From 2d28caff242e075d441b2d765d25401f6f5bf89c3355d73c3f4375beadfcc26f Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 26 Dec 2024 20:32:45 +0000 Subject: [PATCH 1/2] [info=ecaa48cdb38d66674d4cd86009359bdaee820561ae2c23d706eefde36a6e3f45] OBS-URL: https://build.opensuse.org/package/show/server:mail/libxls?expand=0&rev=15 --- .gitattributes | 23 ++++++ .gitignore | 1 + 0001-Fixes-94-possible-null-ptr-deref.patch | 57 ++++++++++++++ _scmsync.obsinfo | 4 + build.specials.obscpio | 3 + libxls-1.6.2.tar.gz | 3 + libxls.changes | 34 ++++++++ libxls.spec | 87 +++++++++++++++++++++ 8 files changed, 212 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 0001-Fixes-94-possible-null-ptr-deref.patch create mode 100644 _scmsync.obsinfo create mode 100644 build.specials.obscpio create mode 100644 libxls-1.6.2.tar.gz create mode 100644 libxls.changes create mode 100644 libxls.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/0001-Fixes-94-possible-null-ptr-deref.patch b/0001-Fixes-94-possible-null-ptr-deref.patch new file mode 100644 index 0000000..0cec02e --- /dev/null +++ b/0001-Fixes-94-possible-null-ptr-deref.patch @@ -0,0 +1,57 @@ +From 866fedeae65ba9ff12b6cf4449dee2096bb2da51 Mon Sep 17 00:00:00 2001 +From: stephematician +Date: Wed, 2 Mar 2022 15:01:51 +1100 +Subject: [PATCH] Fixes #94 possible null ptr deref + +Changes due to lockedbyte and PR 97 conversation +--- + include/xls.h | 4 +++- + src/xls.c | 6 ++++++ + 2 files changed, 9 insertions(+), 1 deletion(-) + +Index: libxls-1.6.2/include/xls.h +=================================================================== +--- libxls-1.6.2.orig/include/xls.h ++++ libxls-1.6.2/include/xls.h +@@ -49,7 +49,9 @@ typedef enum { + LIBXLS_ERROR_SEEK, + LIBXLS_ERROR_READ, + LIBXLS_ERROR_PARSE, +- LIBXLS_ERROR_MALLOC ++ LIBXLS_ERROR_MALLOC, ++ LIBXLS_ERROR_UNSUPPORTED_ENCRYPTION, ++ LIBXLS_ERROR_NULL_ARGUMENT + } xls_error_t; + + const char* xls_getVersion(void); +Index: libxls-1.6.2/src/xls.c +=================================================================== +--- libxls-1.6.2.orig/src/xls.c ++++ libxls-1.6.2/src/xls.c +@@ -830,6 +830,8 @@ int xls_isRecordTooSmall(xlsWorkBook *pW + + xls_error_t xls_parseWorkBook(xlsWorkBook* pWB) + { ++ if(!pWB) return LIBXLS_ERROR_NULL_ARGUMENT; ++ + BOF bof1 = { .id = 0, .size = 0 }; + BOF bof2 = { .id = 0, .size = 0 }; + BYTE* buf = NULL; +@@ -1072,6 +1074,8 @@ cleanup: + + static xls_error_t xls_preparseWorkSheet(xlsWorkSheet* pWS) + { ++ if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT; ++ + BOF tmp; + BYTE* buf = NULL; + xls_error_t retval = LIBXLS_OK; +@@ -1221,6 +1225,8 @@ static xls_error_t xls_formatColumn(xlsW + + xls_error_t xls_parseWorkSheet(xlsWorkSheet* pWS) + { ++ if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT; ++ + BOF tmp; + BYTE* buf = NULL; + long offset = pWS->filepos; diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo new file mode 100644 index 0000000..cca7129 --- /dev/null +++ b/_scmsync.obsinfo @@ -0,0 +1,4 @@ +mtime: 1652801070 +commit: ecaa48cdb38d66674d4cd86009359bdaee820561ae2c23d706eefde36a6e3f45 +url: https://src.opensuse.org/clibs/libxls +revision: master diff --git a/build.specials.obscpio b/build.specials.obscpio new file mode 100644 index 0000000..9b8b845 --- /dev/null +++ b/build.specials.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7670816d47a9b0e0298e1454f08322ec33dee8264a37bb15de103b0acf7cf267 +size 256 diff --git a/libxls-1.6.2.tar.gz b/libxls-1.6.2.tar.gz new file mode 100644 index 0000000..6651733 --- /dev/null +++ b/libxls-1.6.