diff --git a/CVE-2022-40284_1.patch b/CVE-2022-40284_1.patch deleted file mode 100644 index 0ae527148534bf93a3b829a89ec53f70c6de2246..0000000000000000000000000000000000000000 --- a/CVE-2022-40284_1.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 18bfc676119a1188e8135287b8327b0760ba44a1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= -Date: Wed, 14 Sep 2022 08:29:58 +0200 -Subject: [PATCH] Rejected zero-sized runs - -A zero-size run is the universal way to indentify the end of a runlist, -so we must reject zero-sized runs when decompressing a runlist. A -zero-size data run is an error, and a zero-size hole is simply ignored. ---- - libntfs-3g/runlist.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/libntfs-3g/runlist.c b/libntfs-3g/runlist.c -index c83c2b7d..720bdce6 100644 ---- a/libntfs-3g/runlist.c -+++ b/libntfs-3g/runlist.c -@@ -5,7 +5,7 @@ - * Copyright (c) 2002-2005 Richard Russon - * Copyright (c) 2002-2008 Szabolcs Szakacsits - * Copyright (c) 2004 Yura Pakhuchiy -- * Copyright (c) 2007-2010 Jean-Pierre Andre -+ * Copyright (c) 2007-2022 Jean-Pierre Andre - * - * This program/include file is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as published -@@ -918,11 +918,18 @@ static runlist_element *ntfs_mapping_pairs_decompress_i(const ntfs_volume *vol, - "array.\n"); - goto err_out; - } -+ /* chkdsk accepts zero-sized runs only for holes */ -+ if ((lcn != (LCN)-1) && !rl[rlpos].length) { -+ ntfs_log_debug( -+ "Invalid zero-sized data run.\n"); -+ goto err_out; -+ } - /* Enter the current lcn into the runlist element. */ - rl[rlpos].lcn = lcn; - } -- /* Get to the next runlist element. */ -- rlpos++; -+ /* Get to the next runlist element, skipping zero-sized holes */ -+ if (rl[rlpos].length) -+ rlpos++; - /* Increment the buffer position to the next mapping pair. */ - buf += (*buf & 0xf) + ((*buf >> 4) & 0xf) + 1; - } diff --git a/CVE-2022-40284_2.patch b/CVE-2022-40284_2.patch deleted file mode 100644 index 20b93a166b63d214fe1970182ee101f0b9dcd085..0000000000000000000000000000000000000000 --- a/CVE-2022-40284_2.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 76c3a799a97fbcedeeeca57f598be508ae2a1656 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= -Date: Wed, 14 Sep 2022 08:31:31 +0200 -Subject: [PATCH] Avoided merging runlists with no runs - -Runlists with no runs are tolerated though not expected. However merging -such runlists is problematic as there is no significant vcn to examine. -So avoid merging them, and just return the other runlist. ---- - libntfs-3g/runlist.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/libntfs-3g/runlist.c b/libntfs-3g/runlist.c -index 720bdce6..cb01e5a7 100644 ---- a/libntfs-3g/runlist.c -+++ b/libntfs-3g/runlist.c -@@ -994,13 +994,18 @@ static runlist_element *ntfs_mapping_pairs_decompress_i(const ntfs_volume *vol, - rl[rlpos].vcn = vcn; - rl[rlpos].length = (s64)0; - /* If no existing runlist was specified, we are done. */ -- if (!old_rl) { -+ if (!old_rl || !old_rl[0].length) { - ntfs_log_debug("Mapping pairs array successfully decompressed:\n"); - ntfs_debug_runlist_dump(rl); -+ if (old_rl) -+ free(old_rl); - return rl; - } - /* Now combine the new and old runlists checking for overlaps. */ -- old_rl = ntfs_runlists_merge(old_rl, rl); -+ if (rl[0].length) -+ old_rl = ntfs_runlists_merge(old_rl, rl); -+ else -+ free(rl); - if (old_rl) - return old_rl; - err = errno; diff --git a/ntfs-3g.spec b/ntfs-3g.spec index de134f81255d0de58f7866628e3458faeeb6bf6f..c556a1c754a6a67be652165ff7f9d6b95c4e565a 100644 --- a/ntfs-3g.spec +++ b/ntfs-3g.spec @@ -1,6 +1,6 @@ Name: ntfs-3g -Version: 2022.5.17 -Release: 2 +Version: 2022.10.3 +Release: 1 Epoch: 2 Summary: Linux NTFS userspace driver License: GPLv2+ @@ -8,8 +8,6 @@ URL: http://www.ntfs-3g.org/ Source0: http://tuxera.com/opensource/%{name}_ntfsprogs-%{version}%{?subver}.tgz Patch0: 0000-ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch Patch1: add-version-and-help-usage.patch -Patch2: CVE-2022-40284_1.patch -Patch3: CVE-2022-40284_2.patch BuildRequires: libtool, libattr-devel, libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel Provides: ntfsprogs-fuse = %{epoch}:%{version}-%{release} @@ -91,6 +89,9 @@ rm -rf $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/README %{_mandir}/man*/* %changelog +* Tue Apr 18 2023 liyanan - 2:2022.10.3-1 +- Update to 2022.10.3 + * Thu Nov 10 2022 liyuxiang - 2:2022.5.17-2 - fix CVE-2022-40284 diff --git a/ntfs-3g_ntfsprogs-2022.10.3.tgz b/ntfs-3g_ntfsprogs-2022.10.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..634ece42295d76e70004f584003052dbbb55f09f Binary files /dev/null and b/ntfs-3g_ntfsprogs-2022.10.3.tgz differ diff --git a/ntfs-3g_ntfsprogs-2022.5.17.tgz b/ntfs-3g_ntfsprogs-2022.5.17.tgz deleted file mode 100644 index e3053d82f77493c14630dd2a094dbc77560d4e97..0000000000000000000000000000000000000000 Binary files a/ntfs-3g_ntfsprogs-2022.5.17.tgz and /dev/null differ