<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;
mso-fareast-language:EN-US;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:443691578;
mso-list-type:hybrid;
mso-list-template-ids:682414162 1074331649 1074331651 1074331653 1074331649 1074331651 1074331653 1074331649 1074331651 1074331653;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:72.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:144.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:180.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:216.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:252.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:288.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:324.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:360.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:527837909;
mso-list-template-ids:-1708769768;}
@list l1:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
mso-ascii-font-family:Aptos;
mso-fareast-font-family:Aptos;
mso-hansi-font-family:Aptos;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1224098753;
mso-list-template-ids:-437743376;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:1663771504;
mso-list-type:hybrid;
mso-list-template-ids:-2064622276 1074331649 1074331651 1074331653 1074331649 1074331651 1074331653 1074331649 1074331651 1074331653;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:72.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:144.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:180.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:216.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:252.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:288.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:324.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:360.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l4
{mso-list-id:1732464998;
mso-list-type:hybrid;
mso-list-template-ids:157971166 1074331649 1074331651 1074331653 1074331649 1074331651 1074331653 1074331649 1074331651 1074331653;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:72.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:144.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:180.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:216.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:252.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:288.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:324.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:360.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l5
{mso-list-id:1945267137;
mso-list-template-ids:1340372338;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-IN" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Hi Jeremy Lal,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">If I have understood your previous communication correctly, it appears that<o:p></o:p></p>
<ol style="margin-top:0cm" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo1">The tests for the following two packages are failing due to the OpenSSL
<a href="https://security-tracker.debian.org/tracker/CVE-2023-46809">CVE-2023-46809</a> fix. However, upon reviewing the patch changes, it seems that this behaviour is expected. The error encountered is a warning to the user about the deprecation of RSA_PKCS1_PADDING
for private decryption, with an option to revert the fix if necessary:<o:p></o:p></li></ol>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="mso-list:l3 level1 lfo2">node-node-rsa_1.1.1-4<o:p></o:p></li><li class="MsoListParagraph" style="mso-list:l3 level1 lfo2">node-public-encrypt_4.0.3-1<o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-left:36.0pt">Will it be appropriate to comment out this test?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0cm" start="2" type="1">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo1">This is part of the Math Team’s work, as seen here:
<a href="https://salsa.debian.org/math-team/macaulay2" target="_new">Macaulay2</a>. Considering this, do we really need to address this issue, like how you mentioned the case of
<b>dask.distributed_2022.12.1+ds.1-3</b>?<o:p></o:p></li></ol>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="mso-list:l0 level1 lfo3">macaulay2_1.21+ds-3<o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0cm" start="3" type="1">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo1">These two packages are failing due to issues with pkg-javascript, as mentioned for
<b>node-minipass_3.3.6+~cs9.4.19-1.</b><o:p></o:p></li></ol>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="mso-list:l4 level1 lfo4">node-rollup-plugin-sass_1.12.16-1 (dh_auto_test: error: /bin/sh -ex debian/tests/pkg-js/test)<o:p></o:p></li><li class="MsoListParagraph" style="mso-list:l4 level1 lfo4">node-mutate-fs_2.1.1-2 (dh_auto_test: error: /bin/sh -ex debian/tests/pkg-js/test)<o:p></o:p></li></ul>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Your input will be valuable in helping clarify the next steps for these issues.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Best Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Times New Roman",serif;color:black">Syeda Shagufta Naaz<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Times New Roman",serif;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Times New Roman",serif;color:black">Senior Software Developer<o:p></o:p></span></p>
<p class="MsoNormal"><b><span lang="FR" style="font-family:"Calibri",sans-serif;color:teal">SIEMENS</span></b><span lang="FR" style="font-family:"Calibri",sans-serif;color:black"> </span><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#015FBF">FT
FDS (Foundational Services)</span></b><span lang="EN-US" style="color:#212121"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Jérémy Lal <kapouer@melix.org>
<br>
<b>Sent:</b> 18 February 2025 05:32<br>
<b>To:</b> Naaz, Syeda Shagufta (FT FDS CES LX PBU 1) <syedashagufta.naaz@siemens.com><br>
<b>Cc:</b> pkg-javascript-devel@alioth-lists.debian.net; Hombourger, Cedric (FT FDS CES LX) <cedric.hombourger@siemens.com>; Kumar, Ritesh (FT FDS CES LX PBU RSOL) <ritesh-kumar@siemens.com>; Koturappa, Hemanth (FT FDS CES LX PBU 2) <hemanth.koturappa@siemens.com>;
