X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail.infogroup.kiev.ua (tera.infogroup.kiev.ua [195.144.25.26]) by lists.alpinelinux.org (Postfix) with ESMTP id 5D6B55C4242 for ; Thu, 2 Feb 2017 09:29:42 +0000 (GMT) Received: from ost.org.ua ([195.144.25.230] helo=alpine.ost.org.ua) by mail.infogroup.kiev.ua with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1cZDi1-0003BM-Ci for alpine-aports@lists.alpinelinux.org; Thu, 02 Feb 2017 11:29:41 +0200 From: Valery Kartel To: alpine-aports@lists.alpinelinux.org Subject: [alpine-aports] [PATCH] main/ntfs-3g: fix CVE-2017-0358 Date: Thu, 2 Feb 2017 11:29:32 +0200 Message-Id: <20170202092932.2988-1-valery.kartel@gmail.com> X-Mailer: git-send-email 2.11.0 Sender: droid@infogroup.kiev.ua X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: http://www.openwall.com/lists/oss-security/2017/02/01/8 modprobe influence vulnerability via environment variables cosmetic cleanups in apkbuild --- main/ntfs-3g/APKBUILD | 32 ++++++++++++++------------------ main/ntfs-3g/cve-2017-0358.patch | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 18 deletions(-) create mode 100644 main/ntfs-3g/cve-2017-0358.patch diff --git a/main/ntfs-3g/APKBUILD b/main/ntfs-3g/APKBUILD index 74531bee35..6236eadb37 100644 --- a/main/ntfs-3g/APKBUILD +++ b/main/ntfs-3g/APKBUILD @@ -4,8 +4,8 @@ pkgname=ntfs-3g _pkgreal=ntfs-3g_ntfsprogs pkgver=2016.2.22 -pkgrel=0 -pkgdesc="Stable, full-featured, read-write NTFS driver" +pkgrel=1 +pkgdesc="Stable, full-featured, read-write NTFS" url="http://www.tuxera.com/community/ntfs-3g-download/" arch="all" license="GPL" @@ -14,20 +14,12 @@ makedepends="attr-dev util-linux-dev linux-headers" subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-progs" source="http://tuxera.com/opensource/$_pkgreal-$pkgver.tgz musl-fixes.patch + cve-2017-0358.patch " - -_builddir="$srcdir"/$_pkgreal-$pkgver -prepare() { - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done -} +builddir="$srcdir/$_pkgreal-$pkgver" build() { - cd "$_builddir" + cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -40,13 +32,14 @@ build() { } package() { - cd "$_builddir" + pkgdesc="$pkgdesc (driver)" + cd "$builddir" mkdir -p "$pkgdir"/lib make -j1 DESTDIR="$pkgdir" LDCONFIG=: install || return 1 } progs() { - pkgdesc="Stable, full-featured, read-write NTFS userspace utilities" + pkgdesc="$pkgdesc (utilities)" mkdir -p "$subpkgdir"/sbin mv "$pkgdir"/usr "$pkgdir"/lib "$subpkgdir"/ mv "$pkgdir"/sbin/mkfs.ntfs "$subpkgdir"/sbin @@ -54,8 +47,11 @@ progs() { } md5sums="ccbe8672d0f757bd0c975b50aa4c512e ntfs-3g_ntfsprogs-2016.2.22.tgz -cdfca9f0d20ef96ec60e072ffe4fd061 musl-fixes.patch" +cdfca9f0d20ef96ec60e072ffe4fd061 musl-fixes.patch +044e19e0f7c1bc26244f87ac08a784e9 cve-2017-0358.patch" sha256sums="d7b72c05e4b3493e6095be789a760c9f5f2b141812d5b885f3190c98802f1ea0 ntfs-3g_ntfsprogs-2016.2.22.tgz -f60f15b5650ada189d880ffea0e199869b3d5e855913d353cab8b0b7ebc47ae4 musl-fixes.patch" +f60f15b5650ada189d880ffea0e199869b3d5e855913d353cab8b0b7ebc47ae4 musl-fixes.patch +2b864502d1a762a67e5c839249b800245d1eaa173de68f44eb98e4a6f89206bd cve-2017-0358.patch" sha512sums="dbd36fadd2881db1d17fdbf5d2b4e50bbe11dc9dd0ad4917e7f8bc4032c2287346143756ce8754df0d46ce9209f2c0c41b626cad929d76a9bc881712c7101c15 ntfs-3g_ntfsprogs-2016.2.22.tgz -5b4680956f11c75ee3122923f36b840e2a0a38e6cebecbe7be4a02f4423746f8b7d7a89b16d7a9bea62e64534d20e87503beb582273af38d458b946387e85a02 musl-fixes.patch" +5b4680956f11c75ee3122923f36b840e2a0a38e6cebecbe7be4a02f4423746f8b7d7a89b16d7a9bea62e64534d20e87503beb582273af38d458b946387e85a02 musl-fixes.patch +56f1f88483637df6cbc9b20a6a02d445d107374d8cbdd759ff7a9f40263ccd56b1e8e8494fb7e34b3ff9f001bc746d3a17dcf3b941fc1623011305a82fa4b692 cve-2017-0358.patch" diff --git a/main/ntfs-3g/cve-2017-0358.patch b/main/ntfs-3g/cve-2017-0358.patch new file mode 100644 index 0000000000..ee7ff1ef1b --- /dev/null +++ b/main/ntfs-3g/cve-2017-0358.patch @@ -0,0 +1,36 @@ +--- ntfs-3g/src/lowntfs-3g.c.ref 2016-12-31 08:56:59.011749600 +0100 ++++ ntfs-3g/src/lowntfs-3g.c 2017-01-05 14:41:52.041473700 +0100 +@@ -3827,13 +3827,14 @@ + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 100000000 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, &st) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, &env); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); +--- ntfs-3g/src/ntfs-3g.c.ref 2016-12-31 08:56:59.022518700 +0100 ++++ ntfs-3g/src/ntfs-3g.c 2017-01-05 15:45:45.912499400 +0100 +@@ -3612,13 +3612,14 @@ + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 100000000 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, &st) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, &env); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); -- 2.11.0 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---