diff options
author | hiramatsu <hiramatsu> | 2015-04-01 20:01:59 +0000 |
---|---|---|
committer | hiramatsu <hiramatsu> | 2015-04-01 20:01:59 +0000 |
commit | 9a3f8bf42d551572094250892d8f8e1177520cc2 (patch) | |
tree | f94b0758fbd433ff89b42e0269c235e31a92fd7b | |
parent | 15a6c885dbc640f9529aeca1e684ac1d1e8930aa (diff) | |
download | pkgsrc-9a3f8bf42d551572094250892d8f8e1177520cc2.tar.gz |
Pullup ticket #4652 - requested by bsiegert
devel/exctags: security patch
Revisions pulled up:
- devel/exctags/Makefile 1.27
- devel/exctags/distinfo 1.13
- devel/exctags/patches/patch-CVE-2014-7204 1.1
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Mar 29 09:19:06 UTC 2015
Modified Files:
pkgsrc/devel/exctags: Makefile distinfo
Added Files:
pkgsrc/devel/exctags/patches: patch-CVE-2014-7204
Log Message:
SECURITY: Fix CVE-2014-7204 (DoS in JavaScript parser) in exuberant-ctags.
-rw-r--r-- | devel/exctags/Makefile | 3 | ||||
-rw-r--r-- | devel/exctags/distinfo | 3 | ||||
-rw-r--r-- | devel/exctags/patches/patch-CVE-2014-7204 | 88 |
3 files changed, 92 insertions, 2 deletions
diff --git a/devel/exctags/Makefile b/devel/exctags/Makefile index 678dfdb9c9c..848336670e2 100644 --- a/devel/exctags/Makefile +++ b/devel/exctags/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.26 2014/10/09 14:06:08 wiz Exp $ +# $NetBSD: Makefile,v 1.26.2.1 2015/04/01 20:01:59 hiramatsu Exp $ # DISTNAME= ctags-5.8 PKGNAME= ex${DISTNAME} +PKGREVISION= 1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ctags/} diff --git a/devel/exctags/distinfo b/devel/exctags/distinfo index 37a7262da95..16f3e5434d5 100644 --- a/devel/exctags/distinfo +++ b/devel/exctags/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.12 2013/05/05 21:56:22 rodent Exp $ +$NetBSD: distinfo,v 1.12.14.1 2015/04/01 20:01:59 hiramatsu Exp $ SHA1 (ctags-5.8.tar.gz) = 482da1ecd182ab39bbdc09f2f02c9fba8cd20030 RMD160 (ctags-5.8.tar.gz) = 191495869fbfa2f77a9619a4920eba26d02eface Size (ctags-5.8.tar.gz) = 479927 bytes +SHA1 (patch-CVE-2014-7204) = 70ae27b0b69962323cb6ec8ad89b77e6dc958cdb SHA1 (patch-aa) = 41dc0fdc949fc3a62409b17790002dc9d70cc9db SHA1 (patch-ab) = 5659b06f692cc210af42e4cf73d8598cedb12086 diff --git a/devel/exctags/patches/patch-CVE-2014-7204 b/devel/exctags/patches/patch-CVE-2014-7204 new file mode 100644 index 00000000000..da3b15ea706 --- /dev/null +++ b/devel/exctags/patches/patch-CVE-2014-7204 @@ -0,0 +1,88 @@ +$NetBSD: patch-CVE-2014-7204,v 1.1.2.2 2015/04/01 20:01:59 hiramatsu Exp $ + +http://sourceforge.net/p/ctags/code/791/ + +Fix denial of service that results from attempting to run ctags +over large volumes of public source code. +--- jscript.c ++++ jscript.c +@@ -215,6 +215,7 @@ + * Tag generation functions + */ + ++/* + static void makeConstTag (tokenInfo *const token, const jsKind kind) + { + if (JsKinds [kind].enabled && ! token->ignoreTag ) +@@ -238,12 +239,13 @@ + + if (JsKinds [kind].enabled && ! token->ignoreTag ) + { +- /* ++ * + * If a scope has been added to the token, change the token + * string to include the scope when making the tag. +- */ ++ * + if ( vStringLength(token->scope) > 0 ) + { ++ * + fulltag = vStringNew (); + vStringCopy(fulltag, token->scope); + vStringCatS (fulltag, "."); +@@ -251,8 +253,54 @@ + vStringTerminate(fulltag); + vStringCopy(token->string, fulltag); + vStringDelete (fulltag); +- } +- makeConstTag (token, kind); ++ * ++ jsKind parent_kind = JSTAG_CLASS; ++ ++ * ++ * if we're creating a function (and not a method), ++ * guess we're inside another function ++ * ++ if (kind == JSTAG_FUNCTION) ++ parent_kind = JSTAG_FUNCTION; ++ ++ e.extensionFields.scope[0] = JsKinds [parent_kind].name; ++ e.extensionFields.scope[1] = vStringValue (token->scope); ++ } ++ * makeConstTag (token, kind); * ++ makeTagEntry (&e); ++ } ++} ++*/ ++ ++static void makeJsTag (tokenInfo *const token, const jsKind kind) ++{ ++ if (JsKinds [kind].enabled && ! token->ignoreTag ) ++ { ++ const char *const name = vStringValue (token->string); ++ tagEntryInfo e; ++ initTagEntry (&e, name); ++ ++ e.lineNumber = token->lineNumber; ++ e.filePosition = token->filePosition; ++ e.kindName = JsKinds [kind].name; ++ e.kind = JsKinds [kind].letter; ++ ++ if ( vStringLength(token->scope) > 0 ) ++ { ++ jsKind parent_kind = JSTAG_CLASS; ++ ++ /* ++ * If we're creating a function (and not a method), ++ * guess we're inside another function ++ */ ++ if (kind == JSTAG_FUNCTION) ++ parent_kind = JSTAG_FUNCTION; ++ ++ e.extensionFields.scope[0] = JsKinds [parent_kind].name; ++ e.extensionFields.scope[1] = vStringValue (token->scope); ++ } ++ ++ makeTagEntry (&e); + } + } |