Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25713
Pick the git cmmit that is mentioned as a solution in the related bug[1] from the NVD advisory. [1]: https://bugs.librdf.org/mantis/view.php?id=650 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../raptor2/files/CVE-2020-25713.patch | 33 +++++++++++++++++++ .../recipes-support/raptor2/raptor2_2.0.15.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch diff --git a/meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch b/meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch new file mode 100644 index 0000000000..a2694135e2 --- /dev/null +++ b/meta-oe/recipes-support/raptor2/files/CVE-2020-25713.patch @@ -0,0 +1,33 @@ +From 00fa124e379fab85217ac62bdd0feddfd9510ae5 Mon Sep 17 00:00:00 2001 +From: Dave Beckett <[email protected]> +Date: Sat, 18 Sep 2021 17:40:00 -0700 +Subject: [PATCH] XML Writer : compare namespace declarations correctly + +Apply patch from +0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 +that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650 +which overwrote heap during XML writing in parse type literal +content. This was detected with clang asan. + +Thanks to Michael Stahl / mst2 for the fix. + +CVE: CVE-2020-25713 +Upstream-Status: Backport [https://github.com/dajobe/raptor/commit/4f5dbbffcc1c6cf0398bd03450453289a0979dea] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/raptor_xml_writer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 0d3a36a..17b1c44 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -221,7 +221,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + + /* check it wasn't an earlier declaration too */ + for(j = 0; j < nspace_declarations_count; j++) +- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { ++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { + declare_me = 0; + break; + } diff --git a/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb b/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb index 193cf13b21..7ee097b6ce 100644 --- a/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb +++ b/meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb @@ -12,6 +12,7 @@ DEPENDS = "libxml2 libxslt curl yajl" SRC_URI = "http://download.librdf.org/source/${BPN}-${PV}.tar.gz \ file://0001-configure.ac-do-additional-checks-on-libxml2-also-wh.patch \ file://CVE-2017-18926.patch \ + file://CVE-2020-25713.patch \ " SRC_URI[md5sum] = "a39f6c07ddb20d7dd2ff1f95fa21e2cd" SRC_URI[sha256sum] = "ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123378): https://lists.openembedded.org/g/openembedded-devel/message/123378 Mute This Topic: https://lists.openembedded.org/mt/117221608/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
