diff --git a/backport-0003-CVE-2024-57822.patch b/backport-0003-CVE-2024-57822.patch new file mode 100644 index 0000000000000000000000000000000000000000..df204677b656cb6303e1c6403c100b9cbbb1e6d3 --- /dev/null +++ b/backport-0003-CVE-2024-57822.patch @@ -0,0 +1,14 @@ +#backport from upstream https://github.com/dajobe/raptor/commit/ece2c79df43091686a538b8231cf387d84bfa60e +diff --git a/src/raptor_ntriples.c b/src/raptor_ntriples.c +index 60fd3aa..c44f8c4 100644 +--- a/src/raptor_ntriples.c ++++ b/src/raptor_ntriples.c +@@ -208,7 +208,7 @@ raptor_ntriples_parse_term_internal(raptor_world* world, + locator->column--; + locator->byte--; + } +- if(term_class == RAPTOR_TERM_CLASS_BNODEID && dest[-1] == '.') { ++ if(term_class == RAPTOR_TERM_CLASS_BNODEID && position > 0 && dest[-1] == '.') { + /* If bnode id ended on '.' move back one */ + dest--; + diff --git a/raptor2.spec b/raptor2.spec index 4a6ae567044b28122cfe15c60e746f17ae7bb6a1..c39468410054d29774afa81a507985d45d1a0aaf 100644 --- a/raptor2.spec +++ b/raptor2.spec @@ -1,6 +1,6 @@ Name: raptor2 Version: 2.0.16 -Release: 2 +Release: 3 Summary: Raptor RDF parsing and serializing utility License: GPLv2+ or LGPLv2+ or ASL 2.0 URL: http://librdf.org/raptor/ @@ -10,6 +10,7 @@ Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz Patch1: Remove-the-access-to-entities-checked-private-symbol-for-libxml2-2.11.0.patch Patch2: backport-0001-CVE-2024-57823.patch Patch3: backport-0002-CVE-2024-57823.patch +Patch4: backport-0003-CVE-2024-57822.patch BuildRequires: gcc-c++ curl-devel gtk-doc libicu-devel pkgconfig(libxslt) yajl-devel Conflicts: raptor < 1.4.21-10 @@ -73,6 +74,9 @@ make check %{_mandir}/man3/libraptor2* %changelog +* Tue Jul 22 2025 wangkai <13474090681@163.com> - 2.0.16-3 +- fix CVE-2024-57822 + * Wed Apr 23 2025 wangkai <13474090681@163.com> - 2.0.16-2 - fix CVE-2024-57823