diff options
-rw-r--r-- | user/raptor2/APKBUILD | 13 | ||||
-rw-r--r-- | user/raptor2/CVE-2017-18926.patch | 40 | ||||
-rw-r--r-- | user/raptor2/CVE-2020-25713.patch | 29 |
3 files changed, 78 insertions, 4 deletions
diff --git a/user/raptor2/APKBUILD b/user/raptor2/APKBUILD index da5f62e88..d7e21b4f3 100644 --- a/user/raptor2/APKBUILD +++ b/user/raptor2/APKBUILD @@ -3,16 +3,19 @@ # Maintainer: Max Rees <maxcrees@me.com> pkgname=raptor2 pkgver=2.0.15 -pkgrel=1 +pkgrel=2 pkgdesc="RDF parser/serializer toolkit for Redland" -url="http://www.librdf.org/raptor" +url="https://www.librdf.org/raptor" arch="all" license="Public-Domain AND (LGPL-2.1+ OR GPL-2.0+ OR Apache-2.0+)" depends="" depends_dev="curl-dev libxml2-dev libxslt-dev yajl-dev" makedepends="$depends_dev autoconf automake libtool gtk-doc" subpackages="$pkgname-dev $pkgname-doc" -source="http://download.librdf.org/source/$pkgname-$pkgver.tar.gz" +source="https://download.librdf.org/source/$pkgname-$pkgver.tar.gz + CVE-2017-18926.patch + CVE-2020-25713.patch + " prepare() { default_prepare @@ -43,4 +46,6 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="563dd01869eb4df8524ec12e2c0a541653874dcd834bd1eb265bc2943bb616968f624121d4688579cdce11b4f00a8ab53b7099f1a0850e256bb0a2c16ba048ee raptor2-2.0.15.tar.gz" +sha512sums="563dd01869eb4df8524ec12e2c0a541653874dcd834bd1eb265bc2943bb616968f624121d4688579cdce11b4f00a8ab53b7099f1a0850e256bb0a2c16ba048ee raptor2-2.0.15.tar.gz +82f2f7ea4b72aa2bf444013a81db3cb17fcce2ae650bdb22eaab00d6d5cf7f950f7a550ffff49348db878f90f2753b407e6026d08d543cd0757c1687c6dad159 CVE-2017-18926.patch +6e7297bb786dd490202f9790e148b298380c1e47faa4970cb7efcd85fcea99eaa5f53e1c66627be9f7f42f6f27a3b1df94357c9db51abf8ed14727343d584f08 CVE-2020-25713.patch" diff --git a/user/raptor2/CVE-2017-18926.patch b/user/raptor2/CVE-2017-18926.patch new file mode 100644 index 000000000..be61b0d65 --- /dev/null +++ b/user/raptor2/CVE-2017-18926.patch @@ -0,0 +1,40 @@ +From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001 +From: Dave Beckett <dave@dajobe.org> +Date: Sun, 16 Apr 2017 23:15:12 +0100 +Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer + +(raptor_xml_writer_start_element_common): Calculate max including for +each attribute a potential name and value. + +Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617 +and #0000618 http://bugs.librdf.org/mantis/view.php?id=618 +--- + src/raptor_xml_writer.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 693b94686..0d3a36a5a 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + size_t nspace_declarations_count = 0; + unsigned int i; + +- /* max is 1 per element and 1 for each attribute + size of declared */ + if(nstack) { +- int nspace_max_count = element->attribute_count+1; ++ int nspace_max_count = element->attribute_count * 2; /* attr and value */ ++ if(element->name->nspace) ++ nspace_max_count++; + if(element->declared_nspaces) + nspace_max_count += raptor_sequence_size(element->declared_nspaces); + if(element->xml_language) +@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + } + } + +- /* Add the attribute + value */ ++ /* Add the attribute's value */ + nspace_declarations[nspace_declarations_count].declaration= + raptor_qname_format_as_xml(element->attributes[i], + &nspace_declarations[nspace_declarations_count].length); diff --git a/user/raptor2/CVE-2020-25713.patch b/user/raptor2/CVE-2020-25713.patch new file mode 100644 index 000000000..6eb8251bb --- /dev/null +++ b/user/raptor2/CVE-2020-25713.patch @@ -0,0 +1,29 @@ +From 4f5dbbffcc1c6cf0398bd03450453289a0979dea Mon Sep 17 00:00:00 2001 +From: Dave Beckett <dave@dajobe.org> +Date: Sat, 18 Sep 2021 17:40:00 -0700 +Subject: [PATCH] XML Writer : compare namespace declarations correctly + +Apply patch from +0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 +that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650 +which overwrote heap during XML writing in parse type literal +content. This was detected with clang asan. + +Thanks to Michael Stahl / mst2 for the fix. +--- + src/raptor_xml_writer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 56993dc38..4426d38cf 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + + /* check it wasn't an earlier declaration too */ + for(j = 0; j < nspace_declarations_count; j++) +- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { ++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { + declare_me = 0; + break; + } |