rpms/raptor2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import raptor2-2.0.15-16.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-11-25 06:10:32 +00:00 committed by Andrew Lukoshko
parent 079717836f
commit 8388eed6ec
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
SOURCES/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch Normal file
View File

@ -0,0 +1,33 @@
From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Tue, 24 Nov 2020 10:30:20 +0000
Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
segfault
due to an out of bounds array access in
raptor_xml_writer_start_element_common
See:
https://bugs.mageia.org/show_bug.cgi?id=27605
https://www.openwall.com/lists/oss-security/2020/11/13/1
https://gerrit.libreoffice.org/c/core/+/106249
---
src/raptor_xml_writer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
index 56993dc3..4426d38c 100644
--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
/* check it wasn't an earlier declaration too */
for(j = 0; j < nspace_declarations_count; j++)
- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
+ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
declare_me = 0;
break;
}
--
2.28.0

7
SPECS/raptor2.spec
View File

@ -2,7 +2,7 @@
Summary: RDF Parser Toolkit for Redland Summary: RDF Parser Toolkit for Redland
Name: raptor2 Name: raptor2
Version: 2.0.15 Version: 2.0.15
Release: 15%{?dist} Release: 16%{?dist}
License: GPLv2+ or LGPLv2+ or ASL 2.0 License: GPLv2+ or LGPLv2+ or ASL 2.0
Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz
@ -11,6 +11,8 @@ URL: http://librdf.org/raptor/
## upstream patches ## upstream patches
# https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f # https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f
Patch1: 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch Patch1: 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
# https://bugs.librdf.org/mantis/view.php?id=650
Patch2: 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
BuildRequires: curl-devel BuildRequires: curl-devel
%if ! 0%{?flatpak} %if ! 0%{?flatpak}
@ -96,6 +98,9 @@ rm -rf %{buildroot}
%changelog %changelog
* Tue Nov 24 2020 Caolán McNamara <caolanm@redhat.com> - 2.0.15-16
- Resolves: rhbz#1900904 CVE-2020-25713 raptor2: malformed input file can lead to a segfault
* Tue Nov 17 2020 Caolán McNamara <caolanm@redhat.com> - 2.0.15-15 * Tue Nov 17 2020 Caolán McNamara <caolanm@redhat.com> - 2.0.15-15
- Resolves: rhbz#1896534 CVE-2017-18926 raptor: heap-based buffer overflow - Resolves: rhbz#1896534 CVE-2017-18926 raptor: heap-based buffer overflow