spot pushed to ntfs-3g (f21). "fix CVE-2015-3202"
notifications at fedoraproject.org
notifications at fedoraproject.org
Fri May 22 20:02:09 UTC 2015
From a0d518a7ac6695d417f9718eb5ff3e864ea016dd Mon Sep 17 00:00:00 2001
From: Tom Callaway <spot at fedoraproject.org>
Date: Fri, 22 May 2015 16:02:03 -0400
Subject: fix CVE-2015-3202
diff --git a/CVE-2015-3202.patch b/CVE-2015-3202.patch
new file mode 100644
index 0000000..2bd930b
--- /dev/null
+++ b/CVE-2015-3202.patch
@@ -0,0 +1,55 @@
+ lib/mount_util.c | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+--- a/lib/mount_util.c
++++ b/lib/mount_util.c
+@@ -97,10 +97,12 @@ static int add_mount(const char *prognam
+ goto out_restore;
+ }
+ if (res == 0) {
++ char *env = NULL;
++
+ sigprocmask(SIG_SETMASK, &oldmask, NULL);
+ setuid(geteuid());
+- execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
+- "-f", "-t", type, "-o", opts, fsname, mnt, NULL);
++ execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
++ "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env);
+ fprintf(stderr, "%s: failed to execute /bin/mount: %s\n",
+ progname, strerror(errno));
+ exit(1);
+@@ -148,10 +150,17 @@ static int exec_umount(const char *progn
+ goto out_restore;
+ }
+ if (res == 0) {
++ char *env = NULL;
++
+ sigprocmask(SIG_SETMASK, &oldmask, NULL);
+ setuid(geteuid());
+- execl("/bin/umount", "/bin/umount", "-i", rel_mnt,
+- lazy ? "-l" : NULL, NULL);
++ if (lazy) {
++ execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
++ "-l", NULL, &env);
++ } else {
++ execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
++ NULL, &env);
++ }
+ fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
+ progname, strerror(errno));
+ exit(1);
+@@ -207,10 +216,12 @@ static int remove_mount(const char *prog
+ goto out_restore;
+ }
+ if (res == 0) {
++ char *env = NULL;
++
+ sigprocmask(SIG_SETMASK, &oldmask, NULL);
+ setuid(geteuid());
+- execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
+- "--fake", mnt, NULL);
++ execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
++ "--fake", mnt, NULL, &env);
+ fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
+ progname, strerror(errno));
+ exit(1);
\ No newline at end of file
diff --git a/ntfs-3g.spec b/ntfs-3g.spec
index c27f3c7..d83e7a9 100644
--- a/ntfs-3g.spec
+++ b/ntfs-3g.spec
@@ -16,7 +16,7 @@
Name: ntfs-3g
Summary: Linux NTFS userspace driver
Version: 2015.3.14
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source0: http://tuxera.com/opensource/%{name}_ntfsprogs-%{version}%{?subver}.tgz
@@ -36,6 +36,7 @@ Provides: ntfsprogs-fuse = %{epoch}:%{version}-%{release}
Obsoletes: ntfsprogs-fuse
Provides: fuse-ntfs-3g = %{epoch}:%{version}-%{release}
Patch0: ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
+Patch1: CVE-2015-3202.patch
%description
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS
@@ -81,6 +82,7 @@ included utilities see man 8 ntfsprogs after installation).
%prep
%setup -q -n %{name}_ntfsprogs-%{version}%{?subver}
%patch0 -p1 -b .unsupported
+%patch1 -p1 -b .CVE-2015-3202
%build
CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
@@ -176,6 +178,9 @@ cp -a %{SOURCE1} %{buildroot}%{_datadir}/hal/fdi/policy/10osvendor/
/sbin/mount.lowntfs-3g
/bin/ntfs-3g
/bin/ntfsmount
+#compat symlinks
+%{_bindir}/ntfs-3g
+%{_bindir}/ntfsmount
%else
%{_sbindir}/mount.ntfs
%{_sbindir}/mount.ntfs-3g
@@ -275,6 +280,9 @@ cp -a %{SOURCE1} %{buildroot}%{_datadir}/hal/fdi/policy/10osvendor/
%exclude %{_mandir}/man8/ntfs-3g*
%changelog
+* Fri May 22 2015 Tom Callaway <spot at fedoraproject.org> 2:2015.3.14-2
+- fix CVE-2015-3202
+
* Tue Apr 7 2015 Tom Callaway <spot at fedoraproject.org> 2:2015.3.14-1
- update to 2015.3.14
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/ntfs-3g.git/commit/?h=f21&id=a0d518a7ac6695d417f9718eb5ff3e864ea016dd
More information about the scm-commits
mailing list