Bug#986729: unblock: nodejs/12.21.0~dfsg-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#986729: unblock: nodejs/12.21.0~dfsg-3
From: Jérémy Lal <kapouer@melix.org>
Date: Sat, 10 Apr 2021 15:42:42 +0200
Message-id: <[🔎] 161806216261.383831.11764701149152862329.reportbug@localhost.localdomain>
Reply-to: Jérémy Lal <kapouer@melix.org>, 986729@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package nodejs

[ Reason ]
Two patches are added:

* Upstream patch fix test-worker-prof
  Closes: #985550, "test-worker-prof is flaky on s390x"
  which has lead to ftbfs sometimes.
* THP ELF assembly: Add .note.GNU-stack section
  Closes: #980272, "'/usr/bin/node' started with executable stack"
  which IMO is an important security issue but i cannot proof it.

[ Impact ]
Potential FTBFS, potential security issue.

[ Tests ]
The first patch is a fixed upstream version of a flaky test.
The second patch was just verified manually like this:
readelf --program-headers --wide /usr/bin/node | grep -w GNU_STACK
  GNU_STACK      0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW  0x10

[ Risks ]
Zero risks.
nodejs and many other modules have test suites and there was no regression.
One change only affects the test suite, the other only affects the executable bit.


[ Checklist ]
  [ x ] all changes are documented in the d/changelog
  [ x ] I reviewed all changes and I approve them
  [ x ] attach debdiff against the package in testing


unblock nodejs/12.21.0~dfsg-3

diff -Nru nodejs-12.21.0~dfsg/debian/changelog nodejs-12.21.0~dfsg/debian/changelog
--- nodejs-12.21.0~dfsg/debian/changelog	2021-02-23 19:14:23.000000000 +0100
+++ nodejs-12.21.0~dfsg/debian/changelog	2021-03-19 18:43:52.000000000 +0100
@@ -1,3 +1,16 @@
+nodejs (12.21.0~dfsg-3) unstable; urgency=medium
+
+  * Upstream patch fix test-worker-prof (Closes: #985550)
+
+ -- Jérémy Lal <kapouer@melix.org>  Fri, 19 Mar 2021 18:43:52 +0100
+
+nodejs (12.21.0~dfsg-2) unstable; urgency=medium
+
+  [ James Addison ]
+  * THP ELF assembly: Add .note.GNU-stack section (Closes: #980272)
+
+ -- Jérémy Lal <kapouer@melix.org>  Fri, 19 Mar 2021 11:15:57 +0100
+
 nodejs (12.21.0~dfsg-1) unstable; urgency=high
 
