pool/raptor
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- add 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch,

Browse Source 
ubsan.patch (bsc#1178593, CVE-2017-18926)

OBS-URL: https://build.opensuse.org/package/show/X11:common:Factory/raptor?expand=0&rev=42
This commit is contained in:
Dirk Mueller 2020-11-10 11:26:27 +00:00 committed by Git OBS Bridge
parent 2ca944a410
commit af5c4ad299
4 changed files with 87 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 Normal file
View File

@ -0,0 +1,43 @@
From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
From: Dave Beckett <dave@dajobe.org>
Date: Sun, 16 Apr 2017 23:15:12 +0100
Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
(raptor_xml_writer_start_element_common): Calculate max including for
each attribute a potential name and value.
Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
---
src/raptor_xml_writer.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
index 693b946..0d3a36a 100644
--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
size_t nspace_declarations_count = 0;
unsigned int i;
- /* max is 1 per element and 1 for each attribute + size of declared */
if(nstack) {
- int nspace_max_count = element->attribute_count+1;
+ int nspace_max_count = element->attribute_count * 2; /* attr and value */
+ if(element->name->nspace)
+ nspace_max_count++;
if(element->declared_nspaces)
nspace_max_count += raptor_sequence_size(element->declared_nspaces);
if(element->xml_language)
@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
}
}
- /* Add the attribute + value */
+ /* Add the attribute's value */
nspace_declarations[nspace_declarations_count].declaration=
raptor_qname_format_as_xml(element->attributes[i],
&nspace_declarations[nspace_declarations_count].length);
--
2.9.3

6
raptor.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Nov 10 08:59:36 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- add 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch,
ubsan.patch (bsc#1178593, CVE-2017-18926)
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Apr 26 19:52:44 UTC 2015 - mpluskal@suse.com Sun Apr 26 19:52:44 UTC 2015 - mpluskal@suse.com

26
raptor.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package raptor # spec file for package raptor
# #
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2020 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
@ -20,19 +20,20 @@ Name: raptor
Version: 2.0.15 Version: 2.0.15
Release: 0 Release: 0
Summary: RDF Parser Toolkit Summary: RDF Parser Toolkit
License: LGPL-2.1+ or GPL-2.0+ or Apache-2.0 License: LGPL-2.1-or-later OR GPL-2.0-or-later OR Apache-2.0
Group: System/Libraries Group: System/Libraries
Url: http://librdf.org/raptor/ URL: http://librdf.org/raptor/
Source0: http://download.librdf.org/source/%{name}2-%{version}.tar.gz Source0: http://download.librdf.org/source/%{name}2-%{version}.tar.gz
Source1: http://download.librdf.org/source/raptor2-%{version}.tar.gz.asc Source1: http://download.librdf.org/source/raptor2-%{version}.tar.gz.asc
Source2: %{name}.keyring Source2: %{name}.keyring
Source3: baselibs.conf Source3: baselibs.conf
Patch1: https://raw.githubusercontent.com/LibreOffice/core/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
Patch2: https://raw.githubusercontent.com/LibreOffice/core/master/external/redland/raptor/ubsan.patch
BuildRequires: bison BuildRequires: bison
BuildRequires: curl-devel BuildRequires: curl-devel
BuildRequires: libicu-devel BuildRequires: libicu-devel
BuildRequires: libxslt-devel BuildRequires: libxslt-devel
BuildRequires: pkg-config BuildRequires: pkgconfig
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if !0%{?sles_version} %if !0%{?sles_version}
BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(libxml-2.0)
%else %else
@ -66,6 +67,8 @@ raptor library.
%prep %prep
%setup -q -n %{name}2-%{version} %setup -q -n %{name}2-%{version}
%patch1 -p1
%patch2
%build %build
%configure \ %configure \
@ -74,10 +77,10 @@ raptor library.
--with-pic \ --with-pic \
--with-icu-config=%{_bindir}/icu-config \ --with-icu-config=%{_bindir}/icu-config \
--with-html-dir=%{_docdir} --with-html-dir=%{_docdir}
make %{?_smp_mflags} %make_build
%install %install
make DESTDIR=%{buildroot} install %{?_smp_mflags} %make_install
mv %{buildroot}%{_docdir}/raptor2 %{buildroot}%{_docdir}/raptor-devel mv %{buildroot}%{_docdir}/raptor2 %{buildroot}%{_docdir}/raptor-devel
#causes some ugly dependency bloat.. #causes some ugly dependency bloat..
rm -f %{buildroot}%{_libdir}/libraptor2.la rm -f %{buildroot}%{_libdir}/libraptor2.la
@ -88,24 +91,21 @@ make check
unset MALLOC_CHECK_ unset MALLOC_CHECK_
%post -n libraptor2-0 -p /sbin/ldconfig %post -n libraptor2-0 -p /sbin/ldconfig
%postun -n libraptor2-0 -p /sbin/ldconfig %postun -n libraptor2-0 -p /sbin/ldconfig
%files %files
%defattr(-,root,root) %license COPYING COPYING.LIB LICENSE.txt
%doc AUTHORS COPYING COPYING.LIB ChangeLog LICENSE.txt NEWS README %doc AUTHORS ChangeLog NEWS README
%{_bindir}/rapper %{_bindir}/rapper
%{_mandir}/man?/* %{_mandir}/man?/*
%files -n libraptor-devel %files -n libraptor-devel
%defattr(-,root,root)
%doc %{_docdir}/raptor-devel %doc %{_docdir}/raptor-devel
%{_libdir}/lib*.so %{_libdir}/lib*.so
%{_includedir}/* %{_includedir}/*
%{_libdir}/pkgconfig/*.pc %{_libdir}/pkgconfig/*.pc
%files -n libraptor2-0 %files -n libraptor2-0
%defattr(-,root,root)
%{_libdir}/libraptor2.so.0* %{_libdir}/libraptor2.so.0*
%changelog %changelog

25
ubsan.patch Normal file
View File

@ -0,0 +1,25 @@
--- src/raptor_rfc2396.c
+++ src/raptor_rfc2396.c
@@ -386,7 +386,7 @@
}
- if(prev && s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
+ if(prev && cur && s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
/* Remove <component>/.. at the end of the path */
*prev = '\0';
path_len -= (s-prev);
--- src/raptor_uri.c
+++ src/raptor_uri.c
@@ -1336,9 +1336,9 @@
!strncmp((const char*)base_detail->scheme,
(const char*)reference_detail->scheme,
base_detail->scheme_len) &&
- !strncmp((const char*)base_detail->authority,
+ (base_detail->authority_len == 0 || !strncmp((const char*)base_detail->authority,
(const char*)reference_detail->authority,
- base_detail->authority_len)) {
+ base_detail->authority_len))) {
if(!base_detail->path) {
if(reference_detail->path) {