From eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5 Mon Sep 17 00:00:00 2001
From: Zach van Rijn <me@zv.io>
Date: Fri, 11 Nov 2022 17:37:52 -0600
Subject: user/fastjar: add patch for CVE-2010-{0831,2322} and updater. fixes
 #136, #841.

---
 user/fastjar/APKBUILD                 |  8 ++++--
 user/fastjar/CVE-2010-0831,2322.patch | 48 +++++++++++++++++++++++++++++++++++
 user/fastjar/efficiency.patch         | 34 -------------------------
 user/fastjar/fix-update-mode.patch    | 44 ++++++++++++++++++++++++++++++++
 4 files changed, 98 insertions(+), 36 deletions(-)
 create mode 100644 user/fastjar/CVE-2010-0831,2322.patch
 create mode 100644 user/fastjar/fix-update-mode.patch

(limited to 'user/fastjar')

diff --git a/user/fastjar/APKBUILD b/user/fastjar/APKBUILD
index 249f3a9b1..d07ee9162 100644
--- a/user/fastjar/APKBUILD
+++ b/user/fastjar/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=fastjar
 pkgver=0.98
-pkgrel=0
+pkgrel=1
 pkgdesc="Java archiver tool, tuned for performance"
 url="https://savannah.nongnu.org/projects/fastjar/"
 arch="all"
@@ -11,6 +11,8 @@ depends=""
 makedepends="zlib-dev"
 subpackages="$pkgname-doc"
 source="https://download.savannah.nongnu.org/releases/fastjar/fastjar-$pkgver.tar.gz
+	CVE-2010-0831,2322.patch
+	fix-update-mode.patch
 	null-terminate.patch
 	write-return.patch
 	efficiency.patch
@@ -42,6 +44,8 @@ package() {
 }
 
 sha512sums="c0f9fca7b58d6acd00b90a5184dbde9ba3ffc5bf4d69512743e450649a272baf1f6af98b15d79d2b53990eaf84ef402c986035e6b615a19e35ed424348143903  fastjar-0.98.tar.gz
+7fcabd7a0ed23b1ce9f9a11e635ccf50f5403118cd979bdf4ff9a57358e8992cf122cedbdb5c671cb2782348457bedf589ca8aa2603267ce683c81f34f5370f5  CVE-2010-0831,2322.patch
+9a9231e8b943e3602e78645cf50719d8e5ae7297981803af46e16edbed2e3c1a04273f08f445363e294373b90c13b75baefc6f5774e8c590724c5bc28354a93c  fix-update-mode.patch
 073c4fcc780588f146f2970f8718dbd70597ce46be8429b86d989056811bd331e209edf90e49d9ed8507e518fd7d7f57a76749f36eb308c12f9a74c7ab10beca  null-terminate.patch
 061c9ca0a13136b5eacef453822f71b8dc27f7501e2bbf5243785c147800f5793cffa6d1998dce0c12ce12fd892f3f0f03c06350e50621b5782dfb9a16c375ae  write-return.patch
-16584ebe2bc104c2489ee8ff0f0aca471dc0d95c79b199fc463d6bdd6fe99425d583948ebb7e9aab775dffbffdea3babbd824df5debdbd445f559e1334815583  efficiency.patch"
+0e581282d67d6e995a87f5cbe8d92f77a36668c35bdf0a715da67b428aafbdf181a2e5b2528a6e6c2651dfd2fd1abb7dd64fa7cf290e294e114c5c49d036e860  efficiency.patch"
diff --git a/user/fastjar/CVE-2010-0831,2322.patch b/user/fastjar/CVE-2010-0831,2322.patch
new file mode 100644
index 000000000..acf9f3e86
--- /dev/null
+++ b/user/fastjar/CVE-2010-0831,2322.patch
@@ -0,0 +1,48 @@
+diff -ur fastjar-0.98.orig/jartool.c fastjar-0.98/jartool.c
+--- fastjar-0.98.orig/jartool.c	2009-09-06 18:10:47.000000000 -0400
++++ fastjar-0.98/jartool.c	2010-04-28 17:15:09.000000000 -0400
+@@ -1730,8 +1730,18 @@
+       struct stat sbuf;
+       int depth = 0;
+ 
++      if(strncmp((const char *)filename, "/", 1) == 0){
++        fprintf(stderr, "Absolute path names are not allowed.\n");
++        exit(EXIT_FAILURE);
++      }
++
+       tmp_buff = malloc(sizeof(char) * strlen((const char *)filename));
+ 
++      if(tmp_buff == NULL) {
++        fprintf(stderr, "Out of memory.\n");
++        exit(EXIT_FAILURE);
++      }
++
+       for(;;){
+         const ub1 *idx = (const unsigned char *)strchr((const char *)start, '/');
+ 
+@@ -1749,14 +1759,17 @@
+ #ifdef DEBUG    
+         printf("checking the existance of %s\n", tmp_buff);
+ #endif
+-	if(strcmp(tmp_buff, "..") == 0){
+-	  --depth;
+-	  if (depth < 0){
+-	    fprintf(stderr, "Traversal to parent directories during unpacking!\n");
+-	    exit(EXIT_FAILURE);
+-	  }
+-	} else if (strcmp(tmp_buff, ".") != 0)
+-	  ++depth;
++        if(strcmp(tmp_buff, "..") == 0 || (strlen(tmp_buff) > 2 && strncmp(tmp_buff + strlen(tmp_buff) - 3, "/..", 3) == 0)){
++          --depth;
++          if (depth < 0){
++            fprintf(stderr, "Traversal to parent directories during unpacking!\n");
++            exit(EXIT_FAILURE);
++          }
++        } else if (strcmp(tmp_buff, ".") == 0 || (strlen(tmp_buff) > 1 && strncmp(tmp_buff + strlen(tmp_buff) - 2, "/.", 2) == 0)){
++          /* Do nothing, the current directory is "." */ 
++        } else
++          ++depth;
++
+         if(stat(tmp_buff, &sbuf) < 0){
+           if(errno != ENOENT)
+             exit_on_error("stat");
diff --git a/user/fastjar/efficiency.patch b/user/fastjar/efficiency.patch
index 54c471e25..b71b02f8c 100644
--- a/user/fastjar/efficiency.patch
+++ b/user/fastjar/efficiency.patch
@@ -28,40 +28,6 @@ Author: Dan Rosenberg <dan.j.rosenberg@gmail.com>
  
