Accepting request 848405 from X11:common:Factory
- add 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1, ubsan.patch (bsc#1178593, CVE-2017-18926) OBS-URL: https://build.opensuse.org/request/show/848405 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/raptor?expand=0&rev=41
This commit is contained in:
commit
37f280ba30
@ -0,0 +1,43 @@
|
|||||||
|
From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dave Beckett <dave@dajobe.org>
|
||||||
|
Date: Sun, 16 Apr 2017 23:15:12 +0100
|
||||||
|
Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
|
||||||
|
|
||||||
|
(raptor_xml_writer_start_element_common): Calculate max including for
|
||||||
|
each attribute a potential name and value.
|
||||||
|
|
||||||
|
Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
|
||||||
|
and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
|
||||||
|
---
|
||||||
|
src/raptor_xml_writer.c | 7 ++++---
|
||||||
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
|
||||||
|
index 693b946..0d3a36a 100644
|
||||||
|
--- a/src/raptor_xml_writer.c
|
||||||
|
+++ b/src/raptor_xml_writer.c
|
||||||
|
@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
|
||||||
|
size_t nspace_declarations_count = 0;
|
||||||
|
unsigned int i;
|
||||||
|
|
||||||
|
- /* max is 1 per element and 1 for each attribute + size of declared */
|
||||||
|
if(nstack) {
|
||||||
|
- int nspace_max_count = element->attribute_count+1;
|
||||||
|
+ int nspace_max_count = element->attribute_count * 2; /* attr and value */
|
||||||
|
+ if(element->name->nspace)
|
||||||
|
+ nspace_max_count++;
|
||||||
|
if(element->declared_nspaces)
|
||||||
|
nspace_max_count += raptor_sequence_size(element->declared_nspaces);
|
||||||
|
if(element->xml_language)
|
||||||
|
@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Add the attribute + value */
|
||||||
|
+ /* Add the attribute's value */
|
||||||
|
nspace_declarations[nspace_declarations_count].declaration=
|
||||||
|
raptor_qname_format_as_xml(element->attributes[i],
|
||||||
|
&nspace_declarations[nspace_declarations_count].length);
|
||||||
|
--
|
||||||
|
2.9.3
|
||||||
|
|
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 10 08:59:36 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- add 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1,
|
||||||
|
ubsan.patch (bsc#1178593, CVE-2017-18926)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Apr 26 19:52:44 UTC 2015 - mpluskal@suse.com
|
Sun Apr 26 19:52:44 UTC 2015 - mpluskal@suse.com
|
||||||
|
|
||||||
|
26
raptor.spec
26
raptor.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package raptor
|
# spec file for package raptor
|
||||||
#
|
#
|
||||||
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2020 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -12,7 +12,7 @@
|
|||||||
# license that conforms to the Open Source Definition (Version 1.9)
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
# published by the Open Source Initiative.
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
@ -20,19 +20,20 @@ Name: raptor
|
|||||||
Version: 2.0.15
|
Version: 2.0.15
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: RDF Parser Toolkit
|
Summary: RDF Parser Toolkit
|
||||||
License: LGPL-2.1+ or GPL-2.0+ or Apache-2.0
|
License: LGPL-2.1-or-later OR GPL-2.0-or-later OR Apache-2.0
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
Url: http://librdf.org/raptor/
|
URL: http://librdf.org/raptor/
|
||||||
Source0: http://download.librdf.org/source/%{name}2-%{version}.tar.gz
|
Source0: http://download.librdf.org/source/%{name}2-%{version}.tar.gz
|
||||||
Source1: http://download.librdf.org/source/raptor2-%{version}.tar.gz.asc
|
Source1: http://download.librdf.org/source/raptor2-%{version}.tar.gz.asc
|
||||||
Source2: %{name}.keyring
|
Source2: %{name}.keyring
|
||||||
Source3: baselibs.conf
|
Source3: baselibs.conf
|
||||||
|
Patch1: https://raw.githubusercontent.com/LibreOffice/core/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
|
||||||
|
Patch2: https://raw.githubusercontent.com/LibreOffice/core/master/external/redland/raptor/ubsan.patch
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
BuildRequires: curl-devel
|
BuildRequires: curl-devel
|
||||||
BuildRequires: libicu-devel
|
BuildRequires: libicu-devel
|
||||||
BuildRequires: libxslt-devel
|
BuildRequires: libxslt-devel
|
||||||
BuildRequires: pkg-config
|
BuildRequires: pkgconfig
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
||||||
%if !0%{?sles_version}
|
%if !0%{?sles_version}
|
||||||
BuildRequires: pkgconfig(libxml-2.0)
|
BuildRequires: pkgconfig(libxml-2.0)
|
||||||
%else
|
%else
|
||||||
@ -66,6 +67,8 @@ raptor library.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}2-%{version}
|
%setup -q -n %{name}2-%{version}
|
||||||
|
%patch1 -p1
|
||||||
|
%patch2
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure \
|
%configure \
|
||||||
@ -74,10 +77,10 @@ raptor library.
