!38 Fix CVE-2024-57823

From: @wk333 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge

CVE-2020-25713.patch

@@ -0,0 +1,33 @@
+From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 24 Nov 2020 10:30:20 +0000
+Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
+ segfault
+
+due to an out of bounds array access in
+raptor_xml_writer_start_element_common
+
+See:
+https://bugs.mageia.org/show_bug.cgi?id=27605
+https://www.openwall.com/lists/oss-security/2020/11/13/1
+https://gerrit.libreoffice.org/c/core/+/106249
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc3..4426d38c 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+           
+           /* check it wasn't an earlier declaration too */
+           for(j = 0; j < nspace_declarations_count; j++)
+-            if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
++            if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
+               declare_me = 0;
+               break;
+             }
+-- 
+2.28.0
+

backport-0001-CVE-2024-57823.patch

@@ -0,0 +1,38 @@
+From da7a79976bd0314c23cce55d22495e7d29301c44 Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Thu, 6 Feb 2025 21:12:37 -0800
+Subject: [PATCH] Fix Github issue 70 A) Integer Underflow in
+ raptor_uri_normalize_path()
+
+(raptor_uri_normalize_path): Return empty buffer if path gets to 0
+length
+---
+ src/raptor_rfc2396.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/raptor_rfc2396.c b/src/raptor_rfc2396.c
+index 8cc364f4..f8ec5798 100644
+--- a/src/raptor_rfc2396.c
++++ b/src/raptor_rfc2396.c
+@@ -351,6 +351,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
+           *dest++ = *s++;
+         *dest = '\0';
+         path_len -= len;
++        if(path_len <= 0) {
++          *path_buffer = '\0';
++          return 0;
++        }
+
+         if(p && p < prev) {
+           /* We know the previous prev path component and we didn't do
+@@ -390,6 +394,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
+     /* Remove <component>/.. at the end of the path */
+     *prev = '\0';
+     path_len -= (s-prev);
++    if(path_len <= 0) {
++      *path_buffer = '\0';
++      return 0;
++    }
+   }
+
+

