tags 677427 + pending
thanks
Dear maintainer,
I've prepared an NMU for raptor (versioned as 1.4.21-7.1) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.
Cheers
Luk
diff -Nru raptor-1.4.21/debian/changelog raptor-1.4.21/debian/changelog
--- raptor-1.4.21/debian/changelog 2012-03-23 06:22:03.000000000 +0100
+++ raptor-1.4.21/debian/changelog 2012-06-23 18:37:10.000000000 +0200
@@ -1,3 +1,10 @@
+raptor (1.4.21-7.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Do also apply the patch to fix CVE-2012-0037 (Closes: #677427).
+
+ -- Luk Claes <l...@debian.org> Sat, 23 Jun 2012 18:36:29 +0200
+
raptor (1.4.21-7) unstable; urgency=low
* Patch raptor-1.4.21-cve.patch for CVE-2012-0037
diff -Nru raptor-1.4.21/debian/patches/raptor-1.4.21-cve.patch raptor-1.4.21/debian/patches/raptor-1.4.21-cve.patch
--- raptor-1.4.21/debian/patches/raptor-1.4.21-cve.patch 2012-02-22 22:53:42.000000000 +0100
+++ raptor-1.4.21/debian/patches/raptor-1.4.21-cve.patch 2012-06-23 18:36:24.000000000 +0200
@@ -1,6 +1,7 @@
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor.h raptor-1.4.21/src/raptor.h
---- raptor-1.4.21.orig/src/raptor.h 2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor.h 2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor.h
+===================================================================
+--- raptor-1.4.21.orig/src/raptor.h 2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor.h 2012-06-13 15:24:20.000000000 -0500
@@ -407,6 +407,7 @@
* @RAPTOR_FEATURE_RSS_TRIPLES: Atom/RSS serializer writes extra RDF triples it finds (none, rdf-xml, atom-triples)
* @RAPTOR_FEATURE_ATOM_ENTRY_URI: Atom entry URI. If given, generate an Atom Entry Document with the item having the given URI, otherwise generate an Atom Feed Document with any items found.
@@ -19,9 +20,10 @@
} raptor_feature;
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_feature.c raptor-1.4.21/src/raptor_feature.c
---- raptor-1.4.21.orig/src/raptor_feature.c 2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_feature.c 2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_feature.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_feature.c 2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_feature.c 2012-06-13 15:24:20.000000000 -0500
@@ -93,7 +93,8 @@
{ RAPTOR_FEATURE_JSON_EXTRA_DATA , 6, "jsonExtraData", "JSON serializer extra data" },
{ RAPTOR_FEATURE_RSS_TRIPLES , 6, "rssTriples", "Atom/RSS serializer writes extra RDF triples" },
@@ -32,18 +34,11 @@
};
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_internal.h raptor-1.4.21/src/raptor_internal.h
---- raptor-1.4.21.orig/src/raptor_internal.h 2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_internal.h 2012-02-04 15:30:55.000000000 -0800
-@@ -852,7 +852,6 @@
-
- #ifdef RAPTOR_WWW_LIBCURL
- #include <curl/curl.h>
--#include <curl/types.h>
- #include <curl/easy.h>
- #endif
-
-@@ -1060,6 +1059,14 @@
+Index: raptor-1.4.21/src/raptor_internal.h
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_internal.h 2012-06-13 15:24:20.000000000 -0500
++++ raptor-1.4.21/src/raptor_internal.h 2012-06-13 15:25:58.000000000 -0500
+@@ -1058,6 +1058,14 @@
/* sax2 init failed - do not try to do anything with it */
int failed;
@@ -58,9 +53,10 @@
};
int raptor_sax2_init(raptor_world* world);
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_libxml.c raptor-1.4.21/src/raptor_libxml.c
---- raptor-1.4.21.orig/src/raptor_libxml.c 2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_libxml.c 2012-02-22 12:29:38.000000000 -0800
+Index: raptor-1.4.21/src/raptor_libxml.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_libxml.c 2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_libxml.c 2012-06-13 15:24:20.000000000 -0500
@@ -142,18 +142,120 @@
static xmlParserInputPtr
@@ -73,7 +69,7 @@
+ raptor_sax2* sax2 = (raptor_sax2*)user_data;
+ xmlParserCtxtPtr ctxt = sax2->xc;
+ const unsigned char *uri_string = NULL;
-+ xmlParserInputPtr entity_input;
++ xmlParserInputPtr entity_input = NULL;
+ int load_entity = 0;
+
+ if(!ctxt)
@@ -189,9 +185,10 @@
static xmlEntityPtr
raptor_libxml_getParameterEntity(void* user_data, const xmlChar *name) {
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_parse.c raptor-1.4.21/src/raptor_parse.c
