On Mon, Apr 26, 2010 at 01:34:21PM +0200, Cyril Brulebois wrote: > Source: jscoverage > Version: 0.4-1 > Severity: serious > Tags: security > Justification: ECC > > Hi (again), > > it was just noticed that the FTBFS on s390 I reported sounded like an > FTBFS previously dealt with in libmozjs, meaning you're embedding it > instead of just using libmozjs-dev and dropping your embedded code copy. > Given the security records on xulrunner thingies, I'm opening this at > serious severity with security tag… >
Hi,
I patched their build system and their source to use latest version of
libmozjs:
diff -u jscoverage-0.5//highlight.cpp 1/jscoverage-0.5//highlight.cpp
--- jscoverage-0.5//highlight.cpp 2010-04-29 14:07:57.120047173 +0000
+++ 1/jscoverage-0.5//highlight.cpp 2010-04-24 12:00:00.000000000 +0000
@@ -225,8 +225,8 @@
current_class = CLASS_NONE;
/* tokenize the JavaScript */
- JSTokenStream token_stream;
- if (! js_InitTokenStream(context, &token_stream, characters, num_characters,
NULL, NULL, 1)) {
+ JSTokenStream token_stream(context);
+ if (! token_stream.init(context, characters, num_characters, NULL, NULL, 1))
{
fatal("cannot create token stream from JavaScript file %s", id);
}
@@ -480,5 +480,5 @@
output_character('\n', CLASS_NONE);
}
- js_CloseTokenStream(context, &token_stream);
+ token_stream.close(context);
}
Only in jscoverage-0.5/: .#instrument-js.cpp
Only in jscoverage-0.5/: #instrument-js.cpp#
diff -u jscoverage-0.5//instrument-js.cpp 1/jscoverage-0.5//instrument-js.cpp
--- jscoverage-0.5//instrument-js.cpp 2010-04-29 14:14:07.890078976 +0000
+++ 1/jscoverage-0.5//instrument-js.cpp 2010-04-24 12:00:00.000000000 +0000
@@ -35,7 +35,7 @@
#include <jsarena.h>
#include <jsatom.h>
#include <jsemit.h>
-// #include <jsexn.h>
+#include <jsexn.h>
#include <jsfun.h>
#include <jsinterp.h>
#include <jsiter.h>
@@ -143,7 +143,7 @@
static void print_string(JSString * s, Stream * f) {
size_t length;
const jschar * characters;
- JSSTRING_CHARS_AND_LENGTH(s, characters, length);
+ s->getCharsAndLength(characters, length);
for (size_t i = 0; i < length; i++) {
jschar c = characters[i];
if (32 <= c && c <= 126) {
@@ -206,7 +206,7 @@
JSString * s = JSVAL_TO_STRING(value);
size_t length;
const jschar * characters;
- JSSTRING_CHARS_AND_LENGTH(s, characters, length);
+ s->getCharsAndLength(characters, length);
for (size_t i = 0; i < length; i++) {
jschar c = characters[i];
if (32 <= c && c <= 126) {
@@ -416,7 +416,7 @@
for (JSParseNode * p = comma->pn_head; p != NULL; p = p->pn_next) {
assert(p->pn_type == TOK_ASSIGN);
JSParseNode * rhs = p->pn_right;
- assert(JSSTRING_LENGTH(ATOM_TO_STRING(rhs->pn_atom)) == 0);
+ assert(ATOM_TO_STRING(rhs->pn_atom)->length() == 0);
if (UPVAR_FRAME_SLOT(rhs->pn_cookie) == i) {
expression = p->pn_left;
break;
@@ -777,7 +777,7 @@
size_t length;
const jschar * characters;
- JSSTRING_CHARS_AND_LENGTH(s, characters, length);
+ s->getCharsAndLength(characters, length);
if (length == 0) {
must_quote = true;
@@ -1433,7 +1433,7 @@
JSErrorReporter old_error_reporter = JS_SetErrorReporter(context,
error_reporter);
JSParseNode * node = compiler.parse(global);
if (node == NULL) {
- //js_ReportUncaughtException(context);
+ js_ReportUncaughtException(context);
fatal("parse error in file %s", file_id);
}
JS_SetErrorReporter(context, old_error_reporter);
diff -u jscoverage-0.5//Makefile.in 1/jscoverage-0.5//Makefile.in
--- jscoverage-0.5//Makefile.in 2010-04-29 14:17:11.410078501 +0000
+++ 1/jscoverage-0.5//Makefile.in 2010-04-24 12:00:00.000000000 +0000
@@ -292,8 +292,9 @@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
ACLOCAL_AMFLAGS = -I m4
-AM_CFLAGS = `pkg-config mozilla-js --cflags` @XP_DEF@
-AM_CXXFLAGS = `pkg-config mozilla-js --cflags` -funit-at-a-time @XP_DEF@
+SUBDIRS = js
+AM_CFLAGS = -Ijs -Ijs/obj @XP_DEF@
+AM_CXXFLAGS = -Ijs -Ijs/obj -funit-at-a-time @XP_DEF@
resources = jscoverage-help.txt jscoverage-server-help.txt \
jscoverage.jsm jscoverage.manifest jscoverage.xul
jscoverage-overlay.js \
jscoverage.html \
@@ -311,7 +312,7 @@
util.c util.h \
$(resources)
-jscoverage_LDADD = `pkg-config mozilla-js --libs` -lm @LIBICONV@
@EXTRA_TIMER_LIBS@
+jscoverage_LDADD = @SPIDERMONKEY_LIBS@ -lm @LIBICONV@ @EXTRA_TIMER_LIBS@
jscoverage_server_SOURCES = http-connection.c \
http-exchange.c \
http-host.c \
@@ -327,7 +328,7 @@
util.c util.h \
$(resources)
-jscoverage_server_LDADD = `pkg-config mozilla-js --libs` -lm
@EXTRA_SOCKET_LIBS@ @EXTRA_THREAD_LIBS@ @LIBICONV@ @EXTRA_TIMER_LIBS@
+jscoverage_server_LDADD = @SPIDERMONKEY_LIBS@ -lm @EXTRA_SOCKET_LIBS@
@EXTRA_THREAD_LIBS@ @LIBICONV@ @EXTRA_TIMER_LIBS@
generate_resources_SOURCES = generate-resources.c
BUILT_SOURCES = resources.c
dist_man_MANS = jscoverage.1 jscoverage-server.1
Unfortunatly it doesn't link since most of the symbols they are using
are not part of the PUBLIC_API.
