--- raptor-1.4.21.orig/debian/compat +++ raptor-1.4.21/debian/compat @@ -0,0 +1 @@ +5 --- raptor-1.4.21.orig/debian/libraptor1.install +++ raptor-1.4.21/debian/libraptor1.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/libraptor*.so.* /usr/lib --- raptor-1.4.21.orig/debian/libraptor1-dev.manpages +++ raptor-1.4.21/debian/libraptor1-dev.manpages @@ -0,0 +1,2 @@ +src/raptor-config.1 +docs/libraptor.3 --- raptor-1.4.21.orig/debian/libraptor1-doc.install +++ raptor-1.4.21/debian/libraptor1-doc.install @@ -0,0 +1 @@ +docs/html/* /usr/share/gtk-doc/html/raptor --- raptor-1.4.21.orig/debian/raptor-utils.install +++ raptor-1.4.21/debian/raptor-utils.install @@ -0,0 +1 @@ +debian/tmp/usr/bin/rapper /usr/bin --- raptor-1.4.21.orig/debian/libraptor1-dev.install +++ raptor-1.4.21/debian/libraptor1-dev.install @@ -0,0 +1,7 @@ +debian/tmp/usr/include/*.h /usr/include +debian/tmp/usr/lib/libraptor.a /usr/lib +debian/tmp/usr/lib/libraptor.la /usr/lib +debian/tmp/usr/lib/libraptor.so /usr/lib +debian/tmp/usr/bin/raptor-config /usr/bin +debian/tmp/usr/lib/pkgconfig/raptor.pc /usr/lib/pkgconfig + --- raptor-1.4.21.orig/debian/watch +++ raptor-1.4.21/debian/watch @@ -0,0 +1,2 @@ +version=2 +http://download.librdf.org/source/ raptor-([\d+\.]+|\d+)\.tar\.gz debian uupdate --- raptor-1.4.21.orig/debian/libraptor1-doc.doc-base +++ raptor-1.4.21/debian/libraptor1-doc.doc-base @@ -0,0 +1,11 @@ +Document: libraptor1-doc +Title: Raptor RDF Parser Library Reference Manual +Author: Dave Beckett +Abstract: Raptor is a library providing a set of parsers and + serializers for Resource Description Framework (RDF) triples by + parsing syntaxes or serializing the triples into a syntax. +Section: Programming/C + +Format: HTML +Index: /usr/share/gtk-doc/html/raptor/index.html +Files: /usr/share/gtk-doc/html/raptor/*.html --- raptor-1.4.21.orig/debian/control +++ raptor-1.4.21/debian/control @@ -0,0 +1,75 @@ +Source: raptor +Section: devel +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Dave Beckett +Build-Depends: debhelper (>> 5), autotools-dev, cdbs, libtool (>= 1.5), libxml2-dev (>= 2.5.10), libcurl4-gnutls-dev, libxslt1-dev (>= 1.0.18) +Standards-Version: 3.8.4 +Homepage: http://librdf.org/raptor/ + +Package: libraptor1-dev +Provides: libraptor-dev +Conflicts: libraptor-dev, libraptor0 (<= 0.9.12-2), libraptor1 (<=1.0.0-4) +Suggests: libraptor1-doc +Recommends: raptor-utils +Section: libdevel +Architecture: any +Depends: ${misc:Depends}, libraptor1 (= ${binary:Version}), libxml2-dev (>= 2.5.10), libcurl4-gnutls-dev, libxslt1-dev (>= 1.0.18), pkg-config (>= 0.18) +Description: Raptor RDF parser and serializer development libraries and headers + Raptor Resource Description Framework (RDF) parser and serializer + development libraries, header files and documentation needed by + programs that want to be compiled with Raptor. + +Package: libraptor1 +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: raptor-utils +Description: Raptor RDF parser and serializer library + Raptor is a C library providing a set of parsers and serializers for + Resource Description Framework (RDF) triples by parsing syntaxes or + serializing the triples into a syntax. + . + The parsing syntaxes are RDF/XML, N-Triples, Turtle, GRDDL and RSS + tag soup including Atom 0.3 and Atom 1.0. The serializing syntaxes + are RDF/XML, N-Triples RSS 1.0 and Atom 1.0. Raptor can handle + RDF/XML as used by RDF applications such as RSS 1.0, FOAF, DOAP, + Dublin Core and OWL. + . + Raptor is designed for performance, flexibility and embedding (no + memory leaks) and to closely match the revised RDF/XML specification. + +Package: raptor-utils +Section: text +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Conflicts: libraptor0 (<= 0.9.12-1) +Description: Raptor RDF parser and serializer utilities + This package provides the rapper tool for validating, parsing and + serializing RDF/XML, N-Triples, Turtle, RSS, Atom and other Resource + Description Framework (RDF) syntaxes using the Raptor RDF library. + +Package: libraptor1-doc +Section: doc +Architecture: all +Depends: ${misc:Depends}, lynx | www-browser +Description: Documentation for the Raptor RDF parser and serializer library + Raptor is a C library providing a set of parsers and serializers for + Resource Description Framework (RDF) triples by parsing syntaxes or + serializing the triples into a syntax. + . + This package contains the HTML documentation for the Raptor library + in /usr/share/doc/libraptor1-doc/ . + +Package: libraptor1-dbg +Priority: extra +Section: debug +Architecture: any +Depends: ${misc:Depends}, libraptor1 (= ${binary:Version}) +Description: Raptor RDF parser and serializer library - debugging symbols + Raptor is a C library providing a set of parsers and serializers for + Resource Description Framework (RDF) triples by parsing syntaxes or + serializing the triples into a syntax. + . + This package contains the debugging symbols for debugging + applications which use libraptor1. --- raptor-1.4.21.orig/debian/changelog +++ raptor-1.4.21/debian/changelog @@ -0,0 +1,422 @@ +raptor (1.4.21-2ubuntu0.1) natty-security; urgency=low + + * SECURITY UPDATE: Fix XML External Entity (XXE) attack + - debian/patches/02-CVE-2012-0037.patch: Enforce entity loading policy in + raptor_libxml_resolveEntity and raptor_libxml_getEntity by checking for + file URIs and network URIs. + - CVE-2012-0037 + + -- Jamie Strandboge Fri, 08 Jun 2012 11:27:50 -0500 + +raptor (1.4.21-2) unstable; urgency=low + + * debian/control: + - Standards version 3.8.4 + - Turn libraptor1 Recommends: raptor-utils into Suggests: because this + is not needed for regular library-using users (Closes: #573270) + * debian/patches/01-write_bytes.patch: Added from upstream GIT to fix + write_bytes() factory return values + + -- Dave Beckett Wed, 10 Mar 2010 06:56:48 -0800 + +raptor (1.4.21-1) unstable; urgency=low + + * New upstream release + + -- Dave Beckett Sat, 30 Jan 2010 08:47:31 -0800 + +raptor (1.4.20-2) unstable; urgency=low + + * Add debug package libraptor1-dbg + * debian/control: Remove Vcs-Svn fields since those were upstream SVN + not packaging. + + -- Dave Beckett Fri, 18 Dec 2009 12:07:00 -0800 + +raptor (1.4.20-1) unstable; urgency=low + + * New upstream release + * Update to standards version 3.8.3 + + -- Dave Beckett Sat, 28 Nov 2009 22:23:57 -0800 + +raptor (1.4.19-1) unstable; urgency=low + + * New upstream release + + -- Dave Beckett Wed, 19 Aug 2009 14:22:53 -0700 + +raptor (1.4.18-3) unstable; urgency=low + + * Remove libtool dependency_libs from libraptor.la + * debian/control: Add Homepage, Vcs-* headers + + -- Dave Beckett Sun, 12 Apr 2009 14:08:11 -0700 + +raptor (1.4.18-2) unstable; urgency=low + + * Link to libcurl-gnutls to remove openssl linking (Closes: #519070, #519695) + * Update to standards version 3.8.1 + * debian/control: add depends: ${misc:Depends} for debhelper [lintian] + * debian/libraptor1-doc.doc-base: make separate an empty line [lintian] + + -- Dave Beckett Fri, 27 Mar 2009 15:40:00 -0800 + +raptor (1.4.18-1) unstable; urgency=low + + * New upstream release + * Bump shlibs to 1.4.18 since the API grew + * debian/copyright: use pointer to /usr/share/common-licenses/Apache-2.0 + * Does not link to -lcares (Closes: #498027) + + -- Dave Beckett Sun, 07 Sep 2008 13:54:03 -0700 + +raptor (1.4.17-1) unstable; urgency=low + + * New upstream release + * Rebuild against libcurl4-gnutls-dev rather than libcurl4-openssl-dev + (Closes: #463344) + * debian/control: depend on libtool 1.5 rather than older debian specific + release + * debian/copyright: 2008 + * debian/libraptor1-doc.doc-base: Use a correct Section: + + -- Dave Beckett Tue, 01 Apr 2008 22:06:01 -0700 + +raptor (1.4.16-1) unstable; urgency=low + + * New upstream release + * Bump shlibs to 1.4.16 since the API grew + + -- Dave Beckett Mon, 01 Oct 2007 00:25:06 -0700 + +raptor (1.4.15-4) unstable; urgency=low + * Install gtk-doc files under dir /usr/share/gtk-doc/html/raptor not + libraptor so that devhelp can find raptor.devhelp{,2} + + -- Dave Beckett Sun, 26 Aug 2007 10:59:37 -0700 + +raptor (1.4.15-3) unstable; urgency=low + + * Use libcurl4-openssl-dev since libcurl3-openssl-dev has been + removed (Closes: #424647) + + -- Dave Beckett Thu, 28 Jun 2007 07:27:31 -0700 + +raptor (1.4.15-2) unstable; urgency=low + + * Bump shlibs to 1.4.14 since the API grew (Closes: #411356) + + -- Dave Beckett Sat, 14 Apr 2007 11:22:09 -0700 + +raptor (1.4.15-1) unstable; urgency=low + + * New upstream release + + -- Dave Beckett Mon, 26 Mar 2007 23:56:18 -0700 + +raptor (1.4.14-1) experimental; urgency=low + + * New upstream release + - raptor.pc now uses Libs.private (Closes: #405242) + - libraptor1-dev thus requires pkg-config (>= 0.18) + + -- Dave Beckett Wed, 31 Jan 2007 23:34:00 -0800 + +raptor (1.4.13-1) unstable; urgency=low + + * New upstream release + + -- Dave Beckett Sun, 22 Oct 2006 21:15:07 -0700 + +raptor (1.4.12-1) unstable; urgency=low + + * New upstream release + + -- Dave Beckett Sun, 27 Aug 2006 10:56:47 -0700 + +raptor (1.4.11-1) unstable; urgency=low + + * New upstream release + * Removed patch 01-rss-serialize.patch merged upstream + * Bump shlibs for 1.4.11 + + -- Dave Beckett Sat, 26 Aug 2006 21:30:03 -0700 + +raptor (1.4.10-1) unstable; urgency=low + + * New upstream release + * Removed patch debian/01-rss-parser-early-triples.patch merged upstream + * Standards version 3.7.2 + * Added patch 01-rss-serialize.patch from Subversion to make RSS + serializing work again. + + -- Dave Beckett Sat, 12 Aug 2006 10:59:23 -0700 + +raptor (1.4.9-2) unstable; urgency=low + + * Added patch debian/01-rss-parser-early-triples.patch to fix crashes + with RSS parser. + + -- Dave Beckett Thu, 11 May 2006 06:29:35 -0700 + +raptor (1.4.9-1) unstable; urgency=low + + * New upstream release + * Bump shlibs for 1.4.9 + * debian/copyright: 2006 + + -- Dave Beckett Sat, 22 Apr 2006 15:29:32 -0700 + +raptor (1.4.8-3) unstable; urgency=low + + * Rebuild because libcurl was broken at some point (Closes: #355330) + * Build-Depend against a specific curl and SSL combination: + libcurl3-openssl-dev (Closes: #333259) + * debian/compat, debian/control: Update to debhelper 5 compat. + * debian/copyright: Update copyright info, urls. FSF have moved. + + -- Dave Beckett Sat, 4 Mar 2006 18:13:36 -0800 + +raptor (1.4.8-2) unstable; urgency=low + + * Bump shlibs for 1.4.8 + + -- Dave Beckett Sun, 15 Jan 2006 19:26:26 -0800 + +raptor (1.4.8-1) unstable; urgency=low + + * New upstream release + * Added libraptor1-doc package for the new gtk-doc html + * debian/watch: Updated url + + -- Dave Beckett Mon, 2 Jan 2006 23:09:34 -0800 + +raptor (1.4.7-1) unstable; urgency=low + + * New upstream release + + -- Dave Beckett Wed, 8 Jun 2005 15:42:44 +0100 + +raptor (1.4.6-1) unstable; urgency=low + + * New upstream release + * Add Build-Depend on libxslt1-dev for GRDDL parser + + -- Dave Beckett Sun, 29 May 2005 18:47:13 +0100 + +raptor (1.4.5-2) unstable; urgency=low + + * Remove libcurl2 Build-Depend possiblities, removed from the archive. + * Bumped shlibs to 1.4.4 as new functions were added in 1.4.3 + + -- Dave Beckett Wed, 23 Mar 2005 18:31:20 +0000 + +raptor (1.4.5-1) unstable; urgency=low + + * New upstream release + + -- Dave Beckett Sun, 6 Feb 2005 18:26:24 +0000 + +raptor (1.4.4-1) unstable; urgency=low + + * New upstream release + + -- Dave Beckett Sat, 15 Jan 2005 19:54:42 +0000 + +raptor (1.4.3-1) unstable; urgency=low + + * New upstream release + + -- Dave Beckett Sat, 8 Jan 2005 20:59:39 +0000 + +raptor (1.4.2-1) unstable; urgency=low + + * New upstream release + + -- Dave Beckett Mon, 1 Nov 2004 22:30:03 +0000 + +raptor (1.4.0-1) unstable; urgency=low + + * New upstream release + * Convert rules to use CDBS + + -- Dave Beckett Tue, 26 Oct 2004 00:30:23 +0100 + +raptor (1.3.3-1) unstable; urgency=low + + * New upstream release + * License changed to LGPL2.1 / Apache 2.0 + * Expanded RDF in the package descriptions. Closes: 266390 + * Require libxml2 2.5.10+ for RSS Tag Soup parser Atom 0.3 support + + -- Dave Beckett Fri, 24 Sep 2004 22:36:41 +0100 + +raptor (1.3.2-1) unstable; urgency=low + + * New upstream release + * Added debian/watch + * Update copyright for 2004 + * Remove --disable-nfc-check - code has been removed upstream. + + -- Dave Beckett Tue, 27 Jul 2004 11:24:08 +0100 + +raptor (1.3.1-3) unstable; urgency=low + + * Update to depend on libcurl3-dev | libcurl2-dev + * Unicode NFC checking is broken via GNOME glib so added + --disable-nfc-check and removed the libglib2.0-dev dependency. + + -- Dave Beckett Mon, 19 Jul 2004 00:08:57 +0100 + +raptor (1.3.1-2) unstable; urgency=low + + * Restore libraptor1-dev depend on libxml2-dev, libcurl2-dev, + libglib2.0-dev. I suck. + * Added --enable-release to not deleted compile options. + + -- Dave Beckett Sun, 13 Jun 2004 23:54:28 +0100 + +raptor (1.3.1-1) unstable; urgency=low + + * New upstream release. Closes: 234246, 253968 + * Apologies that the 1.3.0-1 release did not deal with 234246. + * Remove libraptor1-dev depend on libxml2-dev, libcurl2-dev, libglib2.0-dev + + -- Dave Beckett Sat, 12 Jun 2004 22:22:19 +0100 + +raptor (1.3.0-1) unstable; urgency=low + + * New upstream release. Closes: 234246 + + -- Dave Beckett Sat, 29 May 2004 22:02:30 +0100 + +raptor (1.2.0-2) unstable; urgency=low + + * Make sure raptor-utils has a libraptor >= 1.2.0-1 + + -- Dave Beckett Mon, 26 Jan 2004 11:57:56 +0000 + +raptor (1.2.0-1) unstable; urgency=low + + * New upstream release + + -- Dave Beckett Sat, 24 Jan 2004 16:35:44 +0000 + +raptor (1.1.0-1) unstable; urgency=low + + * New upstream release + * Update to Standards-Version 3.6.1 (no changes needed) + + -- Dave Beckett Wed, 31 Dec 2003 17:44:11 +0000 + +raptor (1.0.0-5) unstable; urgency=low + + * libraptor1-dev recommends raptor-utils + * libraptor1-dev conflicts with libraptor1 1.0.0-4 or earlier + over libraptor.3 + + -- Dave Beckett Fri, 12 Sep 2003 13:43:24 +0100 + +raptor (1.0.0-4) unstable; urgency=low + + * Really move libraptor.3 into libraptor1-dev + * libraptor1-dev conflicts with libraptor-dev over libraptor.3 + + -- Dave Beckett Fri, 12 Sep 2003 12:58:29 +0100 + +raptor (1.0.0-3) unstable; urgency=low + + * libraptor1-dev conflicts with libraptor0-dev over libraptor.3 + + -- Dave Beckett Fri, 12 Sep 2003 12:41:48 +0100 + +raptor (1.0.0-2) unstable; urgency=low + + * Added raptor-utils to hold the rapper program + + -- Dave Beckett Thu, 11 Sep 2003 12:49:49 +0100 + +raptor (1.0.0-1) unstable; urgency=low + + * New upstream release (1.0.0) with new soname 1 + + -- Dave Beckett Mon, 8 Sep 2003 14:43:13 +0100 + +raptor (0.9.12-1) unstable; urgency=low + + * New upstream release (0.9.12) + + -- Dave Beckett Mon, 25 Aug 2003 20:35:12 +0100 + +raptor (0.9.11-3) unstable; urgency=high + + * Add Depends: for libraptor0-dev to all the dev libraries already + listed in Build-Depends: (closes: #204539) + + -- Dave Beckett Sun, 10 Aug 2003 00:04:38 +0100 + +raptor (0.9.11-2) unstable; urgency=low + + * Fix build to not be a native package. + + -- Dave Beckett Thu, 31 Jul 2003 22:33:21 +0100 + +raptor (0.9.11-1) unstable; urgency=low + + * New upstream release (0.9.11) + * Fix typo and update package description (closes: #202776) + * Update to Standards-Version 3.6.0 + + -- Dave Beckett Thu, 31 Jul 2003 20:55:51 +0100 + +raptor (0.9.10-2) unstable; urgency=low + + * First release to Debian archive. (Closes: #151388) + + -- Dave Beckett Wed, 25 Jun 2003 22:58:15 +0100 + +raptor (0.9.10-1) unstable; urgency=low + + * New upstream release (0.9.10). + + -- Dave Beckett Thu, 17 Apr 2003 20:30:59 +0100 + +raptor (0.9.9-1) unstable; urgency=low + + * New upstream release (0.9.9). + + -- Dave Beckett Thu, 29 Mar 2003 22:03:00 -0000 + +raptor (0.9.8-2) unstable; urgency=low + + * (libraptor0-dev) Add missing raptor-config. + * Manual page for raptor-config. + + -- Dave Beckett Thu, 13 Feb 2003 18:42:00 -0000 + +raptor (0.9.8-1) unstable; urgency=low + + * New upstream release (0.9.8). + + -- Dave Beckett Thu, 13 Feb 2003 11:12:54 -0000 + +raptor (0.9.6-1) unstable; urgency=low + + * New upstream release (0.9.6). + + -- Dave Beckett Sat, 2 Nov 2002 17:39:18 +0000 + +raptor (0.9.5-2) unstable; urgency=low + + * Renamed package names, updates for policy + + -- Dave Beckett Sat, 15 Jun 2002 22:25:45 +0100 + +raptor (0.9.5-1) unstable; urgency=low + + * Initial Release. + * First Debian package. + + -- Dave Beckett Thu, 13 Jun 2002 17:27:03 +0100 + --- raptor-1.4.21.orig/debian/raptor-utils.manpages +++ raptor-1.4.21/debian/raptor-utils.manpages @@ -0,0 +1 @@ +utils/rapper.1 --- raptor-1.4.21.orig/debian/rules +++ raptor-1.4.21/debian/rules @@ -0,0 +1,20 @@ +#!/usr/bin/make -f +# +# Debian rules for packaging Raptor +# +# +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/simple-patchsys.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/class/makefile.mk + +DEB_INSTALL_DOCS_ALL=README NEWS AUTHORS NOTICE + +DEB_DBG_PACKAGE_libraptor1 = libraptor1-dbg + +DEB_CONFIGURE_USER_FLAGS= \ + --with-xml-parser=libxml \ + --enable-release + +install/libraptor1-dev:: + sed "/dependency_libs/ s/'.*'/''/" debian/tmp/usr/lib/libraptor.la > debian/tmp/usr/lib/libraptor.la.new && mv debian/tmp/usr/lib/libraptor.la.new debian/tmp/usr/lib/libraptor.la --- raptor-1.4.21.orig/debian/copyright +++ raptor-1.4.21/debian/copyright @@ -0,0 +1,73 @@ +Upstream Author: Dave Beckett +Packager: Dave Beckett + +Sources: http://download.librdf.org/source/ + +Copyright: + + Copyright (C) 2000-2008 David Beckett + Copyright (C) 2000-2005 Institute for Learning and Research + Technology, University of Bristol. All Rights Reserved. + + Raptor RDF Parser Toolkit - License + + This package is Free Software available under any one of the specified + licenses below. All the licenses below are alternatives and if you select + one license, that one alone applies. + +1. The GNU Lesser General Public License (LGPL) Version 2.1 + +On Debian systems, the complete text of the GNU Lesser General Public +License V2.1 can be found in /usr/share/common-licenses/LGPL-2.1 file. + + _________________________________________________________________ + + Copyright (C) 2000-2008 David Beckett + Copyright (C) 2000-2005 Institute for Learning and Research + Technology, University of Bristol. All Rights Reserved. + + This package is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License Version 2.1 as + published by the Free Software Foundation or any newer version. + + This package is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + License Version 2.1 for more details. + + You should have reaceived a copy of the GNU Lesser General Public License + Version 2.1 along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + _________________________________________________________________ + + NOTE - under Term 3 of the LGPL Version 2.1, you may choose to license the + entire package under the GPL. If that option is chosen, then this package is + licensed under the terms of the GPL Version 2 or alternatively, any newer + version of the GPL. See COPYING for the full GPL license text. + +On Debian systems, the complete text of the GNU General Public +License V2 can be found in /usr/share/common-licenses/GPL-2 + +2. The Apache License V2.0 + + Copyright (C) 2000-2008 David Beckett + Copyright (C) 2000-2005 Institute for Learning and Research + Technology, University of Bristol. + + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain a + copy of the License at: + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + + The NOTICE file contains the notices that must be applied according to + section 4(d) of the Apache License, Version 2.0. + +On Debian systems, the complete text of the Apache License V2.0 +can be found in /usr/share/common-licenses/Apache-2.0 --- raptor-1.4.21.orig/debian/libraptor1.shlibs +++ raptor-1.4.21/debian/libraptor1.shlibs @@ -0,0 +1 @@ +libraptor 1 libraptor1 (>= 1.4.19) --- raptor-1.4.21.orig/debian/patches/01-write_bytes.patch +++ raptor-1.4.21/debian/patches/01-write_bytes.patch @@ -0,0 +1,43 @@ +Upstream GIT commits: 053f492441065052eb0d0caa16d355b6c452fd58 and e0cf74bbcd37ebe69f53cb84ddf2b21d614f53a6 merged + +Description: raptor_iostream write_bytes handlers are supposed to return the number of bytes written or 0 on failure + +Index: raptor-1.4.21/src/raptor_iostream.c +=================================================================== +--- raptor_iostream.c.orig 2010-01-29 15:54:42.000000000 -0800 ++++ raptor_iostream.c 2010-03-02 20:21:29.000000000 -0800 +@@ -195,7 +195,7 @@ + raptor_sink_iostream_write_bytes(void *user_data, const void *ptr, + size_t size, size_t nmemb) + { +- return 0; ++ return size*nmemb; /* success */ + } + + static int +@@ -257,8 +257,8 @@ + raptor_filename_iostream_write_bytes(void *user_data, + const void *ptr, size_t size, size_t nmemb) + { +- FILE* handle=(FILE*)user_data; +- return (fwrite(ptr, size, nmemb, handle) == nmemb); ++ FILE* handle = (FILE*)user_data; ++ return (int)fwrite(ptr, size, nmemb, handle); + } + + static void +@@ -449,9 +449,11 @@ + { + struct raptor_write_string_iostream_context* con; + +- con=(struct raptor_write_string_iostream_context*)user_data; +- return raptor_stringbuffer_append_counted_string(con->sb, +- (const unsigned char*)ptr, size * nmemb, 1); ++ con = (struct raptor_write_string_iostream_context*)user_data; ++ if(raptor_stringbuffer_append_counted_string(con->sb, ++ (const unsigned char*)ptr, size * nmemb, 1)) ++ return 0; /* failure */ ++ return size * nmemb; /* success */ + } + + static const raptor_iostream_handler2 raptor_iostream_write_string_handler={ --- raptor-1.4.21.orig/debian/patches/02-CVE-2012-0037.patch +++ raptor-1.4.21/debian/patches/02-CVE-2012-0037.patch @@ -0,0 +1,427 @@ +Origin: David Beckett via Debian +Description: Enforce entity loading policy in raptor_libxml_resolveEntity + and raptor_libxml_getEntity by checking for file URIs and network URIs. + Initialize 'xmlParserInputPtr entity_input' as NULL in src/raptor_libxml.c to + fix a compiler warning by Jamie Strandboge. + +Index: raptor-1.4.21/src/raptor.h +=================================================================== +--- raptor-1.4.21.orig/src/raptor.h 2012-06-08 11:00:54.000000000 -0500 ++++ raptor-1.4.21/src/raptor.h 2012-06-08 11:00:56.000000000 -0500 +@@ -407,6 +407,7 @@ + * @RAPTOR_FEATURE_RSS_TRIPLES: Atom/RSS serializer writes