[kaffe] CVS kaffe (robilad): Small warning fix for fastjar security fix

Kaffe CVS cvs-commits at kaffe.org
Tue Mar 28 14:38:49 PST 2006 

PatchSet 7199 
Date: 2006/03/28 22:19:18
Author: robilad
Branch: HEAD
Tag: (none) 
Log:
Small warning fix for fastjar security fix

2006-03-28  Dalibor Topic  <robilad at kaffe.org>

        * external/gcc/fastjar/jartool.c: Cast filenames to char*
        before calling canonical_filename to fix compiler warnings.

Members: 
	ChangeLog:1.4706->1.4707 
	external/gcc/fastjar/jartool.c:1.2->1.3 

Index: kaffe/ChangeLog
diff -u kaffe/ChangeLog:1.4706 kaffe/ChangeLog:1.4707
--- kaffe/ChangeLog:1.4706	Tue Mar 28 01:16:53 2006
+++ kaffe/ChangeLog	Tue Mar 28 22:19:18 2006
@@ -1,3 +1,19 @@
+2006-03-28  Dalibor Topic  <robilad at kaffe.org>
+
+	* external/gcc/fastjar/jartool.c: Cast filenames to char*
+	before calling canonical_filename to fix compiler warnings.
+
+2005-03-28  Antoine Reilles  <tonio at kaffe.org>,
+	    Joerg Sonnenberger  <joerg at britannica.bec.de>
+
+	* external/gcc/fastjar/jartool.c: Fix security problem for 
+	fastjar reported at : http://secunia.com/advisories/14902
+	Confirmed by Dalibor.
+
+	Use a canonical_filename function as proposed by joerg, 
+	since the problem can't be fixed by realpath, see
+	http://mail-index.netbsd.org/tech-pkg/2006/03/07/0002.html
+
 2006-03-27  Dalibor Topic  <robilad at kaffe.org>
 
 	* ChangeLog.18, ChangeLog: Moved old change logs to 
Index: kaffe/external/gcc/fastjar/jartool.c
diff -u kaffe/external/gcc/fastjar/jartool.c:1.2 kaffe/external/gcc/fastjar/jartool.c:1.3
--- kaffe/external/gcc/fastjar/jartool.c:1.2	Tue Mar 28 08:53:40 2006
+++ kaffe/external/gcc/fastjar/jartool.c	Tue Mar 28 22:19:30 2006
@@ -1724,7 +1724,7 @@
     pb_read(&pbf, filename, fnlen);
     filename[fnlen] = '\0';
 
-    canonical_filename(filename);
+    canonical_filename((char *)filename);
 
     if (*filename == '\0') {
        fprintf(stderr, "Error extracting JAR archive, empty file name!\n");
@@ -2039,7 +2039,7 @@
       }
       filename[fnlen] = '\0';
     
-      canonical_filename(filename);
+      canonical_filename((char*)filename);
       if (*filename == '\0') {
           fprintf(stderr, "Error extracting JAR archive, empty file name!\n");
           exit(1);

More information about the kaffe mailing list