From f6b6f7c450370ab5c83fde38846ff65a8b30affc Mon Sep 17 00:00:00 2001
From: volker <volker@openbsd.org>
Date: Thu, 15 May 2025 18:33:14 +0000
Subject: [PATCH] lang/node: Update to 22.15.1

Fixes
CVE-2025-23165
CVE-2025-23166

ok sthen@
---
 lang/node/Makefile                                     |  3 +--
 lang/node/distinfo                                     |  8 ++++----
 lang/node/patches/patch-common_gypi                    | 10 +++++-----
 lang/node/patches/patch-configure_py                   |  2 +-
 .../patch-deps_v8_src_codegen_riscv_cpu-riscv_cc       | 10 +++++-----
 lang/node/patches/patch-include_node_common_gypi       |  8 ++++----
 .../patches/patch-lib_internal_modules_cjs_loader_js   |  2 +-
 lang/node/patches/patch-lib_net_js                     |  2 +-
 lang/node/patches/patch-src_cares_wrap_h               |  2 +-
 lang/node/patches/patch-src_env_cc                     |  2 +-
 lang/node/patches/patch-tools_test_py                  |  2 +-
 lang/node/patches/patch-tools_v8_gypfiles_v8_gyp       |  6 +++---
 12 files changed, 28 insertions(+), 29 deletions(-)

diff --git a/lang/node/Makefile b/lang/node/Makefile
index db0d1c9b260..6b74b5553e9 100644
--- a/lang/node/Makefile
+++ b/lang/node/Makefile
@@ -5,7 +5,7 @@ USE_WXNEEDED =		Yes
 
 COMMENT = JavaScript runtime built on Chrome's V8 JavaScript engine
 
-NODE_VERSION =		v22.14.0
+NODE_VERSION =		v22.15.1
 PLEDGE_VER =		1.1.3
 DISTFILES =		${DISTNAME}-headers.tar.gz \
 			${DISTNAME}.tar.xz
@@ -14,7 +14,6 @@ DISTFILES.pledge =	node-pledge-{}${PLEDGE_VER}.tar.gz
 DISTNAME =		node-${NODE_VERSION}
 PKGNAME =		${DISTNAME:S/v//g}
 EPOCH =			0
-REVISION =		0
 
 SITES.pledge =		https://github.com/qbit/node-pledge/archive/
 
diff --git a/lang/node/distinfo b/lang/node/distinfo
index ee65a74a52d..b84d226e968 100644
--- a/lang/node/distinfo
+++ b/lang/node/distinfo
@@ -1,6 +1,6 @@
 SHA256 (node-pledge-1.1.3.tar.gz) = fEaXvLg6hYEJ69K+mgQFizf8DiJY2/DtyFJB/pEanVU=
-SHA256 (node-v22.14.0-headers.tar.gz) = cVrt9kGgJO/e7M1UXOSs3EdZFV4Iwy79/pBpkh/PqGs=
-SHA256 (node-v22.14.0.tar.xz) = xgmUa/eTtVx5VMJlgnYICNVMFhhdecsvuIBl5S3iGRQ=
+SHA256 (node-v22.15.1-headers.tar.gz) = dBDv0mDJL6pzbPpW9cvEHLtnLiDQB9GTU5ku+alsJEk=
+SHA256 (node-v22.15.1.tar.xz) = wZ8Bd9IcYhdGYl5fN1kL0NeacgQ7d7U3hMul8UXnJj4=
 SIZE (node-pledge-1.1.3.tar.gz) = 3167
-SIZE (node-v22.14.0-headers.tar.gz) = 8771344
-SIZE (node-v22.14.0.tar.xz) = 47753700
+SIZE (node-v22.15.1-headers.tar.gz) = 8733168
+SIZE (node-v22.15.1.tar.xz) = 48443648
diff --git a/lang/node/patches/patch-common_gypi b/lang/node/patches/patch-common_gypi
index eedb816e8aa..7e22a9411f3 100644
--- a/lang/node/patches/patch-common_gypi
+++ b/lang/node/patches/patch-common_gypi
@@ -1,7 +1,7 @@
 Index: common.gypi
 --- common.gypi.orig
 +++ common.gypi
-@@ -40,6 +40,9 @@
+@@ -42,6 +42,9 @@
  
      ##### V8 defaults for Node.js #####
  
@@ -11,7 +11,7 @@ Index: common.gypi
      # Turn on SipHash for hash seed generation, addresses HashWick
      'v8_use_siphash': 'true',
  
