Re: [blfs-book] [BLFS Trac] #13628: node.js-12.18.0

2020-06-03 Thread BLFS Trac via blfs-book 
#13628: node.js-12.18.0
-+-
 Reporter:  bdubbs   |   Owner:  ken@…
 Type:  enhancement  |  Status:  closed
 Priority:  high |   Milestone:  9.2
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:  fixed
 Keywords:   |
-+-
Changes (by ken@…):

 * status:  assigned => closed
 * resolution:   => fixed


--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #13628: node.js-12.18.0

2020-06-03 Thread BLFS Trac via blfs-book 
#13628: node.js-12.18.0
-+---
 Reporter:  bdubbs   |   Owner:  ken@…
 Type:  enhancement  |  Status:  assigned
 Priority:  high |   Milestone:  9.2
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---

Comment (by ken@…):

 r23238

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #13628: node.js-12.18.0

2020-06-03 Thread BLFS Trac via blfs-book 
#13628: node.js-12.18.0
-+---
 Reporter:  bdubbs   |   Owner:  ken@…
 Type:  enhancement  |  Status:  assigned
 Priority:  high |   Milestone:  9.2
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---

Comment (by ken@…):

 LOL - same thing with 12.18.0, but '''much''' later in the build:

 {{{
   g++ -o
 /tmp/node-v12.18.0/out/Release/obj.target/libnode/src/node_main_instance.o
 ../src/node_main_instance.cc '-DV8_DEPRECATION_WARNINGS'
 '-DV8_IMMINENT_DEPRECATION_WARNINGS' '-D__STDC_FORMAT_MACROS'
 '-DNODE_ARCH="x64"' '-DNODE_PLATFORM="linux"' '-DNODE_WANT_INTERNALS=1'
 '-DV8_DEPRECATION_WARNINGS=1' '-DNODE_OPENSSL_SYSTEM_CERT_PATH=""'
 '-DHAVE_INSPECTOR=1' '-DNODE_ENABLE_LARGE_CODE_PAGES=1' '-D__POSIX__'
 '-DNODE_USE_V8_PLATFORM=1' '-DNODE_HAVE_I18N_SUPPORT=1' '-DHAVE_OPENSSL=1'
 '-DHTTP_PARSER_STRICT=0' -I../src -I/tmp/node-v12.18.0/out/Release/obj/gen
 -I/tmp/node-v12.18.0/out/Release/obj/gen/include
 -I/tmp/node-v12.18.0/out/Release/obj/gen/src -I../deps/histogram/src
 -I../deps/uvwasi/include -I../deps/v8/include -I../deps/http_parser
 -I../deps/llhttp/include -I../deps/brotli/c/include  -Wall -Wextra -Wno-
 unused-parameter -pthread -Wall -Wextra -Wno-unused-parameter -m64 -O3
 -fno-omit-frame-pointer -fno-rtti -fno-exceptions -std=gnu++1y -MMD -MF
 
/tmp/node-v12.18.0/out/Release/.deps//tmp/node-v12.18.0/out/Release/obj.target/libnode/src/node_main_instance.o.d.raw
 -c
 ../src/node_http2.cc: In constructor
 ‘node::http2::Http2Options::Http2Options(node::Environment*,
 node::http2::nghttp2_session_type)’:
 ../src/node_http2.cc:208:5: error: ‘nghttp2_option_set_max_settings’ was
 not declared in this scope; did you mean
 ‘nghttp2_session_get_local_settings’?
   208 | nghttp2_option_set_max_settings(
   | ^~~
   | nghttp2_session_get_local_settings
 make[1]: *** [libnode.target.mk:312:
 /tmp/node-v12.18.0/out/Release/obj.target/libnode/src/node_http2.o] Error
 1
 make[1]: *** Waiting for unfinished jobs
 rm 73501ab4a15ac1976d85a42d4b1411adf8b5c565.intermediate
 7e94f4e661e7e5240dae4678ebaadb5815e77149.intermediate
 df6f4b4d94ad49be3670a6d94f5b02b2b470dad2.intermediate
 a4ab6356d5f8872547b211c11ac56c2fa720f99f.intermediate
 make: *** [Makefile:101: node] Error 2
 }}}

 Dropping system nghttp2, we can discuss whether we want to move to v14
 separately.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #13628: node.js-12.18.0

2020-06-03 Thread BLFS Trac via blfs-book 
#13628: node.js-12.18.0
-+
 Reporter:  bdubbs   |   Owner:  blfs-book
 Type:  enhancement  |  Status:  new
 Priority:  high |   Milestone:  9.2
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+

Comment (by ken@…):

 Replying to [comment:2 ken@…]:
 > I wonder if we should move to v14 (14.4.0 in this case, which has the
 same fixes). I suggested in the past that we should use the active version
 [https://nodejs.org/en/about/releases/] which will be v12 until 20th
 October but does not support python3. Python3 was added as the default
 during node v13, but that series was only ever 'current' (development) and
 is now defunct (last release in April).
 >
 > v14 is 'current' until October, looks as if moving to it will cause more
 frequent updates, and perhaps some possible breakage.  Dunno if it is
 right for the book.

 I don't normally install nghttp2 unless I'm editing, so I built and
 installed 14.4.0 without system nghttp, closed my desktop, fresh instances
 of browsers, all seems fine. Installed nghttp2.
 Started to build by the book, quickly failed:

 {{{
   g++ -o /tmp/node-v14.4.0/out/Release/obj.target/libnode/src/node_i18n.o
 ../src/node_i18n.cc '-DV8_DEPRECATION_WARNINGS'
 '-DV8_IMMINENT_DEPRECATION_WARNINGS' '-D__STDC_FORMAT_MACROS'
 '-DNODE_ARCH="x64"' '-DNODE_PLATFORM="linux"' '-DNODE_WANT_INTERNALS=1'
 '-DV8_DEPRECATION_WARNINGS=1' '-DNODE_OPENSSL_SYSTEM_CERT_PATH=""'
 '-DHAVE_INSPECTOR=1' '-DNODE_ENABLE_LARGE_CODE_PAGES=1' '-D__POSIX__'
 '-DNODE_USE_V8_PLATFORM=1' '-DNODE_HAVE_I18N_SUPPORT=1' '-DHAVE_OPENSSL=1'
 -I../src -I/tmp/node-v14.4.0/out/Release/obj/gen
 -I/tmp/node-v14.4.0/out/Release/obj/gen/include
 -I/tmp/node-v14.4.0/out/Release/obj/gen/src -I../deps/histogram/src
 -I../deps/uvwasi/include -I../deps/v8/include -I../deps/llhttp/include
 -I../deps/brotli/c/include  -Wall -Wextra -Wno-unused-parameter -pthread
 -Wall -Wextra -Wno-unused-parameter -m64 -O3 -fno-omit-frame-pointer -fno-
 rtti -fno-exceptions -std=gnu++1y -MMD -MF
 
/tmp/node-v14.4.0/out/Release/.deps//tmp/node-v14.4.0/out/Release/obj.target/libnode/src/node_i18n.o.d.raw
 -c
 ../src/node_http2.cc: In constructor
 ‘node::http2::Http2Options::Http2Options(node::http2::Http2State*,
 node::http2::SessionType)’:
 ../src/node_http2.cc:200:5: error: ‘nghttp2_option_set_max_settings’ was
 not declared in this scope; did you mean
 ‘nghttp2_session_get_local_settings’?
   200 | nghttp2_option_set_max_settings(
   | ^~~
   | nghttp2_session_get_local_settings
 }}}

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #13628: node.js-12.18.0

2020-06-03 Thread BLFS Trac via blfs-book 
#13628: node.js-12.18.0
-+---
 Reporter:  bdubbs   |   Owner:  ken@…
 Type:  enhancement  |  Status:  assigned
 Priority:  high |   Milestone:  9.2
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---
Changes (by ken@…):

 * owner:  blfs-book => ken@…
 * status:  new => assigned


Comment:

 Taking this (for v12.18.0) because of the urgency.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #13628: node.js-12.18.0

2020-06-03 Thread BLFS Trac via blfs-book 
#13628: node.js-12.18.0
-+
 Reporter:  bdubbs   |   Owner:  blfs-book
 Type:  enhancement  |  Status:  new
 Priority:  high |   Milestone:  9.2
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+

Comment (by ken@…):

 I wonder if we should move to v14 (14.4.0 in this case, which has the same
 fixes). I suggested in the past that we should use the active version
 [https://nodejs.org/en/about/releases/] which will be v12 until 20th
 October but does not support python3. Python3 was added as the default
 during node v13, but that series was only ever 'current' (development) and
 is now defunct (last release in April).

 v14 is 'current' until October, looks as if moving to it will cause more
 frequent updates, and perhaps some possible breakage.  Dunno if it is
 right for the book.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #13628: node.js-12.18.0

2020-06-02 Thread BLFS Trac via blfs-book 
#13628: node.js-12.18.0
-+
 Reporter:  bdubbs   |   Owner:  blfs-book
 Type:  enhancement  |  Status:  new
 Priority:  high |   Milestone:  9.2
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+
Changes (by renodr):

 * priority:  normal => high


Comment:

 {{{
 2020-06-02, Version 12.18.0 'Erbium' (LTS), @targos
 Notable changes

 This is a security release.

 Vulnerabilities fixed:

 CVE-2020-8172: TLS session reuse can lead to host certificate
 verification bypass (High).
 CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
 CVE-2020-8174: napi_get_value_string_*() allows various kinds of
 memory corruption (High).

 Commits

 [c6d0bdacc4] - crypto: update root certificates (AshCripps) #33682
 [916b2824d1] - (SEMVER-MINOR) deps: update nghttp2 to 1.41.0 (James M
 Snell) nodejs-private/node-private#206
 [d381426377] - (SEMVER-MINOR) http2: implement support for max
 settings entries (James M Snell) nodejs-private/node-private#206
 [7dd8982570] - napi: fix memory corruption vulnerability (Tobias
 Nießen) nodejs-private/node-private#195
 [0932309af2] - tls: emit session after verifying certificate (Fedor
 Indutny) nodejs-private/node-private#200
 [c392d3923f] - tools: update certdata.txt (AshCripps) #33682
 }}}

 Two high severity vulnerabilities (the TLS session reuse vulnerability is
 extremely important), and one low security vulnerability.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page