backport-0002-CVE-2024-57823.patch

@@ -0,0 +1,212 @@
+From 0f9d4f7216fa310b1583b44321c2e6ff27c552de Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Thu, 6 Feb 2025 21:10:38 -0800
+Subject: [PATCH] Tests for Github issue 70
+
+Tests for https://github.com/dajobe/raptor/issues/70
+A) Integer Underflow in raptor_uri_normalize_path()
+B) Heap read buffer overflow in raptor_ntriples_parse_term_internal()
+---
+ configure.ac           |  1 +
+ tests/Makefile.am      |  2 +-
+ tests/bugs/.gitignore  |  7 +++++
+ tests/bugs/Makefile.am | 13 +++++++++
+ tests/bugs/issue70a.c  | 58 +++++++++++++++++++++++++++++++++++++++
+ tests/bugs/issue70b.c  | 61 ++++++++++++++++++++++++++++++++++++++++++
+ 6 files changed, 141 insertions(+), 1 deletion(-)
+ create mode 100644 tests/bugs/.gitignore
+ create mode 100644 tests/bugs/Makefile.am
+ create mode 100644 tests/bugs/issue70a.c
+ create mode 100644 tests/bugs/issue70b.c
+
+diff --git a/configure.ac b/configure.ac
+index 10ff870..3dd19aa 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1335,6 +1335,7 @@ tests/rdfxml/Makefile
+ tests/turtle/Makefile
+ tests/turtle-2013/Makefile
+ tests/trig/Makefile
++tests/bugs/Makefile
+ utils/Makefile
+ librdfa/Makefile
+ raptor2.pc])
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 70d0dc5..0b17962 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -37,7 +37,7 @@ raptor_empty_test_SOURCES=empty.c
+ # Used to make N-triples output consistent
+ BASE_URI=http://librdf.org/raptor/tests/
+
+-SUBDIRS = rdfxml ntriples ntriples-2013 nquads-2013 turtle turtle-2013 trig grddl rdfa rdfa11 json feeds
++SUBDIRS = rdfxml ntriples ntriples-2013 nquads-2013 turtle turtle-2013 trig grddl rdfa rdfa11 json feeds bugs
+
+
+ $(top_builddir)/src/libraptor2.la:
+diff --git a/tests/bugs/.gitignore b/tests/bugs/.gitignore
+new file mode 100644
+index 0000000..bd10e21
+--- /dev/null
++++ b/tests/bugs/.gitignore
+@@ -0,0 +1,7 @@
++*.o
++.deps
++.libs
++TAGS
++raptor_issue*_test
++raptor_issue*_test.exe
++raptor_issue*_test.trs
+diff --git a/tests/bugs/Makefile.am b/tests/bugs/Makefile.am
+new file mode 100644
+index 0000000..090c99f
+--- /dev/null
++++ b/tests/bugs/Makefile.am
+@@ -0,0 +1,13 @@
++TESTS=raptor_issue70a_test$(EXEEXT) raptor_issue70b_test$(EXEEXT)
++
++AM_CPPFLAGS=-I$(top_srcdir)/src
++AM_CFLAGS= -I$(top_builddir)/src @CFLAGS@ $(MEM)
++AM_LDFLAGS=$(top_builddir)/src/libraptor2.la $(MEM_LIBS)
++
++EXTRA_PROGRAMS=$(TESTS)
++
++CLEANFILES=$(TESTS)
++
++raptor_issue70a_test_SOURCES=issue70a.c
++raptor_issue70b_test_SOURCES=issue70b.c
++
+diff --git a/tests/bugs/issue70a.c b/tests/bugs/issue70a.c
+new file mode 100644
+index 0000000..f5798ef
+--- /dev/null
++++ b/tests/bugs/issue70a.c
+@@ -0,0 +1,58 @@
++/* -*- Mode: c; c-basic-offset: 2 -*-
++ *
++ * issue70a.c - Raptor test for GitHub issue 70 first part
++ * Integer Underflow in raptor_uri_normalize_path()
++ *
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <raptor_config.h>
++#endif
++
++#include <string.h>
++
++/* Raptor includes */
++#include "raptor2.h"
++#include "raptor_internal.h"
++
++
++int
++main(int argc, const char** argv)
++{
++  const char *program = raptor_basename(argv[0]);
++  const unsigned char* base_uri=      (const unsigned char*)"http:o/www.w3.org/2001/sw/DataA#cess/df1.ttl";
++  const unsigned char* reference_uri= (const unsigned char*)".&/../?D/../../1999/02/22-rdf-syntax-ns#";
++#define BUFFER_LEN 84
++  unsigned char buffer[BUFFER_LEN + 1];
++  size_t buffer_length = BUFFER_LEN + 1;
++  int failures = 0;
++#define EXPECTED_RESULT "http:?D/../../1999/02/22-rdf-syntax-ns#"
++#define EXPECTED_RESULT_LEN 39UL
++  int result;
++  size_t result_len;
++
++  buffer[0] = '\0';
++
++  /* Crash used to happens here if RAPTOR_DEBUG > 3
++   * raptor_rfc2396.c:398:raptor_uri_normalize_path: fatal error: Path length 0 does not match calculated -5.
++   */
++  result = raptor_uri_resolve_uri_reference(base_uri, reference_uri,
++                                            buffer, buffer_length);
++  result_len = strlen((const char*)buffer);
++
++  if(strcmp((const char*)buffer, EXPECTED_RESULT) ||
++     result_len != EXPECTED_RESULT_LEN) {
++    fprintf(stderr, "%s: raptor_uri_resolve_uri_reference() failed with result %d\n", program, result);
++    fprintf(stderr, "%s: Base URI: '%s' (%lu)\n",
++            program, base_uri, strlen((const char*)base_uri));
++    fprintf(stderr, "%s: Ref  URI: '%s' (%lu)\n", reference_uri,
++            program, strlen((const char*)reference_uri));
++    fprintf(stderr, "%s: Result buffer: '%s' (%lu)\n", program,
++            buffer, strlen((const char*)buffer));
++    fprintf(stderr, "%s: Expected: '%s' (%lu)\n", program,
++            EXPECTED_RESULT, EXPECTED_RESULT_LEN);
++    failures++;
++  }
++
++  return failures;
++}
+diff --git a/tests/bugs/issue70b.c b/tests/bugs/issue70b.c
+new file mode 100644
+index 0000000..2f1eb3d
+--- /dev/null
++++ b/tests/bugs/issue70b.c
+@@ -0,0 +1,61 @@
++/* -*- Mode: c; c-basic-offset: 2 -*-
++ *
++ * issue70.c - Raptor test for GitHub issue 70 second part
++ * Heap read buffer overflow in raptor_ntriples_parse_term_internal()
++ *
++ * N-Triples test content: "_:/exaple/o"
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <raptor_config.h>
++#endif
++
++#include <string.h>
++
++/* Raptor includes */
++#include "raptor2.h"
++#include "raptor_internal.h"
++
++
++int
++main(int argc, const char** argv)
++{
++  const char *program = raptor_basename(argv[0]);
++  const unsigned char* ntriples_content = (const unsigned char*)"_:/exaple/o\n";
++#define NTRIPLES_CONTENT_LEN 12
++  const unsigned char* base_uri_string = (const unsigned char*)"http:o/www.w3.org/2001/sw/DataA#cess/df1.ttl";
++  int failures = 0;
++  raptor_world* world = NULL;
++  raptor_uri* base_uri = NULL;
++  raptor_parser* parser = NULL;
++  int result;
++
++  world = raptor_new_world();
++  if(!world)
++    goto cleanup;
++  base_uri = raptor_new_uri(world, base_uri_string);
++  if(!base_uri)
++    goto cleanup;
++  parser = raptor_new_parser(world, "ntriples");
++  if(!parser)
++    goto cleanup;
++
++  (void)raptor_parser_parse_start(parser, base_uri);
++  result = raptor_parser_parse_chunk(parser,
++                                     ntriples_content,
++                                     NTRIPLES_CONTENT_LEN, /* is_end */ 1);
++
++  if(result) {
++    fprintf(stderr, "%s: parsing '%s' N-Triples content failed with result %d\n", program, ntriples_content, result);
++    fprintf(stderr, "%s: Base URI: '%s' (%lu)\n",
++            program, base_uri_string, strlen((const char*)base_uri_string));
++    failures++;
++  }
++
++  cleanup:
++  raptor_free_parser(parser);
++  raptor_free_uri(base_uri);
++  raptor_free_world(world);
++
++  return failures;
++}
+--
+2.33.0
+

