main/ctags: security fix for CVE-2014-7204

8acec4cd · Sören Tempel · e1425464 · 8acec4cd · 8acec4cd
Commit 8acec4cd authored May 04, 2017 by Sören Tempel
Hide whitespace changes
Inline Side-by-side

Showing with 118 additions and 23 deletions

main/ctags/APKBUILD main/ctags/APKBUILD +16 -23

main/ctags/CVE-2014-7204.patch main/ctags/CVE-2014-7204.patch +102 -0

No files found.
--- a/main/ctags/APKBUILD
+++ b/main/ctags/APKBUILD
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
 # Contributor: Michael Mason <ms13sp@gmail.com>
 # Maintainer: Fabian Affolter <fabian@affolter-engineering.ch>
 pkgname=ctags
 pkgver=5.8
-pkgrel=4
+pkgrel=5
 pkgdesc="Generator of tags for all types of C/C++ languages"
 url="http://ctags.sourceforge.net/"
 arch="all"
@@ -12,43 +13,35 @@ makedepends=""
 install=""
 subpackages="$pkgname-doc"
 source="http://prdownloads.sourceforge.net/ctags/$pkgname-$pkgver.tar.gz
+	CVE-2014-7204.patch
 	error-format.patch"
+builddir="$srcdir"/$pkgname-$pkgver

-_builddir="$srcdir"/$pkgname-$pkgver
-prepare() {
-	cd "$_builddir"
-	for i in $source; do
-		case $i in
-		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
-		esac
-	done
-}
+# secfixes:
+#   5.8-r5:
+#     - CVE-2014-7204

 build() {
-	cd "$_builddir"
+	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
 		--prefix=/usr \
-		--mandir=/usr/share/man \
 		--sysconfdir=/etc \
-		--infodir=/usr/share/info \
-		|| return 1
-	make || return 1
+		--mandir=/usr/share/man \
+		--localstatedir=/var \
+		--disable-external-sort
+	make
 }

 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	mkdir -p "$pkgdir"/usr/bin
-	make -j1 \
-		DEST_CTAGS="$pkgdir"/usr/bin \
+	make -j1 DEST_CTAGS="$pkgdir"/usr/bin \
 		mandir="$pkgdir"/usr/share/man \
-		install || return 1
+		install
 }

-md5sums="c00f82ecdcc357434731913e5b48630d  ctags-5.8.tar.gz
-f0b35e99098aba05128c12859fa44e9e  error-format.patch"
-sha256sums="0e44b45dcabe969e0bbbb11e30c246f81abe5d32012db37395eb57d66e9e99c7  ctags-5.8.tar.gz
-30339f93cdf0da56fe746703330332d0f345a677c38025c4be6d56d56b82414c  error-format.patch"
 sha512sums="981912cd335978cde22864e977947fc75326572fb29518e559cc4a8ac1edc84b3604165218a666e36353f17da4f89f8e967acdb88696f816748eb946d79eaa15  ctags-5.8.tar.gz
+7593aa9ca8857b09127a842752d214764734215b42b58c8a44e2a320b21b5a4923dd05a3d14a9053e570f07297d77b3d2fa8f5d41c500e9aadf993413a66be76  CVE-2014-7204.patch
 bc861fa7fe401e5f5845c39d8ec714268898fafcd76afa54bebfc7965d4ef66e227e7bab80733c8f95a79a131b05fbdd4024d05139f2f9bd67914ff4c9e0e9b9  error-format.patch"
--- a/main/ctags/CVE-2014-7204.patch
+++ b/main/ctags/CVE-2014-7204.patch
+From a499a10833d525c9af794c616dc40f7425110c71 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Sat, 27 Sep 2014 14:37:19 +0100
+Subject: Changed the javascript parser to set the tag's scope rather than
+ including it in the tag name.
+
+Patch from Colomban.
+
+Author: David Fishburn
+Origin: upstream, http://sourceforge.net/p/ctags/code/791/
+Bug-Debian: https://bugs.debian.org/742605
+Last-Update: 2014-09-27
+
+Patch-Name: jscript-set-tag-scope.patch
+---
+ jscript.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 51 insertions(+), 3 deletions(-)
+
+diff --git a/jscript.c b/jscript.c
+index 5de3367..a790355 100644
+--- a/jscript.c
+++ b/jscript.c
+@@ -215,6 +215,7 @@ static void deleteToken (tokenInfo *const token)
+  *	 Tag generation functions
+  */
+ 
+/*
+ static void makeConstTag (tokenInfo *const token, const jsKind kind)
+ {
+ 	if (JsKinds [kind].enabled && ! token->ignoreTag )
+@@ -238,12 +239,13 @@ static void makeJsTag (tokenInfo *const token, const jsKind kind)
+ 
+ 	if (JsKinds [kind].enabled && ! token->ignoreTag )
+ 	{
+-		/*
+		*
+ 		 * If a scope has been added to the token, change the token
+ 		 * string to include the scope when making the tag.
+-		 */
+		 *
+ 		if ( vStringLength(token->scope) > 0 )
+ 		{
+			*
+ 			fulltag = vStringNew ();
+ 			vStringCopy(fulltag, token->scope);
+ 			vStringCatS (fulltag, ".");
+@@ -251,8 +253,54 @@ static void makeJsTag (tokenInfo *const token, const jsKind kind)
+ 			vStringTerminate(fulltag);
+ 			vStringCopy(token->string, fulltag);
+ 			vStringDelete (fulltag);
+			*
+ 			jsKind parent_kind = JSTAG_CLASS;
+ 
+ 			* 
+			 * if we're creating a function (and not a method),
+ 			 * guess we're inside another function 
+			 *
+ 			if (kind == JSTAG_FUNCTION)
+ 				parent_kind = JSTAG_FUNCTION;
+ 
+ 			e.extensionFields.scope[0] = JsKinds [parent_kind].name;
+ 			e.extensionFields.scope[1] = vStringValue (token->scope);
+		}
+		* makeConstTag (token, kind); *
+ 		makeTagEntry (&e);
+	}
+}
+*/
+
+static void makeJsTag (tokenInfo *const token, const jsKind kind)
+{
+	if (JsKinds [kind].enabled && ! token->ignoreTag )
+	{
+		const char *const name = vStringValue (token->string);
+		tagEntryInfo e;
+		initTagEntry (&e, name);
+
+		e.lineNumber   = token->lineNumber;
+		e.filePosition = token->filePosition;
+		e.kindName	   = JsKinds [kind].name;
+		e.kind		   = JsKinds [kind].letter;
+
+		if ( vStringLength(token->scope) > 0 )
+		{
+			jsKind parent_kind = JSTAG_CLASS;
+
+			/* 
+			 * If we're creating a function (and not a method),
+			 * guess we're inside another function 
+			 */
+			if (kind == JSTAG_FUNCTION)
+				parent_kind = JSTAG_FUNCTION;
+
+			e.extensionFields.scope[0] = JsKinds [parent_kind].name;
+			e.extensionFields.scope[1] = vStringValue (token->scope);
+ 		}
+-		makeConstTag (token, kind);
+
+		makeTagEntry (&e);
+ 	}
+ }
+