Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security fix for CVE-2023-7101 #18

Open
wants to merge 1 commit into
base: topic/debian_bullseye_R4.4
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 7 additions & 21 deletions gdata/perl/Spreadsheet/ParseExcel.pm
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ use Config;
use Crypt::RC4;
use Digest::Perl::MD5;

our $VERSION = '0.65';
our $VERSION = '0.66';

use Spreadsheet::ParseExcel::Workbook;
use Spreadsheet::ParseExcel::Worksheet;
Expand Down Expand Up @@ -627,7 +627,7 @@ sub _get_content {

# Reset the error status in case method is called more than once.
$self->{_error_status} = ErrorNone;

my $ref = ref($source);

if ( $ref ) {
Expand Down Expand Up @@ -1428,7 +1428,7 @@ sub _getguid {

# Helper: Extract a counted (16-bit) unicode string, returns string,
# updates $offset
# $zterm == 1 if string is null-terminated.
# $zterm == 1 if string is null-terminated.
# $bc if length is in bytes (not chars)

sub _getustr {
Expand Down Expand Up @@ -1659,13 +1659,8 @@ sub _subXF {
$iFillP, $iFillCF, $iFillCB
);

if ( $oBook->{BIFFVersion} == verBIFF2 ) {
die "Unsupported file format: Excel Version 2.0 (4.0 or later required)";
}
elsif ( $oBook->{BIFFVersion} == verBIFF3 ) {
die "Unsupported file format: Excel Version 3.0 (4.0 or later required)";
}
elsif ( $oBook->{BIFFVersion} == verBIFF4 ) {

if ( $oBook->{BIFFVersion} == verBIFF4 ) {

# Minimal support for Excel 4. We just get the font and format indices
# so that the cell data value can be formatted.
Expand Down Expand Up @@ -3418,8 +3413,6 @@ See the following for more information on Excel encryption: L<http://office.micr

=over

=item * Issues reported by users: L<http://rt.cpan.org/Public/Dist/Display.html?Name=Spreadsheet-ParseExcel>

=item * This module cannot read the values of formulas from files created with Spreadsheet::WriteExcel unless the user specified the values when creating the file (which is generally not the case). The reason for this is that Spreadsheet::WriteExcel writes the formula but not the formula result since it isn't in a position to calculate arbitrary Excel formulas without access to Excel's formula engine.

=item * If Excel has date fields where the specified format is equal to the system-default for the short-date locale, Excel does not store the format, but defaults to an internal format which is system dependent. In these cases ParseExcel uses the date format 'yyyy-mm-dd'.
Expand All @@ -3431,9 +3424,9 @@ See the following for more information on Excel encryption: L<http://office.micr

=head1 REPORTING A BUG

Bugs can be reported via rt.cpan.org. See the following for instructions on bug reporting for Spreadsheet::ParseExcel
Please report bugs on GitHub with a complete, working, sample application and a test xls file.

L<http://rt.cpan.org/Public/Dist/Display.html?Name=Spreadsheet-ParseExcel>
L<https://github.com/jmcnamara/spreadsheet-parseexcel/issues>



Expand Down Expand Up @@ -3465,13 +3458,6 @@ L<http://rt.cpan.org/Public/Dist/Display.html?Name=Spreadsheet-ParseExcel>



=head1 MAILING LIST

There is a Google group for discussing and asking questions about Spreadsheet::ParseExcel. This is a good place to search to see if your question has been asked before: L<http://groups-beta.google.com/group/spreadsheet-parseexcel/>




=head1 DONATIONS

If you'd care to donate to the Spreadsheet::ParseExcel project, you can do so via PayPal: L<http://tinyurl.com/7ayes>
Expand Down
4 changes: 2 additions & 2 deletions gdata/perl/Spreadsheet/ParseExcel/Cell.pm
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ package Spreadsheet::ParseExcel::Cell;
use strict;
use warnings;

our $VERSION = '0.65';
our $VERSION = '0.66';

###############################################################################
#
Expand Down Expand Up @@ -160,7 +160,7 @@ sub get_hyperlink {
return undef;
}

