Bug#986729: unblock: nodejs/12.21.0~dfsg-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package nodejs
[ Reason ]
Two patches are added:
* Upstream patch fix test-worker-prof
Closes: #985550, "test-worker-prof is flaky on s390x"
which has lead to ftbfs sometimes.
* THP ELF assembly: Add .note.GNU-stack section
Closes: #980272, "'/usr/bin/node' started with executable stack"
which IMO is an important security issue but i cannot proof it.
[ Impact ]
Potential FTBFS, potential security issue.
[ Tests ]
The first patch is a fixed upstream version of a flaky test.
The second patch was just verified manually like this:
readelf --program-headers --wide /usr/bin/node | grep -w GNU_STACK
GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x10
[ Risks ]
Zero risks.
nodejs and many other modules have test suites and there was no regression.
One change only affects the test suite, the other only affects the executable bit.
[ Checklist ]
[ x ] all changes are documented in the d/changelog
[ x ] I reviewed all changes and I approve them
[ x ] attach debdiff against the package in testing
unblock nodejs/12.21.0~dfsg-3
diff -Nru nodejs-12.21.0~dfsg/debian/changelog nodejs-12.21.0~dfsg/debian/changelog
--- nodejs-12.21.0~dfsg/debian/changelog 2021-02-23 19:14:23.000000000 +0100
+++ nodejs-12.21.0~dfsg/debian/changelog 2021-03-19 18:43:52.000000000 +0100
@@ -1,3 +1,16 @@
+nodejs (12.21.0~dfsg-3) unstable; urgency=medium
+
+ * Upstream patch fix test-worker-prof (Closes: #985550)
+
+ -- Jérémy Lal <kapouer@melix.org> Fri, 19 Mar 2021 18:43:52 +0100
+
+nodejs (12.21.0~dfsg-2) unstable; urgency=medium
+
+ [ James Addison ]
+ * THP ELF assembly: Add .note.GNU-stack section (Closes: #980272)
+
+ -- Jérémy Lal <kapouer@melix.org> Fri, 19 Mar 2021 11:15:57 +0100
+
nodejs (12.21.0~dfsg-1) unstable; urgency=high
* New upstream version 12.21.0~dfsg
diff -Nru nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch
--- nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch 1970-01-01 01:00:00.000000000 +0100
+++ nodejs-12.21.0~dfsg/debian/patches/large_pages_assembly_gnu_stack.patch 2021-03-19 11:13:53.000000000 +0100
@@ -0,0 +1,12 @@
+Description: Adds .GNU-stack section header to disable executable stack flag
+Author: James Addison <jay@jp-hosting.net>
+Origin: https://github.com/nodejs/node/pull/37688
+--- a/src/large_pages/node_text_start.S
++++ b/src/large_pages/node_text_start.S
+@@ -1,3 +1,6 @@
++#if defined(__ELF__)
++.section .note.GNU-stack,"",@progbits
++#endif
+ .text
+ .align 0x2000
+ .global __node_text_start
diff -Nru nodejs-12.21.0~dfsg/debian/patches/series nodejs-12.21.0~dfsg/debian/patches/series
--- nodejs-12.21.0~dfsg/debian/patches/series 2021-02-23 19:14:23.000000000 +0100
+++ nodejs-12.21.0~dfsg/debian/patches/series 2021-03-19 18:28:07.000000000 +0100
@@ -1,3 +1,4 @@
+large_pages_assembly_gnu_stack.patch
dfhs_module_path_arch_triplet.patch
# 2012_kfreebsd.patch
use_system_node_gyp.patch
@@ -15,3 +16,4 @@
ppc64.patch
python3.patch
cjs-module-lexer.patch
+upstream-fix-test-worker-prof.patch
diff -Nru nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch
--- nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch 1970-01-01 01:00:00.000000000 +0100
