diff options
| author | Danny Rawlins <monster.romster@gmail.com> | 2017-02-13 08:41:45 +1100 |
|---|---|---|
| committer | Danny Rawlins <monster.romster@gmail.com> | 2017-02-13 08:41:45 +1100 |
| commit | bce7c9439f8c76c8b666196a4ca630121e36e4ef (patch) | |
| tree | 92f2afe6e8a77cba5261c7c008346939c8b06d6e | |
| parent | 3169db4d25a059af890a4cacd745ce78f580ef3d (diff) | |
| download | contrib-bce7c9439f8c76c8b666196a4ca630121e36e4ef.tar.gz contrib-bce7c9439f8c76c8b666196a4ca630121e36e4ef.tar.xz | |
[notify] ntfs-3g: CVE-2017-0358 modprobe influence vulnerability via environment variables
| -rw-r--r-- | ntfs-3g/.md5sum | 1 | ||||
| -rw-r--r-- | ntfs-3g/CVE-2017-0358.patch | 38 | ||||
| -rw-r--r-- | ntfs-3g/Pkgfile | 10 |
3 files changed, 45 insertions, 4 deletions
diff --git a/ntfs-3g/.md5sum b/ntfs-3g/.md5sum index c117b48ed..1af6f1d2c 100644 --- a/ntfs-3g/.md5sum +++ b/ntfs-3g/.md5sum @@ -1 +1,2 @@ +0631dbc17722d13b1a6ce5427e064356 CVE-2017-0358.patch ccbe8672d0f757bd0c975b50aa4c512e ntfs-3g_ntfsprogs-2016.2.22.tgz diff --git a/ntfs-3g/CVE-2017-0358.patch b/ntfs-3g/CVE-2017-0358.patch new file mode 100644 index 000000000..1e409d7d3 --- /dev/null +++ b/ntfs-3g/CVE-2017-0358.patch @@ -0,0 +1,38 @@ +http://seclists.org/oss-sec/2017/q1/259 +CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables +--- ntfs-3g/src/lowntfs-3g.c 2016-12-31 08:56:59.011749600 +0100 ++++ ntfs-3g/src/lowntfs-3g.c 2017-01-05 14:41:52.041473700 +0100 +@@ -3827,13 +3827,14 @@ + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 100000000 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, &st) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, &env); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); +--- ntfs-3g/src/ntfs-3g.c 2017-02-04 23:30:23.825889593 +0100 ++++ ntfs-3g/src/nfts-3g.c 2017-02-04 23:30:42.572542756 +0100 +@@ -3612,13 +3612,14 @@ + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 100000000 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, &st) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, &env); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); diff --git a/ntfs-3g/Pkgfile b/ntfs-3g/Pkgfile index d80a38460..268ad0d76 100644 --- a/ntfs-3g/Pkgfile +++ b/ntfs-3g/Pkgfile @@ -1,17 +1,19 @@ # Description: Freely available NTFS driver with read and write support. -# URL: http://www.tuxera.com/community/ntfs-3g-download/ +# URL: https://www.tuxera.com/community/ntfs-3g-download/ # Maintainer: Danny Rawlins, crux at romster dot me -# Packager: Danny Rawlins, crux at romster dot me # Depends on: fuse name=ntfs-3g version=2016.2.22 -release=3 -source=(http://tuxera.com/opensource/ntfs-3g_ntfsprogs-$version.tgz) +release=4 +source=(https://tuxera.com/opensource/ntfs-3g_ntfsprogs-$version.tgz + CVE-2017-0358.patch) build() { cd ntfs-3g_ntfsprogs-$version + patch -p1 -i $SRC/CVE-2017-0358.patch + install -d $PKG/lib ./configure \ |