Comment 1 Marek Szuba (RETIRED) 2021-01-04 21:36:27 UTC

BTW. CVE-2020-1971 is technically an OpenSSL vulnerability, thus only affecting USE=-system-ssl installations of nodejs.

Comment 2 John Helmert III 2021-01-04 21:40:36 UTC

Thank you!

Comment 3 Marek Szuba (RETIRED) 2021-01-04 22:01:01 UTC

My bad, v15 is not a LTS branch so we do not want to stabilise 15.5.1.

Comment 4 Andreas Sturmlechner 2021-01-04 22:29:25 UTC

Do these versions play well with ICU-68 at runtime?

Comment 5 Sam James 2021-01-06 03:10:18 UTC

x86 done

Comment 6 Sam James 2021-01-06 06:37:02 UTC

arm done

Comment 7 Sam James 2021-01-07 01:10:23 UTC

arm64 done

Comment 8 Sam James 2021-01-07 10:05:19 UTC

amd64 done

Comment 9 ernsteiswuerfel 2021-01-08 15:02:18 UTC

Created attachment 681943 [details]
build.log.xz (12.20.1, ppc64)

12.20.1 fails to build at all on ppc64.
14.15.4 is doing fine on ppc64. 

 # cat nodejs-763588.report 
USE tests started on Fr 8. Jan 11:20:29 CET 2021

 FEATURES=' test' failed for =net-libs/nodejs-12.20.1
USE='doc icu -inspector -npm -snapshot ssl -system-ssl -systemtap' failed for =net-libs/nodejs-12.20.1
USE='-doc -icu -inspector npm snapshot ssl -system-ssl -systemtap' failed for =net-libs/nodejs-12.20.1
USE='doc icu -inspector npm -snapshot ssl system-ssl -systemtap' failed for =net-libs/nodejs-12.20.1
USE='-doc icu -inspector -npm snapshot ssl system-ssl -systemtap' failed for =net-libs/nodejs-12.20.1
USE='-doc icu inspector -npm -snapshot ssl system-ssl -systemtap' failed for =net-libs/nodejs-12.20.1
USE='doc icu -inspector -npm snapshot ssl -system-ssl systemtap' failed for =net-libs/nodejs-12.20.1
USE='doc -icu -inspector -npm -snapshot ssl system-ssl systemtap' failed for =net-libs/nodejs-12.20.1
USE='doc -icu -inspector -npm snapshot ssl system-ssl systemtap' failed for =net-libs/nodejs-12.20.1
USE='-doc -icu -inspector -npm -snapshot ssl system-ssl systemtap' failed for =net-libs/nodejs-12.20.1
USE='-doc icu -inspector -npm -snapshot ssl system-ssl systemtap' failed for =net-libs/nodejs-12.20.1
USE='doc icu -inspector -npm -snapshot ssl system-ssl systemtap' failed for =net-libs/nodejs-12.20.1
USE='doc icu inspector npm snapshot ssl system-ssl systemtap' failed for =net-libs/nodejs-12.20.1

FEATURES=' test' USE='' succeeded for =net-libs/nodejs-14.15.4
USE='-doc icu -inspector npm -pax_kernel -snapshot ssl system-icu -system-ssl -systemtap' succeeded for =net-libs/nodejs-14.15.4
USE='-doc icu inspector npm -pax_kernel snapshot ssl system-icu -system-ssl -systemtap' succeeded for =net-libs/nodejs-14.15.4
USE='doc icu -inspector npm pax_kernel snapshot ssl -system-icu system-ssl -systemtap' succeeded for =net-libs/nodejs-14.15.4
USE='-doc -icu -inspector -npm -pax_kernel -snapshot ssl -system-icu system-ssl -systemtap' succeeded for =net-libs/nodejs-14.15.4
USE='-doc icu inspector -npm -pax_kernel -snapshot ssl system-icu system-ssl -systemtap' succeeded for =net-libs/nodejs-14.15.4
USE='-doc icu inspector npm pax_kernel snapshot ssl -system-icu -system-ssl systemtap' succeeded for =net-libs/nodejs-14.15.4
USE='doc icu -inspector -npm pax_kernel snapshot ssl -system-icu system-ssl systemtap' succeeded for =net-libs/nodejs-14.15.4
USE='-doc icu -inspector -npm -pax_kernel -snapshot ssl -system-icu system-ssl systemtap' succeeded for =net-libs/nodejs-14.15.4
USE='-doc icu inspector npm -pax_kernel -snapshot ssl system-icu system-ssl systemtap' succeeded for =net-libs/nodejs-14.15.4
USE='-doc icu -inspector -npm pax_kernel -snapshot ssl system-icu system-ssl systemtap' succeeded for =net-libs/nodejs-14.15.4
USE='doc icu -inspector npm pax_kernel snapshot ssl system-icu system-ssl systemtap' succeeded for =net-libs/nodejs-14.15.4
USE='-doc -icu -inspector -npm pax_kernel snapshot ssl -system-icu system-ssl systemtap' succeeded for =net-libs/nodejs-14.15.4

Comment 10 Marek Szuba (RETIRED) 2021-01-08 22:57:30 UTC

(In reply to ernsteiswuerfel from comment #9)

> 12.20.1 fails to build at all on ppc64.

Whee, this mksnapshot crap again. I've just re-added the old ppc64-fix patch to this ebuild, please try again.

Comment 11 ernsteiswuerfel 2021-01-09 18:02:46 UTC

(In reply to Marek Szuba from comment #10)
> (In reply to ernsteiswuerfel from comment #9)
> 
> > 12.20.1 fails to build at all on ppc64.
> 
> Whee, this mksnapshot crap again. I've just re-added the old ppc64-fix patch
> to this ebuild, please try again.
Thanks! With the patch all 12.20.1 tatt builds and the tests pass.

Comment 12 Sam James 2021-01-10 12:42:02 UTC

ppc64 done

all arches done

Comment 13 Larry the Git Cow 2021-01-10 16:02:04 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=117f9248b0eb375dc69e45a7635185beca18e9be

commit 117f9248b0eb375dc69e45a7635185beca18e9be
Author:     Marek Szuba <marecki@gentoo.org>
AuthorDate: 2021-01-10 16:01:02 +0000
Commit:     Marek Szuba <marecki@gentoo.org>
CommitDate: 2021-01-10 16:01:02 +0000

    net-libs/nodejs: remove old
    
    No versions vulnerable to CVE-2020-8265, CVE-2020-8287 or CVE-2020-1971
    left in the tree.
    
    Bug: https://bugs.gentoo.org/763588
    Signed-off-by: Marek Szuba <marecki@gentoo.org>

 net-libs/nodejs/Manifest              |   3 -
 net-libs/nodejs/nodejs-12.19.1.ebuild | 218 ----------------------------------
 net-libs/nodejs/nodejs-14.15.0.ebuild | 202 -------------------------------
 net-libs/nodejs/nodejs-14.15.1.ebuild | 208 --------------------------------
 4 files changed, 631 deletions(-)

Comment 14 GLSAMaker/CVETool Bot 2021-01-11 09:17:11 UTC

This issue was resolved and addressed in
 GLSA 202101-07 at https://security.gentoo.org/glsa/202101-07
by GLSA coordinator Sam James (sam_c).