[kaffe] CVS kaffe (robilad): Small warning fix for fastjar security fix
Kaffe CVS
cvs-commits at kaffe.org
Tue Mar 28 14:38:49 PST 2006
PatchSet 7199
Date: 2006/03/28 22:19:18
Author: robilad
Branch: HEAD
Tag: (none)
Log:
Small warning fix for fastjar security fix
2006-03-28 Dalibor Topic <robilad at kaffe.org>
* external/gcc/fastjar/jartool.c: Cast filenames to char*
before calling canonical_filename to fix compiler warnings.
Members:
ChangeLog:1.4706->1.4707
external/gcc/fastjar/jartool.c:1.2->1.3
Index: kaffe/ChangeLog
diff -u kaffe/ChangeLog:1.4706 kaffe/ChangeLog:1.4707
--- kaffe/ChangeLog:1.4706 Tue Mar 28 01:16:53 2006
+++ kaffe/ChangeLog Tue Mar 28 22:19:18 2006
@@ -1,3 +1,19 @@
+2006-03-28 Dalibor Topic <robilad at kaffe.org>
+
+ * external/gcc/fastjar/jartool.c: Cast filenames to char*
+ before calling canonical_filename to fix compiler warnings.
+
+2005-03-28 Antoine Reilles <tonio at kaffe.org>,
+ Joerg Sonnenberger <joerg at britannica.bec.de>
+
+ * external/gcc/fastjar/jartool.c: Fix security problem for
+ fastjar reported at : http://secunia.com/advisories/14902
+ Confirmed by Dalibor.
+
+ Use a canonical_filename function as proposed by joerg,
+ since the problem can't be fixed by realpath, see
+ http://mail-index.netbsd.org/tech-pkg/2006/03/07/0002.html
+
2006-03-27 Dalibor Topic <robilad at kaffe.org>
* ChangeLog.18, ChangeLog: Moved old change logs to
Index: kaffe/external/gcc/fastjar/jartool.c
diff -u kaffe/external/gcc/fastjar/jartool.c:1.2 kaffe/external/gcc/fastjar/jartool.c:1.3
--- kaffe/external/gcc/fastjar/jartool.c:1.2 Tue Mar 28 08:53:40 2006
+++ kaffe/external/gcc/fastjar/jartool.c Tue Mar 28 22:19:30 2006
@@ -1724,7 +1724,7 @@
pb_read(&pbf, filename, fnlen);
filename[fnlen] = '\0';
- canonical_filename(filename);
+ canonical_filename((char *)filename);
if (*filename == '\0') {
fprintf(stderr, "Error extracting JAR archive, empty file name!\n");
@@ -2039,7 +2039,7 @@
}
filename[fnlen] = '\0';
- canonical_filename(filename);
+ canonical_filename((char*)filename);
if (*filename == '\0') {
fprintf(stderr, "Error extracting JAR archive, empty file name!\n");
exit(1);
More information about the kaffe
mailing list