diff --git a/SOURCES/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch b/SOURCES/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch new file mode 100644 index 0000000..1fb279d --- /dev/null +++ b/SOURCES/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch @@ -0,0 +1,33 @@ +From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Tue, 24 Nov 2020 10:30:20 +0000 +Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a + segfault + +due to an out of bounds array access in +raptor_xml_writer_start_element_common + +See: +https://bugs.mageia.org/show_bug.cgi?id=27605 +https://www.openwall.com/lists/oss-security/2020/11/13/1 +https://gerrit.libreoffice.org/c/core/+/106249 +--- + src/raptor_xml_writer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 56993dc3..4426d38c 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + + /* check it wasn't an earlier declaration too */ + for(j = 0; j < nspace_declarations_count; j++) +- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { ++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { + declare_me = 0; + break; + } +-- +2.28.0 + diff --git a/SPECS/raptor2.spec b/SPECS/raptor2.spec index b0e8568..e0cbf0f 100644 --- a/SPECS/raptor2.spec +++ b/SPECS/raptor2.spec @@ -2,7 +2,7 @@ Summary: RDF Parser Toolkit for Redland Name: raptor2 Version: 2.0.15 -Release: 15%{?dist} +Release: 16%{?dist} License: GPLv2+ or LGPLv2+ or ASL 2.0 Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz @@ -11,6 +11,8 @@ URL: http://librdf.org/raptor/ ## upstream patches # https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f Patch1: 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch +# https://bugs.librdf.org/mantis/view.php?id=650 +Patch2: 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch BuildRequires: curl-devel %if ! 0%{?flatpak} @@ -96,6 +98,9 @@ rm -rf %{buildroot} %changelog +* Tue Nov 24 2020 Caolán McNamara - 2.0.15-16 +- Resolves: rhbz#1900904 CVE-2020-25713 raptor2: malformed input file can lead to a segfault + * Tue Nov 17 2020 Caolán McNamara - 2.0.15-15 - Resolves: rhbz#1896534 CVE-2017-18926 raptor: heap-based buffer overflow