similarity index 100%
rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.12/oe-npm-cache
rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.13/oe-npm-cache
similarity index 100%
rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.12.bb
rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.13.bb
new file mode 100644
@@ -0,0 +1,22 @@
+// Revert the patch found here https://github.com/nodejs/node/commit/fe1dd26398e1887b96b2dc51ab59371ad4d6bc20?diff=unified&w=0
+// so that the dependencies are still explicitly enumerated. That way we
+// can pick and choose which pieces to build and which to use existing system
+// packages for.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+
+--- a/Makefile 2025-01-11 14:37:29.059536707 -0500
++++ b/Makefile 2025-01-11 14:39:52.419867046 -0500
+@@ -171,7 +171,8 @@
+ $(warning '$@' target is a noop)
+
+ out/Makefile: config.gypi common.gypi common_node.gypi node.gyp \
+- deps/*/*.gyp \
++ deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
++ deps/simdutf/simdutf.gyp deps/ada/ada.gyp deps/nbytes/nbytes.gyp \
+ tools/v8_gypfiles/toolchain.gypi \
+ tools/v8_gypfiles/features.gypi \
+ tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
+
+
@@ -1,52 +1,60 @@
-From 2bb296f169f86dbb04ee47e9a0dc1e3ee13d4f73 Mon Sep 17 00:00:00 2001
-From: Jason Schonberg <schonm@gmail.com>
-Date: Thu, 7 Mar 2024 12:55:56 -0500
-Subject: [PATCH] Update to nodejs 20.11.1
+From 79af9bd6ac1040f1fe3c6cab26b2d040ad907870 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 1 Mar 2024 15:46:11 +0800
+Subject: [PATCH] deps: disable io_uring support in libuv
-Upstream-Status: Inappropriate [embedded specific]
+Refer [1], Pseudo fails to intercept some of the syscalls when io_uring
+enabled. Refer [2], always disable io_uring support in libuv to fix
+issue in [1].
+
+[1] https://git.openembedded.org/meta-openembedded/commit/?id=d08453978c31ee41d28206c6ff198d7d9d701d88
+[2] https://github.com/nodejs/node/commit/686da19abb
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
---
- ...ps-disable-io_uring-support-in-libuv.patch | 35 +++++++++++++++++++
- 1 file changed, 35 insertions(+)
- create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch
+ deps/uv/src/unix/linux.c | 29 +----------------------------
+ 1 file changed, 1 insertion(+), 28 deletions(-)
-diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch
-new file mode 100644
-index 00000000..5ac711fb
---- /dev/null
-+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch
-@@ -0,0 +1,35 @@
-+From 9838be9c710ab4249df86726fa390232a3b6a6e7 Mon Sep 17 00:00:00 2001
-+From: Changqing Li <changqing.li@windriver.com>
-+Date: Fri, 1 Mar 2024 15:46:11 +0800
-+Subject: [PATCH] deps: disable io_uring support in libuv
-+
-+Refer [1], Pseudo fails to intercept some of the syscalls when io_uring
-+enabled. Refer [2], always disable io_uring support in libuv to fix
-+issue in [1].
