summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch33
-rw-r--r--meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb1
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch b/meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch
new file mode 100644
index 0000000000..a2694135e2
--- /dev/null
+++ b/meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch
@@ -0,0 +1,33 @@
1From 00fa124e379fab85217ac62bdd0feddfd9510ae5 Mon Sep 17 00:00:00 2001
2From: Dave Beckett <dave@dajobe.org>
3Date: Sat, 18 Sep 2021 17:40:00 -0700
4Subject: [PATCH] XML Writer : compare namespace declarations correctly
5
6Apply patch from
70001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
8that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650
9which overwrote heap during XML writing in parse type literal
10content. This was detected with clang asan.
11
12Thanks to Michael Stahl / mst2 for the fix.
13
14CVE: CVE-2020-25713
15Upstream-Status: Backport [https://github.com/dajobe/raptor/commit/4f5dbbffcc1c6cf0398bd03450453289a0979dea]
16Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
17---
18 src/raptor_xml_writer.c | 2 +-
19 1 file changed, 1 insertion(+), 1 deletion(-)
20
21diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
22index 0d3a36a..17b1c44 100644
23--- a/src/raptor_xml_writer.c
24+++ b/src/raptor_xml_writer.c
25@@ -221,7 +221,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
26
27 /* check it wasn't an earlier declaration too */
28 for(j = 0; j < nspace_declarations_count; j++)
29- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
30+ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
31 declare_me = 0;
32 break;
33 }
diff --git a/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb b/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb
index 193cf13b21..7ee097b6ce 100644
--- a/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb
+++ b/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb
@@ -12,6 +12,7 @@ DEPENDS = "libxml2 libxslt curl yajl"
12SRC_URI = "http://download.librdf.org/source/${BPN}-${PV}.tar.gz \ 12SRC_URI = "http://download.librdf.org/source/${BPN}-${PV}.tar.gz \
13 file://0001-configure.ac-do-additional-checks-on-libxml2-also-wh.patch \ 13 file://0001-configure.ac-do-additional-checks-on-libxml2-also-wh.patch \
14 file://CVE-2017-18926.patch \ 14 file://CVE-2017-18926.patch \
15 file://CVE-2020-25713.patch \
15 " 16 "
16SRC_URI[md5sum] = "a39f6c07ddb20d7dd2ff1f95fa21e2cd" 17SRC_URI[md5sum] = "a39f6c07ddb20d7dd2ff1f95fa21e2cd"
17SRC_URI[sha256sum] = "ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed" 18SRC_URI[sha256sum] = "ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed"