Bug#677427: marked as done (raptor: Fix for CVE-2012-0037 no applied during build)

Debian Bug Tracking System Mon, 25 Jun 2012 10:06:25 -0700

Your message dated Mon, 25 Jun 2012 17:04:27 +0000
with message-id <e1sjcib-0007rg...@franck.debian.org>
and subject line Bug#677427: fixed in raptor 1.4.21-7.1
has caused the Debian Bug report #677427,
regarding raptor: Fix for CVE-2012-0037 no applied during build
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
677427: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677427
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: raptor
Version: 1.4.21-7
Severity: grave
Tags: patch security
Justification: user security hole
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu quantal ubuntu-patch

Dear Maintainer,

While 1.4.21-7 claims to fix CVE-2012-0037, it does not because
debian/patches/series was not updated. Attached is a patch to:
 * update the series file
 * update raptor-1.4.21-cve.patch to apply cleanly with 02-fix-639065
   applied first
 * adjust raptor-1.4.21-cve.patch to initialize entity_input to NULL to
   fix a compiler warning when compiling with -Wuninitialized.

Thanks for considering the patch.


-- System Information:
Debian Release: wheezy/sid
  APT prefers precise-updates
  APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 
'precise')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-24-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru raptor-1.4.21/debian/changelog raptor-1.4.21/debian/changelog
diff -Nru raptor-1.4.21/debian/control raptor-1.4.21/debian/control
--- raptor-1.4.21/debian/control	2012-03-23 00:24:07.000000000 -0500
+++ raptor-1.4.21/debian/control	2012-06-13 15:31:13.000000000 -0500
@@ -1,7 +1,8 @@
 Source: raptor
 Section: devel
 Priority: optional
-Maintainer: Dave Beckett <daj...@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
+XSBC-Original-Maintainer: Dave Beckett <daj...@debian.org>
 Build-Depends: debhelper (>> 5), autotools-dev, cdbs, libtool (>= 1.5), libxml2-dev (>= 2.5.10), libcurl4-gnutls-dev, libxslt1-dev (>= 1.0.18)
 Standards-Version: 3.9.3
 Homepage: http://librdf.org/raptor/
diff -Nru raptor-1.4.21/debian/patches/raptor-1.4.21-cve.patch raptor-1.4.21/debian/patches/raptor-1.4.21-cve.patch
--- raptor-1.4.21/debian/patches/raptor-1.4.21-cve.patch	2012-02-22 15:53:42.000000000 -0600
+++ raptor-1.4.21/debian/patches/raptor-1.4.21-cve.patch	2012-06-13 15:36:42.000000000 -0500
@@ -1,6 +1,7 @@
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor.h raptor-1.4.21/src/raptor.h
---- raptor-1.4.21.orig/src/raptor.h	2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor.h	2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor.h
+===================================================================
+--- raptor-1.4.21.orig/src/raptor.h	2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor.h	2012-06-13 15:24:20.000000000 -0500
 @@ -407,6 +407,7 @@
   * @RAPTOR_FEATURE_RSS_TRIPLES: Atom/RSS serializer writes extra RDF triples it finds (none, rdf-xml, atom-triples)
   * @RAPTOR_FEATURE_ATOM_ENTRY_URI: Atom entry URI.  If given, generate an Atom Entry Document with the item having the given URI, otherwise generate an Atom Feed Document with any items found.
@@ -19,9 +20,10 @@
  } raptor_feature;
  
  
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_feature.c raptor-1.4.21/src/raptor_feature.c
---- raptor-1.4.21.orig/src/raptor_feature.c	2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_feature.c	2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_feature.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_feature.c	2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_feature.c	2012-06-13 15:24:20.000000000 -0500
 @@ -93,7 +93,8 @@
    { RAPTOR_FEATURE_JSON_EXTRA_DATA   , 6,  "jsonExtraData", "JSON serializer extra data" },
    { RAPTOR_FEATURE_RSS_TRIPLES       , 6,  "rssTriples", "Atom/RSS serializer writes extra RDF triples" },
@@ -32,18 +34,11 @@
  };
  
  
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_internal.h raptor-1.4.21/src/raptor_internal.h
---- raptor-1.4.21.orig/src/raptor_internal.h	2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_internal.h	2012-02-04 15:30:55.000000000 -0800
-@@ -852,7 +852,6 @@
- 
- #ifdef RAPTOR_WWW_LIBCURL
- #include <curl/curl.h>
--#include <curl/types.h>
- #include <curl/easy.h>
- #endif
- 
-@@ -1060,6 +1059,14 @@
+Index: raptor-1.4.21/src/raptor_internal.h
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_internal.h	2012-06-13 15:24:20.000000000 -0500
++++ raptor-1.4.21/src/raptor_internal.h	2012-06-13 15:25:58.000000000 -0500
+@@ -1058,6 +1058,14 @@
  
    /* sax2 init failed - do not try to do anything with it */
    int failed;
@@ -58,9 +53,10 @@
  };
  
  int raptor_sax2_init(raptor_world* world);
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_libxml.c raptor-1.4.21/src/raptor_libxml.c
---- raptor-1.4.21.orig/src/raptor_libxml.c	2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_libxml.c	2012-02-22 12:29:38.000000000 -0800
+Index: raptor-1.4.21/src/raptor_libxml.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_libxml.c	2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_libxml.c	2012-06-13 15:24:20.000000000 -0500
 @@ -142,18 +142,120 @@
  
  static xmlParserInputPtr
@@ -73,7 +69,7 @@
 +  raptor_sax2* sax2 = (raptor_sax2*)user_data;
 +  xmlParserCtxtPtr ctxt = sax2->xc;
 +  const unsigned char *uri_string = NULL;
-+  xmlParserInputPtr entity_input;
++  xmlParserInputPtr entity_input = NULL;
 +  int load_entity = 0;
 +
 +  if(!ctxt)
@@ -189,9 +185,10 @@
  
  static xmlEntityPtr
  raptor_libxml_getParameterEntity(void* user_data, const xmlChar *name) {
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_parse.c raptor-1.4.21/src/raptor_parse.c
---- raptor-1.4.21.orig/src/raptor_parse.c	2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_parse.c	2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_parse.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_parse.c	2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_parse.c	2012-06-13 15:24:20.000000000 -0500
 @@ -1443,6 +1443,7 @@
      case RAPTOR_FEATURE_MICROFORMATS:
      case RAPTOR_FEATURE_HTML_LINK:
@@ -208,9 +205,10 @@
        result = parser->features[(int)feature];
        break;
  
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_rdfxml.c raptor-1.4.21/src/raptor_rdfxml.c
---- raptor-1.4.21.orig/src/raptor_rdfxml.c	2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_rdfxml.c	2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_rdfxml.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_rdfxml.c	2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_rdfxml.c	2012-06-13 15:24:20.000000000 -0500
 @@ -1130,6 +1130,9 @@
    raptor_sax2_set_feature(rdf_xml_parser->sax2, 
                            RAPTOR_FEATURE_NO_NET,
@@ -221,9 +219,10 @@
    
    raptor_sax2_parse_start(rdf_xml_parser->sax2, uri);
  
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_rss.c raptor-1.4.21/src/raptor_rss.c
---- raptor-1.4.21.orig/src/raptor_rss.c	2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_rss.c	2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_rss.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_rss.c	2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_rss.c	2012-06-13 15:24:20.000000000 -0500
 @@ -247,6 +247,9 @@
    raptor_sax2_set_feature(rss_parser->sax2, 
                            RAPTOR_FEATURE_NO_NET,
@@ -234,9 +233,10 @@
    
    raptor_sax2_parse_start(rss_parser->sax2, uri);
  
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_sax2.c raptor-1.4.21/src/raptor_sax2.c
---- raptor-1.4.21.orig/src/raptor_sax2.c	2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_sax2.c	2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_sax2.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_sax2.c	2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_sax2.c	2012-06-13 15:24:20.000000000 -0500
 @@ -106,6 +106,8 @@
  
    sax2->user_data=user_data;
@@ -335,9 +335,10 @@
      return 0;
  
    if(sax2->external_entity_ref_handler)
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_serialize.c raptor-1.4.21/src/raptor_serialize.c
---- raptor-1.4.21.orig/src/raptor_serialize.c	2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_serialize.c	2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_serialize.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_serialize.c	2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_serialize.c	2012-06-13 15:24:20.000000000 -0500
 @@ -974,6 +974,7 @@
  
      /* Shared */
@@ -370,9 +371,10 @@
  
      /* XML writer features */
      case RAPTOR_FEATURE_WRITER_AUTO_INDENT:
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_turtle_writer.c raptor-1.4.21/src/raptor_turtle_writer.c
---- raptor-1.4.21.orig/src/raptor_turtle_writer.c	2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_turtle_writer.c	2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_turtle_writer.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_turtle_writer.c	2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_turtle_writer.c	2012-06-13 15:24:20.000000000 -0500
 @@ -740,6 +740,7 @@
  
      /* Shared */
@@ -389,9 +391,10 @@
  
      /* XML writer features */
      case RAPTOR_FEATURE_RELATIVE_URIS:
-diff -urN -X /home/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_xml_writer.c raptor-1.4.21/src/raptor_xml_writer.c
---- raptor-1.4.21.orig/src/raptor_xml_writer.c	2010-01-29 15:54:42.000000000 -0800
-+++ raptor-1.4.21/src/raptor_xml_writer.c	2012-02-04 15:29:56.000000000 -0800
+Index: raptor-1.4.21/src/raptor_xml_writer.c
+===================================================================
+--- raptor-1.4.21.orig/src/raptor_xml_writer.c	2010-01-29 17:54:42.000000000 -0600
++++ raptor-1.4.21/src/raptor_xml_writer.c	2012-06-13 15:24:20.000000000 -0500
 @@ -973,6 +973,7 @@
  
      /* Shared */
diff -Nru raptor-1.4.21/debian/patches/series raptor-1.4.21/debian/patches/series
--- raptor-1.4.21/debian/patches/series	2011-08-26 09:54:12.000000000 -0500
+++ raptor-1.4.21/debian/patches/series	2012-06-13 15:31:13.000000000 -0500
@@ -1,2 +1,3 @@
 01-write_bytes.patch
 02-fix-639065
+raptor-1.4.21-cve.patch

--- End Message ---

--- Begin Message ---

Source: raptor
Source-Version: 1.4.21-7.1

We believe that the bug you reported is fixed in the latest version of
raptor, which is due to be installed in the Debian FTP archive:

