Version in base suite: 2.0.15-4

Base version: raptor2_2.0.15-4
Target version: raptor2_2.0.15-4+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/r/raptor2/raptor2_2.0.15-4.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/r/raptor2/raptor2_2.0.15-4+deb12u1.dsc

 changelog                                                          |   10 
 patches/Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch |   44 ++
 patches/Fix-Github-issue-70-B-Heap-read-buffer-overflow-in-n.patch |   30 +
 patches/Tests-for-Github-issue-70.patch                            |  195 ++++++++++
 patches/series                                                     |    3 
 5 files changed, 282 insertions(+)

diff -Nru raptor2-2.0.15/debian/changelog raptor2-2.0.15/debian/changelog
--- raptor2-2.0.15/debian/changelog	2022-10-02 23:38:55.000000000 +0000
+++ raptor2-2.0.15/debian/changelog	2025-03-29 19:42:36.000000000 +0000
@@ -1,3 +1,13 @@
+raptor2 (2.0.15-4+deb12u1) bookworm; urgency=medium
+
+  * Integer Underflow in raptor_uri_normalize_path() (CVE-2024-57823)
+    (Closes: #1067896)
+  * Heap read buffer overflow in ntriples bnode (CVE-2024-57822)
+    (Closes: #1067896)
+  * Tests for Github issue 70
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 29 Mar 2025 20:42:36 +0100
+
 raptor2 (2.0.15-4) unstable; urgency=medium
 
   * QA upload.
diff -Nru raptor2-2.0.15/debian/patches/Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch raptor2-2.0.15/debian/patches/Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch
--- raptor2-2.0.15/debian/patches/Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch	1970-01-01 00:00:00.000000000 +0000
+++ raptor2-2.0.15/debian/patches/Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch	2025-03-29 19:42:36.000000000 +0000
@@ -0,0 +1,44 @@
+From: Dave Beckett <dave@dajobe.org>
+Date: Thu, 6 Feb 2025 21:12:37 -0800
+Subject: Fix Github issue 70 A) Integer Underflow in
+ raptor_uri_normalize_path()
+Origin: https://github.com/dajobe/raptor/commit/da7a79976bd0314c23cce55d22495e7d29301c44
+Bug: https://github.com/dajobe/raptor/issues/70
+Bug-Debian: https://bugs.debian.org/1067896
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-57823
+
+(raptor_uri_normalize_path): Return empty buffer if path gets to 0
+length
+---
+ src/raptor_rfc2396.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/raptor_rfc2396.c b/src/raptor_rfc2396.c
+index 8cc364f44735..f8ec57986a08 100644
+--- a/src/raptor_rfc2396.c
++++ b/src/raptor_rfc2396.c
+@@ -351,6 +351,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
+           *dest++ = *s++;
+         *dest = '\0';
+         path_len -= len;
++        if(path_len <= 0) {
++          *path_buffer = '\0';
++          return 0;
++        }
+ 
+         if(p && p < prev) {
+           /* We know the previous prev path component and we didn't do
+@@ -390,6 +394,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
+     /* Remove <component>/.. at the end of the path */
+     *prev = '\0';
+     path_len -= (s-prev);
++    if(path_len <= 0) {
++      *path_buffer = '\0';
++      return 0;
++    }
+   }
+ 
+ 
+-- 
+2.49.0
+
diff -Nru raptor2-2.0.15/debian/patches/Fix-Github-issue-70-B-Heap-read-buffer-overflow-in-n.patch raptor2-2.0.15/debian/patches/Fix-Github-issue-70-B-Heap-read-buffer-overflow-in-n.patch
--- raptor2-2.0.15/debian/patches/Fix-Github-issue-70-B-Heap-read-buffer-overflow-in-n.patch	1970-01-01 00:00:00.000000000 +0000
+++ raptor2-2.0.15/debian/patches/Fix-Github-issue-70-B-Heap-read-buffer-overflow-in-n.patch	2025-03-29 19:42:36.000000000 +0000
@@ -0,0 +1,30 @@
+From: Dave Beckett <dave@dajobe.org>
+Date: Fri, 7 Feb 2025 11:38:34 -0800
+Subject: Fix Github issue 70 B) Heap read buffer overflow in ntriples bnode
+Origin: https://github.com/dajobe/raptor/commit/ece2c79df43091686a538b8231cf387d84bfa60e
+Bug: https://github.com/dajobe/raptor/issues/70
+Bug-Debian: https://bugs.debian.org/1067896
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-57822
+
+(raptor_ntriples_parse_term_internal): Only allow looking at the last
+character of a bnode ID only if bnode length >0
+---
+ src/raptor_ntriples.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_ntriples.c b/src/raptor_ntriples.c
+index 3276e790f201..ecc4247c2874 100644
