3 files changed, 77 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57822.patch b/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57822.patch
new file mode 100644
index 0000000000..cb98f4250c
--- /dev/null
+++ b/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57822.patch
@@ -0,0 +1,44 @@
+From 3b0ded4ae8110b6291d030af927ecd08197e668f Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Thu, 6 Feb 2025 21:12:37 -0800
+Subject: [PATCH] Fix Github issue 70 A) Integer Underflow in
+ raptor_uri_normalize_path()
+From: Dave Beckett <dave@dajobe.org>
+(raptor_uri_normalize_path): Return empty buffer if path gets to 0
+length
+CVE: CVE-2024-57822
+Upstream-Status: Backport [github.com/dajobe/raptor/commit/da7a79976bd0314c23cce55d22495e7d29301c44]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/raptor_rfc2396.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+diff --git a/src/raptor_rfc2396.c b/src/raptor_rfc2396.c
+index 89183d9..2f0195f 100644
+--- a/src/raptor_rfc2396.c
+++ b/src/raptor_rfc2396.c
+@@ -351,6 +351,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
+           *dest++ = *s++;
+         *dest = '\0';
+         path_len -= len;
+        if(path_len <= 0) {
+          *path_buffer = '\0';
+          return 0;
+        }
+ 
+         if(p && p < prev) {
+           /* We know the previous prev path component and we didn't do
+@@ -390,6 +394,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
+     /* Remove <component>/.. at the end of the path */
+     *prev = '\0';
+     path_len -= (s-prev);
+    if(path_len <= 0) {
+      *path_buffer = '\0';
+      return 0;
+    }
+   }
+ 
+ 
diff --git a/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57823.patch b/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57823.patch
new file mode 100644
index 0000000000..79833a55cb
--- /dev/null
+++ b/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57823.patch
@@ -0,0 +1,31 @@
+From 0b028dd16eb504d3d4dcfa9c72ceb29a9e1f3915 Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Fri, 7 Feb 2025 11:38:34 -0800
+Subject: [PATCH] Fix Github issue 70 B) Heap read buffer overflow in ntriples
+ bnode
+From: Dave Beckett <dave@dajobe.org>
+(raptor_ntriples_parse_term_internal): Only allow looking at the last
+character of a bnode ID only if bnode length >0
+CVE: CVE-2024-57823
+Upstream-Status: Backport [https://github.com/dajobe/raptor/commit/ece2c79df43091686a538b8231cf387d84bfa60e]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/raptor_ntriples.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/raptor_ntriples.c b/src/raptor_ntriples.c
+index 3276e79..ecc4247 100644
+--- a/src/raptor_ntriples.c
+++ b/src/raptor_ntriples.c
+@@ -212,7 +212,7 @@ raptor_ntriples_parse_term_internal(raptor_world* world,
+             locator->column--;
+             locator->byte--;
+           }
+-          if(term_class == RAPTOR_TERM_CLASS_BNODEID && dest[-1] == '.') {
+          if(term_class == RAPTOR_TERM_CLASS_BNODEID && position > 0 && dest[-1] == '.') {
+             /* If bnode id ended on '.' move back one */
+             dest--;
+ 
diff --git a/meta-oe/recipes-support/raptor2/raptor2_2.0.16.bb b/meta-oe/recipes-support/raptor2/raptor2_2.0.16.bb
index 03e57ce86f..1b77103a8d 100644
--- a/meta-oe/recipes-support/raptor2/raptor2_2.0.16.bb
+++ b/meta-oe/recipes-support/raptor2/raptor2_2.0.16.bb
@@ -13,6 +13,8 @@ SRC_URI = " \
    http://download.librdf.org/source/${BPN}-${PV}.tar.gz \
    file://0001-Remove-the-access-to-entities-checked-private-symbol.patch \
    file://raptor-2.0.16-dont_use_curl-config.patch \
+    file://CVE-2024-57822.patch \
+    file://CVE-2024-57823.patch \
 "
 SRC_URI[sha256sum] = "089db78d7ac982354bdbf39d973baf09581e6904ac4c92a98c5caadb3de44680"

