diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2020-11-13 15:06:52 +0100 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-12-11 15:44:38 +0000 |
| commit | ea8b7d21ac4a41fceb1a23f8b5770e792d8dcef1 (patch) | |
| tree | d0196b571decff6ed1e7084fc8d6cb0bf170748b | |
| parent | a8673918347bd1e6a793d75b92f84967a0a3f3a4 (diff) | |
community/raptor2: modernize and patch CVE-2020-25713
| -rw-r--r-- | community/raptor2/APKBUILD | 14 | ||||
| -rw-r--r-- | community/raptor2/CVE-2020-25713.patch | 16 |
2 files changed, 27 insertions, 3 deletions
diff --git a/community/raptor2/APKBUILD b/community/raptor2/APKBUILD index c9bf545f1c0..6c73803254e 100644 --- a/community/raptor2/APKBUILD +++ b/community/raptor2/APKBUILD @@ -1,19 +1,23 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=raptor2 pkgver=2.0.15 -pkgrel=2 +pkgrel=3 pkgdesc="RDF parser toolkit for Redland" url="http://www.librdf.org/raptor" arch="all" license="GPL" +options="!check" # Checking ex-07.rdf FAILED depends_dev="curl-dev libxml2-dev libxslt-dev yajl-dev" makedepends="$depends_dev" subpackages="$pkgname-dev $pkgname-doc" source="http://download.librdf.org/source/raptor2-$pkgver.tar.gz CVE-2017-18926.patch + CVE-2020-25713.patch " # secfixes: +# 2.0.15-r3: +# - CVE-2020-25713 # 2.0.15-r2: # - CVE-2017-18926 @@ -35,9 +39,13 @@ build() { make } +check() { + make check +} + package() { make DESTDIR="$pkgdir" install } - sha512sums="563dd01869eb4df8524ec12e2c0a541653874dcd834bd1eb265bc2943bb616968f624121d4688579cdce11b4f00a8ab53b7099f1a0850e256bb0a2c16ba048ee raptor2-2.0.15.tar.gz -203ae75dae8242fb7988a199df8a7337b0660871f5caa6c9098167536ba880ad55765bb60fd4315020f208ed3ae8dc03eb1b91241851410a961a797192ecb969 CVE-2017-18926.patch" +203ae75dae8242fb7988a199df8a7337b0660871f5caa6c9098167536ba880ad55765bb60fd4315020f208ed3ae8dc03eb1b91241851410a961a797192ecb969 CVE-2017-18926.patch +7fa756a8a74f2f0814e1cd536fb25ea07dac49be6ee8e44213e2c2948c923f7478e84d769a0d9c1eb52bb81a9a256d92833b13da0ccac8635a0eeefd7b7df12a CVE-2020-25713.patch" diff --git a/community/raptor2/CVE-2020-25713.patch b/community/raptor2/CVE-2020-25713.patch new file mode 100644 index 00000000000..b154f928f02 --- /dev/null +++ b/community/raptor2/CVE-2020-25713.patch @@ -0,0 +1,16 @@ +https://bugs.librdf.org/mantis/view.php?id=650 + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 56993dc3..163f34d5 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -216,6 +216,9 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + + if(nstack && element->attributes) { + for(i = 0; i < element->attribute_count; i++) { ++ if (nspace_declarations_count > element->attribute_count) ++ goto error; ++ + /* qname */ + if(element->attributes[i]->nspace) { + /* Check if we need a namespace declaration attribute */ |