Pullup ticket #4652 - requested by bsiegert

devel/exctags: security patch

Revisions pulled up:
- devel/exctags/Makefile                                        1.27
- devel/exctags/distinfo                                        1.13
- devel/exctags/patches/patch-CVE-2014-7204                     1.1

---
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Sun Mar 29 09:19:06 UTC 2015

   Modified Files:
           pkgsrc/devel/exctags: Makefile distinfo
   Added Files:
           pkgsrc/devel/exctags/patches: patch-CVE-2014-7204

   Log Message:
   SECURITY: Fix CVE-2014-7204 (DoS in JavaScript parser) in exuberant-ctags.

3 files changed, 92 insertions, 2 deletions

diff --git a/devel/exctags/Makefile b/devel/exctags/Makefile
index 678dfdb9c9c..848336670e2 100644
--- a/devel/exctags/Makefile
+++ b/devel/exctags/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.26 2014/10/09 14:06:08 wiz Exp $
+# $NetBSD: Makefile,v 1.26.2.1 2015/04/01 20:01:59 hiramatsu Exp $
 #
 
 DISTNAME=	ctags-5.8
 PKGNAME=	ex${DISTNAME}
+PKGREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=ctags/}
 
diff --git a/devel/exctags/distinfo b/devel/exctags/distinfo
index 37a7262da95..16f3e5434d5 100644
--- a/devel/exctags/distinfo
+++ b/devel/exctags/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.12 2013/05/05 21:56:22 rodent Exp $
+$NetBSD: distinfo,v 1.12.14.1 2015/04/01 20:01:59 hiramatsu Exp $
 
 SHA1 (ctags-5.8.tar.gz) = 482da1ecd182ab39bbdc09f2f02c9fba8cd20030
 RMD160 (ctags-5.8.tar.gz) = 191495869fbfa2f77a9619a4920eba26d02eface
 Size (ctags-5.8.tar.gz) = 479927 bytes
+SHA1 (patch-CVE-2014-7204) = 70ae27b0b69962323cb6ec8ad89b77e6dc958cdb
 SHA1 (patch-aa) = 41dc0fdc949fc3a62409b17790002dc9d70cc9db
 SHA1 (patch-ab) = 5659b06f692cc210af42e4cf73d8598cedb12086
diff --git a/devel/exctags/patches/patch-CVE-2014-7204 b/devel/exctags/patches/patch-CVE-2014-7204
new file mode 100644
index 00000000000..da3b15ea706
--- /dev/null
+++ b/devel/exctags/patches/patch-CVE-2014-7204
@@ -0,0 +1,88 @@
+$NetBSD: patch-CVE-2014-7204,v 1.1.2.2 2015/04/01 20:01:59 hiramatsu Exp $
+
+http://sourceforge.net/p/ctags/code/791/
+
+Fix denial of service that results from attempting to run ctags
+over large volumes of public source code.
+--- jscript.c
++++ jscript.c
+@@ -215,6 +215,7 @@
+  *	 Tag generation functions
+  */
+ 
++/*
+ static void makeConstTag (tokenInfo *const token, const jsKind kind)
+ {
+ 	if (JsKinds [kind].enabled && ! token->ignoreTag )
+@@ -238,12 +239,13 @@
+ 
+ 	if (JsKinds [kind].enabled && ! token->ignoreTag )
+ 	{
+-		/*
++		*
+ 		 * If a scope has been added to the token, change the token
+ 		 * string to include the scope when making the tag.
+-		 */
++		 *
+ 		if ( vStringLength(token->scope) > 0 )
+ 		{
++			*
+ 			fulltag = vStringNew ();
+ 			vStringCopy(fulltag, token->scope);
+ 			vStringCatS (fulltag, ".");
+@@ -251,8 +253,54 @@
+ 			vStringTerminate(fulltag);
+ 			vStringCopy(token->string, fulltag);
+ 			vStringDelete (fulltag);
+-		}
+-		makeConstTag (token, kind);
++			*
++ 			jsKind parent_kind = JSTAG_CLASS;
++ 
++ 			* 
++			 * if we're creating a function (and not a method),
++ 			 * guess we're inside another function 
++			 *
++ 			if (kind == JSTAG_FUNCTION)
++ 				parent_kind = JSTAG_FUNCTION;
++ 
++ 			e.extensionFields.scope[0] = JsKinds [parent_kind].name;
++ 			e.extensionFields.scope[1] = vStringValue (token->scope);
++		}
++		* makeConstTag (token, kind); *
++ 		makeTagEntry (&e);
++	}
++}
++*/
++
++static void makeJsTag (tokenInfo *const token, const jsKind kind)
++{
++	if (JsKinds [kind].enabled && ! token->ignoreTag )
++	{
++		const char *const name = vStringValue (token->string);
++		tagEntryInfo e;
++		initTagEntry (&e, name);
++
++		e.lineNumber   = token->lineNumber;
++		e.filePosition = token->filePosition;
++		e.kindName	   = JsKinds [kind].name;
++		e.kind		   = JsKinds [kind].letter;
++
++		if ( vStringLength(token->scope) > 0 )
++		{
++			jsKind parent_kind = JSTAG_CLASS;
++
++			/* 
++			 * If we're creating a function (and not a method),
++			 * guess we're inside another function 
++			 */
++			if (kind == JSTAG_FUNCTION)
++				parent_kind = JSTAG_FUNCTION;
++
++			e.extensionFields.scope[0] = JsKinds [parent_kind].name;
++			e.extensionFields.scope[1] = vStringValue (token->scope);
++		}
++
++		makeTagEntry (&e);
+ 	}
+ }