debian/0000755000000000000000000000000013352457070007174 5ustar debian/changelog0000644000000000000000000000637513352457044011062 0ustar freexl (1.0.0g-1ubuntu0.14.04.3) trusty-security; urgency=medium * SECURITY UPDATE: Imported changes from Debian's 1.0.0g-1+deb8u5 package - debian/patches/CVE-2017-2923_CVE-2017-2924.patch - debian/patches/security-fixes-1.0.5.patch - CVE-2017-2923 CVE-2017-2924 CVE-2017-7435 CVE-2017-7436 CVE-2017-7437 CVE-2017-7438 CVE-2017-7439 -- Mike Salvatore Tue, 25 Sep 2018 12:11:00 -0400 freexl (1.0.0g-1ubuntu0.14.04.2) trusty-security; urgency=medium * SECURITY UPDATE: Fix issues in previous security update (LP: #1516257) - afl-vulnerabilitities-regression.patch: Fix regression introduced by afl-vulnerabilitities.patch. - 32bit-multiplication-overflow.patch: Fix 32 bit multiplication overflow -- Bas Couwenberg Thu, 12 Nov 2015 22:04:49 +0100 freexl (1.0.0g-1ubuntu0.14.04.1) trusty-security; urgency=high * SECURITY UPDATE: Fix multiple vulnerabilities allowing denial of service or possibly execute arbitrary code (LP: #1437087): - CVE 2015-2753: FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook. - CVE 2015-2754: FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF." -- Johan Van de Wauw Fri, 03 Apr 2015 22:47:20 +0200 freexl (1.0.0g-1) unstable; urgency=low * New upstream release. * Bump Standards-Version to 3.9.5, no changes required. * Add lintian override for debian-watch-may-check-gpg-signature, upstream doesn't provide signatures for verification. -- Bas Couwenberg Tue, 14 Jan 2014 11:18:32 +0100 freexl (1.0.0f-2) unstable; urgency=low * Change Priority to optional, keep Priority extra for -dbg package. -- Bas Couwenberg Thu, 21 Nov 2013 23:08:31 +0100 freexl (1.0.0f-1) unstable; urgency=low * New upstream version. * Add myself to Uploaders. * Update watch file, handle common mistakes. * Use dh-autoreconf for retooling. * Update Homepage URL. * Use canonical URLs for Vcs-* fields. * Multi-Arch: same dev and dbg packages. * Add lintian overrides for no upstream changelog, link to upstream timeline. * Update copyright file. * Move maintenance from collab-maint to pkg-grass. -- Bas Couwenberg Wed, 02 Oct 2013 18:42:35 +0200 freexl (1.0.0d-1) unstable; urgency=low * New upstream version * Standards-Version bump to 3.9.4, no changes needed * debhelper Build-Dependency bumped to 9 * Manually export LDFLAGS in debian/rules to fix linking issue with the library * Updated debian/copyright * Enable hardening build-flags in debian/rules -- David Paleino Thu, 11 Oct 2012 10:37:33 +0200 freexl (1.0.0b-1) unstable; urgency=low * New upstream version (Closes: #650280) * Fixed debian/watch -- David Paleino Wed, 22 Feb 2012 19:47:55 +0100 freexl (0.0.2~beta20110817-1) unstable; urgency=low * Initial release (Closes: #644087) -- David Paleino Sun, 02 Oct 2011 21:11:42 +0200 debian/libfreexl-dev.install0000644000000000000000000000010712265326152013310 0ustar usr/include/* usr/lib/*/lib*.a usr/lib/*/lib*.so usr/lib/*/pkgconfig/* debian/libfreexl1.install0000644000000000000000000000002412265326152012613 0ustar usr/lib/*/lib*.so.* debian/compat0000644000000000000000000000000212265326152010370 0ustar 9 debian/libfreexl-dev.lintian-overrides0000644000000000000000000000020412265326152015276 0ustar # Changes available only in the upstream VCS: # https://www.gaia-gis.it/fossil/freexl/timeline libfreexl-dev: no-upstream-changelog debian/rules0000755000000000000000000000042512265326152010253 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 export DEB_BUILD_MAINT_OPTIONS = hardening=+all export DEB_LDFLAGS_MAINT_APPEND = -lm %: dh $@ --with autoreconf override_dh_strip: dh_strip --dbg-package=libfreexl1-dbg debian/patches/0000755000000000000000000000000013352456775010636 5ustar debian/patches/afl-vulnerabilitities.patch0000644000000000000000000000461612510532270016140 0ustar Description: Fix critical bugs identified by American Fuzzy Lop. Origin: https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1 Author: Alessandro Furieri Bug-Debian: https://bugs.debian.org/781228 --- a/src/freexl.c +++ b/src/freexl.c @@ -1068,6 +1068,11 @@ allocate_cells (biff_workbook * workbook unsigned int col; biff_cell_value *p_cell; + if (workbook == NULL) + return FREEXL_NULL_ARGUMENT; + if (workbook->active_sheet == NULL) + return FREEXL_NULL_ARGUMENT; + /* allocating the cell values array */ workbook->active_sheet->cell_values = malloc (sizeof (biff_cell_value) * @@ -1713,6 +1718,11 @@ parse_SST (biff_workbook * workbook, int swap32 (&n_strings); p_string = workbook->record + 8; workbook->shared_strings.string_count = n_strings.value; + if (workbook->shared_strings.string_count > 1024 * 1024) + { + /* unexpected huge count ... cowardly giving up ... */ + return FREEXL_INSUFFICIENT_MEMORY; + } workbook->shared_strings.utf8_strings = malloc (sizeof (char **) * workbook->shared_strings.string_count); for (i_string = 0; i_string < workbook->shared_strings.string_count; @@ -3749,6 +3759,8 @@ read_biff_next_record (biff_workbook * w unsigned int