This patch addresses two heap overflow bugs in raptor2:

http://seclists.org/oss-sec/2017/q2/424

Patch copied from libreoffice:

https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1

From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
From: Dave Beckett <dave@dajobe.org>
Date: Sun, 16 Apr 2017 23:15:12 +0100
Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer

(raptor_xml_writer_start_element_common): Calculate max including for
each attribute a potential name and value.

Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
---
 src/raptor_xml_writer.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
index 693b946..0d3a36a 100644
--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
   size_t nspace_declarations_count = 0;  
   unsigned int i;
 
-  /* max is 1 per element and 1 for each attribute + size of declared */
   if(nstack) {
-    int nspace_max_count = element->attribute_count+1;
+    int nspace_max_count = element->attribute_count * 2; /* attr and value */
+    if(element->name->nspace)
+      nspace_max_count++;
     if(element->declared_nspaces)
       nspace_max_count += raptor_sequence_size(element->declared_nspaces);
     if(element->xml_language)
@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
         }
       }
 
-      /* Add the attribute + value */
+      /* Add the attribute's value */
       nspace_declarations[nspace_declarations_count].declaration=
         raptor_qname_format_as_xml(element->attributes[i],
                                    &nspace_declarations[nspace_declarations_count].length);
-- 
2.9.3

uix/log/?id=b1f29b1124a08f67aa31dbe991b50ae91ef08174'>root</a>/<a href='/guix/log/configure.ac?id=b1f29b1124a08f67aa31dbe991b50ae91ef08174'>configure.ac</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/configure.ac?id=b1f29b1124a08f67aa31dbe991b50ae91ef08174&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2022-07-03 14:12:32 +0200'>2022-07-03</span></td><td><a href='/guix/commit/configure.ac?id=4eaf90470f466b3fdab87f6961cb18bb348d433f'>etc: Add teams.scm.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/teams.scm.in: New file.
* configure.ac: Generate executable.
* .gitignore: Ignore generated file.
</span></span></td><td>Ricardo Wurmus</td></tr>
<tr><td><span title='2022-01-25 23:54:44 +0100'>2022-01-25</span></td><td><a href='/guix/commit/configure.ac?id=d582b399781f6fd80c63d07746524196603972e4'>build: Require Guile &gt;= 3.0.3.</a><span class='msg-avail'>...<span class='msg-tooltip'>Fixes &lt;https://issues.guix.gnu.org/53157&gt;.
Reported by Efraim Flashner &lt;efraim@flashner.co.il&gt;.

* configure.ac: Require Guile &gt;= 3.0.3.
* doc/guix.texi (Requirements): Update accordingly.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-11-23 10:24:25 +0100'>2021-11-23</span></td><td><a href='/guix/commit/configure.ac?id=bdf5c16ac052af2ca9d5c3acc4acbc08fd9fdbea'>maint: "make dist" builds tarballs in 'ustar' format.</a><span class='msg-avail'>...<span class='msg-tooltip'>This allows us to have file names longer than 99 characters.

* configure.ac: Pass 'tar-ustar' to 'AM_INIT_AUTOMAKE'.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-06-01 23:26:07 +0200'>2021-06-01</span></td><td><a href='/guix/commit/configure.ac?id=82d8ab01f5cb6d479e3b82c08067e2442ee7cad8'>maint: Require Guile 3.0.</a><span class='msg-avail'>...<span class='msg-tooltip'>* configure.ac: Require Guile 3.0.
* doc/guix.texi (Requirements): Adjust accordingly.
* gnu/packages/package-management.scm (guile2.2-guix): Remove.
* guix/lint.scm (exception-with-kind-and-args?): Remove 'cond-expand'.
* guix/scripts/deploy.scm (deploy-machine*): Likewise.
* guix/store.scm (call-with-store): Likewise.
* guix/swh.scm (http-get*, http-post*): Likewise.
* guix/ui.scm (without-compiler-optimizations, guard*)
(call-with-error-handling): Likewise.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-05-03 09:29:44 -0400'>2021-05-03</span></td><td><a href='/guix/commit/configure.ac?id=a23789bbbdd23b1130f0f2521ee8d68872b7fc2c'>nls: Do not update po files on first make invocation.</a><span class='msg-avail'>...<span class='msg-tooltip'>We need to update the minimal gettext version to take advantage of new
features.  Before this patch, the first make invocation would modify
po/guix and po/packages po files, and we advised to run `git checkout
po` to clean the changes.

* configure.ac (AM_GNU_GETTEXT_VERSION): Update to 0.19.1.
* po/guix/Makevars: Set PO_DEPENDS_ON_POT to no.
* po/packages/Makevars: Set PO_DEPENDS_ON_POT to no.

Signed-off-by: Maxim Cournoyer &lt;maxim.cournoyer@gmail.com&gt;
</span></span></td><td>Julien Lepiller</td></tr>
<tr><td><span title='2021-04-25 14:34:09 +0200'>2021-04-25</span></td><td><a href='/guix/commit/configure.ac?id=c59cc2383d6620f6ebbed80ce1feecae41a64d69'>import: Remove Nix importer.</a><span class='msg-avail'>...<span class='msg-tooltip'>This importer has suffered from bitrot and no longer works with current
Nix and Nixpkgs.  See &lt;https://bugs.gnu.org/32339&gt; and
&lt;https://bugs.gnu.org/36255&gt;.

* guix/import/snix.scm, guix/scripts/import/nix.scm,
tests/snix.scm: Remove.
* Makefile.am (MODULES, SCM_TESTS): Remove them.
* guix/scripts/import.scm (importers): Remove "nix".
* build-aux/test-env.in: Remove NIXPKGS variable.
* configure.ac: Remove '--with-nixpkgs' option.
* doc/guix.texi (Invoking guix import): Remove bit about "guix import
nix".
* etc/completion/fish/guix.fish: Likewise.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-04-23 23:39:33 -0400'>2021-04-23</span></td><td><a href='/guix/commit/configure.ac?id=ee990899bd54e5c7c9193a75b8f713831b979e9f'>build: Add a check for Guile-Lib.</a><span class='msg-avail'>...<span class='msg-tooltip'>* configure.ac: Check if the Guile-Lib module is present and recent enough and
warn in case it isn't.
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2021-03-17 12:03:23 +0100'>2021-03-17</span></td><td><a href='/guix/commit/configure.ac?id=62a091368df3bab499142d06f5114a73915c71f2'>maint: Check whether Guile-zlib is recent enough.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is a followup to a04aef2430645357d7796969d4b6453478ff8a3f.

* m4/guix.m4 (GUIX_CHECK_GUILE_ZLIB): New macro.
* configure.ac: Use it when checking for Guile-zlib.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-02-04 09:23:39 +0100'>2021-02-04</span></td><td><a href='/guix/commit/configure.ac?id=55daad123e896c0e83361496cf49625289ee3571'>build: Add '--with-channel-commit' and related configure flags.</a><span class='msg-avail'>...<span class='msg-tooltip'>Partially fixes &lt;https://bugs.gnu.org/45896&gt;.

* m4/guix.m4 (GUIX_CHANNEL_METADATA): New macro.
* configure.ac: Use it.
* guix/config.scm.in (%channel-metadata): Adjust accordingly.
</span></span></td><td>Ludovic Courtès</td></tr>