From c7436817a848728672a645af221807070f913e5e Mon Sep 17 00:00:00 2001
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Jul 07 2015 13:36:32 +0000
Subject: Update to version 3.12


CVE was fixed in 3.11-beta3.

---

diff --git a/.gitignore b/.gitignore
index 6a81a21..3464040 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,10 @@
 /poi-ooxml-3.10.1.pom
 /poi-ooxml-schemas-3.10.1.pom
 /poi-scratchpad-3.10.1.pom
+/poi-3.12.pom
+/poi-examples-3.12.pom
+/poi-excelant-3.12.pom
+/poi-ooxml-3.12.pom
+/poi-ooxml-schemas-3.12.pom
+/poi-scratchpad-3.12.pom
+/poi-src-3.12-20150511.tar.gz
diff --git a/apache-poi-CVE-2014-9527.patch b/apache-poi-CVE-2014-9527.patch
deleted file mode 100644
index a4ef6d6..0000000
--- a/apache-poi-CVE-2014-9527.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-diff -Nru poi-3.10.1/src/scratchpad/src/org/apache/poi/hslf/HSLFSlideShow.java poi-3.10.1.CVE-2014-9527/src/scratchpad/src/org/apache/poi/hslf/HSLFSlideShow.java
---- poi-3.10.1/src/scratchpad/src/org/apache/poi/hslf/HSLFSlideShow.java	2014-08-13 16:05:33.000000000 +0200
-+++ poi-3.10.1.CVE-2014-9527/src/scratchpad/src/org/apache/poi/hslf/HSLFSlideShow.java	2015-02-14 16:11:13.481868934 +0100
-@@ -20,16 +20,16 @@
- import java.io.ByteArrayInputStream;
- import java.io.ByteArrayOutputStream;
- import java.io.FileInputStream;
--import java.io.FileNotFoundException;
- import java.io.IOException;
- import java.io.InputStream;
- import java.io.OutputStream;
- import java.util.ArrayList;
--import java.util.Arrays;
- import java.util.HashMap;
- import java.util.Hashtable;
- import java.util.List;
- import java.util.Map;
-+import java.util.NavigableMap;
-+import java.util.TreeMap;
- 
- import org.apache.poi.POIDocument;
- import org.apache.poi.hslf.exceptions.CorruptPowerPointFileException;
-@@ -81,7 +81,7 @@
- 
-     // Embedded objects stored in storage records in the document stream, lazily populated.
-     private ObjectData[] _objects;
--
-+    
-     /**
- 	 * Returns the underlying POIFSFileSystem for the document
- 	 *  that is open.
-@@ -195,6 +195,9 @@
- 		// Look for any other streams
- 		readOtherStreams();
- 	}
-+	
-+	
-+	
- 	/**
- 	 * Constructs a new, empty, Powerpoint document.
- 	 */
-@@ -269,41 +272,67 @@
-         _records = read(_docstream, (int)currentUser.getCurrentEditOffset());
- 	}
- 
--    private Record[] read(byte[] docstream, int usrOffset){
--        ArrayList<Integer> lst = new ArrayList<Integer>();
--        HashMap<Integer,Integer> offset2id = new HashMap<Integer,Integer>();
-+	private Record[] read(byte[] docstream, int usrOffset){
-+        //sort found records by offset.
-+        //(it is not necessary but SlideShow.findMostRecentCoreRecords() expects them sorted)
-+	    NavigableMap<Integer,Record> records = new TreeMap<Integer,Record>(); // offset -> record
-+        Map<Integer,Integer> persistIds = new HashMap<Integer,Integer>(); // offset -> persistId
-+        initRecordOffsets(docstream, usrOffset, records, persistIds);
-+        
-+        for (Map.Entry<Integer,Record> entry : records.entrySet()) {
-+            Integer offset = entry.getKey();
-+            Record record = entry.getValue();
-+            Integer persistId = persistIds.get(offset);
-+            if (record == null) {
-+                // all plain records have been already added,
-+                // only new records need to be decrypted (tbd #35897)
-+                record = Record.buildRecordAtOffset(docstream, offset);
-+                entry.setValue(record);
-+            }
-+            
-+            if (record instanceof PersistRecord) {
-+                ((PersistRecord)record).setPersistId(persistId);
-+            }            
-+        }
-+        
-+        return records.values().toArray(new Record[records.size()]);
-+    }
-+
-+    private void initRecordOffsets(byte[] docstream, int usrOffset, NavigableMap<Integer,Record> recordMap, Map<Integer,Integer> offset2id) {
-         while (usrOffset != 0){
-             UserEditAtom usr = (UserEditAtom) Record.buildRecordAtOffset(docstream, usrOffset);
