Hello community, here is the log from the commit of package raptor for openSUSE:Factory checked in at 2020-11-17 21:21:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/raptor (Old) and /work/SRC/openSUSE:Factory/.raptor.new.24930 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "raptor" Tue Nov 17 21:21:09 2020 rev:41 rq:848405 version:2.0.15 Changes: -------- --- /work/SRC/openSUSE:Factory/raptor/raptor.changes 2015-04-28 20:48:01.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.raptor.new.24930/raptor.changes 2020-11-17 21:21:12.925079561 +0100 @@ -1,0 +2,6 @@ +Tue Nov 10 08:59:36 UTC 2020 - Dirk Mueller <dmuel...@suse.com> + +- add 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1, + ubsan.patch (bsc#1178593, CVE-2017-18926) + +------------------------------------------------------------------- New: ---- 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 ubsan.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ raptor.spec ++++++ --- /var/tmp/diff_new_pack.GeD6ai/_old 2020-11-17 21:21:14.081081307 +0100 +++ /var/tmp/diff_new_pack.GeD6ai/_new 2020-11-17 21:21:14.085081314 +0100 @@ -1,7 +1,7 @@ # # spec file for package raptor # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -20,19 +20,20 @@ Version: 2.0.15 Release: 0 Summary: RDF Parser Toolkit -License: LGPL-2.1+ or GPL-2.0+ or Apache-2.0 +License: LGPL-2.1-or-later OR GPL-2.0-or-later OR Apache-2.0 Group: System/Libraries -Url: http://librdf.org/raptor/ +URL: http://librdf.org/raptor/ Source0: http://download.librdf.org/source/%{name}2-%{version}.tar.gz Source1: http://download.librdf.org/source/raptor2-%{version}.tar.gz.asc Source2: %{name}.keyring Source3: baselibs.conf +Patch1: https://raw.githubusercontent.com/LibreOffice/core/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 +Patch2: https://raw.githubusercontent.com/LibreOffice/core/master/external/redland/raptor/ubsan.patch BuildRequires: bison BuildRequires: curl-devel BuildRequires: libicu-devel BuildRequires: libxslt-devel -BuildRequires: pkg-config -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: pkgconfig %if !0%{?sles_version} BuildRequires: pkgconfig(libxml-2.0) %else @@ -66,6 +67,8 @@ %prep %setup -q -n %{name}2-%{version} +%patch1 -p1 +%patch2 %build %configure \ @@ -74,10 +77,10 @@ --with-pic \ --with-icu-config=%{_bindir}/icu-config \ --with-html-dir=%{_docdir} -make %{?_smp_mflags} +%make_build %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%make_install mv %{buildroot}%{_docdir}/raptor2 %{buildroot}%{_docdir}/raptor-devel #causes some ugly dependency bloat.. rm -f %{buildroot}%{_libdir}/libraptor2.la @@ -88,24 +91,21 @@ unset MALLOC_CHECK_ %post -n libraptor2-0 -p /sbin/ldconfig - %postun -n libraptor2-0 -p /sbin/ldconfig %files -%defattr(-,root,root) -%doc AUTHORS COPYING COPYING.LIB ChangeLog LICENSE.txt NEWS README +%license COPYING COPYING.LIB LICENSE.txt +%doc AUTHORS ChangeLog NEWS README %{_bindir}/rapper %{_mandir}/man?/* %files -n libraptor-devel -%defattr(-,root,root) %doc %{_docdir}/raptor-devel %{_libdir}/lib*.so %{_includedir}/* %{_libdir}/pkgconfig/*.pc %files -n libraptor2-0 -%defattr(-,root,root) %{_libdir}/libraptor2.so.0* %changelog ++++++ 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 ++++++ From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001 From: Dave Beckett <d...@dajobe.org> Date: Sun, 16 Apr 2017 23:15:12 +0100 Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer (raptor_xml_writer_start_element_common): Calculate max including for each attribute a potential name and value. Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617 and #0000618 http://bugs.librdf.org/mantis/view.php?id=618 --- src/raptor_xml_writer.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c index 693b946..0d3a36a 100644 --- a/src/raptor_xml_writer.c +++ b/src/raptor_xml_writer.c @@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, size_t nspace_declarations_count = 0; unsigned int i; - /* max is 1 per element and 1 for each attribute + size of declared */ if(nstack) { - int nspace_max_count = element->attribute_count+1; + int nspace_max_count = element->attribute_count * 2; /* attr and value */ + if(element->name->nspace) + nspace_max_count++; if(element->declared_nspaces) nspace_max_count += raptor_sequence_size(element->declared_nspaces); if(element->xml_language) @@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, } } - /* Add the attribute + value */ + /* Add the attribute's value */ nspace_declarations[nspace_declarations_count].declaration= raptor_qname_format_as_xml(element->attributes[i], &nspace_declarations[nspace_declarations_count].length); -- 2.9.3 ++++++ ubsan.patch ++++++ --- src/raptor_rfc2396.c +++ src/raptor_rfc2396.c @@ -386,7 +386,7 @@ } - if(prev && s == (cur+2) && cur[0] == '.' && cur[1] == '.') { + if(prev && cur && s == (cur+2) && cur[0] == '.' && cur[1] == '.') { /* Remove <component>/.. at the end of the path */ *prev = '\0'; path_len -= (s-prev); --- src/raptor_uri.c +++ src/raptor_uri.c @@ -1336,9 +1336,9 @@ !strncmp((const char*)base_detail->scheme, (const char*)reference_detail->scheme, base_detail->scheme_len) && - !strncmp((const char*)base_detail->authority, + (base_detail->authority_len == 0 || !strncmp((const char*)base_detail->authority, (const char*)reference_detail->authority, - base_detail->authority_len)) { + base_detail->authority_len))) { if(!base_detail->path) { if(reference_detail->path) { _______________________________________________ openSUSE Commits mailing list -- commit@lists.opensuse.org To unsubscribe, email commit-le...@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
