config-msvc.h

@@ -86,7 +86,7 @@
 #define PACKAGE_NAME "FreeXL"
 
 /* Define to the full name and version of this package. */
-#define PACKAGE_STRING "FreeXL 1.0.4"
+#define PACKAGE_STRING "FreeXL 1.0.5"
 
 /* Define to the one symbol short name of this package. */
 #define PACKAGE_TARNAME "freexl"
@@ -95,7 +95,7 @@
 #define PACKAGE_URL ""
 
 /* Define to the version of this package. */
-#define PACKAGE_VERSION "1.0.4"
+#define PACKAGE_VERSION "1.0.5"
 
 /* Define to 1 if you have the ANSI C header files. */
 #define STDC_HEADERS 1
@@ -107,7 +107,7 @@
 /* #undef TM_IN_SYS_TIME */
 
 /* Version number of package */
-#define VERSION "1.0.4"
+#define VERSION "1.0.5"
 
 /* Define to empty if `const' does not conform to ANSI C. */
 /* #undef const */

configure

 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for FreeXL 1.0.4.
+# Generated by GNU Autoconf 2.69 for FreeXL 1.0.5.
 #
 # Report bugs to <a.furieri@lqt.it>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='FreeXL'
 PACKAGE_TARNAME='freexl'
-PACKAGE_VERSION='1.0.4'
-PACKAGE_STRING='FreeXL 1.0.4'
+PACKAGE_VERSION='1.0.5'
+PACKAGE_STRING='FreeXL 1.0.5'
 PACKAGE_BUGREPORT='a.furieri@lqt.it'
 PACKAGE_URL=''
@@ -1326,7 +1326,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures FreeXL 1.0.4 to adapt to many kinds of systems.
+\`configure' configures FreeXL 1.0.5 to adapt to many kinds of systems.
 Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1396,7 +1396,7 @@ fi
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of FreeXL 1.0.4:";;
+     short | recursive ) echo "Configuration of FreeXL 1.0.5:";;
    esac
   cat <<\_ACEOF
@@ -1508,7 +1508,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-FreeXL configure 1.0.4
+FreeXL configure 1.0.5
 generated by GNU Autoconf 2.69
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2052,7 +2052,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
-It was created by FreeXL $as_me 1.0.4, which was
+It was created by FreeXL $as_me 1.0.5, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
   $ $0 $@
@@ -2923,7 +2923,7 @@ fi
 # Define the identity of the package.
  PACKAGE='freexl'
- VERSION='1.0.4'
+ VERSION='1.0.5'
 cat >>confdefs.h <<_ACEOF
@@ -17813,7 +17813,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by FreeXL $as_me 1.0.4, which was
+This file was extended by FreeXL $as_me 1.0.5, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
   CONFIG_FILES    = $CONFIG_FILES
@@ -17879,7 +17879,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-FreeXL config.status 1.0.4
+FreeXL config.status 1.0.5
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"

configure.ac

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT(FreeXL, 1.0.4, a.furieri@lqt.it)
+AC_INIT(FreeXL, 1.0.5, a.furieri@lqt.it)
 AC_LANG(C)
 AC_CONFIG_AUX_DIR([.])
 AC_CONFIG_MACRO_DIR([m4])

debian/changelog

-freexl (1.0.4-2) UNRELEASED; urgency=medium
-
-  * Change priority for libfreexl1-dbg from extra to optional.
-  * Bump Standards-Version to 4.1.1, changes: priority.
+freexl (1.0.5-1) unstable; urgency=high
+
+  * New upstream release. Fixes security issues:
+    - https://bugzilla.redhat.com/show_bug.cgi?id=1547879
+    - https://bugzilla.redhat.com/show_bug.cgi?id=1547883
+    - https://bugzilla.redhat.com/show_bug.cgi?id=1547885
+    - https://bugzilla.redhat.com/show_bug.cgi?id=1547889
+    - https://bugzilla.redhat.com/show_bug.cgi?id=1547892
+  * Bump Standards-Version to 4.1.3, no changes.
   * Strip trailing whitespace from changelog.
   * Update copyright-format URL to use HTTPS.
+  * Drop obsolete dbg package.
+  * Add lintian override for debian-watch-uses-insecure-uri.
 
- -- Bas Couwenberg <sebastic@debian.org>  Sun, 24 Sep 2017 12:51:11 +0200
+ -- Bas Couwenberg <sebastic@debian.org>  Thu, 22 Feb 2018 21:58:18 +0100
 
 freexl (1.0.4-1) unstable; urgency=medium
 

debian/control

@@ -4,10 +4,10 @@ Uploaders: David Paleino <dapal@debian.org>,
            Bas Couwenberg <sebastic@debian.org>
 Section: libs
 Priority: optional
-Build-Depends: debhelper (>= 9~),
+Build-Depends: debhelper (>= 9.20160114),
                autotools-dev,
                dh-autoreconf
-Standards-Version: 4.1.1
+Standards-Version: 4.1.3
 Vcs-Browser: https://anonscm.debian.org/cgit/pkg-grass/freexl.git
 Vcs-Git: https://anonscm.debian.org/git/pkg-grass/freexl.git
 Homepage: https://www.gaia-gis.it/fossil/freexl/
@@ -42,18 +42,3 @@ Description: library for direct reading of Microsoft Excel spreadsheets
  .
  This package contains the shared library.
 