diff --git a/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57822.patch b/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57822.patch new file mode 100644 index 0000000000..cb98f4250c --- /dev/null +++ b/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57822.patch
@@ -0,0 +1,44 @@
		1	From 3b0ded4ae8110b6291d030af927ecd08197e668f Mon Sep 17 00:00:00 2001
		2	From: Gyorgy Sarvari <skandigraun@gmail.com>
		3	Date: Thu, 6 Feb 2025 21:12:37 -0800
		4	Subject: [PATCH] Fix Github issue 70 A) Integer Underflow in
		5	raptor_uri_normalize_path()
		6
		7	From: Dave Beckett <dave@dajobe.org>
		8
		9	(raptor_uri_normalize_path): Return empty buffer if path gets to 0
		10	length
		11
		12	CVE: CVE-2024-57822
		13	Upstream-Status: Backport [github.com/dajobe/raptor/commit/da7a79976bd0314c23cce55d22495e7d29301c44]
		14	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		15	---
		16	src/raptor_rfc2396.c \| 8 ++++++++
		17	1 file changed, 8 insertions(+)
		18
		19	diff --git a/src/raptor_rfc2396.c b/src/raptor_rfc2396.c
		20	index 89183d9..2f0195f 100644
		21	--- a/src/raptor_rfc2396.c
		22	+++ b/src/raptor_rfc2396.c
		23	@@ -351,6 +351,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
		24	dest++ = s++;
		25	*dest = '\0';
		26	path_len -= len;
		27	+ if(path_len <= 0) {
		28	+ *path_buffer = '\0';
		29	+ return 0;
		30	+ }
		31
		32	if(p && p < prev) {
		33	/* We know the previous prev path component and we didn't do
		34	@@ -390,6 +394,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
		35	/* Remove <component>/.. at the end of the path */
		36	*prev = '\0';
		37	path_len -= (s-prev);
		38	+ if(path_len <= 0) {
		39	+ *path_buffer = '\0';
		40	+ return 0;
		41	+ }
		42	}
		43
		44


diff --git a/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57823.patch b/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57823.patch new file mode 100644 index 0000000000..79833a55cb --- /dev/null +++ b/meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57823.patch
@@ -0,0 +1,31 @@
		1	From 0b028dd16eb504d3d4dcfa9c72ceb29a9e1f3915 Mon Sep 17 00:00:00 2001
		2	From: Gyorgy Sarvari <skandigraun@gmail.com>
		3	Date: Fri, 7 Feb 2025 11:38:34 -0800
		4	Subject: [PATCH] Fix Github issue 70 B) Heap read buffer overflow in ntriples
		5	bnode
		6
		7	From: Dave Beckett <dave@dajobe.org>
		8
		9	(raptor_ntriples_parse_term_internal): Only allow looking at the last
		10	character of a bnode ID only if bnode length >0
		11
		12	CVE: CVE-2024-57823
		13	Upstream-Status: Backport [https://github.com/dajobe/raptor/commit/ece2c79df43091686a538b8231cf387d84bfa60e]
		14	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		15	---
		16	src/raptor_ntriples.c \| 2 +-
		17	1 file changed, 1 insertion(+), 1 deletion(-)
		18
		19	diff --git a/src/raptor_ntriples.c b/src/raptor_ntriples.c
		20	index 3276e79..ecc4247 100644
		21	--- a/src/raptor_ntriples.c
		22	+++ b/src/raptor_ntriples.c
		23	@@ -212,7 +212,7 @@ raptor_ntriples_parse_term_internal(raptor_world* world,
		24	locator->column--;
		25	locator->byte--;
		26	}
		27	- if(term_class == RAPTOR_TERM_CLASS_BNODEID && dest[-1] == '.') {
		28	+ if(term_class == RAPTOR_TERM_CLASS_BNODEID && position > 0 && dest[-1] == '.') {
		29	/* If bnode id ended on '.' move back one */
		30	dest--;
		31


diff --git a/meta-oe/recipes-support/raptor2/raptor2_2.0.16.bb b/meta-oe/recipes-support/raptor2/raptor2_2.0.16.bb index 03e57ce86f..1b77103a8d 100644 --- a/meta-oe/recipes-support/raptor2/raptor2_2.0.16.bb +++ b/meta-oe/recipes-support/raptor2/raptor2_2.0.16.bb
@@ -13,6 +13,8 @@ SRC_URI = " \
13	http://download.librdf.org/source/${BPN}-${PV}.tar.gz \	13	http://download.librdf.org/source/${BPN}-${PV}.tar.gz \
14	file://0001-Remove-the-access-to-entities-checked-private-symbol.patch \	14	file://0001-Remove-the-access-to-entities-checked-private-symbol.patch \
15	file://raptor-2.0.16-dont_use_curl-config.patch \	15	file://raptor-2.0.16-dont_use_curl-config.patch \
		16	file://CVE-2024-57822.patch \
		17	file://CVE-2024-57823.patch \
16	"	18	"
17	SRC_URI[sha256sum] = "089db78d7ac982354bdbf39d973baf09581e6904ac4c92a98c5caadb3de44680"	19	SRC_URI[sha256sum] = "089db78d7ac982354bdbf39d973baf09581e6904ac4c92a98c5caadb3de44680"
18		20