#
#
###############################################################################
#
# Mapping between legacy method names and new names.
Expand Down
2 changes: 1 addition & 1 deletion gdata/perl/Spreadsheet/ParseExcel/Dump.pm
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ package Spreadsheet::ParseExcel::Dump;
use strict;
use warnings;

our $VERSION = '0.65';
our $VERSION = '0.66';

my %NameTbl = (

Expand Down
6 changes: 1 addition & 5 deletions gdata/perl/Spreadsheet/ParseExcel/FmtDefault.pm
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ use strict;
use warnings;

use Spreadsheet::ParseExcel::Utility qw(ExcelFmt);
our $VERSION = '0.65';
our $VERSION = '0.66';

my %hFmtDefault = (
0x00 => 'General',
Expand Down Expand Up @@ -102,19 +102,15 @@ sub FmtStringDef {
sub FmtString {
my ( $oThis, $oCell, $oBook ) = @_;

no warnings;
my $sFmtStr =
$oThis->FmtStringDef( $oBook->{Format}[ $oCell->{FormatNo} ]->{FmtIdx},
$oBook );
use warnings;

# Special case for cells that use Lotus123 style leading
# apostrophe to designate text formatting.
no warnings;
if ( $oBook->{Format}[ $oCell->{FormatNo} ]->{Key123} ) {
$sFmtStr = '@';
}
use warnings;

unless ( defined($sFmtStr) ) {
if ( $oCell->{Type} eq 'Numeric' ) {
Expand Down
2 changes: 1 addition & 1 deletion gdata/perl/Spreadsheet/ParseExcel/FmtJapan.pm
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ use warnings;

use Encode qw(find_encoding decode);
use base 'Spreadsheet::ParseExcel::FmtDefault';
our $VERSION = '0.65';
our $VERSION = '0.66';

my %FormatTable = (
0x00 => 'General',
Expand Down
2 changes: 1 addition & 1 deletion gdata/perl/Spreadsheet/ParseExcel/FmtJapan2.pm
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ use warnings;
use Jcode;
use Unicode::Map;
use base 'Spreadsheet::ParseExcel::FmtJapan';
our $VERSION = '0.65';
our $VERSION = '0.66';

#------------------------------------------------------------------------------
# new (for Spreadsheet::ParseExcel::FmtJapan2)
Expand Down
2 changes: 1 addition & 1 deletion gdata/perl/Spreadsheet/ParseExcel/FmtUnicode.pm
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ use warnings;
use Unicode::Map;
use base 'Spreadsheet::ParseExcel::FmtDefault';

our $VERSION = '0.65';
our $VERSION = '0.66';

#------------------------------------------------------------------------------
# new (for Spreadsheet::ParseExcel::FmtUnicode)
Expand Down
2 changes: 1 addition & 1 deletion gdata/perl/Spreadsheet/ParseExcel/Font.pm
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ package Spreadsheet::ParseExcel::Font;
use strict;
use warnings;

our $VERSION = '0.65';
our $VERSION = '0.66';

sub new {
my ( $class, %rhIni ) = @_;
Expand Down
2 changes: 1 addition & 1 deletion gdata/perl/Spreadsheet/ParseExcel/Format.pm
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ package Spreadsheet::ParseExcel::Format;
use strict;
use warnings;

our $VERSION = '0.65';
our $VERSION = '0.66';

sub new {
my ( $class, %rhIni ) = @_;
Expand Down
2 changes: 1 addition & 1 deletion gdata/perl/Spreadsheet/ParseExcel/SaveParser.pm
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ use Spreadsheet::ParseExcel::SaveParser::Worksheet;
use Spreadsheet::WriteExcel;
use base 'Spreadsheet::ParseExcel';

our $VERSION = '0.65';
our $VERSION = '0.66';

###############################################################################
#
Expand Down
6 changes: 3 additions & 3 deletions gdata/perl/Spreadsheet/ParseExcel/SaveParser/Workbook.pm
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ use strict;
use warnings;

use base 'Spreadsheet::ParseExcel::Workbook';
our $VERSION = '0.65';
our $VERSION = '0.66';

