Re: [Security Update] textproc/raptor

Mon, 09 Nov 2020 23:49:45 -0800 

On 2020/11/10 01:46, wen heping wrote:
> Hi, ports@:
> 
>    Here is a patch for textproc/raptor from upstream to fix CVE-2017-18926.
>    It build well and pass all tests on amd64-6.8 system.
> 
> Cheers !
> wen

I have added upstream commit information from the header from the upstream
commit and committed this. To get this information, add .patch to the github 
url,
i.e.  
https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f.patch


> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/textproc/raptor/Makefile,v
> retrieving revision 1.18
> diff -u -p -r1.18 Makefile
> --- Makefile  9 Jun 2020 07:14:45 -0000       1.18
> +++ Makefile  10 Nov 2020 01:41:31 -0000
> @@ -5,7 +5,7 @@ COMMENT=              RDF Parser Toolkit for Redland
>  DISTNAME=            raptor2-2.0.15
>  PKGNAME=             ${DISTNAME:C/raptor2/raptor/}
>  CATEGORIES=          textproc
> -REVISION=            3
> +REVISION=            4
>  
>  SHARED_LIBS +=  raptor2              0.0      # 0.0
>  
> Index: patches/patch-src_raptor_xml_writer_c
> ===================================================================
> RCS file: patches/patch-src_raptor_xml_writer_c
> diff -N patches/patch-src_raptor_xml_writer_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_raptor_xml_writer_c     10 Nov 2020 01:41:31 -0000
> @@ -0,0 +1,29 @@
> +$OpenBSD$
> +
> +Upstream fix CVE-2017-18926.
> +
> +Index: src/raptor_xml_writer.c
> +--- src/raptor_xml_writer.c.orig
> ++++ src/raptor_xml_writer.c
> +@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writ
> +   size_t nspace_declarations_count = 0;  
> +   unsigned int i;
> + 
> +-  /* max is 1 per element and 1 for each attribute + size of declared */
> +   if(nstack) {
> +-    int nspace_max_count = element->attribute_count+1;
> ++    int nspace_max_count = element->attribute_count * 2; /* attr and value 
> */
> ++    if(element->name->nspace)
> ++      nspace_max_count++;
> +     if(element->declared_nspaces)
> +       nspace_max_count += raptor_sequence_size(element->declared_nspaces);
> +     if(element->xml_language)
> +@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writ
> +         }
> +       }
> + 
> +-      /* Add the attribute + value */
> ++      /* Add the attribute's value */
> +       nspace_declarations[nspace_declarations_count].declaration=
> +         raptor_qname_format_as_xml(element->attributes[i],
> +                                    
> &nspace_declarations[nspace_declarations_count].length);

Reply via email to