+++ nodejs-12.21.0~dfsg/debian/patches/upstream-fix-test-worker-prof.patch 2021-03-19 18:27:32.000000000 +0100
@@ -0,0 +1,93 @@
+From 04fb597996455d0abbe7b12bbc2d2a5ce16fbb3d Mon Sep 17 00:00:00 2001
+From: Rich Trott <rtrott@gmail.com>
+Date: Sun, 14 Feb 2021 15:52:54 -0800
+Subject: [PATCH] test: fix flaky test-worker-prof
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes: https://github.com/nodejs/node/issues/26401
+Co-authored-by: Gireesh Punathil <gpunathi@in.ibm.com>
+
+PR-URL: https://github.com/nodejs/node/pull/37372
+Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
+Reviewed-By: Michaël Zasso <targos@protonmail.com>
+Reviewed-By: James M Snell <jasnell@gmail.com>
+Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
+Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
+---
+ test/sequential/sequential.status | 4 ----
+ test/sequential/test-worker-prof.js | 15 ++++++++-------
+ 2 files changed, 8 insertions(+), 11 deletions(-)
+
+--- a/test/sequential/sequential.status
++++ b/test/sequential/sequential.status
+@@ -24,8 +24,6 @@
+ [$system==win32]
+ # https://github.com/nodejs/node/issues/22327
+ test-http2-large-file: PASS, FLAKY
+-# https://github.com/nodejs/node/issues/26401
+-test-worker-prof: PASS, FLAKY
+
+ [$system==linux]
+
+@@ -45,10 +43,6 @@
+ # https://github.com/nodejs/node/pull/30819
+ test-perf-hooks: SKIP
+
+-[$arch==arm]
+-# https://github.com/nodejs/node/issues/26401#issuecomment-613095719
+-test-worker-prof: PASS, FLAKY
+-
+ [$arch==mipsel]
+ test-inspector-async-hook-setup-at-inspect-brk: SKIP
+ test-inspector-async-hook-setup-at-signal: SKIP
+--- a/test/sequential/test-worker-prof.js
++++ b/test/sequential/test-worker-prof.js
+@@ -23,17 +23,17 @@
+ const fs = require('fs');
+ const { Worker, parentPort } = require('worker_threads');
+ parentPort.on('message', (m) => {
+- if (counter++ === 10)
++ if (counter++ === 1024)
+ process.exit(0);
+- parentPort.postMessage(
+- fs.readFileSync(m.toString()).slice(0, 1024 * 1024));
++ parentPort.postMessage(
++ fs.readFileSync(m.toString()).slice(0, 1024 * 1024));
+ });
+ `;
+
+ const { Worker } = require('worker_threads');
+ const w = new Worker(pingpong, { eval: true });
+ w.on('message', (m) => {
+- w.postMessage(process.execPath);
++ w.postMessage(__filename);
+ });
+
+ w.on('exit', common.mustCall(() => {
+@@ -46,12 +46,13 @@
+ }
+ process.exit(0);
+ }));
+- w.postMessage(process.execPath);
++ w.postMessage(__filename);
+ } else {
+ tmpdir.refresh();
++ const timeout = common.platformTimeout(30_000);
+ const spawnResult = spawnSync(
+ process.execPath, ['--prof', __filename, 'child'],
+- { cwd: tmpdir.path, encoding: 'utf8', timeout: 30_000 });
++ { cwd: tmpdir.path, encoding: 'utf8', timeout });
+ assert.strictEqual(spawnResult.stderr.toString(), '',
+ `child exited with an error: \
+ ${util.inspect(spawnResult)}`);
+@@ -72,7 +73,7 @@
+ // Test that at least 15 ticks have been recorded for both parent and child
+ // threads. When not tracking Worker threads, only 1 or 2 ticks would
+ // have been recorded.
+- // When running locally on x64 Linux, this number is usually at least 200
++ // When running locally, this number is usually around 200
+ // for both threads, so 15 seems like a very safe threshold.
+ assert(ticks >= 15, `${ticks} >= 15`);
+ }
Reply to: