[meta-oe] nodejs: upgrade 22.12.0 -> 22.13.1

Message ID	20250123002818.2770480-1-schonm@gmail.com
State	Accepted
Headers	show Return-Path: <schonm@gmail.com> ip: 209.85.219.182, mailfrom: schonm@gmail.com) From: Jason Schonberg <schonm@gmail.com> To: openembedded-devel@lists.openembedded.org Cc: martin.jansa@gmail.com, changqing.li@windriver.com, Jason Schonberg <schonm@gmail.com> Subject: [meta-oe][PATCH] nodejs: upgrade 22.12.0 -> 22.13.1 Date: Wed, 22 Jan 2025 19:28:18 -0500 Message-ID: <20250123002818.2770480-1-schonm@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe] nodejs: upgrade 22.12.0 -> 22.13.1 \| expand [meta-oe] nodejs: upgrade 22.12.0 -> 22.13.1

Message ID

20250123002818.2770480-1-schonm@gmail.com

State

Accepted

Headers

From: Jason Schonberg <schonm@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: martin.jansa@gmail.com,
	changqing.li@windriver.com,
	Jason Schonberg <schonm@gmail.com>
Subject: [meta-oe][PATCH] nodejs: upgrade 22.12.0 -> 22.13.1
Date: Wed, 22 Jan 2025 19:28:18 -0500
Message-ID: <20250123002818.2770480-1-schonm@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe] nodejs: upgrade 22.12.0 -> 22.13.1 | expand

Commit Message

Jason Schonberg Jan. 23, 2025, 12:28 a.m. UTC

Changelog for 22.13.0 : https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.13.0
Changelog for 22.13.1 : https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.13.1

The 22.13.1 release is a security fix addressing four CVEs.

    CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
    CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
    CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
    CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

I introduce a new patch with this recipe 0001-Do-not-use-glob-in-deps.patch to revert https://github.com/nodejs/node/commit/77e2869ca6

I restored 0001-deps-disable-io_uring-support-in-libuv.patch as suggested here : https://lore.kernel.org/all/20241207140642.181134-1-martin.jansa@gmail.com/

Signed-off-by: Jason Schonberg <schonm@gmail.com>
---
 .../oe-npm-cache                              |   0
 ....12.bb => nodejs-oe-cache-native_22.13.bb} |   0
 .../nodejs/0001-Do-not-use-glob-in-deps.patch |  22 ++++
 ...ps-disable-io_uring-support-in-libuv.patch | 106 ++++++++++--------
 .../{nodejs_22.12.0.bb => nodejs_22.13.1.bb}  |   3 +-
 5 files changed, 81 insertions(+), 50 deletions(-)
 rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-22.12 => nodejs-oe-cache-22.13}/oe-npm-cache (100%)
 rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_22.12.bb => nodejs-oe-cache-native_22.13.bb} (100%)
 create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0001-Do-not-use-glob-in-deps.patch
 rename meta-oe/recipes-devtools/nodejs/{nodejs_22.12.0.bb => nodejs_22.13.1.bb} (98%)

Comments

Yoann Congal March 16, 2025, 11:21 p.m. UTC | #1

Hello,

Le Wed, Jan 22, 2025 at 07:28:18PM -0500, J. S. via lists.openembedded.org a écrit :
> Changelog for 22.13.0 : https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.13.0
> Changelog for 22.13.1 : https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.13.1
> 
> The 22.13.1 release is a security fix addressing four CVEs.
> 
>     CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
>     CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
>     CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
>     CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
> 
> I introduce a new patch with this recipe 0001-Do-not-use-glob-in-deps.patch to revert https://github.com/nodejs/node/commit/77e2869ca6
> 
> I restored 0001-deps-disable-io_uring-support-in-libuv.patch as suggested here : https://lore.kernel.org/all/20241207140642.181134-1-martin.jansa@gmail.com/
> 
> Signed-off-by: Jason Schonberg <schonm@gmail.com>

nodejs_22.13.1 has now been merged for a long time but it appears that
it fails to build on Ubuntu 20.04:
    g++  -o $TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/obj.host/simdutf/deps/simdutf/simdutf.o ../deps/simdutf/simdutf.cpp '-D_GLIBCXX_USE_CXX11_ABI=1' '-DNODE_OPENSSL_CONF_NAME=nodejs_conf' '-DICU_NO_USER_DATA_OVERRIDE' '-D__STDC_FORMAT_MACROS' -I../deps/simdutf  -pthread -Wall -Wextra -Wno-unused-parameter -m64 -O3 -fno-omit-frame-pointer -fno-rtti -fno-exceptions -fno-strict-aliasing -std=gnu++20 -MMD -MF $TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/.deps/$TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/obj.host/simdutf/deps/simdutf/simdutf.o.d.raw  -isystem$TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/recipe-sysroot-native/usr/include -O2 -pipe -c
  g++: error: unrecognized command line option ‘-std=gnu++20’; did you mean ‘-std=gnu++2a’?
  make[1]: *** [deps/simdutf/simdutf.host.mk:80: /home/yocon/Documents/projets/yocto/contribution-yocto/builds/build-qemux86-64/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/obj.host/simdutf/deps/simdutf/simdutf.o] Error 1
  make: *** [Makefile:135: node] Error 2
  ERROR: oe_runmake failed
  WARNING: ./tmp/work/core2-64-poky-linux/nodejs/22.13.1/temp/run.do_compile:182 exit 1 from 'exit 1'

I interpret this as "nodejs wants to build a native binary using g++ but
with the wrong std=gnu++20 option for the Ubuntu 20.04 g++ (which is 9.4
and only has --std=gnu++2a)"

This has been seen on autobuilder each time the meta-oe reproducibility
test happens on a ubuntu 20.04 worker :
 * https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/36/steps/32/logs/stdio
 * https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/33/steps/32/logs/stdio

I've tried to look around but the nodejs build system does not look
trivial... I've tried to patch the generated Makefiles to use std=gnu++2a
but it broke on a syntax error. So, in the end, I doubt that Ubuntu 20.04
can build this nodejs.

Does anyone has any idea on how to approach this?

