diff mbox series

[meta-oe,whinlatter,13/15] nodejs: upgrade 22.21.1 -> 22.22.0

Message ID 20260202211401.1287664-13-skandigraun@gmail.com
State Under Review
Delegated to: Anuj Mittal
Headers show
Series [meta-oe,whinlatter,01/15] fontforge: patch CVE-2025-15279 | expand

Commit Message

Gyorgy Sarvari Feb. 2, 2026, 9:13 p.m. UTC 
From: Jason Schonberg <schonm@gmail.com>

This is the December 2025 security release that the nodejs team released
January 13, 2026.

  3 high severity issues.
  4 medium severity issues.
  1 low severity issue.

High priority fixes:
  CVE-2025-55131
  CVE-2025-55130
  CVE-2025-59465

Medium priority fixes:
  CVE-2025-59466
  CVE-2025-59464
  CVE-2026-21636 *
  CVE-2026-21637

Low priority fixes:
  CVE-2025-55132

* note that this medium priority CVE only effects Nodejs v25.

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0bb156371e433cf3e9fdc4291da2319d63a83575)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../oe-npm-cache                                                | 0
 ...oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} | 0
 .../nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb}             | 2 +-
 3 files changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-22.21 => nodejs-oe-cache-22.22}/oe-npm-cache (100%)
 rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} (100%)
 rename meta-oe/recipes-devtools/nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb} (98%)

Comments

Ankur Tyagi Feb. 3, 2026, 9:55 a.m. UTC | #1 
Hi Gyorgy,

Getting following error when building for qemux86 with musl and clang

| /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
/usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1090:(.text._ZN2v88internal12_GLOBAL__N_120ElementsAccessorBaseINS1_21TypedElementsAccessorILNS0_12ElementsKindE37EdEENS1_18ElementsKindTraitsILS4_37EEEE27CopyTypedArrayElementsSliceENS0_6TaggedINS0_12JSTypedArrayEEESB_jj+0xe05):
undefined reference to `__atomic_store'
| /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
/yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/sources/node-v22.22.0/out/Release/obj.host/v8_base_without_compiler/deps/v8/src/objects/elements.o:
in function `std::remove_volatile<double>::type
std::__atomic_impl::load<double>(double const*, std::memory_order)':
| /usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1099:(.text._ZN2v88internal12_GLOBAL__N_121TypedElementsAccessorILNS0_12ElementsKindE37EdE15GetInternalImplEPNS0_7IsolateENS0_6HandleINS0_8JSObjectEEENS0_13InternalIndexE+0x7c):
undefined reference to `__atomic_load'
| /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
/usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1099:(.text._ZN2v88internal12_GLOBAL__N_120ElementsAccessorBaseINS1_21TypedElementsAccessorILNS0_12ElementsKindE38EhEENS1_18ElementsKindTraitsILS4_38EEEE27CopyTypedArrayElementsSliceENS0_6TaggedINS0_12JSTypedArrayEEESB_jj+0x549):
undefined reference to `__atomic_load'

Can you please have a look into it?

cheers
Ankur


On Tue, Feb 3, 2026 at 10:14 AM Gyorgy Sarvari via
lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org>
wrote:
>
> From: Jason Schonberg <schonm@gmail.com>
>
> This is the December 2025 security release that the nodejs team released
> January 13, 2026.
>
>   3 high severity issues.
>   4 medium severity issues.
>   1 low severity issue.
>
> High priority fixes:
>   CVE-2025-55131
>   CVE-2025-55130
>   CVE-2025-59465
>
> Medium priority fixes:
>   CVE-2025-59466
>   CVE-2025-59464
>   CVE-2026-21636 *
>   CVE-2026-21637
>
> Low priority fixes:
>   CVE-2025-55132
>
> * note that this medium priority CVE only effects Nodejs v25.
>
> https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
>
> Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0
>
> Signed-off-by: Jason Schonberg <schonm@gmail.com>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> (cherry picked from commit 0bb156371e433cf3e9fdc4291da2319d63a83575)
> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ---
>  .../oe-npm-cache                                                | 0
>  ...oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} | 0
>  .../nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb}             | 2 +-
>  3 files changed, 1 insertion(+), 1 deletion(-)
>  rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-22.21 => nodejs-oe-cache-22.22}/oe-npm-cache (100%)
>  rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} (100%)
>  rename meta-oe/recipes-devtools/nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb} (98%)
>
> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache
> similarity index 100%
> rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache
> rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache
> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb
> similarity index 100%
> rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb
> rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb
> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
> similarity index 98%
> rename from meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb
> rename to meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
> index ccaf9f7bb2..443cdc430d 100644
> --- a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb
> +++ b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
> @@ -39,7 +39,7 @@ SRC_URI:append:class-target = " \
>  SRC_URI:append:toolchain-clang:powerpc64le = " \
>             file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
>             "
> -SRC_URI[sha256sum] = "487d73fd4db00dc2420d659a8221b181a7937fbc5bc73f31c30b1680ad6ded6a"
> +SRC_URI[sha256sum] = "4c138012bb5352f49822a8f3e6d1db71e00639d0c36d5b6756f91e4c6f30b683"
>
>  S = "${UNPACKDIR}/node-v${PV}"
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#124086): https://lists.openembedded.org/g/openembedded-devel/message/124086
> Mute This Topic: https://lists.openembedded.org/mt/117604901/3619737
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ankur.tyagi85@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Gyorgy Sarvari Feb. 3, 2026, 9:50 p.m. UTC | #2 
On 2/3/26 10:55, Ankur Tyagi wrote:
> Hi Gyorgy,
>
> Getting following error when building for qemux86 with musl and clang
>
> | /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
> /usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1090:(.text._ZN2v88internal12_GLOBAL__N_120ElementsAccessorBaseINS1_21TypedElementsAccessorILNS0_12ElementsKindE37EdEENS1_18ElementsKindTraitsILS4_37EEEE27CopyTypedArrayElementsSliceENS0_6TaggedINS0_12JSTypedArrayEEESB_jj+0xe05):
> undefined reference to `__atomic_store'
> | /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
> /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/sources/node-v22.22.0/out/Release/obj.host/v8_base_without_compiler/deps/v8/src/objects/elements.o:
> in function `std::remove_volatile<double>::type
> std::__atomic_impl::load<double>(double const*, std::memory_order)':
> | /usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1099:(.text._ZN2v88internal12_GLOBAL__N_121TypedElementsAccessorILNS0_12ElementsKindE37EdE15GetInternalImplEPNS0_7IsolateENS0_6HandleINS0_8JSObjectEEENS0_13InternalIndexE+0x7c):
> undefined reference to `__atomic_load'
> | /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
> /usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1099:(.text._ZN2v88internal12_GLOBAL__N_120ElementsAccessorBaseINS1_21TypedElementsAccessorILNS0_12ElementsKindE38EhEENS1_18ElementsKindTraitsILS4_38EEEE27CopyTypedArrayElementsSliceENS0_6TaggedINS0_12JSTypedArrayEEESB_jj+0x549):
> undefined reference to `__atomic_load'
>
> Can you please have a look into it?

I don't think that I can unfortunately. It seems to be something with
the -latomic LDFLAG. I *think* that the problem is the library order in
the linker invocation. libatomic appears very early in the command,
before any other resource, and I think it should appear at the end. But
I'm not familiar with gyp, and nodejs takes 30 minutes to show that my
try about reordering the flags was unsuccessful.

As a sidenote, it is not a regression from this patch, it has the same
issue with the current version also - but if it's a stopper for
Whinlatter, feel free to drop this. I might take another shot at it in
the future.