raptor2.spec

@@ -0,0 +1,80 @@
+Name:          raptor2
+Version:       2.0.15
+Release:       19
+Summary:       Raptor RDF parsing and serializing utility
+License:       GPLv2+ or LGPLv2+ or ASL 2.0
+URL:           http://librdf.org/raptor/
+Source:        http://download.librdf.org/source/raptor2-%{version}.tar.gz
+Patch0:        CVE-2020-25713.patch
+Patch1:        backport-0001-CVE-2024-57823.patch
+Patch2:        backport-0002-CVE-2024-57823.patch
+BuildRequires: gcc-c++ curl-devel gtk-doc libicu-devel pkgconfig(libxslt) yajl-devel
+Conflicts:     raptor < 1.4.21-10
+
+%description
+Raptor is Redland's RDF parser toolkit, which provides a set of independent RDF parsers
+to generate triples from RDF / XML or N-Triples.
+
+%package       devel
+Summary:       Development files for raptor2
+Requires:      %{name} = %{version}-%{release}
+
+%description   devel
+Development files for raptor2.
+
+%package       help
+Summary:       Help document for raptor2
+
+%description   help
+Help document for raptor2.
+
+%prep
+%autosetup -n %{name}-%{version} -p1
+sed -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure
+
+%build
+%configure --disable-static --enable-release --with-icu-config=/usr/bin/icu-config
+
+%make_build
+
+%install
+%make_install
+%delete_la
+
+%check
+export PKG_CONFIG_PATH=%{buildroot}%{_datadir}/pkgconfig:%{buildroot}%{_libdir}/pkgconfig
+test "$(pkg-config --modversion raptor2)" = "%{version}"
+make check
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%doc AUTHORS ChangeLog NEWS README
+%license COPYING* LICENSE.txt LICENSE-2.0.txt
+%{_libdir}/libraptor2.so.0*
+%{_bindir}/rapper
+
+%files devel
+%doc UPGRADING.html
+%{_includedir}/raptor2/
+%{_libdir}/libraptor2.so
+%{_libdir}/pkgconfig/raptor2.pc
+%dir %{_datadir}/gtk-doc
+%dir %{_datadir}/gtk-doc/html/
+%{_datadir}/gtk-doc/html/raptor2/
+
+%files help
+%{_mandir}/man1/rapper*
+%{_mandir}/man3/libraptor2*
+
+%changelog
+* Fri Apr 18 2025 zhangliangpengkun <zhangliangpengkun@xfusion.com> - 2.0.15-19
+- fix CVE-2024-57823
+
+* Wed Jul 20 2022 liangqifeng <liangqifeng@ncti-gba.com> - 2.0.15-18
+- Fix CVE-2020-25713
+
+* Fri Dec 20 2019 shijian <shijian16@huawei.com> - 2.0.15-17
+- Package init

raptor2.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: dajobe/raptor
+tag_prefix: "raptor2_"
+seperator: "_"