   * New upstream version 12.21.0~dfsg
diff -Nru nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch
--- nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch	1970-01-01 01:00:00.000000000 +0100
+++ nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch	2021-03-19 11:13:53.000000000 +0100
@@ -0,0 +1,12 @@
+Description: Adds .GNU-stack section header to disable executable stack flag
+Author: James Addison <jay@jp-hosting.net>
+Origin: https://github.com/nodejs/node/pull/37688
+--- a/src/large_pages/node_text_start.S
++++ b/src/large_pages/node_text_start.S
+@@ -1,3 +1,6 @@
++#if defined(__ELF__)
++.section .note.GNU-stack,"",@progbits
++#endif
+ .text
+ .align 0x2000
+ .global __node_text_start
diff -Nru nodejs-12.21.0~dfsg/debian/patches/series nodejs-12.21.0~dfsg/debian/patches/series
--- nodejs-12.21.0~dfsg/debian/patches/series	2021-02-23 19:14:23.000000000 +0100
+++ nodejs-12.21.0~dfsg/debian/patches/series	2021-03-19 18:28:07.000000000 +0100
@@ -1,3 +1,4 @@
+large_pages_assembly_gnu_stack.patch
 dfhs_module_path_arch_triplet.patch
 # 2012_kfreebsd.patch
 use_system_node_gyp.patch
@@ -15,3 +16,4 @@
 ppc64.patch
 python3.patch
 cjs-module-lexer.patch
+upstream-fix-test-worker-prof.patch
diff -Nru nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch
--- nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch	1970-01-01 01:00:00.000000000 +0100
+++ nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch	2021-03-19 18:27:32.000000000 +0100
@@ -0,0 +1,93 @@
+From 04fb597996455d0abbe7b12bbc2d2a5ce16fbb3d Mon Sep 17 00:00:00 2001
+From: Rich Trott <rtrott@gmail.com>
+Date: Sun, 14 Feb 2021 15:52:54 -0800
+Subject: [PATCH] test: fix flaky test-worker-prof
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes: https://github.com/nodejs/node/issues/26401
+Co-authored-by: Gireesh Punathil <gpunathi@in.ibm.com>
+
+PR-URL: https://github.com/nodejs/node/pull/37372
+Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
+Reviewed-By: Michaël Zasso <targos@protonmail.com>
+Reviewed-By: James M Snell <jasnell@gmail.com>
+Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
+Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
+---
+ test/sequential/sequential.status   |  4 ----
+ test/sequential/test-worker-prof.js | 15 ++++++++-------
+ 2 files changed, 8 insertions(+), 11 deletions(-)
+
+--- a/test/sequential/sequential.status
++++ b/test/sequential/sequential.status
+@@ -24,8 +24,6 @@
+ [$system==win32]
+ # https://github.com/nodejs/node/issues/22327
+ test-http2-large-file: PASS, FLAKY
+-# https://github.com/nodejs/node/issues/26401
+-test-worker-prof: PASS, FLAKY
+ 
+ [$system==linux]
+ 
+@@ -45,10 +43,6 @@
+ # https://github.com/nodejs/node/pull/30819
+ test-perf-hooks: SKIP
+ 
+-[$arch==arm]
+-# https://github.com/nodejs/node/issues/26401#issuecomment-613095719
+-test-worker-prof: PASS, FLAKY
+-
+ [$arch==mipsel]
+ test-inspector-async-hook-setup-at-inspect-brk: SKIP
+ test-inspector-async-hook-setup-at-signal: SKIP
+--- a/test/sequential/test-worker-prof.js
++++ b/test/sequential/test-worker-prof.js
+@@ -23,17 +23,17 @@
+   const fs = require('fs');
+   const { Worker, parentPort  } = require('worker_threads');
+   parentPort.on('message', (m) => {
+-    if (counter++ === 10)
++    if (counter++ === 1024)
+       process.exit(0);
+-     parentPort.postMessage(
+-       fs.readFileSync(m.toString()).slice(0, 1024 * 1024));
++    parentPort.postMessage(
++      fs.readFileSync(m.toString()).slice(0, 1024 * 1024));
+   });
+   `;
+ 
+   const { Worker } = require('worker_threads');
+   const w = new Worker(pingpong, { eval: true });
+   w.on('message', (m) => {
+-    w.postMessage(process.execPath);
++    w.postMessage(__filename);
+   });
+ 
+   w.on('exit', common.mustCall(() => {
+@@ -46,12 +46,13 @@
+     }
+     process.exit(0);
+   }));
+-  w.postMessage(process.execPath);
++  w.postMessage(__filename);
+ } else {
+   tmpdir.refresh();
++  const timeout = common.platformTimeout(30_000);
+   const spawnResult = spawnSync(
+     process.execPath, ['--prof', __filename, 'child'],
+-    { cwd: tmpdir.path, encoding: 'utf8', timeout: 30_000 });
++    { cwd: tmpdir.path, encoding: 'utf8', timeout });
+   assert.strictEqual(spawnResult.stderr.toString(), '',
+                      `child exited with an error: \
+                      ${util.inspect(spawnResult)}`);
+@@ -72,7 +73,7 @@
+     // Test that at least 15 ticks have been recorded for both parent and child
+     // threads. When not tracking Worker threads, only 1 or 2 ticks would
+     // have been recorded.
+-    // When running locally on x64 Linux, this number is usually at least 200
++    // When running locally, this number is usually around 200
+     // for both threads, so 15 seems like a very safe threshold.
+     assert(ticks >= 15, `${ticks} >= 15`);
+   }

Reply to:

Follow-Ups:
- Bug#986729: marked as done (unblock: nodejs/12.21.0~dfsg-3)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#986625: marked as done (unblock: grub2/2.04-17)
Next by Date: Bug#986618: unblock: zfs-linux/2.0.3-6
Previous by thread: Bug#986706: marked as done (unblock: makedumpfile/1:1.6.8-4)
Next by thread: Bug#986729: marked as done (unblock: nodejs/12.21.0~dfsg-3)
Index(es):
- Date
- Thread