Sync from SUSE:SLFO:1.1 raptor revision 579a0da6029dae8c6a3debb1ddc4d84a

2025-04-16 03:12:31 +02:00
5 changed files with 20 additions and 132 deletions
--- a/raptor-CVE-2024-57822.patch
+++ b/raptor-CVE-2024-57822.patch
@@ -1,63 +0,0 @@
-From ece2c79df43091686a538b8231cf387d84bfa60e Mon Sep 17 00:00:00 2001
-From: Dave Beckett <dave@dajobe.org>
-Date: Fri, 7 Feb 2025 11:38:34 -0800
-Subject: [PATCH] Fix Github issue 70 B) Heap read buffer overflow in ntriples
- bnode
-
-(raptor_ntriples_parse_term_internal): Only allow looking at the last
-character of a bnode ID only if bnode length >0
---
- src/raptor_ntriples.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/raptor_ntriples.c b/src/raptor_ntriples.c
-index 3276e790..ecc4247c 100644
--- a/src/raptor_ntriples.c
-+++ b/src/raptor_ntriples.c
-@@ -212,7 +212,7 @@ raptor_ntriples_parse_term_internal(raptor_world* world,
-             locator->column--;
-             locator->byte--;
-           }
-          if(term_class == RAPTOR_TERM_CLASS_BNODEID && dest[-1] == '.') {
-+          if(term_class == RAPTOR_TERM_CLASS_BNODEID && position > 0 && dest[-1] == '.') {
-             /* If bnode id ended on '.' move back one */
-             dest--;
- 
-From da7a79976bd0314c23cce55d22495e7d29301c44 Mon Sep 17 00:00:00 2001
-From: Dave Beckett <dave@dajobe.org>
-Date: Thu, 6 Feb 2025 21:12:37 -0800
-Subject: [PATCH] Fix Github issue 70 A) Integer Underflow in
- raptor_uri_normalize_path()
-
-(raptor_uri_normalize_path): Return empty buffer if path gets to 0
-length
---
- src/raptor_rfc2396.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/raptor_rfc2396.c b/src/raptor_rfc2396.c
-index 8cc364f4..f8ec5798 100644
--- a/src/raptor_rfc2396.c
-+++ b/src/raptor_rfc2396.c
-@@ -351,6 +351,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
-           *dest++ = *s++;
-         *dest = '\0';
-         path_len -= len;
-+        if(path_len <= 0) {
-+          *path_buffer = '\0';
-+          return 0;
-+        }
- 
-         if(p && p < prev) {
-           /* We know the previous prev path component and we didn't do
-@@ -390,6 +394,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
-     /* Remove <component>/.. at the end of the path */
-     *prev = '\0';
-     path_len -= (s-prev);
-+    if(path_len <= 0) {
-+      *path_buffer = '\0';
-+      return 0;
-+    }
-   }
- 
- 
--- a/raptor-CVE-2024-57823.patch
+++ b/raptor-CVE-2024-57823.patch
@@ -1,35 +0,0 @@
--- raptor2-2.0.15/src/raptor_rfc2396.c.CVE-2024-57823	2014-07-26 23:07:37.000000000 +0200
-+++ raptor2-2.0.15/src/raptor_rfc2396.c	2025-01-13 12:59:22.175568228 +0100
-@@ -289,10 +289,8 @@ raptor_uri_normalize_path(unsigned char*
-   }
- 
-   
-#if defined(RAPTOR_DEBUG)
-   if(path_len != strlen((const char*)path_buffer))
-     RAPTOR_FATAL4("Path '%s' length %ld does not match calculated %ld.", (const char*)path_buffer, (long)strlen((const char*)path_buffer), (long)path_len);
-#endif
-     
-   /* Remove all "<component>/../" path components */
- 
-@@ -327,10 +325,8 @@ raptor_uri_normalize_path(unsigned char*
-     if(!prev || !cur)
-       continue;
- 
-#if defined(RAPTOR_DEBUG)
-     if(path_len != strlen((const char*)path_buffer))
-       RAPTOR_FATAL3("Path length %ld does not match calculated %ld.", (long)strlen((const char*)path_buffer), (long)path_len);
-#endif
-     
-     /* If the current one is '..' */
-     if(s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
-@@ -393,10 +389,8 @@ raptor_uri_normalize_path(unsigned char*
-   }
- 
- 
-#if defined(RAPTOR_DEBUG)
-   if(path_len != strlen((const char*)path_buffer))
-     RAPTOR_FATAL3("Path length %ld does not match calculated %ld.", (long)strlen((const char*)path_buffer), (long)path_len);
-#endif
- 
-   /* RFC3986 Appendix C.2 / 5.4.2 Abnormal Examples
-    * Remove leading /../ and /./ 
--- a/raptor.changes
+++ b/raptor.changes
@@ -1,20 +1,3 @@
-------------------------------------------------------------------
-Tue Jul  8 15:15:46 UTC 2025 - Dirk Müller <dmueller@suse.com>
-
- add raptor-CVE-2024-57822.patch (bsc#1235674, CVE-2024-57822)
- refresh raptor-CVE-2024-57823.patch (bsc#1235673, CVE-2024-57823)
- convert to autosetup
-
-------------------------------------------------------------------
-Mon Jan 13 10:57:36 UTC 2025 - Dirk Müller <dmueller@suse.com>
-
- add raptor-CVE-2024-57823.patch (bsc#1235673, CVE-2024-57823)
-
-------------------------------------------------------------------
-Fri Feb 23 11:32:22 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
-
- Use %patch -P N instead of deprecated %patchN.
-
 -------------------------------------------------------------------
 Mon Dec  4 09:34:24 UTC 2023 - Marcus Meissner <meissner@suse.com>