already_done; unsigned int chunk = workbook->sector_end - (workbook->p_in - workbook->sector_buf); + if (workbook->sector_end <= (workbook->p_in - workbook->sector_buf)) + return -1; memcpy (workbook->record, workbook->p_in, chunk); workbook->p_in += chunk; already_done = chunk; @@ -3825,6 +3837,10 @@ read_mini_biff_next_record (biff_workboo workbook->record_type = record_type.value; workbook->record_size = record_size.value; + if ((workbook->p_in - workbook->fat->miniStream) + workbook->record_size > + (int) workbook->size) + return 0; /* unexpected EOF */ + memcpy (workbook->record, workbook->p_in, workbook->record_size); workbook->p_in += record_size.value; @@ -4062,7 +4078,10 @@ common_open (const char *path, const voi p_sheet->columns += 1; ret = allocate_cells (workbook); if (ret != FREEXL_OK) - return ret; + { + errcode = ret; + goto stop; + } p_sheet->valid_dimension = 1; workbook->second_pass = 1; } debian/patches/32bit-multiplication-overflow.patch0000644000000000000000000000300112623440312017444 0ustar Description: Fixing a critical bug (32 bit multiplication overflow) reported by RHEL maintainers Origin: https://www.gaia-gis.it/fossil/freexl/fdiff?v1=4f9408c216ead322&v2=44802d385bc32499&sbs=1 Author: Alessandro Furieri --- a/src/freexl.c +++ b/src/freexl.c @@ -1066,6 +1066,7 @@ allocate_cells (biff_workbook * workbook /* allocating the rows and cells for the active Worksheet */ unsigned int row; unsigned int col; + double dsize; biff_cell_value *p_cell; if (workbook == NULL) @@ -1073,6 +1074,14 @@ allocate_cells (biff_workbook * workbook if (workbook->active_sheet == NULL) return FREEXL_NULL_ARGUMENT; +/* testing for an unrealistically high memory size > 256MB */ + dsize = + (double) sizeof (biff_cell_value) * + (double) (workbook->active_sheet->rows) * + (double) (workbook->active_sheet->columns); + if (dsize > 256.0 * 1024.0 * 1024.0) + return FREEXL_INSUFFICIENT_MEMORY; + /* allocating the cell values array */ workbook->active_sheet->cell_values = malloc (sizeof (biff_cell_value) * @@ -1725,6 +1734,8 @@ parse_SST (biff_workbook * workbook, int } workbook->shared_strings.utf8_strings = malloc (sizeof (char **) * workbook->shared_strings.string_count); + if (workbook->shared_strings.utf8_strings == NULL) + return FREEXL_INSUFFICIENT_MEMORY; for (i_string = 0; i_string < workbook->shared_strings.string_count; i_string++) *(workbook->shared_strings.utf8_strings + i_string) = NULL; debian/patches/afl-vulnerabilitities-regression.patch0000644000000000000000000000153512623440312020313 0ustar Description: Fix regression introduced by afl-vulnerabilitities.patch. Initially reported as a bug in GDAL and traced to FreeXL, see: https://trac.osgeo.org/gdal/ticket/6200 Origin: https://www.gaia-gis.it/fossil/freexl/fdiff?v1=61618ce51a9b0c15&v2=4f9408c216ead322&sbs=1 Author: Alessandro Furieri Bug-Debian: https://bugs.debian.org/781228 --- a/src/freexl.c +++ b/src/freexl.c @@ -3759,7 +3759,7 @@ read_biff_next_record (biff_workbook * w unsigned int already_done; unsigned int chunk = workbook->sector_end - (workbook->p_in - workbook->sector_buf); - if (workbook->sector_end <= (workbook->p_in - workbook->sector_buf)) + if (workbook->sector_end < (workbook->p_in - workbook->sector_buf)) return -1; memcpy (workbook->record, workbook->p_in, chunk); workbook->p_in += chunk; debian/patches/series0000644000000000000000000000024413352456775012053 0ustar afl-vulnerabilitities.patch afl-vulnerabilitities-regression.patch 32bit-multiplication-overflow.patch CVE-2017-2923_CVE-2017-2924.patch security-fixes-1.0.5.patch debian/patches/CVE-2017-2923_CVE-2017-2924.patch0000644000000000000000000002775113352456764014754 0ustar Description: fixing a security issue - Cisco TALOS-2017-430 and TALOS-2017-431 CVE-2017-2923 & CVE-2017-2924 Author: Alessandro Furieri Origin: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8 Bug-Debian: https://bugs.debian.org/875690 https://bugs.debian.org/875691 --- a/src/freexl.c +++ b/src/freexl.c @@ -941,6 +941,21 @@ set_sst_value (biff_workbook * workbook, return FREEXL_OK; } +static size_t +xls_fread (size_t bufsz, void *buf, size_t size, size_t nmemb, FILE * fl) +{ +/* +/ Sandro 2017-09-07 +/ secure version of "fread" checking against buffer overflows +/--------------------------- +/ expected to fix the issue reported by +/ Cisco [TALOS-2017-431] +*/ + if ((size * nmemb) > bufsz) + return 0; + return fread (buf, size, nmemb, fl); +} + static fat_chain * alloc_fat_chain (int swap, unsigned short sector_shift, unsigned int directory_start) @@ -1383,7 +1398,8 @@ read_fat_sector (FILE * xls, fat_chain * max_fat = 128; /* reading a FAT sector */ - if (fread (buf, 1, chain->sector_size, xls) != chain->sector_size) + if (xls_fread (sizeof (buf), buf, 1, chain->sector_size, xls) != + chain->sector_size) return FREEXL_CFBF_READ_ERROR; for (i_fat = 0; i_fat < max_fat; i_fat++) @@ -1425,7 +1441,8 @@ read_difat_sectors (FILE * xls, fat_chai if (fseek (xls, where, SEEK_SET) != 0) return FREEXL_CFBF_SEEK_ERROR; /* reading a DIFAT sector */ - if (fread (&difat, 1, chain->sector_size, xls) != chain->sector_size) + if (xls_fread (sizeof (difat), &difat, 1, chain->sector_size, xls) != + chain->sector_size) return FREEXL_CFBF_READ_ERROR; blocks++; if (chain->swap) @@ -1486,7 +1503,8 @@ read_miniFAT_sectors (FILE * xls, fat_ch unsigned char *p_buf = buf; block++; /* reading a miniFAT sector */ - if (fread (&buf, 1, chain->sector_size, xls) != chain->sector_size) + if (xls_fread (sizeof (buf), &buf, 1, chain->sector_size, xls) != + chain->sector_size) return FREEXL_CFBF_READ_ERROR; for (i_fat = 0; i_fat < max_fat; i_fat++) { @@ -1514,7 +1532,7 @@ read_cfbf_header (biff_workbook * workbo int ret; unsigned char *p_fat = header.fat_sector_map; - if (fread (&header, 1, 512, workbook->xls) != 512) + if (xls_fread (sizeof (header), &header, 1, 512, workbook->xls) != 512) { *err_code = FREEXL_CFBF_READ_ERROR; return NULL; @@ -1660,8 +1678,9 @@ read_mini_stream (biff_workbook * workbo *errcode = FREEXL_CFBF_SEEK_ERROR; return 0; } - if (fread (buf, 1, workbook->fat->sector_size, workbook->xls) != - workbook->fat->sector_size) + if (xls_fread + (sizeof (buf), buf, 1, workbook->fat->sector_size, + workbook->xls) != workbook->fat->sector_size) { *errcode = FREEXL_CFBF_READ_ERROR; return 0; @@ -1993,7 +2012,7 @@ legacy_emergency_dimension (biff_workboo /* looping on BIFF records */ if (!first) { - if (fread (&buf, 1, 4, workbook->xls) != 4) + if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4) return 0; memcpy (record_type.bytes, buf, 2); memcpy (record_size.bytes, buf + 2, 2); @@ -2019,9 +2038,9 @@ legacy_emergency_dimension (biff_workboo /* INTEGER marker found */ biff_word16 word16; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2046,9 +2065,9 @@ legacy_emergency_dimension (biff_workboo /* NUMBER marker found */ biff_word16 word16; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2073,9 +2092,9 @@ legacy_emergency_dimension (biff_workboo /* BOOLERR marker found */ biff_word16 word16; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2098,9 +2117,9 @@ legacy_emergency_dimension (biff_workboo /* RK marker found */ biff_word16 word16; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2125,9 +2144,9 @@ legacy_emergency_dimension (biff_workboo /* LABEL marker found */ biff_word16 word16; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2204,7 +2223,7 @@ read_legacy_biff (biff_workbook * workbo /* attempting to get the main BOF */ rewind (workbook->xls); - if (fread (&buf, 1, 4, workbook->xls) != 4) + if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4) return 0; memcpy (record_type.bytes, buf, 2); memcpy (record_size.bytes, buf + 2, 2); @@ -2240,7 +2259,7 @@ read_legacy_biff (biff_workbook * workbo { /* looping on BIFF records */ - if (fread (&buf, 1, 4, workbook->xls) != 4) + if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4) return 0; memcpy (record_type.bytes, buf, 2); memcpy (record_size.bytes, buf + 2, 2); @@ -2253,7 +2272,7 @@ read_legacy_biff (biff_workbook * workbo if (record_type.value == BIFF_SHEETSOFFSET) { -/* unsupported BIFF4W format */ + /* unsupported BIFF4W format */ return 0; } @@ -2266,9 +2285,9 @@ read_legacy_biff (biff_workbook * workbo if (record_type.value == BIFF_CODEPAGE) { /* CODEPAGE marker found */ - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); if (swap) @@ -2284,9 +2303,9 @@ read_legacy_biff (biff_workbook * workbo if (record_type.value == BIFF_DATEMODE) { /* DATEMODE marker found */ - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); if (swap) @@ -2318,9 +2337,9 @@ read_legacy_biff (biff_workbook * workbo int is_date = 0; int is_datetime = 0; int is_time = 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; if (workbook->biff_version == FREEXL_BIFF_VER_2 @@ -2386,9 +2405,9 @@ read_legacy_biff (biff_workbook * workbo /* XF [Extended Format] marker found */ unsigned char format; unsigned short s_format; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; switch (workbook->biff_version) { @@ -2418,9 +2437,9 @@ read_legacy_biff (biff_workbook * workbo unsigned int rows; unsigned short columns; char *utf8_name; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record + 2, 2); @@ -2468,9 +2487,9 @@ read_legacy_biff (biff_workbook * workbo (workbook, swap, record_type.value, record_size.value)) return 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2536,9 +2555,9 @@ read_legacy_biff (biff_workbook * workbo (workbook, swap, record_type.value, record_size.value)) return 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2615,9 +2634,9 @@ read_legacy_biff (biff_workbook * workbo (workbook, swap, record_type.value, record_size.value)) return 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2668,9 +2687,9 @@ read_legacy_biff (biff_workbook * workbo (workbook, swap, record_type.value, record_size.value)) return 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2769,9 +2788,9 @@ read_legacy_biff (biff_workbook * workbo (workbook, swap, record_type.value, record_size.value)) return 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -3636,8 +3655,9 @@ read_cfbf_sector (biff_workbook * workbo long where = (workbook->current_sector + 1) * workbook->fat->sector_size; if (fseek (workbook->xls, where, SEEK_SET) != 0) return FREEXL_CFBF_SEEK_ERROR; - if (fread (buf, 1, workbook->fat->sector_size, workbook->xls) != - workbook->fat->sector_size) + if (xls_fread + (sizeof (biff_workbook), buf, 1, workbook->fat->sector_size, + workbook->xls) != workbook->fat->sector_size) return FREEXL_CFBF_READ_ERROR; return FREEXL_OK; } @@ -3759,6 +3779,14 @@ read_biff_next_record (biff_workbook * w if (record_type.value == 0x0000 && record_size.value == 0) return -1; +/* +/ Sandro 2017-09-07 +/ fixing a security issue reported by +/ Cisco [TALOS-2017-430] +*/ + if (record_size.value > sizeof (workbook->record)) + return -1; + /* saving the current record */ workbook->record_type = record_type.value; workbook->record_size = record_size.value; @@ -3938,8 +3966,9 @@ get_workbook_stream (biff_workbook * wor if (fseek (workbook->xls, where, SEEK_SET) != 0) return FREEXL_CFBF_SEEK_ERROR; /* reading a FAT Directory block [sector] */ - if (fread (dir_block, 1, workbook->fat->sector_size, workbook->xls) != - workbook->fat->sector_size) + if (xls_fread + (sizeof (dir_block), dir_block, 1, workbook->fat->sector_size, + workbook->xls) != workbook->fat->sector_size) return FREEXL_CFBF_READ_ERROR; workbook_start = 0xFFFFFFFF; for (i_entry = 0; i_entry < max_entries; i_entry++) debian/patches/security-fixes-1.0.5.patch0000644000000000000000000001100613352456775015277 0ustar Description: Security fixes from FreeXL 1.0.5. heap-buffer-overflow in freexl::destroy_cell of FreeXL 1.0.4 https://bugzilla.redhat.com/show_bug.cgi?id=1547879 . heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST https://bugzilla.redhat.com/show_bug.cgi?id=1547883 . heap-buffer-overflow in freexl.c:1866 parse_SST of FreeXL 1.0.4 https://bugzilla.redhat.com/show_bug.cgi?id=1547885 . heap-buffer-overflow in freexl.c:383 parse_unicode_string of FreeXL 1.0.4 https://bugzilla.redhat.com/show_bug.cgi?id=1547889 . heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record of FreeXL 1.0.4 https://bugzilla.redhat.com/show_bug.cgi?id=1547892 . Reported upstream in: https://groups.google.com/d/topic/spatialite-users/b-d9iB5TDPE/discussion Author: Alessandro Furieri Origin: https://www.gaia-gis.it/fossil/freexl/ci/1f00f424a24b355e?sbs=0 https://www.gaia-gis.it/fossil/freexl/ci/97c9f43cea4fcd54?sbs=0 https://www.gaia-gis.it/fossil/freexl/ci/9907dcec7fc34a91?sbs=0 --- a/headers/freexl.h +++ b/headers/freexl.h @@ -292,6 +292,11 @@ extern "C" #define FREEXL_CFBF_ILLEGAL_MINI_FAT_ENTRY -25 /**< The MiniFAT stream contains an invalid entry. Possibly a corrupt file. */ +#define FREEXL_CRAFTED_FILE -26 /**< A severely corrupted file + (may be purposely crafted for + malicious purposes) has been + detected. */ + /** Container for a cell value --- a/src/freexl.c +++ b/src/freexl.c @@ -1098,6 +1098,11 @@ allocate_cells (biff_workbook * workbook return FREEXL_INSUFFICIENT_MEMORY; /* allocating the cell values array */ + if (workbook->active_sheet->rows * workbook->active_sheet->columns <= 0) + { + workbook->active_sheet->cell_values = NULL; + return FREEXL_OK; + } workbook->active_sheet->cell_values = malloc (sizeof (biff_cell_value) * (workbook->active_sheet->rows * @@ -1788,6 +1793,12 @@ parse_SST (biff_workbook * workbook, int unsigned int i; for (i = 0; i < len; i++) { + if (p_string - workbook->record >= + workbook->record_size) + { + /* buffer overflow: it's a preasumable crafted file intended to crash FreeXL */ + return FREEXL_CRAFTED_FILE; + } *(utf16_buf + (utf16_off * 2) + (i * 2)) = *p_string; p_string++; @@ -1888,6 +1899,11 @@ parse_SST (biff_workbook * workbook, int return FREEXL_OK; } + if (len <= 0) + { + /* zero length - it's a preasumable crafted file intended to crash FreeXL */ + return FREEXL_CRAFTED_FILE; + } if (!parse_unicode_string (workbook->utf16_converter, len, utf16, p_string, &utf8_string)) return FREEXL_INVALID_CHARACTER; @@ -3041,6 +3057,11 @@ parse_biff_record (biff_workbook * workb if (swap) swap32 (&offset); len = workbook->record[6]; + if (len <= 0) + { + /* zero length - it's a preasumable crafted file intended to crash FreeXL */ + return FREEXL_CRAFTED_FILE; + } if (workbook->biff_version == FREEXL_BIFF_VER_5) { /* BIFF5: codepage text */ @@ -3200,6 +3221,11 @@ parse_biff_record (biff_workbook * workb get_unicode_params (p_string, swap, &start_offset, &utf16, &extra_skip); p_string += start_offset; + if (len <= 0) + { + /* zero length - it's a preasumable crafted file intended to crash FreeXL */ + return FREEXL_CRAFTED_FILE; + } if (!parse_unicode_string (workbook->utf16_converter, len, utf16, p_string, &utf8_string)) @@ -3594,6 +3620,11 @@ parse_biff_record (biff_workbook * workb get_unicode_params (p_string, swap, &start_offset, &utf16, &extra_skip); p_string += start_offset; + if (len <= 0) + { + /* zero length - it's a preasumable crafted file intended to crash FreeXL */ + return