From e77c71d53f06113e28931525f4dc56d605540768 Mon Sep 17 00:00:00 2001 From: James Antill Date: Mon, 27 Feb 2023 12:33:14 -0500 Subject: [PATCH] Import rpm: c8s --- .gitignore | 2 + ctags-5.7-destdir.patch | 44 +++++ ctags-5.7-segment-fault.patch | 41 +++++ ctags-5.8-css.patch | 260 ++++++++++++++++++++++++++ ctags-5.8-cssparse.patch | 16 ++ ctags-5.8-format-security.patch | 12 ++ ctags-5.8-memmove.patch | 19 ++ ctags-5.8-ocaml-crash.patch | 251 +++++++++++++++++++++++++ ctags-CVE-2014-7204.patch | 89 +++++++++ ctags-CVE-2022-4515.patch | 152 +++++++++++++++ ctags.spec | 317 ++++++++++++++++++++++++++++++++ sources | 1 + 12 files changed, 1204 insertions(+) create mode 100644 .gitignore create mode 100644 ctags-5.7-destdir.patch create mode 100644 ctags-5.7-segment-fault.patch create mode 100644 ctags-5.8-css.patch create mode 100644 ctags-5.8-cssparse.patch create mode 100644 ctags-5.8-format-security.patch create mode 100644 ctags-5.8-memmove.patch create mode 100644 ctags-5.8-ocaml-crash.patch create mode 100644 ctags-CVE-2014-7204.patch create mode 100644 ctags-CVE-2022-4515.patch create mode 100644 ctags.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b68d365 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/ctags-5.8.tar.gz +/ctags-5.8.tar.gz diff --git a/ctags-5.7-destdir.patch b/ctags-5.7-destdir.patch new file mode 100644 index 0000000..0aeafab --- /dev/null +++ b/ctags-5.7-destdir.patch @@ -0,0 +1,44 @@ +diff -up ctags-5.7/Makefile.in.destdir ctags-5.7/Makefile.in +--- ctags-5.7/Makefile.in.destdir 2006-10-12 05:26:40.000000000 +0200 ++++ ctags-5.7/Makefile.in 2008-02-15 17:10:23.000000000 +0100 +@@ -59,7 +59,7 @@ include $(srcdir)/source.mak + + VPATH = $(srcdir) + +-INSTALL = cp ++INSTALL = cp -p + INSTALL_PROG = $(INSTALL) + INSTALL_DATA = $(INSTALL) + +@@ -138,7 +141,8 @@ install-ebin: $(DEST_ETAGS) + install-lib: $(DEST_READ_LIB) $(DEST_READ_INC) + + $(DEST_CTAGS): $(CTAGS_EXEC) $(bindir) FORCE +- $(INSTALL_PROG) $(CTAGS_EXEC) $@ && chmod 755 $@ ++ $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) ++ $(INSTALL_PROG) $(CTAGS_EXEC) $(DESTDIR)$@ && chmod 755 $(DESTDIR)$@ + + $(DEST_ETAGS): + - if [ -x $(DEST_CTAGS) ]; then \ +@@ -153,7 +157,8 @@ install-cman: $(DEST_CMAN) + install-eman: $(DEST_EMAN) + + $(DEST_CMAN): $(man1dir) $(MANPAGE) FORCE +- - $(INSTALL_DATA) $(srcdir)/$(MANPAGE) $@ && chmod 644 $@ ++ $(srcdir)/mkinstalldirs $(DESTDIR)$(man1dir) ++ - $(INSTALL_DATA) $(srcdir)/$(MANPAGE) $(DESTDIR)$@ && chmod 644 $(DESTDIR)$@ + + $(DEST_EMAN): + - if [ -f $(DEST_CMAN) ]; then \ +@@ -164,9 +169,11 @@ $(DEST_EMAN): + # install the library + # + $(DEST_READ_LIB): $(READ_LIB) $(libdir) FORCE ++ $(srcdir)/mkinstalldirs $(DESTDIR)$(libdir) + $(INSTALL_PROG) $(READ_LIB) $@ && chmod 644 $@ + + $(DEST_READ_INC): $(READ_INC) $(incdir) FORCE ++ $(srcdir)/mkinstalldirs $(DESTDIR)$(incdir) + $(INSTALL_PROG) $(READ_INC) $@ && chmod 644 $@ + + diff --git a/ctags-5.7-segment-fault.patch b/ctags-5.7-segment-fault.patch new file mode 100644 index 0000000..60e8809 --- /dev/null +++ b/ctags-5.7-segment-fault.patch @@ -0,0 +1,41 @@ +diff -ruN -x '*~' ctags-5.7/vim.c ctags-5.7/vim.c +--- ctags-5.7/vim.c 2006-10-26 12:06:21.000000000 +0900 ++++ ctags-5.7/vim.c 2009-08-28 22:21:31.000000000 +0900 +@@ -328,7 +328,7 @@ + */ + const unsigned char *cp = line; + +- if ( (int) *cp == '\\' ) ++ if ( cp && ( (int) *cp == '\\' ) ) + { + /* + * We are recursively calling this function is the command +@@ -350,9 +350,10 @@ + while (*cp && isspace ((int) *cp)) + ++cp; + } +- else if ( (!strncmp ((const char*) line, "comp", (size_t) 4) == 0) && +- (!strncmp ((const char*) line, "comc", (size_t) 4) == 0) && +- (strncmp ((const char*) line, "com", (size_t) 3) == 0) ) ++ else if ( line && ++ (!strncmp ((const char*) line, "comp", (size_t) 4) == 0) && ++ (!strncmp ((const char*) line, "comc", (size_t) 4) == 0) && ++ (strncmp ((const char*) line, "com", (size_t) 3) == 0) ) + { + cp += 2; + if ((int) *++cp == 'm' && (int) *++cp == 'a' && +@@ -394,6 +395,14 @@ + while (*cp && !isspace ((int) *cp)) + ++cp; + } ++ else if (!isalnum ((int) *cp)) ++ { ++ /* ++ * Broken syntax: throw away this line ++ */ ++ cmdProcessed = TRUE; ++ goto cleanUp; ++ } + } while ( *cp && !isalnum ((int) *cp) ); + + if ( ! *cp ) diff --git a/ctags-5.8-css.patch b/ctags-5.8-css.patch new file mode 100644 index 0000000..2744d33 --- /dev/null +++ b/ctags-5.8-css.patch @@ -0,0 +1,260 @@ +diff -up ctags-5.8/css.c.me ctags-5.8/css.c +--- ctags-5.8/css.c.me 2012-02-08 13:59:35.000000000 +0100 ++++ ctags-5.8/css.c 2012-02-08 13:55:16.000000000 +0100 +@@ -0,0 +1,226 @@ ++/*************************************************************************** ++ * css.c ++ * Character-based parser for Css definitions ++ * Author - Iago Rubio ++ **************************************************************************/ ++#include "general.h" ++ ++#include ++#include ++ ++#include "parse.h" ++#include "read.h" ++ ++ ++typedef enum eCssKinds { ++ K_NONE = -1, K_CLASS, K_SELECTOR, K_ID ++} cssKind; ++ ++static kindOption CssKinds [] = { ++ { TRUE, 'c', "class", "classes" }, ++ { TRUE, 's', "selector", "selectors" }, ++ { TRUE, 'i', "id", "identities" } ++}; ++ ++typedef enum _CssParserState { // state of parsing ++ P_STATE_NONE, // default state ++ P_STATE_IN_COMMENT, // into a comment, only multi line in CSS ++ P_STATE_IN_SINGLE_STRING, // into a single quoted string ++ P_STATE_IN_DOUBLE_STRING, // into a double quoted string ++ P_STATE_IN_DEFINITION, // on the body of the style definition, nothing for us ++ P_STATE_IN_MEDIA, // on a @media declaration, can be multi-line ++ P_STATE_IN_IMPORT, // on a @import declaration, can be multi-line ++ P_STATE_IN_NAMESPACE, // on a @namespace declaration ++ P_STATE_IN_PAGE, // on a @page declaration ++ P_STATE_IN_FONTFACE, // on a @font-face declaration ++ P_STATE_AT_END // end of parsing ++} CssParserState; ++ ++static void makeCssSimpleTag( vString *name, cssKind kind, boolean delete ) ++{ ++ vStringTerminate (name); ++ makeSimpleTag (name, CssKinds, kind); ++ vStringClear (name); ++ if( delete ) ++ vStringDelete (name); ++} ++ ++static boolean isCssDeclarationAllowedChar( const unsigned char *cp ) ++{ ++ return isalnum ((int) *cp) || ++ isspace ((int) *cp) || ++ *cp == '_' || // allowed char ++ *cp == '-' || // allowed char ++ *cp == '+' || // allow all sibling in a single tag ++ *cp == '>' || // allow all child in a single tag ++ *cp == '{' || // allow the start of the declaration ++ *cp == '.' || // allow classes and selectors ++ *cp == ',' || // allow multiple declarations ++ *cp == ':' || // allow pseudo classes ++ *cp == '*' || // allow globs as P + * ++ *cp == '#'; // allow ids ++} ++ ++static CssParserState parseCssDeclaration( const unsigned char **position, cssKind kind ) ++{ ++ vString *name = vStringNew (); ++ const unsigned char *cp = *position; ++ ++ // pick to the end of line including children and sibling ++ // if declaration is multiline go for the next line ++ while ( isCssDeclarationAllowedChar(cp) || ++ *cp == '\0' ) // track the end of line into the loop ++ { ++ if( (int) *cp == '\0' ) ++ { ++ cp = fileReadLine (); ++ if( cp == NULL ){ ++ makeCssSimpleTag(name, kind, TRUE); ++ *position = cp; ++ return P_STATE_AT_END; ++ } ++ } ++ else if( *cp == ',' ) ++ { ++ makeCssSimpleTag(name, kind, TRUE); ++ *position = ++cp; ++ return P_STATE_NONE; ++ } ++ else if( *cp == '{' ) ++ { ++ makeCssSimpleTag(name, kind, TRUE); ++ *position = ++cp; ++ return P_STATE_IN_DEFINITION; ++ } ++ ++ vStringPut (name, (int) *cp); ++ ++cp; ++ } ++ ++ makeCssSimpleTag(name, kind, TRUE); ++ *position = cp; ++ ++ return P_STATE_NONE; ++} ++ ++static CssParserState parseCssLine( const unsigned char *line, CssParserState state ) ++{ ++ vString *aux; ++ ++ while( *line != '\0' ) // fileReadLine returns NULL terminated strings ++ { ++ while (isspace ((int) *line)) ++ ++line; ++ switch( state ) ++ { ++ case P_STATE_NONE: ++ // pick first char if alphanumeric is a selector ++ if( isalnum ((int) *line) ) ++ state = parseCssDeclaration( &line, K_SELECTOR ); ++ else if( *line == '.' ) // a class ++ state = parseCssDeclaration( &line, K_CLASS ); ++ else if( *line == '#' ) // an id ++ state = parseCssDeclaration( &line, K_ID ); ++ else if( *line == '@' ) // at-rules, we'll ignore them ++ { ++ ++line; ++ aux = vStringNew(); ++ while( !isspace((int) *line) ) ++ { ++ vStringPut (aux, (int) *line); ++ ++line; ++ } ++ vStringTerminate (aux); ++ if( strcmp( aux->buffer, "media" ) == 0 ) ++ state = P_STATE_IN_MEDIA; ++ else if ( strcmp( aux->buffer, "import" ) == 0 ) ++ state = P_STATE_IN_IMPORT; ++ else if ( strcmp( aux->buffer, "namespace" ) == 0 ) ++ state = P_STATE_IN_NAMESPACE; ++ else if ( strcmp( aux->buffer, "page" ) == 0 ) ++ state = P_STATE_IN_PAGE; ++ else if ( strcmp( aux->buffer, "font-face" ) == 0 ) ++ state = P_STATE_IN_FONTFACE; ++ vStringDelete (aux); ++ } ++ else if( *line == '*' && *(line-1) == '/' ) // multi-line comment ++ state = P_STATE_IN_COMMENT; ++ break; ++ case P_STATE_IN_COMMENT: ++ if( *line == '/' && *(line-1) == '*') ++ state = P_STATE_NONE; ++ break; ++ case P_STATE_IN_SINGLE_STRING: ++ if( *line == '\'' && *(line-1) != '\\' ) ++ state = P_STATE_IN_DEFINITION; // PAGE, FONTFACE and DEFINITION are treated the same way ++ break; ++ case P_STATE_IN_DOUBLE_STRING: ++ if( *line=='"' && *(line-1) != '\\' ) ++ state = P_STATE_IN_DEFINITION; // PAGE, FONTFACE and DEFINITION are treated the same way ++ break; ++ case P_STATE_IN_MEDIA: ++ // skip to start of media body or line end ++ while( *line != '{' ) ++ { ++ if( *line == '\0' ) ++ break; ++ ++line; ++ } ++ if( *line == '{' ) ++ state = P_STATE_NONE; ++ break; ++ case P_STATE_IN_IMPORT: ++ case P_STATE_IN_NAMESPACE: ++ // skip to end of declaration or line end ++ while( *line != ';' ) ++ { ++ if( *line == '\0' ) ++ break; ++ ++line; ++ } ++ if( *line == ';' ) ++ state = P_STATE_NONE; ++ break; ++ case P_STATE_IN_PAGE: ++ case P_STATE_IN_FONTFACE: ++ case P_STATE_IN_DEFINITION: ++ if( *line == '}' ) ++ state = P_STATE_NONE; ++ else if( *line == '\'' ) ++ state = P_STATE_IN_SINGLE_STRING; ++ else if( *line == '"' ) ++ state = P_STATE_IN_DOUBLE_STRING; ++ break; ++ case P_STATE_AT_END: ++ return state; ++ break; ++ } ++ line++; ++ } ++ return state; ++} ++ ++static void findCssTags (void) ++{ ++ const unsigned char *line; ++ CssParserState state = P_STATE_NONE; ++ ++ while ( (line = fileReadLine ()) != NULL ) ++ { ++ state = parseCssLine( line, state ); ++ if( state==P_STATE_AT_END ) return; ++ } ++} ++ ++/* parser definition */ ++extern parserDefinition* CssParser (void) ++{ ++ static const char *const extensions [] = { "css", NULL }; ++ parserDefinition* def = parserNew ("CSS"); ++ def->kinds = CssKinds; ++ def->kindCount = KIND_COUNT (CssKinds); ++ def->extensions = extensions; ++ def->parser = findCssTags; ++ return def; ++} ++ +diff -up ctags-5.8/parsers.h.me ctags-5.8/parsers.h +--- ctags-5.8/parsers.h.me 2012-02-08 13:56:46.000000000 +0100 ++++ ctags-5.8/parsers.h 2012-02-08 13:57:25.000000000 +0100 +@@ -26,6 +26,7 @@ + CppParser, \ + CsharpParser, \ + CobolParser, \ ++ CssParser, \ + DosBatchParser, \ + EiffelParser, \ + ErlangParser, \ +diff -up ctags-5.8/source.mak.me ctags-5.8/source.mak +--- ctags-5.8/source.mak.me 2012-02-08 13:58:02.000000000 +0100 ++++ ctags-5.8/source.mak 2012-02-08 13:58:42.000000000 +0100 +@@ -17,6 +17,7 @@ SOURCES = \ + beta.c \ + c.c \ + cobol.c \ ++ css.c \ + dosbatch.c \ + eiffel.c \ + entry.c \ +@@ -79,6 +80,7 @@ OBJECTS = \ + beta.$(OBJEXT) \ + c.$(OBJEXT) \ + cobol.$(OBJEXT) \ ++ css.$(OBJEXT) \ + dosbatch.$(OBJEXT) \ + eiffel.$(OBJEXT) \ + entry.$(OBJEXT) \ diff --git a/ctags-5.8-cssparse.patch b/ctags-5.8-cssparse.patch new file mode 100644 index 0000000..f70c374 --- /dev/null +++ b/ctags-5.8-cssparse.patch @@ -0,0 +1,16 @@ +diff -up ctags-5.8/css.c.me ctags-5.8/css.c +--- ctags-5.8/css.c.me 2012-10-18 22:03:20.126163700 +0200 ++++ ctags-5.8/css.c 2012-10-18 22:04:03.237107358 +0200 +@@ -73,10 +73,11 @@ static CssParserState parseCssDeclaratio + { + if( (int) *cp == '\0' ) + { ++ /* assign position to the end of line. */ ++ *position = cp; + cp = fileReadLine (); + if( cp == NULL ){ + makeCssSimpleTag(name, kind, TRUE); +- *position = cp; + return P_STATE_AT_END; + } + } diff --git a/ctags-5.8-format-security.patch b/ctags-5.8-format-security.patch new file mode 100644 index 0000000..ccd3986 --- /dev/null +++ b/ctags-5.8-format-security.patch @@ -0,0 +1,12 @@ +diff -Naur ctags-5.8.orig/lregex.c ctags-5.8/lregex.c +--- ctags-5.8.orig/lregex.c 2007-09-10 04:36:48.000000000 +0200 ++++ ctags-5.8/lregex.c 2014-04-14 21:09:17.716000000 +0200 +@@ -408,7 +408,7 @@ + const char* regexfile = parameter + 1; + FILE* const fp = fopen (regexfile, "r"); + if (fp == NULL) +- error (WARNING | PERROR, regexfile); ++ error (WARNING | PERROR, "%s", regexfile); + else + { + vString* const regex = vStringNew (); diff --git a/ctags-5.8-memmove.patch b/ctags-5.8-memmove.patch new file mode 100644 index 0000000..5608f04 --- /dev/null +++ b/ctags-5.8-memmove.patch @@ -0,0 +1,19 @@ +diff -r -u ctags-5.8.orig/routines.c ctags-5.8/routines.c +--- ctags-5.8.orig/routines.c 2013-06-13 10:42:08.048576327 -0400 ++++ ctags-5.8/routines.c 2013-06-13 10:48:25.150366836 -0400 +@@ -757,13 +757,13 @@ + else if (cp [0] != PATH_SEPARATOR) + cp = slashp; + #endif +- strcpy (cp, slashp + 3); ++ memmove (cp, slashp + 3, strlen(slashp + 3) + 1); + slashp = cp; + continue; + } + else if (slashp [2] == PATH_SEPARATOR || slashp [2] == '\0') + { +- strcpy (slashp, slashp + 2); ++ memmove (slashp, slashp + 2, strlen(slashp + 2) + 1); + continue; + } + } diff --git a/ctags-5.8-ocaml-crash.patch b/ctags-5.8-ocaml-crash.patch new file mode 100644 