Prusty, Badrikesh (FT FDS CES LX PBU 2) <badrikesh.prusty@siemens.com><br>
<b>Subject:</b> Re: Discrepancy in nodejs version in Debian Bookworm vs. Salsa Debian repository<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">Update:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Done: node-rollup_3.15.0-1<br>
Done: node-redis_4.5.1+~1.1.2-1<br>
Not a regression of nodejs, but is a pkg-javascript problem so it's Done: node-minipass_3.3.6+~cs9.4.19-1<br>
Not a regression of nodejs, not my problem at all: dask.distributed_2022.12.1+ds.1-3<br>
Not part of bookworm - just ignore: jquery_3.3.1~dfsg-3<br>
Done: node-csstype_3.1.1-1<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">"Done" means there is a FTBFS bug for that package,<o:p></o:p></p>
<div>
<p class="MsoNormal">and I opened a <a href="http://release.debian.org/">release.debian.org</a> bug containing a diff that fixes the FTBFS bug for that package.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">Le lun. 17 févr. 2025 à 12:04, Jérémy Lal <<a href="mailto:kapouer@melix.org">kapouer@melix.org</a>> a écrit :<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Thank you for this helpful work.<o:p></o:p></p>
<div>
<p class="MsoNormal">Yes, since the latest nodejs update to bookworm has been somewhat catastrophic,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">it is our duty to ensure the next one goes very smoothly for it to be accepted.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">To sum up, we have this:<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Those packages fail with nodejs_18.19.0+dfsg-6~deb12u1 and nodejs_18.20.4+dfsg-1~deb12u1<br>
node-rollup_3.15.0-1<br>
node-redis_4.5.1+~1.1.2-1<br>
node-minipass_3.3.6+~cs9.4.19-1<br>
dask.distributed_2022.12.1+ds.1-3<br>
jquery_3.3.1~dfsg-3<br>
node-csstype_3.1.1-1<br>
node-recast_0.21.1-1<br>
node-js-sdsl_4.1.4-2<br>
node-wikibase-cli_15.15.4-4<br>
node-regexpp_3.2.0-4<br>
science.js_1.9.3+dfsg-3<br>
moment-timezone.js_0.5.40+dfsg-1+2023c<br>
node-resolve_1.22.1+~cs5.31.10-1<br>
node-jest_29.3.1~ds1+~cs70.48.25-2<br>
node-jschardet_3.0.0+dfsg+~1.4.0-2<br>
node-lib0_0.2.58-1<br>
<br>
1 package builds with nodejs_18.20.4+dfsg-1~deb12u1<br>
PASSED: firefox-esr_128.5.0esr-1~deb12u1<br>
<br>
5 new failures with nodejs_18.20.4+dfsg-1~deb12u1:<br>
node-node-rsa_1.1.1-4<br>
node-rollup-plugin-sass_1.12.16-1<br>
macaulay2_1.21+ds-3<br>
node-public-encrypt_4.0.3-1<br>
node-mutate-fs_2.1.1-2<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The goal is to fix them (ensure they build, and their autopkgtest pass for node 18.20.4), then do a reportbug
<a href="http://release.debian.org/" target="_blank">release.debian.org</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">to bookworm-pu for each of them, finishing with a bookworm-pu for nodejs 18.20.4.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Attention: some of them might already have bookworm-pu bugs opened.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">Le lun. 17 févr. 2025 à 11:36, Naaz, Syeda Shagufta <<a href="mailto:syedashagufta.naaz@siemens.com" target="_blank">syedashagufta.naaz@siemens.com</a>> a écrit :<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi Jeremy Lal,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Thank you for your earlier email.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">As per your suggestion, I have attached the RATT test results for Node.js versions 18.19.0 and 18.20.4, covering a total of 1707 packages, along with the build logs for the failed
packages.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Upon reviewing the results, I noticed the following:<o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo5">
Version 18.19.0 has failures in <b>18</b> packages.<o:p></o:p></li></ul>
<ul type="disc">
<ol start="1" type="1">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level2 lfo5">
firefox-esr_128.5.0esr-1~deb12u1: this package failed in version 18.19.0 but passed in version 18.20.4.<o:p></o:p></li></ol>
</ul>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo5">
Version 18.20.4 has failures in <b>22</b> packages, of which 5 are additional compared to v18.19.0:<o:p></o:p></li></ul>
<ul type="disc">
<ol start="1" type="1">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level2 lfo6">
node-public-encrypt_4.0.3-1 (failure in dh_auto_test)<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level2 lfo6">
node-node-rsa_1.1.1-4 (failure in dh_auto_test)<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level2 lfo6">
node-rollup-plugin-sass_1.12.16-1 (failure in dh_auto_test)<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level2 lfo6">
macaulay2_1.21+ds-3 (failure in dh_auto_build)<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level2 lfo6">
node-mutate-fs_2.1.1-2 (failure in dh_auto_test)<o:p></o:p></li></ol>
</ul>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I also noticed that the first two packages are failing due to the Openssl CVE fix for
<a href="https://salsa.debian.org/js-team/nodejs/-/blob/debian/bookworm/debian/changelog?ref_type=heads#L20" target="_blank">
CVE-2023-46809</a> .<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Could the additional failures in version 18.20.4 be the reason the update has not yet been implemented?<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I would appreciate your insights on this matter. Please let me know your thoughts.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Best Regards,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-family:"Times New Roman",serif;color:black">Syeda Shagufta Naaz</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-family:"Times New Roman",serif;color:black"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Times New Roman",serif;color:black">Senior Software Developer</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="FR" style="font-family:"Calibri",sans-serif;color:teal">SIEMENS</span></b><span lang="FR" style="font-family:"Calibri",sans-serif;color:black"> </span><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#015FBF">FT
