packages/raptor2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:8a2c8535627d3857d0a80bc98b0b1ba5b44ae866
Branches Tags
packages:main
..
compare: packages:00830050c0d71d40d64fd85e4e88ae7691709ea5
Branches Tags
packages:main

No commits in common. "8a2c8535627d3857d0a80bc98b0b1ba5b44ae866" and "00830050c0d71d40d64fd85e4e88ae7691709ea5" have entirely different histories.
8a2c853562 ... 00830050c0

6 changed files with 1 additions and 334 deletions
Show Stats Expand all files Collapse all files

33
CVE-2020-25713.patch
View File

@ -1,33 +0,0 @@
From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Tue, 24 Nov 2020 10:30:20 +0000
Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
segfault
due to an out of bounds array access in
raptor_xml_writer_start_element_common
See:
https://bugs.mageia.org/show_bug.cgi?id=27605
https://www.openwall.com/lists/oss-security/2020/11/13/1
https://gerrit.libreoffice.org/c/core/+/106249
---
src/raptor_xml_writer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
index 56993dc3..4426d38c 100644
--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
/* check it wasn't an earlier declaration too */
for(j = 0; j < nspace_declarations_count; j++)
- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
+ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
declare_me = 0;
break;
}
--
2.28.0

31
Remove-the-access-to-entities-checked-private-symbol-for-libxml2-2.11.0.patch
View File

@ -1,31 +0,0 @@
From 4dbc4c1da2a033c497d84a1291c46f416a9cac51 Mon Sep 17 00:00:00 2001
From: David Anes <david.anes@suse.com>
Date: Thu, 4 May 2023 11:54:02 +0200
Subject: [PATCH] Remove the access to entities 'checked' private symbol for
libxml2 2.11.0
Since version 2.11.0, some private symbols that were never intended
as public API/ABI have been removed from libxml2, therefore the field
'checked' is no longer present and raptor fails to build in this
scenario.
---
src/raptor_libxml.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/raptor_libxml.c b/src/raptor_libxml.c
index 538c2c8e..8bcee139 100644
--- a/src/raptor_libxml.c
+++ b/src/raptor_libxml.c
@@ -246,10 +246,11 @@ raptor_libxml_getEntity(void* user_data, const xmlChar *name)
ret->owner = 1;
-#if LIBXML_VERSION >= 20627
+#if LIBXML_VERSION >= 20627 && LIBXML_VERSION < 21100
/* Checked field was released in 2.6.27 on 2006-10-25
* http://git.gnome.org/browse/libxml2/commit/?id=a37a6ad91a61d168ecc4b29263def3363fff4da6
*
+ * and was later removed in version 2.11.0
*/
/* Mark this entity as having been checked - never do this again */

38
backport-0001-CVE-2024-57823.patch
View File

@ -1,38 +0,0 @@
From da7a79976bd0314c23cce55d22495e7d29301c44 Mon Sep 17 00:00:00 2001
From: Dave Beckett <dave@dajobe.org>
Date: Thu, 6 Feb 2025 21:12:37 -0800
Subject: [PATCH] Fix Github issue 70 A) Integer Underflow in
raptor_uri_normalize_path()
(raptor_uri_normalize_path): Return empty buffer if path gets to 0
length
---
src/raptor_rfc2396.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/raptor_rfc2396.c b/src/raptor_rfc2396.c
index 8cc364f4..f8ec5798 100644
--- a/src/raptor_rfc2396.c
+++ b/src/raptor_rfc2396.c
@@ -351,6 +351,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
*dest++ = *s++;
*dest = '\0';
path_len -= len;
+ if(path_len <= 0) {
+ *path_buffer = '\0';
+ return 0;
+ }
if(p && p < prev) {
/* We know the previous prev path component and we didn't do
@@ -390,6 +394,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
/* Remove <component>/.. at the end of the path */
*prev = '\0';
path_len -= (s-prev);
+ if(path_len <= 0) {
+ *path_buffer = '\0';
+ return 0;
+ }
}

