packages/raptor2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!13 [sync] PR-11: CVE-2020-25713

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @gitee-cmd 
Signed-off-by: @gitee-cmd
This commit is contained in:
openeuler-ci-bot 2022-08-02 03:32:56 +00:00 committed by Gitee
commit 074064ae96
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CVE-2020-25713.patch Normal file
View File

@ -0,0 +1,33 @@
From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Tue, 24 Nov 2020 10:30:20 +0000
Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
segfault
due to an out of bounds array access in
raptor_xml_writer_start_element_common
See:
https://bugs.mageia.org/show_bug.cgi?id=27605
https://www.openwall.com/lists/oss-security/2020/11/13/1
https://gerrit.libreoffice.org/c/core/+/106249
---
src/raptor_xml_writer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
index 56993dc3..4426d38c 100644
--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
/* check it wasn't an earlier declaration too */
for(j = 0; j < nspace_declarations_count; j++)
- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
+ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
declare_me = 0;
break;
}
--
2.28.0

6
raptor2.spec
View File

@ -1,10 +1,11 @@
Name: raptor2 Name: raptor2
Version: 2.0.15 Version: 2.0.15
Release: 17 Release: 18
Summary: Raptor RDF parsing and serializing utility Summary: Raptor RDF parsing and serializing utility
License: GPLv2+ or LGPLv2+ or ASL 2.0 License: GPLv2+ or LGPLv2+ or ASL 2.0
URL: http://librdf.org/raptor/ URL: http://librdf.org/raptor/
Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz
Patch0: CVE-2020-25713.patch
BuildRequires: gcc-c++ curl-devel gtk-doc libicu-devel pkgconfig(libxslt) yajl-devel BuildRequires: gcc-c++ curl-devel gtk-doc libicu-devel pkgconfig(libxslt) yajl-devel
Conflicts: raptor < 1.4.21-10 Conflicts: raptor < 1.4.21-10
@ -67,5 +68,8 @@ make check
%{_mandir}/man3/libraptor2* %{_mandir}/man3/libraptor2*
%changelog %changelog
* Wed Jul 20 2022 liangqifeng <liangqifeng@ncti-gba.com> - 2.0.15-18
- Fix CVE-2020-25713
* Fri Dec 20 2019 shijian <shijian16@huawei.com> - 2.0.15-17 * Fri Dec 20 2019 shijian <shijian16@huawei.com> - 2.0.15-17
- Package init - Package init