Hello community,

here is the log from the commit of package ctags for openSUSE:Factory checked 
in at 2015-05-26 12:37:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ctags (Old)
 and      /work/SRC/openSUSE:Factory/.ctags.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ctags"

Changes:
--------
--- /work/SRC/openSUSE:Factory/ctags/ctags.changes      2013-05-06 
10:13:09.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.ctags.new/ctags.changes 2015-05-26 
12:37:13.000000000 +0200
@@ -1,0 +2,7 @@
+Tue Oct  7 05:45:51 UTC 2014 - pu...@suse.com
+
+- Fix endless loop in javascript parser
+  (bnc#899486, CVE-2014-7204)  
+- Added CVE-2014-7204.patch
+
+-------------------------------------------------------------------

New:
----
  CVE-2014-7204.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ctags.spec ++++++
--- /var/tmp/diff_new_pack.8MynAW/_old  2015-05-26 12:37:13.000000000 +0200
+++ /var/tmp/diff_new_pack.8MynAW/_new  2015-05-26 12:37:13.000000000 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package ctags
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -30,6 +30,7 @@
 Source2:        ctags-ycp-parser.diff
 Patch3:         ctags-date-time.patch
 Patch4:         go-tags.patch
+Patch5:         CVE-2014-7204.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  update-alternatives
 PreReq:         update-alternatives
@@ -45,6 +46,7 @@
 #%#patch2
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 
 %build
 ./configure CFLAGS="%{optflags} -Wall" \

++++++ CVE-2014-7204.patch ++++++
>From e23093345c6f63358d979f2c87c57ef4050ba864 Mon Sep 17 00:00:00 2001
From: dfishburn <dfishburn@c5d04d22-be80-434c-894e-aa346cc9e8e8>
Date: Wed, 24 Oct 2012 01:13:13 +0000
Subject: [PATCH] Changed the javascript parser to set the tag's scope rather
 than including it in the tag name.

Patch from Colomban.



git-svn-id: svn://svn.code.sf.net/p/ctags/code/trunk@791 
c5d04d22-be80-434c-894e-aa346cc9e8e8
Signed-off-by: Petr Uzel <petr.u...@suse.cz>
---
 jscript.c |   54 +++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 51 insertions(+), 3 deletions(-)

Index: ctags-5.8/jscript.c
===================================================================
--- ctags-5.8.orig/jscript.c
+++ ctags-5.8/jscript.c
@@ -215,6 +215,7 @@ static void deleteToken (tokenInfo *cons
  *      Tag generation functions
  */
 
+/*
 static void makeConstTag (tokenInfo *const token, const jsKind kind)
 {
        if (JsKinds [kind].enabled && ! token->ignoreTag )
@@ -238,12 +239,13 @@ static void makeJsTag (tokenInfo *const
 
        if (JsKinds [kind].enabled && ! token->ignoreTag )
        {
-               /*
+               *
                 * If a scope has been added to the token, change the token
                 * string to include the scope when making the tag.
-                */
+                *
                if ( vStringLength(token->scope) > 0 )
                {
+                       *
                        fulltag = vStringNew ();
                        vStringCopy(fulltag, token->scope);
                        vStringCatS (fulltag, ".");
@@ -251,8 +253,54 @@ static void makeJsTag (tokenInfo *const
                        vStringTerminate(fulltag);
                        vStringCopy(token->string, fulltag);
                        vStringDelete (fulltag);
+                       *
+                       jsKind parent_kind = JSTAG_CLASS;
+ 
+                       * 
+                        * if we're creating a function (and not a method),
+                        * guess we're inside another function 
+                        *
+                       if (kind == JSTAG_FUNCTION)
+                               parent_kind = JSTAG_FUNCTION;
+ 
+                       e.extensionFields.scope[0] = JsKinds [parent_kind].name;
+                       e.extensionFields.scope[1] = vStringValue 
(token->scope);
                }
-               makeConstTag (token, kind);
+               * makeConstTag (token, kind); *
+               makeTagEntry (&e);
+       }
+}
+*/
+
+static void makeJsTag (tokenInfo *const token, const jsKind kind)
+{
+       if (JsKinds [kind].enabled && ! token->ignoreTag )
+       {
+               const char *const name = vStringValue (token->string);
+               tagEntryInfo e;
+               initTagEntry (&e, name);
+
+               e.lineNumber   = token->lineNumber;
+               e.filePosition = token->filePosition;
+               e.kindName         = JsKinds [kind].name;
+               e.kind             = JsKinds [kind].letter;
+
+               if ( vStringLength(token->scope) > 0 )
+               {
+                       jsKind parent_kind = JSTAG_CLASS;
+
+                       /* 
+                        * If we're creating a function (and not a method),
+                        * guess we're inside another function 
+                        */
+                       if (kind == JSTAG_FUNCTION)
+                               parent_kind = JSTAG_FUNCTION;
+
+                       e.extensionFields.scope[0] = JsKinds [parent_kind].name;
+                       e.extensionFields.scope[1] = vStringValue 
(token->scope);
+               }
+
+               makeTagEntry (&e);
        }
 }
 

Reply via email to