[Pkg-javascript-devel] Can I upload libuv1 1.48.0 to unstable ?
Hi libuv1 1.48.0 contains a fix for CVE-2024-24806. Can I upload it directly to unstable ? or do you have an on-going transition on nodejs ? All the best Dod -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] New version of libuv1 in experimental
Hi Following Jeremy's request, I've uploaded libuv1 1.46.0-1 in experimental. Please tell me if it's fine with you to upload to unstable. Without news from your group, I'll upload libuv1 in unstable at the end of September. All the best Dominique -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#1016305: nodejs: FTBFS: make[2]: *** [Makefile:504: test-ci-js] Error 1
On Sunday, 31 July 2022 16:35:12 CEST Jérémy Lal wrote: > Indeed, sorry for my somewhat irritated tone - it just happens that it was > the second time libuv1 was updated during a nodejs transition, and the > upstream bug it creates on nodejs hasn't been fixed yet, so it shoots the > transition in the guts. > Nodejs depends heavily on libuv1... I understand your furstration. Sorry about the mess. > Maybe a simple approach would be to upload libuv1 updates to experimental > first, and wait a week to see how it scares the others :) That I can do. All the best. -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#1016305: nodejs: FTBFS: make[2]: *** [Makefile:504: test-ci-js] Error 1
On Saturday, 30 July 2022 19:36:26 CEST you wrote: > libuv1 is a library, you're supposed to manage the transition: > https://wiki.debian.org/Teams/ReleaseTeam/Transitions This page applies when the new version breaks the ABI or API. This was not the case. There was no symbol change. The SO version of libuv1 has not changed since the transition between libuv and libuv1. > In particular, rebuild all reverse build dependencies and check they won't break is highly desirable. > There are tools and services in debian to do that (though honestly it's not so easy to setup). I'm already stretched quite thin. I'll see what I can do. In any case, I'd be happy to handover libuv1 to people willing to better maintain this package. All the best. -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#1016305: nodejs: FTBFS: make[2]: *** [Makefile:504: test-ci-js] Error 1
On Saturday, 30 July 2022 17:25:29 CEST you wrote: > libuv1 maintainer: please avoid uploading new versions when nodejs is > in transition... I package libuv1 because it's a dependency of moarvm. I don't follow nodejs releases, so I was not aware of on-going transition and I did not expect problems because only the minor version number was increased. On the other hand, I have no problem with delaying uploads of libuv1 provided someone warns me of issues in other packages. All the best -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] V8 depends from outdated and unmaintained libv8 with security issues
On Monday, 11 February 2019 09:51:11 CET Jérémy Lal wrote: > that's what i tried to do in the first place. > However, the lack of v8 soname and abi stability across versions gave me so > much additional work that i ended up not doing it at all, leading to v8 > being unmaintained. The solution here is purely practical, it offers a way > to get a maintained v8 in debian, for very low additional time cost, > because nodejs 10 will be maintained up until april 2021 [2] ok... Unfortunately, I cannot offer advice for the solution you've proposed. This goes way over my head. I'll let others chime in. All the best -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] V8 depends from outdated and unmaintained libv8 with security issues
Hi On Friday, 8 February 2019 12:10:01 CET Jérémy Lal wrote: > > I suppose i need to ask a removal of libv8 from unstable (it's removed > > from testing) to > > be able to "take" libv8-dev. Or maybe declare a libv8-in-nodejs-dev > > package ? > > In any case i don't know if i should make a libv8-xx package (which would > > basically be > > symlinks to libnode). > > Any advice is welcome... I think the following should happen: * update libv8 from new upstream source. [1] * build nodejs for Debian using the updated libv8 packages as required by Debian policy [2] Rakudo packaging team faced a similar issue with moarvm [3] which includes a convenience copy of libtommath and libuv1. We had to: * take over and update libuv1, libtommath packages that were outdated * add a Files-Excluded: line in marvm's debian/copyright to remove the convenience copies of libuv and libtommath * use options provided by moarvm build tools to use system libraries instead of the convenience copy. Hope this helps [1] Either https://chromium.googlesource.com/v8/v8.git or its "official" mirror https://github.com/v8/v8. [2] https://www.debian.org/doc/debian-policy/ch-source.html#convenience-copies-of-code [3] https://salsa.debian.org/perl6-team/moarvm -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#902941: libuv1/1.21.0-1 appears to break lua-luv/1.9.1-0-2 autopkgtest
On Tue, 3 Jul 2018 19:46:30 +0200 Paul Gevers wrote: > ok 9 fs - fs.scandir > ./tests/test-fs.lua:83: UNKNOWN FS TYPE 29 Looks like this issue has been fixed in upstream lua: https://github.com/luvit/luv/commit/853546063c88f0f06b680844b8a2c90dc13343d3 All the best -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#900237: libuv1: FTBFS on hppa: not ok 46 - fs_copyfile
On Saturday, 2 June 2018 17:01:42 CEST you wrote: > I tend to think there's an issue with the error codes either in the > kernel or libuv1. I doubt we are > actually running out of memory. ok. I've forwarded the bug upstream [1]. Please follow-up there. All the best [1] https://github.com/libuv/libuv/issues/1862 -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#898857: Bug#898857: also occurs in node-getpass, node-css, node-jsonstream, node-death ...
