From 0966ee29ec3582f7b87e0ee5e5e911b72f0e7f95 Mon Sep 17 00:00:00 2001 From: lishaohui Date: Mon, 25 Dec 2023 18:57:21 +0800 Subject: [PATCH] www --- apache-poi.spec | 7 ++++- backport-CVE-2022-26336.patch | 49 +++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2022-26336.patch diff --git a/apache-poi.spec b/apache-poi.spec index b971acf..ec40b61 100644 --- a/apache-poi.spec +++ b/apache-poi.spec @@ -1,7 +1,7 @@ %global reldate 20170915 Name: apache-poi Version: 3.17 -Release: 2 +Release: 3 Summary: The Java API for Microsoft Documents License: ASL 2.0 and (CC-BY and CC-BY-SA and W3C) and GPLv3 URL: http://poi.apache.org/ @@ -20,6 +20,7 @@ Source8: http://uri.etsi.org/01903/v1.4.1/XAdESv141.xsd Patch1: apache-poi-3.14-compile-xsds.patch Patch2: apache-poi-3.14-build.patch Patch3: Adjust-handling-of-SchemaFactory.patch +Patch4: backport-CVE-2022-26336.patch BuildArch: noarch BuildRequires: jacoco javapackages-local jmh jmh-generator-annprocess BuildRequires: apache-commons-collections4 >= 4.1 apache-commons-codec apache-commons-logging @@ -65,6 +66,7 @@ This package contains the API documentation for %{name}. %patch1 %patch2 %patch3 -p1 +%patch4 -p1 find -name '*.class' -delete find -name '*.jar' -delete mkdir lib ooxml-lib @@ -134,6 +136,9 @@ done %license LICENSE NOTICE %changelog +* Mon Dec 25 2023 wangweichao - 3.17-3 +- Fix CVE-2022-26336 + * Tue Dec 1 2020 huanghaitao - 3.17-2 - Fix CVE-2019-12415 diff --git a/backport-CVE-2022-26336.patch b/backport-CVE-2022-26336.patch new file mode 100644 index 0000000..cf145ce --- /dev/null +++ b/backport-CVE-2022-26336.patch @@ -0,0 +1,49 @@ +From 0131634c3102060d75082fe807ac064be17ab5ae Mon Sep 17 00:00:00 2001 +From: https://bz.apache.org/bugzilla/show_bug.cgi?id=65899#attach_38203 +Date: Mon, 25 Dec 2023 18:28:14 +0800 +Subject: [PATCH] backport-CVE-2022-26336 + +--- + .../org/apache/poi/hmef/attribute/MAPIAttribute.java | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIAttribute.java b/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIAttribute.java +index 90e4ffe..dc6e94b 100644 +--- a/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIAttribute.java ++++ b/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIAttribute.java +@@ -131,7 +131,9 @@ public class MAPIAttribute { + MAPIProperty prop = MAPIProperty.get(id); + if(id >= 0x8000 && id <= 0xFFFF) { + byte[] guid = new byte[16]; +- IOUtils.readFully(inp, guid); ++ if (IOUtils.readFully(inp, guid) < 0) { ++ throw new IOException("Not enough data to read guid"); ++ } + int mptype = LittleEndian.readInt(inp); + + // Get the name of it +@@ -145,7 +147,9 @@ public class MAPIAttribute { + // Custom name was stored + int mplen = LittleEndian.readInt(inp); + byte[] mpdata = new byte[mplen]; +- IOUtils.readFully(inp, mpdata); ++ if (IOUtils.readFully(inp, mpdata) < 0) { ++ throw new IOException("Not enough data to read " + mplen + " bytes for attribute name"); ++ } + name = StringUtil.getFromUnicodeLE(mpdata, 0, (mplen/2)-1); + skipToBoundary(mplen, inp); + } +@@ -165,7 +169,9 @@ public class MAPIAttribute { + for(int j=0; j