CVE-2023-52890.patch

@@ -1,37 +0,0 @@
-From 75dcdc2cf37478fad6c0e3427403d198b554951d Mon Sep 17 00:00:00 2001
-From: Erik Larsson <erik@tuxera.com>
-Date: Tue, 13 Jun 2023 17:47:15 +0300
-Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'.
-
-If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,
-then 'n' will be less than 0 and the loop will terminate without storing
-anything in '*t'. After the loop the uppercase string's allocation is
-freed, however after it is freed it is unconditionally accessed through
-'*t', which points into the freed allocation, for the purpose of NULL-
-terminating the string. This leads to a use-after-free.
-Fixed by only NULL-terminating the string when no error has been thrown.
-
-Thanks for Jeffrey Bencteux for reporting this issue:
-https://github.com/tuxera/ntfs-3g/issues/84
----
- libntfs-3g/unistr.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
-index 5854b3b7..db8ddf42 100644
---- a/libntfs-3g/unistr.c
-+++ b/libntfs-3g/unistr.c
-@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low,
- 			free(upp);
- 			upp = (char*)NULL;
- 			errno = EILSEQ;
-+		} else {
-+			*t = 0;
- 		}
--		*t = 0;
- 	}
- 	return (upp);
- }
--- 
-2.20.1
-

add-version-and-help-usage.patch

@@ -1,27 +0,0 @@
-From 5eeccb85a67bbd365839afc65eda4eb388375e68 Mon Sep 17 00:00:00 2001
-From: wang_yue111 <648774160@qq.com>
-Date: Wed, 20 Oct 2021 17:37:51 +0800
-Subject: [PATCH] add version and help usage
-
----
- ntfsprogs/ntfssecaudit.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/ntfsprogs/ntfssecaudit.c b/ntfsprogs/ntfssecaudit.c
-index 9484a60..caa3da3 100644
---- a/ntfsprogs/ntfssecaudit.c
-+++ b/ntfsprogs/ntfssecaudit.c
-@@ -6007,6 +6007,10 @@ static void usage(void)
- 	fprintf(stderr,"	set the security parameters of file to perms\n");
- 	fprintf(stderr,"   ntfssecaudit -r[v] volume perms directory\n");
- 	fprintf(stderr,"	set the security parameters of files in directory to perms\n");
-+	fprintf(stderr,"   ntfssecaudit -V\n");
-+	fprintf(stderr,"        display version\n");
-+	fprintf(stderr,"   ntfssecaudit -H\n");
-+	fprintf(stderr,"        display usage\n");
- #ifdef HAVE_SETXATTR
- 	fprintf(stderr," special cases, do not require being root :\n");
- 	fprintf(stderr,"   ntfssecaudit -u mounted-file\n");
--- 
-2.23.0
-

ntfs-3g.spec

@@ -1,16 +1,12 @@
 Name:          ntfs-3g
-Version:       2022.10.3
-Release:       2
+Version:       2021.8.22
+Release:       1
 Epoch:         2
 Summary:       Linux NTFS userspace driver
 License:       GPLv2+
 URL:           http://www.ntfs-3g.org/
 Source0:       http://tuxera.com/opensource/%{name}_ntfsprogs-%{version}%{?subver}.tgz
 Patch0:        0000-ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
-Patch1:        add-version-and-help-usage.patch
-
-Patch3000:     CVE-2023-52890.patch
-
 BuildRequires: libtool, libattr-devel, libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel
 Provides:      ntfsprogs-fuse = %{epoch}:%{version}-%{release}
 Obsoletes:     ntfsprogs-fuse
@@ -43,7 +39,8 @@ Requires:       man
 This package includes man files for %{name}.
 
 %prep
-%autosetup -n %{name}_ntfsprogs-%{version}%{?subver} -p1
+%setup -q -n %{name}_ntfsprogs-%{version}%{?subver}
+%patch0 -p1 -b .unsupported
 
 %build
 CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
@@ -91,24 +88,6 @@ rm -rf $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/README
 %{_mandir}/man*/*
 
 %changelog
-* Mon Jun 17 2024 qiaojijun <qiaojijun@kylinos.cn> - 2:2022.10.3-2
-- Type:bugfix
-- Id:NA
-- SUG:NA
-- DESC: fix CVE-2023-52890
-
-* Tue Apr 18 2023 liyanan <thistleslyn@163.com> - 2:2022.10.3-1
-- Update to 2022.10.3
-
-* Thu Nov 10 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 2:2022.5.17-2
-- fix CVE-2022-40284
-
-* Fri May 27 2022 wangkai <wangkai385@h-partners.com> - 2:2022.5.17-1
-- Upgrade to 2022.5.17 to fix the cves
-
-* Thu Oct 21 2021 wangyue <wangyue92@huawei.com> - 2:2021.8.22-2
-- add version and help usage
-
 * Wed Sep 22 2021 houyingchao <houyingchao@huawei.com> - 2:2021.8.22-1
 - Upgrade to 2021.8.22 to fix the cves