[alpine-aports] [PATCH] main/ntfs-3g: fix CVE-2017-0358

Valery Kartel <valery.kartel@gmail.com>
Details
Message ID: <20170202092932.2988-1-valery.kartel@gmail.com>
Sender timestamp: 1486027772
DKIM signature: missing
Patch: +50 -18
http://www.openwall.com/lists/oss-security/2017/02/01/8
modprobe influence vulnerability via environment variables

cosmetic cleanups in apkbuild
---
 main/ntfs-3g/APKBUILD            | 32 ++++++++++++++------------------
 main/ntfs-3g/cve-2017-0358.patch | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 18 deletions(-)
 create mode 100644 main/ntfs-3g/cve-2017-0358.patch

diff --git a/main/ntfs-3g/APKBUILD b/main/ntfs-3g/APKBUILD
index 74531bee35..6236eadb37 100644
--- a/main/ntfs-3g/APKBUILD
+++ b/main/ntfs-3g/APKBUILD
@@ -4,8 +4,8 @@
 pkgname=ntfs-3g
 _pkgreal=ntfs-3g_ntfsprogs
 pkgver=2016.2.22
-pkgrel=0
-pkgdesc="Stable, full-featured, read-write NTFS driver"
+pkgrel=1
+pkgdesc="Stable, full-featured, read-write NTFS"
 url="http://www.tuxera.com/community/ntfs-3g-download/"
 arch="all"
 license="GPL"
@@ -14,20 +14,12 @@ makedepends="attr-dev util-linux-dev linux-headers"
 subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-progs"
 source="http://tuxera.com/opensource/$_pkgreal-$pkgver.tgz
 	musl-fixes.patch
+	cve-2017-0358.patch
 	"
-
-_builddir="$srcdir"/$_pkgreal-$pkgver
-prepare() {
-	cd "$_builddir"
-	for i in $source; do
-		case $i in
-		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
-		esac
-	done
-}
+builddir="$srcdir/$_pkgreal-$pkgver"
 
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -40,13 +32,14 @@ build() {
 }
 
 package() {
-	cd "$_builddir"
+	pkgdesc="$pkgdesc (driver)"
+	cd "$builddir"
 	mkdir -p "$pkgdir"/lib
 	make -j1 DESTDIR="$pkgdir" LDCONFIG=: install || return 1
 }
 
 progs() {
-	pkgdesc="Stable, full-featured, read-write NTFS userspace utilities"
+	pkgdesc="$pkgdesc (utilities)"
 	mkdir -p "$subpkgdir"/sbin
 	mv "$pkgdir"/usr "$pkgdir"/lib "$subpkgdir"/
 	mv "$pkgdir"/sbin/mkfs.ntfs "$subpkgdir"/sbin
@@ -54,8 +47,11 @@ progs() {
 }
 
 md5sums="ccbe8672d0f757bd0c975b50aa4c512e  ntfs-3g_ntfsprogs-2016.2.22.tgz
-cdfca9f0d20ef96ec60e072ffe4fd061  musl-fixes.patch"
+cdfca9f0d20ef96ec60e072ffe4fd061  musl-fixes.patch
+044e19e0f7c1bc26244f87ac08a784e9  cve-2017-0358.patch"
 sha256sums="d7b72c05e4b3493e6095be789a760c9f5f2b141812d5b885f3190c98802f1ea0  ntfs-3g_ntfsprogs-2016.2.22.tgz
-f60f15b5650ada189d880ffea0e199869b3d5e855913d353cab8b0b7ebc47ae4  musl-fixes.patch"
+f60f15b5650ada189d880ffea0e199869b3d5e855913d353cab8b0b7ebc47ae4  musl-fixes.patch
+2b864502d1a762a67e5c839249b800245d1eaa173de68f44eb98e4a6f89206bd  cve-2017-0358.patch"
 sha512sums="dbd36fadd2881db1d17fdbf5d2b4e50bbe11dc9dd0ad4917e7f8bc4032c2287346143756ce8754df0d46ce9209f2c0c41b626cad929d76a9bc881712c7101c15  ntfs-3g_ntfsprogs-2016.2.22.tgz
-5b4680956f11c75ee3122923f36b840e2a0a38e6cebecbe7be4a02f4423746f8b7d7a89b16d7a9bea62e64534d20e87503beb582273af38d458b946387e85a02  musl-fixes.patch"
+5b4680956f11c75ee3122923f36b840e2a0a38e6cebecbe7be4a02f4423746f8b7d7a89b16d7a9bea62e64534d20e87503beb582273af38d458b946387e85a02  musl-fixes.patch
+56f1f88483637df6cbc9b20a6a02d445d107374d8cbdd759ff7a9f40263ccd56b1e8e8494fb7e34b3ff9f001bc746d3a17dcf3b941fc1623011305a82fa4b692  cve-2017-0358.patch"
diff --git a/main/ntfs-3g/cve-2017-0358.patch b/main/ntfs-3g/cve-2017-0358.patch
new file mode 100644
index 0000000000..ee7ff1ef1b
--- /dev/null
+++ b/main/ntfs-3g/cve-2017-0358.patch
@@ -0,0 +1,36 @@
+--- ntfs-3g/src/lowntfs-3g.c.ref        2016-12-31 08:56:59.011749600 +0100
++++ ntfs-3g/src/lowntfs-3g.c    2017-01-05 14:41:52.041473700 +0100
+@@ -3827,13 +3827,14 @@
+ 	struct stat st;
+ 	pid_t pid;
+ 	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+ 	struct timespec req = { 0, 100000000 };   /* 100 msec */
+ 	fuse_fstype fstype;
+         
+ 	if (!stat(cmd, &st) && !geteuid()) {
+ 		pid = fork();
+ 		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+ 			_exit(1);
+ 		} else if (pid != -1)
+ 			waitpid(pid, NULL, 0);
+--- ntfs-3g/src/ntfs-3g.c.ref   2016-12-31 08:56:59.022518700 +0100
++++ ntfs-3g/src/ntfs-3g.c       2017-01-05 15:45:45.912499400 +0100
+@@ -3612,13 +3612,14 @@
+ 	struct stat st;
+ 	pid_t pid;
+ 	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+ 	struct timespec req = { 0, 100000000 };   /* 100 msec */
+ 	fuse_fstype fstype;
+ 	
+ 	if (!stat(cmd, &st) && !geteuid()) {
+ 		pid = fork();
+ 		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+ 			_exit(1);
+ 		} else if (pid != -1)
+ 			waitpid(pid, NULL, 0);
-- 
2.11.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
~alpine/aports

[alpine-aports] [PATCH] main/ntfs-3g: fix CVE-2017-0358
