import raptor2-2.0.15-16.el8

2021-05-18 02:42:32 -04:00 · 2021-05-18 02:42:32 -04:00 · d10d8dac8a
parent dc9dc745a7
commit d10d8dac8a
3 changed files with 97 additions and 3 deletions
--- a/SOURCES/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
+++ b/SOURCES/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
@ -0,0 +1,33 @@
+From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 24 Nov 2020 10:30:20 +0000
+Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
+ segfault
+
+due to an out of bounds array access in
+raptor_xml_writer_start_element_common
+
+See:
+https://bugs.mageia.org/show_bug.cgi?id=27605
+https://www.openwall.com/lists/oss-security/2020/11/13/1
+https://gerrit.libreoffice.org/c/core/+/106249
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc3..4426d38c 100644
+--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+           
+           /* check it wasn't an earlier declaration too */
+           for(j = 0; j < nspace_declarations_count; j++)
+-            if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
+            if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
+               declare_me = 0;
+               break;
+             }
+-- 
+2.28.0
+
--- a/SOURCES/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
+++ b/SOURCES/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
@ -0,0 +1,43 @@
+From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Sun, 16 Apr 2017 23:15:12 +0100
+Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
+
+(raptor_xml_writer_start_element_common): Calculate max including for
+each attribute a potential name and value.
+
+Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
+and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
+---
+ src/raptor_xml_writer.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 693b946..0d3a36a 100644
+--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
+@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+   size_t nspace_declarations_count = 0;  
+   unsigned int i;
+ 
+-  /* max is 1 per element and 1 for each attribute + size of declared */
+   if(nstack) {
+-    int nspace_max_count = element->attribute_count+1;
+    int nspace_max_count = element->attribute_count * 2; /* attr and value */
+    if(element->name->nspace)
+      nspace_max_count++;
+     if(element->declared_nspaces)
+       nspace_max_count += raptor_sequence_size(element->declared_nspaces);
+     if(element->xml_language)
+@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+         }
+       }
+ 
+-      /* Add the attribute + value */
+      /* Add the attribute's value */
+       nspace_declarations[nspace_declarations_count].declaration=
+         raptor_qname_format_as_xml(element->attributes[i],
+                                    &nspace_declarations[nspace_declarations_count].length);
+-- 
+2.9.3
+
--- a/SPECS/raptor2.spec
+++ b/SPECS/raptor2.spec
@ -2,16 +2,22 @@
 Summary: RDF Parser Toolkit for Redland
 Name:    raptor2
 Version: 2.0.15
-Release: 13%{?dist}
+Release: 16%{?dist}

 License: GPLv2+ or LGPLv2+ or ASL 2.0
 Source:  http://download.librdf.org/source/raptor2-%{version}.tar.gz
 URL:     http://librdf.org/raptor/

-## upstreamable patches
+## upstream patches
+# https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f
+Patch1: 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
+# https://bugs.librdf.org/mantis/view.php?id=650
+Patch2: 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch

 BuildRequires: curl-devel
+%if ! 0%{?flatpak}
 BuildRequires: gtk-doc
+%endif
 BuildRequires: libicu-devel
 BuildRequires: pkgconfig(libxslt)

@ -31,7 +37,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release}


 %prep
-%setup -q
+%autosetup -p1

 # hack to nuke rpaths
 %if "%{_libdir}" != "/usr/lib"
@ -43,6 +49,9 @@ sed -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure
 %configure \
  --disable-static --enable-release \
  --with-icu-config=/usr/bin/icu-config \
+%if 0%{?flatpak}
+  --disable-gtk-doc \
+%endif
  --with-yajl=no

 make %{?_smp_mflags}
@ -89,6 +98,15 @@ rm -rf %{buildroot}


 %changelog
+* Tue Nov 24 2020 Caolán McNamara <caolanm@redhat.com> - 2.0.15-16
+- Resolves: rhbz#1900904 CVE-2020-25713 raptor2: malformed input file can lead to a segfault
+
+* Tue Nov 17 2020 Caolán McNamara <caolanm@redhat.com> - 2.0.15-15
+- Resolves: rhbz#1896534 CVE-2017-18926 raptor: heap-based buffer overflow
+
+* Mon Nov 16 2020 Caolán McNamara <caolanm@redhat.com> - 2.0.15-14
+- Resolves: rhbz#1896340 Suppress documentation in Flatpak builds
+
 * Tue Aug 21 2018 Caolán McNamara <caolanm@redhat.com> - 2.0.15-13
 - Resolves: rhbz#1560206 drop requirement on yajl