From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id EE0F31382C5 for ; Thu, 29 Apr 2021 07:55:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 24451E084E; Thu, 29 Apr 2021 07:55:59 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 015DEE084E for ; Thu, 29 Apr 2021 07:55:58 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B17B3340E76 for ; Thu, 29 Apr 2021 07:55:57 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 40D97CC for ; Thu, 29 Apr 2021 07:55:56 +0000 (UTC) From: "Miroslav Šulc" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Miroslav Šulc" Message-ID: <1619682949.302b7d40ecbd4d456c0f39046a9c078c96e672d8.fordfrog@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/raptor/files/, media-libs/raptor/ X-VCS-Repository: repo/gentoo X-VCS-Files: media-libs/raptor/files/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch media-libs/raptor/raptor-2.0.15-r2.ebuild media-libs/raptor/raptor-2.0.15-r3.ebuild X-VCS-Directories: media-libs/raptor/ media-libs/raptor/files/ X-VCS-Committer: fordfrog X-VCS-Committer-Name: Miroslav Šulc X-VCS-Revision: 302b7d40ecbd4d456c0f39046a9c078c96e672d8 X-VCS-Branch: master Date: Thu, 29 Apr 2021 07:55:56 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 1a9b4428-bc89-4b81-a63c-cb59ebde894b X-Archives-Hash: 7321c03879cfe800e663108a3dea5222 commit: 302b7d40ecbd4d456c0f39046a9c078c96e672d8 Author: Miroslav Šulc gentoo org> AuthorDate: Thu Apr 29 07:55:33 2021 +0000 Commit: Miroslav Šulc gentoo org> CommitDate: Thu Apr 29 07:55:49 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=302b7d40 media-libs/raptor: fixed CVE-2020-25713 Bug: https://bugs.gentoo.org/754264 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Miroslav Šulc gentoo.org> ...713-raptor2-malformed-input-file-can-lead.patch | 32 ++++++++++++++++++++++ ...or-2.0.15-r2.ebuild => raptor-2.0.15-r3.ebuild} | 1 + 2 files changed, 33 insertions(+) diff --git a/media-libs/raptor/files/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch b/media-libs/raptor/files/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch new file mode 100644 index 00000000000..dc693dfec22 --- /dev/null +++ b/media-libs/raptor/files/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch @@ -0,0 +1,32 @@ +From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Tue, 24 Nov 2020 10:30:20 +0000 +Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a + segfault + +due to an out of bounds array access in +raptor_xml_writer_start_element_common + +See: +https://bugs.mageia.org/show_bug.cgi?id=27605 +https://www.openwall.com/lists/oss-security/2020/11/13/1 +https://gerrit.libreoffice.org/c/core/+/106249 +--- + src/raptor_xml_writer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 56993dc3..4426d38c 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + + /* check it wasn't an earlier declaration too */ + for(j = 0; j < nspace_declarations_count; j++) +- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { ++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { + declare_me = 0; + break; + } +-- +2.28.0 diff --git a/media-libs/raptor/raptor-2.0.15-r2.ebuild b/media-libs/raptor/raptor-2.0.15-r3.ebuild similarity index 95% rename from media-libs/raptor/raptor-2.0.15-r2.ebuild rename to media-libs/raptor/raptor-2.0.15-r3.ebuild index e2a831c9984..1f3f7e84c66 100644 --- a/media-libs/raptor/raptor-2.0.15-r2.ebuild +++ b/media-libs/raptor/raptor-2.0.15-r3.ebuild @@ -41,6 +41,7 @@ HTML_DOCS=( {NEWS,README,RELEASE,UPGRADING}.html ) PATCHES=( "${FILESDIR}/${P}-heap-overflow.patch" "${FILESDIR}/${P}-dont_use_curl-config.patch" #552474 + "${FILESDIR}/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch" ) src_prepare() {