>
> cheers
> Ankur
>
>
> On Tue, Feb 3, 2026 at 10:14 AM Gyorgy Sarvari via
> lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org>
> wrote:
>> From: Jason Schonberg <schonm@gmail.com>
>>
>> This is the December 2025 security release that the nodejs team released
>> January 13, 2026.
>>
>>   3 high severity issues.
>>   4 medium severity issues.
>>   1 low severity issue.
>>
>> High priority fixes:
>>   CVE-2025-55131
>>   CVE-2025-55130
>>   CVE-2025-59465
>>
>> Medium priority fixes:
>>   CVE-2025-59466
>>   CVE-2025-59464
>>   CVE-2026-21636 *
>>   CVE-2026-21637
>>
>> Low priority fixes:
>>   CVE-2025-55132
>>
>> * note that this medium priority CVE only effects Nodejs v25.
>>
>> https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
>>
>> Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0
>>
>> Signed-off-by: Jason Schonberg <schonm@gmail.com>
>> Signed-off-by: Khem Raj <raj.khem@gmail.com>
>> (cherry picked from commit 0bb156371e433cf3e9fdc4291da2319d63a83575)
>> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
>> ---
>>  .../oe-npm-cache                                                | 0
>>  ...oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} | 0
>>  .../nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb}             | 2 +-
>>  3 files changed, 1 insertion(+), 1 deletion(-)
>>  rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-22.21 => nodejs-oe-cache-22.22}/oe-npm-cache (100%)
>>  rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} (100%)
>>  rename meta-oe/recipes-devtools/nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb} (98%)
>>
>> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache
>> similarity index 100%
>> rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache
>> rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache
>> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb
>> similarity index 100%
>> rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb
>> rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb
>> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
>> similarity index 98%
>> rename from meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb
>> rename to meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
>> index ccaf9f7bb2..443cdc430d 100644
>> --- a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb
>> +++ b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
>> @@ -39,7 +39,7 @@ SRC_URI:append:class-target = " \
>>  SRC_URI:append:toolchain-clang:powerpc64le = " \
>>             file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
>>             "
>> -SRC_URI[sha256sum] = "487d73fd4db00dc2420d659a8221b181a7937fbc5bc73f31c30b1680ad6ded6a"
>> +SRC_URI[sha256sum] = "4c138012bb5352f49822a8f3e6d1db71e00639d0c36d5b6756f91e4c6f30b683"
>>
>>  S = "${UNPACKDIR}/node-v${PV}"
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#124086): https://lists.openembedded.org/g/openembedded-devel/message/124086
>> Mute This Topic: https://lists.openembedded.org/mt/117604901/3619737
>> Group Owner: openembedded-devel+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ankur.tyagi85@gmail.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
Gyorgy Sarvari Feb. 4, 2026, 9:34 a.m. UTC | #3 
On 2/3/26 22:50, Gyorgy Sarvari wrote:
>
> On 2/3/26 10:55, Ankur Tyagi wrote:
>> Hi Gyorgy,
>>
>> Getting following error when building for qemux86 with musl and clang
>>
>> | /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
>> /usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1090:(.text._ZN2v88internal12_GLOBAL__N_120ElementsAccessorBaseINS1_21TypedElementsAccessorILNS0_12ElementsKindE37EdEENS1_18ElementsKindTraitsILS4_37EEEE27CopyTypedArrayElementsSliceENS0_6TaggedINS0_12JSTypedArrayEEESB_jj+0xe05):
>> undefined reference to `__atomic_store'
>> | /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
>> /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/sources/node-v22.22.0/out/Release/obj.host/v8_base_without_compiler/deps/v8/src/objects/elements.o:
>> in function `std::remove_volatile<double>::type
>> std::__atomic_impl::load<double>(double const*, std::memory_order)':
>> | /usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1099:(.text._ZN2v88internal12_GLOBAL__N_121TypedElementsAccessorILNS0_12ElementsKindE37EdE15GetInternalImplEPNS0_7IsolateENS0_6HandleINS0_8JSObjectEEENS0_13InternalIndexE+0x7c):
>> undefined reference to `__atomic_load'
>> | /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
>> /usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1099:(.text._ZN2v88internal12_GLOBAL__N_120ElementsAccessorBaseINS1_21TypedElementsAccessorILNS0_12ElementsKindE38EhEENS1_18ElementsKindTraitsILS4_38EEEE27CopyTypedArrayElementsSliceENS0_6TaggedINS0_12JSTypedArrayEEESB_jj+0x549):
>> undefined reference to `__atomic_load'
>>
>> Can you please have a look into it?
> I don't think that I can unfortunately. It seems to be something with
> the -latomic LDFLAG. I *think* that the problem is the library order in
> the linker invocation. libatomic appears very early in the command,
> before any other resource, and I think it should appear at the end. But
> I'm not familiar with gyp, and nodejs takes 30 minutes to show that my
> try about reordering the flags was unsuccessful.
>
> As a sidenote, it is not a regression from this patch, it has the same
> issue with the current version also - but if it's a stopper for
> Whinlatter, feel free to drop this. I might take another shot at it in
> the future.
>

