Commit 8acec4cd authored by Sören Tempel's avatar Sören Tempel

main/ctags: security fix for CVE-2014-7204

parent e1425464
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Fabian Affolter <fabian@affolter-engineering.ch>
pkgname=ctags
pkgver=5.8
pkgrel=4
pkgrel=5
pkgdesc="Generator of tags for all types of C/C++ languages"
url="http://ctags.sourceforge.net/"
arch="all"
......@@ -12,43 +13,35 @@ makedepends=""
install=""
subpackages="$pkgname-doc"
source="http://prdownloads.sourceforge.net/ctags/$pkgname-$pkgver.tar.gz
CVE-2014-7204.patch
error-format.patch"
builddir="$srcdir"/$pkgname-$pkgver
_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_builddir"
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
}
# secfixes:
# 5.8-r5:
# - CVE-2014-7204
build() {
cd "$_builddir"
cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--mandir=/usr/share/man \
--sysconfdir=/etc \
--infodir=/usr/share/info \
|| return 1
make || return 1
--mandir=/usr/share/man \
--localstatedir=/var \
--disable-external-sort
make
}
package() {
cd "$_builddir"
cd "$builddir"
mkdir -p "$pkgdir"/usr/bin
make -j1 \
DEST_CTAGS="$pkgdir"/usr/bin \
make -j1 DEST_CTAGS="$pkgdir"/usr/bin \
mandir="$pkgdir"/usr/share/man \
install || return 1
install
}
md5sums="c00f82ecdcc357434731913e5b48630d ctags-5.8.tar.gz
f0b35e99098aba05128c12859fa44e9e error-format.patch"
sha256sums="0e44b45dcabe969e0bbbb11e30c246f81abe5d32012db37395eb57d66e9e99c7 ctags-5.8.tar.gz
30339f93cdf0da56fe746703330332d0f345a677c38025c4be6d56d56b82414c error-format.patch"
sha512sums="981912cd335978cde22864e977947fc75326572fb29518e559cc4a8ac1edc84b3604165218a666e36353f17da4f89f8e967acdb88696f816748eb946d79eaa15 ctags-5.8.tar.gz
7593aa9ca8857b09127a842752d214764734215b42b58c8a44e2a320b21b5a4923dd05a3d14a9053e570f07297d77b3d2fa8f5d41c500e9aadf993413a66be76 CVE-2014-7204.patch
bc861fa7fe401e5f5845c39d8ec714268898fafcd76afa54bebfc7965d4ef66e227e7bab80733c8f95a79a131b05fbdd4024d05139f2f9bd67914ff4c9e0e9b9 error-format.patch"
From a499a10833d525c9af794c616dc40f7425110c71 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sat, 27 Sep 2014 14:37:19 +0100
Subject: Changed the javascript parser to set the tag's scope rather than
including it in the tag name.
Patch from Colomban.
Author: David Fishburn
Origin: upstream, http://sourceforge.net/p/ctags/code/791/
Bug-Debian: https://bugs.debian.org/742605
Last-Update: 2014-09-27
Patch-Name: jscript-set-tag-scope.patch
---
jscript.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 51 insertions(+), 3 deletions(-)
diff --git a/jscript.c b/jscript.c
index 5de3367..a790355 100644
--- a/jscript.c
+++ b/jscript.c
@@ -215,6 +215,7 @@ static void deleteToken (tokenInfo *const token)
* Tag generation functions
*/
+/*
static void makeConstTag (tokenInfo *const token, const jsKind kind)
{
if (JsKinds [kind].enabled && ! token->ignoreTag )
@@ -238,12 +239,13 @@ static void makeJsTag (tokenInfo *const token, const jsKind kind)
if (JsKinds [kind].enabled && ! token->ignoreTag )
{
- /*
+ *
* If a scope has been added to the token, change the token
* string to include the scope when making the tag.
- */
+ *
if ( vStringLength(token->scope) > 0 )
{
+ *
fulltag = vStringNew ();
vStringCopy(fulltag, token->scope);
vStringCatS (fulltag, ".");
@@ -251,8 +253,54 @@ static void makeJsTag (tokenInfo *const token, const jsKind kind)
vStringTerminate(fulltag);
vStringCopy(token->string, fulltag);
vStringDelete (fulltag);
+ *
+ jsKind parent_kind = JSTAG_CLASS;
+
+ *
+ * if we're creating a function (and not a method),
+ * guess we're inside another function
+ *
+ if (kind == JSTAG_FUNCTION)
+ parent_kind = JSTAG_FUNCTION;
+
+ e.extensionFields.scope[0] = JsKinds [parent_kind].name;
+ e.extensionFields.scope[1] = vStringValue (token->scope);
+ }
+ * makeConstTag (token, kind); *
+ makeTagEntry (&e);
+ }
+}
+*/
+
+static void makeJsTag (tokenInfo *const token, const jsKind kind)
+{
+ if (JsKinds [kind].enabled && ! token->ignoreTag )
+ {
+ const char *const name = vStringValue (token->string);
+ tagEntryInfo e;
+ initTagEntry (&e, name);
+
+ e.lineNumber = token->lineNumber;
+ e.filePosition = token->filePosition;
+ e.kindName = JsKinds [kind].name;
+ e.kind = JsKinds [kind].letter;
+
+ if ( vStringLength(token->scope) > 0 )
+ {
+ jsKind parent_kind = JSTAG_CLASS;
+
+ /*
+ * If we're creating a function (and not a method),
+ * guess we're inside another function
+ */
+ if (kind == JSTAG_FUNCTION)
+ parent_kind = JSTAG_FUNCTION;
+
+ e.extensionFields.scope[0] = JsKinds [parent_kind].name;
+ e.extensionFields.scope[1] = vStringValue (token->scope);
}
- makeConstTag (token, kind);
+
+ makeTagEntry (&e);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment