unhappy jar binary
Kurt Miller
kurt at intricatesoftware.com
Tue May 12 06:16:53 PDT 2009
Hi,
S.P.Zeidler wrote:
> If you "diff -r jdk7/jdk/src/share/classes/sun/tools/jar
> bsd-port/jdk/src/share/classes/sun/tools/jar" you'll see that
> the setting of the cwd string (and using it to normalize the path)
> is the only difference between mainline and bsd-port.
>
> In short, it's bsd-port specific, and comparably recent. It came in with
> http://hg.openjdk.java.net/bsd-port/bsd-port/jdk/rev/13d7e2477737
> mid-January (a simple oversight when merging the changes from mainline
> I'd guess). If you try to build the bsd-port openjdk with itself you'll
> trip the bug (that's how I found it).
Thanks for the report. I finally had a chance to look at this.
The cwd change was added back in 2005 (prior to bsd-port) to
fix a security problem in 1.5:
http://marc.info/?l=bugtraq&m=111331593310508&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1080
The intention at the time was to remove the cwd change when Sun
fixed it. However, Sun never fixed it. I don't know why. For
now I will correct the cwd check to unbreak jar.
Regards,
-Kurt
More information about the bsd-port-dev
mailing list