+--- a/src/raptor_ntriples.c
++++ b/src/raptor_ntriples.c
+@@ -212,7 +212,7 @@ raptor_ntriples_parse_term_internal(raptor_world* world,
+             locator->column--;
+             locator->byte--;
+           }
+-          if(term_class == RAPTOR_TERM_CLASS_BNODEID && dest[-1] == '.') {
++          if(term_class == RAPTOR_TERM_CLASS_BNODEID && position > 0 && dest[-1] == '.') {
+             /* If bnode id ended on '.' move back one */
+             dest--;
+ 
+-- 
+2.49.0
+
diff -Nru raptor2-2.0.15/debian/patches/Tests-for-Github-issue-70.patch raptor2-2.0.15/debian/patches/Tests-for-Github-issue-70.patch
--- raptor2-2.0.15/debian/patches/Tests-for-Github-issue-70.patch	1970-01-01 00:00:00.000000000 +0000
+++ raptor2-2.0.15/debian/patches/Tests-for-Github-issue-70.patch	2025-03-29 19:42:36.000000000 +0000
@@ -0,0 +1,195 @@
+From: Dave Beckett <dave@dajobe.org>
+Date: Thu, 6 Feb 2025 21:10:38 -0800
+Subject: Tests for Github issue 70
+Origin: https://github.com/dajobe/raptor/commit/0f9d4f7216fa310b1583b44321c2e6ff27c552de
+Bug: https://github.com/dajobe/raptor/issues/70
+
+Tests for https://github.com/dajobe/raptor/issues/70
+A) Integer Underflow in raptor_uri_normalize_path()
+B) Heap read buffer overflow in raptor_ntriples_parse_term_internal()
+---
+ .gitignore             |  2 +-
+ configure.ac           |  1 +
+ tests/Makefile.am      |  2 +-
+ tests/bugs/.gitignore  |  7 +++++
+ tests/bugs/Makefile.am | 13 +++++++++
+ tests/bugs/issue70a.c  | 58 +++++++++++++++++++++++++++++++++++++++
+ tests/bugs/issue70b.c  | 61 ++++++++++++++++++++++++++++++++++++++++++
+ 7 files changed, 142 insertions(+), 2 deletions(-)
+ create mode 100644 tests/bugs/.gitignore
+ create mode 100644 tests/bugs/Makefile.am
+ create mode 100644 tests/bugs/issue70a.c
+ create mode 100644 tests/bugs/issue70b.c
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -1338,6 +1338,7 @@ tests/rdfxml/Makefile
+ tests/turtle/Makefile
+ tests/turtle-2013/Makefile
+ tests/trig/Makefile
++tests/bugs/Makefile
+ utils/Makefile
+ librdfa/Makefile
+ raptor2.pc])
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -37,7 +37,7 @@ raptor_empty_test_SOURCES=empty.c
+ # Used to make N-triples output consistent
+ BASE_URI=http://librdf.org/raptor/tests/
+ 
+-SUBDIRS = rdfxml ntriples ntriples-2013 nquads-2013 turtle turtle-2013 trig grddl rdfa rdfa11 json feeds
++SUBDIRS = rdfxml ntriples ntriples-2013 nquads-2013 turtle turtle-2013 trig grddl rdfa rdfa11 json feeds bugs
+ 
+ 
+ $(top_builddir)/src/libraptor2.la:
+--- /dev/null
++++ b/tests/bugs/.gitignore
+@@ -0,0 +1,7 @@
++*.o
++.deps
++.libs
++TAGS
++raptor_issue*_test
++raptor_issue*_test.exe
++raptor_issue*_test.trs
+--- /dev/null
++++ b/tests/bugs/Makefile.am
+@@ -0,0 +1,13 @@
++TESTS=raptor_issue70a_test$(EXEEXT) raptor_issue70b_test$(EXEEXT)
++
++AM_CPPFLAGS=-I$(top_srcdir)/src
++AM_CFLAGS= -I$(top_builddir)/src @CFLAGS@ $(MEM)
++AM_LDFLAGS=$(top_builddir)/src/libraptor2.la $(MEM_LIBS)
++
++EXTRA_PROGRAMS=$(TESTS)
++
++CLEANFILES=$(TESTS)
++
++raptor_issue70a_test_SOURCES=issue70a.c
++raptor_issue70b_test_SOURCES=issue70b.c
++
+--- /dev/null
++++ b/tests/bugs/issue70a.c
+@@ -0,0 +1,58 @@
++/* -*- Mode: c; c-basic-offset: 2 -*-
++ *
++ * issue70a.c - Raptor test for GitHub issue 70 first part
++ * Integer Underflow in raptor_uri_normalize_path()
++ *
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <raptor_config.h>
++#endif
++
++#include <string.h>
++
++/* Raptor includes */
++#include "raptor2.h"
++#include "raptor_internal.h"
++
++
++int
++main(int argc, const char** argv)
++{
++  const char *program = raptor_basename(argv[0]);
++  const unsigned char* base_uri=      (const unsigned char*)"http:o/www.w3.org/2001/sw/DataA#cess/df1.ttl";
++  const unsigned char* reference_uri= (const unsigned char*)".&/../?D/../../1999/02/22-rdf-syntax-ns#";
++#define BUFFER_LEN 84
++  unsigned char buffer[BUFFER_LEN + 1];
++  size_t buffer_length = BUFFER_LEN + 1;
++  int failures = 0;
++#define EXPECTED_RESULT "http:?D/../../1999/02/22-rdf-syntax-ns#"
++#define EXPECTED_RESULT_LEN 39UL
++  int result;
++  size_t result_len;
++
++  buffer[0] = '\0';
++
++  /* Crash used to happens here if RAPTOR_DEBUG > 3
++   * raptor_rfc2396.c:398:raptor_uri_normalize_path: fatal error: Path length 0 does not match calculated -5.