212
backport-0002-CVE-2024-57823.patch
View File

@ -1,212 +0,0 @@
From 0f9d4f7216fa310b1583b44321c2e6ff27c552de Mon Sep 17 00:00:00 2001
From: Dave Beckett <dave@dajobe.org>
Date: Thu, 6 Feb 2025 21:10:38 -0800
Subject: [PATCH] Tests for Github issue 70
Tests for https://github.com/dajobe/raptor/issues/70
A) Integer Underflow in raptor_uri_normalize_path()
B) Heap read buffer overflow in raptor_ntriples_parse_term_internal()
---
configure.ac | 1 +
tests/Makefile.am | 2 +-
tests/bugs/.gitignore | 7 +++++
tests/bugs/Makefile.am | 13 +++++++++
tests/bugs/issue70a.c | 58 +++++++++++++++++++++++++++++++++++++++
tests/bugs/issue70b.c | 61 ++++++++++++++++++++++++++++++++++++++++++
6 files changed, 141 insertions(+), 1 deletion(-)
create mode 100644 tests/bugs/.gitignore
create mode 100644 tests/bugs/Makefile.am
create mode 100644 tests/bugs/issue70a.c
create mode 100644 tests/bugs/issue70b.c
diff --git a/configure.ac b/configure.ac
index 10ff870..3dd19aa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1335,6 +1335,7 @@ tests/rdfxml/Makefile
tests/turtle/Makefile
tests/turtle-2013/Makefile
tests/trig/Makefile
+tests/bugs/Makefile
utils/Makefile
librdfa/Makefile
raptor2.pc])
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 70d0dc5..0b17962 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -37,7 +37,7 @@ raptor_empty_test_SOURCES=empty.c
# Used to make N-triples output consistent
BASE_URI=http://librdf.org/raptor/tests/
-SUBDIRS = rdfxml ntriples ntriples-2013 nquads-2013 turtle turtle-2013 trig grddl rdfa rdfa11 json feeds
+SUBDIRS = rdfxml ntriples ntriples-2013 nquads-2013 turtle turtle-2013 trig grddl rdfa rdfa11 json feeds bugs
$(top_builddir)/src/libraptor2.la:
diff --git a/tests/bugs/.gitignore b/tests/bugs/.gitignore
new file mode 100644
index 0000000..bd10e21
--- /dev/null
+++ b/tests/bugs/.gitignore
@@ -0,0 +1,7 @@
+*.o
+.deps
+.libs
+TAGS
+raptor_issue*_test
+raptor_issue*_test.exe
+raptor_issue*_test.trs
diff --git a/tests/bugs/Makefile.am b/tests/bugs/Makefile.am
new file mode 100644
index 0000000..090c99f
--- /dev/null
+++ b/tests/bugs/Makefile.am
@@ -0,0 +1,13 @@
+TESTS=raptor_issue70a_test$(EXEEXT) raptor_issue70b_test$(EXEEXT)
+
+AM_CPPFLAGS=-I$(top_srcdir)/src
+AM_CFLAGS= -I$(top_builddir)/src @CFLAGS@ $(MEM)
+AM_LDFLAGS=$(top_builddir)/src/libraptor2.la $(MEM_LIBS)
+
+EXTRA_PROGRAMS=$(TESTS)
+
+CLEANFILES=$(TESTS)
+
+raptor_issue70a_test_SOURCES=issue70a.c
+raptor_issue70b_test_SOURCES=issue70b.c
+
diff --git a/tests/bugs/issue70a.c b/tests/bugs/issue70a.c
new file mode 100644
index 0000000..f5798ef
--- /dev/null
+++ b/tests/bugs/issue70a.c
@@ -0,0 +1,58 @@
+/* -*- Mode: c; c-basic-offset: 2 -*-
+ *
+ * issue70a.c - Raptor test for GitHub issue 70 first part
+ * Integer Underflow in raptor_uri_normalize_path()
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <raptor_config.h>
+#endif
+
+#include <string.h>
+
+/* Raptor includes */
+#include "raptor2.h"
+#include "raptor_internal.h"
+
+
+int
+main(int argc, const char** argv)
+{
+ const char *program = raptor_basename(argv[0]);
+ const unsigned char* base_uri= (const unsigned char*)"http:o/www.w3.org/2001/sw/DataA#cess/df1.ttl";
+ const unsigned char* reference_uri= (const unsigned char*)".&/../?D/../../1999/02/22-rdf-syntax-ns#";
+#define BUFFER_LEN 84
+ unsigned char buffer[BUFFER_LEN + 1];
+ size_t buffer_length = BUFFER_LEN + 1;
+ int failures = 0;
+#define EXPECTED_RESULT "http:?D/../../1999/02/22-rdf-syntax-ns#"
+#define EXPECTED_RESULT_LEN 39UL
+ int result;
+ size_t result_len;
+
+ buffer[0] = '\0';
+
+ /* Crash used to happens here if RAPTOR_DEBUG > 3
+ * raptor_rfc2396.c:398:raptor_uri_normalize_path: fatal error: Path length 0 does not match calculated -5.
+ */
+ result = raptor_uri_resolve_uri_reference(base_uri, reference_uri,
+ buffer, buffer_length);
+ result_len = strlen((const char*)buffer);
+
+ if(strcmp((const char*)buffer, EXPECTED_RESULT) ||
+ result_len != EXPECTED_RESULT_LEN) {
+ fprintf(stderr, "%s: raptor_uri_resolve_uri_reference() failed with result %d\n", program, result);
+ fprintf(stderr, "%s: Base URI: '%s' (%lu)\n",
+ program, base_uri, strlen((const char*)base_uri));
+ fprintf(stderr, "%s: Ref URI: '%s' (%lu)\n", reference_uri,
+ program, strlen((const char*)reference_uri));
+ fprintf(stderr, "%s: Result buffer: '%s' (%lu)\n", program,
+ buffer, strlen((const char*)buffer));
+ fprintf(stderr, "%s: Expected: '%s' (%lu)\n", program,
+ EXPECTED_RESULT, EXPECTED_RESULT_LEN);
+ failures++;
+ }
+
+ return failures;
+}
diff --git a/tests/bugs/issue70b.c b/tests/bugs/issue70b.c
new file mode 100644
index 0000000..2f1eb3d
--- /dev/null
+++ b/tests/bugs/issue70b.c
@@ -0,0 +1,61 @@
+/* -*- Mode: c; c-basic-offset: 2 -*-
+ *
+ * issue70.c - Raptor test for GitHub issue 70 second part
+ * Heap read buffer overflow in raptor_ntriples_parse_term_internal()
+ *
+ * N-Triples test content: "_:/exaple/o"
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <raptor_config.h>
+#endif
+
+#include <string.h>
+
+/* Raptor includes */
+#include "raptor2.h"
+#include "raptor_internal.h"
+
+
+int
+main(int argc, const char** argv)
+{
+ const char *program = raptor_basename(argv[0]);
+ const unsigned char* ntriples_content = (const unsigned char*)"_:/exaple/o\n";
+#define NTRIPLES_CONTENT_LEN 12
+ const unsigned char* base_uri_string = (const unsigned char*)"http:o/www.w3.org/2001/sw/DataA#cess/df1.ttl";
+ int failures = 0;
+ raptor_world* world = NULL;
+ raptor_uri* base_uri = NULL;
+ raptor_parser* parser = NULL;
+ int result;
+
+ world = raptor_new_world();
+ if(!world)
+ goto cleanup;
+ base_uri = raptor_new_uri(world, base_uri_string);
+ if(!base_uri)
+ goto cleanup;
+ parser = raptor_new_parser(world, "ntriples");
+ if(!parser)
+ goto cleanup;
+
+ (void)raptor_parser_parse_start(parser, base_uri);
+ result = raptor_parser_parse_chunk(parser,
+ ntriples_content,
+ NTRIPLES_CONTENT_LEN, /* is_end */ 1);
+
+ if(result) {
+ fprintf(stderr, "%s: parsing '%s' N-Triples content failed with result %d\n", program, ntriples_content, result);
+ fprintf(stderr, "%s: Base URI: '%s' (%lu)\n",
+ program, base_uri_string, strlen((const char*)base_uri_string));
+ failures++;
+ }
+
+ cleanup:
+ raptor_free_parser(parser);
+ raptor_free_uri(base_uri);
+ raptor_free_world(world);
+
+ return failures;
+}
--
2.33.0

