Accepting request 848405 from X11:common:Factory

- add 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1, ubsan.patch (bsc#1178593, CVE-2017-18926) OBS-URL: https://build.opensuse.org/request/show/848405 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/raptor?expand=0&rev=41
2020-11-17 20:21:09 +00:00 · 2020-11-17 20:21:09 +00:00 · 37f280ba30
commit 37f280ba30
parent 4519c45bdd 310f7f2dbb
4 changed files with 87 additions and 13 deletions
--- a/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
+++ b/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
@ -0,0 +1,43 @@
+From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Sun, 16 Apr 2017 23:15:12 +0100
+Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
+
+(raptor_xml_writer_start_element_common): Calculate max including for
+each attribute a potential name and value.
+
+Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
+and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
+---
+ src/raptor_xml_writer.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 693b946..0d3a36a 100644
+--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
+@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+   size_t nspace_declarations_count = 0;  
+   unsigned int i;
+ 
+-  /* max is 1 per element and 1 for each attribute + size of declared */
+   if(nstack) {
+-    int nspace_max_count = element->attribute_count+1;
+    int nspace_max_count = element->attribute_count * 2; /* attr and value */
+    if(element->name->nspace)
+      nspace_max_count++;
+     if(element->declared_nspaces)
+       nspace_max_count += raptor_sequence_size(element->declared_nspaces);
+     if(element->xml_language)
+@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+         }
+       }
+ 
+-      /* Add the attribute + value */
+      /* Add the attribute's value */
+       nspace_declarations[nspace_declarations_count].declaration=
+         raptor_qname_format_as_xml(element->attributes[i],
+                                    &nspace_declarations[nspace_declarations_count].length);
+-- 
+2.9.3
+
--- a/raptor.changes
+++ b/raptor.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Nov 10 08:59:36 UTC 2020 - Dirk Mueller <dmueller@suse.com>
+
+- add 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1,
+ ubsan.patch (bsc#1178593, CVE-2017-18926)
+
 -------------------------------------------------------------------
 Sun Apr 26 19:52:44 UTC 2015 - mpluskal@suse.com

--- a/raptor.spec
+++ b/raptor.spec
@ -1,7 +1,7 @@
 #
 # spec file for package raptor
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


@ -20,19 +20,20 @@ Name:           raptor
 Version:        2.0.15
 Release:        0
 Summary:        RDF Parser Toolkit
-License:        LGPL-2.1+ or GPL-2.0+ or Apache-2.0
+License:        LGPL-2.1-or-later OR GPL-2.0-or-later OR Apache-2.0
 Group:          System/Libraries
-Url:            http://librdf.org/raptor/
+URL:            http://librdf.org/raptor/
 Source0:        http://download.librdf.org/source/%{name}2-%{version}.tar.gz
 Source1:        http://download.librdf.org/source/raptor2-%{version}.tar.gz.asc
 Source2:        %{name}.keyring
 Source3:        baselibs.conf
+Patch1:         https://raw.githubusercontent.com/LibreOffice/core/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
+Patch2:         https://raw.githubusercontent.com/LibreOffice/core/master/external/redland/raptor/ubsan.patch
 BuildRequires:  bison
 BuildRequires:  curl-devel
 BuildRequires:  libicu-devel
 BuildRequires:  libxslt-devel
-BuildRequires:  pkg-config
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+BuildRequires:  pkgconfig
 %if !0%{?sles_version}
 BuildRequires:  pkgconfig(libxml-2.0)
 %else
@ -66,6 +67,8 @@ raptor library.

 %prep
 %setup -q -n %{name}2-%{version}
+%patch1 -p1
+%patch2

 %build
 %configure \
@ -74,10 +77,10 @@ raptor library.
 	--with-pic \
 	--with-icu-config=%{_bindir}/icu-config \
 	--with-html-dir=%{_docdir}
-make %{?_smp_mflags}
+%make_build

 %install
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
+%make_install
 mv %{buildroot}%{_docdir}/raptor2 %{buildroot}%{_docdir}/raptor-devel
 #causes some ugly  dependency bloat..
 rm -f %{buildroot}%{_libdir}/libraptor2.la
@ -88,24 +91,21 @@ make check
 unset MALLOC_CHECK_

 %post -n libraptor2-0 -p /sbin/ldconfig
-
 %postun -n libraptor2-0 -p /sbin/ldconfig

 %files
-%defattr(-,root,root)
-%doc AUTHORS COPYING COPYING.LIB ChangeLog LICENSE.txt NEWS README
+%license COPYING COPYING.LIB LICENSE.txt
+%doc AUTHORS ChangeLog NEWS README
 %{_bindir}/rapper
 %{_mandir}/man?/*

 %files -n libraptor-devel
-%defattr(-,root,root)
 %doc %{_docdir}/raptor-devel
 %{_libdir}/lib*.so
 %{_includedir}/*
 %{_libdir}/pkgconfig/*.pc

 %files -n libraptor2-0
-%defattr(-,root,root)
 %{_libdir}/libraptor2.so.0*

 %changelog
--- a/ubsan.patch
+++ b/ubsan.patch
@ -0,0 +1,25 @@
+--- src/raptor_rfc2396.c
+++ src/raptor_rfc2396.c
+@@ -386,7 +386,7 @@
+   } 
+ 
+   
+-  if(prev && s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
+  if(prev && cur && s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
+     /* Remove <component>/.. at the end of the path */
+     *prev = '\0';
+     path_len -= (s-prev);
+--- src/raptor_uri.c
+++ src/raptor_uri.c
+@@ -1336,9 +1336,9 @@
+      !strncmp((const char*)base_detail->scheme, 
+               (const char*)reference_detail->scheme,
+               base_detail->scheme_len) &&
+-     !strncmp((const char*)base_detail->authority, 
+     (base_detail->authority_len == 0 || !strncmp((const char*)base_detail->authority, 
+               (const char*)reference_detail->authority,
+-              base_detail->authority_len)) {
+              base_detail->authority_len))) {
+     
+     if(!base_detail->path) {
+       if(reference_detail->path) {