++   */
++  result = raptor_uri_resolve_uri_reference(base_uri, reference_uri,
++                                            buffer, buffer_length);
++  result_len = strlen((const char*)buffer);
++
++  if(strcmp((const char*)buffer, EXPECTED_RESULT) ||
++     result_len != EXPECTED_RESULT_LEN) {
++    fprintf(stderr, "%s: raptor_uri_resolve_uri_reference() failed with result %d\n", program, result);
++    fprintf(stderr, "%s: Base URI: '%s' (%lu)\n",
++            program, base_uri, strlen((const char*)base_uri));
++    fprintf(stderr, "%s: Ref  URI: '%s' (%lu)\n", reference_uri,
++            program, strlen((const char*)reference_uri));
++    fprintf(stderr, "%s: Result buffer: '%s' (%lu)\n", program,
++            buffer, strlen((const char*)buffer));
++    fprintf(stderr, "%s: Expected: '%s' (%lu)\n", program,
++            EXPECTED_RESULT, EXPECTED_RESULT_LEN);
++    failures++;
++  }
++
++  return failures;
++}
+--- /dev/null
++++ b/tests/bugs/issue70b.c
+@@ -0,0 +1,61 @@
++/* -*- Mode: c; c-basic-offset: 2 -*-
++ *
++ * issue70.c - Raptor test for GitHub issue 70 second part
++ * Heap read buffer overflow in raptor_ntriples_parse_term_internal()
++ *
++ * N-Triples test content: "_:/exaple/o"
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <raptor_config.h>
++#endif
++
++#include <string.h>
++
++/* Raptor includes */
++#include "raptor2.h"
++#include "raptor_internal.h"
++
++
++int
++main(int argc, const char** argv)
++{
++  const char *program = raptor_basename(argv[0]);
++  const unsigned char* ntriples_content = (const unsigned char*)"_:/exaple/o\n";
++#define NTRIPLES_CONTENT_LEN 12
++  const unsigned char* base_uri_string = (const unsigned char*)"http:o/www.w3.org/2001/sw/DataA#cess/df1.ttl";
++  int failures = 0;
++  raptor_world* world = NULL;
++  raptor_uri* base_uri = NULL;
++  raptor_parser* parser = NULL;
++  int result;
++
++  world = raptor_new_world();
++  if(!world)
++    goto cleanup;
++  base_uri = raptor_new_uri(world, base_uri_string);
++  if(!base_uri)
++    goto cleanup;
++  parser = raptor_new_parser(world, "ntriples");
++  if(!parser)
++    goto cleanup;
++
++  (void)raptor_parser_parse_start(parser, base_uri);
++  result = raptor_parser_parse_chunk(parser,
++                                     ntriples_content,
++                                     NTRIPLES_CONTENT_LEN, /* is_end */ 1);
++
++  if(result) {
++    fprintf(stderr, "%s: parsing '%s' N-Triples content failed with result %d\n", program, ntriples_content, result);
++    fprintf(stderr, "%s: Base URI: '%s' (%lu)\n",
++            program, base_uri_string, strlen((const char*)base_uri_string));
++    failures++;
++  }
++
++  cleanup:
++  raptor_free_parser(parser);
++  raptor_free_uri(base_uri);
++  raptor_free_world(world);
++
++  return failures;
++}
diff -Nru raptor2-2.0.15/debian/patches/series raptor2-2.0.15/debian/patches/series
--- raptor2-2.0.15/debian/patches/series	2022-09-29 07:30:38.000000000 +0000
+++ raptor2-2.0.15/debian/patches/series	2025-03-29 19:42:36.000000000 +0000
@@ -2,3 +2,6 @@
 CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
 configure.ac-Allow-use-of-pkg-config-to-detect-the-libxsl.patch
 configure.ac-libxml2.patch
+Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch
+Fix-Github-issue-70-B-Heap-read-buffer-overflow-in-n.patch
+Tests-for-Github-issue-70.patch