17
raptor2.spec
View File

@ -1,16 +1,10 @@
Name: raptor2 Name: raptor2
Version: 2.0.15 Version: 2.0.15
Release: 20 Release: 17
Summary: Raptor RDF parsing and serializing utility Summary: Raptor RDF parsing and serializing utility
License: GPLv2+ or LGPLv2+ or ASL 2.0 License: GPLv2+ or LGPLv2+ or ASL 2.0
URL: http://librdf.org/raptor/ URL: http://librdf.org/raptor/
Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz
Patch0: CVE-2020-25713.patch
#upstream https://github.com/dajobe/raptor/commit/4dbc4c1da2a033c497d84a1291c46f416a9cac51
Patch1: Remove-the-access-to-entities-checked-private-symbol-for-libxml2-2.11.0.patch
Patch2: backport-0001-CVE-2024-57823.patch
Patch3: backport-0002-CVE-2024-57823.patch
BuildRequires: gcc-c++ curl-devel gtk-doc libicu-devel pkgconfig(libxslt) yajl-devel BuildRequires: gcc-c++ curl-devel gtk-doc libicu-devel pkgconfig(libxslt) yajl-devel
Conflicts: raptor < 1.4.21-10 Conflicts: raptor < 1.4.21-10
@ -73,14 +67,5 @@ make check
%{_mandir}/man3/libraptor2* %{_mandir}/man3/libraptor2*
%changelog %changelog
* Fri Apr 18 2025 zhangliangpengkun <zhangliangpengkun@xfusion.com> - 2.0.15-20
- fix CVE-2024-57823
* Thu Aug 10 2023 xu_ping <707078654@qq.com> - 2.0.15-19
- fix build error due to libxml2 upgrade
* Wed Jul 20 2022 liangqifeng <liangqifeng@ncti-gba.com> - 2.0.15-18
- Fix CVE-2020-25713
* Fri Dec 20 2019 shijian <shijian16@huawei.com> - 2.0.15-17 * Fri Dec 20 2019 shijian <shijian16@huawei.com> - 2.0.15-17
- Package init - Package init

4
raptor2.yaml
View File

@ -1,4 +0,0 @@
version_control: github
src_repo: dajobe/raptor
tag_prefix: "raptor2_"
seperator: "_"