From eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5 Mon Sep 17 00:00:00 2001 From: Zach van Rijn Date: Fri, 11 Nov 2022 17:37:52 -0600 Subject: user/fastjar: add patch for CVE-2010-{0831,2322} and updater. fixes #136, #841. --- user/fastjar/fix-update-mode.patch | 44 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 user/fastjar/fix-update-mode.patch (limited to 'user/fastjar/fix-update-mode.patch') diff --git a/user/fastjar/fix-update-mode.patch b/user/fastjar/fix-update-mode.patch new file mode 100644 index 000000000..509651e44 --- /dev/null +++ b/user/fastjar/fix-update-mode.patch @@ -0,0 +1,44 @@ +Index: b/compress.c +=================================================================== +--- a/compress.c ++++ b/compress.c +@@ -86,6 +86,10 @@ write_data (int fd, void *buf, size_t le + exit(EXIT_FAILURE); + } + } ++ else if (!next && here + len >= end_of_entries) ++ { ++ end_of_entries = here + len; ++ } + } + + return write (fd, buf, len); +Index: b/jartool.c +=================================================================== +--- a/jartool.c ++++ b/jartool.c +@@ -1273,15 +1273,18 @@ int add_file_to_jar(int jfd, int ffd, co + compress_file(ffd, jfd, ze, existing); + } else { + /* If we are not writing the last entry, make space for it. */ +- if (existing && existing->next_entry) ++ if (existing) + { +- if (ze->usize > existing->usize) ++ if (existing->next_entry) + { +- if (shift_down (jfd, existing->next_entry->offset, +- ze->usize - existing->usize, existing->next_entry)) ++ if (ze->usize > existing->usize) + { +- fprintf (stderr, "%s: %s\n", progname, strerror (errno)); +- return 1; ++ if (shift_down (jfd, existing->next_entry->offset, ++ ze->usize - existing->usize, existing->next_entry)) ++ { ++ fprintf (stderr, "%s: %s\n", progname, strerror (errno)); ++ return 1; ++ } + } + } + } -- cgit v1.2.3-70-g09d2