From eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5 Mon Sep 17 00:00:00 2001 From: Zach van Rijn Date: Fri, 11 Nov 2022 17:37:52 -0600 Subject: user/fastjar: add patch for CVE-2010-{0831,2322} and updater. fixes #136, #841. --- user/fastjar/APKBUILD | 8 ++++-- user/fastjar/CVE-2010-0831,2322.patch | 48 +++++++++++++++++++++++++++++++++++ user/fastjar/efficiency.patch | 34 ------------------------- user/fastjar/fix-update-mode.patch | 44 ++++++++++++++++++++++++++++++++ 4 files changed, 98 insertions(+), 36 deletions(-) create mode 100644 user/fastjar/CVE-2010-0831,2322.patch create mode 100644 user/fastjar/fix-update-mode.patch diff --git a/user/fastjar/APKBUILD b/user/fastjar/APKBUILD index 249f3a9b1..d07ee9162 100644 --- a/user/fastjar/APKBUILD +++ b/user/fastjar/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox pkgname=fastjar pkgver=0.98 -pkgrel=0 +pkgrel=1 pkgdesc="Java archiver tool, tuned for performance" url="https://savannah.nongnu.org/projects/fastjar/" arch="all" @@ -11,6 +11,8 @@ depends="" makedepends="zlib-dev" subpackages="$pkgname-doc" source="https://download.savannah.nongnu.org/releases/fastjar/fastjar-$pkgver.tar.gz + CVE-2010-0831,2322.patch + fix-update-mode.patch null-terminate.patch write-return.patch efficiency.patch @@ -42,6 +44,8 @@ package() { } sha512sums="c0f9fca7b58d6acd00b90a5184dbde9ba3ffc5bf4d69512743e450649a272baf1f6af98b15d79d2b53990eaf84ef402c986035e6b615a19e35ed424348143903 fastjar-0.98.tar.gz +7fcabd7a0ed23b1ce9f9a11e635ccf50f5403118cd979bdf4ff9a57358e8992cf122cedbdb5c671cb2782348457bedf589ca8aa2603267ce683c81f34f5370f5 CVE-2010-0831,2322.patch +9a9231e8b943e3602e78645cf50719d8e5ae7297981803af46e16edbed2e3c1a04273f08f445363e294373b90c13b75baefc6f5774e8c590724c5bc28354a93c fix-update-mode.patch 073c4fcc780588f146f2970f8718dbd70597ce46be8429b86d989056811bd331e209edf90e49d9ed8507e518fd7d7f57a76749f36eb308c12f9a74c7ab10beca null-terminate.patch 061c9ca0a13136b5eacef453822f71b8dc27f7501e2bbf5243785c147800f5793cffa6d1998dce0c12ce12fd892f3f0f03c06350e50621b5782dfb9a16c375ae write-return.patch -16584ebe2bc104c2489ee8ff0f0aca471dc0d95c79b199fc463d6bdd6fe99425d583948ebb7e9aab775dffbffdea3babbd824df5debdbd445f559e1334815583 efficiency.patch" +0e581282d67d6e995a87f5cbe8d92f77a36668c35bdf0a715da67b428aafbdf181a2e5b2528a6e6c2651dfd2fd1abb7dd64fa7cf290e294e114c5c49d036e860 efficiency.patch" diff --git a/user/fastjar/CVE-2010-0831,2322.patch b/user/fastjar/CVE-2010-0831,2322.patch new file mode 100644 index 000000000..acf9f3e86 --- /dev/null +++ b/user/fastjar/CVE-2010-0831,2322.patch @@ -0,0 +1,48 @@ +diff -ur fastjar-0.98.orig/jartool.c fastjar-0.98/jartool.c +--- fastjar-0.98.orig/jartool.c 2009-09-06 18:10:47.000000000 -0400 ++++ fastjar-0.98/jartool.c 2010-04-28 17:15:09.000000000 -0400 +@@ -1730,8 +1730,18 @@ + struct stat sbuf; + int depth = 0; + ++ if(strncmp((const char *)filename, "/", 1) == 0){ ++ fprintf(stderr, "Absolute path names are not allowed.\n"); ++ exit(EXIT_FAILURE); ++ } ++ + tmp_buff = malloc(sizeof(char) * strlen((const char *)filename)); + ++ if(tmp_buff == NULL) { ++ fprintf(stderr, "Out of memory.\n"); ++ exit(EXIT_FAILURE); ++ } ++ + for(;;){ + const ub1 *idx = (const unsigned char *)strchr((const char *)start, '/'); + +@@ -1749,14 +1759,17 @@ + #ifdef DEBUG + printf("checking the existance of %s\n", tmp_buff); + #endif +- if(strcmp(tmp_buff, "..") == 0){ +- --depth; +- if (depth < 0){ +- fprintf(stderr, "Traversal to parent directories during unpacking!\n"); +- exit(EXIT_FAILURE); +- } +- } else if (strcmp(tmp_buff, ".") != 0) +- ++depth; ++ if(strcmp(tmp_buff, "..") == 0 || (strlen(tmp_buff) > 2 && strncmp(tmp_buff + strlen(tmp_buff) - 3, "/..", 3) == 0)){ ++ --depth; ++ if (depth < 0){ ++ fprintf(stderr, "Traversal to parent directories during unpacking!\n"); ++ exit(EXIT_FAILURE); ++ } ++ } else if (strcmp(tmp_buff, ".") == 0 || (strlen(tmp_buff) > 1 && strncmp(tmp_buff + strlen(tmp_buff) - 2, "/.", 2) == 0)){ ++ /* Do nothing, the current directory is "." */ ++ } else ++ ++depth; ++ + if(stat(tmp_buff, &sbuf) < 0){ + if(errno != ENOENT) + exit_on_error("stat"); diff --git a/user/fastjar/efficiency.patch b/user/fastjar/efficiency.patch index 54c471e25..b71b02f8c 100644 --- a/user/fastjar/efficiency.patch +++ b/user/fastjar/efficiency.patch @@ -28,40 +28,6 @@ Author: Dan Rosenberg for(;;){ const ub1 *idx = (const unsigned char *)strchr((const char *)start, '/'); -@@ -1739,25 +1749,28 @@ - if(idx == NULL) - break; - else if(idx == start){ -+ tmp_buff[idx - filename] = '/'; - start++; - continue; - } -- start = idx + 1; - -- strncpy(tmp_buff, (const char *)filename, (idx - filename)); -- tmp_buff[(idx - filename)] = '\0'; -+ memcpy(tmp_buff + (start - filename), (const char *)start, (idx - start)); -+ tmp_buff[idx - filename] = '\0'; - - #ifdef DEBUG - printf("checking the existance of %s\n", tmp_buff); - #endif -- if(strcmp(tmp_buff, "..") == 0){ -+ if(idx - start == 2 && memcmp(start, "..", 2) == 0){ - --depth; - if (depth < 0){ - fprintf(stderr, "Traversal to parent directories during unpacking!\n"); - exit(EXIT_FAILURE); - } -- } else if (strcmp(tmp_buff, ".") != 0) -+ } else if (idx - start != 1 || *start != '.') - ++depth; -+ -+ start = idx + 1; -+ - if(stat(tmp_buff, &sbuf) < 0){ - if(errno != ENOENT) - exit_on_error("stat"); @@ -1766,6 +1779,7 @@ #ifdef DEBUG printf("Directory exists\n"); diff --git a/user/fastjar/fix-update-mode.patch b/user/fastjar/fix-update-mode.patch new file mode 100644 index 000000000..509651e44 --- /dev/null +++ b/user/fastjar/fix-update-mode.patch @@ -0,0 +1,44 @@ +Index: b/compress.c +=================================================================== +--- a/compress.c ++++ b/compress.c +@@ -86,6 +86,10 @@ write_data (int fd, void *buf, size_t le + exit(EXIT_FAILURE); + } + } ++ else if (!next && here + len >= end_of_entries) ++ { ++ end_of_entries = here + len; ++ } + } + + return write (fd, buf, len); +Index: b/jartool.c +=================================================================== +--- a/jartool.c ++++ b/jartool.c +@@ -1273,15 +1273,18 @@ int add_file_to_jar(int jfd, int ffd, co + compress_file(ffd, jfd, ze, existing); + } else { + /* If we are not writing the last entry, make space for it. */ +- if (existing && existing->next_entry) ++ if (existing) + { +- if (ze->usize > existing->usize) ++ if (existing->next_entry) + { +- if (shift_down (jfd, existing->next_entry->offset, +- ze->usize - existing->usize, existing->next_entry)) ++ if (ze->usize > existing->usize) + { +- fprintf (stderr, "%s: %s\n", progname, strerror (errno)); +- return 1; ++ if (shift_down (jfd, existing->next_entry->offset, ++ ze->usize - existing->usize, existing->next_entry)) ++ { ++ fprintf (stderr, "%s: %s\n", progname, strerror (errno)); ++ return 1; ++ } + } + } + } -- cgit v1.2.3-70-g09d2