I had a sleep since, and it frequently helps with annoying problems.

I have a potential fix[1], but first I want to run it thru master to see
if anyone has a better idea. It can be cherry-picked if it makes its way
to master successfully (which has the this problem also).

Meanwhile feel free to test it if you want to, the patch should apply
clean on Whinlatter.

[1]: https://lists.openembedded.org/g/openembedded-devel/message/124121

>> cheers
>> Ankur
>>
>>
>> On Tue, Feb 3, 2026 at 10:14 AM Gyorgy Sarvari via
>> lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org>
>> wrote:
>>> From: Jason Schonberg <schonm@gmail.com>
>>>
>>> This is the December 2025 security release that the nodejs team released
>>> January 13, 2026.
>>>
>>>   3 high severity issues.
>>>   4 medium severity issues.
>>>   1 low severity issue.
>>>
>>> High priority fixes:
>>>   CVE-2025-55131
>>>   CVE-2025-55130
>>>   CVE-2025-59465
>>>
>>> Medium priority fixes:
>>>   CVE-2025-59466
>>>   CVE-2025-59464
>>>   CVE-2026-21636 *
>>>   CVE-2026-21637
>>>
>>> Low priority fixes:
>>>   CVE-2025-55132
>>>
>>> * note that this medium priority CVE only effects Nodejs v25.
>>>
>>> https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
>>>
>>> Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0
>>>
>>> Signed-off-by: Jason Schonberg <schonm@gmail.com>
>>> Signed-off-by: Khem Raj <raj.khem@gmail.com>
>>> (cherry picked from commit 0bb156371e433cf3e9fdc4291da2319d63a83575)
>>> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
>>> ---
>>>  .../oe-npm-cache                                                | 0
>>>  ...oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} | 0
>>>  .../nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb}             | 2 +-
>>>  3 files changed, 1 insertion(+), 1 deletion(-)
>>>  rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-22.21 => nodejs-oe-cache-22.22}/oe-npm-cache (100%)
>>>  rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} (100%)
>>>  rename meta-oe/recipes-devtools/nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb} (98%)
>>>
>>> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache
>>> similarity index 100%
>>> rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache
>>> rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache
>>> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb
>>> similarity index 100%
>>> rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb
>>> rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb
>>> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
>>> similarity index 98%
>>> rename from meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb
>>> rename to meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
>>> index ccaf9f7bb2..443cdc430d 100644
>>> --- a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb
>>> +++ b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
>>> @@ -39,7 +39,7 @@ SRC_URI:append:class-target = " \
>>>  SRC_URI:append:toolchain-clang:powerpc64le = " \
>>>             file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
>>>             "
>>> -SRC_URI[sha256sum] = "487d73fd4db00dc2420d659a8221b181a7937fbc5bc73f31c30b1680ad6ded6a"
>>> +SRC_URI[sha256sum] = "4c138012bb5352f49822a8f3e6d1db71e00639d0c36d5b6756f91e4c6f30b683"
>>>
>>>  S = "${UNPACKDIR}/node-v${PV}"
>>>
>>>
>>> -=-=-=-=-=-=-=-=-=-=-=-
>>> Links: You receive all messages sent to this group.
>>> View/Reply Online (#124086): https://lists.openembedded.org/g/openembedded-devel/message/124086
>>> Mute This Topic: https://lists.openembedded.org/mt/117604901/3619737
>>> Group Owner: openembedded-devel+owner@lists.openembedded.org
>>> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ankur.tyagi85@gmail.com]
>>> -=-=-=-=-=-=-=-=-=-=-=-
>>>
Ankur Tyagi Feb. 4, 2026, 9:53 a.m. UTC | #4 
On Wed, Feb 4, 2026 at 10:34 PM Gyorgy Sarvari <skandigraun@gmail.com> wrote:
>
> On 2/3/26 22:50, Gyorgy Sarvari wrote:
> >
> > On 2/3/26 10:55, Ankur Tyagi wrote:
> >> Hi Gyorgy,
> >>
> >> Getting following error when building for qemux86 with musl and clang
> >>
> >> | /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
> >> /usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1090:(.text._ZN2v88internal12_GLOBAL__N_120ElementsAccessorBaseINS1_21TypedElementsAccessorILNS0_12ElementsKindE37EdEENS1_18ElementsKindTraitsILS4_37EEEE27CopyTypedArrayElementsSliceENS0_6TaggedINS0_12JSTypedArrayEEESB_jj+0xe05):
> >> undefined reference to `__atomic_store'
> >> | /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
> >> /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/sources/node-v22.22.0/out/Release/obj.host/v8_base_without_compiler/deps/v8/src/objects/elements.o:
> >> in function `std::remove_volatile<double>::type
> >> std::__atomic_impl::load<double>(double const*, std::memory_order)':
> >> | /usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1099:(.text._ZN2v88internal12_GLOBAL__N_121TypedElementsAccessorILNS0_12ElementsKindE37EdE15GetInternalImplEPNS0_7IsolateENS0_6HandleINS0_8JSObjectEEENS0_13InternalIndexE+0x7c):
> >> undefined reference to `__atomic_load'
> >> | /yocto/bitbake-builds/poky-whinlatter/build/tmp/work/core2-32-poky-linux-musl/nodejs/22.22.0/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld:
> >> /usr/lib/i686-poky-linux-musl/15.2.0/../../../include/c++/15.2.0/bits/atomic_base.h:1099:(.text._ZN2v88internal12_GLOBAL__N_120ElementsAccessorBaseINS1_21TypedElementsAccessorILNS0_12ElementsKindE38EhEENS1_18ElementsKindTraitsILS4_38EEEE27CopyTypedArrayElementsSliceENS0_6TaggedINS0_12JSTypedArrayEEESB_jj+0x549):
> >> undefined reference to `__atomic_load'
> >>
> >> Can you please have a look into it?
> > I don't think that I can unfortunately. It seems to be something with
> > the -latomic LDFLAG. I *think* that the problem is the library order in
> > the linker invocation. libatomic appears very early in the command,
> > before any other resource, and I think it should appear at the end. But
> > I'm not familiar with gyp, and nodejs takes 30 minutes to show that my
> > try about reordering the flags was unsuccessful.
> >
> > As a sidenote, it is not a regression from this patch, it has the same
> > issue with the current version also - but if it's a stopper for
> > Whinlatter, feel free to drop this. I might take another shot at it in
> > the future.
> >
>
> I had a sleep since, and it frequently helps with annoying problems.
>
> I have a potential fix[1], but first I want to run it thru master to see
> if anyone has a better idea. It can be cherry-picked if it makes its way
> to master successfully (which has the this problem also).
>
> Meanwhile feel free to test it if you want to, the patch should apply
> clean on Whinlatter.
>
> [1]: https://lists.openembedded.org/g/openembedded-devel/message/124121
>

That's great, thanks !
Will give it a try tomorrow.

> >> cheers
> >> Ankur
> >>
> >>
> >> On Tue, Feb 3, 2026 at 10:14 AM Gyorgy Sarvari via
> >> lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org>
> >> wrote:
> >>> From: Jason Schonberg <schonm@gmail.com>
> >>>
> >>> This is the December 2025 security release that the nodejs team released
> >>> January 13, 2026.
> >>>
> >>>   3 high severity issues.
> >>>   4 medium severity issues.
> >>>   1 low severity issue.
> >>>
> >>> High priority fixes:
> >>>   CVE-2025-55131
> >>>   CVE-2025-55130
> >>>   CVE-2025-59465
> >>>
> >>> Medium priority fixes:
> >>>   CVE-2025-59466
> >>>   CVE-2025-59464
> >>>   CVE-2026-21636 *
> >>>   CVE-2026-21637
> >>>
> >>> Low priority fixes:
> >>>   CVE-2025-55132
> >>>
> >>> * note that this medium priority CVE only effects Nodejs v25.
> >>>
> >>> https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
> >>>
> >>> Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0
> >>>
> >>> Signed-off-by: Jason Schonberg <schonm@gmail.com>
> >>> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> >>> (cherry picked from commit 0bb156371e433cf3e9fdc4291da2319d63a83575)
> >>> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> >>> ---
> >>>  .../oe-npm-cache                                                | 0
> >>>  ...oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} | 0
> >>>  .../nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb}             | 2 +-
> >>>  3 files changed, 1 insertion(+), 1 deletion(-)
> >>>  rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-22.21 => nodejs-oe-cache-22.22}/oe-npm-cache (100%)
> >>>  rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} (100%)
> >>>  rename meta-oe/recipes-devtools/nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb} (98%)
> >>>
> >>> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache
> >>> similarity index 100%
> >>> rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache
> >>> rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache
> >>> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb
> >>> similarity index 100%
> >>> rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb
> >>> rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb
> >>> diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
> >>> similarity index 98%
> >>> rename from meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb
> >>> rename to meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
> >>> index ccaf9f7bb2..443cdc430d 100644
> >>> --- a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb
> >>> +++ b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
> >>> @@ -39,7 +39,7 @@ SRC_URI:append:class-target = " \
> >>>  SRC_URI:append:toolchain-clang:powerpc64le = " \
> >>>             file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
> >>>             "
> >>> -SRC_URI[sha256sum] = "487d73fd4db00dc2420d659a8221b181a7937fbc5bc73f31c30b1680ad6ded6a"
> >>> +SRC_URI[sha256sum] = "4c138012bb5352f49822a8f3e6d1db71e00639d0c36d5b6756f91e4c6f30b683"
> >>>
> >>>  S = "${UNPACKDIR}/node-v${PV}"
> >>>
> >>>
> >>> -=-=-=-=-=-=-=-=-=-=-=-
> >>> Links: You receive all messages sent to this group.
> >>> View/Reply Online (#124086): https://lists.openembedded.org/g/openembedded-devel/message/124086
> >>> Mute This Topic: https://lists.openembedded.org/mt/117604901/3619737
> >>> Group Owner: openembedded-devel+owner@lists.openembedded.org
> >>> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ankur.tyagi85@gmail.com]
> >>> -=-=-=-=-=-=-=-=-=-=-=-
> >>>
>
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache
similarity index 100%
rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache
rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb
similarity index 100%
rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb
rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
similarity index 98%
rename from meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb
rename to meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
index ccaf9f7bb2..443cdc430d 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb
@@ -39,7 +39,7 @@  SRC_URI:append:class-target = " \
 SRC_URI:append:toolchain-clang:powerpc64le = " \
            file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
            "
-SRC_URI[sha256sum] = "487d73fd4db00dc2420d659a8221b181a7937fbc5bc73f31c30b1680ad6ded6a"
+SRC_URI[sha256sum] = "4c138012bb5352f49822a8f3e6d1db71e00639d0c36d5b6756f91e4c6f30b683"
 
 S = "${UNPACKDIR}/node-v${PV}"