FREEXL_CRAFTED_FILE; + } if (!parse_unicode_string (workbook->utf16_converter, len, utf16, p_string, &utf8_string)) @@ -3876,6 +3907,9 @@ read_mini_biff_next_record (biff_workboo workbook->record_type = record_type.value; workbook->record_size = record_size.value; + if (workbook->record_size >= 8192) + return 0; /* malformed or crafted file */ + if ((workbook->p_in - workbook->fat->miniStream) + workbook->record_size > (int) workbook->size) return 0; /* unexpected EOF */ debian/control0000644000000000000000000000427112510532657010603 0ustar Source: freexl Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian GIS Project Uploaders: David Paleino , Bas Couwenberg Section: libs Priority: optional Build-Depends: debhelper (>= 9~), autotools-dev, dh-autoreconf Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-grass/freexl.git Vcs-Git: git://anonscm.debian.org/pkg-grass/freexl.git Homepage: https://www.gaia-gis.it/fossil/freexl/ Package: libfreexl-dev Architecture: any Multi-Arch: same Section: libdevel Depends: libfreexl1 (= ${binary:Version}), ${misc:Depends} Description: library for direct reading of Microsoft Excel spreadsheets - devel FreeXL is a C library implementing direct reading of Microsoft Excel spreadsheets, up to the BIFF8 file format specification (i.e. .xls, Microsoft Excel XP/2003 and older). The XML SS file format specification (.xlsx, Microsoft Excel 2007 and newer) is not supported. . This package contains the development headers. Package: libfreexl1 Architecture: any Multi-Arch: same Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Description: library for direct reading of Microsoft Excel spreadsheets FreeXL is a C library implementing direct reading of Microsoft Excel spreadsheets, up to the BIFF8 file format specification (i.e. .xls, Microsoft Excel XP/2003 and older). The XML SS file format specification (.xlsx, Microsoft Excel 2007 and newer) is not supported. . This package contains the shared library. Package: libfreexl1-dbg Architecture: any Multi-Arch: same Section: debug Priority: extra Depends: libfreexl1 (= ${binary:Version}), ${misc:Depends} Description: library for direct reading of Microsoft Excel spreadsheets - debug FreeXL is a C library implementing direct reading of Microsoft Excel spreadsheets, up to the BIFF8 file format specification (i.e. .xls, Microsoft Excel XP/2003 and older). The XML SS file format specification (.xlsx, Microsoft Excel 2007 and newer) is not supported. . This package contains the debugging symbols. debian/source/0000755000000000000000000000000012265326152010472 5ustar debian/source/format0000644000000000000000000000001412265326152011700 0ustar 3.0 (quilt) debian/source/lintian-overrides0000644000000000000000000000015512265326152014054 0ustar # Upstream doesn't provide signatures for their tarballs freexl source: debian-watch-may-check-gpg-signature debian/libfreexl1.lintian-overrides0000644000000000000000000000020112265326152014600 0ustar # Changes available only in the upstream VCS: # https://www.gaia-gis.it/fossil/freexl/timeline libfreexl1: no-upstream-changelog debian/copyright0000644000000000000000000007161612265326152011140 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: FreeXL Upstream-Contact: Alessandro Furieri Source: https://www.gaia-gis.it/fossil/freexl/ License: MPL-1.1 or GPL-2.0+ or LGPL-2.1+ Files: * Copyright: © 2011-2012, Alessandro Furieri License: MPL-1.1 or GPL-2.0+ or LGPL-2.1+ Files: ltmain.sh Copyright: 1996-2001, 2003-2011, Free Software Foundation, Inc. License: GPL-2.0+ with Libtool exception Files: debian/* Copyright: © 2011-2012, David Paleino License: GPL-2.0+ License: GPL-2.0+ with Libtool exception GNU Libtool is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . As a special exception to the GNU General Public License, if you distribute this file as part of a program or library that is built using GNU Libtool, you may include this file under the same distribution terms that you use for the rest of that program. . GNU Libtool is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with GNU Libtool; see the file COPYING. If not, a copy can be downloaded from http://www.gnu.org/licenses/gpl.html, or obtained by writing to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. License: GPL-2.0+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. License: LGPL-2.1+ This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. . This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . On Debian systems, the full text of the GNU Lesser General Public License version 2.1 can be found in the file `/usr/share/common-licenses/LGPL-2.1'. License: MPL-1.1 MOZILLA PUBLIC LICENSE Version 1.1 . --------------- . 1. Definitions. . 1.0.1. "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. . 1.1. "Contributor" means each entity that creates or contributes to the creation of Modifications. . 1.2. "Contributor Version" means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. . 1.3. "Covered Code" means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. . 