~ruther/guix-local

1a82ba660e88e731841882523084e5d878267b53 — Kei Kebreau 9 years ago b2b02ba 
gnu: ntfs-3g: Fix CVE-2017-0358.

* gnu/packages/linux.scm (ntfs-3g)[source]: Add patch.
* gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
patch browse .tar.gz 
3 files changed, 45 insertions(+), 1 deletions(-)

M gnu/local.mk
M gnu/packages/linux.scm
A gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch

M gnu/local.mk => gnu/local.mk +2 -1
@@ 4,7 4,7 @@
# Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
# Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
# Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
# Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
# Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
# Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
# Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
# Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>


@@ 777,6 777,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/ninja-zero-mtime.patch			\
  %D%/packages/patches/node-9077.patch				\
  %D%/packages/patches/nss-pkgconfig.patch			\
  %D%/packages/patches/ntfs-3g-CVE-2017-0358.patch		\
  %D%/packages/patches/nvi-assume-preserve-path.patch		\
  %D%/packages/patches/nvi-dbpagesize-binpower.patch		\
  %D%/packages/patches/nvi-db4.patch				\


M gnu/packages/linux.scm => gnu/packages/linux.scm +1 -0
@@ 2908,6 2908,7 @@ from userspace.")
               (base32
                "180y5y09h30ryf2vim8j30a2npwz1iv9ly5yjmh3wjdkwh2jrdyp"))
              (modules '((guix build utils)))
              (patches (search-patches "ntfs-3g-CVE-2017-0358.patch"))
              (snippet
               ;; Install under $prefix.
               '(substitute* '("src/Makefile.in" "ntfsprogs/Makefile.in")


A gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch => gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch +42 -0
@@ 0,0 1,42 @@
Fix CVE-2017-0358:
http://seclists.org/oss-sec/2017/q1/259
This patch was copied from the above URL.

diff -ur ntfs-3g.old/src/lowntfs-3g.c ntfs-3g/src/lowntfs-3g.c
--- ntfs-3g.old/src/lowntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
+++ ntfs-3g/src/lowntfs-3g.c	2017-02-09 15:06:35.757580937 -0500
@@ -3827,13 +3827,14 @@
	struct stat st;
	pid_t pid;
	const char *cmd = "/sbin/modprobe";
+	char *env = (char*)NULL;
	struct timespec req = { 0, 100000000 };   /* 100 msec */
	fuse_fstype fstype;
        
	if (!stat(cmd, &st) && !geteuid()) {
		pid = fork();
		if (!pid) {
-			execl(cmd, cmd, "fuse", NULL);
+			execle(cmd, cmd, "fuse", NULL, &env);
			_exit(1);
		} else if (pid != -1)
			waitpid(pid, NULL, 0);
diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c
--- ntfs-3g.old/src/ntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
+++ ntfs-3g/src/ntfs-3g.c	2017-02-09 15:06:26.077252571 -0500
@@ -3612,13 +3612,14 @@
	struct stat st;
	pid_t pid;
	const char *cmd = "/sbin/modprobe";
+	char *env = (char*)NULL;
	struct timespec req = { 0, 100000000 };   /* 100 msec */
	fuse_fstype fstype;
	
	if (!stat(cmd, &st) && !geteuid()) {
		pid = fork();
		if (!pid) {
-			execl(cmd, cmd, "fuse", NULL);
+			execle(cmd, cmd, "fuse", NULL, &env);
			_exit(1);
		} else if (pid != -1)
			waitpid(pid, NULL, 0);