index 0000000..8263cca --- /dev/null +++ b/ctags-5.8-ocaml-crash.patch @@ -0,0 +1,251 @@ +diff -up ctags-5.8/ocaml.c.me ctags-5.8/ocaml.c +--- ctags-5.8/ocaml.c.me 2012-08-02 12:42:21.652211192 +0200 ++++ ctags-5.8/ocaml.c 2012-08-02 13:06:59.751283639 +0200 +@@ -72,6 +72,7 @@ typedef enum { + OcaKEYWORD_if, + OcaKEYWORD_in, + OcaKEYWORD_let, ++ OcaKEYWORD_value, + OcaKEYWORD_match, + OcaKEYWORD_method, + OcaKEYWORD_module, +@@ -145,7 +146,7 @@ static const ocaKeywordDesc OcamlKeyword + { "try" , OcaKEYWORD_try }, + { "type" , OcaKEYWORD_type }, + { "val" , OcaKEYWORD_val }, +- { "value" , OcaKEYWORD_let }, /* just to handle revised syntax */ ++ { "value" , OcaKEYWORD_value }, /* just to handle revised syntax */ + { "virtual" , OcaKEYWORD_virtual }, + { "while" , OcaKEYWORD_while }, + { "with" , OcaKEYWORD_with }, +@@ -297,7 +298,6 @@ static void eatComment (lexingState * st + if (st->cp == NULL) + return; + c = st->cp; +- continue; + } + /* we've reached the end of the comment */ + else if (*c == ')' && lastIsStar) +@@ -308,13 +308,33 @@ static void eatComment (lexingState * st + { + st->cp = c; + eatComment (st); ++ + c = st->cp; ++ if (c == NULL) ++ return; ++ + lastIsStar = FALSE; ++ c++; + } ++ /* OCaml has a rule which says : ++ * ++ * "Comments do not occur inside string or character literals. ++ * Nested comments are handled correctly." ++ * ++ * So if we encounter a string beginning, we must parse it to ++ * get a good comment nesting (bug ID: 3117537) ++ */ ++ else if (*c == '"') ++ { ++ st->cp = c; ++ eatString (st); ++ c = st->cp; ++ } + else ++ { + lastIsStar = '*' == *c; +- +- c++; ++ c++; ++ } + } + + st->cp = c; +@@ -554,8 +574,7 @@ static int getLastNamedIndex ( void ) + + for (i = stackIndex - 1; i >= 0; --i) + { +- if (stack[i].contextName->buffer && +- strlen (stack[i].contextName->buffer) > 0) ++ if (vStringLength (stack[i].contextName) > 0) + { + return i; + } +@@ -866,6 +885,11 @@ static void prepareTag (tagEntryInfo * t + tag->kindName = OcamlKinds[kind].name; + tag->kind = OcamlKinds[kind].letter; + ++ if (kind == K_MODULE) ++ { ++ tag->lineNumberEntry = TRUE; ++ tag->lineNumber = 1; ++ } + parentIndex = getLastNamedIndex (); + if (parentIndex >= 0) + { +@@ -880,9 +904,12 @@ static void prepareTag (tagEntryInfo * t + * more information to it in the future */ + static void addTag (vString * const ident, int kind) + { +- tagEntryInfo toCreate; +- prepareTag (&toCreate, ident, kind); +- makeTagEntry (&toCreate); ++ if (OcamlKinds [kind].enabled && ident != NULL && vStringLength (ident) > 0) ++ { ++ tagEntryInfo toCreate; ++ prepareTag (&toCreate, ident, kind); ++ makeTagEntry (&toCreate); ++ } + } + + boolean needStrongPoping = FALSE; +@@ -942,15 +969,17 @@ static void typeRecord (vString * const + } + + /* handle : +- * exception ExceptionName ... */ ++ * exception ExceptionName of ... */ + static void exceptionDecl (vString * const ident, ocaToken what) + { + if (what == OcaIDENTIFIER) + { + addTag (ident, K_EXCEPTION); + } +- /* don't know what to do on else... */ +- ++ else /* probably ill-formed, give back to global scope */ ++ { ++ globalScope (ident, what); ++ } + toDoNext = &globalScope; + } + +@@ -1006,7 +1035,6 @@ static void constructorValidation (vStri + */ + static void typeDecl (vString * const ident, ocaToken what) + { +- + switch (what) + { + /* parameterized */ +@@ -1046,7 +1074,6 @@ static void typeDecl (vString * const id + * let typeRecord handle it. */ + static void typeSpecification (vString * const ident, ocaToken what) + { +- + switch (what) + { + case OcaIDENTIFIER: +@@ -1243,8 +1270,14 @@ static void localLet (vString * const id + * than the let definitions. + * Used after a match ... with, or a function ... or fun ... + * because their syntax is similar. */ +-static void matchPattern (vString * const UNUSED (ident), ocaToken what) ++static void matchPattern (vString * const ident, ocaToken what) + { ++ /* keep track of [], as it ++ * can be used in patterns and can ++ * mean the end of match expression in ++ * revised syntax */ ++ static int braceCount = 0; ++ + switch (what) + { + case Tok_To: +@@ -1252,6 +1285,14 @@ static void matchPattern (vString * cons + toDoNext = &mayRedeclare; + break; + ++ case Tok_BRL: ++ braceCount++; ++ break; ++ ++ case OcaKEYWORD_value: ++ popLastNamed (); ++ globalScope (ident, what); ++ break; + + case OcaKEYWORD_in: + popLastNamed (); +@@ -1269,6 +1310,11 @@ static void mayRedeclare (vString * cons + { + switch (what) + { ++ case OcaKEYWORD_value: ++ /* let globalScope handle it */ ++ globalScope (ident, what); ++ break; ++ + case OcaKEYWORD_let: + case OcaKEYWORD_val: + toDoNext = localLet; +@@ -1388,6 +1434,7 @@ static void classSpecif (vString * const + * nearly a copy/paste of globalLet. */ + static void methodDecl (vString * const ident, ocaToken what) + { ++ + switch (what) + { + case Tok_PARL: +@@ -1435,6 +1482,7 @@ vString *lastModule; + */ + static void moduleSpecif (vString * const ident, ocaToken what) + { ++ + switch (what) + { + case OcaKEYWORD_functor: +@@ -1566,7 +1614,7 @@ static void globalScope (vString * const + { + /* Do not touch, this is used only by the global scope + * to handle an 'and' */ +- static parseNext previousParser = NULL; ++ static parseNext previousParser = &globalScope; + + switch (what) + { +@@ -1608,6 +1656,7 @@ static void globalScope (vString * const + /* val is mixed with let as global + * to be able to handle mli & new syntax */ + case OcaKEYWORD_val: ++ case OcaKEYWORD_value: + case OcaKEYWORD_let: + cleanupPreviousParser (); + toDoNext = &globalLet; +@@ -1617,7 +1666,7 @@ static void globalScope (vString * const + case OcaKEYWORD_exception: + cleanupPreviousParser (); + toDoNext = &exceptionDecl; +- previousParser = NULL; ++ previousParser = &globalScope; + break; + + /* must be a #line directive, discard the +@@ -1769,7 +1818,7 @@ static void computeModuleName ( void ) + if (isLowerAlpha (moduleName->buffer[0])) + moduleName->buffer[0] += ('A' - 'a'); + +- makeSimpleTag (moduleName, OcamlKinds, K_MODULE); ++ addTag (moduleName, K_MODULE); + vStringDelete (moduleName); + } + +@@ -1779,6 +1828,7 @@ static void initStack ( void ) + int i; + for (i = 0; i < OCAML_MAX_STACK_SIZE; ++i) + stack[i].contextName = vStringNew (); ++ stackIndex = 0; + } + + static void clearStack ( void ) +@@ -1794,8 +1844,8 @@ static void findOcamlTags (void) + lexingState st; + ocaToken tok; + +- computeModuleName (); + initStack (); ++ computeModuleName (); + tempIdent = vStringNew (); + lastModule = vStringNew (); + lastClass = vStringNew (); diff --git a/ctags-CVE-2014-7204.patch b/ctags-CVE-2014-7204.patch new file mode 100644 index 0000000..81c5e6e --- /dev/null +++ b/ctags-CVE-2014-7204.patch @@ -0,0 +1,89 @@ +--- ctags/jscript.c.orig 2008-10-13 00:27:38.000000000 +0200 ++++ ctags/jscript.c 2014-09-30 13:49:34.837349283 +0200 +@@ -1,5 +1,5 @@ + /* +- * $Id: jscript.c 666 2008-05-15 17:47:31Z dfishburn $ ++ * $Id: jscript.c 791 2012-10-24 01:13:13Z dfishburn $ + * + * Copyright (c) 2003, Darren Hiebert + * +@@ -215,6 +215,7 @@ + * Tag generation functions + */ + ++/* + static void makeConstTag (tokenInfo *const token, const jsKind kind) + { + if (JsKinds [kind].enabled && ! token->ignoreTag ) +@@ -238,12 +239,13 @@ + + if (JsKinds [kind].enabled && ! token->ignoreTag ) + { +- /* ++ * + * If a scope has been added to the token, change the token + * string to include the scope when making the tag. +- */ ++ * + if ( vStringLength(token->scope) > 0 ) + { ++ * + fulltag = vStringNew (); + vStringCopy(fulltag, token->scope); + vStringCatS (fulltag, "."); +@@ -251,8 +253,54 @@ + vStringTerminate(fulltag); + vStringCopy(token->string, fulltag); + vStringDelete (fulltag); ++ * ++ jsKind parent_kind = JSTAG_CLASS; ++ ++ * ++ * if we're creating a function (and not a method), ++ * guess we're inside another function ++ * ++ if (kind == JSTAG_FUNCTION) ++ parent_kind = JSTAG_FUNCTION; ++ ++ e.extensionFields.scope[0] = JsKinds [parent_kind].name; ++ e.extensionFields.scope[1] = vStringValue (token->scope); + } +- makeConstTag (token, kind); ++ * makeConstTag (token, kind); * ++ makeTagEntry (&e); ++ } ++} ++*/ ++ ++static void makeJsTag (tokenInfo *const token, const jsKind kind) ++{ ++ if (JsKinds [kind].enabled && ! token->ignoreTag ) ++ { ++ const char *const name = vStringValue (token->string); ++ tagEntryInfo e; ++ initTagEntry (&e, name); ++ ++ e.lineNumber = token->lineNumber; ++ e.filePosition = token->filePosition; ++ e.kindName = JsKinds [kind].name; ++ e.kind = JsKinds [kind].letter; ++ ++ if ( vStringLength(token->scope) > 0 ) ++ { ++ jsKind parent_kind = JSTAG_CLASS; ++ ++ /* ++ * If we're creating a function (and not a method), ++ * guess we're inside another function ++ */ ++ if (kind == JSTAG_FUNCTION) ++ parent_kind = JSTAG_FUNCTION; ++ ++ e.extensionFields.scope[0] = JsKinds [parent_kind].name; ++ e.extensionFields.scope[1] = vStringValue (token->scope); ++ } ++ ++ makeTagEntry (&e); + } + } + diff --git a/ctags-CVE-2022-4515.patch b/ctags-CVE-2022-4515.patch new file mode 100644 index 0000000..eb916dd --- /dev/null +++ b/ctags-CVE-2022-4515.patch @@ -0,0 +1,152 @@ +commit 2b7cd725d0612f13eb5a461778ca525cd489119b +Author: Masatake YAMATO +Date: Tue Dec 13 05:16:00 2022 +0900 + + main: quote output file name before passing it to system(3) function + + Following command line doesn't work: + + $ ctags -o 'a b' ... + + because a shell lauched from system(3) deals a whitespace between 'a' + and 'b' as a separator. The output file name is passed to system(3) + to run external sort command. + + This commit adds code to put double and single quoets around the output + file name before passing it to system(3). + + The issue is reported by Lorenz Hipp in a private mail. + + This commit is based on e00c55d7a0204dc1d0ae316141323959e1e16162 of + Universal Ctags . + + An example session of RHEL8: + + [yamato@control]/tmp/ctags-5.8% git clone ssh://git@gitlab.consulting.redhat.com:2222/yamato/temp-test.git + Cloning into 'temp-test'... + Enter passphrase for key '/home/yamato/.ssh/id_rsa': + remote: Enumerating objects: 4, done. + remote: Counting objects: 100% (4/4), done. + remote: Compressing objects: 100% (4/4), done. + remote: Total 4 (delta 0), reused 0 (delta 0), pack-reused 0 + Receiving objects: 100% (4/4), done. + [yamato@control]/tmp/ctags-5.8% cd temp-test + [yamato@control]/tmp/ctags-5.8/temp-test% ls -l ~/.ctags + ls: cannot access '/home/yamato/.ctags': No such file or directory + [yamato@control]/tmp/ctags-5.8/temp-test% ../ctags hello.c + [yamato@control]/tmp/ctags-5.8/temp-test% ls + hello.c 'tags tags; echo Hi $(id -un), your systems is cracked!' + [yamato@control]/tmp/ctags-5.8/temp-test% valgrind ../ctags hello.c + ==2076943== Memcheck, a memory error detector + ==2076943== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. + ==2076943== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info + ==2076943== Command: ../ctags hello.c + ==2076943== + ==2076943== + ==2076943== HEAP SUMMARY: + ==2076943== in use at exit: 0 bytes in 0 blocks + ==2076943== total heap usage: 5,048 allocs, 5,048 frees, 365,311 bytes allocated + ==2076943== + ==2076943== All heap blocks were freed -- no leaks are possible + ==2076943== + ==2076943== For lists of detected and suppressed errors, rerun with: -s + ==2076943== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) + + Signed-off-by: Masatake YAMATO + +diff --git a/sort.c b/sort.c +index 09ba87a..fd60a94 100644 +--- a/sort.c ++++ b/sort.c +@@ -53,17 +53,44 @@ extern void catFile (const char *const name) + # define PE_CONST const + #endif + ++/* ++ Output file name should not be evaluated in system(3) function. ++ The name must be used as is. Quotations are required to block the ++ evaluation. ++ ++ Normal single-quotes are used to quote a cstring: ++ a => 'a' ++ " => '"' ++ ++ If a single-quote is included in the cstring, use double quotes for quoting it. ++ ' => ''"'"'' ++*/ ++static void appendCstringWithQuotes (vString *dest, const char* cstr) ++{ ++ const char* o; ++ ++ vStringPut (dest, '\''); ++ for (o = cstr; *o; o++) ++ { ++ if (*o == '\'') ++ vStringCatS (dest, "'\"'\"'"); ++ else ++ vStringPut (dest, *o); ++ } ++ vStringPut (dest, '\''); ++} ++ + extern void externalSortTags (const boolean toStdout) + { + const char *const sortNormalCommand = "sort -u -o"; + const char *const sortFoldedCommand = "sort -u -f -o"; + const char *sortCommand = + Option.sorted == SO_FOLDSORTED ? sortFoldedCommand : sortNormalCommand; ++# ifndef HAVE_SETENV + PE_CONST char *const sortOrder1 = "LC_COLLATE=C"; + PE_CONST char *const sortOrder2 = "LC_ALL=C"; +- const size_t length = 4 + strlen (sortOrder1) + strlen (sortOrder2) + +- strlen (sortCommand) + (2 * strlen (tagFileName ())); +- char *const cmd = (char *) malloc (length + 1); ++# endif ++ vString *cmd = vStringNew (); + int ret = -1; + + if (cmd != NULL) +@@ -73,20 +100,35 @@ extern void externalSortTags (const boolean toStdout) + #ifdef HAVE_SETENV + setenv ("LC_COLLATE", "C", 1); + setenv ("LC_ALL", "C", 1); +- sprintf (cmd, "%s %s %s", sortCommand, tagFileName (), tagFileName ()); ++ vStringCatS (cmd, sortCommand); ++ vStringPut (cmd, ' '); ++ appendCstringWithQuotes (cmd, tagFileName ()); ++ vStringPut (cmd, ' '); ++ appendCstringWithQuotes (cmd, tagFileName ()); + #else + # ifdef HAVE_PUTENV + putenv (sortOrder1); + putenv (sortOrder2); +- sprintf (cmd, "%s %s %s", sortCommand, tagFileName (), tagFileName ()); ++ vStringCatS (cmd, sortCommand); ++ vStringPut (cmd, ' '); ++ appendCstringWithQuotes (cmd, tagFileName ()); ++ vStringPut (cmd, ' '); ++ appendCstringWithQuotes (cmd, tagFileName ()); + # else +- sprintf (cmd, "%s %s %s %s %s", sortOrder1, sortOrder2, sortCommand, +- tagFileName (), tagFileName ()); ++ vStringCatS (cmd, sortOrder1); ++ vStringPut (cmd, ' '); ++ vStringCatS (cmd, sortOrder2); ++ vStringPut (cmd, ' '); ++ vStringCatS (cmd, sortCommand); ++ vStringPut (cmd, ' '); ++ appendCstringWithQuotes (cmd, tagFileName ()); ++ vStringPut (cmd, ' '); ++ appendCstringWithQuotes (cmd, tagFileName ()); + # endif + #endif +- verbose ("system (\"%s\")\n", cmd); +- ret = system (cmd); +- free (cmd); ++ verbose ("system (\"%s\")\n", vStringValue (cmd)); ++ ret = system (vStringValue (cmd)); ++ vStringDelete (cmd); + + } + if (ret != 0) + diff --git a/ctags.spec b/ctags.spec new file mode 100644 index 0000000..a68dfd7 --- /dev/null +++ b/ctags.spec @@ -0,0 +1,317 @@ +Summary: A C programming language indexing and/or cross-reference tool +Name: ctags +Version: 5.8 +Release: 23%{?dist} +License: GPLv2+ and LGPLv2+ and Public Domain +Group: Development/Tools +URL: http://ctags.sourceforge.net/ +Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz +Patch0: ctags-5.7-destdir.patch +Patch1: ctags-5.7-segment-fault.patch +Patch2: ctags-5.8-css.patch +Patch3: ctags-5.8-ocaml-crash.patch +Patch4: ctags-5.8-cssparse.patch +Patch5: ctags-5.8-memmove.patch +Patch6: ctags-5.8-format-security.patch +Patch7: ctags-CVE-2014-7204.patch +Patch8: ctags-CVE-2022-4515.patch +Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +%description +Ctags generates an index (or tag) file of C language objects found in +C source and header files. The index makes it easy for text editors or +other utilities to locate the indexed items. Ctags can also generate a +cross reference file which lists information about the various objects +found in a set of C language files in human readable form. Exuberant +Ctags improves on ctags because it can find all types of C language tags, +including macro definitions, enumerated values (values inside enum{...}), +function and method definitions, enum/struct/union tags, external +function prototypes, typedef names and variable declarations. Exuberant +Ctags is far less likely to be fooled by code containing #if preprocessor +conditional constructs than ctags. Exuberant ctags supports output of +Emacs style TAGS files and can be used to print out a list of selected +objects found in source files. + +Install ctags if you are going to use your system for C programming. + +%package etags +Summary: Exuberant Ctags for emacs tag format +Group: Development/Tools +Requires: ctags = %{version}-%{release} +Requires: /usr/sbin/alternatives + +%description etags +This package will generate tags in a format which GNU Emacs understand, +it's a alternativ implementation of the GNU etags program. +Note: some command line options is not compatible with GNU etags. + + +%prep +%setup -q +%patch0 -p1 -b .destdir +%patch1 -p1 -b .crash +%patch2 -p1 -b .css-support +%patch3 -p1 -b .ocaml-crash +%patch4 -p1 -b .cssparse-crash +%patch5 -p1 -b .memmove +%patch6 -p1 -b .fmt-sec +%patch7 -p1 -b .CVE-2014-7204 +%patch8 -p1 -b .CVE-2022-4515 + +%build +%configure + +make %{?_smp_mflags} + +%install +rm -rf %{buildroot} + +make DESTDIR=%{buildroot} install + +pushd %{buildroot}%{_bindir} +ln -s ctags etags.ctags +popd + +pushd %{buildroot}%{_mandir}/man1 +ln -s ctags.1.gz etags.ctags.1.gz +popd + +%posttrans etags +/usr/sbin/alternatives --install /usr/bin/etags emacs.etags /usr/bin/etags.ctags 20 \ + --slave /usr/share/man/man1/etags.1.gz emacs.etags.man /usr/share/man/man1/ctags.1.gz + +%postun etags +/usr/sbin/alternatives --remove etags /usr/bin/etags.ctags || : + +%clean +rm -rf %{buildroot} + +%files +%defattr(-, root, root, -) +%license COPYING +%doc EXTENDING.html FAQ NEWS README +%{_bindir}/%{name} +%{_mandir}/man1/%{name}.1* + +%files etags +%defattr(-, root, root, -) +%license COPYING +%{_bindir}/etags.%{name} +%{_mandir}/man1/etags.%{name}.1* + +%changelog +* Thu Dec 15 2022 Felipe Borges - 5.8-23 +- CVE-2022-4515, arbitrary code execution issue + Resolves: rhbz#2153787 + +* Wed Feb 07 2018 Fedora Release Engineering - 5.8-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 5.8-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 5.8-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sun Feb 05 2017 Than Ngo - - 5.8-19 +- fixed bz#1418434, added missing %%license + +* Wed Feb 03 2016 Fedora Release Engineering - 5.8-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 5.8-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Sep 30 2014 Than Ngo - 5.8-16 +- CVE-2014-7204, denial of service issue + +* Sat Aug 16 2014 Fedora Release Engineering - 5.8-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 5.8-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Apr 14 2014 Jaromir Capik - 5.8-13 +- Fixing format-security flaws (#1037028) + +* Sat Aug 03 2013 Fedora Release Engineering - 5.8-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Jun 13 2013 John Dennis - 5.8-11 +- add ctags-5.8-memmove.patch + bug #284 absoluteFilename uses strcpy on overlapping strings + http://sourceforge.net/p/ctags/bugs/284/ + The bug was fixed upstream on 2012-03-26 in the following commit + http://sourceforge.net/p/ctags/code/782/ + ctags-5.8-memmove.patch simply adds the same patch as the above commit. + +* Wed Feb 13 2013 Fedora Release Engineering - 5.8-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Nov 5 2012 Marcela Mašláňová - 5.8-9 +- fix license field again + +* Thu Oct 18 2012 Than Ngo - 5.8-8 +- fix the crash in cssparse + +* Thu Aug 02 2012 Than Ngo - 5.8-7 +- backport from upstream to fix several crashes in ocaml + +* Wed Jul 18 2012 Fedora Release Engineering - 5.8-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Feb 08 2012 Than Ngo - 5.8-5 +- bz#786451, add css support + +* Fri Jan 13 2012 Fedora Release Engineering - 5.8-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Feb 08 2011 Fedora Release Engineering - 5.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 4 2010 Marcela Mašláňová - 5.8-2 +- fix license tag + +* Tue Sep 01 2009 Than Ngo - 5.8-1 +- 5.8 +- apply patch to fix segment fault, thanks to Masatake YAMATO + +* Fri Jul 24 2009 Fedora Release Engineering - 5.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Feb 24 2009 Fedora Release Engineering - 5.7-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Jul 29 2008 Than Ngo 5.7-3 +- add subpackage ctags-etags + +* Tue Jul 15 2008 Tom "spot" Callaway 5.7-2 +- fix license tag + +* Fri Feb 15 2008 Than Ngo 5.7-1 +- 5.7 +- merge review: ctags + +* Mon Jul 17 2006 Nalin Dahyabhai 5.6-1.1 +- rebuild + +* Tue Jun 06 2006 Than Ngo 5.6-1 +- update to 5.6 + +* Fri Feb 10 2006 Jesse Keating - 5.5.4-4.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 5.5.4-4.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Sun Jul 31 2005 Florian La Roche +- remove etags + +* Thu Mar 03 2005 Than Ngo 5.5.4-3 +- rebuilt + +* Wed Feb 09 2005 Than Ngo 5.5.4-2 +- rebuilt + +* Thu Jun 17 2004 Florian La Roche +- 5.5.4 + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Sat Sep 27 2003 Florian La Roche +- 5.5.2, no patch needed anymore + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Tue May 6 2003 Than Ngo 5.5-1 +- 5.5 + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Wed Nov 13 2002 Karsten Hopp +- update to 5.4 + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Tue Jun 18 2002 Than Ngo 5.2.3-3 +- don't forcibly strip binaries + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Wed May 22 2002 Harald Hoyer +- 5.2.3 + +* Tue Feb 26 2002 Than Ngo 5.2.2-2 +- rebuild in new enviroment + +* Tue Feb 19 2002 Bernhard Rosenkraenzer 5.2.2-1 +- 5.2.2 + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Wed Jul 11 2001 Jakub Jelinek +- rebuilt against binutils-2.11.90.0.8-3 to reserve .dynamic space + +* Mon Jun 11 2001 Preston Brown +- 5.0.1 + +* Thu Jan 04 2001 Preston Brown +- 4.0.3 +- remove etags, it is not fully compatible with cmd line of GNU etags. + +* Sun Jul 16 2000 Florian La Roche +- update to 4.0.2 from sourceforge + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Sat Jun 17 2000 Matt Wilson +- added defattr + +* Mon Jun 12 2000 Preston Brown +- FHS paths + +* Mon May 8 2000 Bernhard Rosenkränzer +- Update to 3.5.2 +- minor cleanups to spec file + +* Tue Feb 16 2000 Bernhard Rosenkränzer +- Update to 3.4 to fix bug #9446 + +* Thu Feb 03 2000 Preston Brown +- compress man page. + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 4) +- version 3.2 + +* Wed Feb 24 1999 Preston Brown +- Injected new description and group. + +* Fri Apr 24 1998 Prospector System +- translations modified for de, fr, tr + +* Thu Apr 09 1998 Cristian Gafton +- upgraded to 2.0.3 + +* Mon Nov 03 1997 Michael K. Johnson +- removed etags. Emacs provides its own; and needs to support + more than just C. + +* Thu Oct 23 1997 Donnie Barnes +- updated from 1.5 to 1.6 + +* Thu Jul 10 1997 Erik Troan +- built against glibc diff --git a/sources b/sources new file mode 100644 index 0000000..4c98373 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (ctags-5.8.tar.gz) = 981912cd335978cde22864e977947fc75326572fb29518e559cc4a8ac1edc84b3604165218a666e36353f17da4f89f8e967acdb88696f816748eb946d79eaa15