Resolves: rhbz#2182392 CVE-2022-38745

2023-04-12 11:28:28 +01:00 · 2023-04-12 11:28:28 +01:00 · 9eafa5ab4b
commit 9eafa5ab4b
parent a8b644f1f3
2 changed files with 98 additions and 1 deletions
--- a/0001-CVE-2022-38745.patch
+++ b/0001-CVE-2022-38745.patch
@ -0,0 +1,93 @@
 From dbf825c25195e29a00228f31112c5aaa2102f692 Mon Sep 17 00:00:00 2001
 From: Stephan Bergmann <sbergman@redhat.com>
 Date: Mon, 21 Feb 2022 11:55:21 +0100
 Subject: [PATCH] Avoid unnecessary empty -Djava.class.path=
 Change-Id: Idcfe7321077b60381c0273910b1faeb444ef1fd8
 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130242
 Tested-by: Jenkins
 Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
 ---
 .../plugins/sunmajor/pluginlib/sunjavaplugin.cxx | 16 +++++++++++++---
 jvmfwk/source/framework.cxx                      |  8 ++++++--
 jvmfwk/source/fwkbase.cxx                        |  3 +++
 3 files changed, 22 insertions(+), 5 deletions(-)
 diff --git a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx
 index f47b0a3..843f6d1 100644
 --- a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx
 +++ b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx
@@ -713,17 +713,22 @@ javaPluginError jfw_plugin_startJavaVirtualMachine(
     // all versions below 1.5.1
     options.emplace_back("abort", reinterpret_cast<void*>(abort_handler));
     bool hasStackSize = false;
 +#ifdef UNX
 +    // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2)
 +    // in the class path in order to have applet support:
 +    OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion);
 +#endif
     for (int i = 0; i < cOptions; i++)
     {
         OString opt(arOptions[i].optionString);
 #ifdef UNX
 -        // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2)
 -        // in the class path in order to have applet support:
         if (opt.startsWith("-Djava.class.path="))
         {
 -            OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion);
             if (!sAddPath.isEmpty())
 +            {
                 opt += OStringChar(SAL_PATHSEPARATOR) + sAddPath;
 +                sAddPath.clear();
 +            }
         }
 #endif
         if (opt == "-Xint") {
@@ -768,6 +773,11 @@ javaPluginError jfw_plugin_startJavaVirtualMachine(
         }
 #endif
     }
 +#ifdef UNX
 +    if (!sAddPath.isEmpty()) {
 +        options.emplace_back("-Djava.class.path=" + sAddPath, nullptr);
 +    }
 +#endif
     std::unique_ptr<JavaVMOption[]> sarOptions(new JavaVMOption[options.size()]);
     for (std::vector<Option>::size_type i = 0; i != options.size(); ++i) {
 diff --git a/jvmfwk/source/framework.cxx b/jvmfwk/source/framework.cxx
 index 5a7cef4..478b42b 100644
 --- a/jvmfwk/source/framework.cxx
 +++ b/jvmfwk/source/framework.cxx
@@ -189,8 +189,12 @@ javaFrameworkError jfw_startVM(
                 //In direct mode the options are specified by bootstrap variables
                 //of the form UNO_JAVA_JFW_PARAMETER_1 .. UNO_JAVA_JFW_PARAMETER_n
                 vmParams = jfw::BootParams::getVMParameters();
 -                sUserClassPath =
 -                    "-Djava.class.path=" + jfw::BootParams::getClasspath();
 +                auto const cp = jfw::BootParams::getClasspath();
 +                if (!cp.isEmpty())
 +                {
 +                    sUserClassPath =
 +                        "-Djava.class.path=" + cp;
 +                }
             }
             else
                 OSL_ASSERT(false);
 diff --git a/jvmfwk/source/fwkbase.cxx b/jvmfwk/source/fwkbase.cxx
 index df84d7c..de1acdb 100644
 --- a/jvmfwk/source/fwkbase.cxx
 +++ b/jvmfwk/source/fwkbase.cxx
@@ -458,6 +458,9 @@ OString makeClassPathOption(OUString const & sUserClassPath)
     sPaths = OUStringToOString(
         sBufCP.makeStringAndClear(), osl_getThreadTextEncoding());
 +    if (sPaths.isEmpty()) {
 +        return "";
 +    }
     OString sOptionClassPath = "-Djava.class.path=" + sPaths;
     return sOptionClassPath;
 -- 
 2.39.2
--- a/libreoffice.spec
+++ b/libreoffice.spec
@ -57,7 +57,7 @@ Summary:        Free Software Productivity Suite
 Name:           libreoffice
 Epoch:          1
 Version:        %{libo_version}.1
-Release:        8%{?libo_prerelease}%{?dist}
+Release:        9%{?libo_prerelease}%{?dist}
 License:        (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
 URL:            http://www.libreoffice.org/
@ -279,6 +279,7 @@ Patch23: 0002-CVE-2022-26307-make-hash-encoding-match-decoding.patch
 Patch24: 0003-CVE-2022-26306-add-Initialization-Vectors-to-passwor.patch
 Patch25: 0004-CVE-2022-2630-6-7-add-infobar-to-prompt-to-refresh-t.patch
 Patch26: 0005-CVE-2022-3140-Filter-out-unwanted-command-URIs.patch
 Patch27: 0001-CVE-2022-38745.patch
 # not upstreamed
 Patch500: 0001-disable-libe-book-support.patch
@ -2275,6 +2276,9 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
 %{_includedir}/LibreOfficeKit
 %changelog
 * Wed Apr 12 2023 Caolán McNamara <caolanm@redhat.com> - 1:7.1.8.1-9
 - Resolves: rhbz#2182392 CVE-2022-38745
 * Thu Oct 20 2022 Caolán McNamara <caolanm@redhat.com> - 1:7.1.8.1-8
 - Resolves: rhbz#2134759 Untrusted Macros
 - Resolves: rhbz#2134757 Weak Master Keys