[arch-commits] Commit in ctags/trunk (CVE-2014-7204.patch PKGBUILD)
Dave Reisner
dreisner at archlinux.org
Fri Oct 24 18:25:02 UTC 2014
Date: Friday, October 24, 2014 @ 20:25:02
Author: dreisner
Revision: 225277
upgpkg: ctags 5.8-5
- apply patch for CVE-2014-7204 (FS#42246)
Added:
ctags/trunk/CVE-2014-7204.patch
Modified:
ctags/trunk/PKGBUILD
---------------------+
CVE-2014-7204.patch | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 14 +++++-
2 files changed, 113 insertions(+), 3 deletions(-)
Added: CVE-2014-7204.patch
===================================================================
--- CVE-2014-7204.patch (rev 0)
+++ CVE-2014-7204.patch 2014-10-24 18:25:02 UTC (rev 225277)
@@ -0,0 +1,102 @@
+From a499a10833d525c9af794c616dc40f7425110c71 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson at debian.org>
+Date: Sat, 27 Sep 2014 14:37:19 +0100
+Subject: Changed the javascript parser to set the tag's scope rather than
+ including it in the tag name.
+
+Patch from Colomban.
+
+Author: David Fishburn
+Origin: upstream, http://sourceforge.net/p/ctags/code/791/
+Bug-Debian: https://bugs.debian.org/742605
+Last-Update: 2014-09-27
+
+Patch-Name: jscript-set-tag-scope.patch
+---
+ jscript.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 51 insertions(+), 3 deletions(-)
+
+diff --git a/jscript.c b/jscript.c
+index 5de3367..a790355 100644
+--- a/jscript.c
++++ b/jscript.c
+@@ -215,6 +215,7 @@ static void deleteToken (tokenInfo *const token)
+ * Tag generation functions
+ */
+
++/*
+ static void makeConstTag (tokenInfo *const token, const jsKind kind)
+ {
+ if (JsKinds [kind].enabled && ! token->ignoreTag )
+@@ -238,12 +239,13 @@ static void makeJsTag (tokenInfo *const token, const jsKind kind)
+
+ if (JsKinds [kind].enabled && ! token->ignoreTag )
+ {
+- /*
++ *
+ * If a scope has been added to the token, change the token
+ * string to include the scope when making the tag.
+- */
++ *
+ if ( vStringLength(token->scope) > 0 )
+ {
++ *
+ fulltag = vStringNew ();
+ vStringCopy(fulltag, token->scope);
+ vStringCatS (fulltag, ".");
+@@ -251,8 +253,54 @@ static void makeJsTag (tokenInfo *const token, const jsKind kind)
+ vStringTerminate(fulltag);
+ vStringCopy(token->string, fulltag);
+ vStringDelete (fulltag);
++ *
++ jsKind parent_kind = JSTAG_CLASS;
++
++ *
++ * if we're creating a function (and not a method),
++ * guess we're inside another function
++ *
++ if (kind == JSTAG_FUNCTION)
++ parent_kind = JSTAG_FUNCTION;
++
++ e.extensionFields.scope[0] = JsKinds [parent_kind].name;
++ e.extensionFields.scope[1] = vStringValue (token->scope);
++ }
++ * makeConstTag (token, kind); *
++ makeTagEntry (&e);
++ }
++}
++*/
++
++static void makeJsTag (tokenInfo *const token, const jsKind kind)
++{
++ if (JsKinds [kind].enabled && ! token->ignoreTag )
++ {
++ const char *const name = vStringValue (token->string);
++ tagEntryInfo e;
++ initTagEntry (&e, name);
++
++ e.lineNumber = token->lineNumber;
++ e.filePosition = token->filePosition;
++ e.kindName = JsKinds [kind].name;
++ e.kind = JsKinds [kind].letter;
++
++ if ( vStringLength(token->scope) > 0 )
++ {
++ jsKind parent_kind = JSTAG_CLASS;
++
++ /*
++ * If we're creating a function (and not a method),
++ * guess we're inside another function
++ */
++ if (kind == JSTAG_FUNCTION)
++ parent_kind = JSTAG_FUNCTION;
++
++ e.extensionFields.scope[0] = JsKinds [parent_kind].name;
++ e.extensionFields.scope[1] = vStringValue (token->scope);
+ }
+- makeConstTag (token, kind);
++
++ makeTagEntry (&e);
+ }
+ }
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-10-24 18:22:31 UTC (rev 225276)
+++ PKGBUILD 2014-10-24 18:25:02 UTC (rev 225277)
@@ -4,15 +4,23 @@
pkgname=ctags
pkgver=5.8
-pkgrel=4
+pkgrel=5
pkgdesc="Generates an index file of language objects found in source files"
arch=('i686' 'x86_64')
license=('GPL')
depends=('glibc')
url="http://ctags.sourceforge.net/"
-source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pkgver}.tar.gz")
-md5sums=('c00f82ecdcc357434731913e5b48630d')
+source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pkgver}.tar.gz"
+ "CVE-2014-7204.patch")
+md5sums=('c00f82ecdcc357434731913e5b48630d'
+ '5fd1a8abb0e1e2d16fd4b8b870e03249')
+prepare() {
+ cd ${srcdir}/${pkgname}-${pkgver}
+
+ patch -Np1 <../CVE-2014-7204.patch
+}
+
build() {
cd ${srcdir}/${pkgname}-${pkgver}
More information about the arch-commits
mailing list