| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A malicious
website could use a DNS rebinding attack to trick a web browser to bypass
same-origin-policy checks and allow HTTP connections to localhost or to
hosts on the local network, potentially to an open inspector port as a
debugger, therefore gaining full code execution access. The inspector now
only allows connections that have a browser Host value of localhost or
localhost6.
- Fix for 'path' module regular expression denial of service
(CVE-2018-7158): A regular expression used for parsing POSIX paths could
be used to cause a denial of service if an attacker were able to have a
specially crafted path string passed through one of the impacted 'path'
module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The
Node.js HTTP parser allowed for spaces inside Content-Length header
values. Such values now lead to rejected connections in the same way as
non-numeric values.
While we are at it, also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7f02604553bc3c8449d6a112818f038e99abbdaf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v8.10.0/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit df33aae5f59eaaf40e800acdfefc83e57216ffe8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v8.9.4/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v8.9.3/
[Peter: mention that this fixes security issues]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes the warnings reported by check-package on the help
text of all package Config.in files, related to the formatting of the
help text: should start with a tab, then 2 spaces, then at most 62
characters.
The vast majority of warnings fixed were caused by too long lines. A
few warnings were related to spaces being used instead of a tab to
indent the help text.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v8.9.1/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes a regression introduced in 8.8.0.
See https://nodejs.org/en/blog/release/v8.8.1/
Peter: apply on top of 8.8.0, mention that it fixes regression]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with windowBits
set to 8. On some versions this crashes Node and you cannot recover from
it, while on some versions it throws an exception. Node.js will now
gracefully set windowBits to 9 replicating the legacy behavior to avoid a
DOS vector.
For more details, see the announcement:
https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <<a href="mailto:peter@korsgaard.com">peter@korsgaard.com</a>><br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v8.6.0/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
| |
|
|
|
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v8.4.0/
An update to v8 6.0.286 has removed the need for mkpeephole and
0002-add-missing-stdarg-includes.patch
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
https://nodejs.org/en/blog/release/v8.2.1/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
| |
nodejs requires libuv and by default will use an internal copy
bundled with the release. Change to using a shared libuv library.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
nodejs requires libhttpparser and by default will use an internal copy
bundled with the release. Change to using a shared libhttpparser library.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
nodejs requires c-ares and by default will use an internal copy
bundled with the release. Change to using a shared c-ares library.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet was
crafted in a particular way. This patch checks that there is enough data
for the required elements of an NAPTR record (2 int16, 3 bytes for string
lengths) before processing a record.
See https://nodejs.org/en/blog/release/v8.1.4/
[Peter: add CVE info]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since things are no longer installed in $(HOST_DIR)/usr, the callers
should also not refer to it.
This is a mechanical change with
git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove the redundant usr/ component of the HOST_DIR paths. Since a
previous commit added a symlink from $(HOST_DIR)/usr to $(HOST_DIR),
everything keeps on working.
This is a mechanical change with
git grep -l '\$(HOST_DIR)/usr' | xargs sed -i 's%\(prefix\|PREFIX\)=\("\?\)\$(HOST_DIR)/usr%\1=\2$(HOST_DIR)%g'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cctest is a test package that is built by default. We don't use of it
and recently it has been failing to build in the host-nodejs builds
so disable it.
Fixes:
http://autobuild.buildroot.net/results/1d7642073d169de941e74dc3a0efba6e992e2de7
http://autobuild.buildroot.net/results/8801109c1976e1c7a08dc4036c6a38efdbb8cd7e
http://autobuild.buildroot.net/results/6d52bc9fef4c9f12f0091e93c020ab2cd4c4c5a1
http://autobuild.buildroot.net/results/a8b8a781bdea668b657311c68b6f0ca0f74169c7
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v8.1.2/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v8.0.0/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v7.10.0/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BR2_PACKAGE_NODEJS_MODULES_COFFEESCRIPT has been deprecated. To continue
using add coffee-script to BR2_PACKAGE_NODEJS_MODULES_ADDITIONAL.
