Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/raptor2.git#7854f39a86c4bf78f17a7df289d5d0ea3da75dac
This commit is contained in:
DistroBaker
parent
c7cc274df9
commit
01ee6f890f
@ -0,0 +1,33 @@
|
||||
From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
||||
Date: Tue, 24 Nov 2020 10:30:20 +0000
|
||||
Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
|
||||
segfault
|
||||
|
||||
due to an out of bounds array access in
|
||||
raptor_xml_writer_start_element_common
|
||||
|
||||
See:
|
||||
https://bugs.mageia.org/show_bug.cgi?id=27605
|
||||
https://www.openwall.com/lists/oss-security/2020/11/13/1
|
||||
https://gerrit.libreoffice.org/c/core/+/106249
|
||||
---
|
||||
src/raptor_xml_writer.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
|
||||
index 56993dc3..4426d38c 100644
|
||||
--- a/src/raptor_xml_writer.c
|
||||
+++ b/src/raptor_xml_writer.c
|
||||
@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
|
||||
|
||||
/* check it wasn't an earlier declaration too */
|
||||
for(j = 0; j < nspace_declarations_count; j++)
|
||||
- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
|
||||
+ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
|
||||
declare_me = 0;
|
||||
break;
|
||||
}
|
||||
--
|
||||
2.28.0
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
Summary: RDF Parser Toolkit for Redland
|
||||
Name: raptor2
|
||||
Version: 2.0.15
|
||||
Release: 26%{?dist}
|
||||
Release: 27%{?dist}
|
||||
|
||||
License: GPLv2+ or LGPLv2+ or ASL 2.0
|
||||
Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz
|
||||
@ -11,9 +11,12 @@ URL: http://librdf.org/raptor/
|
||||
## upstream patches
|
||||
# https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f
|
||||
Patch1: 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
|
||||
# https://bugs.librdf.org/mantis/view.php?id=650
|
||||
Patch2: 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
|
||||
|
||||
## upstreamable patches
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: curl-devel
|
||||
BuildRequires: gtk-doc
|
||||
@ -98,6 +101,9 @@ make check
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Jan 11 2021 Caolán McNamara <caolanm@redhat.com> - 2.0.15-27
|
||||
- Resolves: rhbz#1900686 CVE-2020-25713 malformed input file can lead to a segfault
|
||||
|
||||
* Mon Aug 10 2020 Caolán McNamara <caolanm@redhat.com> - 2.0.15-26
|
||||
- Resolves: rhbz#1560206 drop requirement on yajl
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user