spot pushed to ntfs-3g (el5). "CVE-2015-3202"
notifications at fedoraproject.org
notifications at fedoraproject.org
Fri May 22 20:27:07 UTC 2015
From 439e7dbc12d1d2cdc15236f94ec8bdae4267a4e3 Mon Sep 17 00:00:00 2001
From: Tom Callaway <spot at fedoraproject.org>
Date: Fri, 22 May 2015 16:27:01 -0400
Subject: CVE-2015-3202
diff --git a/CVE-2015-3202.patch b/CVE-2015-3202.patch
new file mode 100644
index 0000000..6e5cf08
--- /dev/null
+++ b/CVE-2015-3202.patch
@@ -0,0 +1,80 @@
+--- ntfs-3g_ntfsprogs-2015.3.14/libfuse-lite/mount_util.c.ref 2015-03-14 15:10:12.000000000 +0100
++++ ntfs-3g_ntfsprogs-2015.3.14/libfuse-lite/mount_util.c 2015-05-18 11:02:50.330654300 +0200
+@@ -66,6 +66,7 @@
+ return -1;
+ }
+ if (res == 0) {
++ char *env = NULL;
+ char templ[] = "/tmp/fusermountXXXXXX";
+ char *tmp;
+
+@@ -87,8 +88,8 @@
+ exit(1);
+ }
+ rmdir(tmp);
+- execl("/sbin/mount", "/sbin/mount", "-F", type, "-o", opts,
+- fsname, mnt, NULL);
++ execle("/sbin/mount", "/sbin/mount", "-F", type, "-o", opts,
++ fsname, mnt, NULL, &env);
+ fprintf(stderr, "%s: failed to execute /sbin/mount: %s\n", progname,
+ strerror(errno));
+ exit(1);
+@@ -120,9 +121,16 @@
+ return -1;
+ }
+ if (res == 0) {
++ char *env = NULL;
++
+ setuid(geteuid());
+- execl("/sbin/umount", "/sbin/umount", !lazy ? "-f" : NULL, mnt,
+- NULL);
++ if (lazy) {
++ execle("/sbin/umount", "/sbin/umount", mnt,
++ NULL, &env);
++ } else {
++ execle("/sbin/umount", "/sbin/umount", "-f", mnt,
++ NULL, &env);
++ }
+ fprintf(stderr, "%s: failed to execute /sbin/umount: %s\n", progname,
+ strerror(errno));
+ exit(1);
+@@ -302,6 +310,7 @@
+ return 0;
+ }
+ if (res == 0) {
++ char *env = NULL;
+ char templ[] = "/tmp/fusermountXXXXXX";
+ char *tmp;
+
+@@ -325,8 +334,8 @@
+ exit(1);
+ }
+ rmdir(tmp);
+- execl("/bin/mount", "/bin/mount", "-i", "-f", "-t", type, "-o", opts,
+- fsname, mnt, NULL);
++ execle("/bin/mount", "/bin/mount", "-i", "-f", "-t", type, "-o", opts,
++ fsname, mnt, NULL, &env);
+ fprintf(stderr, "%s: failed to execute /bin/mount: %s\n", progname,
+ strerror(errno));
+ exit(1);
+@@ -353,11 +362,18 @@
+ return -1;
+ }
+ if (res == 0) {
++ char *env = NULL;
++
+ if (setuid(geteuid()))
+ fprintf(stderr, "%s: failed to setuid : %s\n", progname,
+ strerror(errno));
+- execl("/bin/umount", "/bin/umount", "-i", mnt, lazy ? "-l" : NULL,
+- NULL);
++ if (lazy) {
++ execle("/bin/umount", "/bin/umount", "-i", mnt, "-l",
++ NULL, &env);
++ } else {
++ execle("/bin/umount", "/bin/umount", "-i", mnt,
++ NULL, &env);
++ }
+ fprintf(stderr, "%s: failed to execute /bin/umount: %s\n", progname,
+ strerror(errno));
+ exit(1);
diff --git a/ntfs-3g.spec b/ntfs-3g.spec
index f44d4cf..d83e7a9 100644
--- a/ntfs-3g.spec
+++ b/ntfs-3g.spec
@@ -5,35 +5,38 @@
# For release candidates
# %%global subver -RC
+%global oldrhel 0
+
+%if 0%{?rhel}
+%if 0%{?rhel} < 7
+%global oldrhel 1
+%endif
+%endif
+
Name: ntfs-3g
Summary: Linux NTFS userspace driver
-Version: 2011.4.12
-Release: 5%{?dist}
+Version: 2015.3.14
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source0: http://tuxera.com/opensource/%{name}_ntfsprogs-%{version}%{?subver}.tgz
-Source1: 20-ntfs-config-write-policy.fdi
+%if %{oldrhel}
+Source1: 20-ntfs-config-write-policy.fdi
+%endif
URL: http://www.ntfs-3g.org/
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if %{with_externalfuse}
BuildRequires: fuse-devel
Requires: fuse
%endif
BuildRequires: libtool, libattr-devel
+# ntfsprogs BuildRequires
+BuildRequires: libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel
Epoch: 2
Provides: ntfsprogs-fuse = %{epoch}:%{version}-%{release}
Obsoletes: ntfsprogs-fuse
Provides: fuse-ntfs-3g = %{epoch}:%{version}-%{release}
-Patch0: ntfs-3g-2011.4.12-ntfsprogs-header-fix.patch
-Patch1: ntfs-3g_ntfsprogs-2011.4.12-enable-extras-option-full.patch
-# http://ntfs-3g.git.sourceforge.net/git/gitweb.cgi?p=ntfs-3g/ntfs-3g_ntfsprogs;a=commit;h=571dbc5784af042c94ed0f025c4d2d842c591d1f
-# https://bugzilla.redhat.com/show_bug.cgi?id=735862
-Patch2: ntfs-3g_ntfsprogs-571dbc5784af042c94ed0f025c4d2d842c591d1f-noautoreconf.patch
-# http://ntfs-3g.git.sourceforge.net/git/gitweb.cgi?p=ntfs-3g/ntfs-3g_ntfsprogs;a=blobdiff;f=ntfsprogs/ntfsck.c;h=0964a4de57a385308f9b5bf61b04b25812e17b7f;hp=ff6946dfe286a87e0dafd4c6a509a8b7bc69625e;hb=HEAD;hpb=0289d1a6c31942609b96fdf2c1baeb7355fee2bc
-Patch3: ntfsprogs-ntfsck-cleanups-from-git.patch
-# http://ntfs-3g.git.sourceforge.net/git/gitweb.cgi?p=ntfs-3g/ntfs-3g_ntfsprogs;a=blobdiff;f=ntfsprogs/ntfsfix.c;h=9b3d5eeb368ff85fa6ef3c18b44c2dcc2ba5ea07;hp=97a14a59b6318c0f2baa1c7a111bde3254e42d5a;hb=HEAD;hpb=44116675cad2055b326a9ac797c5105d78896475
-# bz 711662, 723562
-Patch4: ntfsprogs-ntfsfix-cleanups-from-git.patch
+Patch0: ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
+Patch1: CVE-2015-3202.patch
%description
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS
@@ -52,7 +55,9 @@ Group: Development/Libraries
Requires: %{name} = %{epoch}:%{version}-%{release}
Requires: pkgconfig
Provides: ntfsprogs-devel = %{epoch}:%{version}-%{release}
-Obsoletes: ntfsprogs-devel < %{epoch}:%{version}-%{release}
+# ntfsprogs-2.0.0-17 was never built. 2.0.0-16 was the last build for that
+# standalone package.
+Obsoletes: ntfsprogs-devel < 2.0.0-17
%description devel
Headers and libraries for developing applications that use ntfs-3g
@@ -65,7 +70,9 @@ Group: System Environment/Base
Provides: ntfsprogs-gnomevfs = %{epoch}:%{version}-%{release}
Obsoletes: ntfsprogs-gnomevfs
# Needed to fix multilib issue
-Obsoletes: ntfsprogs < %{epoch}:%{version}-%{release}
+# ntfsprogs-2.0.0-17 was never built. 2.0.0-16 was the last build for that
+# standalone package.
+Obsoletes: ntfsprogs < 2.0.0-17
%description -n ntfsprogs
The ntfsprogs package currently consists of a library and utilities such as
@@ -74,11 +81,8 @@ included utilities see man 8 ntfsprogs after installation).
