initial import

2025-06-22 20:39:04 -05:00
commit f8a70886f0
3428 changed files with 302546 additions and 0 deletions
--- a/ntfs-3g/CVE-2023-52890.patch
+++ b/ntfs-3g/CVE-2023-52890.patch
@@ -0,0 +1,34 @@
+From 75dcdc2cf37478fad6c0e3427403d198b554951d Mon Sep 17 00:00:00 2001
+From: Erik Larsson <erik@tuxera.com>
+Date: Tue, 13 Jun 2023 17:47:15 +0300
+Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'.
+
+If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,
+then 'n' will be less than 0 and the loop will terminate without storing
+anything in '*t'. After the loop the uppercase string's allocation is
+freed, however after it is freed it is unconditionally accessed through
+'*t', which points into the freed allocation, for the purpose of NULL-
+terminating the string. This leads to a use-after-free.
+Fixed by only NULL-terminating the string when no error has been thrown.
+
+Thanks for Jeffrey Bencteux for reporting this issue:
+https://github.com/tuxera/ntfs-3g/issues/84
+---
+ libntfs-3g/unistr.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
+index 5854b3b7..db8ddf42 100644
+--- a/libntfs-3g/unistr.c
+++ b/libntfs-3g/unistr.c
+@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low,
+ 			free(upp);
+ 			upp = (char*)NULL;
+ 			errno = EILSEQ;
+		} else {
+			*t = 0;
+ 		}
+-		*t = 0;
+ 	}
+ 	return (upp);
+ }
--- a/ntfs-3g/PKGBUILD
+++ b/ntfs-3g/PKGBUILD
@@ -0,0 +1,69 @@
+# Maintainer: Jesus E. <heckyel@riseup.net>
+
+pkgname=ntfs-3g
+pkgver=2021.8.22
+_debver=$pkgver
+_debrel=3
+pkgrel=3
+pkgdesc="NTFS filesystem driver and utilities"
+url='https://www.tuxera.com/community/open-source-ntfs-3g/'
+arch=('i686' 'x86_64')
+license=('GPL-2' 'LGPL-2')
+depends=('util-linux' 'fuse2')
+makedepends=('quilt')
+conflicts=('ntfsprogs')
+provides=('ntfsprogs')
+replaces=('ntfsprogs')
+source=("https://repo.hyperbola.info:50000/sources/${pkgname}/${pkgname}-${pkgver}.tar.gz"{,.sig}
+        "https://repo.hyperbola.info:50000/sources/${pkgname}/ntfs-3g_${_debver}-${_debrel}.debian.tar.xz"{,.sig}
+        "CVE-2023-52890.patch")
+sha512sums=('5cacdbda89e64b61f190fa10b571641c51ca048971ad26ec3484964a4b3281297478da9df3810fa75e4f6d3404d39bdf54dbb3f9a30180018e9512510cad2ded'
+            'SKIP'
+            '982bba7545e069e2338942d44f0a08a9a1b7532e6568c1acb4b765372bcb3d4d511cf7fae74bb71a4d13a734da19737cf930b5c4307991726c1efbf0d0a585dc'
+            'SKIP'
+            '3906eea1dd20a3f4f071bbc8f1b508c27a1204985719f0e10b1da241ca4ce9d48a3d829303cb48913e56041b900045c3bdb4b96c92f96ee66cd53344605512c7')
+validpgpkeys=('C92BAA713B8D53D3CAE63FC9E6974752F9704456') # André Silva
+
+prepare() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+
+  if [[ ${pkgver%.*} = ${_debver%.*} ]]; then
+    # Debian patches
+    export QUILT_PATCHES=debian/patches
+    export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
+    export QUILT_DIFF_ARGS='--no-timestamps'
+
+    mv "$srcdir"/debian .
+
+    quilt push -av
+  fi
+  patch -Np1 -i ${srcdir}/CVE-2023-52890.patch
+  autoreconf -vfi
+}
+
+build() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  ./configure \
+      --prefix=/usr \
+      --exec-prefix=/usr \
+      --mandir=/usr/share/man \
+      --disable-ldconfig \
+      --disable-static \
+      --with-fuse=external \
+      --enable-posix-acls \
+      --enable-extras
+
+  make
+}
+
+package() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  make DESTDIR="${pkgdir}" install
+
+  install -d -m755 "${pkgdir}/usr/share/licenses/$pkgname"
+  for i in COPYING{,.LIB}; do
+    install -m644 "$i" "${pkgdir}/usr/share/licenses/${pkgname}/$i"
+  done
+
+  ln -s /usr/bin/ntfs-3g "${pkgdir}/sbin/mount.ntfs"
+}