[pkgsrc/trunk]: pkgsrc/devel/exctags SECURITY: Fix CVE-2014-7204 (DoS in Java...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/devel/exctags SECURITY: Fix CVE-2014-7204 (DoS in Java...
From: bsiegert <bsiegert%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 17:37:14 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/1adac2ed393d
branches:  trunk
changeset: 649034:1adac2ed393d
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sun Mar 29 09:19:06 2015 +0000

description:
SECURITY: Fix CVE-2014-7204 (DoS in JavaScript parser) in exuberant-ctags.

diffstat:

 devel/exctags/Makefile                    |   3 +-
 devel/exctags/distinfo                    |   3 +-
 devel/exctags/patches/patch-CVE-2014-7204 |  88 +++++++++++++++++++++++++++++++
 3 files changed, 92 insertions(+), 2 deletions(-)

diffs (119 lines):

diff -r 1fb5ede03535 -r 1adac2ed393d devel/exctags/Makefile
--- a/devel/exctags/Makefile    Sun Mar 29 08:30:44 2015 +0000
+++ b/devel/exctags/Makefile    Sun Mar 29 09:19:06 2015 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.26 2014/10/09 14:06:08 wiz Exp $
+# $NetBSD: Makefile,v 1.27 2015/03/29 09:19:06 bsiegert Exp $
 #
 
 DISTNAME=      ctags-5.8
 PKGNAME=       ex${DISTNAME}
+PKGREVISION=   1
 CATEGORIES=    devel
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=ctags/}
 
diff -r 1fb5ede03535 -r 1adac2ed393d devel/exctags/distinfo
--- a/devel/exctags/distinfo    Sun Mar 29 08:30:44 2015 +0000
+++ b/devel/exctags/distinfo    Sun Mar 29 09:19:06 2015 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.12 2013/05/05 21:56:22 rodent Exp $
+$NetBSD: distinfo,v 1.13 2015/03/29 09:19:06 bsiegert Exp $
 
 SHA1 (ctags-5.8.tar.gz) = 482da1ecd182ab39bbdc09f2f02c9fba8cd20030
 RMD160 (ctags-5.8.tar.gz) = 191495869fbfa2f77a9619a4920eba26d02eface
 Size (ctags-5.8.tar.gz) = 479927 bytes
+SHA1 (patch-CVE-2014-7204) = 70ae27b0b69962323cb6ec8ad89b77e6dc958cdb
 SHA1 (patch-aa) = 41dc0fdc949fc3a62409b17790002dc9d70cc9db
 SHA1 (patch-ab) = 5659b06f692cc210af42e4cf73d8598cedb12086
diff -r 1fb5ede03535 -r 1adac2ed393d devel/exctags/patches/patch-CVE-2014-7204
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/exctags/patches/patch-CVE-2014-7204 Sun Mar 29 09:19:06 2015 +0000
@@ -0,0 +1,88 @@
+$NetBSD: patch-CVE-2014-7204,v 1.1 2015/03/29 09:19:06 bsiegert Exp $
+
+http://sourceforge.net/p/ctags/code/791/
+
+Fix denial of service that results from attempting to run ctags
+over large volumes of public source code.
+--- jscript.c
++++ jscript.c
+@@ -215,6 +215,7 @@
+  *     Tag generation functions
+  */
+ 
++/*
+ static void makeConstTag (tokenInfo *const token, const jsKind kind)
+ {
+       if (JsKinds [kind].enabled && ! token->ignoreTag )
+@@ -238,12 +239,13 @@
+ 
+       if (JsKinds [kind].enabled && ! token->ignoreTag )
+       {
+-              /*
++              *
+                * If a scope has been added to the token, change the token
+                * string to include the scope when making the tag.
+-               */
++               *
+               if ( vStringLength(token->scope) > 0 )
+               {
++                      *
+                       fulltag = vStringNew ();
+                       vStringCopy(fulltag, token->scope);
+                       vStringCatS (fulltag, ".");
+@@ -251,8 +253,54 @@
+                       vStringTerminate(fulltag);
+                       vStringCopy(token->string, fulltag);
+                       vStringDelete (fulltag);
+-              }
+-              makeConstTag (token, kind);
++                      *
++                      jsKind parent_kind = JSTAG_CLASS;
++ 
++                      * 
++                       * if we're creating a function (and not a method),
++                       * guess we're inside another function 
++                       *
++                      if (kind == JSTAG_FUNCTION)
++                              parent_kind = JSTAG_FUNCTION;
++ 
++                      e.extensionFields.scope[0] = JsKinds [parent_kind].name;
++                      e.extensionFields.scope[1] = vStringValue (token->scope);
++              }
++              * makeConstTag (token, kind); *
++              makeTagEntry (&e);
++      }
++}
++*/
++
++static void makeJsTag (tokenInfo *const token, const jsKind kind)
++{
++      if (JsKinds [kind].enabled && ! token->ignoreTag )
++      {
++              const char *const name = vStringValue (token->string);
++              tagEntryInfo e;
++              initTagEntry (&e, name);
++
++              e.lineNumber   = token->lineNumber;
++              e.filePosition = token->filePosition;
++              e.kindName         = JsKinds [kind].name;
++              e.kind             = JsKinds [kind].letter;
++
++              if ( vStringLength(token->scope) > 0 )
++              {
++                      jsKind parent_kind = JSTAG_CLASS;
++
++                      /* 
++                       * If we're creating a function (and not a method),
++                       * guess we're inside another function 
++                       */
++                      if (kind == JSTAG_FUNCTION)
++                              parent_kind = JSTAG_FUNCTION;
++
++                      e.extensionFields.scope[0] = JsKinds [parent_kind].name;
++                      e.extensionFields.scope[1] = vStringValue (token->scope);
++              }
++
++              makeTagEntry (&e);
+       }
+ }

Prev by Date: [pkgsrc/trunk]: pkgsrc/databases/openldap-cloak Improve COMMENT. Based on PR ...
Next by Date: [pkgsrc/trunk]: pkgsrc/games/ufoai Dereferencing va_list is not portable and ...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/databases/openldap-cloak Improve COMMENT. Based on PR ...
Next by Thread: [pkgsrc/trunk]: pkgsrc/games/ufoai Dereferencing va_list is not portable and ...
Indexes:

Home | Main Index | Thread Index | Old Index