Hello, We added upstream patch provided from [1] during Debian BSP in Paris.
Package build went well, even if we face an error during tests. This error is referenced and has been commented in bug #766484 and is related to libssl-dev version. Please find patch attached. Regards, Jean Baptiste [1] http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/
diff -Nru nodejs-0.10.29~dfsg/debian/changelog nodejs-0.10.29~dfsg/debian/changelog --- nodejs-0.10.29~dfsg/debian/changelog 2014-06-13 23:58:23.000000000 +0200 +++ nodejs-0.10.29~dfsg/debian/changelog 2014-11-15 13:00:42.000000000 +0100 @@ -1,3 +1,10 @@ +nodejs (0.10.29~dfsg-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Add patch for CVE-2014-5256 (Closes: #760385) + + -- Jean Baptiste Favre <[email protected]> Sat, 15 Nov 2014 13:00:13 +0100 + nodejs (0.10.29~dfsg-1) unstable; urgency=medium * Upstream update. diff -Nru nodejs-0.10.29~dfsg/debian/patches/fix_CVE-2014-5256.patch nodejs-0.10.29~dfsg/debian/patches/fix_CVE-2014-5256.patch --- nodejs-0.10.29~dfsg/debian/patches/fix_CVE-2014-5256.patch 1970-01-01 01:00:00.000000000 +0100 +++ nodejs-0.10.29~dfsg/debian/patches/fix_CVE-2014-5256.patch 2014-11-15 13:10:33.000000000 +0100 @@ -0,0 +1,27 @@ +Description: Fix for CVE-2014-5256 +Bug-Node: https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356 +Author: Fedor Indutny <[email protected]> +Acked-by: Jean Baptiste Favre <[email protected]> +Last-Update: 2014-11-15 +Applied-Upstream: https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356 +Index: nodejs-0.10.29~dfsg/deps/v8/src/isolate.h +=================================================================== +--- nodejs-0.10.29~dfsg.orig/deps/v8/src/isolate.h 2014-11-15 10:45:49.962023622 +0100 ++++ nodejs-0.10.29~dfsg/deps/v8/src/isolate.h 2014-11-15 10:45:49.962023622 +0100 +@@ -1392,14 +1392,9 @@ + public: + explicit StackLimitCheck(Isolate* isolate) : isolate_(isolate) { } + +- bool HasOverflowed() const { ++ inline bool HasOverflowed() const { + StackGuard* stack_guard = isolate_->stack_guard(); +- // Stack has overflowed in C++ code only if stack pointer exceeds the C++ +- // stack guard and the limits are not set to interrupt values. +- // TODO(214): Stack overflows are ignored if a interrupt is pending. This +- // code should probably always use the initial C++ limit. +- return (reinterpret_cast<uintptr_t>(this) < stack_guard->climit()) && +- stack_guard->IsStackOverflow(); ++ return reinterpret_cast<uintptr_t>(this) < stack_guard->real_climit(); + } + private: + Isolate* isolate_; diff -Nru nodejs-0.10.29~dfsg/debian/patches/series nodejs-0.10.29~dfsg/debian/patches/series --- nodejs-0.10.29~dfsg/debian/patches/series 2014-06-13 23:36:52.000000000 +0200 +++ nodejs-0.10.29~dfsg/debian/patches/series 2014-11-15 13:00:11.000000000 +0100 @@ -13,3 +13,4 @@ 2014_donotinclude_root_certs.patch 1006_relax_timeouts_in_tests.patch 1007_revert_invalid_utf8_fix.patch +fix_CVE-2014-5256.patch
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-javascript-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
