<pre style='margin:0'>
Zero King (l2dy) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/459c7fa482d41654963a51f053202d07d00f15cf">https://github.com/macports/macports-ports/commit/459c7fa482d41654963a51f053202d07d00f15cf</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 459c7fa ntfs-3g: Fix CVE-2019-9755
</span>459c7fa is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 459c7fa482d41654963a51f053202d07d00f15cf
</span>Author: Zero King <l2dy@macports.org>
AuthorDate: Fri Mar 22 04:29:40 2019 +0000
<span style='display:block; white-space:pre;color:#404040;'> ntfs-3g: Fix CVE-2019-9755
</span>---
fuse/ntfs-3g/Portfile | 4 +-
fuse/ntfs-3g/files/patch-CVE-2019-9755.diff | 63 +++++++++++++++++++++++++++++
2 files changed, 66 insertions(+), 1 deletion(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/fuse/ntfs-3g/Portfile b/fuse/ntfs-3g/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 775f056..01d368f 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/fuse/ntfs-3g/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/fuse/ntfs-3g/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -4,6 +4,7 @@ PortSystem 1.0
</span>
name ntfs-3g
version 2017.3.23
<span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 1
</span> categories fuse
platforms darwin
maintainers nomaintainer
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -41,7 +42,8 @@ universal_variant no
</span> # Use default PKG_CONFIG_PATH to avoid picking up a FUSE installation
# in /usr/local (see #30537)
patchfiles patch-configure.diff \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- libntfs-3g_Makefile.in.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ libntfs-3g_Makefile.in.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patch-CVE-2019-9755.diff
</span>
configure.args --exec-prefix=${prefix} --with-fuse=external
# do not try to use this function in macOS 10.13 to avoid compilation error
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/fuse/ntfs-3g/files/patch-CVE-2019-9755.diff b/fuse/ntfs-3g/files/patch-CVE-2019-9755.diff
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..acab2b2
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/fuse/ntfs-3g/files/patch-CVE-2019-9755.diff
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,63 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Date: Wed, 19 Dec 2018 15:57:50 +0100
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+The size check was inefficient because getcwd() uses an unsigned int
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+argument.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+---
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ src/lowntfs-3g.c | 6 +++++-
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ src/ntfs-3g.c | 6 +++++-
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 2 files changed, 10 insertions(+), 2 deletions(-)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git src/lowntfs-3g.c src/lowntfs-3g.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index 993867f..0660439 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- src/lowntfs-3g.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ src/lowntfs-3g.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[])
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (ctx->abs_mnt_point) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- if (getcwd(ctx->abs_mnt_point,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if ((strlen(opts.mnt_point) < PATH_MAX)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ && getcwd(ctx->abs_mnt_point,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ PATH_MAX - strlen(opts.mnt_point) - 1)) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ strcat(ctx->abs_mnt_point, "/");
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ strcat(ctx->abs_mnt_point, opts.mnt_point);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[])
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /* Solaris also wants the absolute mount point */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ opts.mnt_point = ctx->abs_mnt_point;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #endif /* defined(__sun) && defined (__SVR4) */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ } else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ free(ctx->abs_mnt_point);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ctx->abs_mnt_point = (char*)NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git src/ntfs-3g.c src/ntfs-3g.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index 6ce89fe..4e0912a 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- src/ntfs-3g.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ src/ntfs-3g.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[])
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (ctx->abs_mnt_point) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- if (getcwd(ctx->abs_mnt_point,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if ((strlen(opts.mnt_point) < PATH_MAX)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ && getcwd(ctx->abs_mnt_point,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ PATH_MAX - strlen(opts.mnt_point) - 1)) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ strcat(ctx->abs_mnt_point, "/");
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ strcat(ctx->abs_mnt_point, opts.mnt_point);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[])
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /* Solaris also wants the absolute mount point */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ opts.mnt_point = ctx->abs_mnt_point;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #endif /* defined(__sun) && defined (__SVR4) */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ } else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ free(ctx->abs_mnt_point);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ctx->abs_mnt_point = (char*)NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+2.21.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span></pre><pre style='margin:0'>
</pre>