diff options
| -rw-r--r-- | meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch | 33 | ||||
| -rw-r--r-- | meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch b/meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch new file mode 100644 index 0000000000..a2694135e2 --- /dev/null +++ b/meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | From 00fa124e379fab85217ac62bdd0feddfd9510ae5 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Dave Beckett <dave@dajobe.org> | ||
| 3 | Date: Sat, 18 Sep 2021 17:40:00 -0700 | ||
| 4 | Subject: [PATCH] XML Writer : compare namespace declarations correctly | ||
| 5 | |||
| 6 | Apply patch from | ||
| 7 | 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 | ||
| 8 | that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650 | ||
| 9 | which overwrote heap during XML writing in parse type literal | ||
| 10 | content. This was detected with clang asan. | ||
| 11 | |||
| 12 | Thanks to Michael Stahl / mst2 for the fix. | ||
| 13 | |||
| 14 | CVE: CVE-2020-25713 | ||
| 15 | Upstream-Status: Backport [https://github.com/dajobe/raptor/commit/4f5dbbffcc1c6cf0398bd03450453289a0979dea] | ||
| 16 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 17 | --- | ||
| 18 | src/raptor_xml_writer.c | 2 +- | ||
| 19 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 20 | |||
| 21 | diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c | ||
| 22 | index 0d3a36a..17b1c44 100644 | ||
| 23 | --- a/src/raptor_xml_writer.c | ||
| 24 | +++ b/src/raptor_xml_writer.c | ||
| 25 | @@ -221,7 +221,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, | ||
| 26 | |||
| 27 | /* check it wasn't an earlier declaration too */ | ||
| 28 | for(j = 0; j < nspace_declarations_count; j++) | ||
| 29 | - if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { | ||
| 30 | + if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { | ||
| 31 | declare_me = 0; | ||
| 32 | break; | ||
| 33 | } | ||
diff --git a/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb b/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb index 193cf13b21..7ee097b6ce 100644 --- a/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb +++ b/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb | |||
| @@ -12,6 +12,7 @@ DEPENDS = "libxml2 libxslt curl yajl" | |||
| 12 | SRC_URI = "http://download.librdf.org/source/${BPN}-${PV}.tar.gz \ | 12 | SRC_URI = "http://download.librdf.org/source/${BPN}-${PV}.tar.gz \ |
| 13 | file://0001-configure.ac-do-additional-checks-on-libxml2-also-wh.patch \ | 13 | file://0001-configure.ac-do-additional-checks-on-libxml2-also-wh.patch \ |
| 14 | file://CVE-2017-18926.patch \ | 14 | file://CVE-2017-18926.patch \ |
| 15 | file://CVE-2020-25713.patch \ | ||
| 15 | " | 16 | " |
| 16 | SRC_URI[md5sum] = "a39f6c07ddb20d7dd2ff1f95fa21e2cd" | 17 | SRC_URI[md5sum] = "a39f6c07ddb20d7dd2ff1f95fa21e2cd" |
| 17 | SRC_URI[sha256sum] = "ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed" | 18 | SRC_URI[sha256sum] = "ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed" |
