Hello community, here is the log from the commit of package freexl for openSUSE:Factory checked in at 2018-02-26 23:26:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/freexl (Old) and /work/SRC/openSUSE:Factory/.freexl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "freexl" Mon Feb 26 23:26:18 2018 rev:7 rq:580169 version:1.0.5 Changes: -------- --- /work/SRC/openSUSE:Factory/freexl/freexl.changes 2017-09-13 22:37:42.381342107 +0200 +++ /work/SRC/openSUSE:Factory/.freexl.new/freexl.changes 2018-02-26 23:26:24.955606649 +0100 @@ -1,0 +2,11 @@ +Mon Feb 26 09:09:35 UTC 2018 - [email protected] + +- Update to version 1.0.5: + * No chagelog provided by upstream + * CVE-2018-7439 (boo#1082774) from 1.0.4 is fixed + * CVE-2018-7438 (boo#1082775) from 1.0.4 is fixed + * CVE-2018-7437 (boo#1082776) from 1.0.4 is fixed + * CVE-2018-7436 (boo#1082777) from 1.0.4 is fixed + * CVE-2018-7435 (boo#1082778) from 1.0.4 is fixed + +------------------------------------------------------------------- Old: ---- freexl-1.0.4.tar.gz New: ---- freexl-1.0.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freexl.spec ++++++ --- /var/tmp/diff_new_pack.Y0INWs/_old 2018-02-26 23:26:25.947570973 +0100 +++ /var/tmp/diff_new_pack.Y0INWs/_new 2018-02-26 23:26:25.951570829 +0100 @@ -1,7 +1,7 @@ # # spec file for package freexl # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define sover 1 %define libname lib%{name}%{sover} Name: freexl -Version: 1.0.4 +Version: 1.0.5 Release: 0 Summary: Library to extract valid data from within an Excel License: MPL-1.1 OR GPL-2.0+ OR LGPL-2.1+ ++++++ freexl-1.0.4.tar.gz -> freexl-1.0.5.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/freexl-1.0.4/config-msvc.h new/freexl-1.0.5/config-msvc.h --- old/freexl-1.0.4/config-msvc.h 2017-09-07 22:07:02.000000000 +0200 +++ new/freexl-1.0.5/config-msvc.h 2018-02-22 15:15:32.000000000 +0100 @@ -86,7 +86,7 @@ #define PACKAGE_NAME "FreeXL" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "FreeXL 1.0.4" +#define PACKAGE_STRING "FreeXL 1.0.5" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "freexl" @@ -95,7 +95,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.0.4" +#define PACKAGE_VERSION "1.0.5" /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 @@ -107,7 +107,7 @@ /* #undef TM_IN_SYS_TIME */ /* Version number of package */ -#define VERSION "1.0.4" +#define VERSION "1.0.5" /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/freexl-1.0.4/configure new/freexl-1.0.5/configure --- old/freexl-1.0.4/configure 2017-09-07 22:07:02.000000000 +0200 +++ new/freexl-1.0.5/configure 2018-02-22 15:15:32.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for FreeXL 1.0.4. +# Generated by GNU Autoconf 2.69 for FreeXL 1.0.5. # # Report bugs to <[email protected]>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='FreeXL' PACKAGE_TARNAME='freexl' -PACKAGE_VERSION='1.0.4' -PACKAGE_STRING='FreeXL 1.0.4' +PACKAGE_VERSION='1.0.5' +PACKAGE_STRING='FreeXL 1.0.5' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1326,7 +1326,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures FreeXL 1.0.4 to adapt to many kinds of systems. +\`configure' configures FreeXL 1.0.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1396,7 +1396,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of FreeXL 1.0.4:";; + short | recursive ) echo "Configuration of FreeXL 1.0.5:";; esac cat <<\_ACEOF @@ -1508,7 +1508,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -FreeXL configure 1.0.4 +FreeXL configure 1.0.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2052,7 +2052,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by FreeXL $as_me 1.0.4, which was +It was created by FreeXL $as_me 1.0.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2923,7 +2923,7 @@ # Define the identity of the package. PACKAGE='freexl' - VERSION='1.0.4' + VERSION='1.0.5' cat >>confdefs.h <<_ACEOF @@ -17813,7 +17813,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by FreeXL $as_me 1.0.4, which was +This file was extended by FreeXL $as_me 1.0.