Compare commits
10 Commits
111bdff9f0
...
1f32937d70
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
1f32937d70 | ||
|
|
fa8addd182 | ||
|
|
ce14b59de5 | ||
|
|
63aec47d0b | ||
|
|
ff6951fe7b | ||
|
|
f2d0775bd4 | ||
|
|
f82d2f8a9f | ||
|
|
ae11d49c6e | ||
|
|
00830050c0 | ||
|
|
9b6475b9cb |
33
CVE-2020-25713.patch
Normal file
33
CVE-2020-25713.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
||||
Date: Tue, 24 Nov 2020 10:30:20 +0000
|
||||
Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
|
||||
segfault
|
||||
|
||||
due to an out of bounds array access in
|
||||
raptor_xml_writer_start_element_common
|
||||
|
||||
See:
|
||||
https://bugs.mageia.org/show_bug.cgi?id=27605
|
||||
https://www.openwall.com/lists/oss-security/2020/11/13/1
|
||||
https://gerrit.libreoffice.org/c/core/+/106249
|
||||
---
|
||||
src/raptor_xml_writer.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
|
||||
index 56993dc3..4426d38c 100644
|
||||
--- a/src/raptor_xml_writer.c
|
||||
+++ b/src/raptor_xml_writer.c
|
||||
@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
|
||||
|
||||
/* check it wasn't an earlier declaration too */
|
||||
for(j = 0; j < nspace_declarations_count; j++)
|
||||
- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
|
||||
+ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
|
||||
declare_me = 0;
|
||||
break;
|
||||
}
|
||||
--
|
||||
2.28.0
|
||||
|
||||
@ -0,0 +1,31 @@
|
||||
From 4dbc4c1da2a033c497d84a1291c46f416a9cac51 Mon Sep 17 00:00:00 2001
|
||||
From: David Anes <david.anes@suse.com>
|
||||
Date: Thu, 4 May 2023 11:54:02 +0200
|
||||
Subject: [PATCH] Remove the access to entities 'checked' private symbol for
|
||||
libxml2 2.11.0
|
||||
|
||||
Since version 2.11.0, some private symbols that were never intended
|
||||
as public API/ABI have been removed from libxml2, therefore the field
|
||||
'checked' is no longer present and raptor fails to build in this
|
||||
scenario.
|
||||
---
|
||||
src/raptor_libxml.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/raptor_libxml.c b/src/raptor_libxml.c
|
||||
index 538c2c8e..8bcee139 100644
|
||||
--- a/src/raptor_libxml.c
|
||||
+++ b/src/raptor_libxml.c
|
||||
@@ -246,10 +246,11 @@ raptor_libxml_getEntity(void* user_data, const xmlChar *name)
|
||||
|
||||
ret->owner = 1;
|
||||
|
||||
-#if LIBXML_VERSION >= 20627
|
||||
+#if LIBXML_VERSION >= 20627 && LIBXML_VERSION < 21100
|
||||
/* Checked field was released in 2.6.27 on 2006-10-25
|
||||
* http://git.gnome.org/browse/libxml2/commit/?id=a37a6ad91a61d168ecc4b29263def3363fff4da6
|
||||
*
|
||||
+ * and was later removed in version 2.11.0
|
||||
*/
|
||||
|
||||
/* Mark this entity as having been checked - never do this again */
|
||||
BIN
raptor2-2.0.15.tar.gz
Normal file
BIN
raptor2-2.0.15.tar.gz
Normal file
Binary file not shown.
82
raptor2.spec
Normal file
82
raptor2.spec
Normal file
@ -0,0 +1,82 @@
|
||||
Name: raptor2
|
||||
Version: 2.0.15
|
||||
Release: 19
|
||||
Summary: Raptor RDF parsing and serializing utility
|
||||
License: GPLv2+ or LGPLv2+ or ASL 2.0
|
||||
URL: http://librdf.org/raptor/
|
||||
Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz
|
||||
|
||||
Patch0: CVE-2020-25713.patch
|
||||
#upstream https://github.com/dajobe/raptor/commit/4dbc4c1da2a033c497d84a1291c46f416a9cac51
|
||||
Patch1: Remove-the-access-to-entities-checked-private-symbol-for-libxml2-2.11.0.patch
|
||||
|
||||
BuildRequires: gcc-c++ curl-devel gtk-doc libicu-devel pkgconfig(libxslt) yajl-devel
|
||||
Conflicts: raptor < 1.4.21-10
|
||||
|
||||
%description
|
||||
Raptor is Redland's RDF parser toolkit, which provides a set of independent RDF parsers
|
||||
to generate triples from RDF / XML or N-Triples.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for raptor2
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
|
||||
%description devel
|
||||
Development files for raptor2.
|
||||
|
||||
%package help
|
||||
Summary: Help document for raptor2
|
||||
|
||||
%description help
|
||||
Help document for raptor2.
|
||||
|
||||
%prep
|
||||
%autosetup -n %{name}-%{version} -p1
|
||||
sed -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure
|
||||
|
||||
%build
|
||||
%configure --disable-static --enable-release --with-icu-config=/usr/bin/icu-config
|
||||
|
||||
%make_build
|
||||
|
||||
%install
|
||||
%make_install
|
||||
%delete_la
|
||||
|
||||
%check
|
||||
export PKG_CONFIG_PATH=%{buildroot}%{_datadir}/pkgconfig:%{buildroot}%{_libdir}/pkgconfig
|
||||
test "$(pkg-config --modversion raptor2)" = "%{version}"
|
||||
make check
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%doc AUTHORS ChangeLog NEWS README
|
||||
%license COPYING* LICENSE.txt LICENSE-2.0.txt
|
||||
%{_libdir}/libraptor2.so.0*
|
||||
%{_bindir}/rapper
|
||||
|
||||
%files devel
|
||||
%doc UPGRADING.html
|
||||
%{_includedir}/raptor2/
|
||||
%{_libdir}/libraptor2.so
|
||||
%{_libdir}/pkgconfig/raptor2.pc
|
||||
%dir %{_datadir}/gtk-doc
|
||||
%dir %{_datadir}/gtk-doc/html/
|
||||
%{_datadir}/gtk-doc/html/raptor2/
|
||||
|
||||
%files help
|
||||
%{_mandir}/man1/rapper*
|
||||
%{_mandir}/man3/libraptor2*
|
||||
|
||||
%changelog
|
||||
* Thu Aug 10 2023 xu_ping <707078654@qq.com> - 2.0.15-19
|
||||
- fix build error due to libxml2 upgrade
|
||||
|
||||
* Wed Jul 20 2022 liangqifeng <liangqifeng@ncti-gba.com> - 2.0.15-18
|
||||
- Fix CVE-2020-25713
|
||||
|
||||
* Fri Dec 20 2019 shijian <shijian16@huawei.com> - 2.0.15-17
|
||||
- Package init
|
||||
4
raptor2.yaml
Normal file
4
raptor2.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
version_control: github
|
||||
src_repo: dajobe/raptor
|
||||
tag_prefix: "raptor2_"
|
||||
seperator: "_"
|
||||
Loading…
x
Reference in New Issue
Block a user