Switch from SpiderMonkey 1.7 to Duktape

pacparser currently vendors SpiderMonkey 1.7, a JavaScript engine that
predates the Obama presidency. There's been a ton of changes to
JavaScript and best practices when it comes to security and
portability, so using this old version of SM doesn't make sense anymore.

People are [trivially able to write exploits][ancientmonkey] against
this old version, and seeing as PAC files could come from untrusted
networks, that doesn't seem like a wise decision.

To replace it, I've used duktape, a popular compact and embeddable JS
runtime. There are a lot, but duktape seems popular; for example, polkit
switched from (newer) SpiderMonkey to duktape. The only change I've
needed to make to JS code is that RegExps don't seem to be callable
under duktape; they aren't under V8 either though, so this might have
been a Mozilla-ism.

The massively smaller codebase of duktape is hopefully better security
and maintainability wise, but also results in much smaller binaries. For
example, pactester goes from 1.5M to 687K on my system.

Passes unit tests on macOS. Not tested on Linux/Windows yet. However,
I'm not certain about i.e. string lifetimes with duktape. They didn't
seem clear with SpiderMonkey either though; perhaps it'd be an
opportunity to i.e. explicitly strdup them?

[ancientmonkey]: https://blog.pspaul.de/posts/ancient-monkey-pwning-a-17-year-old-version-of-spidermonkey/

Author: NattyNarwhal

src/Makefile

@@ -45,7 +45,7 @@ LIB_VER = 1
 SO_SUFFIX = so
 LIBRARY = $(LIBRARY_NAME).$(SO_SUFFIX).$(LIB_VER)
 MKSHLIB = $(CC) -shared
-LIB_OPTS = -Wl,-soname=$(LIBRARY) -Wl,-exclude-libs=libjs.a
+LIB_OPTS = -Wl,-soname=$(LIBRARY) -Wl,-exclude-libs=duktape.o
 SHFLAGS = -fPIC
 SMCFLAGS = -DHAVE_VA_COPY -DVA_COPY=va_copy
 
@@ -78,9 +78,6 @@ ifndef PYTHON
   PYTHON = python
 endif
 
-# Spidermonkey library.
-MAINT_CFLAGS += -Ispidermonkey/js/src
-
 LIBRARY_LINK = $(LIBRARY_NAME).$(SO_SUFFIX)
 PREFIX := $(DESTDIR)$(PREFIX)
 LIB_PREFIX = $(PREFIX)/lib
@@ -92,23 +89,19 @@ MAN_PREFIX = $(PREFIX)/share/man
 .PHONY: clean pymod install-pymod
 all: testpactester
 
-jsapi_buildstamp: spidermonkey/js/src
-	cd spidermonkey && SMCFLAGS="$(SHFLAGS) $(SMCFLAGS)" $(MAKE) jsapi
-	touch jsapi_buildstamp
-
-spidermonkey/libjs.a: spidermonkey/js/src
-	cd spidermonkey && SMCFLAGS="$(SHFLAGS) $(SMCFLAGS)" $(MAKE) jslib
+duktape.o: duktape.c duktape.h duk_config.h
+	$(CC) $(MAINT_CFLAGS) $(CFLAGS) $(SHFLAGS) -c duktape.c -o dutape.o
+	touch pymod/duktape_o_buildstamp
 
-pacparser.o: pacparser.c pac_utils.h pacparser.h jsapi_buildstamp
+pacparser.o: pacparser.c pac_utils.h pacparser.h
 	$(CC) $(MAINT_CFLAGS) $(CFLAGS) $(SHFLAGS) -c pacparser.c -o pacparser.o
 	touch pymod/pacparser_o_buildstamp
 
-$(LIBRARY): pacparser.o spidermonkey/libjs.a
-	$(MKSHLIB) $(MAINT_CFLAGS) $(CFLAGS) $(LDFLAGS) $(LIB_OPTS) -o $(LIBRARY) pacparser.o spidermonkey/libjs.a -lm
+$(LIBRARY): pacparser.o duktape.o
+	$(MKSHLIB) $(MAINT_CFLAGS) $(CFLAGS) $(LDFLAGS) $(LIB_OPTS) -o $(LIBRARY) pacparser.o duktape.o -lm
 
-libpacparser.a: pacparser.o spidermonkey/libjs.a
-	cp spidermonkey/libjs.a libpacparser.a
-	ar rcs libpacparser.a pacparser.o
+libpacparser.a: pacparser.o duktape.o
+	ar rcs libpacparser.a pacparser.o duktape.o
 
 $(LIBRARY_LINK): $(LIBRARY)
 	ln -sf $(LIBRARY) $(LIBRARY_LINK)
@@ -149,11 +142,11 @@ dist: all
 	zip -r $${bindir}.zip $${bindir}/.
 
