CVE-2012-0213 (bugs 799078, 820788)

Fix javadoc link

apache-poi-CVE-2012-0213.patch

@@ -0,0 +1,52 @@
+--- src/java/org/apache/poi/poifs/storage/BlockAllocationTableReader.java	(revision 18070)
++++ src/java/org/apache/poi/poifs/storage/BlockAllocationTableReader.java	(revision 22336)
+@@ -221,12 +221,10 @@ 
+             } catch(IOException e) {
+                 if(currentBlock == headerPropertiesStartBlock) {
+                     // Special case where things are in the wrong order
+-                    System.err.println("Warning, header block comes after data blocks in POIFS block listing");
+                     currentBlock = POIFSConstants.END_OF_CHAIN;
+                 } else if(currentBlock == 0 && firstPass) {
+                     // Special case where the termination isn't done right
+                     //  on an empty set
+-                    System.err.println("Warning, incorrectly terminated empty data blocks in POIFS block listing (should end at -2, ended at 0)");
+                     currentBlock = POIFSConstants.END_OF_CHAIN;
+                 } else {
+                     // Ripple up
+--- src/scratchpad/src/org/apache/poi/hwpf/model/PropertyNode.java	(revision 18070)
++++ src/scratchpad/src/org/apache/poi/hwpf/model/PropertyNode.java	(revision 22336)
+@@ -49,7 +49,6 @@ 
+       _buf = buf;
+ 
+       if(_cpStart < 0) {
+-    	  System.err.println("A property claimed to start before zero, at " + _cpStart + "! Resetting it to zero, and hoping for the best");
+     	  _cpStart = 0;
+       }
+   }
+--- src/scratchpad/src/org/apache/poi/hwpf/model/UnhandledDataStructure.java	(revision 18070)
++++ src/scratchpad/src/org/apache/poi/hwpf/model/UnhandledDataStructure.java	(revision 22336)
+@@ -17,6 +17,8 @@ 
+ 
+ package org.apache.poi.hwpf.model;
+ 
++import java.util.Arrays;
++
+ public final class UnhandledDataStructure
+ {
+   byte[] _buf;
+@@ -24,13 +26,12 @@ 
+   public UnhandledDataStructure(byte[] buf, int offset, int length)
+   {
+ //    System.out.println("Yes, using my code");
+-    _buf = new byte[length];
+-    if (offset + length > buf.length)
++    if (offset + length > buf.length || (offset | length | offset+length) < 0)
+     {
+       throw new IndexOutOfBoundsException("buffer length is " + buf.length +
+                                           "but code is trying to read " + length + " from offset " + offset);
+     }
+-    System.arraycopy(buf, offset, _buf, 0, length);
++    _buf = Arrays.copyOfRange(buf, offset, offset + length);
+   }
+ 
+   byte[] getBuf()

apache-poi.spec

@@ -2,7 +2,7 @@
 
 Name:           apache-poi
 Version:        3.7
-Release:        5%{?dist}
+Release:        7%{?dist}
 Summary:        The Java API for Microsoft Documents
 
 Group:          Development/Libraries
@@ -13,6 +13,8 @@ Source1:        http://www.ecma-international.org/publications/files/ECMA-ST/Off
 Source2:        http://repo2.maven.org/maven2/org/apache/poi/poi/3.7/poi-3.7.pom.xml
 #Force compile of xsds if disconnected
 Patch1:         %{name}-3.7-compile-xsds.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=799078
+Patch2:         apache-poi-CVE-2012-0213.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch:      noarch
 ExcludeArch:    ppc64
@@ -24,7 +26,7 @@ BuildRequires:  dom4j
 BuildRequires:  apache-commons-logging
 BuildRequires:  junit
 #Fonts for testing
-BuildRequires:  liberation-sans-fonts liberation-serif-fonts
+BuildRequires:  fontconfig liberation-sans-fonts liberation-serif-fonts
 BuildRequires:  log4j
 BuildRequires:  xmlbeans
 
@@ -88,6 +90,7 @@ The manual for %{name}.
 %prep
 %setup -q -n poi-%{version}
 %patch1 -p1 -b .compile-xsds
+%patch2 -p0 -b .CVE-2012-0213
 find -name '*.class' -exec rm -f '{}' \;
 find -name '*.jar' -exec rm -f '{}' \;
 mkdir lib ooxml-lib
@@ -134,7 +137,7 @@ cp -pr docs/apidocs $RPM_BUILD_ROOT%{_javadocdir}/%{name}
 rm -rf docs/apidocs 
 
 #manual - Link to javadoc location
-ln -s ../../javadoc/%{name}-%{version} docs/apidocs
+ln -s ../../javadoc/%{name} docs/apidocs
 
 
 %check
@@ -170,6 +173,13 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Thu May 10 2012 Orion Poplawski <orion@cora.nwra.com> - 3.7-7
+- CVE-2012-0213 (bugs 799078, 820788)
+
+* Wed Apr 20 2011 Orion Poplawski <orion@cora.nwra.com> - 3.7-6
+- Add BR fontconfig needed for java tests to find fonts
+- Fix javadoc link
+
 * Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.7-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild