From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 02 14:52:55 2019 Received: (at submit) by debbugs.gnu.org; 2 Apr 2019 18:52:56 +0000 Received: from localhost ([127.0.0.1]:41704 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hBOWg-0002I3-RE for submit@debbugs.gnu.org; Tue, 02 Apr 2019 14:52:55 -0400 Received: from eggs.gnu.org ([209.51.188.92]:57079) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hBOWf-0002Hq-4A for submit@debbugs.gnu.org; Tue, 02 Apr 2019 14:52:49 -0400 Received: from lists.gnu.org ([209.51.188.17]:53638) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hBOWZ-0002mT-Tv for submit@debbugs.gnu.org; Tue, 02 Apr 2019 14:52:43 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43218) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hBOWY-0000KA-Gd for guix-patches@gnu.org; Tue, 02 Apr 2019 14:52:43 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hBOWX-0002gR-6Q for guix-patches@gnu.org; Tue, 02 Apr 2019 14:52:42 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:49117) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hBOWW-0002e0-TT for guix-patches@gnu.org; Tue, 02 Apr 2019 14:52:41 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 3F42B20963; Tue, 2 Apr 2019 14:52:39 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 02 Apr 2019 14:52:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=mesmtp; bh=6MXyzxFM4yffKt13AlIrdee CHzxH+MBzOdqrNlbPXfY=; b=iuZFFAPoz7MW5ybY3P8hlTxT+uWZoWSRteS6yq+ 1fzMAajf8x+hbarEWUHkq/G8PTIbBaCkDtTtn9Ko/LyHIP8kDhdTUzE5jRsNMfs+ 5SIOPcNXHRSM4t64DhTpyA/EeALZU1F0jWhiLlQ6Nr1Op8G7L0+g8tkpPJW90PJV DeTU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=6MXyzxFM4yffKt13A lIrdeeCHzxH+MBzOdqrNlbPXfY=; b=VaHsfiPA9xBBXcHkQmL4yy1qGOjT4aulA hd9nbFUBX+mVIbJmH58zJWDbi6NHvmty2djGRlDBjb00MXs3urC6T9/2SkQsN5my mSsCL5WpFEpJhjLecE63SJKEClRBBd70gnMKHv1MCzB61QQwTipRIM/KkUzx7NNm L2TTM43KV4sMH+isKESw73baqPwpvTDwLJ2E+ZgOE0TkhKEnEv1LEygcIeGshPh5 eM/1/clXmWc01habChOevAUmUUblgsk2DhQrPL0zewnf1AIW6+7BxmGsLTc5oqxr oVZyCMhV1ndpR8ANk9I93ZNIMR5wJdD47nj4a9PgeVqeUxsMboAgA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrtddtgdduuddtucdltddurdeguddtrddttd dmucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvf fufffkofgggfestdekredtredttdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceo lhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuffhomhgrihhnpehmihhtrhgvrdhorh hgpdhtuhigvghrrgdrtghomhdpshhouhhrtggvfhhorhhgvgdrnhgvthdpuggvsghirghn rdhorhhgnecukfhppeejuddruddthedrvddttddrjedvnecurfgrrhgrmhepmhgrihhlfh hrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgvnecuvehluhhsthgvrhfuihiivgep td X-ME-Proxy: Received: from jasmine.lan (pool-71-105-200-72.nycmny.fios.verizon.net [71.105.200.72]) by mail.messagingengine.com (Postfix) with ESMTPA id 6D08B1030F for ; Tue, 2 Apr 2019 14:52:38 -0400 (EDT) From: Leo Famulari To: guix-patches@gnu.org Subject: [PATCH] gnu: ntfs-3g: Fix CVE-2019-9755. Date: Tue, 2 Apr 2019 14:52:34 -0400 Message-Id: <3140c130c5567b91dd2a9a8f28b279096933d39c.1554231154.git.leo@famulari.name> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 66.111.4.26 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) * gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (ntfs-3g)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 1 + .../patches/ntfs-3g-CVE-2019-9755.patch | 72 +++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch diff --git a/gnu/local.mk b/gnu/local.mk index 45598d4e14..a8f162b333 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1085,6 +1085,7 @@ dist_patch_DATA = \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-pkgconfig.patch \ + %D%/packages/patches/ntfs-3g-CVE-2019-9755.patch \ %D%/packages/patches/nvi-assume-preserve-path.patch \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ %D%/packages/patches/nvi-db4.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 9e4261eb02..0763b75c98 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3624,6 +3624,7 @@ from userspace.") (method url-fetch) (uri (string-append "https://tuxera.com/opensource/" "ntfs-3g_ntfsprogs-" version ".tgz")) + (patches (search-patches "ntfs-3g-CVE-2019-9755.patch")) (sha256 (base32 "1mb228p80hv97pgk3myyvgp975r9mxq56c6bdn1n24kngcfh4niy")) diff --git a/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch new file mode 100644 index 0000000000..a7794aed47 --- /dev/null +++ b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch @@ -0,0 +1,72 @@ +Fix CVE-2019-9755: + +https://security-tracker.debian.org/tracker/CVE-2019-9755 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9755 + +Patch copied from upstream source repository: + +https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/ + +From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Wed, 19 Dec 2018 15:57:50 +0100 +Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint + +The size check was inefficient because getcwd() uses an unsigned int +argument. +--- + src/lowntfs-3g.c | 6 +++++- + src/ntfs-3g.c | 6 +++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c +index 993867fa..0660439b 100644 +--- a/src/lowntfs-3g.c ++++ b/src/lowntfs-3g.c +@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c +index 6ce89fef..4e0912ae 100644 +--- a/src/ntfs-3g.c ++++ b/src/ntfs-3g.c +@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +-- +2.21.0 + -- 2.21.0 From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 03 16:18:18 2019 Received: (at 35107) by debbugs.gnu.org; 3 Apr 2019 20:18:18 +0000 Received: from localhost ([127.0.0.1]:43263 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hBmKv-00008v-TM for submit@debbugs.gnu.org; Wed, 03 Apr 2019 16:18:18 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45322) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hBmKt-00008j-Qs for 35107@debbugs.gnu.org; Wed, 03 Apr 2019 16:18:16 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60501) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hBmKo-0007jP-Fz; Wed, 03 Apr 2019 16:18:10 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=34116 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hBmKn-0008Ck-VJ; Wed, 03 Apr 2019 16:18:10 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Leo Famulari Subject: Re: [bug#35107] [PATCH] gnu: ntfs-3g: Fix CVE-2019-9755. References: <3140c130c5567b91dd2a9a8f28b279096933d39c.1554231154.git.leo@famulari.name> Date: Wed, 03 Apr 2019 22:18:08 +0200 In-Reply-To: <3140c130c5567b91dd2a9a8f28b279096933d39c.1554231154.git.leo@famulari.name> (Leo Famulari's message of "Tue, 2 Apr 2019 14:52:34 -0400") Message-ID: <87sguyrgfz.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 35107 Cc: 35107@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Leo, Leo Famulari skribis: > * gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/linux.scm (ntfs-3g)[source]: Use it. LGTM, thanks! > +Subject: [PATCH] Fixed reporting an error when failed to build the mount= point > + > +The size check was inefficient because getcwd() uses an unsigned int > +argument. Looks like we=E2=80=99re gonna keep seeing these for the rest of our lives= =E2=80=A6 Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 03 18:32:58 2019 Received: (at 35107-done) by debbugs.gnu.org; 3 Apr 2019 22:32:59 +0000 Received: from localhost ([127.0.0.1]:43391 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hBoRG-0005Uf-Jk for submit@debbugs.gnu.org; Wed, 03 Apr 2019 18:32:58 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:43385) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hBoRE-0005UR-F1 for 35107-done@debbugs.gnu.org; Wed, 03 Apr 2019 18:32:56 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 567062232B; Wed, 3 Apr 2019 18:32:51 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 03 Apr 2019 18:32:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=WoRr7+foE7o7bYgVnLDuG0ym cfSyIz6s0VMqcDwSjsY=; b=rQgdEwz7BjTHBDk/szqf4+25yVcOpNSX4XQF2L0M Vm7bqp3y1liwD5CIyjieULKrNtpL84J4amcb+/Q3TcEUrI2rXUx/0EP3hi1r68TJ qXKDjxhnHeciu44Gdg/69fsIDdxd2JksqlHDd67kWtHjJQMfaPGWkbNzdLyMRXxu GMU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=WoRr7+ foE7o7bYgVnLDuG0ymcfSyIz6s0VMqcDwSjsY=; b=kg6V+P/YfqTLGEzLbhtJmI 0DCT81SNgA3xYzG4YGqSssIe/mYA6YBuJl0QY62I8s65JQqXemKTHdqYKklH3yB2 ueMuoKNYK5kGX1xi51IE+3JP8peEW98u71juWcQtFW/LVSIrnnorTWMqxh5aqYK/ BAhYx9HI29NJ3CVRSzPZSkLxweZjrnBhGoYEy70lCZiHQ9Z3QDhznbwW8FQWYwBt xZdpwYIJ5BnNCIq91byXvAhk7wML3Qwp2urDlwgk0Oa9/5SpqTqeCPQf7YdRw7C3 x4vryKovwKAGfXxIQCFqnUrvdADe1m7kLceiV/B3baKPcziwHbVPTL0hfxeDkwAQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrtdeggddutdculddtuddrgedutddrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg hnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehgtderredtreej necuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnh grmhgvqeenucfkphepjeeirdduvdegrddvtddvrddufeejnecurfgrrhgrmhepmhgrihhl fhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgvnecuvehluhhsthgvrhfuihiivg eptd X-ME-Proxy: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 6E126E4176; Wed, 3 Apr 2019 18:32:50 -0400 (EDT) Date: Wed, 3 Apr 2019 18:32:47 -0400 From: Leo Famulari To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: [bug#35107] [PATCH] gnu: ntfs-3g: Fix CVE-2019-9755. Message-ID: <20190403223247.GA10124@jasmine.lan> References: <3140c130c5567b91dd2a9a8f28b279096933d39c.1554231154.git.leo@famulari.name> <87sguyrgfz.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="h31gzZEtNLTqOjlF" Content-Disposition: inline In-Reply-To: <87sguyrgfz.fsf@gnu.org> User-Agent: Mutt/1.11.4 (2019-03-13) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 35107-done Cc: 35107-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --h31gzZEtNLTqOjlF Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 03, 2019 at 10:18:08PM +0200, Ludovic Court=C3=A8s wrote: > Leo Famulari skribis: > > +Subject: [PATCH] Fixed reporting an error when failed to build the mou= ntpoint > > + > > +The size check was inefficient because getcwd() uses an unsigned int > > +argument. >=20 > Looks like we=E2=80=99re gonna keep seeing these for the rest of our live= s=E2=80=A6 The golden oldies... Pushed as 6d01a7f4c45716e72bab1231c4cb8c07e4e3fbd7 --h31gzZEtNLTqOjlF Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlylNI8ACgkQJkb6MLrK fwifuxAA5nCP25M4eqtfwclcEAv0RI37bQkP5TfKcKEKFj5iLRZs12TcUOoJtqvB PS7eRJ3QwCYy1j7CeIHUYu6B7JX1TGo3MJP9C2RQpqLbZwwtv7Nv27iq1ubai8wW yNCcuonlx9FKXx6LcXxSAe1ooE60OID/7E/egiqoQxN2T2GQH1CiltRHsal1DjOs UjwUqwofaW2DisQy9FmmkFvE/YD21je7nyVnOtxJpBH/pDEl5iP+Tw6IGWR2dsaY t2jtlagD6bLLTbS11MgQby3cAA64plH7422yjgoZnQkBFTVJ+6Q1G2Fw3htHDhcE lnxESObIZ1+bqFbTKpl/sPSj+M4M/1YLZGhGRFVSz6mTiW7iNVKZrYGLX+zK8p3B q8HdRcTi/2aIYNDyiCJIm4HZFR5mkj1a86z4v8m3fZhqIKIuukcgjsA2416pxHnj WXALOWB2MkELvc685XB9BunqqtAQMFS7lbHcQX/ZOvOqxdyFg6opN68utx9DS1jW DhLmjl23amE+KRzh0xFsFBE3Ae6uNEX99WwNb1WZmD4GTR60G/x/8YL+HMMdHkmg AjY5cgFpQ3M2GZRFBy6tWy0bZlGP/hLlj0+gv/mRrB5fhKHArx9V6RXIC3/+iAog ahb5ybVZuC4e38fytbr8hxgDLsjw6RhTAU+WmvaW9Whqquow2As= =2NqY -----END PGP SIGNATURE----- --h31gzZEtNLTqOjlF-- From unknown Fri Jul 11 13:28:40 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 02 May 2019 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator