From af5c4ad2994768658b2fc44992bdeb4dd4d91e497204adf0668f5df6a51ab274 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Tue, 10 Nov 2020 11:26:27 +0000
Subject: [PATCH] - add
 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch,  ubsan.patch
 (bsc#1178593, CVE-2017-18926)

OBS-URL: https://build.opensuse.org/package/show/X11:common:Factory/raptor?expand=0&rev=42
---
 ...ce-declarations-correctly-for-XML-.patch.1 | 43 +++++++++++++++++++
 raptor.changes                                |  6 +++
 raptor.spec                                   | 26 +++++------
 ubsan.patch                                   | 25 +++++++++++
 4 files changed, 87 insertions(+), 13 deletions(-)
 create mode 100644 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
 create mode 100644 ubsan.patch

diff --git a/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 b/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
new file mode 100644
index 0000000..b6f0765
--- /dev/null
+++ b/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
@@ -0,0 +1,43 @@
+From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Sun, 16 Apr 2017 23:15:12 +0100
+Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
+
+(raptor_xml_writer_start_element_common): Calculate max including for
+each attribute a potential name and value.
+
+Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
+and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
+---
+ src/raptor_xml_writer.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 693b946..0d3a36a 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+   size_t nspace_declarations_count = 0;  
+   unsigned int i;
+ 
+-  /* max is 1 per element and 1 for each attribute + size of declared */
+   if(nstack) {
+-    int nspace_max_count = element->attribute_count+1;
++    int nspace_max_count = element->attribute_count * 2; /* attr and value */
++    if(element->name->nspace)
++      nspace_max_count++;
+     if(element->declared_nspaces)
+       nspace_max_count += raptor_sequence_size(element->declared_nspaces);
+     if(element->xml_language)
+@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+         }
+       }
+ 
+-      /* Add the attribute + value */
++      /* Add the attribute's value */
+       nspace_declarations[nspace_declarations_count].declaration=
+         raptor_qname_format_as_xml(element->attributes[i],
+                                    &nspace_declarations[nspace_declarations_count].length);
+-- 
+2.9.3
+
diff --git a/raptor.changes b/raptor.changes
index f0a8b1f..8200b4f 100644
--- a/raptor.changes
+++ b/raptor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Nov 10 08:59:36 UTC 2020 - Dirk Mueller <dmueller@suse.com>
+
+- add 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch,
+ ubsan.patch (bsc#1178593, CVE-2017-18926)
+
 -------------------------------------------------------------------
 Sun Apr 26 19:52:44 UTC 2015 - mpluskal@suse.com
 
diff --git a/raptor.spec b/raptor.spec
index 770fb15..84540c3 100644
--- a/raptor.spec
+++ b/raptor.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package raptor
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -20,19 +20,20 @@ Name:           raptor
 Version:        2.0.15
 Release:        0
 Summary:        RDF Parser Toolkit
-License:        LGPL-2.1+ or GPL-2.0+ or Apache-2.0
+License:        LGPL-2.1-or-later OR GPL-2.0-or-later OR Apache-2.0
 Group:          System/Libraries
-Url:            http://librdf.org/raptor/
+URL:            http://librdf.org/raptor/
 Source0:        http://download.librdf.org/source/%{name}2-%{version}.tar.gz
 Source1:        http://download.librdf.org/source/raptor2-%{version}.tar.gz.asc
 Source2:        %{name}.keyring
 Source3:        baselibs.conf
+Patch1:         https://raw.githubusercontent.com/LibreOffice/core/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
+Patch2:         https://raw.githubusercontent.com/LibreOffice/core/master/external/redland/raptor/ubsan.patch
 BuildRequires:  bison
 BuildRequires:  curl-devel
 BuildRequires:  libicu-devel
 BuildRequires:  libxslt-devel
-BuildRequires:  pkg-config
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+BuildRequires:  pkgconfig
 %if !0%{?sles_version}
 BuildRequires:  pkgconfig(libxml-2.0)
 %else
@@ -66,6 +67,8 @@ raptor library.
 
 %prep
 %setup -q -n %{name}2-%{version}
+%patch1 -p1
+%patch2
 
 %build
 %configure \
@@ -74,10 +77,10 @@ raptor library.
 	--with-pic \
 	--with-icu-config=%{_bindir}/icu-config \
 	--with-html-dir=%{_docdir}
-make %{?_smp_mflags}
+%make_build
 
 %install
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
+%make_install
 mv %{buildroot}%{_docdir}/raptor2 %{buildroot}%{_docdir}/raptor-devel
 #causes some ugly  dependency bloat..
 rm -f %{buildroot}%{_libdir}/libraptor2.la
@@ -88,24 +91,21 @@ make check
 unset MALLOC_CHECK_
 
 %post -n libraptor2-0 -p /sbin/ldconfig
-
 %postun -n libraptor2-0 -p /sbin/ldconfig
 
 %files
-%defattr(-,root,root)
-%doc AUTHORS COPYING COPYING.LIB ChangeLog LICENSE.txt NEWS README
+%license COPYING COPYING.LIB LICENSE.txt
+%doc AUTHORS ChangeLog NEWS README
 %{_bindir}/rapper
 %{_mandir}/man?/*
 
 %files -n libraptor-devel
-%defattr(-,root,root)
 %doc %{_docdir}/raptor-devel
 %{_libdir}/lib*.so
 %{_includedir}/*
 %{_libdir}/pkgconfig/*.pc
 
 %files -n libraptor2-0
-%defattr(-,root,root)
 %{_libdir}/libraptor2.so.0*
 
 %changelog
diff --git a/ubsan.patch b/ubsan.patch
new file mode 100644
index 0000000..71cfda1
--- /dev/null
+++ b/ubsan.patch
@@ -0,0 +1,25 @@
+--- src/raptor_rfc2396.c
++++ src/raptor_rfc2396.c
+@@ -386,7 +386,7 @@
+   } 
+ 
+   
+-  if(prev && s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
++  if(prev && cur && s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
+     /* Remove <component>/.. at the end of the path */
+     *prev = '\0';
+     path_len -= (s-prev);
+--- src/raptor_uri.c
++++ src/raptor_uri.c
+@@ -1336,9 +1336,9 @@
+      !strncmp((const char*)base_detail->scheme, 
+               (const char*)reference_detail->scheme,
+               base_detail->scheme_len) &&
+-     !strncmp((const char*)base_detail->authority, 
++     (base_detail->authority_len == 0 || !strncmp((const char*)base_detail->authority, 
+               (const char*)reference_detail->authority,
+-              base_detail->authority_len)) {
++              base_detail->authority_len))) {
+     
+     if(!base_detail->path) {
+       if(reference_detail->path) {