Compare commits
No commits in common. "c8" and "c8-beta" have entirely different histories.
@ -1,35 +0,0 @@
|
|||||||
--- raptor2-2.0.15/src/raptor_rfc2396.c.CVE-2024-57823 2014-07-26 23:07:37.000000000 +0200
|
|
||||||
+++ raptor2-2.0.15/src/raptor_rfc2396.c 2025-01-13 12:59:22.175568228 +0100
|
|
||||||
@@ -289,10 +289,8 @@ raptor_uri_normalize_path(unsigned char*
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
-#if defined(RAPTOR_DEBUG)
|
|
||||||
if(path_len != strlen((const char*)path_buffer))
|
|
||||||
RAPTOR_FATAL4("Path '%s' length %ld does not match calculated %ld.", (const char*)path_buffer, (long)strlen((const char*)path_buffer), (long)path_len);
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
/* Remove all "<component>/../" path components */
|
|
||||||
|
|
||||||
@@ -327,10 +325,8 @@ raptor_uri_normalize_path(unsigned char*
|
|
||||||
if(!prev || !cur)
|
|
||||||
continue;
|
|
||||||
|
|
||||||
-#if defined(RAPTOR_DEBUG)
|
|
||||||
if(path_len != strlen((const char*)path_buffer))
|
|
||||||
RAPTOR_FATAL3("Path length %ld does not match calculated %ld.", (long)strlen((const char*)path_buffer), (long)path_len);
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
/* If the current one is '..' */
|
|
||||||
if(s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
|
|
||||||
@@ -393,10 +389,8 @@ raptor_uri_normalize_path(unsigned char*
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
-#if defined(RAPTOR_DEBUG)
|
|
||||||
if(path_len != strlen((const char*)path_buffer))
|
|
||||||
RAPTOR_FATAL3("Path length %ld does not match calculated %ld.", (long)strlen((const char*)path_buffer), (long)path_len);
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
/* RFC3986 Appendix C.2 / 5.4.2 Abnormal Examples
|
|
||||||
* Remove leading /../ and /./
|
|
||||||
@ -2,7 +2,7 @@
|
|||||||
Summary: RDF Parser Toolkit for Redland
|
Summary: RDF Parser Toolkit for Redland
|
||||||
Name: raptor2
|
Name: raptor2
|
||||||
Version: 2.0.15
|
Version: 2.0.15
|
||||||
Release: 17%{?dist}
|
Release: 16%{?dist}
|
||||||
|
|
||||||
License: GPLv2+ or LGPLv2+ or ASL 2.0
|
License: GPLv2+ or LGPLv2+ or ASL 2.0
|
||||||
Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz
|
Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz
|
||||||
@ -13,8 +13,6 @@ URL: http://librdf.org/raptor/
|
|||||||
Patch1: 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
|
Patch1: 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
|
||||||
# https://bugs.librdf.org/mantis/view.php?id=650
|
# https://bugs.librdf.org/mantis/view.php?id=650
|
||||||
Patch2: 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
|
Patch2: 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
|
||||||
# no patch yet but https://github.com/dajobe/raptor/issues/70
|
|
||||||
Patch3: CVE-2024-57823.patch
|
|
||||||
|
|
||||||
BuildRequires: curl-devel
|
BuildRequires: curl-devel
|
||||||
%if ! 0%{?flatpak}
|
%if ! 0%{?flatpak}
|
||||||
@ -100,10 +98,6 @@ rm -rf %{buildroot}
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Jan 13 2025 Eike Rathke <erack@redhat.com> - 2.0.15-17
|
|
||||||
- Resolves: CVE-2024-57823 integer underflow when normalizing a URI with the
|
|
||||||
turtle parser
|
|
||||||
|
|
||||||
* Tue Nov 24 2020 Caolán McNamara <caolanm@redhat.com> - 2.0.15-16
|
* Tue Nov 24 2020 Caolán McNamara <caolanm@redhat.com> - 2.0.15-16
|
||||||
- Resolves: rhbz#1900904 CVE-2020-25713 raptor2: malformed input file can lead to a segfault
|
- Resolves: rhbz#1900904 CVE-2020-25713 raptor2: malformed input file can lead to a segfault
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user