aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTBK <tbk@jjtc.eu>2020-04-24 11:33:13 +0200
committerTBK <tbk@jjtc.eu>2020-04-25 03:25:29 +0200
commit95aea5ceff62cd4a94abdb087564bfe1dbcc468c (patch)
treee5ded34f341718254ebf4935d376cd51f591d3f0
parent28d05249330dd334b818ab817304f1156eac96a5 (diff)
downloadaports-95aea5ceff62cd4a94abdb087564bfe1dbcc468c.tar.bz2
aports-95aea5ceff62cd4a94abdb087564bfe1dbcc468c.tar.xz
main/ntfs-3g: patch CVE-2019-9755
- Switch to https - Clarify license - Patch CVE-2019-9755
-rw-r--r--main/ntfs-3g/APKBUILD20
-rw-r--r--main/ntfs-3g/CVE-2019-9755.patch62
2 files changed, 75 insertions, 7 deletions
diff --git a/main/ntfs-3g/APKBUILD b/main/ntfs-3g/APKBUILD
index 9f63527fe1..8c2695bc2d 100644
--- a/main/ntfs-3g/APKBUILD
+++ b/main/ntfs-3g/APKBUILD
@@ -4,18 +4,24 @@
pkgname=ntfs-3g
_pkgreal=ntfs-3g_ntfsprogs
pkgver=2017.3.23
-pkgrel=1
+pkgrel=2
pkgdesc="Stable, full-featured, read-write NTFS"
-url="http://www.tuxera.com/community/ntfs-3g-download/"
+url="https://www.tuxera.com/community/ntfs-3g-download/"
arch="all"
-license="GPL"
+license="GPL-2.0-or-later AND LGPL-2.0-or-later"
+options="!check" # No test suite
makedepends="attr-dev util-linux-dev linux-headers"
subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-progs"
-source="http://tuxera.com/opensource/$_pkgreal-$pkgver.tgz"
+source="https://tuxera.com/opensource/ntfs-3g_ntfsprogs-$pkgver.tgz
+ CVE-2019-9755.patch
+ "
builddir="$srcdir/$_pkgreal-$pkgver"
+# secfixes:
+# 2017.3.23-r2:
+# - CVE-2019-9755
+
build() {
- cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -29,7 +35,6 @@ build() {
package() {
pkgdesc="$pkgdesc (driver)"
- cd "$builddir"
mkdir -p "$pkgdir"/lib
make -j1 DESTDIR="$pkgdir" LDCONFIG=: install
ln -s /bin/ntfs-3g "$pkgdir"/sbin/mount.ntfs
@@ -44,4 +49,5 @@ progs() {
rm -fr "$subpkgdir"/lib "$subpkgdir"/usr/lib
}
-sha512sums="3a607f0d7be35204c992d8931de0404fbc52032c13b4240d2c5e6f285c318a28eb2a385d7cf5ac4cd445876aee5baa5753bb636ada0d870d84a9d3fdbce794ef ntfs-3g_ntfsprogs-2017.3.23.tgz"
+sha512sums="3a607f0d7be35204c992d8931de0404fbc52032c13b4240d2c5e6f285c318a28eb2a385d7cf5ac4cd445876aee5baa5753bb636ada0d870d84a9d3fdbce794ef ntfs-3g_ntfsprogs-2017.3.23.tgz
+d071cf6c3ee38963df0286049196cb3bab050460e0b541f3cf5d217c874d247878cb6dcca2d6d68c562447f8956e0511dd93552c5647dda88b69be880b5cd9f8 CVE-2019-9755.patch"
diff --git a/main/ntfs-3g/CVE-2019-9755.patch b/main/ntfs-3g/CVE-2019-9755.patch
new file mode 100644
index 0000000000..577f168628
--- /dev/null
+++ b/main/ntfs-3g/CVE-2019-9755.patch
@@ -0,0 +1,62 @@
+From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr>
+Date: Wed, 19 Dec 2018 15:57:50 +0100
+Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
+
+The size check was inefficient because getcwd() uses an unsigned int
+argument.
+---
+ src/lowntfs-3g.c | 6 +++++-
+ src/ntfs-3g.c | 6 +++++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
+index 993867fa..0660439b 100644
+--- a/src/lowntfs-3g.c
++++ b/src/lowntfs-3g.c
+@@ -4323,7 +4323,8 @@
+ else {
+ ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
+ if (ctx->abs_mnt_point) {
+- if (getcwd(ctx->abs_mnt_point,
++ if ((strlen(opts.mnt_point) < PATH_MAX)
++ && getcwd(ctx->abs_mnt_point,
+ PATH_MAX - strlen(opts.mnt_point) - 1)) {
+ strcat(ctx->abs_mnt_point, "/");
+ strcat(ctx->abs_mnt_point, opts.mnt_point);
+@@ -4331,6 +4332,9 @@
+ /* Solaris also wants the absolute mount point */
+ opts.mnt_point = ctx->abs_mnt_point;
+ #endif /* defined(__sun) && defined (__SVR4) */
++ } else {
++ free(ctx->abs_mnt_point);
++ ctx->abs_mnt_point = (char*)NULL;
+ }
+ }
+ }
+diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c
+index 6ce89fef..4e0912ae 100644
+--- a/src/ntfs-3g.c
++++ b/src/ntfs-3g.c
+@@ -4123,7 +4123,8 @@
+ else {
+ ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
+ if (ctx->abs_mnt_point) {
+- if (getcwd(ctx->abs_mnt_point,
++ if ((strlen(opts.mnt_point) < PATH_MAX)
++ && getcwd(ctx->abs_mnt_point,
+ PATH_MAX - strlen(opts.mnt_point) - 1)) {
+ strcat(ctx->abs_mnt_point, "/");
+ strcat(ctx->abs_mnt_point, opts.mnt_point);
+@@ -4131,6 +4132,9 @@
+ /* Solaris also wants the absolute mount point */
+ opts.mnt_point = ctx->abs_mnt_point;
+ #endif /* defined(__sun) && defined (__SVR4) */
++ } else {
++ free(ctx->abs_mnt_point);
++ ctx->abs_mnt_point = (char*)NULL;
+ }
+ }
+ }
+--
+2.22.0