Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package raptor for openSUSE:Factory checked
in at 2025-07-09 17:26:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/raptor (Old)
and /work/SRC/openSUSE:Factory/.raptor.new.7373 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "raptor"
Wed Jul 9 17:26:24 2025 rev:46 rq:1291319 version:2.0.16
Changes:
--------
--- /work/SRC/openSUSE:Factory/raptor/raptor.changes 2025-01-14
16:21:41.531636329 +0100
+++ /work/SRC/openSUSE:Factory/.raptor.new.7373/raptor.changes 2025-07-09
17:26:50.171622777 +0200
@@ -1,0 +2,7 @@
+Tue Jul 8 15:15:46 UTC 2025 - Dirk Müller <dmuel...@suse.com>
+
+- add raptor-CVE-2024-57822.patch (bsc#1235674, CVE-2024-57822)
+- refresh raptor-CVE-2024-57823.patch (bsc#1235673, CVE-2024-57823)
+- convert to autosetup
+
+-------------------------------------------------------------------
New:
----
raptor-CVE-2024-57822.patch
----------(New B)----------
New:
- add raptor-CVE-2024-57822.patch (bsc#1235674, CVE-2024-57822)
- refresh raptor-CVE-2024-57823.patch (bsc#1235673, CVE-2024-57823)
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ raptor.spec ++++++
--- /var/tmp/diff_new_pack.wlvRep/_old 2025-07-09 17:26:50.755647078 +0200
+++ /var/tmp/diff_new_pack.wlvRep/_new 2025-07-09 17:26:50.755647078 +0200
@@ -28,9 +28,9 @@
Source2: %{name}.keyring
Source3: baselibs.conf
Patch2: ubsan.patch
-# Patch sent upstream: https://github.com/dajobe/raptor/pull/58
Patch3: raptor-libxml2-2.11-support.patch
-Patch4: raptor-CVE-2024-57823.patch
+Patch4: raptor-CVE-2024-57822.patch
+Patch5: raptor-CVE-2024-57823.patch
BuildRequires: bison
BuildRequires: curl-devel
BuildRequires: libxslt-devel
@@ -68,10 +68,7 @@
raptor library.
%prep
-%setup -q -n %{name}2-%{version}
-%patch -P 2
-%patch -P 3 -p1
-%patch -P 4 -p1
+%autosetup -p1 -n %{name}2-%{version}
%build
%configure \
++++++ raptor-CVE-2024-57822.patch ++++++
>From ece2c79df43091686a538b8231cf387d84bfa60e Mon Sep 17 00:00:00 2001
From: Dave Beckett <d...@dajobe.org>
Date: Fri, 7 Feb 2025 11:38:34 -0800
Subject: [PATCH] Fix Github issue 70 B) Heap read buffer overflow in ntriples
bnode
(raptor_ntriples_parse_term_internal): Only allow looking at the last
character of a bnode ID only if bnode length >0
---
src/raptor_ntriples.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/raptor_ntriples.c b/src/raptor_ntriples.c
index 3276e790..ecc4247c 100644
--- a/src/raptor_ntriples.c
+++ b/src/raptor_ntriples.c
@@ -212,7 +212,7 @@ raptor_ntriples_parse_term_internal(raptor_world* world,
locator->column--;
locator->byte--;
}
- if(term_class == RAPTOR_TERM_CLASS_BNODEID && dest[-1] == '.') {
+ if(term_class == RAPTOR_TERM_CLASS_BNODEID && position > 0 &&
dest[-1] == '.') {
/* If bnode id ended on '.' move back one */
dest--;
>From da7a79976bd0314c23cce55d22495e7d29301c44 Mon Sep 17 00:00:00 2001
From: Dave Beckett <d...@dajobe.org>
Date: Thu, 6 Feb 2025 21:12:37 -0800
Subject: [PATCH] Fix Github issue 70 A) Integer Underflow in
raptor_uri_normalize_path()
(raptor_uri_normalize_path): Return empty buffer if path gets to 0
length
---
src/raptor_rfc2396.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/raptor_rfc2396.c b/src/raptor_rfc2396.c
index 8cc364f4..f8ec5798 100644
--- a/src/raptor_rfc2396.c
+++ b/src/raptor_rfc2396.c
@@ -351,6 +351,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer,
size_t path_len)
*dest++ = *s++;
*dest = '\0';
path_len -= len;
+ if(path_len <= 0) {
+ *path_buffer = '\0';
+ return 0;
+ }
if(p && p < prev) {
/* We know the previous prev path component and we didn't do
@@ -390,6 +394,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer,
size_t path_len)
/* Remove <component>/.. at the end of the path */
*prev = '\0';
path_len -= (s-prev);
+ if(path_len <= 0) {
+ *path_buffer = '\0';
+ return 0;
+ }
}
++++++ raptor-CVE-2024-57823.patch ++++++
--- /var/tmp/diff_new_pack.wlvRep/_old 2025-07-09 17:26:50.807649242 +0200
+++ /var/tmp/diff_new_pack.wlvRep/_new 2025-07-09 17:26:50.811649409 +0200
@@ -1,8 +1,28 @@
-Index: raptor2-2.0.16/src/raptor_rfc2396.c
-===================================================================
---- raptor2-2.0.16.orig/src/raptor_rfc2396.c
-+++ raptor2-2.0.16/src/raptor_rfc2396.c
-@@ -393,10 +393,8 @@ raptor_uri_normalize_path(unsigned char*
+--- raptor2-2.0.15/src/raptor_rfc2396.c.CVE-2024-57823 2014-07-26
23:07:37.000000000 +0200
++++ raptor2-2.0.15/src/raptor_rfc2396.c 2025-01-13 12:59:22.175568228
+0100
+@@ -289,10 +289,8 @@ raptor_uri_normalize_path(unsigned char*
+ }
+
+
+-#if defined(RAPTOR_DEBUG)
+ if(path_len != strlen((const char*)path_buffer))
+ RAPTOR_FATAL4("Path '%s' length %ld does not match calculated %ld.",
(const char*)path_buffer, (long)strlen((const char*)path_buffer),
(long)path_len);
+-#endif
+
+ /* Remove all "<component>/../" path components */
+
+@@ -327,10 +325,8 @@ raptor_uri_normalize_path(unsigned char*
+ if(!prev || !cur)
+ continue;
+
+-#if defined(RAPTOR_DEBUG)
+ if(path_len != strlen((const char*)path_buffer))
+ RAPTOR_FATAL3("Path length %ld does not match calculated %ld.",
(long)strlen((const char*)path_buffer), (long)path_len);
+-#endif
+
+ /* If the current one is '..' */
+ if(s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
+@@ -393,10 +389,8 @@ raptor_uri_normalize_path(unsigned char*
}
++++++ ubsan.patch ++++++
--- /var/tmp/diff_new_pack.wlvRep/_old 2025-07-09 17:26:50.847650907 +0200
+++ /var/tmp/diff_new_pack.wlvRep/_new 2025-07-09 17:26:50.851651073 +0200
@@ -1,7 +1,5 @@
-Index: src/raptor_rfc2396.c
-===================================================================
---- src/raptor_rfc2396.c.orig
-+++ src/raptor_rfc2396.c
+--- a/src/raptor_rfc2396.c.orig
++++ b/src/raptor_rfc2396.c
@@ -386,7 +386,7 @@ raptor_uri_normalize_path(unsigned char*
}