-@@ -191,7 +194,6 @@
+@@ -193,7 +196,6 @@
              }],
            ],
          },
@@ -19,7 +19,7 @@ Index: common.gypi
          'conditions': [
            ['enable_lto=="true"', {
              'cflags': ['<(lto)'],
-@@ -503,8 +505,10 @@
+@@ -515,8 +517,10 @@
              'standalone_static_library': 1,
            }],
            ['OS=="openbsd"', {
@@ -32,7 +32,7 @@ Index: common.gypi
            }],
            ['_toolset=="host"', {
              'conditions': [
-@@ -521,7 +525,7 @@
+@@ -533,7 +537,7 @@
                  'ldflags': [ '-m32' ],
                }],
                [ 'host_arch=="ppc64" and OS not in "aix os400"', {
@@ -41,7 +41,7 @@ Index: common.gypi
                  'ldflags': [ '-m64' ],
                }],
                [ 'host_arch=="s390x" and OS=="linux"', {
-@@ -545,7 +549,7 @@
+@@ -557,7 +561,7 @@
                  'ldflags': [ '-m32' ],
                }],
                [ 'target_arch=="ppc64" and OS not in "aix os400"', {
diff --git a/lang/node/patches/patch-configure_py b/lang/node/patches/patch-configure_py
index 100f17d8932..71160da535f 100644
--- a/lang/node/patches/patch-configure_py
+++ b/lang/node/patches/patch-configure_py
@@ -1,7 +1,7 @@
 Index: configure.py
 --- configure.py.orig
 +++ configure.py
-@@ -1685,7 +1685,11 @@ def configure_v8(o, configs):
+@@ -1739,7 +1739,11 @@ def configure_v8(o, configs):
    if sys.platform != 'darwin':
      if o['variables']['v8_enable_webassembly'] and o['variables']['target_arch'] == 'x64':
        o['variables']['v8_enable_wasm_simd256_revec'] = 1
diff --git a/lang/node/patches/patch-deps_v8_src_codegen_riscv_cpu-riscv_cc b/lang/node/patches/patch-deps_v8_src_codegen_riscv_cpu-riscv_cc
index c0d5625aa23..21c49a2ab2f 100644
--- a/lang/node/patches/patch-deps_v8_src_codegen_riscv_cpu-riscv_cc
+++ b/lang/node/patches/patch-deps_v8_src_codegen_riscv_cpu-riscv_cc
@@ -27,12 +27,12 @@ Index: deps/v8/src/codegen/riscv/cpu-riscv.cc
 +	sysarch(RISCV_SYNC_ICACHE, &args);
 +# else
    char* end = reinterpret_cast<char*>(start) + size;
-   // The definition of this syscall is equal to
-   // SYSCALL_DEFINE3(riscv_flush_icache, uintptr_t, start,
-@@ -25,6 +35,7 @@ void CpuFeatures::FlushICache(void* start, size_t size
-   // corresponding system call number used in the kernel to dispatch the system
+   // SYS_riscv_flush_icache is a symbolic constant used in user-space code to
+   // identify the flush_icache system call, while __NR_riscv_flush_icache is the
+@@ -21,6 +31,7 @@ void CpuFeatures::FlushICache(void* start, size_t size
    // call.
-   syscall(__NR_riscv_flush_icache, start, end, 1);
+   // The flag set to zero will flush all cpu cores.
+   syscall(__NR_riscv_flush_icache, start, end, 0);
 +# endif // __OpenBSD__
  #endif  // !USE_SIMULATOR.
  }
diff --git a/lang/node/patches/patch-include_node_common_gypi b/lang/node/patches/patch-include_node_common_gypi
index a4acf9b4d8d..4c426785409 100644
--- a/lang/node/patches/patch-include_node_common_gypi
+++ b/lang/node/patches/patch-include_node_common_gypi
@@ -1,7 +1,7 @@
 Index: include/node/common.gypi
 --- include/node/common.gypi.orig
 +++ include/node/common.gypi
-@@ -191,7 +191,6 @@
+@@ -193,7 +193,6 @@
              }],
            ],
          },
@@ -9,7 +9,7 @@ Index: include/node/common.gypi
          'conditions': [
            ['enable_lto=="true"', {
              'cflags': ['<(lto)'],
-@@ -503,7 +502,6 @@
+@@ -515,7 +514,6 @@
              'standalone_static_library': 1,
            }],
            ['OS=="openbsd"', {
@@ -17,7 +17,7 @@ Index: include/node/common.gypi
              'ldflags': [ '-Wl,-z,wxneeded' ],
            }],
            ['_toolset=="host"', {
-@@ -521,7 +519,7 @@
+@@ -533,7 +531,7 @@
                  'ldflags': [ '-m32' ],
                }],
                [ 'host_arch=="ppc64" and OS not in "aix os400"', {
@@ -26,7 +26,7 @@ Index: include/node/common.gypi
                  'ldflags': [ '-m64' ],
                }],
                [ 'host_arch=="s390x" and OS=="linux"', {
-@@ -545,7 +543,7 @@
+@@ -557,7 +555,7 @@
                  'ldflags': [ '-m32' ],
                }],
                [ 'target_arch=="ppc64" and OS not in "aix os400"', {
diff --git a/lang/node/patches/patch-lib_internal_modules_cjs_loader_js b/lang/node/patches/patch-lib_internal_modules_cjs_loader_js
index 58f08b04bde..1ca49bfbb64 100644
--- a/lang/node/patches/patch-lib_internal_modules_cjs_loader_js
+++ b/lang/node/patches/patch-lib_internal_modules_cjs_loader_js
@@ -1,7 +1,7 @@
 Index: lib/internal/modules/cjs/loader.js
 --- lib/internal/modules/cjs/loader.js.orig
 +++ lib/internal/modules/cjs/loader.js
-@@ -1811,7 +1811,10 @@ Module._initPaths = function() {
+@@ -2000,7 +2000,10 @@ Module._initPaths = function() {
      path.resolve(process.execPath, '..') :
      path.resolve(process.execPath, '..', '..');
  
diff --git a/lang/node/patches/patch-lib_net_js b/lang/node/patches/patch-lib_net_js
index d261fb968ca..4679da012de 100644
--- a/lang/node/patches/patch-lib_net_js
+++ b/lang/node/patches/patch-lib_net_js
@@ -13,7 +13,7 @@ for "any address" but that's not really a straightforward change).
 Index: lib/net.js
 --- lib/net.js.orig
 +++ lib/net.js
-@@ -1894,22 +1894,12 @@ function setupListenHandle(address, port, addressType,
+@@ -1896,22 +1896,12 @@ function setupListenHandle(address, port, addressType,
  
      let rval = null;
  
diff --git a/lang/node/patches/patch-src_cares_wrap_h b/lang/node/patches/patch-src_cares_wrap_h
index 7bd1e072f0f..378d7da0c99 100644
--- a/lang/node/patches/patch-src_cares_wrap_h
+++ b/lang/node/patches/patch-src_cares_wrap_h
@@ -1,7 +1,7 @@
 Index: src/cares_wrap.h
 --- src/cares_wrap.h.orig
 +++ src/cares_wrap.h
-@@ -527,4 +527,109 @@ using GetHostByAddrWrap = QueryWrap<ReverseTraits>;
+@@ -535,4 +535,109 @@ using GetHostByAddrWrap = QueryWrap<ReverseTraits>;
  
  #endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
  
diff --git a/lang/node/patches/patch-src_env_cc b/lang/node/patches/patch-src_env_cc
index 5e3107f67eb..2ab7bdbae55 100644
--- a/lang/node/patches/patch-src_env_cc
+++ b/lang/node/patches/patch-src_env_cc
@@ -1,7 +1,7 @@
 Index: src/env.cc
 --- src/env.cc.orig
 +++ src/env.cc
-@@ -791,7 +791,7 @@ std::string Environment::GetExecPath(const std::vector
+@@ -794,7 +794,7 @@ std::string Environment::GetExecPath(const std::vector
    uv_fs_req_cleanup(&req);
  #endif
  
diff --git a/lang/node/patches/patch-tools_test_py b/lang/node/patches/patch-tools_test_py
index 21f7af633d1..8013e62f5c7 100644
--- a/lang/node/patches/patch-tools_test_py
+++ b/lang/node/patches/patch-tools_test_py
@@ -1,7 +1,7 @@
 Index: tools/test.py
 --- tools/test.py.orig
 +++ tools/test.py
-@@ -962,9 +962,9 @@ class Context(object):
+@@ -960,9 +960,9 @@ class Context(object):
      if self.vm is not None:
        return self.vm
      if arch == 'none':
diff --git a/lang/node/patches/patch-tools_v8_gypfiles_v8_gyp b/lang/node/patches/patch-tools_v8_gypfiles_v8_gyp
index 9bdb4ad0f98..159552ef4b6 100644
--- a/lang/node/patches/patch-tools_v8_gypfiles_v8_gyp
+++ b/lang/node/patches/patch-tools_v8_gypfiles_v8_gyp
@@ -26,7 +26,7 @@ Index: tools/v8_gypfiles/v8.gyp
                      'sources': [
                        '<(V8_ROOT)/src/trap-handler/handler-inside-posix.h',
                      ],
-@@ -1113,7 +1116,7 @@
+@@ -1166,7 +1169,7 @@
              }],
              ['v8_enable_webassembly==1', {
                'conditions': [
@@ -35,7 +35,7 @@ Index: tools/v8_gypfiles/v8.gyp
                    'sources': [
                      '<(V8_ROOT)/src/trap-handler/handler-inside-posix.cc',
                      '<(V8_ROOT)/src/trap-handler/handler-outside-posix.cc',
-@@ -1290,7 +1293,7 @@
+@@ -1343,7 +1346,7 @@
          }],
          # Platforms that don't have Compare-And-Swap (CAS) support need to link atomic library
          # to implement atomic memory access
@@ -44,7 +44,7 @@ Index: tools/v8_gypfiles/v8.gyp
            'link_settings': {
              'libraries': ['-latomic', ],
            },
-@@ -1756,6 +1759,9 @@
+@@ -1809,6 +1812,9 @@
          '<!@pymod_do_main(GN-scraper "<(V8_ROOT)/BUILD.gn"  "\\"mksnapshot.*?sources = ")',
        ],
        'conditions': [