rpms/apache-poi
Archived
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:f20
rpms:f21
rpms:f22
rpms:el5
rpms:el6
rpms:f19
rpms:f18
rpms:f17
rpms:f16
rpms:f15
rpms:f14
rpms:epel7
rpms:f13
..
compare: rpms:f20
Branches Tags
rpms:main
rpms:rawhide
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:f20
rpms:f21
rpms:f22
rpms:el5
rpms:el6
rpms:f19
rpms:f18
rpms:f17
rpms:f16
rpms:f15
rpms:f14
rpms:epel7
rpms:f13

1 commit
rawhide ... f20

Author SHA1 Message Date
gil
8820392da4 fix log4j BR 2015-02-15 03:11:14 +01:00
7 changed files with 506 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

27
.gitignore vendored Normal file
View file

@ -0,0 +1,27 @@
/Office Open XML 1st edition Part 4 (PDF).zip
/poi-src-3.7-20101029.tar.gz
/Office%20Open%20XML%201st%20edition%20Part%204%20(PDF).zip
/poi-src-3.8-beta3-20110606.tar.gz
/poi-src-3.8-beta5-20111217.tar.gz
/poi-src-3.8-20120326.tar.gz
/poi-src-3.9-20121203.tar.gz
/poi-3.9.pom
/poi-examples-3.9.pom
/poi-excelant-3.9.pom
/poi-ooxml-3.9.pom
/poi-ooxml-schemas-3.9.pom
/poi-scratchpad-3.9.pom
/poi-src-3.10-FINAL-20140208.tar.gz
/poi-3.10-FINAL.pom
/poi-examples-3.10-FINAL.pom
/poi-excelant-3.10-FINAL.pom
/poi-ooxml-3.10-FINAL.pom
/poi-ooxml-schemas-3.10-FINAL.pom
/poi-scratchpad-3.10-FINAL.pom
/poi-src-3.10.1-20140818.tar.gz
/poi-3.10.1.pom
/poi-examples-3.10.1.pom
/poi-excelant-3.10.1.pom
/poi-ooxml-3.10.1.pom
/poi-ooxml-schemas-3.10.1.pom
/poi-scratchpad-3.10.1.pom

