2015-0293
- CVE-2015-0209
- CVE-2015-0288
Version 0.10.37 comes with a fix for CVE-2015-0278.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add support for building nodejs with hard floating ABI if supported by the
target and remove bogus comment. Buildroot does propose this tuning.
Basically, you have three cases of floating point strategies:
* soft float, i.e 'soft' in nodejs speak. This is enabled in Buildroot
when BR2_ARM_EABI=y and BR2_SOFT_FLOAT=y.
* hard float using integer registers to pass floating point arguments,
i.e 'softfp' in nodejs speak. This is enabled in Buildroot when
BR2_ARM_EABI=y and BR2_SOFT_FLOAT is disabled.
* hard float using floating pointer registers to pass floating point
arguments, i.e 'hard' in nodejs speak. This is enabled in Buildroot
when BR2_ARM_EABIHF=y.
This patch fixes "[Buildroot] Float error on SAMA5D3 Xplained using nodejs":
http://lists.busybox.net/pipermail/buildroot/2014-December/114254.html
Tested at run-time by me on a TI Beaglebone Black.
[Thomas: add qstrip call when using the BR2_GCC_TARGET_FLOAT_ABI
variable.]
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Reported-by: Cédric Heyman <c.heyman@til-technologies.fr>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit e712638b4a.
The config options --without-ssl2 and --without-ssl3 are intended to be used if
nodejs is built with the bundled OpenSSL library for excluding the SSL2 and
SSL3 features.
Both options are actual only evaluated if --without-ssl is not set:
$ cat configure | grep configure_openssl -n -A 13
619:def configure_openssl(o):
620- o['variables']['node_use_openssl'] = b(not options.without_ssl)
621- o['variables']['node_shared_openssl'] = b(options.shared_openssl)
622- o['variables']['openssl_no_asm'] = (
623- 1 if options.openssl_no_asm else 0)
624-
625- if options.without_ssl:
626- return
627-
628- if options.ssl2:
629- o['defines'] += ['OPENSSL_NO_SSL2=1']
630-
631- if options.ssl3:
632- o['defines'] += ['OPENSSL_NO_SSL3=1']
[Peter: adjusted commit text to make it clear that it is a revert]
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Tested-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Acked-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adjust the nodejs Config.in dependencies to use the per ARM
architecture BR2_ARM_CPU_ARM* options instead of the per ARM core
options.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release handles the recent POODLE vulnerability [CVE-2014-3566] by
disabling SSLv2/SSLv3 by default.
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The Buildroot coding style defines one space around make assignments and
does not align the assignment symbols.
This patch does a bulk fix of offending packages. The package
infrastructures (or more in general assignments to calculated variable
names, like $(2)_FOO) are not touched.
Alignment of line continuation characters (\) is kept as-is.
The sed command used to do this replacement is:
find * -name "*.mk" | xargs sed -i \
-e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*$#\1 \2#'
-e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*\([^\\]\+\)$#\1 \2 \3#'
-e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*\([^\\ \t]\+\s*\\\)\s*$#\1 \2 \3#'
-e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\(\s*\\\)#\1 \2\3#'
Brief explanation of this command:
^\([A-Z0-9a-z_]\+\) a regular variable at the beginning of the line
\([?:+]\?=\) any assignment character =, :=, ?=, +=
\([^\\]\+\) any string not containing a line continuation
\([^\\ \t]\+\s*\\\) string, optional whitespace, followed by a
line continuation character
\(\s*\\\) optional whitespace, followed by a line
continuation character
Hence, the first subexpression handles empty assignments, the second
handles regular assignments, the third handles regular assignments with
line continuation, and the fourth empty assignments with line
continuation.
This expression was tested on following test text: (initial tab not
included)
FOO = spaces before
FOO = spaces before and after
FOO = tab before
FOO = tab and spaces before
FOO = tab after
FOO = tab and spaces after
FOO = spaces and tab after
FOO = \
FOO = bar \
FOO = bar space \
FOO = \
GENIMAGE_DEPENDENCIES = host-pkgconf libconfuse
FOO += spaces before
FOO ?= spaces before and after
FOO :=
FOO =
FOO =
FOO =
FOO =
$(MAKE1) CROSS_COMPILE=$(TARGET_CROSS) -C
AT91BOOTSTRAP3_DEFCONFIG = \
AXEL_DISABLE_I18N=--i18n=0
After this bulk change, following manual fixups were done:
- fix line continuation alignment in cegui06 and spice (the sed
expression leaves the number of whitespace between the value and line
continuation character intact, but the whitespace before that could have
changed, causing misalignment.
- qt5base was reverted, as this package uses extensive alignment which
actually makes the code more readable.
Finally, the end result was manually reviewed.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Cc: Yann E. Morin <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>