libraptor1-dbg_1.4.21-7.1_i386.deb
  to main/r/raptor/libraptor1-dbg_1.4.21-7.1_i386.deb
libraptor1-dev_1.4.21-7.1_i386.deb
  to main/r/raptor/libraptor1-dev_1.4.21-7.1_i386.deb
libraptor1-doc_1.4.21-7.1_all.deb
  to main/r/raptor/libraptor1-doc_1.4.21-7.1_all.deb
libraptor1_1.4.21-7.1_i386.deb
  to main/r/raptor/libraptor1_1.4.21-7.1_i386.deb
raptor-utils_1.4.21-7.1_i386.deb
  to main/r/raptor/raptor-utils_1.4.21-7.1_i386.deb
raptor_1.4.21-7.1.debian.tar.gz
  to main/r/raptor/raptor_1.4.21-7.1.debian.tar.gz
raptor_1.4.21-7.1.dsc
  to main/r/raptor/raptor_1.4.21-7.1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 677...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luk Claes <l...@debian.org> (supplier of updated raptor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 23 Jun 2012 18:36:29 +0200
Source: raptor
Binary: libraptor1-dev libraptor1 raptor-utils libraptor1-doc libraptor1-dbg
Architecture: source all i386
Version: 1.4.21-7.1
Distribution: unstable
Urgency: high
Maintainer: Dave Beckett <daj...@debian.org>
Changed-By: Luk Claes <l...@debian.org>
Description: 
 libraptor1 - Raptor RDF parser and serializer library
 libraptor1-dbg - Raptor RDF parser and serializer library - debugging symbols
 libraptor1-dev - Raptor RDF parser and serializer development libraries and 
header
 libraptor1-doc - Documentation for the Raptor RDF parser and serializer library
 raptor-utils - Raptor RDF parser and serializer utilities
Closes: 677427
Changes: 
 raptor (1.4.21-7.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Do also apply the patch to fix CVE-2012-0037 (Closes: #677427).
Checksums-Sha1: 
 e64b5cbe32b956f7096d3ac22081a1135cc082e3 1377 raptor_1.4.21-7.1.dsc
 d277cf94c14278a04f2dce82839d9eb8581bb48f 10495 raptor_1.4.21-7.1.debian.tar.gz
 3c7c716b023119b0cfd54779fef4147ab35121d9 191882 
libraptor1-doc_1.4.21-7.1_all.deb
 1818678bb3bea9f136a3f2208049bede87027065 284482 
libraptor1-dev_1.4.21-7.1_i386.deb
 b9d279d7a4a3a2aa7af6a26e64538d25ea19a83b 227958 libraptor1_1.4.21-7.1_i386.deb
 9cb51a1513d8a7a7fce38fabd768dd628faa8ce8 66528 raptor-utils_1.4.21-7.1_i386.deb
 7decc61080fcecbaf702ae2652312db956b10367 509320 
libraptor1-dbg_1.4.21-7.1_i386.deb
Checksums-Sha256: 
 55b5478a29e9e8db3c401a9c7e880b8e549a02e9619e0bf526bb54d4ea0298b3 1377 
raptor_1.4.21-7.1.dsc
 68c2fe3cf0d1a09eb174943bf5eccb1e0ea56d61791ba2e524e9e0027f91a7ad 10495 
raptor_1.4.21-7.1.debian.tar.gz
 28b3fe10d83d2c40e210312767a3c11a79f02ef52820f08309cf0e320935084f 191882 
libraptor1-doc_1.4.21-7.1_all.deb
 ce89da7da9e9b42641a2afba1c7d2629e313f2a4a215e41ce4b4ff6b038a25f9 284482 
libraptor1-dev_1.4.21-7.1_i386.deb
 1ce423290b2e5a2099ca2e0cb94d5026c42545c9669f297d8f07c5000d7c3de6 227958 
libraptor1_1.4.21-7.1_i386.deb
 2f33f9d7eb409e47e10eb23a71e5ea5484a9bee97a885983d0c2b543947845c6 66528 
raptor-utils_1.4.21-7.1_i386.deb
 b63a05fcefabc81a96009658b52a69de9bab0e7a6388535993171295ace6a173 509320 
libraptor1-dbg_1.4.21-7.1_i386.deb
Files: 
 b5bd67ef61437762717832b288df9177 1377 devel optional raptor_1.4.21-7.1.dsc
 01c7bf6740eb54579d7861163bf6d0db 10495 devel optional 
raptor_1.4.21-7.1.debian.tar.gz
 0e94940615d18e2fe84c0b7a6363155f 191882 doc optional 
libraptor1-doc_1.4.21-7.1_all.deb
 8edbccf1ddd12ef9cbc76a975132d349 284482 libdevel optional 
libraptor1-dev_1.4.21-7.1_i386.deb
 0b4e785cc22e71696b38136bdb816fa8 227958 libs optional 
libraptor1_1.4.21-7.1_i386.deb
 5fb0ad37fc86687509f142479f576b71 66528 text optional 
raptor-utils_1.4.21-7.1_i386.deb
 683f9ba71003d74cc173eef5913a734f 509320 debug extra 
libraptor1-dbg_1.4.21-7.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk/l83QACgkQ5UTeB5t8Mo1UlACgurRKV98QJ+9PDlBLIBQNfal1
Mz8An12Mab0LcJTtZoXfcAWIDhf1oqLF
=xebw
-----END PGP SIGNATURE-----

--- End Message ---

Bug#677427: marked as done (raptor: Fix for CVE-2012-0037 no applied during build)

Reply via email to