 # Targets to build python module
-pymod: pacparser.o pacparser.h spidermonkey/libjs.a
+pymod: pacparser.o pacparser.h duktape.o
 	cd pymod && ARCHFLAGS="" $(PYTHON) setup.py build
 	$(PYTHON) ../tests/runtests.py
 
-pymod-dist: pacparser.o pacparser.h spidermonkey/libjs.a
+pymod-dist: pacparser.o pacparser.h duktape.o
 	cd pymod && ARCHFLAGS="" $(PYTHON) setup.py build
 	cd pymod && ARCHFLAGS="" $(PYTHON) setup.py dist
 	$(PYTHON) ../tests/runtests.py
@@ -165,4 +158,3 @@ clean:
 	rm -f $(LIBRARY_LINK) $(LIBRARY) pacparser.o pactester pymod/pacparser_o_buildstamp jsapi_buildstamp
 	rm -rf dist
 	cd pymod && $(PYTHON) setup.py clean --all
-	cd spidermonkey && $(MAKE) clean

src/Makefile.win32

@@ -39,32 +39,32 @@ endif
 VERSION ?= $(shell git describe --always --tags --candidate=100)
 
 LIB_VER=1
-CFLAGS=-g -DXP_WIN -DWINVER=0x0501 -DVERSION=$(VERSION) -Ispidermonkey/js/src -Wall
+CFLAGS=-g -DXP_WIN -DWINVER=0x0501 -DVERSION=$(VERSION) -Wall
 CC=gcc
 PYTHON ?= python
 
 .PHONY: clean pymod install-pymod
 
 all: pacparser.dll pactester
 
-pacparser.o: pacparser.c pac_utils.h js.lib
+pacparser.o: pacparser.c pac_utils.h
 	$(CC) $(CFLAGS) -c pacparser.c -o pacparser.o
 
-js.lib:
-	$(MAKE) -C spidermonkey -f Makefile.win32
+duktape.o: duktape.c duk_config.h duktape.h
+	$(CC) $(CFLAGS) -c pacparser.c -o pacparser.o
 
-pacparser.dll: pacparser.o spidermonkey/js.lib
+pacparser.dll: pacparser.o duktape.o
 	$(CC) -shared -o pacparser.dll \
 	-Wl,--output-def,pacparser.def \
 	-Wl,--out-implib,libpacparser.a \
 	-Wl,--export-all-symbols \
-	pacparser.o -ljs -Lspidermonkey -lws2_32
+	pacparser.o duktape.o -lws2_32
 
 pacparser.lib: pacparser.dll pacparser.def
 	lib /machine:i386 /def:pacparser.def
 
 pactester: pactester.c pacparser.h pacparser.o
-	$(CC) pactester.c pacparser.o -o pactester -ljs -Lspidermonkey -lws2_32
+	$(CC) pactester.c pacparser.o duktape.o -o pactester -lws2_32
 
 dist: pacparser.dll pactester pacparser.def
 	if exist dist rmdir /s /q dist
@@ -98,7 +98,6 @@ pymod-dist-%:
 	cd pymod && py -$* setup.py dist
 
 clean:
-	$(RM) pacparser.dll *.lib pacparser.def pacparser.exp pacparser.o pactester.exe libpacparser.a
-	$(MAKE) -C spidermonkey -f Makefile.win32 clean
+	$(RM) pacparser.dll *.lib pacparser.def pacparser.exp pacparser.o duktape.o pactester.exe libpacparser.a
 	cd pymod && $(PYTHON) setup.py clean --all
 	$(RM) dist