From 80f0c56a7ff5775f8d79e475b159f0a68930fcbb Mon Sep 17 00:00:00 2001
From: Zach van Rijn <me@zv.io>
Date: Sat, 12 Nov 2022 15:44:44 +0000
Subject: user/raptor2: apply upstream CVE patches. fixes #366.

---
 user/raptor2/APKBUILD             | 13 +++++++++----
 user/raptor2/CVE-2017-18926.patch | 40 +++++++++++++++++++++++++++++++++++++++
 user/raptor2/CVE-2020-25713.patch | 29 ++++++++++++++++++++++++++++
 3 files changed, 78 insertions(+), 4 deletions(-)
 create mode 100644 user/raptor2/CVE-2017-18926.patch
 create mode 100644 user/raptor2/CVE-2020-25713.patch

(limited to 'user/raptor2')

diff --git a/user/raptor2/APKBUILD b/user/raptor2/APKBUILD
index da5f62e88..d7e21b4f3 100644
--- a/user/raptor2/APKBUILD
+++ b/user/raptor2/APKBUILD
@@ -3,16 +3,19 @@
 # Maintainer: Max Rees <maxcrees@me.com>
 pkgname=raptor2
 pkgver=2.0.15
-pkgrel=1
+pkgrel=2
 pkgdesc="RDF parser/serializer toolkit for Redland"
-url="http://www.librdf.org/raptor"
+url="https://www.librdf.org/raptor"
 arch="all"
 license="Public-Domain AND (LGPL-2.1+ OR GPL-2.0+ OR Apache-2.0+)"
 depends=""
 depends_dev="curl-dev libxml2-dev libxslt-dev yajl-dev"
 makedepends="$depends_dev autoconf automake libtool gtk-doc"
 subpackages="$pkgname-dev $pkgname-doc"
-source="http://download.librdf.org/source/$pkgname-$pkgver.tar.gz"
+source="https://download.librdf.org/source/$pkgname-$pkgver.tar.gz
+	CVE-2017-18926.patch
+	CVE-2020-25713.patch
+	"
 
 prepare() {
 	default_prepare
@@ -43,4 +46,6 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="563dd01869eb4df8524ec12e2c0a541653874dcd834bd1eb265bc2943bb616968f624121d4688579cdce11b4f00a8ab53b7099f1a0850e256bb0a2c16ba048ee  raptor2-2.0.15.tar.gz"
+sha512sums="563dd01869eb4df8524ec12e2c0a541653874dcd834bd1eb265bc2943bb616968f624121d4688579cdce11b4f00a8ab53b7099f1a0850e256bb0a2c16ba048ee  raptor2-2.0.15.tar.gz
+82f2f7ea4b72aa2bf444013a81db3cb17fcce2ae650bdb22eaab00d6d5cf7f950f7a550ffff49348db878f90f2753b407e6026d08d543cd0757c1687c6dad159  CVE-2017-18926.patch
+6e7297bb786dd490202f9790e148b298380c1e47faa4970cb7efcd85fcea99eaa5f53e1c66627be9f7f42f6f27a3b1df94357c9db51abf8ed14727343d584f08  CVE-2020-25713.patch"
diff --git a/user/raptor2/CVE-2017-18926.patch b/user/raptor2/CVE-2017-18926.patch
new file mode 100644
index 000000000..be61b0d65
--- /dev/null
+++ b/user/raptor2/CVE-2017-18926.patch
@@ -0,0 +1,40 @@
+From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Sun, 16 Apr 2017 23:15:12 +0100
+Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
+
+(raptor_xml_writer_start_element_common): Calculate max including for
+each attribute a potential name and value.
+
+Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
+and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
+---
+ src/raptor_xml_writer.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 693b94686..0d3a36a5a 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+   size_t nspace_declarations_count = 0;  
+   unsigned int i;
+ 
+-  /* max is 1 per element and 1 for each attribute + size of declared */
+   if(nstack) {
+-    int nspace_max_count = element->attribute_count+1;
++    int nspace_max_count = element->attribute_count * 2; /* attr and value */
++    if(element->name->nspace)
++      nspace_max_count++;
+     if(element->declared_nspaces)
+       nspace_max_count += raptor_sequence_size(element->declared_nspaces);
+     if(element->xml_language)
+@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+         }
+       }
+ 
+-      /* Add the attribute + value */
++      /* Add the attribute's value */
+       nspace_declarations[nspace_declarations_count].declaration=
+         raptor_qname_format_as_xml(element->attributes[i],
+                                    &nspace_declarations[nspace_declarations_count].length);
diff --git a/user/raptor2/CVE-2020-25713.patch b/user/raptor2/CVE-2020-25713.patch
new file mode 100644
index 000000000..6eb8251bb
--- /dev/null
+++ b/user/raptor2/CVE-2020-25713.patch
@@ -0,0 +1,29 @@
+From 4f5dbbffcc1c6cf0398bd03450453289a0979dea Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Sat, 18 Sep 2021 17:40:00 -0700
+Subject: [PATCH] XML Writer : compare namespace declarations correctly
+
+Apply patch from
+0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
+that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650
+which overwrote heap during XML writing in parse type literal
+content.  This was detected with clang asan.
+
+Thanks to Michael Stahl / mst2 for the fix.
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc38..4426d38cf 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+           
+           /* check it wasn't an earlier declaration too */
+           for(j = 0; j < nspace_declarations_count; j++)
+-            if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
++            if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
+               declare_me = 0;
+               break;
+             }
-- 
cgit v1.2.3-60-g2f50