From 9eafa5ab4b9cfc73ce775f29f3e44deacaad8917 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= Date: Wed, 12 Apr 2023 11:28:28 +0100 Subject: [PATCH] Resolves: rhbz#2182392 CVE-2022-38745 --- 0001-CVE-2022-38745.patch | 93 +++++++++++++++++++++++++++++++++++++++ libreoffice.spec | 6 ++- 2 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 0001-CVE-2022-38745.patch diff --git a/0001-CVE-2022-38745.patch b/0001-CVE-2022-38745.patch new file mode 100644 index 0000000..01dde2d --- /dev/null +++ b/0001-CVE-2022-38745.patch @@ -0,0 +1,93 @@ +From dbf825c25195e29a00228f31112c5aaa2102f692 Mon Sep 17 00:00:00 2001 +From: Stephan Bergmann +Date: Mon, 21 Feb 2022 11:55:21 +0100 +Subject: [PATCH] Avoid unnecessary empty -Djava.class.path= + +Change-Id: Idcfe7321077b60381c0273910b1faeb444ef1fd8 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130242 +Tested-by: Jenkins +Reviewed-by: Stephan Bergmann +--- + .../plugins/sunmajor/pluginlib/sunjavaplugin.cxx | 16 +++++++++++++--- + jvmfwk/source/framework.cxx | 8 ++++++-- + jvmfwk/source/fwkbase.cxx | 3 +++ + 3 files changed, 22 insertions(+), 5 deletions(-) + +diff --git a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx +index f47b0a3..843f6d1 100644 +--- a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx ++++ b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx +@@ -713,17 +713,22 @@ javaPluginError jfw_plugin_startJavaVirtualMachine( + // all versions below 1.5.1 + options.emplace_back("abort", reinterpret_cast(abort_handler)); + bool hasStackSize = false; ++#ifdef UNX ++ // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2) ++ // in the class path in order to have applet support: ++ OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion); ++#endif + for (int i = 0; i < cOptions; i++) + { + OString opt(arOptions[i].optionString); + #ifdef UNX +- // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2) +- // in the class path in order to have applet support: + if (opt.startsWith("-Djava.class.path=")) + { +- OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion); + if (!sAddPath.isEmpty()) ++ { + opt += OStringChar(SAL_PATHSEPARATOR) + sAddPath; ++ sAddPath.clear(); ++ } + } + #endif + if (opt == "-Xint") { +@@ -768,6 +773,11 @@ javaPluginError jfw_plugin_startJavaVirtualMachine( + } + #endif + } ++#ifdef UNX ++ if (!sAddPath.isEmpty()) { ++ options.emplace_back("-Djava.class.path=" + sAddPath, nullptr); ++ } ++#endif + + std::unique_ptr sarOptions(new JavaVMOption[options.size()]); + for (std::vector