net-libs/nodejs: in theory we should always link against dev-libs/libuv rather than the bundled version, that said we've had cases of other bundled deps ninja-linking against bundled libuv so let's include this package just in case. Upstream has released new versions and they are in the tree. dev-libs/libuv: upstream has NOT made a new release yet so it looks like we'll have to fix it ourselves for now the same way Node did, see https://github.com/nodejs/node/commit/a7496aba0a .
Unable to check for sanity: > no match for package: =net-libs/nodejs-14.17.3
All sanity-check issues have been resolved
[ebuild/upstream] while fixed libuv isn't in tree yet Thanks for reporting!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cbf461cda5a5fce4452786006677af74194a8f66 commit cbf461cda5a5fce4452786006677af74194a8f66 Author: Jakov Smolic <jakov.smolic@sartura.hr> AuthorDate: 2021-07-08 08:30:02 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2021-07-08 09:40:13 +0000 dev-libs/libuv: Bump to 1.41.1 Bug: https://bugs.gentoo.org/800986 Closes: https://github.com/gentoo/gentoo/pull/21565 Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr> Signed-off-by: Marek Szuba <marecki@gentoo.org> dev-libs/libuv/Manifest | 1 + dev-libs/libuv/libuv-1.41.1.ebuild | 58 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+)
dev-libs/libuv updated, thanks Jakov. Arches, please stabilise.
Tweaking the package list a bit to avoid confusion, since dev-libs/libuv is stable on more arches than net-libs/nodejs. Probably wouldn't matter given the latter isn't keyworded on hppa, ppc or sparc at all - but just in case.
Unable to check for sanity: > no match for package: =net-libs/nodejs-12.22.2
arm done
amd64 stable
arm64 done
ppc64 stable
Unable to check for sanity: > dependent bug #805053 has errors
Looking good on ppc. # cat libuv-800986.report USE tests started on So 15. Aug 23:57:30 CEST 2021 FEATURES=' test' USE='' succeeded for =dev-libs/libuv-1.41.1 USE='' succeeded for =dev-libs/libuv-1.41.1 revdep tests started on Mo 16. Aug 00:03:20 CEST 2021 FEATURES=' test' USE='' succeeded for net-dns/bind FEATURES=' test' USE='' succeeded for dev-util/cmake FEATURES=' test' USE='' succeeded for net-dns/bind-tools FEATURES=' test' USE='' succeeded for dev-python/gevent FEATURES=' test' USE='libuv' succeeded for net-libs/libwebsockets
ppc stable
sparc stable
x86 done
hppa done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bad4af375b4f4d9e4415a6093eff4cb99bbadb99 commit bad4af375b4f4d9e4415a6093eff4cb99bbadb99 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-08-19 12:08:16 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-08-19 12:08:56 +0000 dev-libs/libuv: Cleanup vulnerable 1.41.0 Bug: https://bugs.gentoo.org/800986 Package-Manager: Portage-3.0.22, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-libs/libuv/Manifest | 1 - dev-libs/libuv/libuv-1.41.0.ebuild | 58 -------------------------------------- 2 files changed, 59 deletions(-)
Cleanup done, kde out.
Please cleanup.
ahem. (In reply to Andreas Sturmlechner from comment #21) > Cleanup done, kde out.
Unable to check for sanity: > no match for package: =dev-libs/libuv-1.41.1
Resetting sanity check; package list is empty or all packages are done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f4efe2da5c43eeadc34aa6a2041c2fa963e1d7a6 commit f4efe2da5c43eeadc34aa6a2041c2fa963e1d7a6 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-16 12:19:14 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-16 12:19:45 +0000 [ GLSA 202401-23 ] libuv: Buffer Overread Bug: https://bugs.gentoo.org/800986 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-23.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=88bffd0cf8491b108b57ac229b72f8b472c31ed1 commit 88bffd0cf8491b108b57ac229b72f8b472c31ed1 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-08 11:16:15 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-08 11:16:37 +0000 [ GLSA 202405-29 ] Node.js: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/772422 Bug: https://bugs.gentoo.org/781704 Bug: https://bugs.gentoo.org/800986 Bug: https://bugs.gentoo.org/805053 Bug: https://bugs.gentoo.org/807775 Bug: https://bugs.gentoo.org/811273 Bug: https://bugs.gentoo.org/817938 Bug: https://bugs.gentoo.org/831037 Bug: https://bugs.gentoo.org/835615 Bug: https://bugs.gentoo.org/857111 Bug: https://bugs.gentoo.org/865627 Bug: https://bugs.gentoo.org/872692 Bug: https://bugs.gentoo.org/879617 Bug: https://bugs.gentoo.org/918086 Bug: https://bugs.gentoo.org/918614 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-29.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+)