summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--user/raptor2/APKBUILD13
-rw-r--r--user/raptor2/CVE-2017-18926.patch40
-rw-r--r--user/raptor2/CVE-2020-25713.patch29
3 files changed, 78 insertions, 4 deletions
diff --git a/user/raptor2/APKBUILD b/user/raptor2/APKBUILD
index da5f62e88..d7e21b4f3 100644
--- a/user/raptor2/APKBUILD
+++ b/user/raptor2/APKBUILD
@@ -3,16 +3,19 @@
# Maintainer: Max Rees <maxcrees@me.com>
pkgname=raptor2
pkgver=2.0.15
-pkgrel=1
+pkgrel=2
pkgdesc="RDF parser/serializer toolkit for Redland"
-url="http://www.librdf.org/raptor"
+url="https://www.librdf.org/raptor"
arch="all"
license="Public-Domain AND (LGPL-2.1+ OR GPL-2.0+ OR Apache-2.0+)"
depends=""
depends_dev="curl-dev libxml2-dev libxslt-dev yajl-dev"
makedepends="$depends_dev autoconf automake libtool gtk-doc"
subpackages="$pkgname-dev $pkgname-doc"
-source="http://download.librdf.org/source/$pkgname-$pkgver.tar.gz"
+source="https://download.librdf.org/source/$pkgname-$pkgver.tar.gz
+ CVE-2017-18926.patch
+ CVE-2020-25713.patch
+ "
prepare() {
default_prepare
@@ -43,4 +46,6 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="563dd01869eb4df8524ec12e2c0a541653874dcd834bd1eb265bc2943bb616968f624121d4688579cdce11b4f00a8ab53b7099f1a0850e256bb0a2c16ba048ee raptor2-2.0.15.tar.gz"
+sha512sums="563dd01869eb4df8524ec12e2c0a541653874dcd834bd1eb265bc2943bb616968f624121d4688579cdce11b4f00a8ab53b7099f1a0850e256bb0a2c16ba048ee raptor2-2.0.15.tar.gz
+82f2f7ea4b72aa2bf444013a81db3cb17fcce2ae650bdb22eaab00d6d5cf7f950f7a550ffff49348db878f90f2753b407e6026d08d543cd0757c1687c6dad159 CVE-2017-18926.patch
+6e7297bb786dd490202f9790e148b298380c1e47faa4970cb7efcd85fcea99eaa5f53e1c66627be9f7f42f6f27a3b1df94357c9db51abf8ed14727343d584f08 CVE-2020-25713.patch"
diff --git a/user/raptor2/CVE-2017-18926.patch b/user/raptor2/CVE-2017-18926.patch
new file mode 100644
index 000000000..be61b0d65
--- /dev/null
+++ b/user/raptor2/CVE-2017-18926.patch
@@ -0,0 +1,40 @@
+From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Sun, 16 Apr 2017 23:15:12 +0100
+Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
+
+(raptor_xml_writer_start_element_common): Calculate max including for
+each attribute a potential name and value.
+
+Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
+and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
+---
+ src/raptor_xml_writer.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 693b94686..0d3a36a5a 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+ size_t nspace_declarations_count = 0;
+ unsigned int i;
+
+- /* max is 1 per element and 1 for each attribute + size of declared */
+ if(nstack) {
+- int nspace_max_count = element->attribute_count+1;
++ int nspace_max_count = element->attribute_count * 2; /* attr and value */
++ if(element->name->nspace)
++ nspace_max_count++;
+ if(element->declared_nspaces)
+ nspace_max_count += raptor_sequence_size(element->declared_nspaces);
+ if(element->xml_language)
+@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+ }
+ }
+
+- /* Add the attribute + value */
++ /* Add the attribute's value */
+ nspace_declarations[nspace_declarations_count].declaration=
+ raptor_qname_format_as_xml(element->attributes[i],
+ &nspace_declarations[nspace_declarations_count].length);
diff --git a/user/raptor2/CVE-2020-25713.patch b/user/raptor2/CVE-2020-25713.patch
new file mode 100644
index 000000000..6eb8251bb
--- /dev/null
+++ b/user/raptor2/CVE-2020-25713.patch
@@ -0,0 +1,29 @@
+From 4f5dbbffcc1c6cf0398bd03450453289a0979dea Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Sat, 18 Sep 2021 17:40:00 -0700
+Subject: [PATCH] XML Writer : compare namespace declarations correctly
+
+Apply patch from
+0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
+that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650
+which overwrote heap during XML writing in parse type literal
+content. This was detected with clang asan.
+
+Thanks to Michael Stahl / mst2 for the fix.
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc38..4426d38cf 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+
+ /* check it wasn't an earlier declaration too */
+ for(j = 0; j < nspace_declarations_count; j++)
+- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
+ declare_me = 0;
+ break;
+ }