---- raptor-1.4.21.orig/src/raptor_parse.c 2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_parse.c 2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_parse.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_parse.c 2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_parse.c 2012-06-13 15:24:20.000000000 -0500
@@ -1443,6 +1443,7 @@
case RAPTOR_FEATURE_MICROFORMATS:
case RAPTOR_FEATURE_HTML_LINK:
@@ -208,9 +205,10 @@
result = parser->features[(int)feature];
break;
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_rdfxml.c raptor-1.4.21/src/raptor_rdfxml.c
---- raptor-1.4.21.orig/src/raptor_rdfxml.c 2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_rdfxml.c 2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_rdfxml.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_rdfxml.c 2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_rdfxml.c 2012-06-13 15:24:20.000000000 -0500
@@ -1130,6 +1130,9 @@
raptor_sax2_set_feature(rdf_xml_parser->sax2,
RAPTOR_FEATURE_NO_NET,
@@ -221,9 +219,10 @@
raptor_sax2_parse_start(rdf_xml_parser->sax2, uri);
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_rss.c raptor-1.4.21/src/raptor_rss.c
---- raptor-1.4.21.orig/src/raptor_rss.c 2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_rss.c 2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_rss.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_rss.c 2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_rss.c 2012-06-13 15:24:20.000000000 -0500
@@ -247,6 +247,9 @@
raptor_sax2_set_feature(rss_parser->sax2,
RAPTOR_FEATURE_NO_NET,
@@ -234,9 +233,10 @@
raptor_sax2_parse_start(rss_parser->sax2, uri);
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_sax2.c raptor-1.4.21/src/raptor_sax2.c
---- raptor-1.4.21.orig/src/raptor_sax2.c 2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_sax2.c 2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_sax2.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_sax2.c 2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_sax2.c 2012-06-13 15:24:20.000000000 -0500
@@ -106,6 +106,8 @@
sax2->user_data=user_data;
@@ -335,9 +335,10 @@
return 0;
if(sax2->external_entity_ref_handler)
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_serialize.c raptor-1.4.21/src/raptor_serialize.c
---- raptor-1.4.21.orig/src/raptor_serialize.c 2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_serialize.c 2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_serialize.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_serialize.c 2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_serialize.c 2012-06-13 15:24:20.000000000 -0500
@@ -974,6 +974,7 @@
/* Shared */
@@ -370,9 +371,10 @@
/* XML writer features */
case RAPTOR_FEATURE_WRITER_AUTO_INDENT:
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_turtle_writer.c raptor-1.4.21/src/raptor_turtle_writer.c
---- raptor-1.4.21.orig/src/raptor_turtle_writer.c 2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_turtle_writer.c 2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_turtle_writer.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_turtle_writer.c 2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_turtle_writer.c 2012-06-13 15:24:20.000000000 -0500
@@ -740,6 +740,7 @@
/* Shared */
@@ -389,9 +391,10 @@
/* XML writer features */
case RAPTOR_FEATURE_RELATIVE_URIS:
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_xml_writer.c raptor-1.4.21/src/raptor_xml_writer.c
---- raptor-1.4.21.orig/src/raptor_xml_writer.c 2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_xml_writer.c 2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_xml_writer.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_xml_writer.c 2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_xml_writer.c 2012-06-13 15:24:20.000000000 -0500
@@ -973,6 +973,7 @@
/* Shared */
diff -Nru raptor-1.4.21/debian/patches/series raptor-1.4.21/debian/patches/series
--- raptor-1.4.21/debian/patches/series 2011-08-26 16:54:12.000000000 +0200
+++ raptor-1.4.21/debian/patches/series 2012-06-23 18:36:24.000000000 +0200
@@ -1,2 +1,3 @@
01-write_bytes.patch
02-fix-639065
+raptor-1.4.21-cve.patch
