Re: [Pkg-javascript-devel] Bug#698334: drupal7: SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities
Hi, I'm curious: jQuery versions 1.6.3 and higher provide protection against common forms of this problem; thus, the vulnerability is mitigated if your site has upgraded to a recent version of jQuery does that mean the drupal-7 package *could* now use the libjs-jquery package instead of an embedded copy? The libjs-jquery/1.7.2 package seems it was already immune to this issue. (Proof of concept at http://ma.la/jquery_xss/ - save it locally and you can swap out the jquery.js to test other versions). Regards, -- Steven Chamberlain ste...@pyro.eu.org ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#671550: Bug#671550: nodejs: building on kfreebsd-*
On 16/06/12 19:05, Jérémy Lal wrote: http://pyro.eu.org/f/StBvXuZ7Sn6urlCwb13jSg.txt Notice the -Isrc/ares/config_freebsd Ah, that was in the GNU/kFreeBSD build target (which I had based on the FreeBSD one). Attached replacement for 3010_kfreebsd-2.diff will remove that. I assume it makes no difference during build because src/ares/ doesn't seem to exist in the source tree (stripped out I guess). Regards, -- Steven Chamberlain ste...@pyro.eu.org Index: nodejs/tools/wafadmin/Tools/ccroot.py === --- nodejs.orig/tools/wafadmin/Tools/ccroot.py 2012-06-16 19:20:46.0 +0100 +++ nodejs/tools/wafadmin/Tools/ccroot.py 2012-06-16 19:21:04.147846291 +0100 @@ -66,6 +66,7 @@ '__linux__' : 'linux', '__GNU__' : 'hurd', '__FreeBSD__' : 'freebsd', + '__FreeBSD_kernel__' : 'freebsd', '__NetBSD__' : 'netbsd', '__OpenBSD__' : 'openbsd', '__sun' : 'sunos', Index: nodejs/deps/uv/config-unix.mk === --- nodejs.orig/deps/uv/config-unix.mk 2012-06-16 19:20:46.0 +0100 +++ nodejs/deps/uv/config-unix.mk 2012-06-16 19:21:43.618811800 +0100 @@ -72,6 +72,14 @@ OBJS += src/unix/kqueue.o endif +ifeq (GNU/kFreeBSD,$(uname_S)) +EV_CONFIG=config_freebsd.h +EIO_CONFIG=config_freebsd.h +LINKFLAGS+= +OBJS += src/unix/freebsd.o +OBJS += src/unix/kqueue.o +endif + ifeq (DragonFly,$(uname_S)) EV_CONFIG=config_freebsd.h EIO_CONFIG=config_freebsd.h ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#671550: nodejs: building on kfreebsd-*
retitle 671550 nodejs: building on kfreebsd-* thanks Hi, I fixed up these patches (please find attached), refreshed them against nodejs 0.6.19~dfsg1-3 from git and took care of an issue in this new upstream release (install path for man pages on GNU/kFreeBSD). I ran a test build of this against libv8 3.10.8.16-1, also from git; it was successful except for a few test failures (9 of 351). Thanks, Regards, -- Steven Chamberlain ste...@pyro.eu.org --- nodejs-0.6.16~dfsg1.orig/deps/uv/src/unix/eio/eio.c +++ nodejs-0.6.16~dfsg1/deps/uv/src/unix/eio/eio.c @@ -316,7 +316,7 @@ static int gettimeofday(struct timeval * #if HAVE_SENDFILE # if __linux # include sys/sendfile.h -# elif __FreeBSD__ || __DragonFly__ || defined __APPLE__ +# elif __FreeBSD__ || __FreeBSD_kernel__ || __DragonFly__ || defined __APPLE__ # include sys/socket.h # include sys/uio.h # elif __hpux --- nodejs-0.6.16~dfsg1.orig/src/platform_freebsd.cc +++ nodejs-0.6.16~dfsg1/src/platform_freebsd.cc @@ -34,7 +34,11 @@ #include string.h #include paths.h #include fcntl.h +#if defined(__GLIBC__) +#include bsd/unistd.h +#else #include unistd.h +#endif #include time.h Index: nodejs/wscript === --- nodejs.orig/wscript 2012-06-15 20:38:57.0 +0100 +++ nodejs/wscript 2012-06-15 21:19:54.816333003 +0100 @@ -339,7 +339,7 @@ if Options.options.efence: conf.check(lib='efence', libpath=['/usr/lib', '/usr/local/lib'], uselib_store='EFENCE') - if 'bsd' in sys.platform: + if 'bsd' in sys.platform and not 'gnu' in sys.platform: if not conf.check(lib=execinfo, includes=['/usr/include', '/usr/local/include'], libpath=['/usr/lib', '/usr/local/lib'], @@ -1034,7 +1034,7 @@ # Only install the man page if it exists. # Do 'make doc install' to build and install it. if os.path.exists('doc/node.1'): -prefix = 'bsd' in sys.platform and '${PREFIX}' or '${PREFIX}/share' +prefix = 'bsd' in sys.platform and not 'gnu' in sys.platform and '${PREFIX}' or '${PREFIX}/share' bld.install_files(prefix + '/man/man1/', 'doc/node.1') bld.install_files('${PREFIX}/bin/', 'tools/node-waf', chmod=0755) --- nodejs-0.6.16~dfsg1.orig/tools/wafadmin/Tools/ccroot.py 2012-04-30 18:42:50.0 +0100 +++ nodejs-0.6.16~dfsg1/tools/wafadmin/Tools/ccroot.py 2012-05-04 23:50:08.767391792 +0100 @@ -66,6 +66,7 @@ '__linux__' : 'linux', '__GNU__' : 'hurd', '__FreeBSD__' : 'freebsd', + '__FreeBSD_kernel__' : 'freebsd', '__NetBSD__' : 'netbsd', '__OpenBSD__' : 'openbsd', '__sun' : 'sunos', --- nodejs-0.6.16~dfsg1.orig/deps/uv/config-unix.mk 2012-05-04 23:45:19.0 +0100 +++ nodejs-0.6.16~dfsg1/deps/uv/config-unix.mk 2012-05-04 23:50:10.817219567 +0100 @@ -72,6 +72,15 @@ OBJS += src/unix/kqueue.o endif +ifeq (GNU/kFreeBSD,$(uname_S)) +EV_CONFIG=config_freebsd.h +EIO_CONFIG=config_freebsd.h +CPPFLAGS += -Isrc/ares/config_freebsd +LINKFLAGS+= +OBJS += src/unix/freebsd.o +OBJS += src/unix/kqueue.o +endif + ifeq (DragonFly,$(uname_S)) EV_CONFIG=config_freebsd.h EIO_CONFIG=config_freebsd.h ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#670836: libv8: please enable for kfreebsd-*
Hi, Thanks for committing the kFreeBSD patches. I hope this isn't too late, but I just tested building 3.10.8.16-1 from git on kfreebsd-i386, and it failed due to a -Wunused-but-set-variable that I didn't notice before in some FreeBSD-specific code. Attached is another patch to fix this and allows a successful build. Thanks again! Regards, -- Steven Chamberlain ste...@pyro.eu.org From: Steven Chamberlain ste...@pyro.eu.org Subject: Fix a -Wunused-but-set-variable in some FreeBSD-specific code Bug-Debian: http://bugs.debian.org/670836 --- libv8-3.10.8.16.orig/src/platform-freebsd.cc 2012-04-17 12:57:53.0 +0100 +++ libv8-3.10.8.16/src/platform-freebsd.cc 2012-06-15 01:08:30.267121829 +0100 @@ -548,12 +548,9 @@ public: FreeBSDMutex() { pthread_mutexattr_t attrs; -int result = pthread_mutexattr_init(attrs); -ASSERT(result == 0); -result = pthread_mutexattr_settype(attrs, PTHREAD_MUTEX_RECURSIVE); -ASSERT(result == 0); -result = pthread_mutex_init(mutex_, attrs); -ASSERT(result == 0); +CHECK_EQ(0, pthread_mutexattr_init(attrs)); +CHECK_EQ(0, pthread_mutexattr_settype(attrs, PTHREAD_MUTEX_RECURSIVE)); +CHECK_EQ(0, pthread_mutex_init(mutex_, attrs)); } virtual ~FreeBSDMutex() { pthread_mutex_destroy(mutex_); } ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#670836: libv8: please enable for kfreebsd-*
tags 670836 = patch thanks On 15/06/12 01:41, Steven Chamberlain wrote: [...] failed due to a -Wunused-but-set-variable that I didn't notice before in some FreeBSD-specific code. Ah, now I see why; that compiler option just got re-enabled. I notice that a fix for this was added to src/platform-linux.cc by upstream, so here is an updated, simpler patch to imitate that for src/platform-freebsd.cc. Thanks, Regards, -- Steven Chamberlain ste...@pyro.eu.org From: Steven Chamberlain ste...@pyro.eu.org Subject: Fix a -Wunused-but-set-variable in some FreeBSD-specific code Bug-Debian: http://bugs.debian.org/670836 Index: libv8-3.10.8.16/src/platform-freebsd.cc === --- libv8-3.10.8.16.orig/src/platform-freebsd.cc 2012-06-15 02:10:25.0 +0100 +++ libv8-3.10.8.16/src/platform-freebsd.cc 2012-06-15 02:13:24.318133457 +0100 @@ -554,6 +554,7 @@ ASSERT(result == 0); result = pthread_mutex_init(mutex_, attrs); ASSERT(result == 0); +USE(result); } virtual ~FreeBSDMutex() { pthread_mutex_destroy(mutex_); } ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#671550: nodejs: building on kfreebsd-* (WIP)
