Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package nodejs [ Reason ] Two patches are added: * Upstream patch fix test-worker-prof Closes: #985550, "test-worker-prof is flaky on s390x" which has lead to ftbfs sometimes. * THP ELF assembly: Add .note.GNU-stack section Closes: #980272, "'/usr/bin/node' started with executable stack" which IMO is an important security issue but i cannot proof it. [ Impact ] Potential FTBFS, potential security issue. [ Tests ] The first patch is a fixed upstream version of a flaky test. The second patch was just verified manually like this: readelf --program-headers --wide /usr/bin/node | grep -w GNU_STACK GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x10 [ Risks ] Zero risks. nodejs and many other modules have test suites and there was no regression. One change only affects the test suite, the other only affects the executable bit. [ Checklist ] [ x ] all changes are documented in the d/changelog [ x ] I reviewed all changes and I approve them [ x ] attach debdiff against the package in testing unblock nodejs/12.21.0~dfsg-3
diff -Nru nodejs-12.21.0~dfsg/debian/changelog nodejs-12.21.0~dfsg/debian/changelog --- nodejs-12.21.0~dfsg/debian/changelog 2021-02-23 19:14:23.000000000 +0100 +++ nodejs-12.21.0~dfsg/debian/changelog 2021-03-19 18:43:52.000000000 +0100 @@ -1,3 +1,16 @@ +nodejs (12.21.0~dfsg-3) unstable; urgency=medium + + * Upstream patch fix test-worker-prof (Closes: #985550) + + -- Jérémy Lal <kapo...@melix.org> Fri, 19 Mar 2021 18:43:52 +0100 + +nodejs (12.21.0~dfsg-2) unstable; urgency=medium + + [ James Addison ] + * THP ELF assembly: Add .note.GNU-stack section (Closes: #980272) + + -- Jérémy Lal <kapo...@melix.org> Fri, 19 Mar 2021 11:15:57 +0100 + nodejs (12.21.0~dfsg-1) unstable; urgency=high * New upstream version 12.21.0~dfsg diff -Nru nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch --- nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch 1970-01-01 01:00:00.000000000 +0100 +++ nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch 2021-03-19 11:13:53.000000000 +0100 @@ -0,0 +1,12 @@ +Description: Adds .GNU-stack section header to disable executable stack flag +Author: James Addison <j...@jp-hosting.net> +Origin: https://github.com/nodejs/node/pull/37688 +--- a/src/large_pages/node_text_start.S ++++ b/src/large_pages/node_text_start.S +@@ -1,3 +1,6 @@ ++#if defined(__ELF__) ++.section .note.GNU-stack,"",@progbits ++#endif + .text + .align 0x2000 + .global __node_text_start diff -Nru nodejs-12.21.0~dfsg/debian/patches/series nodejs-12.21.0~dfsg/debian/patches/series --- nodejs-12.21.0~dfsg/debian/patches/series 2021-02-23 19:14:23.000000000 +0100 +++ nodejs-12.21.0~dfsg/debian/patches/series 2021-03-19 18:28:07.000000000 +0100 @@ -1,3 +1,4 @@ +large_pages_assembly_gnu_stack.patch dfhs_module_path_arch_triplet.patch # 2012_kfreebsd.patch use_system_node_gyp.patch @@ -15,3 +16,4 @@ ppc64.patch python3.patch cjs-module-lexer.patch +upstream-fix-test-worker-prof.patch diff -Nru nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch --- nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch 1970-01-01 01:00:00.000000000 +0100 +++ nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch 2021-03-19 18:27:32.000000000 +0100 @@ -0,0 +1,93 @@ +From 04fb597996455d0abbe7b12bbc2d2a5ce16fbb3d Mon Sep 17 00:00:00 2001 +From: Rich Trott <rtr...@gmail.com> +Date: Sun, 14 Feb 2021 15:52:54 -0800 +Subject: [PATCH] test: fix flaky test-worker-prof +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes: https://github.com/nodejs/node/issues/26401 +Co-authored-by: Gireesh Punathil <gpuna...@in.ibm.com> + +PR-URL: https://github.com/nodejs/node/pull/37372 +Reviewed-By: Antoine du Hamel <duhamelantoine1...@gmail.com> +Reviewed-By: Michaël Zasso <tar...@protonmail.com> +Reviewed-By: James M Snell <jasn...@gmail.com> +Reviewed-By: Luigi Pinca <luigipi...@gmail.com> +Reviewed-By: Gireesh Punathil <gpuna...@in.ibm.com> +--- + test/sequential/sequential.status | 4 ---- + test/sequential/test-worker-prof.js | 15 ++++++++------- + 2 files changed, 8 insertions(+), 11 deletions(-) + +--- a/test/sequential/sequential.status ++++ b/test/sequential/sequential.status +@@ -24,8 +24,6 @@ + [$system==win32] + # https://github.com/nodejs/node/issues/22327 + test-http2-large-file: PASS, FLAKY +-# https://github.com/nodejs/node/issues/26401 +-test-worker-prof: PASS, FLAKY + + [$system==linux] + +@@ -45,10 +43,6 @@ + # https://github.com/nodejs/node/pull/30819 + test-perf-hooks: SKIP + +-[$arch==arm] +-# https://github.com/nodejs/node/issues/26401#issuecomment-613095719 +-test-worker-prof: PASS, FLAKY +- + [$arch==mipsel] + test-inspector-async-hook-setup-at-inspect-brk: SKIP + test-inspector-async-hook-setup-at-signal: SKIP +--- a/test/sequential/test-worker-prof.js ++++ b/test/sequential/test-worker-prof.js +@@ -23,17 +23,17 @@ + const fs = require('fs'); + const { Worker, parentPort } = require('worker_threads'); + parentPort.on('message', (m) => { +- if (counter++ === 10) ++ if (counter++ === 1024) + process.exit(0); +- parentPort.postMessage( +- fs.readFileSync(m.toString()).slice(0, 1024 * 1024)); ++ parentPort.postMessage( ++ fs.readFileSync(m.toString()).slice(0, 1024 * 1024)); + }); + `; + + const { Worker } = require('worker_threads'); + const w = new Worker(pingpong, { eval: true }); + w.on('message', (m) => { +- w.postMessage(process.execPath); ++ w.postMessage(__filename); + }); + + w.on('exit', common.mustCall(() => { +@@ -46,12 +46,13 @@ + } + process.exit(0); + })); +- w.postMessage(process.execPath); ++ w.postMessage(__filename); + } else { + tmpdir.refresh(); ++ const timeout = common.platformTimeout(30_000); + const spawnResult = spawnSync( + process.execPath, ['--prof', __filename, 'child'], +- { cwd: tmpdir.path, encoding: 'utf8', timeout: 30_000 }); ++ { cwd: tmpdir.path, encoding: 'utf8', timeout }); + assert.strictEqual(spawnResult.stderr.toString(), '', + `child exited with an error: \ + ${util.inspect(spawnResult)}`); +@@ -72,7 +73,7 @@ + // Test that at least 15 ticks have been recorded for both parent and child + // threads. When not tracking Worker threads, only 1 or 2 ticks would + // have been recorded. +- // When running locally on x64 Linux, this number is usually at least 200 ++ // When running locally, this number is usually around 200 + // for both threads, so 15 seems like a very safe threshold. + assert(ticks >= 15, `${ticks} >= 15`); + }