Resolves: rhbz#2182392 CVE-2022-38745

2023-04-12 11:28:28 +01:00 · 2023-04-12 11:28:28 +01:00 · 9eafa5ab4b
commit 9eafa5ab4b
parent a8b644f1f3
2 changed files with 98 additions and 1 deletions
--- a/0001-CVE-2022-38745.patch
+++ b/0001-CVE-2022-38745.patch
@ -0,0 +1,93 @@
+From dbf825c25195e29a00228f31112c5aaa2102f692 Mon Sep 17 00:00:00 2001
+From: Stephan Bergmann <sbergman@redhat.com>
+Date: Mon, 21 Feb 2022 11:55:21 +0100
+Subject: [PATCH] Avoid unnecessary empty -Djava.class.path=
+
+Change-Id: Idcfe7321077b60381c0273910b1faeb444ef1fd8
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130242
+Tested-by: Jenkins
+Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
+---
+ .../plugins/sunmajor/pluginlib/sunjavaplugin.cxx | 16 +++++++++++++---
+ jvmfwk/source/framework.cxx                      |  8 ++++++--
+ jvmfwk/source/fwkbase.cxx                        |  3 +++
+ 3 files changed, 22 insertions(+), 5 deletions(-)
+
+diff --git a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx
+index f47b0a3..843f6d1 100644
+--- a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx
+++ b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx
+@@ -713,17 +713,22 @@ javaPluginError jfw_plugin_startJavaVirtualMachine(
+     // all versions below 1.5.1
+     options.emplace_back("abort", reinterpret_cast<void*>(abort_handler));
+     bool hasStackSize = false;
+#ifdef UNX
+    // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2)
+    // in the class path in order to have applet support:
+    OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion);
+#endif
+     for (int i = 0; i < cOptions; i++)
+     {
+         OString opt(arOptions[i].optionString);
+ #ifdef UNX
+-        // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2)
+-        // in the class path in order to have applet support:
+         if (opt.startsWith("-Djava.class.path="))
+         {
+-            OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion);
+             if (!sAddPath.isEmpty())
+            {
+                 opt += OStringChar(SAL_PATHSEPARATOR) + sAddPath;
+                sAddPath.clear();
+            }
+         }
+ #endif
+         if (opt == "-Xint") {
+@@ -768,6 +773,11 @@ javaPluginError jfw_plugin_startJavaVirtualMachine(
+         }
+ #endif
+     }
+#ifdef UNX
+    if (!sAddPath.isEmpty()) {
+        options.emplace_back("-Djava.class.path=" + sAddPath, nullptr);
+    }
+#endif
+ 
+     std::unique_ptr<JavaVMOption[]> sarOptions(new JavaVMOption[options.size()]);
+     for (std::vector<Option>::size_type i = 0; i != options.size(); ++i) {
+diff --git a/jvmfwk/source/framework.cxx b/jvmfwk/source/framework.cxx
+index 5a7cef4..478b42b 100644
+--- a/jvmfwk/source/framework.cxx
+++ b/jvmfwk/source/framework.cxx
+@@ -189,8 +189,12 @@ javaFrameworkError jfw_startVM(
+                 //In direct mode the options are specified by bootstrap variables
+                 //of the form UNO_JAVA_JFW_PARAMETER_1 .. UNO_JAVA_JFW_PARAMETER_n
+                 vmParams = jfw::BootParams::getVMParameters();
+-                sUserClassPath =
+-                    "-Djava.class.path=" + jfw::BootParams::getClasspath();
+                auto const cp = jfw::BootParams::getClasspath();
+                if (!cp.isEmpty())
+                {
+                    sUserClassPath =
+                        "-Djava.class.path=" + cp;
+                }
+             }
+             else
+                 OSL_ASSERT(false);
+diff --git a/jvmfwk/source/fwkbase.cxx b/jvmfwk/source/fwkbase.cxx
+index df84d7c..de1acdb 100644
+--- a/jvmfwk/source/fwkbase.cxx
+++ b/jvmfwk/source/fwkbase.cxx
+@@ -458,6 +458,9 @@ OString makeClassPathOption(OUString const & sUserClassPath)
+ 
+     sPaths = OUStringToOString(
+         sBufCP.makeStringAndClear(), osl_getThreadTextEncoding());
+    if (sPaths.isEmpty()) {
+        return "";
+    }
+ 
+     OString sOptionClassPath = "-Djava.class.path=" + sPaths;
+     return sOptionClassPath;
+-- 
+2.39.2
+
--- a/libreoffice.spec
+++ b/libreoffice.spec
@ -57,7 +57,7 @@ Summary:        Free Software Productivity Suite
 Name:           libreoffice
 Epoch:          1
 Version:        %{libo_version}.1
-Release:        8%{?libo_prerelease}%{?dist}
+Release:        9%{?libo_prerelease}%{?dist}
 License:        (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
 URL:            http://www.libreoffice.org/

@ -279,6 +279,7 @@ Patch23: 0002-CVE-2022-26307-make-hash-encoding-match-decoding.patch
 Patch24: 0003-CVE-2022-26306-add-Initialization-Vectors-to-passwor.patch
 Patch25: 0004-CVE-2022-2630-6-7-add-infobar-to-prompt-to-refresh-t.patch
 Patch26: 0005-CVE-2022-3140-Filter-out-unwanted-command-URIs.patch
+Patch27: 0001-CVE-2022-38745.patch

 # not upstreamed
 Patch500: 0001-disable-libe-book-support.patch
@ -2275,6 +2276,9 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
 %{_includedir}/LibreOfficeKit

 %changelog
+* Wed Apr 12 2023 Caolán McNamara <caolanm@redhat.com> - 1:7.1.8.1-9
+- Resolves: rhbz#2182392 CVE-2022-38745
+
 * Thu Oct 20 2022 Caolán McNamara <caolanm@redhat.com> - 1:7.1.8.1-8
 - Resolves: rhbz#2134759 Untrusted Macros
 - Resolves: rhbz#2134757 Weak Master Keys