Accepting request 977612 from server:mail

- Add 0001-Fixes-94-possible-null-ptr-deref.patch [boo#1192323] [CVE-2021-27836] OBS-URL: https://build.opensuse.org/request/show/977612 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libxls?expand=0&rev=6
2022-05-17 15:24:30 +00:00 · 2022-05-17 15:24:30 +00:00 · ecaa48cdb3
commit ecaa48cdb3
parent c255cce000 02dba8bce2
3 changed files with 65 additions and 1 deletions
--- a/0001-Fixes-94-possible-null-ptr-deref.patch
+++ b/0001-Fixes-94-possible-null-ptr-deref.patch
@ -0,0 +1,57 @@
+From 866fedeae65ba9ff12b6cf4449dee2096bb2da51 Mon Sep 17 00:00:00 2001
+From: stephematician <stephematician@gmail.com>
+Date: Wed, 2 Mar 2022 15:01:51 +1100
+Subject: [PATCH] Fixes #94 possible null ptr deref
+
+Changes due to lockedbyte and PR 97 conversation
+---
+ include/xls.h |    4 +++-
+ src/xls.c     |    6 ++++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+Index: libxls-1.6.2/include/xls.h
+===================================================================
+--- libxls-1.6.2.orig/include/xls.h
+++ libxls-1.6.2/include/xls.h
+@@ -49,7 +49,9 @@ typedef enum {
+     LIBXLS_ERROR_SEEK,
+     LIBXLS_ERROR_READ,
+     LIBXLS_ERROR_PARSE,
+-    LIBXLS_ERROR_MALLOC
+    LIBXLS_ERROR_MALLOC,
+    LIBXLS_ERROR_UNSUPPORTED_ENCRYPTION,
+    LIBXLS_ERROR_NULL_ARGUMENT
+ } xls_error_t;
+ 
+ const char* xls_getVersion(void);
+Index: libxls-1.6.2/src/xls.c
+===================================================================
+--- libxls-1.6.2.orig/src/xls.c
+++ libxls-1.6.2/src/xls.c
+@@ -830,6 +830,8 @@ int xls_isRecordTooSmall(xlsWorkBook *pW
+ 
+ xls_error_t xls_parseWorkBook(xlsWorkBook* pWB)
+ {
+    if(!pWB) return LIBXLS_ERROR_NULL_ARGUMENT;
+
+     BOF bof1 = { .id = 0, .size = 0 };
+     BOF bof2 = { .id = 0, .size = 0 };
+     BYTE* buf = NULL;
+@@ -1072,6 +1074,8 @@ cleanup:
+ 
+ static xls_error_t xls_preparseWorkSheet(xlsWorkSheet* pWS)
+ {
+    if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT;
+
+     BOF tmp;
+     BYTE* buf = NULL;
+     xls_error_t retval = LIBXLS_OK;
+@@ -1221,6 +1225,8 @@ static xls_error_t xls_formatColumn(xlsW
+ 
+ xls_error_t xls_parseWorkSheet(xlsWorkSheet* pWS)
+ {
+    if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT;
+
+     BOF tmp;
+     BYTE* buf = NULL;
+ 	long offset = pWS->filepos;
--- a/libxls.changes
+++ b/libxls.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon May 16 20:51:17 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Add 0001-Fixes-94-possible-null-ptr-deref.patch
+  [boo#1192323] [CVE-2021-27836]
+
 -------------------------------------------------------------------
 Tue Jan 26 11:30:00 UTC 2021 - Jan Engelhardt <jengelh@inai.de>

--- a/libxls.spec
+++ b/libxls.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libxls
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -25,6 +25,7 @@ License:        BSD-2-Clause
 Group:          Development/Libraries/C and C++
 URL:            https://github.com/libxls/libxls
 Source:         https://github.com/libxls/libxls/releases/download/v%version/libxls-%version.tar.gz
+Patch1:         0001-Fixes-94-possible-null-ptr-deref.patch
 BuildRequires:  pkg-config

 %description