FDS (Foundational Services)</span></b><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:8.0pt;font-family:"Times New Roman",serif;color:#7F7F7F"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Jérémy
Lal <</span><a href="mailto:kapouer@melix.org" target="_blank"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">kapouer@melix.org</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">>
<br>
<b>Sent:</b> 07 February 2025 16:31<br>
<b>To:</b> Naaz, Syeda Shagufta (FT FDS CES LX PBU 1) <</span><a href="mailto:syedashagufta.naaz@siemens.com" target="_blank"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">syedashagufta.naaz@siemens.com</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">><br>
<b>Cc:</b> </span><a href="mailto:pkg-javascript-devel@alioth-lists.debian.net" target="_blank"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">pkg-javascript-devel@alioth-lists.debian.net</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">;
Hombourger, Cedric (FT FDS CES LX) <</span><a href="mailto:cedric.hombourger@siemens.com" target="_blank"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">cedric.hombourger@siemens.com</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">>;
Kumar, Ritesh (FT FDS CES LX PBU RSOL) <</span><a href="mailto:ritesh-kumar@siemens.com" target="_blank"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">ritesh-kumar@siemens.com</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">>;
Koturappa, Hemanth (FT FDS CES LX PBU 2) <</span><a href="mailto:hemanth.koturappa@siemens.com" target="_blank"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">hemanth.koturappa@siemens.com</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">>;
Prusty, Badrikesh (FT FDS CES LX PBU 2) <</span><a href="mailto:badrikesh.prusty@siemens.com" target="_blank"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">badrikesh.prusty@siemens.com</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">><br>
<b>Subject:</b> Re: Discrepancy in nodejs version in Debian Bookworm vs. Salsa Debian repository</span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Also note that debian/trixie will have a version of nodejs that uses even more external dependencies,<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">with a source tarball excluding the externalized dependencies, which will make the process of doing security uploads easier for everyone.<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Le ven. 7 févr. 2025 à 11:59, Jérémy Lal <<a href="mailto:kapouer@melix.org" target="_blank">kapouer@melix.org</a>> a écrit :<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Security uploads take a lot of work to ensure all reverse (build-)dependencies of a package build and pass their test suite successfully.<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">For that last upload, I in particular, lost track of time.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">To help me, one can redo those verifications, and then, once several packages failing to rebuild have been identified,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">they must be fixed, proposed to bookworm, and once they are all accepted, that version of nodejs can be proposed to bookworm too.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Le ven. 7 févr. 2025 à 11:04, Naaz, Syeda Shagufta <<a href="mailto:syedashagufta.naaz@siemens.com" target="_blank">syedashagufta.naaz@siemens.com</a>> a écrit :<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Package: nodejs<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Version: 18.19.0+dfsg-6~deb12u2<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Severity: critical<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Dear Debian Community,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">We are currently working with the
<a href="https://packages.debian.org/bookworm/nodejs" target="_blank">Debian Bookworm</a> 12.9 release for our project and observed that the nodejs version is
<b>18.19.0+dfsg-6~deb12u2</b>. <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">However, upon reviewing the
<a href="https://salsa.debian.org/js-team/nodejs/-/blob/debian/bookworm/debian/changelog?ref_type=heads" target="_blank">
salsa-debian/bookworm</a> branch, we noticed that version <b>18.20.4+dfsg-1~deb12u1
</b>is available, which includes fixes for multiple CVE issues, such as, <o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l5 level1 lfo7">
<a href="https://security-tracker.debian.org/tracker/CVE-2024-27983" target="_blank">CVE-2024-27983</a> (<b>8.2 HIGH</b>)<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l5 level1 lfo7">
<a href="https://security-tracker.debian.org/tracker/CVE-2024-21892" target="_blank">CVE-2024-21892</a> (<b>7.5 HIGH</b>)<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l5 level1 lfo7">
<a href="https://security-tracker.debian.org/tracker/CVE-2024-22019" target="_blank">CVE-2024-22019</a> (<b>7.5 HIGH</b>)
<o:p></o:p></li></ul>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">These fixes are not included in the current Bookworm release. Having the severity of some of these vulnerabilities as High, we are eager for these fixes to be available.
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Could you please help clarify why there is a discrepancy between the version in the Bookworm release and the one on salsa? Is there a any specific reason for the delay and, is there
any fixed timeline for resolving this? <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I appreciate your time and guidance on this matter.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Best Regards,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-family:"Times New Roman",serif;color:black">Syeda Shagufta Naaz</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Times New Roman",serif;color:black">Senior Software Developer</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="FR" style="font-family:"Calibri",sans-serif;color:teal">SIEMENS</span></b><span lang="FR" style="font-family:"Calibri",sans-serif;color:black"> </span><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#015FBF">FT
FDS (Foundational Services)</span></b><o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</body>
</html>