-+
-+[1] https://git.openembedded.org/meta-openembedded/commit/?id=d08453978c31ee41d28206c6ff198d7d9d701d88
-+[2] https://github.com/nodejs/node/commit/686da19abb
-+
-+Upstream-Status: Inappropriate [oe-specific]
-+
-+Signed-off-by: Changqing Li <changqing.li@windriver.com>
-+---
-+ deps/uv/src/unix/linux.c | 2 +-
-+ 1 file changed, 1 insertion(+), 1 deletion(-)
-+
-+diff --git a/deps/uv/src/unix/linux.c b/deps/uv/src/unix/linux.c
-+index 0c997185..7508409d 100644
-+--- a/deps/uv/src/unix/linux.c
-++++ b/deps/uv/src/unix/linux.c
-+@@ -433,7 +433,7 @@ static int uv__use_io_uring(void) {
-+ if (use == 0) {
-+ /* Disable io_uring by default due to CVE-2024-22017. */
-+ val = getenv("UV_USE_IO_URING");
-+- use = val != NULL && atoi(val) ? 1 : -1;
-++ use = 0;
-+ atomic_store_explicit(&use_io_uring, use, memory_order_relaxed);
-+ }
-+
-+--
-+2.25.1
-+
+diff --git a/deps/uv/src/unix/linux.c b/deps/uv/src/unix/linux.c
+index 803a9a9d3f0..a4735f56cf0 100644
+--- a/deps/uv/src/unix/linux.c
++++ b/deps/uv/src/unix/linux.c
+@@ -465,34 +465,7 @@ static int uv__use_io_uring(void) {
+ /* See https://github.com/libuv/libuv/issues/4283. */
+ return 0; /* Random SIGSEGV in signal handler. */
+ #else
+- /* Ternary: unknown=0, yes=1, no=-1 */
+- static _Atomic int use_io_uring;
+- char* val;
+- int use;
+-
+- use = atomic_load_explicit(&use_io_uring, memory_order_relaxed);
+-
+- if (use == 0) {
+- use = uv__kernel_version() >=
+-#if defined(__hppa__)
+- /* io_uring first supported on parisc in 6.1, functional in .51 */
+- /* https://lore.kernel.org/all/cb912694-b1fe-dbb0-4d8c-d608f3526905@gmx.de/ */
+- /* 6.1.51 */ 0x060133
+-#else
+- /* Older kernels have a bug where the sqpoll thread uses 100% CPU. */
+- /* 5.10.186 */ 0x050ABA
+-#endif
+- ? 1 : -1;
+-
+- /* But users can still enable it if they so desire. */
+- val = getenv("UV_USE_IO_URING");
+- if (val != NULL)
+- use = atoi(val) ? 1 : -1;
+-
+- atomic_store_explicit(&use_io_uring, use, memory_order_relaxed);
+- }
+-
+- return use > 0;
++ return 0; /* pseudo doesn't support io_uring https://bugzilla.yoctoproject.org/show_bug.cgi?id=15244 */
+ #endif
+ }
+
similarity index 98%
rename from meta-oe/recipes-devtools/nodejs/nodejs_22.12.0.bb
rename to meta-oe/recipes-devtools/nodejs/nodejs_22.13.1.bb
@@ -20,6 +20,7 @@ COMPATIBLE_HOST:riscv32 = "null"
COMPATIBLE_HOST:powerpc = "null"
SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
+ file://0001-Do-not-use-glob-in-deps.patch \
file://0001-Disable-running-gyp-files-for-bundled-deps.patch \
file://0004-v8-don-t-override-ARM-CFLAGS.patch \
file://system-c-ares.patch \
@@ -36,7 +37,7 @@ SRC_URI:append:class-target = " \
SRC_URI:append:toolchain-clang:powerpc64le = " \
file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
"
-SRC_URI[sha256sum] = "fe1bc4be004dc12721ea2cb671b08a21de01c6976960ef8a1248798589679e16"
+SRC_URI[sha256sum] = "cfce282119390f7e0c2220410924428e90dadcb2df1744c0c4a0e7baae387cc2"
S = "${WORKDIR}/node-v${PV}"
Changelog for 22.13.0 : https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.13.0 Changelog for 22.13.1 : https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.13.1 The 22.13.1 release is a security fix addressing four CVEs. CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High) CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium) I introduce a new patch with this recipe 0001-Do-not-use-glob-in-deps.patch to revert https://github.com/nodejs/node/commit/77e2869ca6 I restored 0001-deps-disable-io_uring-support-in-libuv.patch as suggested here : https://lore.kernel.org/all/20241207140642.181134-1-martin.jansa@gmail.com/ Signed-off-by: Jason Schonberg <schonm@gmail.com> --- .../oe-npm-cache | 0 ....12.bb => nodejs-oe-cache-native_22.13.bb} | 0 .../nodejs/0001-Do-not-use-glob-in-deps.patch | 22 ++++ ...ps-disable-io_uring-support-in-libuv.patch | 106 ++++++++++-------- .../{nodejs_22.12.0.bb => nodejs_22.13.1.bb} | 3 +- 5 files changed, 81 insertions(+), 50 deletions(-) rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-22.12 => nodejs-oe-cache-22.13}/oe-npm-cache (100%) rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_22.12.bb => nodejs-oe-cache-native_22.13.bb} (100%) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0001-Do-not-use-glob-in-deps.patch rename meta-oe/recipes-devtools/nodejs/{nodejs_22.12.0.bb => nodejs_22.13.1.bb} (98%)