diff --git a/apache-poi-CVE-2012-0213.patch b/apache-poi-CVE-2012-0213.patch new file mode 100644 index 0000000..61791f9 --- /dev/null +++ b/apache-poi-CVE-2012-0213.patch @@ -0,0 +1,52 @@ +--- src/java/org/apache/poi/poifs/storage/BlockAllocationTableReader.java (revision 18070) ++++ src/java/org/apache/poi/poifs/storage/BlockAllocationTableReader.java (revision 22336) +@@ -221,12 +221,10 @@ + } catch(IOException e) { + if(currentBlock == headerPropertiesStartBlock) { + // Special case where things are in the wrong order +- System.err.println("Warning, header block comes after data blocks in POIFS block listing"); + currentBlock = POIFSConstants.END_OF_CHAIN; + } else if(currentBlock == 0 && firstPass) { + // Special case where the termination isn't done right + // on an empty set +- System.err.println("Warning, incorrectly terminated empty data blocks in POIFS block listing (should end at -2, ended at 0)"); + currentBlock = POIFSConstants.END_OF_CHAIN; + } else { + // Ripple up +--- src/scratchpad/src/org/apache/poi/hwpf/model/PropertyNode.java (revision 18070) ++++ src/scratchpad/src/org/apache/poi/hwpf/model/PropertyNode.java (revision 22336) +@@ -49,7 +49,6 @@ + _buf = buf; + + if(_cpStart < 0) { +- System.err.println("A property claimed to start before zero, at " + _cpStart + "! Resetting it to zero, and hoping for the best"); + _cpStart = 0; + } + } +--- src/scratchpad/src/org/apache/poi/hwpf/model/UnhandledDataStructure.java (revision 18070) ++++ src/scratchpad/src/org/apache/poi/hwpf/model/UnhandledDataStructure.java (revision 22336) +@@ -17,6 +17,8 @@ + + package org.apache.poi.hwpf.model; + ++import java.util.Arrays; ++ + public final class UnhandledDataStructure + { + byte[] _buf; +@@ -24,13 +26,12 @@ + public UnhandledDataStructure(byte[] buf, int offset, int length) + { + // System.out.println("Yes, using my code"); +- _buf = new byte[length]; +- if (offset + length > buf.length) ++ if (offset + length > buf.length || (offset | length | offset+length) < 0) + { + throw new IndexOutOfBoundsException("buffer length is " + buf.length + + "but code is trying to read " + length + " from offset " + offset); + } +- System.arraycopy(buf, offset, _buf, 0, length); ++ _buf = Arrays.copyOfRange(buf, offset, offset + length); + } + + byte[] getBuf() diff --git a/apache-poi.spec b/apache-poi.spec index dcdbea7..04274b8 100644 --- a/apache-poi.spec +++ b/apache-poi.spec @@ -2,7 +2,7 @@ Name: apache-poi Version: 3.7 -Release: 5%{?dist} +Release: 7%{?dist} Summary: The Java API for Microsoft Documents Group: Development/Libraries @@ -13,6 +13,8 @@ Source1: http://www.ecma-international.org/publications/files/ECMA-ST/Off Source2: http://repo2.maven.org/maven2/org/apache/poi/poi/3.7/poi-3.7.pom.xml #Force compile of xsds if disconnected Patch1: %{name}-3.7-compile-xsds.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=799078 +Patch2: apache-poi-CVE-2012-0213.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch ExcludeArch: ppc64 @@ -24,7 +26,7 @@ BuildRequires: dom4j BuildRequires: apache-commons-logging BuildRequires: junit #Fonts for testing -BuildRequires: liberation-sans-fonts liberation-serif-fonts +BuildRequires: fontconfig liberation-sans-fonts liberation-serif-fonts BuildRequires: log4j BuildRequires: xmlbeans @@ -88,6 +90,7 @@ The manual for %{name}. %prep %setup -q -n poi-%{version} %patch1 -p1 -b .compile-xsds +%patch2 -p0 -b .CVE-2012-0213 find -name '*.class' -exec rm -f '{}' \; find -name '*.jar' -exec rm -f '{}' \; mkdir lib ooxml-lib @@ -134,7 +137,7 @@ cp -pr docs/apidocs $RPM_BUILD_ROOT%{_javadocdir}/%{name} rm -rf docs/apidocs #manual - Link to javadoc location -ln -s ../../javadoc/%{name}-%{version} docs/apidocs +ln -s ../../javadoc/%{name} docs/apidocs %check @@ -170,6 +173,13 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu May 10 2012 Orion Poplawski - 3.7-7 +- CVE-2012-0213 (bugs 799078, 820788) + +* Wed Apr 20 2011 Orion Poplawski - 3.7-6 +- Add BR fontconfig needed for java tests to find fonts +- Fix javadoc link + * Mon Feb 07 2011 Fedora Release Engineering - 3.7-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild