Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 9 Nov 2020 05:30:11 +0000 (UTC)
From:      "Tobias C. Berner" <tcberner@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r554671 - in head/textproc/raptor2: . files
Message-ID:  <202011090530.0A95UBg3060611@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: tcberner
Date: Mon Nov  9 05:30:10 2020
New Revision: 554671
URL: https://svnweb.freebsd.org/changeset/ports/554671

Log:
  textproc/raptor2 heap overflow
  
  According to https://www.openwall.com/lists/oss-security/2017/06/07/1 there are
  two heap overflows in raptor 2.0.15.
  
  A CVE has been assigned:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926
  
  The upstream raptor github repo has a patch:
    https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f.patch
  
  PR:		250971
  Submitted by:	truckman
  MFH:		2020Q4
  Security:	CVE-2017-18926

Added:
  head/textproc/raptor2/files/
  head/textproc/raptor2/files/patch-CVE-2017-18926   (contents, props changed)
Modified:
  head/textproc/raptor2/Makefile

Modified: head/textproc/raptor2/Makefile
==============================================================================
--- head/textproc/raptor2/Makefile	Mon Nov  9 05:28:05 2020	(r554670)
+++ head/textproc/raptor2/Makefile	Mon Nov  9 05:30:10 2020	(r554671)
@@ -3,7 +3,7 @@
 
 PORTNAME=	raptor2
 PORTVERSION=	2.0.15
-PORTREVISION=	15
+PORTREVISION=	16
 CATEGORIES=	textproc
 MASTER_SITES=	http://download.librdf.org/source/ \
 		SF/librdf/${PORTNAME}/${PORTVERSION}

Added: head/textproc/raptor2/files/patch-CVE-2017-18926
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/textproc/raptor2/files/patch-CVE-2017-18926	Mon Nov  9 05:30:10 2020	(r554671)
@@ -0,0 +1,40 @@
+From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Sun, 16 Apr 2017 23:15:12 +0100
+Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
+
+(raptor_xml_writer_start_element_common): Calculate max including for
+each attribute a potential name and value.
+
+Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
+and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
+---
+ src/raptor_xml_writer.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git src/raptor_xml_writer.c.orig src/raptor_xml_writer.c
+index 693b9468..0d3a36a5 100644
+--- src/raptor_xml_writer.c.orig
++++ src/raptor_xml_writer.c
+@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+   size_t nspace_declarations_count = 0;  
+   unsigned int i;
+ 
+-  /* max is 1 per element and 1 for each attribute + size of declared */
+   if(nstack) {
+-    int nspace_max_count = element->attribute_count+1;
++    int nspace_max_count = element->attribute_count * 2; /* attr and value */
++    if(element->name->nspace)
++      nspace_max_count++;
+     if(element->declared_nspaces)
+       nspace_max_count += raptor_sequence_size(element->declared_nspaces);
+     if(element->xml_language)
+@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+         }
+       }
+ 
+-      /* Add the attribute + value */
++      /* Add the attribute's value */
+       nspace_declarations[nspace_declarations_count].declaration=
+         raptor_qname_format_as_xml(element->attributes[i],
+                                    &nspace_declarations[nspace_declarations_count].length);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202011090530.0A95UBg3060611>