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5dacc34d94bf2115926c80c6fb69e4e7bd2ed6403d51cff49041a94172f5e371 +size 443736 diff --git a/libxls.changes b/libxls.changes new file mode 100644 index 0000000..7e052af --- /dev/null +++ b/libxls.changes @@ -0,0 +1,34 @@ +------------------------------------------------------------------- +Mon May 16 20:51:17 UTC 2022 - Jan Engelhardt + +- Add 0001-Fixes-94-possible-null-ptr-deref.patch + [boo#1192323] [CVE-2021-27836] + +------------------------------------------------------------------- +Tue Jan 26 11:30:00 UTC 2021 - Jan Engelhardt + +- Update to release 1.6.2 + * Fix NULL pointer dereferences in the xls2csv tool + [boo#1179532] [CVE-2020-27819] + +------------------------------------------------------------------- +Wed Sep 9 14:46:43 UTC 2020 - Jan Engelhardt + +- Update to release 1.6.1 + * Enabled decoding of non-Unicode character sets in older + (BIFF5) XLS files. + * Improved string conversion performance in newer files. + +------------------------------------------------------------------- +Tue Aug 25 15:54:47 UTC 2020 - Dirk Mueller + +- update to 1.5.3: + * Allow truncated XLS files + * Fix long-standing "extra column" bug #73 + * Support for RSTRING records (rich-text cells in older + BIFF5 files) tidyverse/readxl#611 + +------------------------------------------------------------------- +Sun Dec 1 21:01:30 UTC 2019 - Jan Engelhardt + +- Initial package for openSUSE diff --git a/libxls.spec b/libxls.spec new file mode 100644 index 0000000..3c829ba --- /dev/null +++ b/libxls.spec @@ -0,0 +1,87 @@ +# +# spec file for package libxls +# +# Copyright (c) 2022 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: libxls +%define lname libxlsreader8 +Version: 1.6.2 +Release: 0 +Summary: Library for Parsing Excel (XLS) Files +License: BSD-2-Clause +Group: Development/Libraries/C and C++ +URL: https://github.com/libxls/libxls +Source: https://github.com/libxls/libxls/releases/download/v%version/libxls-%version.tar.gz +Patch1: 0001-Fixes-94-possible-null-ptr-deref.patch +BuildRequires: pkg-config + +%description +libxls is a C library which can read Excel (xls) files since Excel 97 +(the BIFF8 format). libxls cannot write Excel files. + +%package -n %lname +Summary: Library for Parsing Excel (XLS) Files +Group: System/Libraries + +%description -n %lname +libxlsreader is a C library which can read Excel (xls) files since Excel +97 (the BIFF8 format). libxlsreader cannot write Excel files. + +%package devel +Summary: Header files for libxls +Group: Development/Libraries/C and C++ +Requires: %lname = %version + +%description devel +Development files for libxls. + +%package tools +Summary: Utility for parsing Excel (XLS) files +Group: Productivity/Office/Other +Conflicts: xls2csv + +%description tools +This package contains libxls2csv, a tool which converts an XLS file to +CSV format, more suitable for parsing. + +%prep +%autosetup -p1 + +%build +%configure --disable-static +%make_build + +%install +%make_install +rm -f %buildroot/%_libdir/*.la + +%post -n %lname -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig + +%files -n %lname +%license LICENSE +%_libdir/*.so.* + +%files devel +%_includedir/* +%_libdir/*.so +%_libdir/pkgconfig/*.pc + +%files tools +%_bindir/xls2csv +%_mandir/man*/xls2csv* + +%changelog From 0fc9f6027ae60c094d1d547f3b0e86be48b4157e1d8753fc4566032185bf0dc3 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 26 Dec 2024 21:40:11 +0000 Subject: [PATCH 2/2] [info=23239e83c6b71cc8fd808bfe21fffcf044d31683d80eea40561877997408dad6] OBS-URL: https://build.opensuse.org/package/show/server:mail/libxls?expand=0&rev=16 --- 0001-Fixes-94-possible-null-ptr-deref.patch | 57 --------------------- _scmsync.obsinfo | 4 +- build.specials.obscpio | 2 +- libxls-1.6.2.tar.gz | 3 -- libxls-1.6.3.tar.gz | 3 ++ libxls.changes | 10 ++++ libxls.spec | 5 +- 7 files changed, 18 insertions(+), 66 deletions(-) delete mode 100644 0001-Fixes-94-possible-null-ptr-deref.patch delete mode 100644 libxls-1.6.2.tar.gz create mode 100644 libxls-1.6.3.tar.gz diff --git a/0001-Fixes-94-possible-null-ptr-deref.patch b/0001-Fixes-94-possible-null-ptr-deref.patch deleted file mode 100644 index 0cec02e..0000000 --- a/0001-Fixes-94-possible-null-ptr-deref.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 866fedeae65ba9ff12b6cf4449dee2096bb2da51 Mon Sep 17 00:00:00 2001 -From: stephematician -Date: Wed, 2 Mar 2022 15:01:51 +1100 -Subject: [PATCH] Fixes #94 possible null ptr deref - -Changes due to lockedbyte and PR 97 conversation ---- - include/xls.h | 4 +++- - src/xls.c | 6 ++++++ - 2 files changed, 9 insertions(+), 1 deletion(-) - -Index: libxls-1.6.2/include/xls.h -=================================================================== ---- libxls-1.6.2.orig/include/xls.h -+++ libxls-1.6.2/include/xls.h -@@ -49,7 +49,9 @@ typedef enum { - LIBXLS_ERROR_SEEK, - LIBXLS_ERROR_READ, - LIBXLS_ERROR_PARSE, -- LIBXLS_ERROR_MALLOC -+ LIBXLS_ERROR_MALLOC, -+ LIBXLS_ERROR_UNSUPPORTED_ENCRYPTION, -+ LIBXLS_ERROR_NULL_ARGUMENT - } xls_error_t; - - const char* xls_getVersion(void); -Index: libxls-1.6.2/src/xls.c -=================================================================== ---- libxls-1.6.2.orig/src/xls.c -+++ libxls-1.6.2/src/xls.c -@@ -830,6 +830,8 @@ int xls_isRecordTooSmall(xlsWorkBook *pW - - xls_error_t xls_parseWorkBook(xlsWorkBook* pWB) - { -+ if(!pWB) return LIBXLS_ERROR_NULL_ARGUMENT; -+ - BOF bof1 = { .id = 0, .size = 0 }; - BOF bof2 = { .id = 0, .size = 0 }; - BYTE* buf = NULL; -@@ -1072,6 +1074,8 @@ cleanup: - - static xls_error_t xls_preparseWorkSheet(xlsWorkSheet* pWS) - { -+ if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT; -+ - BOF tmp; - BYTE* buf = NULL; - xls_error_t retval = LIBXLS_OK; -@@ -1221,6 +1225,8 @@ static xls_error_t xls_formatColumn(xlsW - - xls_error_t xls_parseWorkSheet(xlsWorkSheet* pWS) - { -+ if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT; -+ - BOF tmp; - BYTE* buf = NULL; - long offset = pWS->filepos; diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo index cca7129..5a371d7 100644 --- a/_scmsync.obsinfo +++ b/_scmsync.obsinfo @@ -1,4 +1,4 @@ -mtime: 1652801070 -commit: ecaa48cdb38d66674d4cd86009359bdaee820561ae2c23d706eefde36a6e3f45 +mtime: 1735247335 +commit: 23239e83c6b71cc8fd808bfe21fffcf044d31683d80eea40561877997408dad6 url: https://src.opensuse.org/clibs/libxls revision: master diff --git a/build.specials.obscpio b/build.specials.obscpio index 9b8b845..1b59b57 100644 --- a/build.specials.obscpio +++ b/build.specials.obscpio @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7670816d47a9b0e0298e1454f08322ec33dee8264a37bb15de103b0acf7cf267 +oid sha256:b2d7c416a74ac757e3d0b5136282aaf5e81154ba212395a7b7f72b4cc0057c2a size 256 diff --git a/libxls-1.6.2.tar.gz b/libxls-1.6.2.tar.gz deleted file mode 100644 index 6651733..0000000 --- a/libxls-1.6.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5dacc34d94bf2115926c80c6fb69e4e7bd2ed6403d51cff49041a94172f5e371 -size 443736 diff --git a/libxls-1.6.3.tar.gz b/libxls-1.6.3.tar.gz new file mode 100644 index 0000000..b695915 --- /dev/null +++ b/libxls-1.6.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b2fb836ea0b5253a352fb5ca55742e29f06f94f9421c5b8eeccef2e5d43f622c +size 469013 diff --git a/libxls.changes b/libxls.changes index 7e052af..e36069b 100644 --- a/libxls.changes +++ b/libxls.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Dec 26 20:34:32 UTC 2024 - Jan Engelhardt + +- Update to release 1.6.3 + * Fix style record size check on big-endian systems + * Fix header include in C++ mode + * Fix buffer overflows when parsing style records + * Fix infinite loop with self-referencing sectors +- Delete 0001-Fixes-94-possible-null-ptr-deref.patch (merged) + ------------------------------------------------------------------- Mon May 16 20:51:17 UTC 2022 - Jan Engelhardt diff --git a/libxls.spec b/libxls.spec index 3c829ba..08521cd 100644 --- a/libxls.spec +++ b/libxls.spec @@ -1,7 +1,7 @@ # # spec file for package libxls # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,14 +18,13 @@ Name: libxls %define lname libxlsreader8 -Version: 1.6.2 +Version: 1.6.3 Release: 0 Summary: Library for Parsing Excel (XLS) Files License: BSD-2-Clause Group: Development/Libraries/C and C++ URL: https://github.com/libxls/libxls Source: https://github.com/libxls/libxls/releases/download/v%version/libxls-%version.tar.gz -Patch1: 0001-Fixes-94-possible-null-ptr-deref.patch BuildRequires: pkg-config %description