--            lst.add(usrOffset);
-+            recordMap.put(usrOffset, usr);
-+            
-             int psrOffset = usr.getPersistPointersOffset();
--
-             PersistPtrHolder ptr = (PersistPtrHolder)Record.buildRecordAtOffset(docstream, psrOffset);
--            lst.add(psrOffset);
--            Hashtable<Integer,Integer> entries = ptr.getSlideLocationsLookup();
--            for(Integer id : entries.keySet()) {
--                Integer offset = entries.get(id);
--                lst.add(offset);
-+            recordMap.put(psrOffset, ptr);
-+            
-+            for(Map.Entry<Integer,Integer> entry : ptr.getSlideLocationsLookup().entrySet()) {
-+                Integer offset = entry.getValue();
-+                Integer id = entry.getKey();
-+                recordMap.put(offset, null); // reserve a slot for the record
-                 offset2id.put(offset, id);
-             }
--
-+            
-             usrOffset = usr.getLastUserEditAtomOffset();
--        }
--        //sort found records by offset.
--        //(it is not necessary but SlideShow.findMostRecentCoreRecords() expects them sorted)
--        Integer a[] = lst.toArray(new Integer[lst.size()]);
--        Arrays.sort(a);
--        Record[] rec = new Record[lst.size()];
--        for (int i = 0; i < a.length; i++) {
--            Integer offset = a[i];
--            rec[i] = Record.buildRecordAtOffset(docstream, offset.intValue());
--            if(rec[i] instanceof PersistRecord) {
--                PersistRecord psr = (PersistRecord)rec[i];
--                Integer id = offset2id.get(offset);
--                psr.setPersistId(id.intValue());
--            }
--        }
- 
--        return rec;
-+            // check for corrupted user edit atom and try to repair it
-+            // if the next user edit atom offset is already known, we would go into an endless loop
-+            if (usrOffset > 0 && recordMap.containsKey(usrOffset)) {
-+                // a user edit atom is usually located 36 byte before the smallest known record offset 
-+                usrOffset = recordMap.firstKey()-36;
-+                // check that we really are located on a user edit atom
-+                int ver_inst = LittleEndian.getUShort(docstream, usrOffset);
-+                int type = LittleEndian.getUShort(docstream, usrOffset+2);
-+                int len = LittleEndian.getInt(docstream, usrOffset+4);
-+                if (ver_inst == 0 && type == 4085 && (len == 0x1C || len == 0x20)) {
-+                    logger.log(POILogger.WARN, "Repairing invalid user edit atom");
-+                    usr.setLastUserEditAtomOffset(usrOffset);
-+                } else {
-+                    throw new CorruptPowerPointFileException("Powerpoint document contains invalid user edit atom");
-+                }
-+            }
-+        }       
-     }
- 
- 	/**
-@@ -324,34 +353,30 @@
- 	private void readOtherStreams() {
- 		// Currently, there aren't any
- 	}
--
- 	/**
- 	 * Find and read in pictures contained in this presentation.
- 	 * This is lazily called as and when we want to touch pictures.
- 	 */
-+    @SuppressWarnings("unused")
- 	private void readPictures() throws IOException {
-         _pictures = new ArrayList<PictureData>();
- 
--		byte[] pictstream;
--
--		try {
--			DocumentEntry entry = (DocumentEntry)directory.getEntry("Pictures");
--			pictstream = new byte[entry.getSize()];
--			DocumentInputStream is = directory.createDocumentInputStream("Pictures");
--			is.read(pictstream);
--		} catch (FileNotFoundException e){
--			// Silently catch exceptions if the presentation doesn't
--			//  contain pictures - will use a null set instead
--			return;
--		}
-+        // if the presentation doesn't contain pictures - will use a null set instead
-+        if (!directory.hasEntry("Pictures")) return;
-+        
-+		DocumentEntry entry = (DocumentEntry)directory.getEntry("Pictures");
-+		byte[] pictstream = new byte[entry.getSize()];
-+		DocumentInputStream is = directory.createDocumentInputStream(entry);
-+		is.read(pictstream);
-+		is.close();
- 
-+		
-         int pos = 0;
- 		// An empty picture record (length 0) will take up 8 bytes
-         while (pos <= (pictstream.length-8)) {
-             int offset = pos;
--
-+            
-             // Image signature
--            @SuppressWarnings("unused")
-             int signature = LittleEndian.getUShort(pictstream, pos);
-             pos += LittleEndian.SHORT_SIZE;
-             // Image type + 0xF018
diff --git a/apache-poi-build.patch b/apache-poi-build.patch
index d625c4e..03ed004 100644
--- a/apache-poi-build.patch
+++ b/apache-poi-build.patch
@@ -1,12 +1,13 @@
-diff -up poi-3.10.1/build.xml.build poi-3.10.1/build.xml
---- poi-3.10.1/build.xml.build	2014-09-04 08:32:13.413603042 -0600
-+++ poi-3.10.1/build.xml	2014-09-04 08:39:47.515564322 -0600
-@@ -285,7 +285,7 @@ under the License.
- 
-     <path id="lib.jacoco">
-         <fileset dir="lib">
--            <include name="org.jacoco*.jar" />
-+            <include name="jacoco*.jar" />
-             <include name="asm-all-4*.jar" />
-         </fileset>
-     </path>
+diff --git poi-3.12/build.xml~ poi-3.12/build.xml
+index 68ec2f0d9b..30525e213a 100644
+--- poi-3.12/build.xml~
++++ poi-3.12/build.xml
+@@ -342,7 +342,7 @@ under the License.
+ 
+     <path id="lib.jacoco">
+         <fileset dir="lib">
+-            <include name="org.jacoco*.jar" />
++            <include name="jacoco*.jar" />
+             <include name="asm-all-*.jar" />
+         </fileset>
+     </path>
diff --git a/apache-poi-compile-xsds.patch b/apache-poi-compile-xsds.patch
index 5a82d10..e3d8833 100644
--- a/apache-poi-compile-xsds.patch
+++ b/apache-poi-compile-xsds.patch
@@ -1,24 +1,26 @@
-diff -up poi-3.10-FINAL/build.xml.compile-xsds poi-3.10-FINAL/build.xml
---- poi-3.10-FINAL/build.xml.compile-xsds	2014-02-24 11:35:56.338955560 -0700
-+++ poi-3.10-FINAL/build.xml	2014-02-24 11:38:39.337139830 -0700
-@@ -454,16 +454,14 @@ under the License.
-     </target>
-     <target name="check-compiled-ooxml-xsds" depends="fetch-ooxml-xsds">
-         <condition property="ooxml-compiled-xsds.present">
--            <or>
-+            <and>
-                 <available file="${ooxml.xsds.jar}"/>
--                <isset property="disconnected"/>
--            </or>
-+            </and>
-         </condition>
-         <condition property="ooxml-compiled-encryption-xsds.present">
--            <or>
-+            <and>
-                 <available file="${ooxml.encryption.jar}"/>
--                <isset property="disconnected"/>
--            </or>
-+            </and>
-         </condition>
-     </target>
-     <target name="compile-ooxml-xsds" unless="ooxml-compiled-xsds.present"
+diff --git poi-3.12/build.xml~ poi-3.12/build.xml
+index 710e7caba0..68ec2f0d9b 100644
+--- poi-3.12/build.xml~
++++ poi-3.12/build.xml
+@@ -579,15 +579,12 @@ under the License.
+     </target>
+     <target name="check-compiled-ooxml-xsds" depends="fetch-ooxml-xsds">
+         <condition property="ooxml-compiled-xsds.present">
+-            <or>
+-            	<and>
+-                    <available file="${ooxml.xsds.jar}"/>
+-                    <available file="${ooxml.security.jar}"/>
+-                    <available file="${ooxml.xsds.src.jar}"/>
+-                    <available file="${ooxml.security.src.jar}"/>
+-            	</and>
+-                <isset property="disconnected"/>
+-            </or>
++            <and>
++                <available file="${ooxml.xsds.jar}"/>
++                <available file="${ooxml.security.jar}"/>
++                <available file="${ooxml.xsds.src.jar}"/>
++                <available file="${ooxml.security.src.jar}"/>
++            </and>
+         </condition>
+     </target>
+     <target name="compile-ooxml-xsds" unless="ooxml-compiled-xsds.present"
diff --git a/apache-poi.spec b/apache-poi.spec
index 06ad186..70c1ce5 100644
--- a/apache-poi.spec
+++ b/apache-poi.spec
@@ -1,9 +1,9 @@
-%global reldate 20140818
+%global reldate 20150511
 %global rcver %{nil}
 
 Name:           apache-poi
-Version:        3.10.1
-Release:        3%{?dist}
+Version:        3.12
+Release:        1%{?dist}
 Summary:        The Java API for Microsoft Documents
 License:        ASL 2.0
 URL:            http://poi.apache.org/
@@ -19,7 +19,6 @@ Source7:        http://repo2.maven.org/maven2/org/apache/poi/poi-scratchpad/%{ve
 #Force compile of xsds if disconnected
 Patch1:         %{name}-compile-xsds.patch
 Patch2:         %{name}-build.patch
-Patch3:         %{name}-CVE-2014-9527.patch
 
 BuildArch:      noarch
 
@@ -90,7 +89,6 @@ The manual for %{name}.
 %setup -q -n poi-%{version}%{?rcver}
 %patch1 -p1 -b .compile-xsds
 %patch2 -p1 -b .build
-%patch3 -p1 -b .CVE-2014-9527
 find -name '*.class' -delete
 find -name '*.jar' -delete
 mkdir lib ooxml-lib
@@ -169,6 +167,9 @@ ant -propertyfile build.properties test || :
 %license LICENSE NOTICE
 
 %changelog
+* Tue Jul  7 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@laptop> - 3.12-1
+- Update to latest version
+
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.10.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 
diff --git a/sources b/sources
index 62a8baa..781ae28 100644
--- a/sources
+++ b/sources
@@ -1,8 +1,8 @@
 abe6bb6e7799e854934b3c634e8bcf7b  Office%20Open%20XML%201st%20edition%20Part%204%20(PDF).zip
-4f93305b4d8b9b78fca93fd732c57dfe  poi-src-3.10.1-20140818.tar.gz
-9627791c9a3134db316e9b98fd6eea37  poi-3.10.1.pom
-143fe8ec48be4cc644f16fe835160a55  poi-examples-3.10.1.pom
-1c44f0b80dfd119f17bf0c19b2b50e7c  poi-excelant-3.10.1.pom
-4341d272a9cefffa2f820d2890d35f82  poi-ooxml-3.10.1.pom
-6b3fdb9bc2f2493ac8921ed7e83d4295  poi-ooxml-schemas-3.10.1.pom
-5fd5194a1ea65f0eb4fefbd5d0fd15fb  poi-scratchpad-3.10.1.pom
+922d7bcca3f3039ead44d5e45388af7e  poi-3.12.pom
+8914925b076cbd0152ac1601ae1d1284  poi-examples-3.12.pom
+6fed2dd1150e923a419fda4156c07494  poi-excelant-3.12.pom
+73961fb840e82b53e5de5555e295f75c  poi-ooxml-3.12.pom
+9ea8578553b162731b8256c141d99d66  poi-ooxml-schemas-3.12.pom
+5b734a82a2d4d577b342313560f46ccd  poi-scratchpad-3.12.pom
+c76d87bf973818b7a3f3f584fec4cda2  poi-src-3.12-20150511.tar.gz