diff options
author | Peter Korsgaard <peter@korsgaard.com> | 2016-12-02 21:16:52 +0100 |
---|---|---|
committer | Thomas Petazzoni <thomas.petazzoni@free-electrons.com> | 2016-12-03 00:01:13 +0100 |
commit | 7fe6b5d9dc88708ba5141ef5c8aa923a6ae54339 (patch) | |
tree | 84515b3130932ee6ab5f1c0e3c77121d0751b0d2 /package/nodejs/0.10.48 | |
parent | b04a707e7e36c9784d5a53a4087e8ad3f609c937 (diff) |
nodejs: security bump 0.10.x series to 0.10.48
c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
information at https://c-ares.haxx.se/adv_20160929.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'package/nodejs/0.10.48')
4 files changed, 133 insertions, 0 deletions
diff --git a/package/nodejs/0.10.48/0001-remove-python-bz2-dependency.patch b/package/nodejs/0.10.48/0001-remove-python-bz2-dependency.patch new file mode 100644 index 000000000..75fe43750 --- /dev/null +++ b/package/nodejs/0.10.48/0001-remove-python-bz2-dependency.patch @@ -0,0 +1,27 @@ +Remove dependency on Python bz2 module + +The Python bz2 module is only needed in certain cases, so only import +it when needed. In the normal nodejs build, this allows to remove the +dependency on this module. + +Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> +Index: b/deps/v8/tools/js2c.py +=================================================================== +--- a/deps/v8/tools/js2c.py ++++ b/deps/v8/tools/js2c.py +@@ -33,7 +33,6 @@ + + import os, re, sys, string + import jsmin +-import bz2 + + + def ToCAsciiArray(lines): +@@ -344,6 +343,7 @@ + else: + raw_sources_declaration = RAW_SOURCES_COMPRESSION_DECLARATION + if env['COMPRESSION'] == 'bz2': ++ import bz2 + all_sources = bz2.compress("".join(all_sources)) + total_length = len(all_sources) + sources_data = ToCArray(all_sources) diff --git a/package/nodejs/0.10.48/0002-gyp-force-link-command-to-use-CXX.patch b/package/nodejs/0.10.48/0002-gyp-force-link-command-to-use-CXX.patch new file mode 100644 index 000000000..a2f02abf3 --- /dev/null +++ b/package/nodejs/0.10.48/0002-gyp-force-link-command-to-use-CXX.patch @@ -0,0 +1,26 @@ +From 00d809e9305241f8636a2d75e22c493293e6971a Mon Sep 17 00:00:00 2001 +From: Samuel Martin <s.martin49@gmail.com> +Date: Sun, 20 Apr 2014 15:03:01 +0200 +Subject: [PATCH] gyp: force link command to use CXX + +Signed-off-by: Samuel Martin <s.martin49@gmail.com> +--- + tools/gyp/pylib/gyp/generator/make.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/gyp/pylib/gyp/generator/make.py b/tools/gyp/pylib/gyp/generator/make.py +index 0de510e..54e4c96 100644 +--- a/tools/gyp/pylib/gyp/generator/make.py ++++ b/tools/gyp/pylib/gyp/generator/make.py +@@ -134,7 +134,7 @@ cmd_alink_thin = rm -f $@ && $(AR.$(TOOLSET)) crsT $@ $(filter %.o,$^) + # special "figure out circular dependencies" flags around the entire + # input list during linking. + quiet_cmd_link = LINK($(TOOLSET)) $@ +-cmd_link = $(LINK.$(TOOLSET)) $(GYP_LDFLAGS) $(LDFLAGS.$(TOOLSET)) -o $@ -Wl,--start-group $(LD_INPUTS) -Wl,--end-group $(LIBS) ++cmd_link = $(CXX.$(TOOLSET)) $(GYP_LDFLAGS) $(LDFLAGS.$(TOOLSET)) -o $@ -Wl,--start-group $(LD_INPUTS) -Wl,--end-group $(LIBS) + + # We support two kinds of shared objects (.so): + # 1) shared_library, which is just bundling together many dependent libraries +-- +1.9.2 + diff --git a/package/nodejs/0.10.48/0003-fix-musl-USE-MISC-build-issue.patch b/package/nodejs/0.10.48/0003-fix-musl-USE-MISC-build-issue.patch new file mode 100644 index 000000000..128058df2 --- /dev/null +++ b/package/nodejs/0.10.48/0003-fix-musl-USE-MISC-build-issue.patch @@ -0,0 +1,47 @@ +From 0bc482abeb814573251ecafb5a1e045c885b13a2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Krause?= <joerg.krause@embedded.rocks> +Date: Mon, 25 May 2015 16:22:57 +0200 +Subject: [PATCH 1/1] Fix musl __USE_MISC issue +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The musl C library does not define __USE_MISC and so libuv (built-in dependency) +does not use the correct struct stat definition for musl. + +The feature test macro __USE_MISC is defined by glibc if _BSD_SOURCE or +_SVID_SOURCE is defined. + +The libuv build system enables the feature test macro _GNU_SOURCE for linux +builds. + +Since glibc 2.19, defining _GNU_SOURCE also has the effect of implicitly +defining _DEFAULT_SOURCE - the replacement for _BSD_SOURCE and _SVID_SOURCE. + +In glibc versions before 2.20, defining _GNU_SOURCE also had the effect of +implicitly defining _BSD_SOURCE and _SVID_SOURCE. This is also true for uClibc. + +Alltogether, we can safely replace __USE_MISC by _GNU_SOURCE to support building +nodejs 0.10.x with the musl C library. + +Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> +--- + deps/uv/src/fs-poll.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/deps/uv/src/fs-poll.c b/deps/uv/src/fs-poll.c +index ad27f18..094447e 100644 +--- a/deps/uv/src/fs-poll.c ++++ b/deps/uv/src/fs-poll.c +@@ -198,7 +198,7 @@ static int statbuf_eq(const uv_statbuf_t* a, const uv_statbuf_t* b) { + + /* Jump through a few hoops to get sub-second granularity on Linux. */ + # if defined(__linux__) +-# if defined(__USE_MISC) /* _BSD_SOURCE || _SVID_SOURCE */ ++# if defined(_GNU_SOURCE) /* _BSD_SOURCE || _SVID_SOURCE */ + if (a->st_ctim.tv_nsec != b->st_ctim.tv_nsec) return 0; + if (a->st_mtim.tv_nsec != b->st_mtim.tv_nsec) return 0; + # else +-- +2.4.1 + diff --git a/package/nodejs/0.10.48/0004-Fix-support-for-uClibc-ng.patch b/package/nodejs/0.10.48/0004-Fix-support-for-uClibc-ng.patch new file mode 100644 index 000000000..59b9d5044 --- /dev/null +++ b/package/nodejs/0.10.48/0004-Fix-support-for-uClibc-ng.patch @@ -0,0 +1,33 @@ +From 1cc08f6ceacbb0e5ba1f4638ca3a97ac002d7792 Mon Sep 17 00:00:00 2001 +From: "Bark, Martin" <martin.bark@te.com> +Date: Mon, 14 Dec 2015 13:26:10 +0000 +Subject: [PATCH 2/2] Fix support for uClibc-ng + +uClibc-ng is currently at v1.0.9. The patch corrects the uClibc +version test so that HAVE_IFADDRS_H is defined for uClibc versions +after v0.9.32. + +Submitted upstream to libuv and accepted, see +https://github.com/libuv/libuv/pull/653 and +https://github.com/libuv/libuv/commit/c861972 + +Signed-off-by: Bark, Martin <martin.bark@te.com> +--- + deps/uv/src/unix/linux-core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/deps/uv/src/unix/linux-core.c b/deps/uv/src/unix/linux-core.c +index e6e6828..6cbbb71 100644 +--- a/deps/uv/src/unix/linux-core.c ++++ b/deps/uv/src/unix/linux-core.c +@@ -39,7 +39,7 @@ + #define HAVE_IFADDRS_H 1 + + #ifdef __UCLIBC__ +-# if __UCLIBC_MAJOR__ < 0 || __UCLIBC_MINOR__ < 9 || __UCLIBC_SUBLEVEL__ < 32 ++# if __UCLIBC_MAJOR__ < 0 && __UCLIBC_MINOR__ < 9 && __UCLIBC_SUBLEVEL__ < 32 + # undef HAVE_IFADDRS_H + # endif + #endif +-- +2.6.2 |