Regards,

--
Yoann Congal
Smile ECS

Khem Raj March 16, 2025, 11:33 p.m. UTC | #2

On Sun, Mar 16, 2025 at 4:21 PM Yoann Congal via
lists.openembedded.org <yoann.congal=smile.fr@lists.openembedded.org>
wrote:
>
> Hello,
>
> Le Wed, Jan 22, 2025 at 07:28:18PM -0500, J. S. via lists.openembedded.org a écrit :
> > Changelog for 22.13.0 : https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.13.0
> > Changelog for 22.13.1 : https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.13.1
> >
> > The 22.13.1 release is a security fix addressing four CVEs.
> >
> >     CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
> >     CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
> >     CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
> >     CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
> >
> > I introduce a new patch with this recipe 0001-Do-not-use-glob-in-deps.patch to revert https://github.com/nodejs/node/commit/77e2869ca6
> >
> > I restored 0001-deps-disable-io_uring-support-in-libuv.patch as suggested here : https://lore.kernel.org/all/20241207140642.181134-1-martin.jansa@gmail.com/
> >
> > Signed-off-by: Jason Schonberg <schonm@gmail.com>
>
> nodejs_22.13.1 has now been merged for a long time but it appears that
> it fails to build on Ubuntu 20.04:
>     g++  -o $TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/obj.host/simdutf/deps/simdutf/simdutf.o ../deps/simdutf/simdutf.cpp '-D_GLIBCXX_USE_CXX11_ABI=1' '-DNODE_OPENSSL_CONF_NAME=nodejs_conf' '-DICU_NO_USER_DATA_OVERRIDE' '-D__STDC_FORMAT_MACROS' -I../deps/simdutf  -pthread -Wall -Wextra -Wno-unused-parameter -m64 -O3 -fno-omit-frame-pointer -fno-rtti -fno-exceptions -fno-strict-aliasing -std=gnu++20 -MMD -MF $TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/.deps/$TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/obj.host/simdutf/deps/simdutf/simdutf.o.d.raw  -isystem$TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/recipe-sysroot-native/usr/include -O2 -pipe -c
>   g++: error: unrecognized command line option ‘-std=gnu++20’; did you mean ‘-std=gnu++2a’?
>   make[1]: *** [deps/simdutf/simdutf.host.mk:80: /home/yocon/Documents/projets/yocto/contribution-yocto/builds/build-qemux86-64/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/obj.host/simdutf/deps/simdutf/simdutf.o] Error 1
>   make: *** [Makefile:135: node] Error 2
>   ERROR: oe_runmake failed
>   WARNING: ./tmp/work/core2-64-poky-linux/nodejs/22.13.1/temp/run.do_compile:182 exit 1 from 'exit 1'
>
> I interpret this as "nodejs wants to build a native binary using g++ but
> with the wrong std=gnu++20 option for the Ubuntu 20.04 g++ (which is 9.4
> and only has --std=gnu++2a)"
>
> This has been seen on autobuilder each time the meta-oe reproducibility
> test happens on a ubuntu 20.04 worker :
>  * https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/36/steps/32/logs/stdio
>  * https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/33/steps/32/logs/stdio
>
> I've tried to look around but the nodejs build system does not look
> trivial... I've tried to patch the generated Makefiles to use std=gnu++2a
> but it broke on a syntax error. So, in the end, I doubt that Ubuntu 20.04
> can build this nodejs.
>
> Does anyone has any idea on how to approach this?

yeah it came up before as well, you have two options, there is a gcc10
available for ubuntu 20.04

sudo apt update -y
sudo apt upgrade -y
sudo apt install -y build-essential
sudo apt install -y gcc-10 g++-10 cpp-10
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10
100 --slave /usr/bin/g++ g++ /usr/bin/g++-10 --slave /usr/bin/gcov
gcov /usr/bin/gcov-10

another approach is to use buildtools tarball.

I would recommend to use buildtools tarball,  packages like protobuf,
grpc are now expecting c++ compiler to support C++17 std by default
and it will
only get worse.
>
> Regards,
>
> --
> Yoann Congal
> Smile ECS
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#116018): https://lists.openembedded.org/g/openembedded-devel/message/116018
> Mute This Topic: https://lists.openembedded.org/mt/111740469/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Yoann Congal March 17, 2025, 8:09 a.m. UTC | #3

Le lun. 17 mars 2025 à 00:34, Khem Raj <raj.khem@gmail.com> a écrit :
>
> On Sun, Mar 16, 2025 at 4:21 PM Yoann Congal via
> lists.openembedded.org <yoann.congal=smile.fr@lists.openembedded.org>
> wrote:
> >
> > Hello,
> >
> > Le Wed, Jan 22, 2025 at 07:28:18PM -0500, J. S. via lists.openembedded.org a écrit :
> > > Changelog for 22.13.0 : https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.13.0
> > > Changelog for 22.13.1 : https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.13.1
> > >
> > > The 22.13.1 release is a security fix addressing four CVEs.
> > >
> > >     CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
> > >     CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
> > >     CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
> > >     CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
> > >
> > > I introduce a new patch with this recipe 0001-Do-not-use-glob-in-deps.patch to revert https://github.com/nodejs/node/commit/77e2869ca6
> > >
> > > I restored 0001-deps-disable-io_uring-support-in-libuv.patch as suggested here : https://lore.kernel.org/all/20241207140642.181134-1-martin.jansa@gmail.com/
> > >
> > > Signed-off-by: Jason Schonberg <schonm@gmail.com>
> >
> > nodejs_22.13.1 has now been merged for a long time but it appears that
> > it fails to build on Ubuntu 20.04:
> >     g++  -o $TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/obj.host/simdutf/deps/simdutf/simdutf.o ../deps/simdutf/simdutf.cpp '-D_GLIBCXX_USE_CXX11_ABI=1' '-DNODE_OPENSSL_CONF_NAME=nodejs_conf' '-DICU_NO_USER_DATA_OVERRIDE' '-D__STDC_FORMAT_MACROS' -I../deps/simdutf  -pthread -Wall -Wextra -Wno-unused-parameter -m64 -O3 -fno-omit-frame-pointer -fno-rtti -fno-exceptions -fno-strict-aliasing -std=gnu++20 -MMD -MF $TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/.deps/$TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/obj.host/simdutf/deps/simdutf/simdutf.o.d.raw  -isystem$TOPDIR/tmp/work/core2-64-poky-linux/nodejs/22.13.1/recipe-sysroot-native/usr/include -O2 -pipe -c
> >   g++: error: unrecognized command line option ‘-std=gnu++20’; did you mean ‘-std=gnu++2a’?
> >   make[1]: *** [deps/simdutf/simdutf.host.mk:80: /home/yocon/Documents/projets/yocto/contribution-yocto/builds/build-qemux86-64/tmp/work/core2-64-poky-linux/nodejs/22.13.1/node-v22.13.1/out/Release/obj.host/simdutf/deps/simdutf/simdutf.o] Error 1
> >   make: *** [Makefile:135: node] Error 2
> >   ERROR: oe_runmake failed
> >   WARNING: ./tmp/work/core2-64-poky-linux/nodejs/22.13.1/temp/run.do_compile:182 exit 1 from 'exit 1'
> >
> > I interpret this as "nodejs wants to build a native binary using g++ but
> > with the wrong std=gnu++20 option for the Ubuntu 20.04 g++ (which is 9.4
> > and only has --std=gnu++2a)"
> >
> > This has been seen on autobuilder each time the meta-oe reproducibility
> > test happens on a ubuntu 20.04 worker :
> >  * https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/36/steps/32/logs/stdio
> >  * https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/33/steps/32/logs/stdio
> >
> > I've tried to look around but the nodejs build system does not look
> > trivial... I've tried to patch the generated Makefiles to use std=gnu++2a
> > but it broke on a syntax error. So, in the end, I doubt that Ubuntu 20.04
> > can build this nodejs.
> >
> > Does anyone has any idea on how to approach this?

Hi Khem,

> yeah it came up before as well, you have two options, there is a gcc10
> available for ubuntu 20.04
>
> sudo apt update -y
> sudo apt upgrade -y
> sudo apt install -y build-essential
> sudo apt install -y gcc-10 g++-10 cpp-10
> sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10
> 100 --slave /usr/bin/g++ g++ /usr/bin/g++-10 --slave /usr/bin/gcov
> gcov /usr/bin/gcov-10
>
> another approach is to use buildtools tarball.
>
> I would recommend to use buildtools tarball,  packages like protobuf,
> grpc are now expecting c++ compiler to support C++17 std by default
> and it will
> only get worse.

Thanks!

Ok, so that is a known problem.

Should we try to avoid the Ubuntu 20.04 workers for the meta-oe
reproducibility test?
And maybe document somewhere that, while Ubunutu 20.04 is tested for
OE-Core, it does not work for meta-openembedded?

> >
> > Regards,
> >
> > --
> > Yoann Congal
> > Smile ECS
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#116018): https://lists.openembedded.org/g/openembedded-devel/message/116018
> > Mute This Topic: https://lists.openembedded.org/mt/111740469/1997914
> > Group Owner: openembedded-devel+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.12/oe-npm-cache b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.13/oe-npm-cache
similarity index 100%
rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.12/oe-npm-cache
rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.13/oe-npm-cache
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.12.bb b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.13.bb
similarity index 100%
rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.12.bb
rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.13.bb
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-Do-not-use-glob-in-deps.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Do-not-use-glob-in-deps.patch
new file mode 100644
index 000000000..551869523
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Do-not-use-glob-in-deps.patch
@@ -0,0 +1,22 @@ 
+// Revert the patch found here https://github.com/nodejs/node/commit/fe1dd26398e1887b96b2dc51ab59371ad4d6bc20?diff=unified&w=0
+// so that the dependencies are still explicitly enumerated.  That way we
+// can pick and choose which pieces to build and which to use existing system
+// packages for.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+
+--- a/Makefile	2025-01-11 14:37:29.059536707 -0500
++++ b/Makefile	2025-01-11 14:39:52.419867046 -0500
+@@ -171,7 +171,8 @@
+ 	$(warning '$@' target is a noop)
+ 
+ out/Makefile: config.gypi common.gypi common_node.gypi node.gyp \
+-	deps/*/*.gyp \
++	deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
++	deps/simdutf/simdutf.gyp deps/ada/ada.gyp deps/nbytes/nbytes.gyp \
+ 	tools/v8_gypfiles/toolchain.gypi \
+ 	tools/v8_gypfiles/features.gypi \
+ 	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
+
+
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch
index 04398ac68..01ae50cdc 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch
@@ -1,52 +1,60 @@ 
-From 2bb296f169f86dbb04ee47e9a0dc1e3ee13d4f73 Mon Sep 17 00:00:00 2001
-From: Jason Schonberg <schonm@gmail.com>
-Date: Thu, 7 Mar 2024 12:55:56 -0500
-Subject: [PATCH] Update to nodejs 20.11.1
+From 79af9bd6ac1040f1fe3c6cab26b2d040ad907870 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 1 Mar 2024 15:46:11 +0800
+Subject: [PATCH] deps: disable io_uring support in libuv
 
-Upstream-Status: Inappropriate [embedded specific]
+Refer [1], Pseudo fails to intercept some of the syscalls when io_uring
+enabled. Refer [2], always disable io_uring support in libuv to fix
+issue in [1].
+
+[1] https://git.openembedded.org/meta-openembedded/commit/?id=d08453978c31ee41d28206c6ff198d7d9d701d88
+[2] https://github.com/nodejs/node/commit/686da19abb
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
 ---
- ...ps-disable-io_uring-support-in-libuv.patch | 35 +++++++++++++++++++
- 1 file changed, 35 insertions(+)
- create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch
+ deps/uv/src/unix/linux.c | 29 +----------------------------
+ 1 file changed, 1 insertion(+), 28 deletions(-)
 
-diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch
-new file mode 100644
-index 00000000..5ac711fb
---- /dev/null
-+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-deps-disable-io_uring-support-in-libuv.patch
-@@ -0,0 +1,35 @@
-+From 9838be9c710ab4249df86726fa390232a3b6a6e7 Mon Sep 17 00:00:00 2001
-+From: Changqing Li <changqing.li@windriver.com>
-+Date: Fri, 1 Mar 2024 15:46:11 +0800
-+Subject: [PATCH] deps: disable io_uring support in libuv
-+
-+Refer [1], Pseudo fails to intercept some of the syscalls when io_uring
-+enabled. Refer [2], always disable io_uring support in libuv to fix
-+issue in [1].
-+
-+[1] https://git.openembedded.org/meta-openembedded/commit/?id=d08453978c31ee41d28206c6ff198d7d9d701d88
-+[2] https://github.com/nodejs/node/commit/686da19abb
-+
-+Upstream-Status: Inappropriate [oe-specific]
-+
-+Signed-off-by: Changqing Li <changqing.li@windriver.com>
-+---
-+ deps/uv/src/unix/linux.c | 2 +-
-+ 1 file changed, 1 insertion(+), 1 deletion(-)
-+
-+diff --git a/deps/uv/src/unix/linux.c b/deps/uv/src/unix/linux.c
-+index 0c997185..7508409d 100644
-+--- a/deps/uv/src/unix/linux.c
-++++ b/deps/uv/src/unix/linux.c
-+@@ -433,7 +433,7 @@ static int uv__use_io_uring(void) {
-+   if (use == 0) {
-+     /* Disable io_uring by default due to CVE-2024-22017. */
-+     val = getenv("UV_USE_IO_URING");
-+-    use = val != NULL && atoi(val) ? 1 : -1;
-++    use = 0;
-+     atomic_store_explicit(&use_io_uring, use, memory_order_relaxed);
-+   }
-+ 
-+-- 
-+2.25.1
-+
+diff --git a/deps/uv/src/unix/linux.c b/deps/uv/src/unix/linux.c
+index 803a9a9d3f0..a4735f56cf0 100644
+--- a/deps/uv/src/unix/linux.c
++++ b/deps/uv/src/unix/linux.c
+@@ -465,34 +465,7 @@ static int uv__use_io_uring(void) {
+   /* See https://github.com/libuv/libuv/issues/4283. */
+   return 0; /* Random SIGSEGV in signal handler. */
+ #else
+-  /* Ternary: unknown=0, yes=1, no=-1 */
+-  static _Atomic int use_io_uring;
+-  char* val;
+-  int use;
+-
+-  use = atomic_load_explicit(&use_io_uring, memory_order_relaxed);
+-
+-  if (use == 0) {
+-    use = uv__kernel_version() >=
+-#if defined(__hppa__)
+-    /* io_uring first supported on parisc in 6.1, functional in .51 */
+-    /* https://lore.kernel.org/all/cb912694-b1fe-dbb0-4d8c-d608f3526905@gmx.de/ */
+-    /* 6.1.51 */ 0x060133
+-#else
+-    /* Older kernels have a bug where the sqpoll thread uses 100% CPU. */
+-    /* 5.10.186 */ 0x050ABA
+-#endif
+-    ? 1 : -1;
+-
+-    /* But users can still enable it if they so desire. */
+-    val = getenv("UV_USE_IO_URING");
+-    if (val != NULL)
+-      use = atoi(val) ? 1 : -1;
+-
+-    atomic_store_explicit(&use_io_uring, use, memory_order_relaxed);
+-  }
+-
+-  return use > 0;
++  return 0; /* pseudo doesn't support io_uring https://bugzilla.yoctoproject.org/show_bug.cgi?id=15244 */
+ #endif
+ }
+ 
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_22.12.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_22.13.1.bb
similarity index 98%
rename from meta-oe/recipes-devtools/nodejs/nodejs_22.12.0.bb
rename to meta-oe/recipes-devtools/nodejs/nodejs_22.13.1.bb
index 194df4c33..9c145695f 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_22.12.0.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_22.13.1.bb
@@ -20,6 +20,7 @@  COMPATIBLE_HOST:riscv32 = "null"
 COMPATIBLE_HOST:powerpc = "null"
 
 SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
+           file://0001-Do-not-use-glob-in-deps.patch \
            file://0001-Disable-running-gyp-files-for-bundled-deps.patch \
            file://0004-v8-don-t-override-ARM-CFLAGS.patch \
            file://system-c-ares.patch \
@@ -36,7 +37,7 @@  SRC_URI:append:class-target = " \
 SRC_URI:append:toolchain-clang:powerpc64le = " \
            file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
            "
-SRC_URI[sha256sum] = "fe1bc4be004dc12721ea2cb671b08a21de01c6976960ef8a1248798589679e16"
+SRC_URI[sha256sum] = "cfce282119390f7e0c2220410924428e90dadcb2df1744c0c4a0e7baae387cc2"
 
 S = "${WORKDIR}/node-v${PV}"

[meta-oe] nodejs: upgrade 22.12.0 -> 22.13.1

Commit Message

Comments

Patch