[#340942] [test-only] FAILED (try 2) node.git=20.11.1-alt1

Girar awaiter (lav) girar-builder at altlinux.org
Sun Feb 18 19:00:59 MSK 2024 

https://git.altlinux.org/tasks/340942/logs/events.2.1.log

subtask  name  aarch64   armh  i586  ppc64le  x86_64
   #100  node    31:34  21:00  8:05    20:36   15:19

2024-Feb-18 15:24:53 :: test-only task #340942 for sisyphus resumed by lav:
#100 build 20.11.1-alt1 from /people/lav/packages/node.git fetched at 2024-Feb-18 13:10:21
2024-Feb-18 15:24:55 :: #100: force rebuild
2024-Feb-18 15:24:55 :: [x86_64] #100 node.git 20.11.1-alt1: build start
2024-Feb-18 15:24:55 :: [ppc64le] #100 node.git 20.11.1-alt1: build start
2024-Feb-18 15:24:55 :: [aarch64] #100 node.git 20.11.1-alt1: build start
2024-Feb-18 15:24:55 :: [armh] #100 node.git 20.11.1-alt1: build start
2024-Feb-18 15:24:55 :: [i586] #100 node.git 20.11.1-alt1: build start
2024-Feb-18 15:33:00 :: [i586] #100 node.git 20.11.1-alt1: build OK
2024-Feb-18 15:40:14 :: [x86_64] #100 node.git 20.11.1-alt1: build OK
2024-Feb-18 15:45:31 :: [ppc64le] #100 node.git 20.11.1-alt1: build OK
2024-Feb-18 15:45:55 :: [armh] #100 node.git 20.11.1-alt1: build OK
2024-Feb-18 15:56:29 :: [aarch64] #100 node.git 20.11.1-alt1: build OK
2024-Feb-18 15:57:03 :: #100: node.git 20.11.1-alt1: build check OK
2024-Feb-18 15:57:04 :: build check OK
2024-Feb-18 15:59:09 :: noarch check OK
 warning: existing source package npm is going to be replaced with node-20.11.1-alt1.src.rpm from subtask #100
 warning: existing source package npm is going to be replaced with node-20.11.1-alt1.src.rpm from subtask #100
2024-Feb-18 15:59:11 :: plan: src +1 -2 =19021, aarch64 +3 -3 =31964, armh +3 -3 =29789, i586 +3 -3 =31575, noarch +2 -2 =19681, ppc64le +3 -3 =31059, x86_64 +3 -3 =32872
#100 node 18.18.2-alt1 -> 20.11.1-alt1
 Sun Feb 18 2024 Vitaly Lipatov <lav at altlinux.ru> 20.11.1-alt1
 - new version 20.11.1 (with rpmrb script)
 - enable build npm subpackage
 - CVE-2024-21892: Code injection and privilege escalation through Linux capabilities- (High)
 - CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
 - CVE-2024-21896: Path traversal by monkey-patching Buffer internals- (High)
 - CVE-2024-22017: setuid() does not drop all privileges due to io_uring - (High)
 - CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
 - CVE-2024-21891: Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
 - CVE-2024-21890: Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
 [...]
2024-Feb-18 15:59:11 :: node: mentions vulnerabilities: CVE-2024-21892 CVE-2024-22019 CVE-2024-21896 CVE-2024-22017 CVE-2023-46809 CVE-2024-21891 CVE-2024-21890 CVE-2024-22025
2024-Feb-18 16:00:01 :: patched apt indices
2024-Feb-18 16:00:13 :: created next repo
2024-Feb-18 16:00:22 :: duplicate provides check OK
	x86_64: NEW unmet dependencies detected:
 node-canvas#2.8.0-alt1:sisyphus+325839.500.10.2 at 1690830394   nodejs(abi) = 108
 node-sass#9.0.0-alt1:sisyphus+325839.400.10.2 at 1690830332     nodejs(abi) = 108
 npmjs-fibers#4.0.3-alt2:sisyphus+325839.600.10.2 at 1690830420  nodejs(abi) = 108
	i586: NEW unmet dependencies detected:
 node-canvas#2.8.0-alt1:sisyphus+325839.500.10.2 at 1690829899   nodejs(abi) = 108
 node-sass#9.0.0-alt1:sisyphus+325839.400.10.2 at 1690829834     nodejs(abi) = 108
 npmjs-fibers#4.0.3-alt2:sisyphus+325839.600.10.2 at 1690829925  nodejs(abi) = 108
	aarch64: NEW unmet dependencies detected:
 node-canvas#2.8.0-alt1:sisyphus+325839.500.10.2 at 1690831430   nodejs(abi) = 108
 node-sass#9.0.0-alt1:sisyphus+325839.400.10.2 at 1690831310     nodejs(abi) = 108
 npmjs-fibers#4.0.3-alt2:sisyphus+325839.600.10.2 at 1690831476  nodejs(abi) = 108
	ppc64le: NEW unmet dependencies detected:
 node-canvas#2.8.0-alt1:sisyphus+325839.500.10.2 at 1690830980   nodejs(abi) = 108
 node-sass#9.0.0-alt1:sisyphus+325839.400.10.2 at 1690830852     nodejs(abi) = 108
 npmjs-fibers#4.0.3-alt2:sisyphus+325839.600.10.2 at 1690831030  nodejs(abi) = 108
	armh: NEW unmet dependencies detected:
 node-canvas#2.8.0-alt1:sisyphus+325839.500.10.2 at 1690830847   nodejs(abi) = 108
 node-sass#9.0.0-alt1:sisyphus+325839.400.10.2 at 1690830673     nodejs(abi) = 108
 npmjs-fibers#4.0.3-alt2:sisyphus+325839.600.10.2 at 1690830914  nodejs(abi) = 108
	ACLs of affected packages (3):
 node-canvas   lav @everybody
 node-sass     lav @everybody
 npmjs-fibers  majioa @everybody
2024-Feb-18 16:00:59 :: unmets: x86_64 +3 -0 =3, i586 +3 -0 =3, aarch64 +3 -0 =6, ppc64le +3 -0 =6, armh +3 -0 =10
2024-Feb-18 16:00:59 :: dependencies check FAILED
2024-Feb-18 16:00:59 :: task #340942 for sisyphus FAILED

More information about the Sisyphus-incominger mailing list