[arch-commits] Commit in ntfs-3g/trunk (CVE-2017-0358.patch PKGBUILD)
Levente Polyak
anthraxx at archlinux.org
Sat Feb 4 22:40:40 UTC 2017
Date: Saturday, February 4, 2017 @ 22:40:39
Author: anthraxx
Revision: 288053
upgpkg: ntfs-3g 2016.2.22-2 (CVE-2017-0358)
- security update
Added:
ntfs-3g/trunk/CVE-2017-0358.patch
Modified:
ntfs-3g/trunk/PKGBUILD
---------------------+
CVE-2017-0358.patch | 36 ++++++++++++++++++++++++++++++++++++
PKGBUILD | 9 ++++++---
2 files changed, 42 insertions(+), 3 deletions(-)
Added: CVE-2017-0358.patch
===================================================================
--- CVE-2017-0358.patch (rev 0)
+++ CVE-2017-0358.patch 2017-02-04 22:40:39 UTC (rev 288053)
@@ -0,0 +1,36 @@
+--- ntfs-3g/src/lowntfs-3g.c 2016-12-31 08:56:59.011749600 +0100
++++ ntfs-3g/src/lowntfs-3g.c 2017-01-05 14:41:52.041473700 +0100
+@@ -3827,13 +3827,14 @@
+ struct stat st;
+ pid_t pid;
+ const char *cmd = "/sbin/modprobe";
++ char *env = (char*)NULL;
+ struct timespec req = { 0, 100000000 }; /* 100 msec */
+ fuse_fstype fstype;
+
+ if (!stat(cmd, &st) && !geteuid()) {
+ pid = fork();
+ if (!pid) {
+- execl(cmd, cmd, "fuse", NULL);
++ execle(cmd, cmd, "fuse", NULL, &env);
+ _exit(1);
+ } else if (pid != -1)
+ waitpid(pid, NULL, 0);
+--- ntfs-3g/src/ntfs-3g.c 2017-02-04 23:30:23.825889593 +0100
++++ ntfs-3g/src/nfts-3g.c 2017-02-04 23:30:42.572542756 +0100
+@@ -3612,13 +3612,14 @@
+ struct stat st;
+ pid_t pid;
+ const char *cmd = "/sbin/modprobe";
++ char *env = (char*)NULL;
+ struct timespec req = { 0, 100000000 }; /* 100 msec */
+ fuse_fstype fstype;
+
+ if (!stat(cmd, &st) && !geteuid()) {
+ pid = fork();
+ if (!pid) {
+- execl(cmd, cmd, "fuse", NULL);
++ execle(cmd, cmd, "fuse", NULL, &env);
+ _exit(1);
+ } else if (pid != -1)
+ waitpid(pid, NULL, 0);
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-02-04 19:56:58 UTC (rev 288052)
+++ PKGBUILD 2017-02-04 22:40:39 UTC (rev 288053)
@@ -7,14 +7,16 @@
pkgname=ntfs-3g
_pkgname=ntfs-3g_ntfsprogs
pkgver=2016.2.22
-pkgrel=1
+pkgrel=2
pkgdesc='NTFS filesystem driver and utilities'
url='https://www.tuxera.com/community/open-source-ntfs-3g/'
arch=('i686' 'x86_64')
license=('GPL2')
depends=('util-linux' 'fuse2')
-source=("https://tuxera.com/opensource/${_pkgname}-${pkgver}.tgz")
-sha1sums=('382df40c366711003cf24d2342033c23e2580b42')
+source=("https://tuxera.com/opensource/${_pkgname}-${pkgver}.tgz"
+ CVE-2017-0358.patch)
+sha1sums=('382df40c366711003cf24d2342033c23e2580b42'
+ '1949f21fc8115b3ea7e1197cf3d562ea6f97f1db')
conflicts=('ntfsprogs')
provides=('ntfsprogs')
@@ -23,6 +25,7 @@
prepare() {
cd "${srcdir}/${_pkgname}-${pkgver}"
sed 's|$(DESTDIR)/sbin|$(DESTDIR)/usr/bin|' -i {ntfsprogs,src}/Makefile.in
+ patch -p1 < "${srcdir}/CVE-2017-0358.patch"
}
build() {
More information about the arch-commits
mailing list