From ea23ecce8cdbb837e06373025e02702f5e5a78b4 Mon Sep 17 00:00:00 2001 From: wangchen2020 <15955488707@163.com> Date: Mon, 18 May 2020 19:43:31 +0800 Subject: [PATCH 1/3] rebuild for raptor2 --- raptor2.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/raptor2.spec b/raptor2.spec index 510cb32..774ba41 100644 --- a/raptor2.spec +++ b/raptor2.spec @@ -1,6 +1,6 @@ Name: raptor2 Version: 2.0.15 -Release: 17 +Release: 18 Summary: Raptor RDF parsing and serializing utility License: GPLv2+ or LGPLv2+ or ASL 2.0 URL: http://librdf.org/raptor/ @@ -67,5 +67,8 @@ make check %{_mandir}/man3/libraptor2* %changelog +* Mon May 18 2020 wangchen - 2.0.15-18 +- rebuild for raptor2 + * Fri Dec 20 2019 shijian - 2.0.15-17 - Package init -- Gitee From d75cb4fb0f4d21ef05db57ab8898934273984b13 Mon Sep 17 00:00:00 2001 From: emancipatorer Date: Tue, 26 Jul 2022 14:57:50 +0800 Subject: [PATCH 2/3] CVE-2020-25713 --- CVE-2020-25713.patch | 33 +++++++++++++++++++++++++++++++++ raptor2.spec | 5 ++++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-25713.patch diff --git a/CVE-2020-25713.patch b/CVE-2020-25713.patch new file mode 100644 index 0000000..1fb279d --- /dev/null +++ b/CVE-2020-25713.patch @@ -0,0 +1,33 @@ +From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Tue, 24 Nov 2020 10:30:20 +0000 +Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a + segfault + +due to an out of bounds array access in +raptor_xml_writer_start_element_common + +See: +https://bugs.mageia.org/show_bug.cgi?id=27605 +https://www.openwall.com/lists/oss-security/2020/11/13/1 +https://gerrit.libreoffice.org/c/core/+/106249 +--- + src/raptor_xml_writer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 56993dc3..4426d38c 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + + /* check it wasn't an earlier declaration too */ + for(j = 0; j < nspace_declarations_count; j++) +- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { ++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { + declare_me = 0; + break; + } +-- +2.28.0 + diff --git a/raptor2.spec b/raptor2.spec index 510cb32..b2f9383 100644 --- a/raptor2.spec +++ b/raptor2.spec @@ -1,10 +1,11 @@ Name: raptor2 Version: 2.0.15 -Release: 17 +Release: 18 Summary: Raptor RDF parsing and serializing utility License: GPLv2+ or LGPLv2+ or ASL 2.0 URL: http://librdf.org/raptor/ Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz +Patch0: CVE-2020-25713.patch BuildRequires: gcc-c++ curl-devel gtk-doc libicu-devel pkgconfig(libxslt) yajl-devel Conflicts: raptor < 1.4.21-10 @@ -67,5 +68,7 @@ make check %{_mandir}/man3/libraptor2* %changelog +* Wed Jul 20 2022 liangqifeng - 2.0.15-18 +- Fix CVE-2020-25713 * Fri Dec 20 2019 shijian - 2.0.15-17 - Package init -- Gitee From 8a701dc6497ae5545d8a4defceabc5e362209b85 Mon Sep 17 00:00:00 2001 From: Emancipator Date: Tue, 26 Jul 2022 08:39:33 +0000 Subject: [PATCH 3/3] update raptor2.spec. --- raptor2.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/raptor2.spec b/raptor2.spec index 86ff136..46fe726 100644 --- a/raptor2.spec +++ b/raptor2.spec @@ -1,6 +1,6 @@ Name: raptor2 Version: 2.0.15 -Release: 18 +Release: 19 Summary: Raptor RDF parsing and serializing utility License: GPLv2+ or LGPLv2+ or ASL 2.0 URL: http://librdf.org/raptor/ @@ -69,6 +69,9 @@ make check %changelog ======= +* Wed Jul 20 2022 liangqifeng - 2.0.15-18 +- Fix CVE-2020-25713 + * Mon May 18 2020 wangchen - 2.0.15-18 - rebuild for raptor2 -- Gitee