packages/ntfs-3g
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:4da63c75681154c7f95c96c3f6b58e711568a5a7
Branches Tags
packages:main
..
compare: packages:20b9179778eaf9cf2506fb24e654993f0053b929
Branches Tags
packages:main

No commits in common. "4da63c75681154c7f95c96c3f6b58e711568a5a7" and "20b9179778eaf9cf2506fb24e654993f0053b929" have entirely different histories.
4da63c7568 ... 20b9179778

5 changed files with 4 additions and 89 deletions
Show Stats Expand all files Collapse all files

37
CVE-2023-52890.patch
View File

@ -1,37 +0,0 @@
From 75dcdc2cf37478fad6c0e3427403d198b554951d Mon Sep 17 00:00:00 2001
From: Erik Larsson <erik@tuxera.com>
Date: Tue, 13 Jun 2023 17:47:15 +0300
Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'.
If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,
then 'n' will be less than 0 and the loop will terminate without storing
anything in '*t'. After the loop the uppercase string's allocation is
freed, however after it is freed it is unconditionally accessed through
'*t', which points into the freed allocation, for the purpose of NULL-
terminating the string. This leads to a use-after-free.
Fixed by only NULL-terminating the string when no error has been thrown.
Thanks for Jeffrey Bencteux for reporting this issue:
https://github.com/tuxera/ntfs-3g/issues/84
---
libntfs-3g/unistr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
index 5854b3b7..db8ddf42 100644
--- a/libntfs-3g/unistr.c
+++ b/libntfs-3g/unistr.c
@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low,
free(upp);
upp = (char*)NULL;
errno = EILSEQ;
+ } else {
+ *t = 0;
}
- *t = 0;
}
return (upp);
}
--
2.20.1

27
add-version-and-help-usage.patch
View File

@ -1,27 +0,0 @@
From 5eeccb85a67bbd365839afc65eda4eb388375e68 Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Wed, 20 Oct 2021 17:37:51 +0800
Subject: [PATCH] add version and help usage
---
ntfsprogs/ntfssecaudit.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ntfsprogs/ntfssecaudit.c b/ntfsprogs/ntfssecaudit.c
index 9484a60..caa3da3 100644
--- a/ntfsprogs/ntfssecaudit.c
+++ b/ntfsprogs/ntfssecaudit.c
@@ -6007,6 +6007,10 @@ static void usage(void)
fprintf(stderr," set the security parameters of file to perms\n");
fprintf(stderr," ntfssecaudit -r[v] volume perms directory\n");
fprintf(stderr," set the security parameters of files in directory to perms\n");
+ fprintf(stderr," ntfssecaudit -V\n");
+ fprintf(stderr," display version\n");
+ fprintf(stderr," ntfssecaudit -H\n");
+ fprintf(stderr," display usage\n");
#ifdef HAVE_SETXATTR
fprintf(stderr," special cases, do not require being root :\n");
fprintf(stderr," ntfssecaudit -u mounted-file\n");
--
2.23.0

29
ntfs-3g.spec
View File

@ -1,16 +1,12 @@
Name: ntfs-3g Name: ntfs-3g
Version: 2022.10.3 Version: 2021.8.22
Release: 2 Release: 1
Epoch: 2 Epoch: 2
Summary: Linux NTFS userspace driver Summary: Linux NTFS userspace driver
License: GPLv2+ License: GPLv2+
URL: http://www.ntfs-3g.org/ URL: http://www.ntfs-3g.org/
Source0: http://tuxera.com/opensource/%{name}_ntfsprogs-%{version}%{?subver}.tgz Source0: http://tuxera.com/opensource/%{name}_ntfsprogs-%{version}%{?subver}.tgz
Patch0: 0000-ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch Patch0: 0000-ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
Patch1: add-version-and-help-usage.patch
Patch3000: CVE-2023-52890.patch
BuildRequires: libtool, libattr-devel, libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel BuildRequires: libtool, libattr-devel, libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel
Provides: ntfsprogs-fuse = %{epoch}:%{version}-%{release} Provides: ntfsprogs-fuse = %{epoch}:%{version}-%{release}
Obsoletes: ntfsprogs-fuse Obsoletes: ntfsprogs-fuse
@ -43,7 +39,8 @@ Requires: man
This package includes man files for %{name}. This package includes man files for %{name}.
%prep %prep
%autosetup -n %{name}_ntfsprogs-%{version}%{?subver} -p1 %setup -q -n %{name}_ntfsprogs-%{version}%{?subver}
%patch0 -p1 -b .unsupported
%build %build
CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64" CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
@ -91,24 +88,6 @@ rm -rf $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/README
%{_mandir}/man*/* %{_mandir}/man*/*
%changelog %changelog
* Mon Jun 17 2024 qiaojijun <qiaojijun@kylinos.cn> - 2:2022.10.3-2
- Type:bugfix
- Id:NA
- SUG:NA
- DESC: fix CVE-2023-52890
* Tue Apr 18 2023 liyanan <thistleslyn@163.com> - 2:2022.10.3-1
- Update to 2022.10.3
* Thu Nov 10 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 2:2022.5.17-2
- fix CVE-2022-40284
* Fri May 27 2022 wangkai <wangkai385@h-partners.com> - 2:2022.5.17-1
- Upgrade to 2022.5.17 to fix the cves
* Thu Oct 21 2021 wangyue <wangyue92@huawei.com> - 2:2021.8.22-2
- add version and help usage
* Wed Sep 22 2021 houyingchao <houyingchao@huawei.com> - 2:2021.8.22-1 * Wed Sep 22 2021 houyingchao <houyingchao@huawei.com> - 2:2021.8.22-1
- Upgrade to 2021.8.22 to fix the cves - Upgrade to 2021.8.22 to fix the cves

BIN
ntfs-3g_ntfsprogs-2021.8.22.tgz Normal file
View File

Binary file not shown.

BIN
ntfs-3g_ntfsprogs-2022.10.3.tgz
View File

Binary file not shown.