g++ `pkg-config mozilla-js --cflags` -funit-at-a-time -DXP_UNIX -g -O2 -o
jscoverage encoding.o highlight.o instrument.o instrument-js.o jscoverage.o
resource-manager.o stream.o util.o `pkg-config mozilla-js --libs` -lm
highlight.o: In function `jscoverage_highlight_js':
/usr/src/jscoverage-0.5/highlight.cpp:229: undefined reference to
`js_InitTokenStream'
/usr/src/jscoverage-0.5/highlight.cpp:234: undefined reference to `js_GetToken'
/usr/src/jscoverage-0.5/highlight.cpp:334: undefined reference to `js_PeekToken'
/usr/src/jscoverage-0.5/highlight.cpp:483: undefined reference to
`js_CloseTokenStream'
instrument-js.o: In function `print_string':
/usr/src/jscoverage-0.5/instrument-js.cpp:146: undefined reference to
`js_GetDependentStringChars'
instrument-js.o: In function `output_expression':
/usr/src/jscoverage-0.5/instrument-js.cpp:785: undefined reference to
`js_CheckKeyword'
/usr/src/jscoverage-0.5/instrument-js.cpp:788: undefined reference to
`js_IsIdentifier'
/usr/src/jscoverage-0.5/instrument-js.cpp:888: undefined reference to
`js_regexp_toString'
/usr/src/jscoverage-0.5/instrument-js.cpp:780: undefined reference to
`js_GetDependentStringChars'
instrument-js.o: In function `print_regex':
/usr/src/jscoverage-0.5/instrument-js.cpp:209: undefined reference to
`js_GetDependentStringChars'
instrument-js.o: In function `instrument_function':
/usr/src/jscoverage-0.5/instrument-js.cpp:381: undefined reference to
`js_GetLocalNameArray'
instrument-js.o: In function `JSCompiler':
/usr/include/mozjs/jsparse.h:826: undefined reference to
`JSCompiler::setPrincipals(JSPrincipals*)'
instrument-js.o: In function `jscoverage_instrument_js':
/usr/src/jscoverage-0.5/instrument-js.cpp:1430: undefined reference to
`JSCompiler::init(unsigned short const*, unsigned int, _IO_FILE*, char const*,
unsigned int)'
/usr/src/jscoverage-0.5/instrument-js.cpp:1434: undefined reference to
`JSCompiler::parse(JSObject*)'
/usr/src/jscoverage-0.5/instrument-js.cpp:1610: undefined reference to
`JSCompiler::~JSCompiler()'
/usr/src/jscoverage-0.5/instrument-js.cpp:1610: undefined reference to
`JSCompiler::~JSCompiler()'
instrument-js.o: In function `jscoverage_parse_json':
/usr/src/jscoverage-0.5/instrument-js.cpp:1835: undefined reference to
`js_InflateString'
instrument-js.o: In function `JSCompiler':
/usr/include/mozjs/jsparse.h:826: undefined reference to
`JSCompiler::setPrincipals(JSPrincipals*)'
instrument-js.o: In function `jscoverage_parse_json':
/usr/src/jscoverage-0.5/instrument-js.cpp:1848: undefined reference to
`JSCompiler::init(unsigned short const*, unsigned int, _IO_FILE*, char const*,
unsigned int)'
/usr/src/jscoverage-0.5/instrument-js.cpp:1852: undefined reference to
`JSCompiler::parse(JSObject*)'
/usr/src/jscoverage-0.5/instrument-js.cpp:2041: undefined reference to
`JSCompiler::~JSCompiler()'
/usr/src/jscoverage-0.5/instrument-js.cpp:2041: undefined reference to
`JSCompiler::~JSCompiler()'
collect2: ld returned 1 exit status
make[2]: *** [jscoverage] Error 1
make[2]: Leaving directory `/usr/src/jscoverage-0.5'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/jscoverage-0.5'
make: *** [all] Error 2
How could I fix this issue ?
--
Johan Euphrosine (proppy) <[email protected]>
Development and services around Free Software
http://www.aminche.com/
signature.asc
Description: Digital signature
