mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

raptor2: patch CVE-2020-25713

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25713

Pick the git cmmit that is mentioned as a solution in the related bug[1]
from the NVD advisory.

[1]: https://bugs.librdf.org/mantis/view.php?id=650

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-01-12 12:20:13 +01:00
parent 7b4d42c640
commit f3af7f8f02
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch
+33
View File
@@ -0,0 +1,33 @@
From 00fa124e379fab85217ac62bdd0feddfd9510ae5 Mon Sep 17 00:00:00 2001
From: Dave Beckett <dave@dajobe.org>
Date: Sat, 18 Sep 2021 17:40:00 -0700
Subject: [PATCH] XML Writer : compare namespace declarations correctly
Apply patch from
0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650
which overwrote heap during XML writing in parse type literal
content. This was detected with clang asan.
Thanks to Michael Stahl / mst2 for the fix.
CVE: CVE-2020-25713
Upstream-Status: Backport [https://github.com/dajobe/raptor/commit/4f5dbbffcc1c6cf0398bd03450453289a0979dea]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/raptor_xml_writer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
index 0d3a36a..17b1c44 100644
--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
@@ -221,7 +221,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
/* check it wasn't an earlier declaration too */
for(j = 0; j < nspace_declarations_count; j++)
- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
+ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
declare_me = 0;
break;
}
meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb
+1
View File
@@ -12,6 +12,7 @@ DEPENDS = "libxml2 libxslt curl yajl"
SRC_URI = "http://download.librdf.org/source/${BPN}-${PV}.tar.gz \
file://0001-configure.ac-do-additional-checks-on-libxml2-also-wh.patch \
file://CVE-2017-18926.patch \
file://CVE-2020-25713.patch \
"
SRC_URI[md5sum] = "a39f6c07ddb20d7dd2ff1f95fa21e2cd"
SRC_URI[sha256sum] = "ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed"