Re: [Pkg-javascript-devel] Bug#698334: drupal7: SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities
Hi, I'm curious: jQuery versions 1.6.3 and higher provide protection against common forms of this problem; thus, the vulnerability is mitigated if your site has upgraded to a recent version of jQuery does that mean the drupal-7 package *could* now use the libjs-jquery package instead of an embedded copy? The libjs-jquery/1.7.2 package seems it was already immune to this issue. (Proof of concept at http://ma.la/jquery_xss/ - save it locally and you can swap out the jquery.js to test other versions). Regards, -- Steven Chamberlain ste...@pyro.eu.org ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#671550: Bug#671550: nodejs: building on kfreebsd-*
On 16/06/12 19:05, Jérémy Lal wrote: http://pyro.eu.org/f/StBvXuZ7Sn6urlCwb13jSg.txt Notice the -Isrc/ares/config_freebsd Ah, that was in the GNU/kFreeBSD build target (which I had based on the FreeBSD one). Attached replacement for 3010_kfreebsd-2.diff will remove that. I assume it makes no difference during build because src/ares/ doesn't seem to exist in the source tree (stripped out I guess). Regards, -- Steven Chamberlain ste...@pyro.eu.org Index: nodejs/tools/wafadmin/Tools/ccroot.py === --- nodejs.orig/tools/wafadmin/Tools/ccroot.py 2012-06-16 19:20:46.0 +0100 +++ nodejs/tools/wafadmin/Tools/ccroot.py 2012-06-16 19:21:04.147846291 +0100 @@ -66,6 +66,7 @@ '__linux__' : 'linux', '__GNU__' : 'hurd', '__FreeBSD__' : 'freebsd', + '__FreeBSD_kernel__' : 'freebsd', '__NetBSD__' : 'netbsd', '__OpenBSD__' : 'openbsd', '__sun' : 'sunos', Index: nodejs/deps/uv/config-unix.mk === --- nodejs.orig/deps/uv/config-unix.mk 2012-06-16 19:20:46.0 +0100 +++ nodejs/deps/uv/config-unix.mk 2012-06-16 19:21:43.618811800 +0100 @@ -72,6 +72,14 @@ OBJS += src/unix/kqueue.o endif +ifeq (GNU/kFreeBSD,$(uname_S)) +EV_CONFIG=config_freebsd.h +EIO_CONFIG=config_freebsd.h +LINKFLAGS+= +OBJS += src/unix/freebsd.o +OBJS += src/unix/kqueue.o +endif + ifeq (DragonFly,$(uname_S)) EV_CONFIG=config_freebsd.h EIO_CONFIG=config_freebsd.h ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#671550: nodejs: building on kfreebsd-*
retitle 671550 nodejs: building on kfreebsd-*
thanks
Hi,
I fixed up these patches (please find attached), refreshed them against
nodejs 0.6.19~dfsg1-3 from git and took care of an issue in this new
upstream release (install path for man pages on GNU/kFreeBSD). I ran a
test build of this against libv8 3.10.8.16-1, also from git; it was
successful except for a few test failures (9 of 351).
Thanks,
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
--- nodejs-0.6.16~dfsg1.orig/deps/uv/src/unix/eio/eio.c
+++ nodejs-0.6.16~dfsg1/deps/uv/src/unix/eio/eio.c
@@ -316,7 +316,7 @@ static int gettimeofday(struct timeval *
#if HAVE_SENDFILE
# if __linux
# include sys/sendfile.h
-# elif __FreeBSD__ || __DragonFly__ || defined __APPLE__
+# elif __FreeBSD__ || __FreeBSD_kernel__ || __DragonFly__ || defined __APPLE__
# include sys/socket.h
# include sys/uio.h
# elif __hpux
--- nodejs-0.6.16~dfsg1.orig/src/platform_freebsd.cc
+++ nodejs-0.6.16~dfsg1/src/platform_freebsd.cc
@@ -34,7 +34,11 @@
#include string.h
#include paths.h
#include fcntl.h
+#if defined(__GLIBC__)
+#include bsd/unistd.h
+#else
#include unistd.h
+#endif
#include time.h
Index: nodejs/wscript
===
--- nodejs.orig/wscript 2012-06-15 20:38:57.0 +0100
+++ nodejs/wscript 2012-06-15 21:19:54.816333003 +0100
@@ -339,7 +339,7 @@
if Options.options.efence:
conf.check(lib='efence', libpath=['/usr/lib', '/usr/local/lib'], uselib_store='EFENCE')
- if 'bsd' in sys.platform:
+ if 'bsd' in sys.platform and not 'gnu' in sys.platform:
