[SRU] Please backport latest ntfs-3g to precise and trusty

Bug #1295030 reported by Bernhard on 2014-03-20
40
This bug affects 7 people
Affects Status Importance Assigned to Milestone
ntfs-3g (Debian)
Fix Released
Unknown
ntfs-3g (Fedora)
Fix Released
Medium
ntfs-3g (Ubuntu)
Undecided
Unassigned

Bug Description

Hello,

please update the ntfs-3g packages to the latest version "2014.2.15 (January 23, 2014), 2014.2.15AR.1" in trusty (14.04) and precise (12.04) because trusty's and precise's version is more than one year old.
And please update to new ntfs3g versions at the point releases e.g.14.04.1 to get the new features/fixes!

http://www.tuxera.com/community/release-history/

STABLE Version 2014.2.15 (January 23, 2014)

    libntfs: added use of hd library to get the legacy BIOS geometry
    libntfs: switched to /proc/mounts for checking existing mounts
    libntfs: fixed usa checking by ntfsck on 4K sector disks
    libntfs: fixed processing compressed data beyond file size (Windows 8 compliance)
    libntfs: fixed expanding a resident attribute without inserting holes
    libntfs: allow DACLs to not have any ACE
    libntfs: ignore unmapped regions when checking whether sparse
    libntfs: upgraded the Win32 interface for use with ntfsprogs
    ntfsresize: enabled relocating the MFT when shrinking a volume
    ntfsresize: fixed trying to update the MFT and Bitmap on a test run
    ntfsresize: fixed updating all the MFT runs in a relocated MFT
    ntfsresize: set the backup boot sector when the size is reliable
    ntfsresize: reserved a single sector for the backup boot sector
    ntfsundelete: output the modification time when scanning files
    ntfsundelete: ported to Windows
    ntfsclone: fixed wiping fragmented metadata when creating a metadata image
    ntfsclone: allowed cloning a file system despite allocation errors
    ntfsclone: fixed bad copying of the backup boot sector
    ntfsclone: ported to Windows
    ntfsdecrypt: made compatible with libgrypt-1.6

Thank you for your support!

Best regards, Bernhard

CVE References

Bernhard (baumber) on 2014-03-20
tags: added: 14.04 ntfs-3g trusty
Bernhard (baumber) wrote :

Or when you use the advanced releases;

http://www.tuxera.com/community/ntfs-3g-advanced/

release 2013.1.13AR.4

Bernhard (baumber) wrote :

Please backport this version ntfs-3g 2014.2.15AR.1 to precise and trusty repo backports.

Thanks, Bernhard

Bump

summary: - Please update ntfs-3g to the latest version for trusty
+ Please backport latest ntfs-3g to precise and trusty
tags: added: 12.04 precise
description: updated
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ntfs-3g (Ubuntu):
status: New → Confirmed
Marcos K (g-ubuntu-com-y) wrote :

A severe side-effect of the old version (currently used in Ubumtu 14.04) is described at http://askubuntu.com/questions/597815/ntfs-3g-failed-to-decompress-file

Not just inability to access Windows 8 compressed files (or others too?), but leads to a disk space DOS, essentially killing the Linux OS until the mess gets cleaned up.

This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.

Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.

NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.

[bug automatically created by: add-tracking-bugs]

Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug. This will ensure that all associated bugs get updated
when new packages are pushed to stable.

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1224103,1224105

# Description of your update
notes=Security fix for CVE-2015-3202

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1224103,1224105

Created attachment 1028860
Fix for clearing the environment

Use execle() instead of execl()

ntfs-3g-2015.3.14-2.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/ntfs-3g-2015.3.14-2.fc22

ntfs-3g-2015.3.14-2.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/ntfs-3g-2015.3.14-2.fc21

ntfs-3g-2015.3.14-2.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/ntfs-3g-2015.3.14-2.fc20

Changed in ntfs-3g (Debian):
status: Unknown → Fix Released

Package ntfs-3g-2015.3.14-2.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ntfs-3g-2015.3.14-2.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-8771/ntfs-3g-2015.3.14-2.fc21
then log in and leave karma (feedback).

Changed in ntfs-3g (Debian):
status: Fix Released → Confirmed

A very valid argument is the better handling of ntfs-resize with UEFI.

@ Bernhard

a valid request for SRU-backporting is a little more complicated, pls read carefully

https://wiki.ubuntu.com/UbuntuBackports

It has to be requested first for the current version of Ubuntu (which is VividVervet) - then backported to Utopic - then to Trusty - then to Precise

Once the first steo is done, the request should appear in https://launchpad.net/vivid-backports

tags: added: hw-specific
tags: added: utopic vivid

Looking at the PTS-Tracker [1] in Debian and the Ubuntu Package search [2] tells us that the backport has to be requested firstly for UtopicUnicorn

[1] https://packages.qa.debian.org/n/ntfs-3g.html
[2] http://packages.ubuntu.com/search?keywords=ntfs-3g&searchon=names&suite=all&section=all

tags: removed: vivid
summary: - Please backport latest ntfs-3g to precise and trusty
+ [SRU] Please backport latest ntfs-3g to precise and trusty
tags: removed: sru
Changed in ntfs-3g (Debian):
status: Confirmed → Fix Released

ntfs-3g-2015.3.14-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

ntfs-3g-2015.3.14-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.

Bernhard (baumber) wrote :

Do I need to request a backport or is this bugreport running/sufficient?

ntfs-3g-2015.3.14-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.

Bernhard (baumber) wrote :
Bernhard (baumber) wrote :

Are there any news? Is the backport is progress?

Changed in ntfs-3g (Fedora):
importance: Unknown → Medium
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.