From 0a6a544f7349105c3511d297f06946fa882a608b Mon Sep 17 00:00:00 2001
From: emancipator <ck167493@icloud.com>
Date: Mon, 1 Aug 2022 16:16:58 +0800
Subject: [PATCH 1/3] CVE-2020-25713

---
 CVE-2020-25713.patch | 33 +++++++++++++++++++++++++++++++++
 raptor2.spec         |  6 +++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2020-25713.patch

diff --git a/CVE-2020-25713.patch b/CVE-2020-25713.patch
new file mode 100644
index 0000000..1fb279d
--- /dev/null
+++ b/CVE-2020-25713.patch
@@ -0,0 +1,33 @@
+From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 24 Nov 2020 10:30:20 +0000
+Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
+ segfault
+
+due to an out of bounds array access in
+raptor_xml_writer_start_element_common
+
+See:
+https://bugs.mageia.org/show_bug.cgi?id=27605
+https://www.openwall.com/lists/oss-security/2020/11/13/1
+https://gerrit.libreoffice.org/c/core/+/106249
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc3..4426d38c 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+           
+           /* check it wasn't an earlier declaration too */
+           for(j = 0; j < nspace_declarations_count; j++)
+-            if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
++            if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
+               declare_me = 0;
+               break;
+             }
+-- 
+2.28.0
+
diff --git a/raptor2.spec b/raptor2.spec
index 774ba41..3e48611 100644
--- a/raptor2.spec
+++ b/raptor2.spec
@@ -1,10 +1,11 @@
 Name:          raptor2
 Version:       2.0.15
-Release:       18
+Release:       19
 Summary:       Raptor RDF parsing and serializing utility
 License:       GPLv2+ or LGPLv2+ or ASL 2.0
 URL:           http://librdf.org/raptor/
 Source:        http://download.librdf.org/source/raptor2-%{version}.tar.gz
+Patch0:        CVE-2020-25713.patch
 BuildRequires: gcc-c++ curl-devel gtk-doc libicu-devel pkgconfig(libxslt) yajl-devel
 Conflicts:     raptor < 1.4.21-10
 
@@ -67,6 +68,9 @@ make check
 %{_mandir}/man3/libraptor2*
 
 %changelog
+* Wed Jul 20 2022 liangqifeng <liangqifeng@ncti-gba.com> - 2.0.15-18
+- Fix CVE-2020-25713
+
 * Mon May 18 2020 wangchen <wangchen137@huawei.com> - 2.0.15-18
 - rebuild for raptor2
 
-- 
Gitee


From 839f278082ff7de9096dc98cf9b05c47567373cb Mon Sep 17 00:00:00 2001
From: emancipator <ck167493@icloud.com>
Date: Mon, 1 Aug 2022 16:36:34 +0800
Subject: [PATCH 2/3] CVE-2020-25713

---
 raptor2.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/raptor2.spec b/raptor2.spec
index 3e48611..ecea2d0 100644
--- a/raptor2.spec
+++ b/raptor2.spec
@@ -68,7 +68,7 @@ make check
 %{_mandir}/man3/libraptor2*
 
 %changelog
-* Wed Jul 20 2022 liangqifeng <liangqifeng@ncti-gba.com> - 2.0.15-18
+* Wed Jul 20 2022 liangqifeng <liangqifeng@ncti-gba.com> - 2.0.15-19
 - Fix CVE-2020-25713
 
 * Mon May 18 2020 wangchen <wangchen137@huawei.com> - 2.0.15-18
-- 
Gitee


From 2e9492b158638efaa70d991cb8f05034e4f65bf7 Mon Sep 17 00:00:00 2001
From: emancipator <ck167493@icloud.com>
Date: Mon, 1 Aug 2022 16:16:58 +0800
Subject: [PATCH 3/3] CVE-2020-25713

---
 CVE-2020-25713.patch | 33 +++++++++++++++++++++++++++++++++
 raptor2.spec         |  6 +++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2020-25713.patch

diff --git a/CVE-2020-25713.patch b/CVE-2020-25713.patch
new file mode 100644
index 0000000..1fb279d
--- /dev/null
+++ b/CVE-2020-25713.patch
@@ -0,0 +1,33 @@
+From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 24 Nov 2020 10:30:20 +0000
+Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
+ segfault
+
+due to an out of bounds array access in
+raptor_xml_writer_start_element_common
+
+See:
+https://bugs.mageia.org/show_bug.cgi?id=27605
+https://www.openwall.com/lists/oss-security/2020/11/13/1
+https://gerrit.libreoffice.org/c/core/+/106249
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc3..4426d38c 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+           
+           /* check it wasn't an earlier declaration too */
+           for(j = 0; j < nspace_declarations_count; j++)
+-            if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
++            if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
+               declare_me = 0;
+               break;
+             }
+-- 
+2.28.0
+
diff --git a/raptor2.spec b/raptor2.spec
index 774ba41..ecea2d0 100644
--- a/raptor2.spec
+++ b/raptor2.spec
@@ -1,10 +1,11 @@
 Name:          raptor2
 Version:       2.0.15
-Release:       18
+Release:       19
 Summary:       Raptor RDF parsing and serializing utility
 License:       GPLv2+ or LGPLv2+ or ASL 2.0
 URL:           http://librdf.org/raptor/
 Source:        http://download.librdf.org/source/raptor2-%{version}.tar.gz
+Patch0:        CVE-2020-25713.patch
 BuildRequires: gcc-c++ curl-devel gtk-doc libicu-devel pkgconfig(libxslt) yajl-devel
 Conflicts:     raptor < 1.4.21-10
 
@@ -67,6 +68,9 @@ make check
 %{_mandir}/man3/libraptor2*
 
 %changelog
+* Wed Jul 20 2022 liangqifeng <liangqifeng@ncti-gba.com> - 2.0.15-19
+- Fix CVE-2020-25713
+
 * Mon May 18 2020 wangchen <wangchen137@huawei.com> - 2.0.15-18
 - rebuild for raptor2
 
-- 
Gitee