|
|||||||
--with-pic \
|
--with-pic \
|
||||||
--with-icu-config=%{_bindir}/icu-config \
|
--with-icu-config=%{_bindir}/icu-config \
|
||||||
--with-html-dir=%{_docdir}
|
--with-html-dir=%{_docdir}
|
||||||
make %{?_smp_mflags}
|
%make_build
|
||||||
|
|
||||||
%install
|
%install
|
||||||
make DESTDIR=%{buildroot} install %{?_smp_mflags}
|
%make_install
|
||||||
mv %{buildroot}%{_docdir}/raptor2 %{buildroot}%{_docdir}/raptor-devel
|
mv %{buildroot}%{_docdir}/raptor2 %{buildroot}%{_docdir}/raptor-devel
|
||||||
#causes some ugly dependency bloat..
|
#causes some ugly dependency bloat..
|
||||||
rm -f %{buildroot}%{_libdir}/libraptor2.la
|
rm -f %{buildroot}%{_libdir}/libraptor2.la
|
||||||
@ -88,24 +91,21 @@ make check
|
|||||||
unset MALLOC_CHECK_
|
unset MALLOC_CHECK_
|
||||||
|
|
||||||
%post -n libraptor2-0 -p /sbin/ldconfig
|
%post -n libraptor2-0 -p /sbin/ldconfig
|
||||||
|
|
||||||
%postun -n libraptor2-0 -p /sbin/ldconfig
|
%postun -n libraptor2-0 -p /sbin/ldconfig
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
%license COPYING COPYING.LIB LICENSE.txt
|
||||||
%doc AUTHORS COPYING COPYING.LIB ChangeLog LICENSE.txt NEWS README
|
%doc AUTHORS ChangeLog NEWS README
|
||||||
%{_bindir}/rapper
|
%{_bindir}/rapper
|
||||||
%{_mandir}/man?/*
|
%{_mandir}/man?/*
|
||||||
|
|
||||||
%files -n libraptor-devel
|
%files -n libraptor-devel
|
||||||
%defattr(-,root,root)
|
|
||||||
%doc %{_docdir}/raptor-devel
|
%doc %{_docdir}/raptor-devel
|
||||||
%{_libdir}/lib*.so
|
%{_libdir}/lib*.so
|
||||||
%{_includedir}/*
|
%{_includedir}/*
|
||||||
%{_libdir}/pkgconfig/*.pc
|
%{_libdir}/pkgconfig/*.pc
|
||||||
|
|
||||||
%files -n libraptor2-0
|
%files -n libraptor2-0
|
||||||
%defattr(-,root,root)
|
|
||||||
%{_libdir}/libraptor2.so.0*
|
%{_libdir}/libraptor2.so.0*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
25
ubsan.patch
Normal file
25
ubsan.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
--- src/raptor_rfc2396.c
|
||||||
|
+++ src/raptor_rfc2396.c
|
||||||
|
@@ -386,7 +386,7 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
- if(prev && s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
|
||||||
|
+ if(prev && cur && s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
|
||||||
|
/* Remove <component>/.. at the end of the path */
|
||||||
|
*prev = '\0';
|
||||||
|
path_len -= (s-prev);
|
||||||
|
--- src/raptor_uri.c
|
||||||
|
+++ src/raptor_uri.c
|
||||||
|
@@ -1336,9 +1336,9 @@
|
||||||
|
!strncmp((const char*)base_detail->scheme,
|
||||||
|
(const char*)reference_detail->scheme,
|
||||||
|
base_detail->scheme_len) &&
|
||||||
|
- !strncmp((const char*)base_detail->authority,
|
||||||
|
+ (base_detail->authority_len == 0 || !strncmp((const char*)base_detail->authority,
|
||||||
|
(const char*)reference_detail->authority,
|
||||||
|
- base_detail->authority_len)) {
|
||||||
|
+ base_detail->authority_len))) {
|
||||||
|
|
||||||
|
if(!base_detail->path) {
|
||||||
|
if(reference_detail->path) {
|
Loading…
Reference in New Issue
Block a user