182
apache-poi-CVE-2014-9527.patch Normal file
View file

@ -0,0 +1,182 @@
diff -Nru poi-3.10.1/src/scratchpad/src/org/apache/poi/hslf/HSLFSlideShow.java poi-3.10.1.CVE-2014-9527/src/scratchpad/src/org/apache/poi/hslf/HSLFSlideShow.java
--- poi-3.10.1/src/scratchpad/src/org/apache/poi/hslf/HSLFSlideShow.java 2014-08-13 16:05:33.000000000 +0200
+++ poi-3.10.1.CVE-2014-9527/src/scratchpad/src/org/apache/poi/hslf/HSLFSlideShow.java 2015-02-14 16:11:13.481868934 +0100
@@ -20,16 +20,16 @@
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
+import java.util.NavigableMap;
+import java.util.TreeMap;
import org.apache.poi.POIDocument;
import org.apache.poi.hslf.exceptions.CorruptPowerPointFileException;
@@ -81,7 +81,7 @@
// Embedded objects stored in storage records in the document stream, lazily populated.
private ObjectData[] _objects;
-
+
/**
* Returns the underlying POIFSFileSystem for the document
* that is open.
@@ -195,6 +195,9 @@
// Look for any other streams
readOtherStreams();
}
+
+
+
/**
* Constructs a new, empty, Powerpoint document.
*/
@@ -269,41 +272,67 @@
_records = read(_docstream, (int)currentUser.getCurrentEditOffset());
}
- private Record[] read(byte[] docstream, int usrOffset){
- ArrayList<Integer> lst = new ArrayList<Integer>();
- HashMap<Integer,Integer> offset2id = new HashMap<Integer,Integer>();
+ private Record[] read(byte[] docstream, int usrOffset){
+ //sort found records by offset.
+ //(it is not necessary but SlideShow.findMostRecentCoreRecords() expects them sorted)
+ NavigableMap<Integer,Record> records = new TreeMap<Integer,Record>(); // offset -> record
+ Map<Integer,Integer> persistIds = new HashMap<Integer,Integer>(); // offset -> persistId
+ initRecordOffsets(docstream, usrOffset, records, persistIds);
+
+ for (Map.Entry<Integer,Record> entry : records.entrySet()) {
+ Integer offset = entry.getKey();
+ Record record = entry.getValue();
+ Integer persistId = persistIds.get(offset);
+ if (record == null) {
+ // all plain records have been already added,
+ // only new records need to be decrypted (tbd #35897)
+ record = Record.buildRecordAtOffset(docstream, offset);
+ entry.setValue(record);
+ }
+
+ if (record instanceof PersistRecord) {
+ ((PersistRecord)record).setPersistId(persistId);
+ }
+ }
+
+ return records.values().toArray(new Record[records.size()]);
+ }
+
+ private void initRecordOffsets(byte[] docstream, int usrOffset, NavigableMap<Integer,Record> recordMap, Map<Integer,Integer> offset2id) {
while (usrOffset != 0){
UserEditAtom usr = (UserEditAtom) Record.buildRecordAtOffset(docstream, usrOffset);
- lst.add(usrOffset);
+ recordMap.put(usrOffset, usr);
+
int psrOffset = usr.getPersistPointersOffset();
-
PersistPtrHolder ptr = (PersistPtrHolder)Record.buildRecordAtOffset(docstream, psrOffset);
- lst.add(psrOffset);
- Hashtable<Integer,Integer> entries = ptr.getSlideLocationsLookup();
- for(Integer id : entries.keySet()) {
- Integer offset = entries.get(id);
- lst.add(offset);
+ recordMap.put(psrOffset, ptr);
+
+ for(Map.Entry<Integer,Integer> entry : ptr.getSlideLocationsLookup().entrySet()) {
+ Integer offset = entry.getValue();
+ Integer id = entry.getKey();
+ recordMap.put(offset, null); // reserve a slot for the record
offset2id.put(offset, id);
}
-
+
usrOffset = usr.getLastUserEditAtomOffset();
- }
- //sort found records by offset.
- //(it is not necessary but SlideShow.findMostRecentCoreRecords() expects them sorted)
- Integer a[] = lst.toArray(new Integer[lst.size()]);
- Arrays.sort(a);
- Record[] rec = new Record[lst.size()];
- for (int i = 0; i < a.length; i++) {
- Integer offset = a[i];
- rec[i] = Record.buildRecordAtOffset(docstream, offset.intValue());
- if(rec[i] instanceof PersistRecord) {
- PersistRecord psr = (PersistRecord)rec[i];
- Integer id = offset2id.get(offset);
- psr.setPersistId(id.intValue());
- }
- }
- return rec;
+ // check for corrupted user edit atom and try to repair it
+ // if the next user edit atom offset is already known, we would go into an endless loop
+ if (usrOffset > 0 && recordMap.containsKey(usrOffset)) {
+ // a user edit atom is usually located 36 byte before the smallest known record offset
+ usrOffset = recordMap.firstKey()-36;
+ // check that we really are located on a user edit atom
+ int ver_inst = LittleEndian.getUShort(docstream, usrOffset);
+ int type = LittleEndian.getUShort(docstream, usrOffset+2);
+ int len = LittleEndian.getInt(docstream, usrOffset+4);
+ if (ver_inst == 0 && type == 4085 && (len == 0x1C || len == 0x20)) {
+ logger.log(POILogger.WARN, "Repairing invalid user edit atom");
+ usr.setLastUserEditAtomOffset(usrOffset);
+ } else {
+ throw new CorruptPowerPointFileException("Powerpoint document contains invalid user edit atom");
+ }
+ }
+ }
}
/**
@@ -324,34 +353,30 @@
private void readOtherStreams() {
// Currently, there aren't any
}
-
/**
* Find and read in pictures contained in this presentation.
* This is lazily called as and when we want to touch pictures.
*/
+ @SuppressWarnings("unused")
private void readPictures() throws IOException {
_pictures = new ArrayList<PictureData>();
- byte[] pictstream;
-
- try {
- DocumentEntry entry = (DocumentEntry)directory.getEntry("Pictures");
- pictstream = new byte[entry.getSize()];
- DocumentInputStream is = directory.createDocumentInputStream("Pictures");
- is.read(pictstream);
- } catch (FileNotFoundException e){
- // Silently catch exceptions if the presentation doesn't
- // contain pictures - will use a null set instead
- return;
- }
+ // if the presentation doesn't contain pictures - will use a null set instead
+ if (!directory.hasEntry("Pictures")) return;
+
+ DocumentEntry entry = (DocumentEntry)directory.getEntry("Pictures");
+ byte[] pictstream = new byte[entry.getSize()];
+ DocumentInputStream is = directory.createDocumentInputStream(entry);
+ is.read(pictstream);
+ is.close();
+
int pos = 0;
// An empty picture record (length 0) will take up 8 bytes
while (pos <= (pictstream.length-8)) {
int offset = pos;
-
+
// Image signature
- @SuppressWarnings("unused")
int signature = LittleEndian.getUShort(pictstream, pos);
pos += LittleEndian.SHORT_SIZE;
// Image type + 0xF018

12
apache-poi-build.patch Normal file
View file

@ -0,0 +1,12 @@
diff -up poi-3.10.1/build.xml.build poi-3.10.1/build.xml
--- poi-3.10.1/build.xml.build 2014-09-04 08:32:13.413603042 -0600
+++ poi-3.10.1/build.xml 2014-09-04 08:39:47.515564322 -0600
@@ -285,7 +285,7 @@ under the License.
<path id="lib.jacoco">
<fileset dir="lib">
- <include name="org.jacoco*.jar" />
+ <include name="jacoco*.jar" />
<include name="asm-all-4*.jar" />
</fileset>
</path>

24
apache-poi-compile-xsds.patch Normal file
View file

@ -0,0 +1,24 @@
diff -up poi-3.10-FINAL/build.xml.compile-xsds poi-3.10-FINAL/build.xml
--- poi-3.10-FINAL/build.xml.compile-xsds 2014-02-24 11:35:56.338955560 -0700
+++ poi-3.10-FINAL/build.xml 2014-02-24 11:38:39.337139830 -0700
@@ -454,16 +454,14 @@ under the License.
</target>
<target name="check-compiled-ooxml-xsds" depends="fetch-ooxml-xsds">
<condition property="ooxml-compiled-xsds.present">
- <or>
+ <and>
<available file="${ooxml.xsds.jar}"/>
- <isset property="disconnected"/>
- </or>
+ </and>
</condition>
<condition property="ooxml-compiled-encryption-xsds.present">
- <or>
+ <and>
<available file="${ooxml.encryption.jar}"/>
- <isset property="disconnected"/>
- </or>
+ </and>
</condition>
</target>
<target name="compile-ooxml-xsds" unless="ooxml-compiled-xsds.present"

253
apache-poi.spec Normal file
View file

@ -0,0 +1,253 @@
%global reldate 20140818
%global rcver %{nil}
Name: apache-poi
Version: 3.10.1
Release: 2%{?dist}
Summary: The Java API for Microsoft Documents
License: ASL 2.0
URL: http://poi.apache.org/
Source0: http://www.apache.org/dist/poi/release/src/poi-src-%{version}-%{reldate}.tar.gz
#Source0: http://www.apache.org/dist/poi/dev/src/poi-src-%%{version}%%{?rcver}-%%{reldate}.tar.gz
Source1: http://www.ecma-international.org/publications/files/ECMA-ST/Office%20Open%20XML%201st%20edition%20Part%204%20(PDF).zip
Source2: http://repo2.maven.org/maven2/org/apache/poi/poi/%{version}/poi-%{version}.pom
Source3: http://repo2.maven.org/maven2/org/apache/poi/poi-examples/%{version}/poi-examples-%{version}.pom
Source4: http://repo2.maven.org/maven2/org/apache/poi/poi-excelant/%{version}/poi-excelant-%{version}.pom
Source5: http://repo2.maven.org/maven2/org/apache/poi/poi-ooxml/%{version}/poi-ooxml-%{version}.pom
Source6: http://repo2.maven.org/maven2/org/apache/poi/poi-ooxml-schemas/%{version}/poi-ooxml-schemas-%{version}.pom
Source7: http://repo2.maven.org/maven2/org/apache/poi/poi-scratchpad/%{version}/poi-scratchpad-%{version}.pom
#Force compile of xsds if disconnected
Patch1: %{name}-compile-xsds.patch
Patch2: %{name}-build.patch
Patch3: %{name}-CVE-2014-9527.patch
BuildArch: noarch
BuildRequires: jpackage-utils
BuildRequires: java-devel >= 1:1.6.0
BuildRequires: ant-junit
BuildRequires: dom4j
BuildRequires: apache-commons-logging
BuildRequires: junit
#Fonts for testing
BuildRequires: fontconfig liberation-sans-fonts liberation-serif-fonts
BuildRequires: jacoco
BuildRequires: log4j
BuildRequires: xmlbeans
BuildRequires: hamcrest
Requires: jpackage-utils
Requires: java >= 1:1.6.0
Requires: dom4j
Requires: apache-commons-logging
Requires: log4j
Requires: xmlbeans
%description
The Apache POI Project's mission is to create and maintain Java APIs for
manipulating various file formats based upon the Office Open XML standards
(OOXML) and Microsoft's OLE 2 Compound Document format (OLE2). In short, you
can read and write MS Excel files using Java. In addition, you can read and
write MS Word and MS PowerPoint files using Java. Apache POI is your Java
Excel solution (for Excel 97-2008). We have a complete API for porting other
OOXML and OLE2 formats and welcome others to participate.
OLE2 files include most Microsoft Office files such as XLS, DOC, and PPT as
well as MFC serialization API based file formats. The project provides APIs
for the OLE2 Filesystem (POIFS) and OLE2 Document Properties (HPSF).
Office OpenXML Format is the new standards based XML file format found in
Microsoft Office 2007 and 2008. This includes XLSX, DOCX and PPTX. The
project provides a low level API to support the Open Packaging Conventions
using openxml4j.
For each MS Office application there exists a component module that attempts
to provide a common high level Java API to both OLE2 and OOXML document
formats. This is most developed for Excel workbooks (SS=HSSF+XSSF). Work is
progressing for Word documents (HWPF+XWPF) and PowerPoint presentations
(HSLF+XSLF).
The project has recently added support for Outlook (HSMF). Microsoft opened
the specifications to this format in October 2007. We would welcome
contributions.
There are also projects for Visio (HDGF) and Publisher (HPBF).
%package javadoc
Summary: Javadoc for %{name}
%description javadoc
This package contains the API documentation for %{name}.
%package manual
Summary: Manual for %{name}
Requires: %{name}-javadoc = %{version}-%{release}
%description manual
The manual for %{name}.
%prep
%setup -q -n poi-%{version}%{?rcver}
%patch1 -p1 -b .compile-xsds
%patch2 -p1 -b .build
%patch3 -p1 -b .CVE-2014-9527
find -name '*.class' -delete
find -name '*.jar' -delete
mkdir lib ooxml-lib
build-jar-repository -s -p lib ant commons-codec commons-logging jacoco junit hamcrest/core log4j
build-jar-repository -s -p ooxml-lib dom4j xmlbeans/xbean
#Unpack the XMLSchema
pushd ooxml-lib
unzip "%SOURCE1" OfficeOpenXML-XMLSchema.zip
popd
%build
cat > build.properties <<'EOF'
main.ant.jar=lib/ant.jar
main.commons-codec.jar=lib/commons-codec.jar
main.commons-logging.jar=lib/commons-logging.jar
main.log4j.jar=lib/log4j.jar
main.junit.jar=lib/junit.jar
main.hamcrest.jar=lib/hamcrest_core.jar
ooxml.dom4j.jar=ooxml-lib/dom4j.jar
ooxml.xmlbeans23.jar=ooxml-lib/xmlbeans_xbean.jar
ooxml.xmlbeans26.jar=ooxml-lib/xmlbeans_xbean.jar
disconnected=1
DSTAMP=%{reldate}
EOF
export ANT_OPTS="-Xmx768m"
ant -propertyfile build.properties compile-ooxml-xsds jar
%install
mkdir -p $RPM_BUILD_ROOT%{_javadir}/poi
mkdir -p $RPM_BUILD_ROOT%{_mavenpomdir}
cd build/dist
for jar in *.jar
do
jarname=${jar/-%{version}*.jar/}
cp -p ${jar} $RPM_BUILD_ROOT%{_javadir}/poi/apache-${jarname}.jar
ln -s apache-${jarname}.jar $RPM_BUILD_ROOT%{_javadir}/poi/${jarname}.jar
#pom
cp -p $RPM_SOURCE_DIR/${jarname}-%{version}*.pom \
$RPM_BUILD_ROOT%{_mavenpomdir}/JPP.poi-${jarname}.pom
%add_maven_depmap JPP.poi-${jarname}.pom poi/${jarname}.jar
done
cd -
#javadoc
mkdir -p $RPM_BUILD_ROOT%{_javadocdir}
cp -pr docs/apidocs $RPM_BUILD_ROOT%{_javadocdir}/%{name}
#Don't copy for manual
rm -rf docs/apidocs
#manual - Link to javadoc location
ln -s ../../javadoc/%{name} docs/apidocs
%check
# To enable 8-bit character tests
export LANG=en_US.UTF-8
# Ignore test failures for now
ant -propertyfile build.properties test || :
%files -f build/dist/.mfiles
%doc KEYS
%dir %{_javadir}/poi
%{_javadir}/poi/apache-poi*.jar
%license LICENSE NOTICE
%files javadoc
%license LICENSE NOTICE
%{_javadocdir}/%{name}
%files manual
%doc docs/*
%license LICENSE NOTICE
%changelog
* Wed Feb 11 2015 gil cattaneo <puntogil@libero.it> 3.10.1-2
- fix for RHBZ#1138135 (CVE-2014-3574)
- introduce license macro
* Thu Sep 4 2014 Orion Poplawski <orion@cora.nwra.com> - 3.10.1-1
- Update to 3.10.1 (Bug 1138135: CVE-2014-3574 CVE-2014-3529)
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Feb 24 2014 Orion Poplawski <orion@cora.nwra.com> - 3.10-1
- Update to 3.10
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jun 12 2013 Orion Poplawski <orion@cora.nwra.com> - 3.9-1
- Update to 3.9 final
- Install all jars and add poms for each
- Cleanup and update spec
* Fri Apr 05 2013 Karsten Hopp <karsten@redhat.com> 3.8-5
- drop excludearch ppc64
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jul 13 2012 Orion Poplawski <orion@cora.nwra.com> - 3.8-2
- Add patch to fix compilation with JDK 1.7
* Thu May 10 2012 Orion Poplawski <orion@cora.nwra.com> - 3.8-1
- Update to 3.8 final
- Add patch to fix CVE-2012-0213 (bugs 799078, 820788)
* Thu Jan 5 2012 Orion Poplawski <orion@cora.nwra.com> - 3.8-0.3.beta5
- Update to 3.8-beta5
* Fri Jul 22 2011 Orion Poplawski <orion@cora.nwra.com> - 3.8-0.2.beta3
- Update to 3.8-beta3
- Add commons-codec to the build jar repository
* Wed Apr 20 2011 Orion Poplawski <orion@cora.nwra.com> - 3.8-0.1.beta2
- Update to 3.8-beta2
- Add BR fontconfig needed for tests to find fonts
- Fix javadoc link
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Dec 21 2010 Orion Poplawski <orion@cora.nwra.com> - 3.7-4
- No java >= 1:1.6.0 on ppc64
* Tue Dec 21 2010 Alexander Kurtakov <akurtako@redhat.com> 3.7-3
- No poi-contrib.jar.
* Tue Dec 21 2010 Alexander Kurtakov <akurtako@redhat.com> 3.7-2
- Url encode the source.
* Mon Dec 6 2010 Orion Poplawski <orion@cora.nwra.com> - 3.7-1
- Update to 3.7 final
* Mon Nov 8 2010 Orion Poplawski <orion@cora.nwra.com> - 3.7-0.5.beta3
- Add pom
* Mon Nov 1 2010 Orion Poplawski <orion@cora.nwra.com> - 3.7-0.4.beta3
- Fix manual package
* Wed Oct 27 2010 Orion Poplawski <orion@cora.nwra.com> - 3.7-0.3.beta3
- Update to 3.7 beta3
- Add more Requires
* Wed Sep 1 2010 Orion Poplawski <orion@cora.nwra.com> - 3.7-0.2.beta2
- Update to 3.7 beta2
* Fri Jun 25 2010 Orion Poplawski <orion@cora.nwra.com> - 3.7-0.1.beta1
- Update to 3.7 beta1
- Rebase compile-xsds patch
* Fri Jun 25 2010 Orion Poplawski <orion@cora.nwra.com> - 3.6-1
- Initial Fedora package

1
dead.package
View file

@ -1 +0,0 @@
Orphaned for 6+ weeks

8
sources Normal file
View file

@ -0,0 +1,8 @@
abe6bb6e7799e854934b3c634e8bcf7b Office%20Open%20XML%201st%20edition%20Part%204%20(PDF).zip
4f93305b4d8b9b78fca93fd732c57dfe poi-src-3.10.1-20140818.tar.gz
9627791c9a3134db316e9b98fd6eea37 poi-3.10.1.pom
143fe8ec48be4cc644f16fe835160a55 poi-examples-3.10.1.pom
1c44f0b80dfd119f17bf0c19b2b50e7c poi-excelant-3.10.1.pom
4341d272a9cefffa2f820d2890d35f82 poi-ooxml-3.10.1.pom
6b3fdb9bc2f2493ac8921ed7e83d4295 poi-ooxml-schemas-3.10.1.pom
5fd5194a1ea65f0eb4fefbd5d0fd15fb poi-scratchpad-3.10.1.pom