-Package: libfreexl1-dbg
-Architecture: any
-Multi-Arch: same
-Section: debug
-Depends: libfreexl1 (= ${binary:Version}),
-         ${misc:Depends}
-Description: library for direct reading of Microsoft Excel spreadsheets - debug
- FreeXL is a C library implementing direct reading of Microsoft Excel
- spreadsheets, up to the BIFF8 file format specification (i.e. .xls, Microsoft
- Excel XP/2003 and older).
- The XML SS file format specification (.xlsx, Microsoft Excel 2007 and newer) is
- not supported.
- .
- This package contains the debugging symbols.
-

debian/rules

@@ -21,5 +21,5 @@ override_dh_makeshlibs:
 	dh_makeshlibs -- -v$(UPSTREAM_VERSION)
 
 override_dh_strip:
-	dh_strip --dbg-package=libfreexl1-dbg
+	dh_strip --dbgsym-migration='libfreexl1-dbg (<< 1.0.5)'
 

debian/source/lintian-overrides

+# HTTPS requests result in 403 Forbidden:
+# https://groups.google.com/d/topic/spatialite-users/f44JI1Lijeg/discussion
+freexl source: debian-watch-uses-insecure-uri http://www.gaia-gis.it/gaia-sins/*-sources
+

headers/freexl.h

@@ -292,6 +292,11 @@ extern "C"
 #define FREEXL_CFBF_ILLEGAL_MINI_FAT_ENTRY	-25 /**< The MiniFAT stream 
                                                      contains an invalid entry.
                                                      Possibly a corrupt file. */
+#define FREEXL_CRAFTED_FILE			-26 /**< A severely corrupted file
+                                                 (may be purposely crafted for 
+                                                 malicious purposes) has been 
+                                                 detected. */
+
 
     /**
      Container for a cell value

src/freexl.c

@@ -1109,6 +1109,11 @@ allocate_cells (biff_workbook * workbook)
 	return FREEXL_INSUFFICIENT_MEMORY;
 
 /* allocating the cell values array */
+    if (workbook->active_sheet->rows * workbook->active_sheet->columns <= 0)
+      {
+	  workbook->active_sheet->cell_values = NULL;
+	  return FREEXL_OK;
+      }
     workbook->active_sheet->cell_values =
 	malloc (sizeof (biff_cell_value) *
 		(workbook->active_sheet->rows *
@@ -1801,6 +1806,12 @@ parse_SST (biff_workbook * workbook, int swap)
 		      unsigned int i;
 		      for (i = 0; i < len; i++)
 			{
+			    if (p_string - workbook->record >=
+				workbook->record_size)
+			      {
+				  /* buffer overflow: it's a preasumable crafted file intended to crash FreeXL */
+				  return FREEXL_CRAFTED_FILE;
+			      }
 			    *(utf16_buf + (utf16_off * 2) + (i * 2)) =
 				*p_string;
 			    p_string++;
@@ -1912,6 +1923,11 @@ parse_SST (biff_workbook * workbook, int swap)
 		return FREEXL_OK;
 	    }
 
+	  if (len <= 0)
+	    {
+		/* zero length - it's a preasumable crafted file intended to crash FreeXL */
+		return FREEXL_CRAFTED_FILE;
+	    }
 	  if (!parse_unicode_string
 	      (workbook->utf16_converter, len, utf16, p_string, &utf8_string))
 	      return FREEXL_INVALID_CHARACTER;
@@ -3070,6 +3086,11 @@ parse_biff_record (biff_workbook * workbook, int swap)
 	  if (swap)
 	      swap32 (&offset);
 	  len = workbook->record[6];
+	  if (len <= 0)
+	    {
+		/* zero length - it's a preasumable crafted file intended to crash FreeXL */
+		return FREEXL_CRAFTED_FILE;
+	    }
 	  if (workbook->biff_version == FREEXL_BIFF_VER_5)
 	    {
 		/* BIFF5: codepage text */
@@ -3229,6 +3250,11 @@ parse_biff_record (biff_workbook * workbook, int swap)
 		get_unicode_params (p_string, swap, &start_offset, &utf16,
 				    &extra_skip);
 		p_string += start_offset;
+		if (len <= 0)
+		  {
+		      /* zero length - it's a preasumable crafted file intended to crash FreeXL */
+		      return FREEXL_CRAFTED_FILE;
+		  }
 		if (!parse_unicode_string
 		    (workbook->utf16_converter, len, utf16, p_string,
 		     &utf8_string))
@@ -3623,6 +3649,11 @@ parse_biff_record (biff_workbook * workbook, int swap)
 		get_unicode_params (p_string, swap, &start_offset, &utf16,
 				    &extra_skip);
 		p_string += start_offset;
+		if (len <= 0)
+		  {
+		      /* zero length - it's a preasumable crafted file intended to crash FreeXL */
+		      return FREEXL_CRAFTED_FILE;
+		  }
 		if (!parse_unicode_string
 		    (workbook->utf16_converter, len, utf16, p_string,
 		     &utf8_string))
@@ -3905,6 +3936,9 @@ read_mini_biff_next_record (biff_workbook * workbook, int swap, int *errcode)
     workbook->record_type = record_type.value;
     workbook->record_size = record_size.value;
 
+    if (workbook->record_size >= 8192)
+	return 0;		/* malformed or crafted file */
+
     if ((workbook->p_in - workbook->fat->miniStream) + workbook->record_size >
 	(int) workbook->size)
 	return 0;		/* unexpected EOF */