From 98efcc977786a0a48188f58aa00e91879fa6d2c5 Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Fri, 22 May 2015 16:02:30 -0400 Subject: [PATCH] fix CVE-2015-3202 --- CVE-2015-3202.patch | 55 +++++++++++++++++++++++++++++++++++++++++++++ ntfs-3g.spec | 10 ++++++++- 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 CVE-2015-3202.patch diff --git a/CVE-2015-3202.patch b/CVE-2015-3202.patch new file mode 100644 index 0000000..2bd930b --- /dev/null +++ b/CVE-2015-3202.patch @@ -0,0 +1,55 @@ + lib/mount_util.c | 23 +++++++++++++++++------ + 1 file changed, 17 insertions(+), 6 deletions(-) + +--- a/lib/mount_util.c ++++ b/lib/mount_util.c +@@ -97,10 +97,12 @@ static int add_mount(const char *prognam + goto out_restore; + } + if (res == 0) { ++ char *env = NULL; ++ + sigprocmask(SIG_SETMASK, &oldmask, NULL); + setuid(geteuid()); +- execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i", +- "-f", "-t", type, "-o", opts, fsname, mnt, NULL); ++ execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i", ++ "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env); + fprintf(stderr, "%s: failed to execute /bin/mount: %s\n", + progname, strerror(errno)); + exit(1); +@@ -148,10 +150,17 @@ static int exec_umount(const char *progn + goto out_restore; + } + if (res == 0) { ++ char *env = NULL; ++ + sigprocmask(SIG_SETMASK, &oldmask, NULL); + setuid(geteuid()); +- execl("/bin/umount", "/bin/umount", "-i", rel_mnt, +- lazy ? "-l" : NULL, NULL); ++ if (lazy) { ++ execle("/bin/umount", "/bin/umount", "-i", rel_mnt, ++ "-l", NULL, &env); ++ } else { ++ execle("/bin/umount", "/bin/umount", "-i", rel_mnt, ++ NULL, &env); ++ } + fprintf(stderr, "%s: failed to execute /bin/umount: %s\n", + progname, strerror(errno)); + exit(1); +@@ -207,10 +216,12 @@ static int remove_mount(const char *prog + goto out_restore; + } + if (res == 0) { ++ char *env = NULL; ++ + sigprocmask(SIG_SETMASK, &oldmask, NULL); + setuid(geteuid()); +- execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i", +- "--fake", mnt, NULL); ++ execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i", ++ "--fake", mnt, NULL, &env); + fprintf(stderr, "%s: failed to execute /bin/umount: %s\n", + progname, strerror(errno)); + exit(1); \ No newline at end of file diff --git a/ntfs-3g.spec b/ntfs-3g.spec index c27f3c7..d83e7a9 100644 --- a/ntfs-3g.spec +++ b/ntfs-3g.spec @@ -16,7 +16,7 @@ Name: ntfs-3g Summary: Linux NTFS userspace driver Version: 2015.3.14 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Base Source0: http://tuxera.com/opensource/%{name}_ntfsprogs-%{version}%{?subver}.tgz @@ -36,6 +36,7 @@ Provides: ntfsprogs-fuse = %{epoch}:%{version}-%{release} Obsoletes: ntfsprogs-fuse Provides: fuse-ntfs-3g = %{epoch}:%{version}-%{release} Patch0: ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch +Patch1: CVE-2015-3202.patch %description NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS @@ -81,6 +82,7 @@ included utilities see man 8 ntfsprogs after installation). %prep %setup -q -n %{name}_ntfsprogs-%{version}%{?subver} %patch0 -p1 -b .unsupported +%patch1 -p1 -b .CVE-2015-3202 %build CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64" @@ -176,6 +178,9 @@ cp -a %{SOURCE1} %{buildroot}%{_datadir}/hal/fdi/policy/10osvendor/ /sbin/mount.lowntfs-3g /bin/ntfs-3g /bin/ntfsmount +#compat symlinks +%{_bindir}/ntfs-3g +%{_bindir}/ntfsmount %else %{_sbindir}/mount.ntfs %{_sbindir}/mount.ntfs-3g @@ -275,6 +280,9 @@ cp -a %{SOURCE1} %{buildroot}%{_datadir}/hal/fdi/policy/10osvendor/ %exclude %{_mandir}/man8/ntfs-3g* %changelog +* Fri May 22 2015 Tom Callaway 2:2015.3.14-2 +- fix CVE-2015-3202 + * Tue Apr 7 2015 Tom Callaway 2:2015.3.14-1 - update to 2015.3.14