[arch-commits] Commit in ntfs-3g/trunk (CVE-2017-0358.patch PKGBUILD)

Levente Polyak anthraxx at archlinux.org
Sat Feb 4 22:40:40 UTC 2017


    Date: Saturday, February 4, 2017 @ 22:40:39
  Author: anthraxx
Revision: 288053

upgpkg: ntfs-3g 2016.2.22-2 (CVE-2017-0358)

- security update

Added:
  ntfs-3g/trunk/CVE-2017-0358.patch
Modified:
  ntfs-3g/trunk/PKGBUILD

---------------------+
 CVE-2017-0358.patch |   36 ++++++++++++++++++++++++++++++++++++
 PKGBUILD            |    9 ++++++---
 2 files changed, 42 insertions(+), 3 deletions(-)

Added: CVE-2017-0358.patch
===================================================================
--- CVE-2017-0358.patch	                        (rev 0)
+++ CVE-2017-0358.patch	2017-02-04 22:40:39 UTC (rev 288053)
@@ -0,0 +1,36 @@
+--- ntfs-3g/src/lowntfs-3g.c	2016-12-31 08:56:59.011749600 +0100
++++ ntfs-3g/src/lowntfs-3g.c	2017-01-05 14:41:52.041473700 +0100
+@@ -3827,13 +3827,14 @@
+ 	struct stat st;
+ 	pid_t pid;
+ 	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+ 	struct timespec req = { 0, 100000000 };   /* 100 msec */
+ 	fuse_fstype fstype;
+         
+ 	if (!stat(cmd, &st) && !geteuid()) {
+ 		pid = fork();
+ 		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+ 			_exit(1);
+ 		} else if (pid != -1)
+ 			waitpid(pid, NULL, 0);
+--- ntfs-3g/src/ntfs-3g.c	2017-02-04 23:30:23.825889593 +0100
++++ ntfs-3g/src/nfts-3g.c	2017-02-04 23:30:42.572542756 +0100
+@@ -3612,13 +3612,14 @@
+ 	struct stat st;
+ 	pid_t pid;
+ 	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+ 	struct timespec req = { 0, 100000000 };   /* 100 msec */
+ 	fuse_fstype fstype;
+ 	
+ 	if (!stat(cmd, &st) && !geteuid()) {
+ 		pid = fork();
+ 		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+ 			_exit(1);
+ 		} else if (pid != -1)
+ 			waitpid(pid, NULL, 0);

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-02-04 19:56:58 UTC (rev 288052)
+++ PKGBUILD	2017-02-04 22:40:39 UTC (rev 288053)
@@ -7,14 +7,16 @@
 pkgname=ntfs-3g
 _pkgname=ntfs-3g_ntfsprogs
 pkgver=2016.2.22
-pkgrel=1
+pkgrel=2
 pkgdesc='NTFS filesystem driver and utilities'
 url='https://www.tuxera.com/community/open-source-ntfs-3g/'
 arch=('i686' 'x86_64')
 license=('GPL2')
 depends=('util-linux' 'fuse2')
-source=("https://tuxera.com/opensource/${_pkgname}-${pkgver}.tgz")
-sha1sums=('382df40c366711003cf24d2342033c23e2580b42')
+source=("https://tuxera.com/opensource/${_pkgname}-${pkgver}.tgz"
+        CVE-2017-0358.patch)
+sha1sums=('382df40c366711003cf24d2342033c23e2580b42'
+          '1949f21fc8115b3ea7e1197cf3d562ea6f97f1db')
 
 conflicts=('ntfsprogs')
 provides=('ntfsprogs')
@@ -23,6 +25,7 @@
 prepare() {
 	cd "${srcdir}/${_pkgname}-${pkgver}"
 	sed 's|$(DESTDIR)/sbin|$(DESTDIR)/usr/bin|' -i {ntfsprogs,src}/Makefile.in
+	patch -p1 < "${srcdir}/CVE-2017-0358.patch"
 }
 
 build() {



More information about the arch-commits mailing list