Details: https://nvd.nist.gov/vuln/detail/CVE-2017-18926
NVD advisory mentions the original announcement on oss-security mailing list[1]. This mentions a bug link[2] related to this vulnerability. The bug mentions the revision of the fix - pick that patch from the project's git repository. [1]: https://www.openwall.com/lists/oss-security/2017/06/07/1 [2]: https://bugs.librdf.org/mantis/view.php?id=617 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../raptor2/files/CVE-2017-18926.patch | 44 +++++++++++++++++++ .../recipes-support/raptor2/raptor2_2.0.15.bb | 8 ++-- 2 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 meta-oe/recipes-support/raptor2/files/CVE-2017-18926.patch diff --git a/meta-oe/recipes-support/raptor2/files/CVE-2017-18926.patch b/meta-oe/recipes-support/raptor2/files/CVE-2017-18926.patch new file mode 100644 index 0000000000..f3211c899b --- /dev/null +++ b/meta-oe/recipes-support/raptor2/files/CVE-2017-18926.patch @@ -0,0 +1,44 @@ +From 686fc0608480f4b2d2f8c60717141ad8e3c5a849 Mon Sep 17 00:00:00 2001 +From: Dave Beckett <[email protected]> +Date: Sun, 16 Apr 2017 23:15:12 +0100 +Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer + +(raptor_xml_writer_start_element_common): Calculate max including for +each attribute a potential name and value. + +Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617 +and #0000618 http://bugs.librdf.org/mantis/view.php?id=618 + +CVE: CVE-2017-18926 +Upstream-Status: Backport [https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/raptor_xml_writer.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 693b946..0d3a36a 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + size_t nspace_declarations_count = 0; + unsigned int i; + +- /* max is 1 per element and 1 for each attribute + size of declared */ + if(nstack) { +- int nspace_max_count = element->attribute_count+1; ++ int nspace_max_count = element->attribute_count * 2; /* attr and value */ ++ if(element->name->nspace) ++ nspace_max_count++; + if(element->declared_nspaces) + nspace_max_count += raptor_sequence_size(element->declared_nspaces); + if(element->xml_language) +@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + } + } + +- /* Add the attribute + value */ ++ /* Add the attribute's value */ + nspace_declarations[nspace_declarations_count].declaration= + raptor_qname_format_as_xml(element->attributes[i], + &nspace_declarations[nspace_declarations_count].length); diff --git a/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb b/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb index 577c6ee00a..193cf13b21 100644 --- a/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb +++ b/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb @@ -9,10 +9,10 @@ LIC_FILES_CHKSUM = " \ DEPENDS = "libxml2 libxslt curl yajl" -SRC_URI = " \ - http://download.librdf.org/source/${BPN}-${PV}.tar.gz \ - file://0001-configure.ac-do-additional-checks-on-libxml2-also-wh.patch \ -" +SRC_URI = "http://download.librdf.org/source/${BPN}-${PV}.tar.gz \ + file://0001-configure.ac-do-additional-checks-on-libxml2-also-wh.patch \ + file://CVE-2017-18926.patch \ + " SRC_URI[md5sum] = "a39f6c07ddb20d7dd2ff1f95fa21e2cd" SRC_URI[sha256sum] = "ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123377): https://lists.openembedded.org/g/openembedded-devel/message/123377 Mute This Topic: https://lists.openembedded.org/mt/117221607/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
