head	1.7;
access;
symbols
	pkgsrc-2026Q1:1.7.0.82
	pkgsrc-2026Q1-base:1.7
	pkgsrc-2025Q4:1.7.0.80
	pkgsrc-2025Q4-base:1.7
	pkgsrc-2025Q3:1.7.0.78
	pkgsrc-2025Q3-base:1.7
	pkgsrc-2025Q2:1.7.0.76
	pkgsrc-2025Q2-base:1.7
	pkgsrc-2025Q1:1.7.0.74
	pkgsrc-2025Q1-base:1.7
	pkgsrc-2024Q4:1.7.0.72
	pkgsrc-2024Q4-base:1.7
	pkgsrc-2024Q3:1.7.0.70
	pkgsrc-2024Q3-base:1.7
	pkgsrc-2024Q2:1.7.0.68
	pkgsrc-2024Q2-base:1.7
	pkgsrc-2024Q1:1.7.0.66
	pkgsrc-2024Q1-base:1.7
	pkgsrc-2023Q4:1.7.0.64
	pkgsrc-2023Q4-base:1.7
	pkgsrc-2023Q3:1.7.0.62
	pkgsrc-2023Q3-base:1.7
	pkgsrc-2023Q2:1.7.0.60
	pkgsrc-2023Q2-base:1.7
	pkgsrc-2023Q1:1.7.0.58
	pkgsrc-2023Q1-base:1.7
	pkgsrc-2022Q4:1.7.0.56
	pkgsrc-2022Q4-base:1.7
	pkgsrc-2022Q3:1.7.0.54
	pkgsrc-2022Q3-base:1.7
	pkgsrc-2022Q2:1.7.0.52
	pkgsrc-2022Q2-base:1.7
	pkgsrc-2022Q1:1.7.0.50
	pkgsrc-2022Q1-base:1.7
	pkgsrc-2021Q4:1.7.0.48
	pkgsrc-2021Q4-base:1.7
	pkgsrc-2021Q3:1.7.0.46
	pkgsrc-2021Q3-base:1.7
	pkgsrc-2021Q2:1.7.0.44
	pkgsrc-2021Q2-base:1.7
	pkgsrc-2021Q1:1.7.0.42
	pkgsrc-2021Q1-base:1.7
	pkgsrc-2020Q4:1.7.0.40
	pkgsrc-2020Q4-base:1.7
	pkgsrc-2020Q3:1.7.0.38
	pkgsrc-2020Q3-base:1.7
	pkgsrc-2020Q2:1.7.0.34
	pkgsrc-2020Q2-base:1.7
	pkgsrc-2020Q1:1.7.0.14
	pkgsrc-2020Q1-base:1.7
	pkgsrc-2019Q4:1.7.0.36
	pkgsrc-2019Q4-base:1.7
	pkgsrc-2019Q3:1.7.0.32
	pkgsrc-2019Q3-base:1.7
	pkgsrc-2019Q2:1.7.0.30
	pkgsrc-2019Q2-base:1.7
	pkgsrc-2019Q1:1.7.0.28
	pkgsrc-2019Q1-base:1.7
	pkgsrc-2018Q4:1.7.0.26
	pkgsrc-2018Q4-base:1.7
	pkgsrc-2018Q3:1.7.0.24
	pkgsrc-2018Q3-base:1.7
	pkgsrc-2018Q2:1.7.0.22
	pkgsrc-2018Q2-base:1.7
	pkgsrc-2018Q1:1.7.0.20
	pkgsrc-2018Q1-base:1.7
	pkgsrc-2017Q4:1.7.0.18
	pkgsrc-2017Q4-base:1.7
	pkgsrc-2017Q3:1.7.0.16
	pkgsrc-2017Q3-base:1.7
	pkgsrc-2017Q2:1.7.0.12
	pkgsrc-2017Q2-base:1.7
	pkgsrc-2017Q1:1.7.0.10
	pkgsrc-2017Q1-base:1.7
	pkgsrc-2016Q4:1.7.0.8
	pkgsrc-2016Q4-base:1.7
	pkgsrc-2016Q3:1.7.0.6
	pkgsrc-2016Q3-base:1.7
	pkgsrc-2016Q2:1.7.0.4
	pkgsrc-2016Q2-base:1.7
	pkgsrc-2016Q1:1.7.0.2
	pkgsrc-2016Q1-base:1.7
	pkgsrc-2015Q4:1.6.0.82
	pkgsrc-2015Q4-base:1.6
	pkgsrc-2015Q3:1.6.0.80
	pkgsrc-2015Q3-base:1.6
	pkgsrc-2015Q2:1.6.0.78
	pkgsrc-2015Q2-base:1.6
	pkgsrc-2015Q1:1.6.0.76
	pkgsrc-2015Q1-base:1.6
	pkgsrc-2014Q4:1.6.0.74
	pkgsrc-2014Q4-base:1.6
	pkgsrc-2014Q3:1.6.0.72
	pkgsrc-2014Q3-base:1.6
	pkgsrc-2014Q2:1.6.0.70
	pkgsrc-2014Q2-base:1.6
	pkgsrc-2014Q1:1.6.0.68
	pkgsrc-2014Q1-base:1.6
	pkgsrc-2013Q4:1.6.0.66
	pkgsrc-2013Q4-base:1.6
	pkgsrc-2013Q3:1.6.0.64
	pkgsrc-2013Q3-base:1.6
	pkgsrc-2013Q2:1.6.0.62
	pkgsrc-2013Q2-base:1.6
	pkgsrc-2013Q1:1.6.0.60
	pkgsrc-2013Q1-base:1.6
	pkgsrc-2012Q4:1.6.0.58
	pkgsrc-2012Q4-base:1.6
	pkgsrc-2012Q3:1.6.0.56
	pkgsrc-2012Q3-base:1.6
	pkgsrc-2012Q2:1.6.0.54
	pkgsrc-2012Q2-base:1.6
	pkgsrc-2012Q1:1.6.0.52
	pkgsrc-2012Q1-base:1.6
	pkgsrc-2011Q4:1.6.0.50
	pkgsrc-2011Q4-base:1.6
	pkgsrc-2011Q3:1.6.0.48
	pkgsrc-2011Q3-base:1.6
	pkgsrc-2011Q2:1.6.0.46
	pkgsrc-2011Q2-base:1.6
	pkgsrc-2011Q1:1.6.0.44
	pkgsrc-2011Q1-base:1.6
	pkgsrc-2010Q4:1.6.0.42
	pkgsrc-2010Q4-base:1.6
	pkgsrc-2010Q3:1.6.0.40
	pkgsrc-2010Q3-base:1.6
	pkgsrc-2010Q2:1.6.0.38
	pkgsrc-2010Q2-base:1.6
	pkgsrc-2010Q1:1.6.0.36
	pkgsrc-2010Q1-base:1.6
	pkgsrc-2009Q4:1.6.0.34
	pkgsrc-2009Q4-base:1.6
	pkgsrc-2009Q3:1.6.0.32
	pkgsrc-2009Q3-base:1.6
	pkgsrc-2009Q2:1.6.0.30
	pkgsrc-2009Q2-base:1.6
	pkgsrc-2009Q1:1.6.0.28
	pkgsrc-2009Q1-base:1.6
	pkgsrc-2008Q4:1.6.0.26
	pkgsrc-2008Q4-base:1.6
	pkgsrc-2008Q3:1.6.0.24
	pkgsrc-2008Q3-base:1.6
	cube-native-xorg:1.6.0.22
	cube-native-xorg-base:1.6
	pkgsrc-2008Q2:1.6.0.20
	pkgsrc-2008Q2-base:1.6
	cwrapper:1.6.0.18
	pkgsrc-2008Q1:1.6.0.16
	pkgsrc-2008Q1-base:1.6
	pkgsrc-2007Q4:1.6.0.14
	pkgsrc-2007Q4-base:1.6
	pkgsrc-2007Q3:1.6.0.12
	pkgsrc-2007Q3-base:1.6
	pkgsrc-2007Q2:1.6.0.10
	pkgsrc-2007Q2-base:1.6
	pkgsrc-2007Q1:1.6.0.8
	pkgsrc-2007Q1-base:1.6
	pkgsrc-2006Q4:1.6.0.6
	pkgsrc-2006Q4-base:1.6
	pkgsrc-2006Q3:1.6.0.4
	pkgsrc-2006Q3-base:1.6
	pkgsrc-2006Q2:1.6.0.2
	pkgsrc-2006Q2-base:1.6
	pkgsrc-2006Q1:1.5.0.2
	pkgsrc-2006Q1-base:1.5
	pkgsrc-2005Q4:1.4.0.2
	pkgsrc-2005Q4-base:1.4;
locks; strict;
comment	@# @;