On Thursday, 17 May 2018 09:41:46 CEST Paolo Greppi wrote: > If we are sure that this is undesirable, we should also fix it in a lot of > other places: http://deb.li/RcWh We had a similar problem with Perl program delivered as debian packages. Now, Perl policy requires programs to start with #!/usr/bin/perl : https://www.debian.org/doc/packaging-manuals/perl-policy/ch-programs.html HTH -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#898857: /usr/lib/nodejs/js-yaml/bin/js-yaml.js: /usr/bin/js-yaml should use /usr/bin/node and not node from env
Package: node-js-yaml Version: 3.11.0+dfsg-1 Severity: normal File: /usr/lib/nodejs/js-yaml/bin/js-yaml.js Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? I have both nodejs installed by Debian package and an older node installed with a tarball (don't ask). The older node is preprended to PATH: $ type node node is /home/domi/bin/node js-yaml is installed with Debian package. Heres the result: $ js-yaml module.js:549 throw err; ^ Error: Cannot find module 'argparse' at Function.Module._resolveFilename (module.js:547:15) at Function.Module._load (module.js:474:25) at Module.require (module.js:596:17) at require (internal/module.js:11:18) at Object. (/usr/lib/nodejs/js-yaml/bin/js-yaml.js:14:16) at Module._compile (module.js:652:30) at Object.Module._extensions..js (module.js:663:10) at Module.load (module.js:565:32) at tryModuleLoad (module.js:505:12) at Function.Module._load (module.js:497:3) * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** When using Debian node, I have: $ /usr/bin/node /usr/bin/js-yaml The problem is: $ head -1 /usr/bin/js-yaml #!/usr/bin/env node js-yaml should be patched to begin with '#!/usr/bin/node` to always use node installed by Debian. All the best -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages node-js-yaml depends on: ii node-argparse 1.0.9-1 ii node-esprima 4.0.0+ds-2 ii nodejs 8.11.1~dfsg-2+b1 node-js-yaml recommends no packages. node-js-yaml suggests no packages. -- no debconf information -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] Migration of libuv1 to salsa
On Monday, 30 April 2018 15:23:47 CEST Luca BRUNO wrote: > Feel free to start migrating it to salsa, I've been slowly moving my other > stuff there too. Done: https://salsa.debian.org/debian/libuv1 > I'm not actively using libuv1 anymore, which is why I've > been lagging behind lately, but I guess I can still help from time to time. No problem. You're still in the Uploaders list. > I've just requested access to the team on salsa, feel to reach over > email/IRC in the next days if your want me to help/review/anything. Thanks for the offer. I'll keep that in mind. So far, the package upgrade was not too difficult. There's only one lintian warning left related to upsteam tarball signature. Since the upstream tarball was created by gbp from upstream git repo, I don't know how to fix this warning. Jérémy, I've released libuv1 1.20.2 in experimental as you requested. Please tell me when you want this package in unstable. All the best -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Migration of libuv1 to salsa
Hello libuv1 is used by projects than nodejs, Perl6 cmake and other. It's still hosted on alioth in in javascript team repo. It's only uploader is Luca Bruno. All uploads since 2016 were done by team uploads. Since Alioth is now deprecated, it's time to migrate libvu1 to Salsa. After discussion with Jérémy, we think that libuv1 should be hosted in Debian group on Salsa. Luca, as official uploader of libuv1, do you mind if I take over libuv1 ? The plan is to: - migrate libuv1 repo in Debian group on Salsa - dust-up the package if needed - release 1.20 on experimental You're all welcome to join the effort. Please tell me if you want to be added (or kept) as uploaders. All the best Dod -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