@@ -24,7 +7,7 @@ Mon Dec  4 09:34:24 UTC 2023 - Marcus Meissner <meissner@suse.com>
 Thu May  4 09:59:20 UTC 2023 - David Anes <david.anes@suse.com>

 - Add support for libxml 2.11.0+
-  * Added patch raptor-libxml2-2.11-support.patch
+  * Added patch raptor-libxml2-2.11-support.patch 

 -------------------------------------------------------------------
 Tue Mar  7 12:23:30 UTC 2023 - Dirk Müller <dmueller@suse.com>
@@ -74,11 +57,11 @@ Sat Sep 14 16:41:05 UTC 2013 - hrvoje.senjan@gmail.com
 Thu May 30 17:31:45 UTC 2013 - tittiatcoke@gmail.com

 - Update to version 2.0.9
-  * Added full parsing and serializing support for Turtle Terse RDF
+  * Added full parsing and serializing support for Turtle Terse RDF 
    Triple Language W3C Candidate Recommendation 19 February 2013
  * Added CMake build framework for building Raptor on Microsoft
  * Made a few minor fixes and improvements
-  * Fixed reported issues: 0000499, 0000508, 0000520, 0000521
+  * Fixed reported issues: 0000499, 0000508, 0000520, 0000521 
    and 0000526

 -------------------------------------------------------------------
@@ -104,7 +87,7 @@ Thu Jun 28 09:28:26 UTC 2012 - mlin@suse.com
 - Update to version 2.0.8
  * Added support for RDFa 1.1 via updated librdfa
  * Multiple portability fixes for Windows and Solarises. (Daniel Richard G.)
-  * Multiple minor fixes and improvements
+  * Multiple minor fixes and improvements 
  * Fixed reported issues: 0000381, 0000487, 0000505 and 0000507

 -------------------------------------------------------------------
@@ -122,9 +105,9 @@ Wed Dec 21 12:41:18 UTC 2011 - tittiatcoke@gmail.com

 - Update to v2.0.6
  * Handle libCurl SSL options before 7.16.4 (2007)
-  * Add a few sequence utility methods for sort, reverse and
+  * Add a few sequence utility methods for sort, reverse and 
    permute
-  * All parsers and serializers use the W3C Format URIs as their
+  * All parsers and serializers use the W3C Format URIs as their 
    primary URI
  * N-Quads parser can now handle optional context/graph URI
  * Turtle serializer uses official text/turtle mime type
@@ -135,7 +118,7 @@ Wed Dec 21 12:41:18 UTC 2011 - tittiatcoke@gmail.com
 -------------------------------------------------------------------
 Sat Oct  1 03:35:30 UTC 2011 - crrodriguez@opensuse.org

- Do not require gtk-doc to build
+- Do not require gtk-doc to build 

 -------------------------------------------------------------------
 Mon Sep 19 11:41:09 UTC 2011 - tittiatcoke@gmail.com
@@ -156,10 +139,10 @@ Thu Aug 11 19:07:13 UTC 2011 - aj@suse.de

 -------------------------------------------------------------------
 Fri Apr 14 13:38:21 UTC 2011 - toddrme2178@gmail.com
-
+    
 - added 32bit compatibility libraries
 - removed package name from summary (fix for RPMLINT warning)
-
+ 
 -------------------------------------------------------------------
 Sat Apr 10 06:44:32 UTC 2010 - davejplater@gmail.com

@@ -211,7 +194,7 @@ Fri Jul 25 00:33:26 CEST 2008 - dmueller@suse.de
 Sun Apr  6 02:09:29 CEST 2008 - crrodriguez@suse.de

 - update to version 1.4.17
-	* Added two new JSON serializers: resource-centric 'json'
+	* Added two new JSON serializers: resource-centric 'json' 
 	  (Talis RDF/JSON) and triple-centric 'json-triples'
    * Added a new public XML SAX2 API class
    * Added a new error handling structure
@@ -223,7 +206,7 @@ Sun Apr  6 02:09:29 CEST 2008 - crrodriguez@suse.de
 -------------------------------------------------------------------
 Wed Dec 19 20:03:46 CET 2007 - crrodriguez@suse.de

- missing pkg-config in buildrequires
+- missing pkg-config in buildrequires 

 -------------------------------------------------------------------
 Sun Oct 28 08:41:27 CET 2007 - stbinner@suse.de
--- a/raptor.spec
+++ b/raptor.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package raptor
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -28,9 +28,8 @@ Source1:        https://download.librdf.org/source/raptor2-%{version}.tar.gz.asc
 Source2:        %{name}.keyring
 Source3:        baselibs.conf
 Patch2:         ubsan.patch
+# Patch sent upstream: https://github.com/dajobe/raptor/pull/58
 Patch3:         raptor-libxml2-2.11-support.patch
-Patch4:         raptor-CVE-2024-57822.patch
-Patch5:         raptor-CVE-2024-57823.patch
 BuildRequires:  bison
 BuildRequires:  curl-devel
 BuildRequires:  libxslt-devel
@@ -68,7 +67,9 @@ This package contains the files needed to compile programs that use the
 raptor library.

 %prep
-%autosetup -p1 -n %{name}2-%{version}
+%setup -q -n %{name}2-%{version}
+%patch2
+%patch3 -p1

 %build
 %configure \
--- a/ubsan.patch
+++ b/ubsan.patch
@@ -1,5 +1,7 @@
--- a/src/raptor_rfc2396.c.orig
-+++ b/src/raptor_rfc2396.c
+Index: src/raptor_rfc2396.c
+===================================================================
+--- src/raptor_rfc2396.c.orig
+++ src/raptor_rfc2396.c
@@ -386,7 +386,7 @@ raptor_uri_normalize_path(unsigned char*
   }