main/ntfs-3g: fix CVE-2017-0358

http://www.openwall.com/lists/oss-security/2017/02/01/8
modprobe influence vulnerability via environment variables

cosmetic cleanups in apkbuild

1 files changed, 36 insertions, 0 deletions

diff --git a/main/ntfs-3g/cve-2017-0358.patch b/main/ntfs-3g/cve-2017-0358.patch
new file mode 100644
index 0000000000..ee7ff1ef1b
--- /dev/null
+++ b/main/ntfs-3g/cve-2017-0358.patch
@@ -0,0 +1,36 @@
+--- ntfs-3g/src/lowntfs-3g.c.ref        2016-12-31 08:56:59.011749600 +0100
++++ ntfs-3g/src/lowntfs-3g.c    2017-01-05 14:41:52.041473700 +0100
+@@ -3827,13 +3827,14 @@
+ 	struct stat st;
+ 	pid_t pid;
+ 	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+ 	struct timespec req = { 0, 100000000 };   /* 100 msec */
+ 	fuse_fstype fstype;
+         
+ 	if (!stat(cmd, &st) && !geteuid()) {
+ 		pid = fork();
+ 		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+ 			_exit(1);
+ 		} else if (pid != -1)
+ 			waitpid(pid, NULL, 0);
+--- ntfs-3g/src/ntfs-3g.c.ref   2016-12-31 08:56:59.022518700 +0100
++++ ntfs-3g/src/ntfs-3g.c       2017-01-05 15:45:45.912499400 +0100
+@@ -3612,13 +3612,14 @@
+ 	struct stat st;
+ 	pid_t pid;
+ 	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+ 	struct timespec req = { 0, 100000000 };   /* 100 msec */
+ 	fuse_fstype fstype;
+ 	
+ 	if (!stat(cmd, &st) && !geteuid()) {
+ 		pid = fork();
+ 		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+ 			_exit(1);
+ 		} else if (pid != -1)
+ 			waitpid(pid, NULL, 0);