aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2020-11-13 15:06:52 +0100
committerLeo <thinkabit.ukim@gmail.com>2020-12-11 15:44:38 +0000
commitea8b7d21ac4a41fceb1a23f8b5770e792d8dcef1 (patch)
treed0196b571decff6ed1e7084fc8d6cb0bf170748b
parenta8673918347bd1e6a793d75b92f84967a0a3f3a4 (diff)
downloadaports-ea8b7d21ac4a41fceb1a23f8b5770e792d8dcef1.tar.gz
aports-ea8b7d21ac4a41fceb1a23f8b5770e792d8dcef1.tar.bz2
aports-ea8b7d21ac4a41fceb1a23f8b5770e792d8dcef1.tar.xz
community/raptor2: modernize and patch CVE-2020-25713
-rw-r--r--community/raptor2/APKBUILD14
-rw-r--r--community/raptor2/CVE-2020-25713.patch16
2 files changed, 27 insertions, 3 deletions
diff --git a/community/raptor2/APKBUILD b/community/raptor2/APKBUILD
index c9bf545f1c..6c73803254 100644
--- a/community/raptor2/APKBUILD
+++ b/community/raptor2/APKBUILD
@@ -1,19 +1,23 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=raptor2
pkgver=2.0.15
-pkgrel=2
+pkgrel=3
pkgdesc="RDF parser toolkit for Redland"
url="http://www.librdf.org/raptor"
arch="all"
license="GPL"
+options="!check" # Checking ex-07.rdf FAILED
depends_dev="curl-dev libxml2-dev libxslt-dev yajl-dev"
makedepends="$depends_dev"
subpackages="$pkgname-dev $pkgname-doc"
source="http://download.librdf.org/source/raptor2-$pkgver.tar.gz
CVE-2017-18926.patch
+ CVE-2020-25713.patch
"
# secfixes:
+# 2.0.15-r3:
+# - CVE-2020-25713
# 2.0.15-r2:
# - CVE-2017-18926
@@ -35,9 +39,13 @@ build() {
make
}
+check() {
+ make check
+}
+
package() {
make DESTDIR="$pkgdir" install
}
-
sha512sums="563dd01869eb4df8524ec12e2c0a541653874dcd834bd1eb265bc2943bb616968f624121d4688579cdce11b4f00a8ab53b7099f1a0850e256bb0a2c16ba048ee raptor2-2.0.15.tar.gz
-203ae75dae8242fb7988a199df8a7337b0660871f5caa6c9098167536ba880ad55765bb60fd4315020f208ed3ae8dc03eb1b91241851410a961a797192ecb969 CVE-2017-18926.patch"
+203ae75dae8242fb7988a199df8a7337b0660871f5caa6c9098167536ba880ad55765bb60fd4315020f208ed3ae8dc03eb1b91241851410a961a797192ecb969 CVE-2017-18926.patch
+7fa756a8a74f2f0814e1cd536fb25ea07dac49be6ee8e44213e2c2948c923f7478e84d769a0d9c1eb52bb81a9a256d92833b13da0ccac8635a0eeefd7b7df12a CVE-2020-25713.patch"
diff --git a/community/raptor2/CVE-2020-25713.patch b/community/raptor2/CVE-2020-25713.patch
new file mode 100644
index 0000000000..b154f928f0
--- /dev/null
+++ b/community/raptor2/CVE-2020-25713.patch
@@ -0,0 +1,16 @@
+https://bugs.librdf.org/mantis/view.php?id=650
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc3..163f34d5 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -216,6 +216,9 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+
+ if(nstack && element->attributes) {
+ for(i = 0; i < element->attribute_count; i++) {
++ if (nspace_declarations_count > element->attribute_count)
++ goto error;
++
+ /* qname */
+ if(element->attributes[i]->nspace) {
+ /* Check if we need a namespace declaration attribute */