. Ensure that when files are extracted that their fully resolved path lies

  in or below the current working directory.  Fixes a security problem with
  jar(1).

  This fix may change to be compatible with whatever fix Sun applies when
  they release the next version of 1.5.
. Bump PORTREVISION for this fix.

Security: http://vuxml.FreeBSD.org/18e5428f-ae7c-11d9-837d-000e0c2e438a.html
Reviewed by:	maintainer timeout

3 files changed, 72 insertions, 1 deletions

diff --git a/java/jdk16/Makefile b/java/jdk16/Makefile
index b5923da5d899..4e42219c7c5c 100644
--- a/java/jdk16/Makefile
+++ b/java/jdk16/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	jdk
 PORTVERSION=	${JDK_VERSION}p${JDK_PATCHSET_VERSION}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	java devel
 MASTER_SITES=	# http://www.sun.com/software/java2/download.html
 #		 http://www.eyesbeyond.com/freebsddom/java/jdk15.html
diff --git a/java/jdk16/files/patch-j2se-jar-Main.java b/java/jdk16/files/patch-j2se-jar-Main.java
new file mode 100644
index 000000000000..eaba6461ff01
--- /dev/null
+++ b/java/jdk16/files/patch-j2se-jar-Main.java
@@ -0,0 +1,58 @@
+$FreeBSD$
+
+--- ../../j2se/src/share/classes/sun/tools/jar/Main.java	8 Nov 2004 22:27:32 -0000	1.1.1.1
++++ ../../j2se/src/share/classes/sun/tools/jar/Main.java	20 Apr 2005 16:50:17 -0000
+@@ -31,6 +31,7 @@
+     Hashtable filesTable = new Hashtable();
+     Vector paths = new Vector();
+     Vector v;
++    String cwd;
+     CRC32 crc32 = new CRC32();
+     /* cflag: create
+      * uflag: update       
+@@ -670,6 +671,19 @@
+      * Extracts specified entries from JAR file.
+      */
+     void extract(InputStream in, String files[]) throws IOException {
++    	// Current working directory
++
++	cwd = System.getProperty("user.dir");
++	if (cwd == null) {
++            fatalError(getMsg("error.no.cwd"));
++	}
++	cwd = (new File(cwd)).getCanonicalPath();
++	if (!cwd.endsWith(File.separator)) {
++	    cwd += File.separator;
++	}
++
++	// Extract the files
++
+ 	ZipInputStream zis = new ZipInputStream(in);
+ 	ZipEntry e;
+ 	while ((e = zis.getNextEntry()) != null) {
+@@ -694,6 +708,10 @@
+     void extractFile(ZipInputStream zis, ZipEntry e) throws IOException {
+         String name = e.getName();
+ 	File f = new File(e.getName().replace('/', File.separatorChar));
++	if (!f.getCanonicalPath().startsWith(cwd)) {
++ 	    output(formatMsg("out.ignore.entry", name));
++	    return;
++	}
+ 	if (e.isDirectory()) {
+ 	    if (!f.exists() && !f.mkdirs() || !f.isDirectory()) {
+ 		throw new IOException(formatMsg("error.create.dir", f.getPath()));
+@@ -704,6 +722,10 @@
+ 	} else {
+ 	    if (f.getParent() != null) {
+ 		File d = new File(f.getParent());
++		if (!d.getCanonicalPath().startsWith(cwd)) {
++	 	    output(formatMsg("out.ignore.entry", name));
++		    return;
++		}
+ 		if (!d.exists() && !d.mkdirs() || !d.isDirectory()) {
+ 		    throw new IOException(formatMsg("error.create.dir", d.getPath()));
+ 		}
+Index: j2se/src/share/classes/sun/tools/jar/resources/jar.properties
+===================================================================
+RCS file: /var/jcvs/javasrc_1_5_scsl/j2se/src/share/classes/sun/tools/jar/resources/jar.properties,v
+retrieving revision 1.1.1.1
diff --git a/java/jdk16/files/patch-j2se-resources-jar.properties b/java/jdk16/files/patch-j2se-resources-jar.properties
new file mode 100644
index 000000000000..9f28eb7c045a
--- /dev/null
+++ b/java/jdk16/files/patch-j2se-resources-jar.properties
@@ -0,0 +1,13 @@
+$FreeBSD$
+
+--- ../../j2se/src/share/classes/sun/tools/jar/resources/jar.properties	8 Nov 2004 22:27:32 -0000	1.1.1.1
++++ ../../j2se/src/share/classes/sun/tools/jar/resources/jar.properties	20 Apr 2005 15:50:41 -0000
+@@ -30,6 +30,8 @@
+         {0} : could not create directory
+ error.incorrect.length=\
+         incorrect length while processing: {0}
++error.no.cwd=\
++	{0} : could not determine current working directory
+ out.added.manifest=\
+         added manifest
+ out.update.manifest=\