if not conf.check(lib=execinfo,
includes=['/usr/include', '/usr/local/include'],
libpath=['/usr/lib', '/usr/local/lib'],
@@ -1034,7 +1034,7 @@
# Only install the man page if it exists.
# Do 'make doc install' to build and install it.
if os.path.exists('doc/node.1'):
-prefix = 'bsd' in sys.platform and '${PREFIX}' or '${PREFIX}/share'
+prefix = 'bsd' in sys.platform and not 'gnu' in sys.platform and '${PREFIX}' or '${PREFIX}/share'
bld.install_files(prefix + '/man/man1/', 'doc/node.1')
bld.install_files('${PREFIX}/bin/', 'tools/node-waf', chmod=0755)
--- nodejs-0.6.16~dfsg1.orig/tools/wafadmin/Tools/ccroot.py 2012-04-30 18:42:50.0 +0100
+++ nodejs-0.6.16~dfsg1/tools/wafadmin/Tools/ccroot.py 2012-05-04 23:50:08.767391792 +0100
@@ -66,6 +66,7 @@
'__linux__' : 'linux',
'__GNU__' : 'hurd',
'__FreeBSD__' : 'freebsd',
+ '__FreeBSD_kernel__' : 'freebsd',
'__NetBSD__' : 'netbsd',
'__OpenBSD__' : 'openbsd',
'__sun' : 'sunos',
--- nodejs-0.6.16~dfsg1.orig/deps/uv/config-unix.mk 2012-05-04 23:45:19.0 +0100
+++ nodejs-0.6.16~dfsg1/deps/uv/config-unix.mk 2012-05-04 23:50:10.817219567 +0100
@@ -72,6 +72,15 @@
OBJS += src/unix/kqueue.o
endif
+ifeq (GNU/kFreeBSD,$(uname_S))
+EV_CONFIG=config_freebsd.h
+EIO_CONFIG=config_freebsd.h
+CPPFLAGS += -Isrc/ares/config_freebsd
+LINKFLAGS+=
+OBJS += src/unix/freebsd.o
+OBJS += src/unix/kqueue.o
+endif
+
ifeq (DragonFly,$(uname_S))
EV_CONFIG=config_freebsd.h
EIO_CONFIG=config_freebsd.h
___
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#670836: libv8: please enable for kfreebsd-*
Hi,
Thanks for committing the kFreeBSD patches.
I hope this isn't too late, but I just tested building 3.10.8.16-1 from
git on kfreebsd-i386, and it failed due to a -Wunused-but-set-variable
that I didn't notice before in some FreeBSD-specific code.
Attached is another patch to fix this and allows a successful build.
Thanks again!
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
From: Steven Chamberlain ste...@pyro.eu.org
Subject: Fix a -Wunused-but-set-variable in some FreeBSD-specific code
Bug-Debian: http://bugs.debian.org/670836
--- libv8-3.10.8.16.orig/src/platform-freebsd.cc 2012-04-17 12:57:53.0 +0100
+++ libv8-3.10.8.16/src/platform-freebsd.cc 2012-06-15 01:08:30.267121829 +0100
@@ -548,12 +548,9 @@
public:
FreeBSDMutex() {
pthread_mutexattr_t attrs;
-int result = pthread_mutexattr_init(attrs);
-ASSERT(result == 0);
-result = pthread_mutexattr_settype(attrs, PTHREAD_MUTEX_RECURSIVE);
-ASSERT(result == 0);
-result = pthread_mutex_init(mutex_, attrs);
-ASSERT(result == 0);
+CHECK_EQ(0, pthread_mutexattr_init(attrs));
+CHECK_EQ(0, pthread_mutexattr_settype(attrs, PTHREAD_MUTEX_RECURSIVE));
+CHECK_EQ(0, pthread_mutex_init(mutex_, attrs));
}
virtual ~FreeBSDMutex() { pthread_mutex_destroy(mutex_); }
___
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#670836: libv8: please enable for kfreebsd-*
tags 670836 = patch
thanks
On 15/06/12 01:41, Steven Chamberlain wrote:
[...] failed due to a -Wunused-but-set-variable
that I didn't notice before in some FreeBSD-specific code.
Ah, now I see why; that compiler option just got re-enabled.
I notice that a fix for this was added to src/platform-linux.cc by
upstream, so here is an updated, simpler patch to imitate that for
src/platform-freebsd.cc.
