From 72b7b4c4f09ad48ff822b5d2321062e388705667 Mon Sep 17 00:00:00 2001
From: Nathan Owens <ndowens04@gmail.com>
Date: Sat, 14 Dec 2019 10:27:11 -0600
Subject: [PATCH] samurai: patched for CVE-2019-19795

Signed-off-by: Nathan Owens <ndowens04@gmail.com>
---
 srcpkgs/samurai/patches/CVE-2019-19795.patch | 82 ++++++++++++++++++++
 srcpkgs/samurai/template                     |  2 +-
 2 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/samurai/patches/CVE-2019-19795.patch

diff --git a/srcpkgs/samurai/patches/CVE-2019-19795.patch b/srcpkgs/samurai/patches/CVE-2019-19795.patch
new file mode 100644
index 00000000000..36544e28a76
--- /dev/null
+++ b/srcpkgs/samurai/patches/CVE-2019-19795.patch
@@ -0,0 +1,82 @@
+From 309c9d26cb9f5d0e64ab7c7ea6f73a94af221dd3 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Fri, 13 Dec 2019 12:28:08 -0800
+Subject: [PATCH] canonpath: Fail on empty path
+
+Reported by Frederic Cambus in #29.
+---
+ util.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/util.c b/util.c
+index afa8507..141712b 100644
+--- util.c
++++ util.c
+@@ -161,6 +161,8 @@ canonpath(struct string *path)
+ 	int n;
+ 	char *s, *d, *end;
+ 
++	if (path->n == 0)
++		fatal("empty path");
+ 	s = d = path->s;
+ 	end = path->s + path->n;
+ 	n = 0;
+From 8b069471005e6c242795b68ad91c3b9000dad40e Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Fri, 13 Dec 2019 14:41:06 -0800
+Subject: [PATCH] Detect cycles in rule variables
+
+Reported by Frederic Cambus in #29.
+---
+ env.c  | 4 ++++
+ scan.c | 1 +
+ util.h | 2 ++
+ 3 files changed, 7 insertions(+)
+
+diff --git a/env.c b/env.c
+index 5916355..51cece8 100644
+--- env.c
++++ env.c
+@@ -204,6 +204,9 @@ edgevar(struct edge *e, char *var, bool escape)
+ 	str = treefind(e->rule->bindings, var);
+ 	if (!str)
+ 		return envvar(e->env->parent, var);
++	if (str->visited)
++		fatal("cycle in rule variable involving '%s'", var);
++	str->visited = true;
+ 	n = 0;
+ 	for (p = str->parts; p; p = p->next) {
+ 		if (p->var)
+@@ -211,6 +214,7 @@ edgevar(struct edge *e, char *var, bool escape)
+ 		if (p->str)
+ 			n += p->str->n;
+ 	}
++	str->visited = false;
+ 	return merge(str, n);
+ }
+ 
+diff --git a/scan.c b/scan.c
+index 4ba9e06..657ce96 100644
+--- scan.c
++++ scan.c
+@@ -297,6 +297,7 @@ scanstring(struct scanner *s, bool path)
+ 		return NULL;
+ 	str = xmalloc(sizeof(*str));
+ 	str->parts = parts;
++	str->visited = false;
+ 
+ 	return str;
+ }
+diff --git a/util.h b/util.h
+index b837f70..117dd31 100644
+--- util.h
++++ util.h
+@@ -14,6 +14,8 @@ struct evalstring {
+ 	/* used temporarily only in parse.c:parseedge to keep track of
+ 	 * input/output lists before we allocate the arrays. */
+ 	struct evalstring *next;
++	/* used to detect cycles when evaluating rule variables */
++	_Bool visited;
+ };
+ 
+ struct evalstringpart {
diff --git a/srcpkgs/samurai/template b/srcpkgs/samurai/template
index 792871dfbb7..fef74d32749 100644
--- a/srcpkgs/samurai/template
+++ b/srcpkgs/samurai/template
@@ -1,7 +1,7 @@
 # Template file for 'samurai'
 pkgname=samurai
 version=0.7
-revision=1
+revision=2
 build_style=gnu-makefile
 short_desc="Ninja-compatible build tool written in C"
 maintainer="Duncaen <duncaen@voidlinux.org>"