%prep
%setup -q -n %{name}_ntfsprogs-%{version}%{?subver}
-%patch0 -p1 -b .header-fix
-%patch1 -p1 -b .enable-extras
-%patch2 -p1 -b .735862
-%patch3 -p1 -b .fsckfixes
-%patch4 -p1 -b .ntfsfixfixes
+%patch0 -p1 -b .unsupported
+%patch1 -p1 -b .CVE-2015-3202
%build
CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
@@ -89,28 +93,47 @@ CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
--with-fuse=external \
%endif
--exec-prefix=/ \
+%if %{oldrhel}
--bindir=/bin \
--sbindir=/sbin \
+ --libdir=/%{_lib} \
+%endif
+ --enable-crypto \
--enable-extras \
- --libdir=/%{_lib}
+ --enable-quarantined
make %{?_smp_mflags} LIBTOOL=%{_bindir}/libtool
%install
-rm -rf %{buildroot}
make LIBTOOL=%{_bindir}/libtool DESTDIR=%{buildroot} install
+%if %{oldrhel}
rm -rf %{buildroot}/%{_lib}/*.la
rm -rf %{buildroot}/%{_lib}/*.a
+%else
+rm -rf %{buildroot}%{_libdir}/*.la
+rm -rf %{buildroot}%{_libdir}/*.a
+%endif
-# make the symlink an actual copy to avoid confusion
+%if %{oldrhel}
rm -rf %{buildroot}/sbin/mount.ntfs-3g
cp -a %{buildroot}/bin/ntfs-3g %{buildroot}/sbin/mount.ntfs-3g
+%else
+rm -rf %{buildroot}/%{_sbindir}/mount.ntfs-3g
+cp -a %{buildroot}/%{_bindir}/ntfs-3g %{buildroot}/%{_sbindir}/mount.ntfs-3g
+%endif
# Actually make some symlinks for simplicity...
# ... since we're obsoleting ntfsprogs-fuse
+%if %{oldrhel}
pushd %{buildroot}/bin
ln -s ntfs-3g ntfsmount
popd
pushd %{buildroot}/sbin
+%else
+pushd %{buildroot}/%{_bindir}
+ln -s ntfs-3g ntfsmount
+popd
+pushd %{buildroot}/%{_sbindir}
+%endif
ln -s mount.ntfs-3g mount.ntfs-fuse
# And since there is no other package in Fedora that provides an ntfs
# mount...
@@ -119,6 +142,7 @@ ln -s mount.ntfs-3g mount.ntfs
ln -s ../bin/ntfsck fsck.ntfs
popd
+%if %{oldrhel}
# Compat symlinks
mkdir -p %{buildroot}%{_bindir}
pushd %{buildroot}%{_bindir}
@@ -129,58 +153,97 @@ popd
# Put the .pc file in the right place.
mkdir -p %{buildroot}%{_libdir}/pkgconfig/
mv %{buildroot}/%{_lib}/pkgconfig/libntfs-3g.pc %{buildroot}%{_libdir}/pkgconfig/
+%else
+mv %{buildroot}/sbin/* %{buildroot}/%{_sbindir}
+rmdir %{buildroot}/sbin
+%endif
# We get this on our own, thanks.
rm -rf %{buildroot}%{_defaultdocdir}/%{name}/README
+%if %{oldrhel}
mkdir -p %{buildroot}%{_datadir}/hal/fdi/policy/10osvendor/
cp -a %{SOURCE1} %{buildroot}%{_datadir}/hal/fdi/policy/10osvendor/
-
-%clean
-rm -rf %{buildroot}
+%endif
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
-%defattr(-,root,root,-)
%doc AUTHORS ChangeLog COPYING CREDITS NEWS README
+%if %{oldrhel}
/sbin/mount.ntfs
-%attr(754,root,root) /sbin/mount.ntfs-3g
+/sbin/mount.ntfs-3g
/sbin/mount.ntfs-fuse
/sbin/mount.lowntfs-3g
/bin/ntfs-3g
/bin/ntfsmount
+#compat symlinks
+%{_bindir}/ntfs-3g
+%{_bindir}/ntfsmount
+%else
+%{_sbindir}/mount.ntfs
+%{_sbindir}/mount.ntfs-3g
+%{_sbindir}/mount.ntfs-fuse
+%{_sbindir}/mount.lowntfs-3g
+%{_bindir}/ntfs-3g
+%{_bindir}/ntfsmount
+%endif
+%if %{oldrhel}
/bin/ntfs-3g.probe
/bin/ntfs-3g.secaudit
/bin/ntfs-3g.usermap
/bin/lowntfs-3g
-%{_bindir}/ntfs-3g
-%{_bindir}/ntfsmount
+%else
+%{_bindir}/ntfs-3g.probe
+%{_bindir}/ntfs-3g.secaudit
+%{_bindir}/ntfs-3g.usermap
+%{_bindir}/lowntfs-3g
+%endif
+%if %{oldrhel}
/%{_lib}/libntfs-3g.so.*
+%else
+%{_libdir}/libntfs-3g.so.*
+%endif
%{_mandir}/man8/mount.lowntfs-3g.*
%{_mandir}/man8/mount.ntfs-3g.*
%{_mandir}/man8/ntfs-3g*
+%if %{oldrhel}
