From: Mike Gilbert Date: Wed, 22 Apr 2020 04:18:39 +0000 (-0400) Subject: sys-fs/ntfs3g: apply fix for CVE-2019-9755 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=46fe392026d1cf6fb21c54a418fcb20b4861f1e7;p=gentoo.git sys-fs/ntfs3g: apply fix for CVE-2019-9755 Bug: https://bugs.gentoo.org/717640 Signed-off-by: Mike Gilbert --- diff --git a/sys-fs/ntfs3g/files/CVE-2019-9755.patch b/sys-fs/ntfs3g/files/CVE-2019-9755.patch new file mode 100644 index 000000000000..caa079d607ba --- /dev/null +++ b/sys-fs/ntfs3g/files/CVE-2019-9755.patch @@ -0,0 +1,63 @@ +From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Wed, 19 Dec 2018 15:57:50 +0100 +Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint + +The size check was inefficient because getcwd() uses an unsigned int +argument. +--- + src/lowntfs-3g.c | 6 +++++- + src/ntfs-3g.c | 6 +++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c +index 993867fa..0660439b 100644 +--- a/src/lowntfs-3g.c ++++ b/src/lowntfs-3g.c +@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c +index 6ce89fef..4e0912ae 100644 +--- a/src/ntfs-3g.c ++++ b/src/ntfs-3g.c +@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +-- +2.26.1 + diff --git a/sys-fs/ntfs3g/ntfs3g-2017.3.23-r3.ebuild b/sys-fs/ntfs3g/ntfs3g-2017.3.23-r3.ebuild new file mode 100644 index 000000000000..a8b18bd3cc56 --- /dev/null +++ b/sys-fs/ntfs3g/ntfs3g-2017.3.23-r3.ebuild @@ -0,0 +1,106 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +inherit linux-info udev toolchain-funcs libtool + +MY_PN=${PN/3g/-3g} +MY_P=${MY_PN}_ntfsprogs-${PV} + +DESCRIPTION="Open source read-write NTFS driver that runs under FUSE" +HOMEPAGE="http://www.tuxera.com/community/ntfs-3g-download/" +SRC_URI="http://tuxera.com/opensource/${MY_P}.tgz" + +LICENSE="GPL-2" +# The subslot matches the SONAME major #. +SLOT="0/88" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux" +IUSE="acl debug +external-fuse ntfsdecrypt +ntfsprogs static-libs suid xattr" + +RDEPEND=" + ntfsdecrypt? ( + >=dev-libs/libgcrypt-1.2.2:0 + >=net-libs/gnutls-1.4.4 + ) + external-fuse? ( + >=sys-fs/fuse-2.8.0:0 + ) +" +DEPEND="${RDEPEND} + sys-apps/attr +" +BDEPEND=" + virtual/pkgconfig +" + +S="${WORKDIR}/${MY_P}" + +DOCS="AUTHORS ChangeLog CREDITS README" + +PATCHES=( + "${FILESDIR}"/${PN}-2014.2.15-no-split-usr.patch + "${FILESDIR}"/${PN}-2016.2.22-sysmacros.patch #580136 + # Fedora fixes + "${FILESDIR}"/${PN}-2017.3.23-check-mftmirr.patch + "${FILESDIR}"/${PN}-2017.3.23-big-sectors.patch + "${FILESDIR}"/${PN}-2017.3.23-full-clusters.patch + "${FILESDIR}"/CVE-2019-9755.patch +) + +pkg_setup() { + if use external-fuse && use kernel_linux; then + if kernel_is lt 2 6 9; then + die "Your kernel is too old." + fi + CONFIG_CHECK="~FUSE_FS" + FUSE_FS_WARNING="You need to have FUSE module built to use ntfs-3g" + linux-info_pkg_setup + fi +} + +src_prepare() { + default + # Keep the symlinks in the same place we put the main binaries. + # Having them in / when all the progs are in /usr is pointless. + sed -i \ + -e 's:/sbin:$(sbindir):g' \ + {ntfsprogs,src}/Makefile.in || die #578336 + # Note: patches apply to Makefile.in, so don't run autotools here. + elibtoolize +} + +src_configure() { + # disable hd library until we have the right library in the tree and + # don't links to hwinfo one causing issues like bug #602360 + tc-ld-disable-gold + # passing --exec-prefix is needed as the build system is trying to be clever + # and install itself into / instead of /usr in order to be compatible with + # separate-/usr setups (which we don't support without an initrd). + econf \ + --exec-prefix="${EPREFIX}"/usr \ + $(use_enable debug) \ + --enable-ldscript \ + --disable-ldconfig \ + $(use_enable acl posix-acls) \ + $(use_enable xattr xattr-mappings) \ + $(use_enable ntfsdecrypt crypto) \ + $(use_enable ntfsprogs) \ + $(use_enable ntfsprogs quarantined) \ + --without-uuid \ + --without-hd \ + --enable-extras \ + $(use_enable static-libs static) \ + --with-fuse=$(usex external-fuse external internal) +} + +src_install() { + default + + use suid && fperms u+s /usr/bin/ntfs-3g + # Not needed with the link of mount.ntfs being created, causes + # issues like bug #635080 +# udev_dorules "${FILESDIR}"/99-ntfs3g.rules + dosym mount.ntfs-3g /usr/sbin/mount.ntfs #374197 + + find "${D}" -name '*.la' -type f -delete || die +}