[arch-commits] Commit in ctags/trunk (CVE-2014-7204.patch PKGBUILD)

Fri Oct 24 18:25:02 UTC 2014

Date: Friday, October 24, 2014 @ 20:25:02
  Author: dreisner
Revision: 225277

upgpkg: ctags 5.8-5

- apply patch for CVE-2014-7204 (FS#42246)

Added:
  ctags/trunk/CVE-2014-7204.patch
Modified:
  ctags/trunk/PKGBUILD

---------------------+
 CVE-2014-7204.patch |  102 ++++++++++++++++++++++++++++++++++++++++++++++++++
 PKGBUILD            |   14 +++++-
 2 files changed, 113 insertions(+), 3 deletions(-)

Added: CVE-2014-7204.patch
===================================================================

--- CVE-2014-7204.patch	                        (rev 0)
+++ CVE-2014-7204.patch	2014-10-24 18:25:02 UTC (rev 225277)
@@ -0,0 +1,102 @@
+From a499a10833d525c9af794c616dc40f7425110c71 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson at debian.org>
+Date: Sat, 27 Sep 2014 14:37:19 +0100
+Subject: Changed the javascript parser to set the tag's scope rather than
+ including it in the tag name.
+
+Patch from Colomban.
+
+Author: David Fishburn
+Origin: upstream, http://sourceforge.net/p/ctags/code/791/
+Bug-Debian: https://bugs.debian.org/742605
+Last-Update: 2014-09-27
+
+Patch-Name: jscript-set-tag-scope.patch
+---
+ jscript.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 51 insertions(+), 3 deletions(-)
+
+diff --git a/jscript.c b/jscript.c
+index 5de3367..a790355 100644
+--- a/jscript.c
++++ b/jscript.c
+@@ -215,6 +215,7 @@ static void deleteToken (tokenInfo *const token)
+  *	 Tag generation functions
+  */
+ 
++/*
+ static void makeConstTag (tokenInfo *const token, const jsKind kind)
+ {
+ 	if (JsKinds [kind].enabled && ! token->ignoreTag )
+@@ -238,12 +239,13 @@ static void makeJsTag (tokenInfo *const token, const jsKind kind)
+ 
+ 	if (JsKinds [kind].enabled && ! token->ignoreTag )
+ 	{
+-		/*
++		*
+ 		 * If a scope has been added to the token, change the token
+ 		 * string to include the scope when making the tag.
+-		 */
++		 *
+ 		if ( vStringLength(token->scope) > 0 )
+ 		{
++			*
+ 			fulltag = vStringNew ();
+ 			vStringCopy(fulltag, token->scope);
+ 			vStringCatS (fulltag, ".");
+@@ -251,8 +253,54 @@ static void makeJsTag (tokenInfo *const token, const jsKind kind)
+ 			vStringTerminate(fulltag);
+ 			vStringCopy(token->string, fulltag);
+ 			vStringDelete (fulltag);
++			*
++ 			jsKind parent_kind = JSTAG_CLASS;
++ 
++ 			* 
++			 * if we're creating a function (and not a method),
++ 			 * guess we're inside another function 
++			 *
++ 			if (kind == JSTAG_FUNCTION)
++ 				parent_kind = JSTAG_FUNCTION;
++ 
++ 			e.extensionFields.scope[0] = JsKinds [parent_kind].name;
++ 			e.extensionFields.scope[1] = vStringValue (token->scope);
++		}
++		* makeConstTag (token, kind); *
++ 		makeTagEntry (&e);
++	}
++}
++*/
++
++static void makeJsTag (tokenInfo *const token, const jsKind kind)
++{
++	if (JsKinds [kind].enabled && ! token->ignoreTag )
++	{
++		const char *const name = vStringValue (token->string);
++		tagEntryInfo e;
++		initTagEntry (&e, name);
++
++		e.lineNumber   = token->lineNumber;
++		e.filePosition = token->filePosition;
++		e.kindName	   = JsKinds [kind].name;
++		e.kind		   = JsKinds [kind].letter;
++
++		if ( vStringLength(token->scope) > 0 )
++		{
++			jsKind parent_kind = JSTAG_CLASS;
++
++			/* 
++			 * If we're creating a function (and not a method),
++			 * guess we're inside another function 
++			 */
++			if (kind == JSTAG_FUNCTION)
++				parent_kind = JSTAG_FUNCTION;
++
++			e.extensionFields.scope[0] = JsKinds [parent_kind].name;
++			e.extensionFields.scope[1] = vStringValue (token->scope);
+ 		}
+-		makeConstTag (token, kind);
++
++		makeTagEntry (&e);
+ 	}
+ }
+ 

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-10-24 18:22:31 UTC (rev 225276)
+++ PKGBUILD	2014-10-24 18:25:02 UTC (rev 225277)
@@ -4,15 +4,23 @@
 
 pkgname=ctags
 pkgver=5.8
-pkgrel=4
+pkgrel=5
 pkgdesc="Generates an index file of language objects found in source files"
 arch=('i686' 'x86_64')
 license=('GPL')
 depends=('glibc')
 url="http://ctags.sourceforge.net/"
-source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pkgver}.tar.gz")
-md5sums=('c00f82ecdcc357434731913e5b48630d')
+source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pkgver}.tar.gz"
+        "CVE-2014-7204.patch")
+md5sums=('c00f82ecdcc357434731913e5b48630d'
+         '5fd1a8abb0e1e2d16fd4b8b870e03249')
 
+prepare() {
+  cd ${srcdir}/${pkgname}-${pkgver}
+
+  patch -Np1 <../CVE-2014-7204.patch
+}
+
 build() {
   cd ${srcdir}/${pkgname}-${pkgver}
 

