[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-6-1+backports' - external/redland
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Thu Dec 3 08:47:04 UTC 2020
external/redland/UnpackedTarball_raptor.mk | 1
external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 | 33 ++++++++++
2 files changed, 34 insertions(+)
New commits:
commit 86ef0b410830617c933f77cd0fead9c6c06860a5
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Nov 23 14:33:06 2020 +0000
Commit: Michael Stahl <michael.stahl at cib.de>
CommitDate: Thu Dec 3 09:46:28 2020 +0100
CVE-2020-25713 raptor2: malformed input file can lead to a segfault
due to an out of bounds array access in
raptor_xml_writer_start_element_common
use a better fix than the initial suggestion
See:
https: //bugs.mageia.org/show_bug.cgi?id=27605
https: //www.openwall.com/lists/oss-security/2020/11/13/1
Change-Id: Ida4783a61412ffce868eacf81310da338d3e2df1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106249
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
Tested-by: Jenkins
(cherry picked from commit 43433f42017014a472a253314a6ac58a6774dced)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107082
Tested-by: Michael Stahl <michael.stahl at cib.de>
diff --git a/external/redland/UnpackedTarball_raptor.mk b/external/redland/UnpackedTarball_raptor.mk
index 517b11a3d14f..fbdc8b6f5510 100644
--- a/external/redland/UnpackedTarball_raptor.mk
+++ b/external/redland/UnpackedTarball_raptor.mk
@@ -28,6 +28,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,raptor,\
$(if $(SYSTEM_LIBXML),,external/redland/raptor/rpath.patch) \
external/redland/raptor/xml2-config.patch \
external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 \
+ external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 \
external/redland/raptor/libtool.patch \
))
diff --git a/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 b/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
new file mode 100644
index 000000000000..1fb279df3e4d
--- /dev/null
+++ b/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
@@ -0,0 +1,33 @@
+From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm at redhat.com>
+Date: Tue, 24 Nov 2020 10:30:20 +0000
+Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
+ segfault
+
+due to an out of bounds array access in
+raptor_xml_writer_start_element_common
+
+See:
+https://bugs.mageia.org/show_bug.cgi?id=27605
+https://www.openwall.com/lists/oss-security/2020/11/13/1
+https://gerrit.libreoffice.org/c/core/+/106249
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc3..4426d38c 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+
+ /* check it wasn't an earlier declaration too */
+ for(j = 0; j < nspace_declarations_count; j++)
+- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
+ declare_me = 0;
+ break;
+ }
+--
+2.28.0
+
More information about the Libreoffice-commits
mailing list