NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72,042 Commits 5 Branches 387 Tags 143 MiB
Makefile 63.3%
Python 16.3%
C 9.1%
Shell 5.9%
PHP 2.7%
Other 2.3%
d2865a73fa
Go to file
Marcus Hoffmann d2865a73fa package/nodejs: security bump to v20.15.1 
Release Notes: https://nodejs.org/en/blog/release/v20.15.1

Fixes the following CVE's:

CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
CVE-2024-22018 - fs.lstat bypasses permission model (Low)
CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
CVE-2024-37372 - Permission model improperly processes UNC paths (Low)

Also these additional CVE's were fixed in the v20.12.1 and v20.12.2 releases [1][2]:

CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

NodeJS tests are passing:
$ ./support/testing/run-tests -o ./outputs/ -k tests.package.test_nodejs -d dl
12:02:58 TestNodeJSModuleHostSrc                  Starting
12:02:58 TestNodeJSModuleHostSrc                  Building
13:17:15 TestNodeJSModuleHostSrc                  Building done
13:17:23 TestNodeJSModuleHostSrc                  Cleaning up
.13:17:23 TestNodeJSModuleHostBin                  Starting
13:17:23 TestNodeJSModuleHostBin                  Building
14:06:15 TestNodeJSModuleHostBin                  Building done
14:06:20 TestNodeJSModuleHostBin                  Cleaning up
.14:06:20 TestNodeJSBasic                          Starting
14:06:20 TestNodeJSBasic                          Building
14:55:40 TestNodeJSBasic                          Building done
14:55:45 TestNodeJSBasic                          Cleaning up

LICENSE hash changed due to changes in vendored components:

* copyright year update and adding spdx identifier [1]

[1] https://nodejs.org/en/blog/release/v20.12.1
[2] https://nodejs.org/en/blog/release/v20.12.2
[3] d5a316f5ea

Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bffb6a2339bbfe28a0ca2399716c3966af4a623c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-08-28 09:19:35 +02:00
.github .github: add a pull request warning that explains the mailing list workflow 2024-05-07 18:09:38 +02:00
.gitlab/issue_templates gitlab: add default issue template 2024-07-11 00:01:44 +02:00
arch arch/Config.in.x86: enable SSE2 on Pentium M 2024-06-08 13:05:27 +02:00
board configs/stm32mp157a_dk1: add hashes 2024-07-31 18:48:06 +02:00
boot boot/syslinux: fix building with GCC 14.x 2024-07-28 09:07:29 +02:00
configs configs/stm32mp157a_dk1: add hashes 2024-07-31 18:48:06 +02:00
docs docs/manual: normalize delimiters of listing blocks 2024-08-07 00:39:49 +02:00
fs fs/tar: use appropriate TAR 2024-06-15 20:28:56 +02:00
linux {linux, linux-headers}: bump 4.19.x / 5.{4, 10, 15}.x / 6.{1, 6, 9}.x series 2024-07-11 20:29:31 +02:00
package package/nodejs: security bump to v20.15.1 2024-08-28 09:19:35 +02:00
support support/testing: add python-asn1crypto runtime test 2024-08-27 18:10:07 +02:00
system system: expose BR2_ROOTFS_POST_SCRIPT_ARGS for PRE_BUILD scripts 2024-04-28 14:07:55 +02:00
toolchain package/boost: Boost.Atomic needs atomic intrinsics 2024-08-09 21:33:38 +02:00
utils utils/checkpackagelib: extend hint about unprefixed variables 2024-08-12 15:08:15 +02:00
.b4-config .b4-config: configure b4 for Buildroot 2024-08-20 19:11:53 +02:00
.checkpackageignore package/gcc: bump 12.x series to 12.4 2024-08-10 11:11:08 +02:00
.clang-format .clang-format: initial import from Linux 5.15.6 2022-01-01 15:01:13 +01:00
.defconfig
.editorconfig editorconfig: leave patch files alone wrt trainling spaces 2024-06-16 12:24:58 +02:00
.flake8
.gitignore
.gitlab-ci.yml support/misc/gitlab-ci.yml.in: retry a job only if it failed due to a runner issue 2023-08-27 10:09:37 +02:00
.shellcheckrc utils/check-package: improve shellcheck reproducibility 2022-07-25 23:52:47 +02:00
CHANGES Update for 2024.02.5 2024-08-14 13:32:31 +02:00
Config.in Config.in: drop --passive-ftp from default wget options 2024-06-08 20:12:16 +02:00
Config.in.legacy toolchain: drop codescape mips toolchains 2024-03-22 20:51:35 +01:00
COPYING
DEVELOPERS support/testing: add python-asn1crypto runtime test 2024-08-27 18:10:07 +02:00
Makefile Update for 2024.02.5 2024-08-14 13:32:31 +02:00
Makefile.legacy
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on OFTC IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches