Resolves: rhbz#1900686 CVE-2020-25713 malformed input file can lead to a segfault

2021-01-11 11:56:09 +00:00 · 2021-01-11 11:56:09 +00:00 · 7854f39a86
commit 7854f39a86
parent cec87375bb
2 changed files with 39 additions and 1 deletions
--- a/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
+++ b/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
@ -0,0 +1,33 @@
+From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 24 Nov 2020 10:30:20 +0000
+Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
+ segfault
+
+due to an out of bounds array access in
+raptor_xml_writer_start_element_common
+
+See:
+https://bugs.mageia.org/show_bug.cgi?id=27605
+https://www.openwall.com/lists/oss-security/2020/11/13/1
+https://gerrit.libreoffice.org/c/core/+/106249
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc3..4426d38c 100644
+--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+           
+           /* check it wasn't an earlier declaration too */
+           for(j = 0; j < nspace_declarations_count; j++)
+-            if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
+            if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
+               declare_me = 0;
+               break;
+             }
+-- 
+2.28.0
+
--- a/raptor2.spec
+++ b/raptor2.spec
@ -2,7 +2,7 @@
 Summary: RDF Parser Toolkit for Redland
 Name:    raptor2
 Version: 2.0.15
-Release: 26%{?dist}
+Release: 27%{?dist}

 License: GPLv2+ or LGPLv2+ or ASL 2.0
 Source:  http://download.librdf.org/source/raptor2-%{version}.tar.gz
@ -11,6 +11,8 @@ URL:     http://librdf.org/raptor/
 ## upstream patches
 # https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f
 Patch1: 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
+# https://bugs.librdf.org/mantis/view.php?id=650
+Patch2: 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch

 ## upstreamable patches

@ -99,6 +101,9 @@ make check


 %changelog
+* Mon Jan 11 2021 Caolán McNamara <caolanm@redhat.com> - 2.0.15-27
+- Resolves: rhbz#1900686 CVE-2020-25713 malformed input file can lead to a segfault
+
 * Mon Aug 10 2020 Caolán McNamara <caolanm@redhat.com> - 2.0.15-26
 - Resolves: rhbz#1560206 drop requirement on yajl