[Bug 263930] www/firefox build failure

Reply: bugzilla-noreply_a_freebsd.org: "maintainer-feedback requested: [Bug 263930] www/firefox build failure"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 263930] www/firefox build failure"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 263930] www/firefox build failure"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 11 May 2022 21:47:38 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263930

            Bug ID: 263930
           Summary: www/firefox build failure
           Product: Ports & Packages
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: gecko@FreeBSD.org
          Reporter: andy@neu.net
             Flags: maintainer-feedback?(gecko@FreeBSD.org)
          Assignee: gecko@FreeBSD.org

# uname -aK
FreeBSD FBSD14 14.0-CURRENT FreeBSD 14.0-CURRENT #3 main-n255391-c6df2176038:
Sun May  8 16:58:58 EDT 2022    
root@FBSD14:/usr/obj/usr/src/amd64.amd64/sys/MYKERNEL amd64 1400058



--->  Upgrade of www/firefox started at: Wed, 11 May 2022 17:30:55 -0400
--->  Upgrading 'firefox-99.0.1_2,2' to 'firefox-100.0_4,2' (www/firefox)
--->  Build of www/firefox started at: Wed, 11 May 2022 17:30:55 -0400
--->  Building '/usr/ports/www/firefox'
===>  Cleaning for firefox-100.0_4,2
pkg-static: Bad argument on pkg_set 554281361
===>   firefox-100.0_4,2 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by firefox-100.0_4,2 for building
===>  Extracting for firefox-100.0_4,2
=> SHA256 Checksum OK for firefox-100.0.source.tar.xz.
===>  Patching for firefox-100.0_4,2
===>  Applying FreeBSD patches for firefox-100.0_4,2 from
/usr/ports/www/firefox/files
===>   firefox-100.0_4,2 depends on package: nspr>=4.32 - found
===>   firefox-100.0_4,2 depends on package: nss>=3.76 - found
===>   firefox-100.0_4,2 depends on package: icu>=70.1 - found
===>   firefox-100.0_4,2 depends on package: libevent>=2.1.8 - found
===>   firefox-100.0_4,2 depends on package: harfbuzz>=4.1.0 - found
===>   firefox-100.0_4,2 depends on package: graphite2>=1.3.14 - found
===>   firefox-100.0_4,2 depends on package: png>=1.6.37 - found
===>   firefox-100.0_4,2 depends on package: dav1d>=1.0.0 - found
===>   firefox-100.0_4,2 depends on package: libvpx>=1.8.2 - found
===--->  Upgrade of www/firefox started at: Wed, 11 May 2022 17:30:55 -0400
--->  Upgrading 'firefox-99.0.1_2,2' to 'firefox-100.0_4,2' (www/firefox)
--->  Build of www/firefox started at: Wed, 11 May 2022 17:30:55 -0400
--->  Building '/usr/ports/www/firefox'
===>  Cleaning for firefox-100.0_4,2
pkg-static: Bad argument on pkg_set 554281361
===>   firefox-100.0_4,2 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by firefox-100.0_4,2 for building
===>  Extracting for firefox-100.0_4,2
=> SHA256 Checksum OK for firefox-100.0.source.tar.xz.
===>  Patching for firefox-100.0_4,2
===>  Applying FreeBSD patches for firefox-100.0_4,2 from
/usr/ports/www/firefox/files
===>   firefox-100.0_4,2 depends on package: nspr>=4.32 - found
===>   firefox-100.0_4,2 depends on package: nss>=3.76 - found
===>   firefox-100.0_4,2 depends on package: icu>=70.1 - found
===>   firefox-100.0_4,2 depends on package: libevent>=2.1.8 - found
===>   firefox-100.0_4,2 depends on package: harfbuzz>=4.1.0 - found
===>   firefox-100.0_4,2 depends on package: graphite2>=1.3.14 - found
===>   firefox-100.0_4,2 depends on package: png>=1.6.37 - found
===>   firefox-100.0_4,2 depends on package: dav1d>=1.0.0 - found
===>   firefox-100.0_4,2 depends on package: libvpx>=1.8.2 - found
===>   firefox-100.0_4,2 depends on package: py38-sqlite3>0 - found
===>   firefox-100.0_4,2 depends on package: v4l_compat>0 - found
===>   firefox-100.0_4,2 depends on executable: autoconf-2.13 - found
===>   firefox-100.0_4,2 depends on executable: nasm - found
===>   firefox-100.0_4,2 depends on executable: yasm - found
===>   firefox-100.0_4,2 depends on executable: zip - found
===>   firefox-100.0_4,2 depends on file:
/usr/local/share/wasi-sysroot/lib/wasm32-wasi/libc++abi.a - found
===>   firefox-100.0_4,2 depends on file:
/usr/local/share/wasi-sysroot/lib/wasm32-wasi/libc.a - found
===>   firefox-100.0_4,2 depends on file:
/usr/local/llvm13/lib/clang/13.0.1/lib/wasi/libclang_rt.builtins-wasm32.a -
found
===>   firefox-100.0_4,2 depends on package: llvm13>0 - found
===>   firefox-100.0_4,2 depends on package: rust-cbindgen>=0.19.0 - found
===>   firefox-100.0_4,2 depends on package: rust>=1.60.0 - found
===>   firefox-100.0_4,2 depends on executable: node - not found
pkg-static: Bad argument on pkg_set 562391753
===>  node-17.0.1_1 has known vulnerabilities:
node-17.0.1_1 is vulnerable:
  Node.js -- January 2022 Security Releases
  CVE: CVE-2022-21824
  CVE: CVE-2021-44533
  CVE: CVE-2021-44532
  CVE: CVE-2021-44531
  WWW:
https://vuxml.FreeBSD.org/freebsd/972ba0e8-8b8a-11ec-b369-6c3be5272acd.html

1 problem(s) in 1 installed package(s) found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update
available.
=> If you wish to ignore this vulnerability rebuild with 'make
DISABLE_VULNERABILITIES=yes'
*** Error code 1

Stop.
make[3]: stopped in /usr/ports/www/node
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/www/node
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/www/firefox
*** Error code 1



Please advise how to proceed, FF will not build because of node-17.0.1_1 is
vulnerable:

-- 
You are receiving this mail because:
You are the assignee for the bug.