%{_datadir}/hal/fdi/policy/10osvendor/20-ntfs-config-write-policy.fdi
+%endif
%files devel
-%defattr(-,root,root,-)
%{_includedir}/ntfs-3g/
+%if %{oldrhel}
/%{_lib}/libntfs-3g.so
+%else
+%{_libdir}/libntfs-3g.so
+%endif
%{_libdir}/pkgconfig/libntfs-3g.pc
%files -n ntfsprogs
-%defattr(-,root,root,-)
%doc AUTHORS COPYING CREDITS ChangeLog NEWS README
+%if %{oldrhel}
/bin/ntfscat
/bin/ntfscluster
/bin/ntfscmp
/bin/ntfsfix
/bin/ntfsinfo
/bin/ntfsls
+%else
+%{_bindir}/ntfscat
+%{_bindir}/ntfscluster
+%{_bindir}/ntfscmp
+%{_bindir}/ntfsfix
+%{_bindir}/ntfsinfo
+%{_bindir}/ntfsls
+%endif
# Extras
+%if %{oldrhel}
/bin/ntfsck
+/bin/ntfsdecrypt
/bin/ntfsdump_logfile
+/bin/ntfsfallocate
/bin/ntfsmftalloc
/bin/ntfsmove
/bin/ntfstruncate
@@ -193,11 +256,116 @@ rm -rf %{buildroot}
/sbin/ntfslabel
/sbin/ntfsresize
/sbin/ntfsundelete
+%else
+%{_bindir}/ntfsck
+%{_bindir}/ntfsdecrypt
+%{_bindir}/ntfsdump_logfile
+%{_bindir}/ntfsfallocate
+%{_bindir}/ntfsmftalloc
+%{_bindir}/ntfsmove
+%{_bindir}/ntfstruncate
+%{_bindir}/ntfswipe
+%{_sbindir}/fsck.ntfs
+%{_sbindir}/mkfs.ntfs
+%{_sbindir}/mkntfs
+%{_sbindir}/ntfsclone
+%{_sbindir}/ntfscp
+%{_sbindir}/ntfslabel
+%{_sbindir}/ntfsresize
+%{_sbindir}/ntfsundelete
+%endif
%{_mandir}/man8/mkntfs.8*
%{_mandir}/man8/mkfs.ntfs.8*
%{_mandir}/man8/ntfs[^m][^o]*.8*
+%exclude %{_mandir}/man8/ntfs-3g*
%changelog
+* Fri May 22 2015 Tom Callaway <spot at fedoraproject.org> 2:2015.3.14-2
+- fix CVE-2015-3202
+
+* Tue Apr 7 2015 Tom Callaway <spot at fedoraproject.org> 2:2015.3.14-1
+- update to 2015.3.14
+
+* Sat Feb 21 2015 Till Maas <opensource at till.name> - 2:2014.2.15-8
+- Rebuilt for Fedora 23 Change
+ https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
+
+* Tue Jan 13 2015 Tom Callaway <spot at fedoraproject.org> - 2:2014.2.15-7
+- add patch to ignore -s option
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2:2014.2.15-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Tue Aug 5 2014 Richard W.M. Jones <rjones at redhat.com> - 2:2014.2.15-5
+- Add upstream patch to fix fstrim so it works on partitions as well
+ as whole disks.
+
+* Thu Jul 31 2014 Richard W.M. Jones <rjones at redhat.com> - 2:2014.2.15-4
+- Upstream patches which add fstrim support.
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2:2014.2.15-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu Apr 24 2014 Tomáš Mráz <tmraz at redhat.com> - 2:2014.2.15-2
+- Rebuild for new libgcrypt
+
+* Wed Feb 26 2014 Tom Callaway <spot at fedoraproject.org> 2:2014.2.15-1
+- update to 2014.2.15
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2:2013.1.13-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue May 28 2013 Tom Callaway <spot at fedoraproject.org> - 2:2013.1.13-5
+- fix bug preventing reads on compressed files on windows 8 partitions (bz967301)
+
+* Mon May 6 2013 Tom Callaway <spot at fedoraproject.org> - 2:2013.1.13-4
+- apply fixes from upstream for issue with 4K sector drives (bz951603)
+ and truncated check for Interix types on a 32-bit CPU (bz958681)
+
+* Thu Feb 7 2013 Tom Callaway <spot at fedoraproject.org> - 2:2013.1.13-3
+- drop redundant manpages from ntfsprogs subpackage
+
+* Thu Jan 31 2013 Tom Callaway <spot at fedoraproject.org> - 2:2013.1.13-2
+- drop hal files, since hal is very dead
+
+* Tue Jan 22 2013 Richard W.M. Jones <rjones at redhat.com> - 2:2013.1.13-1
+- New upstream version 2013.1.13 (RHBZ#902729).