Thanks,
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
From: Steven Chamberlain ste...@pyro.eu.org
Subject: Fix a -Wunused-but-set-variable in some FreeBSD-specific code
Bug-Debian: http://bugs.debian.org/670836
Index: libv8-3.10.8.16/src/platform-freebsd.cc
===
--- libv8-3.10.8.16.orig/src/platform-freebsd.cc 2012-06-15 02:10:25.0 +0100
+++ libv8-3.10.8.16/src/platform-freebsd.cc 2012-06-15 02:13:24.318133457 +0100
@@ -554,6 +554,7 @@
ASSERT(result == 0);
result = pthread_mutex_init(mutex_, attrs);
ASSERT(result == 0);
+USE(result);
}
virtual ~FreeBSDMutex() { pthread_mutex_destroy(mutex_); }
___
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#671550: nodejs: building on kfreebsd-* (WIP)
Package: src:nodejs Version: 0.6.16~dfsg1-2 Severity: wishlist User: debian-...@lists.debian.org Usertags: kfreebsd X-Debbugs-Cc: debian-...@lists.debian.org Hi, Attached are *unfinished* patches for building nodejs on kfreebsd-* 3000_kfreebsd-1.diff is bad, as it patches something meant for FreeBSD 3010_kfreebsd-2.diff just adds GNU/kFreeBSD as a freebsd-like target 3020_kfreebsd-3.diff patches code so that it can build on GNU/kFreeBSD They are published here so that they can be finished someday or someone can use them to use nodejs in the meantime. There are some test failures to note: * test-fs-watch -- ENOSYS = not supported? * test-fs-utimes -- not supported? (was building on ZFS) * test-http-upgrade-server -- looks like some sort of chunking issue, works if I change the HTTP request to HTTP/1.0 * test-setproctitle -- currently a no-op in GNU/kFreeBSD's eglibc Regards, -- Steven Chamberlain ste...@pyro.eu.org --- nodejs-0.6.16~dfsg1.orig/deps/uv/src/unix/eio/eio.c +++ nodejs-0.6.16~dfsg1/deps/uv/src/unix/eio/eio.c @@ -316,7 +316,7 @@ static int gettimeofday(struct timeval * #if HAVE_SENDFILE # if __linux # include sys/sendfile.h -# elif __FreeBSD__ || __DragonFly__ || defined __APPLE__ +# elif __FreeBSD__ || __FreeBSD_kernel__ || __DragonFly__ || defined __APPLE__ # include sys/socket.h # include sys/uio.h # elif __hpux --- nodejs-0.6.16~dfsg1.orig/src/platform_freebsd.cc +++ nodejs-0.6.16~dfsg1/src/platform_freebsd.cc @@ -34,7 +34,11 @@ #include string.h #include paths.h #include fcntl.h +#if defined(__GLIBC__) +#include bsd/unistd.h +#else #include unistd.h +#endif #include time.h --- nodejs-0.6.16~dfsg1.orig/tools/wafadmin/Tools/ccroot.py 2012-04-30 18:42:50.0 +0100 +++ nodejs-0.6.16~dfsg1/tools/wafadmin/Tools/ccroot.py 2012-05-04 23:50:08.767391792 +0100 @@ -66,6 +66,7 @@ '__linux__' : 'linux', '__GNU__' : 'hurd', '__FreeBSD__' : 'freebsd', + '__FreeBSD_kernel__' : 'freebsd', '__NetBSD__' : 'netbsd', '__OpenBSD__' : 'openbsd', '__sun' : 'sunos', --- nodejs-0.6.16~dfsg1.orig/deps/uv/config-unix.mk 2012-05-04 23:45:19.0 +0100 +++ nodejs-0.6.16~dfsg1/deps/uv/config-unix.mk 2012-05-04 23:50:10.817219567 +0100 @@ -72,6 +72,15 @@ OBJS += src/unix/kqueue.o endif +ifeq (GNU/kFreeBSD,$(uname_S)) +EV_CONFIG=config_freebsd.h +EIO_CONFIG=config_freebsd.h +CPPFLAGS += -Isrc/ares/config_freebsd +LINKFLAGS+= +OBJS += src/unix/freebsd.o +OBJS += src/unix/kqueue.o +endif + ifeq (DragonFly,$(uname_S)) EV_CONFIG=config_freebsd.h EIO_CONFIG=config_freebsd.h --- nodejs-0.6.16~dfsg1.orig/wscript 2012-05-04 23:45:19.0 +0100 +++ nodejs-0.6.16~dfsg1/wscript 2012-05-04 23:50:05.187249113 +0100 @@ -327,12 +327,12 @@ if Options.options.efence: conf.check(lib='efence', libpath=['/usr/lib', '/usr/local/lib'], uselib_store='EFENCE') - if 'bsd' in sys.platform: - if not conf.check(lib=execinfo, - includes=['/usr/include', '/usr/local/include'], - libpath=['/usr/lib', '/usr/local/lib'], - uselib_store=EXECINFO): - conf.fatal(Install the libexecinfo port from /usr/ports/devel/libexecinfo.) +# if 'bsd' in sys.platform: +# if not conf.check(lib=execinfo, +# includes=['/usr/include', '/usr/local/include'], +# libpath=['/usr/lib', '/usr/local/lib'], +# uselib_store=EXECINFO): +# conf.fatal(Install the libexecinfo port from /usr/ports/devel/libexecinfo.) if not Options.options.without_ssl: # Don't override explicitly supplied openssl paths with pkg-config results. ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#670836: libv8: please enable for kfreebsd-*
Package: src:libv8 Version: 3.8.9.20-1 Severity: wishlist Tags: patch User: debian-...@lists.debian.org Usertags: kfreebsd X-Debbugs-Cc: debian-...@lists.debian.org Hi, I found that it is quite easy to build libv8 on GNU/kFreeBSD, with only minor changes to its packaging for Debian: 1. Enable kfreebsd-* builds of the package 2. Set v8arch/v8os suitably on GNU/kFreeBSD 3. Actually pass v8os into GYP 4. Create a kfreebsd target (a clone of the existing freebsd target, with -lpthread added and -lexecinfo removed) Then it builds fine and the test suite shows 100% passes for me on kfreebsd-i386. Please consider including these patches (to follow)! Thanks, Regards, -- Steven Chamberlain ste...@pyro.eu.org ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