Package: src:nodejs Version: 0.6.16~dfsg1-2 Severity: wishlist User: debian-...@lists.debian.org Usertags: kfreebsd X-Debbugs-Cc: debian-...@lists.debian.org Hi, Attached are *unfinished* patches for building nodejs on kfreebsd-* 3000_kfreebsd-1.diff is bad, as it patches something meant for FreeBSD 3010_kfreebsd-2.diff just adds GNU/kFreeBSD as a freebsd-like target 3020_kfreebsd-3.diff patches code so that it can build on GNU/kFreeBSD They are published here so that they can be finished someday or someone can use them to use nodejs in the meantime. There are some test failures to note: * test-fs-watch -- ENOSYS = not supported? * test-fs-utimes -- not supported? (was building on ZFS) * test-http-upgrade-server -- looks like some sort of chunking issue, works if I change the HTTP request to HTTP/1.0 * test-setproctitle -- currently a no-op in GNU/kFreeBSD's eglibc Regards, -- Steven Chamberlain ste...@pyro.eu.org --- nodejs-0.6.16~dfsg1.orig/deps/uv/src/unix/eio/eio.c +++ nodejs-0.6.16~dfsg1/deps/uv/src/unix/eio/eio.c @@ -316,7 +316,7 @@ static int gettimeofday(struct timeval * #if HAVE_SENDFILE # if __linux # include sys/sendfile.h -# elif __FreeBSD__ || __DragonFly__ || defined __APPLE__ +# elif __FreeBSD__ || __FreeBSD_kernel__ || __DragonFly__ || defined __APPLE__ # include sys/socket.h # include sys/uio.h # elif __hpux --- nodejs-0.6.16~dfsg1.orig/src/platform_freebsd.cc +++ nodejs-0.6.16~dfsg1/src/platform_freebsd.cc @@ -34,7 +34,11 @@ #include string.h #include paths.h #include fcntl.h +#if defined(__GLIBC__) +#include bsd/unistd.h +#else #include unistd.h +#endif #include time.h --- nodejs-0.6.16~dfsg1.orig/tools/wafadmin/Tools/ccroot.py 2012-04-30 18:42:50.0 +0100 +++ nodejs-0.6.16~dfsg1/tools/wafadmin/Tools/ccroot.py 2012-05-04 23:50:08.767391792 +0100 @@ -66,6 +66,7 @@ '__linux__' : 'linux', '__GNU__' : 'hurd', '__FreeBSD__' : 'freebsd', + '__FreeBSD_kernel__' : 'freebsd', '__NetBSD__' : 'netbsd', '__OpenBSD__' : 'openbsd', '__sun' : 'sunos', --- nodejs-0.6.16~dfsg1.orig/deps/uv/config-unix.mk 2012-05-04 23:45:19.0 +0100 +++ nodejs-0.6.16~dfsg1/deps/uv/config-unix.mk 2012-05-04 23:50:10.817219567 +0100 @@ -72,6 +72,15 @@ OBJS += src/unix/kqueue.o endif +ifeq (GNU/kFreeBSD,$(uname_S)) +EV_CONFIG=config_freebsd.h +EIO_CONFIG=config_freebsd.h +CPPFLAGS += -Isrc/ares/config_freebsd +LINKFLAGS+= +OBJS += src/unix/freebsd.o +OBJS += src/unix/kqueue.o +endif + ifeq (DragonFly,$(uname_S)) EV_CONFIG=config_freebsd.h EIO_CONFIG=config_freebsd.h --- nodejs-0.6.16~dfsg1.orig/wscript 2012-05-04 23:45:19.0 +0100 +++ nodejs-0.6.16~dfsg1/wscript 2012-05-04 23:50:05.187249113 +0100 @@ -327,12 +327,12 @@ if Options.options.efence: conf.check(lib='efence', libpath=['/usr/lib', '/usr/local/lib'], uselib_store='EFENCE') - if 'bsd' in sys.platform: - if not conf.check(lib=execinfo, - includes=['/usr/include', '/usr/local/include'], - libpath=['/usr/lib', '/usr/local/lib'], - uselib_store=EXECINFO): - conf.fatal(Install the libexecinfo port from /usr/ports/devel/libexecinfo.) +# if 'bsd' in sys.platform: +# if not conf.check(lib=execinfo, +# includes=['/usr/include', '/usr/local/include'], +# libpath=['/usr/lib', '/usr/local/lib'], +# uselib_store=EXECINFO): +# conf.fatal(Install the libexecinfo port from /usr/ports/devel/libexecinfo.) if not Options.options.without_ssl: # Don't override explicitly supplied openssl paths with pkg-config results. ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#670836: libv8: please enable for kfreebsd-*
Package: src:libv8 Version: 3.8.9.20-1 Severity: wishlist Tags: patch User: debian-...@lists.debian.org Usertags: kfreebsd X-Debbugs-Cc: debian-...@lists.debian.org Hi, I found that it is quite easy to build libv8 on GNU/kFreeBSD, with only minor changes to its packaging for Debian: 1. Enable kfreebsd-* builds of the package 2. Set v8arch/v8os suitably on GNU/kFreeBSD 3. Actually pass v8os into GYP 4. Create a kfreebsd target (a clone of the existing freebsd target, with -lpthread added and -lexecinfo removed) Then it builds fine and the test suite shows 100% passes for me on kfreebsd-i386. Please consider including these patches (to follow)! Thanks, Regards, -- Steven Chamberlain ste...@pyro.eu.org ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel