diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2021-05-04 22:28:33 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2021-05-04 22:28:33 +0100 |
| commit | a978c074e4272bb901fbe4a10de0a7b2af574f17 (patch) | |
| tree | 8c764c1cc0576389ce22abd317bceba71ea5732d /media-libs/raptor | |
| parent | 40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 (diff) | |
gentoo resync : 04.05.2021
Diffstat (limited to 'media-libs/raptor')
| -rw-r--r-- | media-libs/raptor/Manifest | 3 | ||||
| -rw-r--r-- | media-libs/raptor/files/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch | 32 | ||||
| -rw-r--r-- | media-libs/raptor/raptor-2.0.15-r3.ebuild (renamed from media-libs/raptor/raptor-2.0.15-r2.ebuild) | 1 |
3 files changed, 35 insertions, 1 deletions
diff --git a/media-libs/raptor/Manifest b/media-libs/raptor/Manifest index 8ea11306d5a4..d8283ff2c368 100644 --- a/media-libs/raptor/Manifest +++ b/media-libs/raptor/Manifest @@ -1,5 +1,6 @@ +AUX 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch 1197 BLAKE2B f570a9a479e9d73f506c16dc7c3a75badf5da2e2407173b1ddd6ed8374f269ca628ea1b84adf94ac3b055db9a1d74f812db9557b96c92300f53c60a5048728a6 SHA512 1d392b6fc41d59349b75e9ab5adcf95a545c02709ec2a71b1855f98a444c9e753ca44464264c624fcaf6e49404f8f92d7aa7b85dfacecb1c7c28f3960e9c4fb9 AUX raptor-2.0.15-dont_use_curl-config.patch 1681 BLAKE2B 5c3b241836e04dabbcd6fd9db6e89225fcd8cf4c1eed24dff7bb5348d7a0985633a7f9173a5279b04ec277ad0f775a18c52ae33af86b6522a21a3e63123d162d SHA512 28e3137592c14dcf9fc1d8401e6bc58af7f1abcab4886acde42a03dd7b61aa9b176672300951f7b4fcdf5128ce445f12594f7a09444331d1d6c34aaa7a4b9cfc AUX raptor-2.0.15-heap-overflow.patch 1708 BLAKE2B cea8df63861760fe55f1320cbc0833d814c38148b3d5f2b7163348de48bd95a37ee3000d312ce76879c798182f74d60f49fcef89f5f051bd40febc0c1da68099 SHA512 f7df0ec3123ac8ec9f2852dfb54e380d210446a36ab2f74aa9d2dcb8346162046d239b4db9a0747b18e3d19f4dc1ce41d194557c5e53027a3618e81b7b251d3d DIST raptor2-2.0.15.tar.gz 1886657 BLAKE2B 0a39c7b5705bfbf2daa0ca633f79693953b4dfe24c144008d1646a9840a36d4d7ce153b527450647127ec2522047dbd0a6e71f307ee5656951f7e4b610adfd22 SHA512 563dd01869eb4df8524ec12e2c0a541653874dcd834bd1eb265bc2943bb616968f624121d4688579cdce11b4f00a8ab53b7099f1a0850e256bb0a2c16ba048ee -EBUILD raptor-2.0.15-r2.ebuild 1634 BLAKE2B 15757b722752da142e88e0224b77725c1ec60479f5610521aff75145cc3dfba266b78da064d381fcbd1ae48006538008edddf4e5587acbb73986727d0c59517f SHA512 4fb565b6dfe1f35206f535051fb7f8c067d328ada3872ab27ed54c6dedd4b1c933e17b93d33eafa0c9566ded69c6249fc17c01f37b99036cf1f22be8d747f1f6 +EBUILD raptor-2.0.15-r3.ebuild 1713 BLAKE2B 9c61a997c410dc4600384ec53b8995ea4782dd2169179c49073b0812953ef399a9ce360b8b6c4d626aae7351e80d50763abe76ea2c85eb9c482bbef04817ec6b SHA512 bb56a414bd06bcf3ee8a656e87e1e7171e2e7fd4bf3c690995d97e3aedd7a99418083f19a0ab2da8772ea6d985a888757e8ba393d02a1c9298c1eaabd7f06ad5 MISC metadata.xml 337 BLAKE2B 6244cd4ab5d8d13437590c4bbb672cb9b5ad47f7e70d30adda368737d745daf4df249eb2166d2ab8335fe0a0fec5b8d3afa9ec091cc6ddcaaf0f2d05f9425741 SHA512 3a2c420495274cfca80f0103066b282b9f1301786a8cbde76b894fac721030bee949fc468c92841698038b991b07fa66f15891392784041a87f655d1860fd11c diff --git a/media-libs/raptor/files/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch b/media-libs/raptor/files/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch new file mode 100644 index 000000000000..dc693dfec222 --- /dev/null +++ b/media-libs/raptor/files/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch @@ -0,0 +1,32 @@ +From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> +Date: Tue, 24 Nov 2020 10:30:20 +0000 +Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a + segfault + +due to an out of bounds array access in +raptor_xml_writer_start_element_common + +See: +https://bugs.mageia.org/show_bug.cgi?id=27605 +https://www.openwall.com/lists/oss-security/2020/11/13/1 +https://gerrit.libreoffice.org/c/core/+/106249 +--- + src/raptor_xml_writer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 56993dc3..4426d38c 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + + /* check it wasn't an earlier declaration too */ + for(j = 0; j < nspace_declarations_count; j++) +- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { ++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { + declare_me = 0; + break; + } +-- +2.28.0 diff --git a/media-libs/raptor/raptor-2.0.15-r2.ebuild b/media-libs/raptor/raptor-2.0.15-r3.ebuild index e2a831c99843..1f3f7e84c669 100644 --- a/media-libs/raptor/raptor-2.0.15-r2.ebuild +++ b/media-libs/raptor/raptor-2.0.15-r3.ebuild @@ -41,6 +41,7 @@ HTML_DOCS=( {NEWS,README,RELEASE,UPGRADING}.html ) PATCHES=( "${FILESDIR}/${P}-heap-overflow.patch" "${FILESDIR}/${P}-dont_use_curl-config.patch" #552474 + "${FILESDIR}/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch" ) src_prepare() { |