+- Drop ntfs-3g-junction-point-fix.patch (now upstream).
+- Drop Windows 8 patches x 2 (both now upstream).
+- Remove obsolete patches from Fedora git repository.
+- Fix .gitignore file.
+
+* Mon Oct 15 2012 Tom Callaway <spot at fedoraproject.org> - 2:2012.1.15-5
+- Limit obsoletes to last ntfsprogs-* versions ( < 2.0.0-17 ) to
+ minimize yum churn (where it would obsolete itself on every upgrade)
+ BZ#863641
+
+* Thu Oct 4 2012 Tom Callaway <spot at fedoraproject.org> - 2:2012.1.15-4
+- add patches from upstream git to add a level of safety in the case where windows 8
+ leaves the NTFS filesystem in an unsafe state and Linux access could result in data loss.
+ Basically, with these patches, Linux will refuse to mount the ntfs partition. For the details
+ refer to: https://bugzilla.redhat.com/show_bug.cgi?id=859373
+
+* Sun Aug 19 2012 Tom Callaway <spot at fedoraproject.org> - 2:2012.1.15-3
+- apply upstream fix for junction points (bz849332)
+
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2:2012.1.15-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Feb 10 2012 Tom Callaway <spot at fedoraproject.org> 2:2012.1.15-1
+- update to 2012.1.15
+
+* Wed Feb 1 2012 Kay Sievers <kay at redhat.com> 2:2011.10.9-3
+- install everything in /usr
+ https://fedoraproject.org/wiki/Features/UsrMove
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2:2011.10.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Oct 11 2011 Tom Callaway <spot at fedoraproject.org> - 2:2011.10.9-1
+- 2011.10.9-RC
+- patch ntfsck to return 0 instead of 1 on unsupported filesystem cases
+
* Mon Sep 12 2011 Tom Callaway <spot at fedoraproject.org> - 2:2011.4.12-5
- fix ntfsck symlink (thanks to Chris Smart for catching it)
@@ -213,10 +381,6 @@ rm -rf %{buildroot}
* Mon Apr 25 2011 Tom Callaway <spot at fedoraproject.org> - 2:2011.4.12-2
- add --enable-extras flag (and use it) to ensure proper binary installation
-* Thu Apr 14 2011 Tom Callaway <spot at fedoraproject.org> - 2:2011.4.12-1.1
-- fix up BR for el5
-- drop ntfsdecrypt (gnutls is too old in el5)
-
* Thu Apr 14 2011 Tom Callaway <spot at fedoraproject.org> - 2:2011.4.12-1
- update to 2011.4.12
- pickup ntfsprogs and obsolete the old separate packages
diff --git a/ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch b/ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
new file mode 100644
index 0000000..8fd39c6
--- /dev/null
+++ b/ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
@@ -0,0 +1,16 @@
+diff -up ntfs-3g_ntfsprogs-2011.10.9-RC/ntfsprogs/ntfsck.c.OLD ntfs-3g_ntfsprogs-2011.10.9-RC/ntfsprogs/ntfsck.c
+--- ntfs-3g_ntfsprogs-2011.10.9-RC/ntfsprogs/ntfsck.c.OLD 2011-10-11 10:24:02.381335115 -0400
++++ ntfs-3g_ntfsprogs-2011.10.9-RC/ntfsprogs/ntfsck.c 2011-10-11 10:26:41.513559206 -0400
+@@ -877,7 +877,11 @@ int main(int argc, char **argv)
+ if (errors)
+ return 2;
+ if (unsupported)
+- return 1;
++ ntfs_log_info("ntfsck was unable to run properly.\n");
++ // If we return 1 here, we fail for ntfs services fscking on boot just because
++ // ntfsck isn't smart enough to handle 99% of cases. So, we just return 0.
++ // return 1;
++ return 0;
+ return 0;
+ }
+
diff --git a/sources b/sources
index 85a757f..47a5bc0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-9c4ce318373b15332239a77a9d2a39fe ntfs-3g_ntfsprogs-2011.4.12.tgz
+8cd57768310e3b2be39b3191d808e241 ntfs-3g_ntfsprogs-2015.3.14.tgz
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/ntfs-3g.git/commit/?h=el5&id=439e7dbc12d1d2cdc15236f94ec8bdae4267a4e3
More information about the scm-commits
mailing list