#==============================================================================
# Spreadsheet::ParseExcel::SaveParser::Workbook
Expand Down Expand Up @@ -255,15 +255,15 @@ sub SaveAs {
}
}
}

my $merged_areas = $oWkS->get_merged_areas();
my $merged_areas_h = {};
if ($merged_areas) {
foreach my $range (@$merged_areas) {
$merged_areas_h->{$range->[0]}{$range->[1]} = $range;
}
}

for (
my $iR = $oWkS->{MinRow} ;
defined $oWkS->{MaxRow} && $iR <= $oWkS->{MaxRow} ;
Expand Down
4 changes: 2 additions & 2 deletions gdata/perl/Spreadsheet/ParseExcel/SaveParser/Worksheet.pm
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ use warnings;
#==============================================================================

use base 'Spreadsheet::ParseExcel::Worksheet';
our $VERSION = '0.65';
our $VERSION = '0.66';

sub new {
my ( $sClass, %rhIni ) = @_;
Expand All @@ -36,7 +36,7 @@ sub new {
#------------------------------------------------------------------------------
sub AddCell {
my ( $oSelf, $iR, $iC, $sVal, $oCell, $sCode ) = @_;

$oSelf->{_Book}
->AddCell( $oSelf->{_SheetNo}, $iR, $iC, $sVal, $oCell, $sCode );
}
Expand Down
33 changes: 23 additions & 10 deletions gdata/perl/Spreadsheet/ParseExcel/Utility.pm
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ use vars qw(@ISA @EXPORT_OK);
@EXPORT_OK = qw(ExcelFmt LocaltimeExcel ExcelLocaltime
col2int int2col sheetRef xls2csv);

our $VERSION = '0.65';
our $VERSION = '0.66';

my $qrNUMBER = qr/(^[+-]?\d+(\.\d+)?$)|(^[+-]?\d+\.?(\d*)[eE][+-](\d+))$/;

Expand Down Expand Up @@ -78,10 +78,12 @@ sub ExcelFmt {
$format_str = '@' if uc($format_str) eq "GENERAL";

# Check for a conditional at the start of the format. See notes above.
my $conditional;
if ( $format_str =~ /^\[([<>=][^\]]+)\](.*)$/ ) {
$conditional = $1;
$format_str = $2;
my $conditional_op;
my $conditional_value;
if ( $format_str =~ /^\[([<>=]+)([^\]]+)\](.*)$/ ) {
$conditional_op = $1;
$conditional_value = $2;
$format_str = $3;
}

# Ignore the underscore token which is used to indicate a padding space.
Expand Down Expand Up @@ -166,12 +168,23 @@ sub ExcelFmt {
}

# Override the previous choice if the format is conditional.
if ($conditional) {

# TODO. Replace string eval with a function.
$section = eval "$number $conditional" ? 0 : 1;
if ($conditional_op) {
if ($conditional_op eq '>') {
$section = $number > $conditional_value ? 0 : 1;
} elsif ($conditional_op eq '>=') {
$section = $number >= $conditional_value ? 0 : 1;
} elsif ($conditional_op eq '<') {
$section = $number < $conditional_value ? 0 : 1;
} elsif ($conditional_op eq '<=') {
$section = $number <= $conditional_value ? 0 : 1;
} elsif ($conditional_op eq '=') {
$section = $number == $conditional_value ? 0 : 1;
} elsif ($conditional_op eq '==') {
$section = $number == $conditional_value ? 0 : 1;
} elsif ($conditional_op eq '<>') {
$section = $number != $conditional_value ? 0 : 1;
}
}

# We now have the required format.
$format = $formats[$section];

Expand Down
2 changes: 1 addition & 1 deletion gdata/perl/Spreadsheet/ParseExcel/Workbook.pm
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ package Spreadsheet::ParseExcel::Workbook;
use strict;
use warnings;

our $VERSION = '0.65';
our $VERSION = '0.66';

###############################################################################
#
Expand Down
2 changes: 1 addition & 1 deletion gdata/perl/Spreadsheet/ParseExcel/Worksheet.pm
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ use strict;
use warnings;
use Scalar::Util qw(weaken);

our $VERSION = '0.65';
our $VERSION = '0.66';

###############################################################################
#
Expand Down