Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 May 2005 21:18:40 +0000 (UTC)
From:      Greg Lewis <glewis@FreeBSD.org>
To:        ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: ports/java/jdk14 Makefile ports/java/jdk14/files patch-j2se-jar-Main.java patch-j2se-resources-jar.properties
Message-ID:  <200505112118.j4BLIegS010163@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 

glewis      2005-05-11 21:18:40 UTC

  FreeBSD ports repository

  Modified files:
    java/jdk14           Makefile 
  Added files:
    java/jdk14/files     patch-j2se-jar-Main.java 
                         patch-j2se-resources-jar.properties 
  Log:
  . Ensure that when files are extracted that their fully resolved path lies
    in or below the current working directory.  Fixes a security problem with
    jar(1).
  
    This fix may change to be compatible with whatever fix Sun applies when
    they release a fixed version of 1.5.
  . Bump PORTREVISION for this fix.
  
  Approved by:    maintainer timeout
  Security: http://vuxml.FreeBSD.org/18e5428f-ae7c-11d9-837d-000e0c2e438a.html
  
  Revision  Changes    Path
  1.90      +1 -0      ports/java/jdk14/Makefile
  1.1       +58 -0     ports/java/jdk14/files/patch-j2se-jar-Main.java (new)
  1.1       +13 -0     ports/java/jdk14/files/patch-j2se-resources-jar.properties (new)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505112118.j4BLIegS010163>