package/nodejs: security bump for 0.10.x to version 0.10.42

Fixes security vulnerabilites [1]: - CVE-2016-2086 - CVE-2016-2216 Also switch to the xz compressed tar file now available for v0.10 builds from v0.10.42 onward. [1] https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/ Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2026-03-14 06:32:11 +00:00 · 2016-02-18 09:05:06 +01:00
parent a00646db2d
commit f4c366f005
8 changed files with 3 additions and 7 deletions
--- a/package/nodejs/0.10.42/0001-remove-python-bz2-dependency.patch
+++ b/package/nodejs/0.10.42/0001-remove-python-bz2-dependency.patch
@@ -0,0 +1,27 @@
+Remove dependency on Python bz2 module
+
+The Python bz2 module is only needed in certain cases, so only import
+it when needed. In the normal nodejs build, this allows to remove the
+dependency on this module.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Index: b/deps/v8/tools/js2c.py
+===================================================================
+--- a/deps/v8/tools/js2c.py
+++ b/deps/v8/tools/js2c.py
+@@ -33,7 +33,6 @@
+ 
+ import os, re, sys, string
+ import jsmin
+-import bz2
+ 
+ 
+ def ToCAsciiArray(lines):
+@@ -344,6 +343,7 @@
+   else:
+     raw_sources_declaration = RAW_SOURCES_COMPRESSION_DECLARATION
+     if env['COMPRESSION'] == 'bz2':
+      import bz2
+       all_sources = bz2.compress("".join(all_sources))
+     total_length = len(all_sources)
+     sources_data = ToCArray(all_sources)