Fixes:
http://autobuild.buildroot.org/results/0e4fb1a615ab9654ad2b4b1274a34583e02aa44e
http://autobuild.buildroot.org/results/fabf2f5f25c62be615fd09e59e6ad9234385645f
http://autobuild.buildroot.org/results/8653d78a190df1e691f52a911d8153104c46226b
http://autobuild.buildroot.org/results/2fc7e5e64ad6ced02a47e5062176d316eed0f43b
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BR2_PACKAGE_NODEJS_MODULES_EXPRESS has been deprecated. To continue using
add express to BR2_PACKAGE_NODEJS_MODULES_ADDITIONAL
Fixes:
http://autobuild.buildroot.org/results/fcfa38e98c22c8809452f7d0ee86dfe2e9d2482f
http://autobuild.buildroot.org/results/946996fa78c7814d1e0ea0ef1239c6eb0c7aa8dd
http://autobuild.buildroot.org/results/df920e7b17617f1e4867d94eda52cab38f7b0622
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v7.9.0/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v7.8.0/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v7.7.3/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v7.7.2/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
nodejs 0.10.x is now end of life and is no longer maintained so remove it.
See https://github.com/nodejs/LTS
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
http://autobuild.buildroot.net/results/833/8334631b54fdfd43d38ca00f42e4d5a98e3a70c4/
http://autobuild.buildroot.net/results/9c0/9c08e0b745fab671123facb4a46f60eec5afd718/
Commit 24d90db52a74 (package/nodejs: disable icu support for host build)
added --with-intl=none to host configure flags to fix an issue related to
icu. The 0.10.x version unfortunately doesn't understand this configure
flag and errors out when provided, breaking the build:
configure: error: no such option: --with-intl
The 0.10.x version doesn't seem to have this icu issue (E.G. no autobuilder
issues before this commit and unable to reproduce locally), so fix it by
only passing --with-intl=none for the 6.9.x version.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
http://autobuild.buildroot.net/results/1d6/1d6bbef2cb0c8c2e00b6d7511814ff9ddb2e3073/
http://autobuild.buildroot.net/results/4c7/4c7fc92a42405e25f41394fa44f5bdc27a4538c4/
Apperently if both icu and nodejs are enabled during the nodejs host build
the nodejs buildsystem gets confused by the icu version installed by
Buildroot (icu 58.2) and the one bundled with the nodejs source tree(icu
57), which ends up in linking-time errors as:
"""
undefined reference to
`icu_58::NumberFormat::format(icu_58::StringPiece,
icu_58::UnicodeString&, icu_58::FieldPositionIterator*, UErrorCode&)
const'
"""
(note the icu_58 in the symbol name while the bundled icu version is 57)
This patch disables the (not used) i18n support in the nodejs host build
config in order to fix the issue. The issue doesn't affect the target build of
nodejs.
[Peter: add autobuilder references]
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
| |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
| |
Commit 3fd9c062e (nodejs: bump to version 6.9.2) bumped the 6.x version but
forgot to rename the patch directory, so the patches were no longer used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
| |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
| |
c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
information at https://c-ares.haxx.se/adv_20160929.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
| |
https://nodejs.org/en/blog/release/v6.9.1/
The patches from 6.7.0 have been copied to 6.9.1.
Signed-off-by: Patrick Devlin <cloudyparts@icloud.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://nodejs.org/en/blog/release/v6.7.0/
The patches from 6.2.1 have been copied to 6.7.0 with the following
changes:
- Add 0002-inspector-don-t-build-when-ssl-support-is-disabled.patch
to disable the new V8 inspector when openssl is not included.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
| |
https://nodejs.org/en/blog/release/v0.10.47/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
| |
The only menu was "Module Selection", even though it contained
options (like "NPM for target") which are not related to selecting
modules. This commit therefore removes the menu ... endmenu.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
icu support was added to nodejs in commit 7d0702a, however, 0.10.x does
not have support for icu. The 0.10.x configure script will error
if it is passed the --with-intl option. This commit removes icu support
from 0.10.x.
Fixes:
http://autobuild.buildroot.net/results/932e4ec24623592255f234a098f7a90ef2ad8063
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
| |
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
| |
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
| |
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
| |
Most packages in buildroot pass a FOO_CONF_OPTS variable into the
configure script. Transition nodejs to follow this convention.
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v6.2.1/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v0.10.45/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
See https://nodejs.org/en/blog/release/v6.1.0/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