        for(;;){
          const ub1 *idx = (const unsigned char *)strchr((const char *)start, '/');
-@@ -1739,25 +1749,28 @@
-         if(idx == NULL)
-           break;
-         else if(idx == start){
-+	  tmp_buff[idx - filename] = '/';
-           start++;
-           continue;
-         }
--        start = idx + 1;
- 
--        strncpy(tmp_buff, (const char *)filename, (idx - filename));
--        tmp_buff[(idx - filename)] = '\0';
-+	memcpy(tmp_buff + (start - filename), (const char *)start, (idx - start));
-+	tmp_buff[idx - filename] = '\0';
- 
- #ifdef DEBUG    
-         printf("checking the existance of %s\n", tmp_buff);
- #endif
--	if(strcmp(tmp_buff, "..") == 0){
-+	if(idx - start == 2 && memcmp(start, "..", 2) == 0){
- 	  --depth;
- 	  if (depth < 0){
- 	    fprintf(stderr, "Traversal to parent directories during unpacking!\n");
- 	    exit(EXIT_FAILURE);
- 	  }
--	} else if (strcmp(tmp_buff, ".") != 0)
-+	} else if (idx - start != 1 || *start != '.')
- 	  ++depth;
-+
-+        start = idx + 1;
-+
-         if(stat(tmp_buff, &sbuf) < 0){
-           if(errno != ENOENT)
-             exit_on_error("stat");
 @@ -1766,6 +1779,7 @@
  #ifdef DEBUG    
            printf("Directory exists\n");
diff --git a/user/fastjar/fix-update-mode.patch b/user/fastjar/fix-update-mode.patch
new file mode 100644
index 000000000..509651e44
--- /dev/null
+++ b/user/fastjar/fix-update-mode.patch
@@ -0,0 +1,44 @@
+Index: b/compress.c
+===================================================================
+--- a/compress.c
++++ b/compress.c
+@@ -86,6 +86,10 @@ write_data (int fd, void *buf, size_t le
+ 	      exit(EXIT_FAILURE);
+ 	    }
+ 	}
++      else if (!next && here + len >= end_of_entries)
++	{
++	  end_of_entries = here + len;
++	}
+     }
+ 
+   return write (fd, buf, len);
+Index: b/jartool.c
+===================================================================
+--- a/jartool.c
++++ b/jartool.c
+@@ -1273,15 +1273,18 @@ int add_file_to_jar(int jfd, int ffd, co
+     compress_file(ffd, jfd, ze, existing);
+   } else {
+     /* If we are not writing the last entry, make space for it. */
+-    if (existing && existing->next_entry)
++    if (existing) 
+       {
+-	if (ze->usize > existing->usize)
++	if (existing->next_entry) 
+ 	  {
+-	    if (shift_down (jfd, existing->next_entry->offset,
+-			    ze->usize - existing->usize, existing->next_entry))
++	    if (ze->usize > existing->usize) 
+ 	      {
+-		fprintf (stderr, "%s: %s\n", progname, strerror (errno));
+-		return 1;
++		if (shift_down (jfd, existing->next_entry->offset,
++				ze->usize - existing->usize, existing->next_entry))
++		  {
++		    fprintf (stderr, "%s: %s\n", progname, strerror (errno));
++		    return 1;
++		  }
+ 	      }
+ 	  }
+       }
-- 
cgit v1.2.3-60-g2f50