1.7
date	2016.03.05.15.08.30;	author bsiegert;	state Exp;
branches;
next	1.6;
commitid	eZImaclCoVwkUsXy;

1.6
date	2006.05.17.06.12.27;	author rillig;	state Exp;
branches;
next	1.5;

1.5
date	2006.03.14.14.02.01;	author joerg;	state Exp;
branches;
next	1.4;

1.4
date	2005.12.01.17.01.25;	author rillig;	state Exp;
branches;
next	1.3;

1.3
date	2005.10.31.04.32.10;	author minskim;	state Exp;
branches;
next	1.2;

1.2
date	2005.10.23.18.02.16;	author rillig;	state Exp;
branches;
next	1.1;

1.1
date	2005.10.03.11.17.23;	author joerg;	state Exp;
branches;
next	;


desc
@@


1.7
log
@Update fastjar to 0.98. From pkgsrc-wip.

Upstream provides no useful changelog; the CHANGES file ends at 0.92.
@
text
@$NetBSD: patch-ad,v 1.3 2014/12/15 09:49:33 makoto Exp $

date: 2006-03-14 23:02:01 +0900;  author: joerg;  state: Exp;  lines: +51 -3;
Normalise path names as relative under cwd as if they would have been
extracted under chroot. Don't attempt to deal with existing symlinks
to directories. This prevents directory traversal and therefore the
creation of arbitrary files. Bump revision.
     
--- jartool.c.orig	2009-09-07 07:10:47.000000000 +0900
+++ jartool.c	2014-12-15 18:35:25.000000000 +0900
@@@@ -1512,6 +1512,31 @@@@ int create_central_header(int fd){
   return 0;
 }
 
+static void canonical_filename(char *filename)
+{
+    char *iterator, *iterator2;
+
+    for (;;) {
+	if (*filename == '/')
+	    memmove(filename, filename + 1, strlen(filename));
+	else if (filename[0] == '.' && filename[1] == '/')
+	    memmove(filename, filename + 2, strlen(filename) - 1);
+	else if (filename[0] == '.' && filename[1] == '.' && filename[2] == '/')
+	    memmove(filename, filename + 3, strlen(filename) - 2);
+	else if ((iterator = strstr(filename, "//")) != NULL)
+	    memmove(iterator, iterator + 1, strlen(iterator));
+	else if ((iterator = strstr(filename, "/./")) != NULL)
+	    memmove(iterator, iterator + 2, strlen(iterator) - 1);
+	else if ((iterator = strstr(filename, "/../")) != NULL) {
+	    for (iterator2 = iterator - 1; iterator2 > filename && *iterator2 != '/'; --iterator2)
+		continue;
+	    /* iterator2 >= filename, handle the initial slash above, if necessary */
+	    memmove(iterator2, iterator + 3, strlen(iterator) - 2);
+	} else
+	    break;
+    }
+}
+
 int extract_jar(int fd, const char **files, int file_num){
   size_t rdamt;
   int out_a, in_a;
@@@@ -1628,6 +1653,13 @@@@ int extract_jar(int fd, const char **fil
     pb_read(&pbf, filename, fnlen);
     filename[fnlen] = '\0';
 
+    canonical_filename(filename);
+
+    if (*filename == '\0') {
+	 fprintf(stderr, "Error extracting JAR archive, empty file name!\n");
+	 exit(1);
+     }
+
 #ifdef DEBUG    
     printf("filename is %s\n", filename);
 #endif
@


1.6
log
@Fixed pkglint warnings.
@
text
@d1 1
a1 1
$NetBSD: patch-ad,v 1.5 2006/03/14 14:02:01 joerg Exp $
d3 11
a13 8
--- jartool.c.orig	2001-01-11 09:38:15.000000000 +0100
+++ jartool.c
@@@@ -171,4 +171,2 @@@@
 
-extern int errno;
-
 void usage(char*);
@@@@ -1143,2 +1141,27 @@@@ int create_central_header(int fd){
d40 6
a45 2
 int extract_jar(int fd, char **files, int file_num){
@@@@ -1251,2 +1274,9 @@@@ int extract_jar(int fd, char **files, in
d47 1
a47 1
+     canonical_filename(filename);
d49 4
a52 4
+     if (*filename == '\0') {
+        fprintf(stderr, "Error extracting JAR archive, empty file name!\n");
+        exit(1);
+      }
d55 2
a56 10
@@@@ -1563,2 +1593,9 @@@@ int list_jar(int fd, char **files, int f
       filename[fnlen] = '\0';
+
+      canonical_filename(filename);
+      if (*filename == '\0') {
+          fprintf(stderr, "Error extracting JAR archive, empty file name!\n");
+          exit(1);
+      }
+
     
@


1.5
log
@Normalise path names as relative under cwd as if they would have been
extracted under chroot. Don't attempt to deal with existing symlinks
to directories. This prevents directory traversal and therefore the
creation of arbitrary files. Bump revision.
@
text
@d1 1
a1 1
$NetBSD$
d5 1
a5 1
@@@@ -171,4 +171,2 @@@@ static char rcsid[] = "$Id: jartool.c,v 
@


1.4
log
@Fixed pkglint warnings:
- Removed partial RCS tag from patch-ad.
@
text
@d1 1
a1 1
$NetBSD: patch-ad,v 1.3 2005/10/31 04:32:10 minskim Exp $
d3 1
a3 1
--- jartool.c.orig	2001-01-11 00:38:15.000000000 -0800
d5 1
a5 1
@@@@ -171,4 +171,2 @@@@
d10 48
@


1.3
log
@Regen patch-ad to make GNU patch happy.
@
text
@d1 1
a1 1
$NetBSD$
d5 1
a5 1
@@@@ -171,4 +171,2 @@@@ static char rcsid[] = "$Id: jartool.c,v 
@


1.2
log
@Added RCS Id to patch-ad.
@
text
@d3 3
a5 3
--- jartool.c.orig	2005-07-22 14:15:00.000000000 +0000
+++ jartool.c	2005-07-22 14:15:09.000000000 +0000
@@@@ -171,6 +171,4 @@@@
a9 2
 void add_entry(struct zipentry *);
 void init_headers();
@


1.1
log
@Depend on errno.h to provide errno.
@
text
@d1 2
@