1.4. "Electronic Distribution Mechanism" means a mechanism generally accepted in the software development community for the electronic transfer of data. . 1.5. "Executable" means Covered Code in any form other than Source Code. . 1.6. "Initial Developer" means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhibit A. . 1.7. "Larger Work" means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. . 1.8. "License" means this document. . 1.8.1. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. . 1.9. "Modifications" means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. . B. Any new file that contains any part of the Original Code or previous Modifications. . 1.10. "Original Code" means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. . 1.10.1. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. . 1.11. "Source Code" means the preferred form of the Covered Code for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable, or source code differential comparisons against either the Original Code or another well known, available Covered Code of the Contributor's choice. The Source Code can be in a compressed or archival form, provided the appropriate decompression or de-archiving software is widely available for no charge. . 1.12. "You" (or "Your") means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 6.1. For legal entities, "You" includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. . 2. Source Code License. . 2.1. The Initial Developer Grant. The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: (a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, and/or as part of a Larger Work; and . (b) under Patents Claims infringed by the making, using or selling of Original Code, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Code (or portions thereof). . (c) the licenses granted in this Section 2.1(a) and (b) are effective on the date Initial Developer first distributes Original Code under the terms of this License. . (d) Notwithstanding Section 2.1(b) above, no patent license is granted: 1) for code that You delete from the Original Code; 2) separate from the Original Code; or 3) for infringements caused by: i) the modification of the Original Code or ii) the combination of the Original Code with other software or devices. . 2.2. Contributor Grant. Subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license . (a) under intellectual property rights (other than patent or trademark) Licensable by Contributor, to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof) either on an unmodified basis, with other Modifications, as Covered Code and/or as part of a Larger Work; and . (b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions thereof); and 2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of such combination). . (c) the licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date Contributor first makes Commercial Use of the Covered Code. . (d) Notwithstanding Section 2.2(b) above, no patent license is granted: 1) for any code that Contributor has deleted from the Contributor Version; 2) separate from the Contributor Version; 3) for infringements caused by: i) third party modifications of Contributor Version or ii) the combination of Modifications made by that Contributor with other software (except as part of the Contributor Version) or other devices; or 4) under Patent Claims infringed by Covered Code in the absence of Modifications made by that Contributor. . 3. Distribution Obligations. . 3.1. Application of License. The Modifications which You create or to which You contribute are governed by the terms of this License, including without limitation Section 2.2. The Source Code version of Covered Code may be distributed only under the terms of this License or a future version of this License released under Section 6.1, and You must include a copy of this License with every copy of the Source Code You distribute. You may not offer or impose any terms on any Source Code version that alters or restricts the applicable version of this License or the recipients' rights hereunder. However, You may include an additional document offering the additional rights described in Section 3.5. . 3.2. Availability of Source Code. Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone to whom you made an Executable version available; and if made available via Electronic Distribution Mechanism, must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of that particular Modification has been made available to such recipients. You are responsible for ensuring that the Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party. . 3.3. Description of Modifications. You must cause all Covered Code to which You contribute to contain a file documenting the changes You made to create that Covered Code and the date of any change. You must include a prominent statement that the Modification is derived, directly or indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code. . 