nodejs requires libuv and by default will use an internal copy
bundled with the release. Change to using a shared libuv library.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
nodejs requires libhttpparser and by default will use an internal copy
bundled with the release. Change to using a shared libhttpparser library.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
nodejs requires c-ares and by default will use an internal copy
bundled with the release. Change to using a shared c-ares library.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet was
crafted in a particular way. This patch checks that there is enough data
for the required elements of an NAPTR record (2 int16, 3 bytes for string
lengths) before processing a record.
See https://nodejs.org/en/blog/release/v8.1.4/
[Peter: add CVE info]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since things are no longer installed in $(HOST_DIR)/usr, the callers
should also not refer to it.
This is a mechanical change with
git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove the redundant usr/ component of the HOST_DIR paths. Since a
previous commit added a symlink from $(HOST_DIR)/usr to $(HOST_DIR),
everything keeps on working.
This is a mechanical change with
git grep -l '\$(HOST_DIR)/usr' | xargs sed -i 's%\(prefix\|PREFIX\)=\("\?\)\$(HOST_DIR)/usr%\1=\2$(HOST_DIR)%g'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
http://autobuild.buildroot.net/results/1d6/1d6bbef2cb0c8c2e00b6d7511814ff9ddb2e3073/http://autobuild.buildroot.net/results/4c7/4c7fc92a42405e25f41394fa44f5bdc27a4538c4/
Apperently if both icu and nodejs are enabled during the nodejs host build
the nodejs buildsystem gets confused by the icu version installed by
Buildroot (icu 58.2) and the one bundled with the nodejs source tree(icu
57), which ends up in linking-time errors as:
"""
undefined reference to
`icu_58::NumberFormat::format(icu_58::StringPiece,
icu_58::UnicodeString&, icu_58::FieldPositionIterator*, UErrorCode&)
const'
"""
(note the icu_58 in the symbol name while the bundled icu version is 57)
This patch disables the (not used) i18n support in the nodejs host build
config in order to fix the issue. The issue doesn't affect the target build of
nodejs.
[Peter: add autobuilder references]
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove the choice of nodejs version. Now automatically pick nodejs 0.10.x
for armv5 architectures only and the latest nodejs for all other
supported architectures.
Note that the removal of BR2_PACKAGE_NODEJS_5_X is not handled in
Config.in.legacy because buildroot has never been released with this
option included.
Signed-off-by: Martin Bark <martin@barkynet.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Set npm_config_prefix to $(TARGET_DIR)/usr so that npm -g will correctly
install global modules to $(TARGET_DIR)/usr/lib/node_modules.
By using npm -g to install global modules npm will now automatically create
the symlinks to executables under $(TARGET_DIR)/usr/bin.
See https://docs.npmjs.com/misc/config#global and
https://docs.npmjs.com/files/folders for information on how the prefix
setting is used by global installs.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We add a new version, because it is not API-compatible with the previous
versions.
Also, nodejs-4.1.2 requires gcc >= 4.8.
Forward-port patches from 0.12.7:
- 0001-Remove-dependency-on-Python-bz2-module.patch partially applied
upstream;
- 0002-gyp-force-link-command-to-use-CXX.patch slightly refreshed;
- 0003-Use-a-python-variable-instead-of-hardcoding-Python.patch
largely refreshed to address new occurences of hard-coded calls;
- 0004-fix-build-error-without-OpenSSL-support.patch applied upstream
- 0005-Fix-typo-for-arm-predefined-macro-in-atomicops_inte.patch
applied upstream.
New patch:
- 0004-fix-arm-vfpv2.patch to fix the gcc -mfpu option for VFPv2.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Martin Bark <martin@barkynet.com>
Cc: Jaap Crezee <jaap@jcz.nl>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Other nodejs-related packages will need to call npm with the same set of
arguments as is currently used by the nodejs package itself.
To avoid duplicating this code, set the NPM variable so those packages can
re-use it.
Signed-off-by: Martin Bark <martin@barkynet.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Many packages use node-pre-gyp as a way of deploying precompiled binary
dependencies with fall back to compilation for other targets. Currently
installing node modules that use node-pre-gyp can fail to use the correct
binary for the target. This patch fixes this issue by correctly
configuring node-pre-gyp.
Firstly, node-gyp uses the option --arch to determine its target
architecture (which is already set correctly), however, node-pre-gyp uses
--target-arch. Without this set node.js packages that uses node-pre-gyp
will pick the wrong target architecture.
Secondly, the use of precompiled binary packages is not desirable due to
potential security and licensing issues. To solve this we use the
--build-from-source option to force node-pre-gyp to always build the C++
code.
This patch passes npm_config_target_arch and npm_config_build_from_source
to npm which causes --target-arch and --build-from-source to be passed to
node-pre-gyp.
I have tested this using the node.js package serialport which now
successfully builds and runs.
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch symlinks all executables in /usr/lib/node_modules/.bin
to /usr/bin so that node.js modules installed using
BR2_PACKAGE_NODEJS_MODULES_ADDITIONAL are accessible from the command line.
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Version 0.10.38 upgrades OpenSSL to version 1.0.1m, which includes fixes for
several CVEs:
- CVE-2015-0204
- CVE-2015-0286
- CVE-2015-0287
- CVE-2015-0289
- CVE-2015-0292
- CVE-2015-0293
- CVE-2015-0209
- CVE-2015-0288
Version 0.10.37 comes with a fix for CVE-2015-0278.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add support for building nodejs with hard floating ABI if supported by the
target and remove bogus comment. Buildroot does propose this tuning.
Basically, you have three cases of floating point strategies:
* soft float, i.e 'soft' in nodejs speak. This is enabled in Buildroot
when BR2_ARM_EABI=y and BR2_SOFT_FLOAT=y.
* hard float using integer registers to pass floating point arguments,
i.e 'softfp' in nodejs speak. This is enabled in Buildroot when
BR2_ARM_EABI=y and BR2_SOFT_FLOAT is disabled.
* hard float using floating pointer registers to pass floating point
arguments, i.e 'hard' in nodejs speak. This is enabled in Buildroot
when BR2_ARM_EABIHF=y.
This patch fixes "[Buildroot] Float error on SAMA5D3 Xplained using nodejs":
http://lists.busybox.net/pipermail/buildroot/2014-December/114254.html
Tested at run-time by me on a TI Beaglebone Black.
[Thomas: add qstrip call when using the BR2_GCC_TARGET_FLOAT_ABI
variable.]
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Reported-by: Cédric Heyman <c.heyman@til-technologies.fr>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit e712638b4a.
The config options --without-ssl2 and --without-ssl3 are intended to be used if
nodejs is built with the bundled OpenSSL library for excluding the SSL2 and
SSL3 features.
Both options are actual only evaluated if --without-ssl is not set:
$ cat configure | grep configure_openssl -n -A 13
619:def configure_openssl(o):
620- o['variables']['node_use_openssl'] = b(not options.without_ssl)
621- o['variables']['node_shared_openssl'] = b(options.shared_openssl)
622- o['variables']['openssl_no_asm'] = (
623- 1 if options.openssl_no_asm else 0)
624-
625- if options.without_ssl:
626- return
627-
628- if options.ssl2:
629- o['defines'] += ['OPENSSL_NO_SSL2=1']
630-
631- if options.ssl3:
632- o['defines'] += ['OPENSSL_NO_SSL3=1']
[Peter: adjusted commit text to make it clear that it is a revert]
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Tested-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Acked-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release handles the recent POODLE vulnerability [CVE-2014-3566] by
disabling SSLv2/SSLv3 by default.
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