extra RDF triples it finds (none, rdf-xml, atom-triples) + * @RAPTOR_FEATURE_ATOM_ENTRY_URI: Atom entry URI. If given, generate an Atom Entry Document with the item having the given URI, otherwise generate an Atom Feed Document with any items found. + * @RAPTOR_FEATURE_PREFIX_ELEMENTS: Integer. If set, generate Atom/RSS1.0 documents with prefixed elements, otherwise unprefixed. ++ * @RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: When reading XML, load external entities. + * @RAPTOR_FEATURE_LAST: Internal + * + * Raptor parser, serializer or XML writer features. +@@ -448,7 +449,8 @@ + RAPTOR_FEATURE_RSS_TRIPLES, + RAPTOR_FEATURE_ATOM_ENTRY_URI, + RAPTOR_FEATURE_PREFIX_ELEMENTS, +- RAPTOR_FEATURE_LAST = RAPTOR_FEATURE_PREFIX_ELEMENTS ++ RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES, ++ RAPTOR_FEATURE_LAST = RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES + } raptor_feature; + + +Index: raptor-1.4.21/src/raptor_feature.c +=================================================================== +--- raptor-1.4.21.orig/src/raptor_feature.c 2012-06-08 11:00:54.000000000 -0500 ++++ raptor-1.4.21/src/raptor_feature.c 2012-06-08 11:00:56.000000000 -0500 +@@ -93,7 +93,8 @@ + { RAPTOR_FEATURE_JSON_EXTRA_DATA , 6, "jsonExtraData", "JSON serializer extra data" }, + { RAPTOR_FEATURE_RSS_TRIPLES , 6, "rssTriples", "Atom/RSS serializer writes extra RDF triples" }, + { RAPTOR_FEATURE_ATOM_ENTRY_URI , 6, "atomEntryUri", "Atom serializer Entry URI" }, +- { RAPTOR_FEATURE_PREFIX_ELEMENTS , 2, "prefixElements", "Atom/RSS serializers write namespace-prefixed elements" } ++ { RAPTOR_FEATURE_PREFIX_ELEMENTS , 2, "prefixElements", "Atom/RSS serializers write namespace-prefixed elements" }, ++ { RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES, 1, "loadExternalEntities", "Load external XML entities." } + }; + + +Index: raptor-1.4.21/src/raptor_internal.h +=================================================================== +--- raptor-1.4.21.orig/src/raptor_internal.h 2012-06-08 11:00:54.000000000 -0500 ++++ raptor-1.4.21/src/raptor_internal.h 2012-06-08 11:00:56.000000000 -0500 +@@ -852,7 +852,6 @@ + + #ifdef RAPTOR_WWW_LIBCURL + #include +-#include + #include + #endif + +@@ -1060,6 +1059,14 @@ + + /* sax2 init failed - do not try to do anything with it */ + int failed; ++ ++ /* call SAX2 handlers if non-0 */ ++ int enabled; ++ ++ /* FEATURE: ++ * non 0 if XML entities should be loaded ++ */ ++ int feature_load_external_entities; + }; + + int raptor_sax2_init(raptor_world* world); +Index: raptor-1.4.21/src/raptor_libxml.c +=================================================================== +--- raptor-1.4.21.orig/src/raptor_libxml.c 2012-06-08 11:00:54.000000000 -0500 ++++ raptor-1.4.21/src/raptor_libxml.c 2012-06-08 11:05:38.000000000 -0500 +@@ -142,18 +142,120 @@ + + static xmlParserInputPtr + raptor_libxml_resolveEntity(void* user_data, +- const xmlChar *publicId, const xmlChar *systemId) { +- raptor_sax2* sax2=(raptor_sax2*)user_data; +- return libxml2_resolveEntity(sax2->xc, publicId, systemId); ++ const xmlChar *publicId, const xmlChar *systemId) ++{ ++ raptor_sax2* sax2 = (raptor_sax2*)user_data; ++ xmlParserCtxtPtr ctxt = sax2->xc; ++ const unsigned char *uri_string = NULL; ++ xmlParserInputPtr entity_input = NULL; ++ int load_entity = 0; ++ ++ if(!ctxt) ++ return NULL; ++ ++ if(ctxt->input) ++ uri_string = (const unsigned char *)ctxt->input->filename; ++ ++ if(!uri_string) ++ uri_string = (const unsigned char *)ctxt->directory; ++ ++ load_entity = sax2->feature_load_external_entities; ++ ++ if(load_entity) { ++ entity_input = xmlLoadExternalEntity((const char*)uri_string, ++ (const char*)publicId, ++ ctxt); ++ } else { ++ RAPTOR_DEBUG4("Not loading entity URI %s by policy for publicId '%s' systemId '%s'\n", uri_string, publicId, systemId); ++ } ++ ++ return entity_input; + } + + + static xmlEntityPtr +-raptor_libxml_getEntity(void* user_data, const xmlChar *name) { +- raptor_sax2* sax2=(raptor_sax2*)user_data; +- return libxml2_getEntity(sax2->xc, name); +-} ++raptor_libxml_getEntity(void* user_data, const xmlChar *name) ++{ ++ raptor_sax2* sax2 = (raptor_sax2*)user_data; ++ xmlParserCtxtPtr xc = sax2->xc; ++ xmlEntityPtr ret = NULL; ++ ++ if(!xc) ++ return NULL; + ++ if(!xc->inSubset) { ++ /* looks for hardcoded set of entity names - lt, gt etc. */ ++ ret = xmlGetPredefinedEntity(name); ++ if(ret) { ++ RAPTOR_DEBUG2("Entity '%s' found in predefined set\n", name); ++ return ret; ++ } ++ } ++ ++ /* This section uses xmlGetDocEntity which looks for entities in ++ * memory only, never from a file or URI ++ */ ++ if(xc->myDoc && (xc->myDoc->standalone == 1)) { ++ RAPTOR_DEBUG2("Entity '%s' document is standalone\n", name); ++ /* Document is standalone: no entities are required to interpret doc */ ++ if(xc->inSubset == 2) { ++ xc->myDoc->standalone = 0; ++ ret = xmlGetDocEntity(xc->myDoc, name); ++ xc->myDoc->standalone = 1; ++ } else { ++ ret = xmlGetDocEntity(xc->myDoc, name); ++ if(!ret) { ++ xc->myDoc->standalone = 0; ++ ret = xmlGetDocEntity(xc->myDoc, name); ++ xc->myDoc->standalone = 1; ++ } ++ } ++ } else { ++ ret = xmlGetDocEntity(xc->myDoc, name); ++ } ++ ++ if(ret && !ret->children && ++ (ret->etype == XML_EXTERNAL_GENERAL_PARSED_ENTITY)) { ++ /* Entity is an external general parsed entity. It may be in a ++ * catalog file, user file or user URI ++ */ ++ int val = 0; ++ xmlNodePtr children; ++ int load_entity = 0; ++ ++ load_entity = sax2->feature_load_external_entities; ++ ++ if(!load_entity) { ++ RAPTOR_DEBUG2("Not getting entity URI %s by policy\n", ret->URI); ++ children = xmlNewText((const xmlChar*)""); ++ } else { ++ /* Disable SAX2 handlers so that the SAX2 events do not all get ++ * sent to callbacks during dealing with the entity parsing. ++ */ ++ sax2->enabled = 0; ++ val = xmlParseCtxtExternalEntity(xc, ret->URI, ret->ExternalID, &children); ++ sax2->enabled = 1; ++ } ++ ++ if(!val) { ++ xmlAddChildList((xmlNodePtr)ret, children); ++ } else { ++ xc->validate = 0; ++ return NULL; ++ } ++ ++ ret->owner = 1; ++ ++#if LIBXML_VERSION >= 20627 ++ /* Mark this entity as having been checked - never do this again */ ++ if(!ret->checked) ++ ret->checked = 1; ++ } ++#endif ++ ++ return ret; ++} ++ + + static xmlEntityPtr + raptor_libxml_getParameterEntity(void* user_data, const xmlChar *name) { +Index: raptor-1.4.21/src/raptor_parse.c +=================================================================== +--- raptor-1.4.21.orig/src/raptor_parse.c 2012-06-08 11:00:54.000000000 -0500 ++++ raptor-1.4.21/src/raptor_parse.c 2012-06-08 11:00:56.000000000 -0500 +@@ -1443,6 +1443,7 @@ + case RAPTOR_FEATURE_MICROFORMATS: + case RAPTOR_FEATURE_HTML_LINK: + case RAPTOR_FEATURE_WWW_TIMEOUT: ++ case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: + parser->features[(int)feature]=value; + break; + +@@ -1564,6 +1565,7 @@ + case RAPTOR_FEATURE_MICROFORMATS: + case RAPTOR_FEATURE_HTML_LINK: + case RAPTOR_FEATURE_WWW_TIMEOUT: ++ case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: + result = parser->features[(int)feature]; + break; + +Index: raptor-1.4.21/src/raptor_rdfxml.c +=================================================================== +--- raptor-1.4.21.orig/src/raptor_rdfxml.c 2012-06-08 11:00:54.000000000 -0500 ++++ raptor-1.4.21/src/raptor_rdfxml.c 2012-06-08 11:00:56.000000000 -0500 +@@ -1130,6 +1130,9 @@ + raptor_sax2_set_feature(rdf_xml_parser->sax2, + RAPTOR_FEATURE_NO_NET, + rdf_parser->features[RAPTOR_FEATURE_NO_NET]); ++ raptor_sax2_set_feature(rdf_xml_parser->sax2, ++ RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES, ++ rdf_parser->features[RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES]); + + raptor_sax2_parse_start(rdf_xml_parser->sax2, uri); + +Index: raptor-1.4.21/src/raptor_rss.c +=================================================================== +--- raptor-1.4.21.orig/src/raptor_rss.c 2012-06-08 11:00:54.000000000 -0500 ++++ raptor-1.4.21/src/raptor_rss.c 2012-06-08 11:00:56.000000000 -0500 +@@ -247,6 +247,9 @@ + raptor_sax2_set_feature(rss_parser->sax2, + RAPTOR_FEATURE_NO_NET, + rdf_parser->features[RAPTOR_FEATURE_NO_NET]); ++ raptor_sax2_set_feature(rss_parser->sax2, ++ RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES, ++ rdf_parser->features[RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES]); + + raptor_sax2_parse_start(rss_parser->sax2, uri); + +Index: raptor-1.4.21/src/raptor_sax2.c +=================================================================== +--- raptor-1.4.21.orig/src/raptor_sax2.c 2012-06-08 11:00:54.000000000 -0500 ++++ raptor-1.4.21/src/raptor_sax2.c 2012-06-08 11:00:56.000000000 -0500 +@@ -106,6 +106,8 @@ + + sax2->user_data=user_data; + ++ sax2->enabled = 1; ++ + sax2->locator=error_handlers->locator; + + sax2->error_handlers=error_handlers; +@@ -721,6 +723,10 @@ + sax2->feature_no_net=value; + break; + ++ case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: ++ sax2->feature_load_external_entities=value; ++ break; ++ + case RAPTOR_FEATURE_SCANNING: + case RAPTOR_FEATURE_ASSUME_IS_RDF: + case RAPTOR_FEATURE_ALLOW_NON_NS_ATTRIBUTES: +@@ -802,7 +808,7 @@ + unsigned char *xml_language=NULL; + raptor_uri *xml_base=NULL; + +- if(sax2->failed) ++ if(sax2->failed || !sax2->enabled) + return; + + #ifdef RAPTOR_XML_EXPAT +@@ -1031,7 +1037,7 @@ + raptor_sax2* sax2=(raptor_sax2*)user_data; + raptor_xml_element* xml_element; + +- if(sax2->failed) ++ if(sax2->failed || !sax2->enabled) + return; + + #ifdef RAPTOR_XML_EXPAT +@@ -1069,7 +1075,11 @@ + raptor_sax2_characters(void* user_data, const unsigned char *s, int len) + { + raptor_sax2* sax2=(raptor_sax2*)user_data; +- if(!sax2->failed && sax2->characters_handler) ++ ++ if(sax2->failed || !sax2->enabled) ++ return; ++ ++ if(sax2->characters_handler) + sax2->characters_handler(sax2->user_data, sax2->current_element, s, len); + } + +@@ -1085,7 +1095,10 @@ + #endif + #endif + +- if(!sax2->failed && sax2->cdata_handler) ++ if(sax2->failed || !sax2->enabled) ++ return; ++ ++ if(sax2->cdata_handler) + sax2->cdata_handler(sax2->user_data, sax2->current_element, s, len); + } + +@@ -1095,7 +1108,11 @@ + raptor_sax2_comment(void* user_data, const unsigned char *s) + { + raptor_sax2* sax2=(raptor_sax2*)user_data; +- if(!sax2->failed && sax2->comment_handler) ++ ++ if(sax2->failed || !sax2->enabled) ++ return; ++ ++ if(sax2->comment_handler) + sax2->comment_handler(sax2->user_data, sax2->current_element, s); + } + +@@ -1110,7 +1127,11 @@ + const unsigned char* notationName) + { + raptor_sax2* sax2=(raptor_sax2*)user_data; +- if(!sax2->failed && sax2->unparsed_entity_decl_handler) ++ ++ if(sax2->failed || !sax2->enabled) ++ return; ++ ++ if(sax2->unparsed_entity_decl_handler) + sax2->unparsed_entity_decl_handler(sax2->user_data, + entityName, base, systemId, + publicId, notationName); +@@ -1127,7 +1148,7 @@ + { + raptor_sax2* sax2=(raptor_sax2*)user_data; + +- if(sax2->failed) ++ if(sax2->failed || !sax2->enabled) + return 0; + + if(sax2->external_entity_ref_handler) +Index: raptor-1.4.21/src/raptor_serialize.c +=================================================================== +--- raptor-1.4.21.orig/src/raptor_serialize.c 2012-06-08 11:00:54.000000000 -0500 ++++ raptor-1.4.21/src/raptor_serialize.c 2012-06-08 11:00:56.000000000 -0500 +@@ -974,6 +974,7 @@ + + /* Shared */ + case RAPTOR_FEATURE_NO_NET: ++ case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: + + /* XML writer features */ + case RAPTOR_FEATURE_WRITER_AUTO_INDENT: +@@ -1081,6 +1082,7 @@ + + /* Shared */ + case RAPTOR_FEATURE_NO_NET: ++ case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: + + /* XML writer features */ + case RAPTOR_FEATURE_WRITER_AUTO_INDENT: +@@ -1222,6 +1224,7 @@ + + /* Shared */ + case RAPTOR_FEATURE_NO_NET: ++ case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: + + /* XML writer features */ + case RAPTOR_FEATURE_WRITER_AUTO_INDENT: +@@ -1324,6 +1327,7 @@ + + /* Shared */ + case RAPTOR_FEATURE_NO_NET: ++ case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: + + /* XML writer features */ + case RAPTOR_FEATURE_WRITER_AUTO_INDENT: +Index: raptor-1.4.21/src/raptor_turtle_writer.c +=================================================================== +--- raptor-1.4.21.orig/src/raptor_turtle_writer.c 2012-06-08 11:00:54.000000000 -0500 ++++ raptor-1.4.21/src/raptor_turtle_writer.c 2012-06-08 11:00:56.000000000 -0500 +@@ -740,6 +740,7 @@ + + /* Shared */ + case RAPTOR_FEATURE_NO_NET: ++ case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: + + /* XML writer features */ + case RAPTOR_FEATURE_RELATIVE_URIS: +@@ -854,6 +855,7 @@ + + /* Shared */ + case RAPTOR_FEATURE_NO_NET: ++ case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: + + /* XML writer features */ + case RAPTOR_FEATURE_RELATIVE_URIS: +Index: raptor-1.4.21/src/raptor_xml_writer.c +=================================================================== +--- raptor-1.4.21.orig/src/raptor_xml_writer.c 2012-06-08 11:00:54.000000000 -0500 ++++ raptor-1.4.21/src/raptor_xml_writer.c 2012-06-08 11:00:56.000000000 -0500 +@@ -973,6 +973,7 @@ + + /* Shared */ + case RAPTOR_FEATURE_NO_NET: ++ case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: + + /* XML writer features */ + case RAPTOR_FEATURE_RELATIVE_URIS: +@@ -1094,6 +1095,7 @@ + + /* Shared */ + case RAPTOR_FEATURE_NO_NET: ++ case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: + + /* XML writer features */ + case RAPTOR_FEATURE_RELATIVE_URIS: