Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libxls for openSUSE:Factory checked in at 2022-05-17 17:24:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxls (Old) and /work/SRC/openSUSE:Factory/.libxls.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxls" Tue May 17 17:24:30 2022 rev:6 rq:977612 version:1.6.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libxls/libxls.changes 2021-06-01 10:35:40.876631169 +0200 +++ /work/SRC/openSUSE:Factory/.libxls.new.1538/libxls.changes 2022-05-17 17:24:49.231192029 +0200 @@ -1,0 +2,6 @@ +Mon May 16 20:51:17 UTC 2022 - Jan Engelhardt <jeng...@inai.de> + +- Add 0001-Fixes-94-possible-null-ptr-deref.patch + [boo#1192323] [CVE-2021-27836] + +------------------------------------------------------------------- New: ---- 0001-Fixes-94-possible-null-ptr-deref.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxls.spec ++++++ --- /var/tmp/diff_new_pack.IrlRed/_old 2022-05-17 17:24:49.635192396 +0200 +++ /var/tmp/diff_new_pack.IrlRed/_new 2022-05-17 17:24:49.635192396 +0200 @@ -1,7 +1,7 @@ # # spec file for package libxls # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,6 +25,7 @@ Group: Development/Libraries/C and C++ URL: https://github.com/libxls/libxls Source: https://github.com/libxls/libxls/releases/download/v%version/libxls-%version.tar.gz +Patch1: 0001-Fixes-94-possible-null-ptr-deref.patch BuildRequires: pkg-config %description ++++++ 0001-Fixes-94-possible-null-ptr-deref.patch ++++++ >From 866fedeae65ba9ff12b6cf4449dee2096bb2da51 Mon Sep 17 00:00:00 2001 From: stephematician <stephematic...@gmail.com> Date: Wed, 2 Mar 2022 15:01:51 +1100 Subject: [PATCH] Fixes #94 possible null ptr deref Changes due to lockedbyte and PR 97 conversation --- include/xls.h | 4 +++- src/xls.c | 6 ++++++ 2 files changed, 9 insertions(+), 1 deletion(-) Index: libxls-1.6.2/include/xls.h =================================================================== --- libxls-1.6.2.orig/include/xls.h +++ libxls-1.6.2/include/xls.h @@ -49,7 +49,9 @@ typedef enum { LIBXLS_ERROR_SEEK, LIBXLS_ERROR_READ, LIBXLS_ERROR_PARSE, - LIBXLS_ERROR_MALLOC + LIBXLS_ERROR_MALLOC, + LIBXLS_ERROR_UNSUPPORTED_ENCRYPTION, + LIBXLS_ERROR_NULL_ARGUMENT } xls_error_t; const char* xls_getVersion(void); Index: libxls-1.6.2/src/xls.c =================================================================== --- libxls-1.6.2.orig/src/xls.c +++ libxls-1.6.2/src/xls.c @@ -830,6 +830,8 @@ int xls_isRecordTooSmall(xlsWorkBook *pW xls_error_t xls_parseWorkBook(xlsWorkBook* pWB) { + if(!pWB) return LIBXLS_ERROR_NULL_ARGUMENT; + BOF bof1 = { .id = 0, .size = 0 }; BOF bof2 = { .id = 0, .size = 0 }; BYTE* buf = NULL; @@ -1072,6 +1074,8 @@ cleanup: static xls_error_t xls_preparseWorkSheet(xlsWorkSheet* pWS) { + if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT; + BOF tmp; BYTE* buf = NULL; xls_error_t retval = LIBXLS_OK; @@ -1221,6 +1225,8 @@ static xls_error_t xls_formatColumn(xlsW xls_error_t xls_parseWorkSheet(xlsWorkSheet* pWS) { + if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT; + BOF tmp; BYTE* buf = NULL; long offset = pWS->filepos;