3.4. Intellectual Property Matters (a) Third Party Claims. If Contributor has knowledge that a license under a third party's intellectual property rights is required to exercise the rights granted by such Contributor under Sections 2.1 or 2.2, Contributor must include a text file with the Source Code distribution titled "LEGAL" which describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact. If Contributor obtains such knowledge after the Modification is made available as described in Section 3.2, Contributor shall promptly modify the LEGAL file in all copies Contributor makes available thereafter and shall take other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to inform those who received the Covered Code that new knowledge has been obtained. . (b) Contributor APIs. If Contributor's Modifications include an application programming interface and Contributor has knowledge of patent licenses which are reasonably necessary to implement that API, Contributor must also include this information in the LEGAL file. . (c) Representations. Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor's Modifications are Contributor's original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License. . 3.5. Required Notices. You must duplicate the notice in Exhibit A in each file of the Source Code. If it is not possible to put such notice in a particular Source Code file due to its structure, then You must include such notice in a location (such as a relevant directory) where a user would be likely to look for such a notice. If You created one or more Modification(s) You may add your name as a Contributor to the notice described in Exhibit A. You must also duplicate this License in any documentation for the Source Code where You describe recipients' rights or ownership rights relating to Covered Code. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Code. However, You may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear than any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. . 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2. The notice must be conspicuously included in any notice in an Executable version, related documentation or collateral in which You describe recipients' rights relating to the Covered Code. You may distribute the Executable version of Covered Code or ownership rights under a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable version does not attempt to limit or alter the recipient's rights in the Source Code version from the rights set forth in this License. If You distribute the Executable version under a different license You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or any Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer. . 3.7. Larger Works. You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Code. . 4. Inability to Comply Due to Statute or Regulation. . If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Code due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in Section 3.4 and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. . 5. Application of this License. . This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. . 6. Versions of the License. . 6.1. New Versions. Netscape Communications Corporation ("Netscape") may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. . 6.2. Effect of New Versions. Once Covered Code has been published under a particular version of the License, You may always continue to use it under the terms of that version. You may also choose to use such Covered Code under the terms of any subsequent version of the License published by Netscape. No one other than Netscape has the right to modify the terms applicable to Covered Code created under this License. . 6.3. Derivative Works. If You create or use a modified version of this License (which you may only do in order to apply it to code which is not already Covered Code governed by this License), You must (a) rename Your license so that the phrases "Mozilla", "MOZILLAPL", "MOZPL", "Netscape", "MPL", "NPL" or any confusingly similar phrase do not appear in your license (except to note that your license differs from this License) and (b) otherwise make it clear that Your version of the license contains terms which differ from the Mozilla Public License and Netscape Public License. (Filling in the name of the Initial Developer, Original Code or Contributor in the notice described in Exhibit A shall not of themselves be deemed to be modifications of this License.) . 7. DISCLAIMER OF WARRANTY. . COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. . 8. TERMINATION. . 8.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. . 8.2. If You initiate litigation by asserting a patent infringement claim (excluding declatory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You file such action is referred to as "Participant") alleging that: . (a) such Participant's Contributor Version directly or indirectly infringes any patent, then any and all rights granted by such Participant to You under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually agreeable reasonable royalty for Your past and future use of Modifications made by such Participant, or (ii) withdraw Your litigation claim with respect to the Contributor Version against such Participant. If within 60 days of notice, a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above. . (b) any software, hardware, or device, other than such Participant's Contributor Version, directly or indirectly infringes any patent, then any rights granted to You by such Participant under Sections 2.1(b) and 2.2(b) are revoked effective as of the date You first made, used, sold, distributed, or had made, Modifications made by that Participant. . 8.3. If You assert a patent infringement claim against Participant alleging that such Participant's Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. . 8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination. . 9. LIMITATION OF LIABILITY. . UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. . 10. U.S. GOVERNMENT END USERS. . The Covered Code is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer software" and "commercial computer software documentation," as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Code with only those rights set forth herein. . 11. MISCELLANEOUS. . This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflict-of-law provisions. With respect to disputes in which at least one party is a citizen of, or an entity chartered or registered to do business in the United States of America, any litigation relating to this License shall be subject to the jurisdiction of the Federal Courts of the Northern District of California, with venue lying in Santa Clara County, California, with the losing party responsible for costs, including without limitation, court costs and reasonable attorneys' fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. . 12. RESPONSIBILITY FOR CLAIMS. . As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. . 13. MULTIPLE-LICENSED CODE. . Initial Developer may designate portions of the Covered Code as "Multiple-Licensed". "Multiple-Licensed" means that the Initial Developer permits you to utilize portions of the Covered Code under Your choice of the NPL or the alternative licenses, if any, specified by the Initial Developer in the file described in Exhibit A. . EXHIBIT A -Mozilla Public License. . ``The contents of this file are subject to the Mozilla Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/MPL/ . Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. . The Original Code is the FreeXL library. . The Initial Developer of the Original Code is Alessandro Furieri. Portions created by the Initial Developer are Copyright (C) 2011 the Initial Developer. All Rights Reserved. . Contributor(s): Brad Hards . . Alternatively, the contents of this file may be used under the terms of either the GNU General Public License Version 2 or later (the "GPL"), or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), in which case the provisions of the GPL or the LGPL are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of either the GPL or the LGPL, and not to allow others to use your version of this file under the terms of the MPL, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the GPL or the LGPL. If you do not delete the provisions above, a recipient may use your version of this file under the terms of any one of the MPL, the GPL or the LGPL. . [NOTE: The text of this Exhibit A may differ slightly from the text of the notices in the Source Code files of the Original Code. You should use the text of this Exhibit A rather than the text found in the Original Code Source Code for Your Modifications.] debian/libfreexl-dev.dirs0000644000000000000000000000002412265326152012601 0ustar usr/lib usr/include debian/watch0000644000000000000000000000040512265326152010222 0ustar version=3 opts=dversionmangle=s/\+(debian|dfsg|ds|deb)\d*$//,uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/ \ http://www.gaia-gis.it/gaia-sins/freexl-sources \ (?:|.*/)freexl(?:[_\-]v?|)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) debian/libfreexl1.symbols0000644000000000000000000000104212265326152012636 0ustar libfreexl.so.1 libfreexl1 #MINVER# freexl_close@Base 0.0.2~beta20110817 freexl_get_FAT_entry@Base 0.0.2~beta20110817 freexl_get_SST_string@Base 0.0.2~beta20110817 freexl_get_active_worksheet@Base 0.0.2~beta20110817 freexl_get_cell_value@Base 0.0.2~beta20110817 freexl_get_info@Base 0.0.2~beta20110817 freexl_get_worksheet_name@Base 0.0.2~beta20110817 freexl_open@Base 0.0.2~beta20110817 freexl_open_info@Base 0.0.2~beta20110817 freexl_select_active_worksheet@Base 0.0.2~beta20110817 freexl_worksheet_dimensions@Base 0.0.2~beta20110817 debian/libfreexl1.dirs0000644000000000000000000000001012265326152012101 0ustar usr/lib debian/libfreexl1-dbg.lintian-overrides0000644000000000000000000000020512265326152015336 0ustar # Changes available only in the upstream VCS: # https://www.gaia-gis.it/fossil/freexl/timeline libfreexl1-dbg: no-upstream-changelog