The CVE_PRODUCT is set with a weak default assignment in the cve-check.bbclass,
which means that when the recipe uses +=, it overrides the original weak adefault
value instead of appending to it.
Set all applicable values in CVE_PRODUCT variable explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The following CVEs fixed in this version:
CVE-2023-23918
CVE-2023-23919
CVE-2023-23920
CVE-2023-23936
CVE-2023-24807
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Distutils package and pipes are deprecated and slated for removal in Python 3.13 for Nodejs 16.18
Replaced distutils with setuptools
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
* Drop Openssl legacy provider patch and install both binaries patch
which are already available in 16.x
* Refresh native binaries patch against 16.x base
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This implements an 'npm cache add' like functionality but allows to
specify the key of the data and sets metadata which are required to
find the data.
It is used to cache information as done during 'npm install'.
Keyformat and metadata are nodejs version specific.
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Current nodejs version v16 does not fully support new OpenSSL, so add option
to use legacy provider.
| opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
| library: 'digital envelope routines',
| reason: 'unsupported',
| code: 'ERR_OSSL_EVP_UNSUPPORTED'
It was blindly removed by upgrade to 16.14.0 version
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Current nodejs version does not fully support new OpenSSL, so add option
to use legacy provider.
| opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
| library: 'digital envelope routines',
| reason: 'unsupported',
| code: 'ERR_OSSL_EVP_UNSUPPORTED'
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* The destination file name does not need to be specified to install
if it matches the source file name (and -D is not used).
* Mode 0755 does not need to be specified to install as it is the
default.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The rewrite of the npm shebang to use an absolute path was removed in
version 7.0.0.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
npm-cli.js should be symlinked only when the file is present
the file may not be available if the configure option is --without-npm
Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
"BSD" is ambiguous, use the precise licenses BSD-2-Clause and BSD-3-Clause.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* This is new LTS release
* Add patch to fix build on mips/mips64
* Add patch to build with new c-ares 2.17+
* Enhance native binaries patch to include additional native torque use
* Drop mips-warnings.patch and python 3.10 support patch which is
already available in 16.x
* Refresh rest of patches against 16.x base
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Reflect new location of gtest sources
remove node-inspect from license
update Acorn to v8.4.1
Use internal openssl until nodejs is fixed to work with openssl3
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This resolves openssl 3.x errors until upstream addresses them properly.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2G is too much for qemu-mips and perhaps also for real mips devices
as we use qemu-usermode during build to run host pieces like mksnapshot
they fail, reducing the allocation range helps
Fixes
| LD_LIBRARY_PATH=/mnt/b/yoe/master/build/tmp/work/mips32r2-yoe-linux/nodejs/14.16.1-r0/node-v14.16.1/out/Release/lib.host:/mnt/b/yoe/master/build/tmp/work/mips32r2-yoe-linux/nodejs/14.16.1-r0/node-v14.16.1
/out/Release/lib.target:$LD_LIBRARY_PATH; export LD_LIBRARY_PATH; cd ../tools/v8_gypfiles; mkdir -p /mnt/b/yoe/master/build/tmp/work/mips32r2-yoe-linux/nodejs/14.16.1-r0/node-v14.16.1/out/Release/obj.target/v
8_snapshot/geni; "/mnt/b/yoe/master/build/tmp/work/mips32r2-yoe-linux/nodejs/14.16.1-r0/node-v14.16.1/out/Release/v8-qemu-wrapper.sh" "/mnt/b/yoe/master/build/tmp/work/mips32r2-yoe-linux/nodejs/14.16.1-r0/nod
e-v14.16.1/out/Release/mksnapshot" --turbo_instruction_scheduling "--target_os=linux" "--target_arch=mips" --startup_src "/mnt/b/yoe/master/build/tmp/work/mips32r2-yoe-linux/nodejs/14.16.1-r0/node-v14.16.1/ou
t/Release/obj.target/v8_snapshot/geni/snapshot.cc" --embedded_variant Default --embedded_src "/mnt/b/yoe/master/build/tmp/work/mips32r2-yoe-linux/nodejs/14.16.1-r0/node-v14.16.1/out/Release/obj.target/v8_snap
shot/geni/embedded.S" --no-native-code-counters
|
| #
| # Fatal process OOM in CodeRange setup: allocate virtual memory
| #
|
| /mnt/b/yoe/master/build/tmp/work/mips32r2-yoe-linux/nodejs/14.16.1-r0/node-v14.16.1/out/Release/v8-qemu-wrapper.sh: line 7: 2292880 Trace/breakpoint trap (core dumped) PSEUDO_UNLOAD=1 qemu-mips -r 3.2.0 -
Signed-off-by: Khem Raj <raj.khem@gmail.com>
So far, we have been trying to build nodejs-native and use the native
host binaries from there, which has worked out ok but always changes
when major upgrade is done, since more binaries or places are required
to be captured. This patch changes this approach to use qemu-user to run
these binaries under during cross build. This lets them run closer to
upstream build process and also removes dependency on nodejs-native
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is latest maintained LTS release
Forward patches and drop backported patch
License-Update: Update copyright year and drop license of
deps/http_parser as this component is removed in this version
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Commit 836912ab changed the logic in this recipe to stop looking for
"ppc64le". This caused the ppc64le systems used by me to stop working.
There wasn't much in the commit message on why this change occurred but
ppc64le is definitely still needed.
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Gyorgy Sarvari
akash hadke
Archana Polampalli
virendra thakur
Khem Raj
Tim Orling
Enrico Scholz
Andrej Valek
Zoltán Böszörményi
Peter Kjellerstedt
Nisha Parrakat
Ross Burton
Martin Jansa
Alexander Kanavin
Andrew Geissler
Clément Péron
Sean Nyekjaer