rpms/raptor2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Import from CS git

Browse Source
This commit is contained in:
eabdullin 2025-01-15 07:07:36 +00:00
parent 194fe3b5dd
commit f4b2daf0fd
2 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
SOURCES/CVE-2024-57823.patch Normal file
View File

@ -0,0 +1,35 @@
--- raptor2-2.0.15/src/raptor_rfc2396.c.CVE-2024-57823 2014-07-26 23:07:37.000000000 +0200
+++ raptor2-2.0.15/src/raptor_rfc2396.c 2025-01-13 12:59:22.175568228 +0100
@@ -289,10 +289,8 @@ raptor_uri_normalize_path(unsigned char*
}
-#if defined(RAPTOR_DEBUG)
if(path_len != strlen((const char*)path_buffer))
RAPTOR_FATAL4("Path '%s' length %ld does not match calculated %ld.", (const char*)path_buffer, (long)strlen((const char*)path_buffer), (long)path_len);
-#endif
/* Remove all "<component>/../" path components */
@@ -327,10 +325,8 @@ raptor_uri_normalize_path(unsigned char*
if(!prev || !cur)
continue;
-#if defined(RAPTOR_DEBUG)
if(path_len != strlen((const char*)path_buffer))
RAPTOR_FATAL3("Path length %ld does not match calculated %ld.", (long)strlen((const char*)path_buffer), (long)path_len);
-#endif
/* If the current one is '..' */
if(s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
@@ -393,10 +389,8 @@ raptor_uri_normalize_path(unsigned char*
}
-#if defined(RAPTOR_DEBUG)
if(path_len != strlen((const char*)path_buffer))
RAPTOR_FATAL3("Path length %ld does not match calculated %ld.", (long)strlen((const char*)path_buffer), (long)path_len);
-#endif
/* RFC3986 Appendix C.2 / 5.4.2 Abnormal Examples
* Remove leading /../ and /./

11
SPECS/raptor2.spec
View File

@ -2,7 +2,7 @@
Summary: RDF Parser Toolkit for Redland
Name: raptor2
Version: 2.0.15
Release: 30%{?dist}
Release: 32%{?dist}
License: GPLv2+ or LGPLv2+ or ASL 2.0
Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz
@ -13,6 +13,8 @@ URL: http://librdf.org/raptor/
Patch1: 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
# https://bugs.librdf.org/mantis/view.php?id=650
Patch2: 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
# no patch yet but https://github.com/dajobe/raptor/issues/70
Patch3: CVE-2024-57823.patch
## upstreamable patches
@ -101,6 +103,13 @@ make check
%changelog
* Tue Jan 14 2025 Eike Rathke <erack@redhat.com> - 2.0.15-32
- Bump NVR
* Mon Jan 13 2025 Eike Rathke <erack@redhat.com> - 2.0.15-31
- Resolves: CVE-2024-57823 integer underflow when normalizing a URI with the
turtle parser
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.15-30
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688