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17879,7 +17879,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -FreeXL config.status 1.0.4 +FreeXL config.status 1.0.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/freexl-1.0.4/configure.ac new/freexl-1.0.5/configure.ac --- old/freexl-1.0.4/configure.ac 2017-09-07 22:07:02.000000000 +0200 +++ new/freexl-1.0.5/configure.ac 2018-02-22 15:15:32.000000000 +0100 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT(FreeXL, 1.0.4, [email protected]) +AC_INIT(FreeXL, 1.0.5, [email protected]) AC_LANG(C) AC_CONFIG_AUX_DIR([.]) AC_CONFIG_MACRO_DIR([m4]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/freexl-1.0.4/headers/freexl.h new/freexl-1.0.5/headers/freexl.h --- old/freexl-1.0.4/headers/freexl.h 2017-09-07 22:07:02.000000000 +0200 +++ new/freexl-1.0.5/headers/freexl.h 2018-02-22 15:15:32.000000000 +0100 @@ -292,6 +292,11 @@ #define FREEXL_CFBF_ILLEGAL_MINI_FAT_ENTRY -25 /**< The MiniFAT stream contains an invalid entry. Possibly a corrupt file. */ +#define FREEXL_CRAFTED_FILE -26 /**< A severely corrupted file + (may be purposely crafted for + malicious purposes) has been + detected. */ + /** Container for a cell value diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/freexl-1.0.4/src/freexl.c new/freexl-1.0.5/src/freexl.c --- old/freexl-1.0.4/src/freexl.c 2017-09-07 22:07:02.000000000 +0200 +++ new/freexl-1.0.5/src/freexl.c 2018-02-22 15:15:32.000000000 +0100 @@ -1109,6 +1109,11 @@ return FREEXL_INSUFFICIENT_MEMORY; /* allocating the cell values array */ + if (workbook->active_sheet->rows * workbook->active_sheet->columns <= 0) + { + workbook->active_sheet->cell_values = NULL; + return FREEXL_OK; + } workbook->active_sheet->cell_values = malloc (sizeof (biff_cell_value) * (workbook->active_sheet->rows * @@ -1801,6 +1806,12 @@ unsigned int i; for (i = 0; i < len; i++) { + if (p_string - workbook->record >= + workbook->record_size) + { + /* buffer overflow: it's a preasumable crafted file intended to crash FreeXL */ + return FREEXL_CRAFTED_FILE; + } *(utf16_buf + (utf16_off * 2) + (i * 2)) = *p_string; p_string++; @@ -1912,6 +1923,11 @@ return FREEXL_OK; } + if (len <= 0) + { + /* zero length - it's a preasumable crafted file intended to crash FreeXL */ + return FREEXL_CRAFTED_FILE; + } if (!parse_unicode_string (workbook->utf16_converter, len, utf16, p_string, &utf8_string)) return FREEXL_INVALID_CHARACTER; @@ -3070,6 +3086,11 @@ if (swap) swap32 (&offset); len = workbook->record[6]; + if (len <= 0) + { + /* zero length - it's a preasumable crafted file intended to crash FreeXL */ + return FREEXL_CRAFTED_FILE; + } if (workbook->biff_version == FREEXL_BIFF_VER_5) { /* BIFF5: codepage text */ @@ -3229,6 +3250,11 @@ get_unicode_params (p_string, swap, &start_offset, &utf16, &extra_skip); p_string += start_offset; + if (len <= 0) + { + /* zero length - it's a preasumable crafted file intended to crash FreeXL */ + return FREEXL_CRAFTED_FILE; + } if (!parse_unicode_string (workbook->utf16_converter, len, utf16, p_string, &utf8_string)) @@ -3623,6 +3649,11 @@ get_unicode_params (p_string, swap, &start_offset, &utf16, &extra_skip); p_string += start_offset; + if (len <= 0) + { + /* zero length - it's a preasumable crafted file intended to crash FreeXL */ + return FREEXL_CRAFTED_FILE; + } if (!parse_unicode_string (workbook->utf16_converter, len, utf16, p_string, &utf8_string)) @@ -3905,6 +3936,9 @@ workbook->record_type = record_type.value; workbook->record_size = record_size.value; + if (workbook->record_size >= 8192) + return 0; /* malformed or crafted file */ + if ((workbook->p_in - workbook->fat->miniStream) + workbook->record_size > (int) workbook->size) return 0; /* unexpected EOF */
