. Ensure that when files are extracted that their fully resolved path lies

  in or below the current working directory.  Fixes a security problem with
  jar(1).

  This fix may change to be compatible with whatever fix Sun applies when
  they release the next version of 1.5.
. Bump PORTREVISION for this fix.

Security: http://vuxml.FreeBSD.org/18e5428f-ae7c-11d9-837d-000e0c2e438a.html

3 files changed, 72 insertions, 1 deletions

diff --git a/java/jdk12/Makefile b/java/jdk12/Makefile
index b06e01b8bff4..5b5fef45f83f 100644
--- a/java/jdk12/Makefile
+++ b/java/jdk12/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	jdk
 PORTVERSION=	${JDK_VERSION}p${JDK_PATCHSET_VERSION}
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	java devel
 MASTER_SITES=	# http://www.sun.com/software/java2/download.html
 #		 http://www.eyesbeyond.com/freebsddom/java/jdk.html
diff --git a/java/jdk12/files/patch-src-jar-Main.java b/java/jdk12/files/patch-src-jar-Main.java
new file mode 100644
index 000000000000..fc30976d8bd6
--- /dev/null
+++ b/java/jdk12/files/patch-src-jar-Main.java
@@ -0,0 +1,58 @@
+$FreeBSD$
+
+--- ../../src/share/classes/sun/tools/jar/Main.java	4 Aug 1999 21:07:59 -0000	1.1.1.2
++++ ../../src/share/classes/sun/tools/jar/Main.java	1 May 2005 04:57:29 -0000
+@@ -37,6 +37,7 @@
+     Hashtable filesTable = new Hashtable();
+     Vector paths = new Vector();
+     Vector v;
++    String cwd;
+     CRC32 crc32 = new CRC32();
+     /* cflag: create
+      * uflag: update       
+@@ -632,6 +633,19 @@
+      * Extracts specified entries from JAR file.
+      */
+     void extract(InputStream in, String files[]) throws IOException {
++    	// Current working directory
++
++	cwd = System.getProperty("user.dir");
++	if (cwd == null) {
++            fatalError(getMsg("error.no.cwd"));
++	}
++	cwd = (new File(cwd)).getCanonicalPath();
++	if (!cwd.endsWith(File.separator)) {
++	    cwd += File.separator;
++	}
++
++	// Extract the files
++
+ 	ZipInputStream zis = new ZipInputStream(in);
+ 	ZipEntry e;
+ 	while ((e = zis.getNextEntry()) != null) {
+@@ -656,6 +670,10 @@
+     void extractFile(ZipInputStream zis, ZipEntry e) throws IOException {
+         String name = e.getName();
+ 	File f = new File(e.getName().replace('/', File.separatorChar));
++	if (!f.getCanonicalPath().startsWith(cwd)) {
++ 	    output(formatMsg("out.ignore.entry", name));
++	    return;
++	}
+ 	if (e.isDirectory()) {
+ 	    if (!f.exists() && !f.mkdirs() || !f.isDirectory()) {
+ 		throw new IOException(formatMsg("error.create.dir", f.getPath()));
+@@ -666,6 +684,10 @@
+ 	} else {
+ 	    if (f.getParent() != null) {
+ 		File d = new File(f.getParent());
++		if (!d.getCanonicalPath().startsWith(cwd)) {
++	 	    output(formatMsg("out.ignore.entry", name));
++		    return;
++		}
+ 		if (!d.exists() && !d.mkdirs() || !d.isDirectory()) {
+ 		    throw new IOException(formatMsg("error.create.dir", d.getPath()));
+ 		}
+Index: src/share/classes/sun/tools/jar/resources/jar.properties
+===================================================================
+RCS file: /var/jcvs/javasrc/src/share/classes/sun/tools/jar/resources/jar.properties,v
+retrieving revision 1.1.1.1
diff --git a/java/jdk12/files/patch-src-resources-jar.properties b/java/jdk12/files/patch-src-resources-jar.properties
new file mode 100644
index 000000000000..cf9f7a02f564
--- /dev/null
+++ b/java/jdk12/files/patch-src-resources-jar.properties
@@ -0,0 +1,13 @@
+$FreeBSD$
+
+--- ../../src/share/classes/sun/tools/jar/resources/jar.properties	4 Aug 1999 21:07:59 -0000	1.1.1.1
++++ ../../src/share/classes/sun/tools/jar/resources/jar.properties	1 May 2005 04:57:38 -0000
+@@ -30,6 +30,8 @@
+         {0} : could not create directory
+ error.incorrect.length=\
+         incorrect length while processing: {0}
++error.no.cwd=\
++	{0} : could not determine current working directory
+ out.added.manifest=\
+         added manifest
+ out.update.manifest=\