| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-link-with-gpg-error.patch | add missing link with gpg-error library | Laszlo Boszormenyi (GCS) <gcs@debian.org> | no | 2014-10-05 | ||
| 0002-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch | Fixed reporting an error when failed to build the mountpoint The size check was inefficient because getcwd() uses an unsigned int argument. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/ | 2018-12-19 | |
| 0003-Fixed-an-endianness-error-in-ntfscp.patch | Fixed an endianness error in ntfscp The file timestamp was not set according to CPU endianness. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | https://github.com/tuxera/ntfs-3g/commit/006799ab801a80c519b0ea63bcff5e60837a681b | 2019-01-23 | |
| 0004-Checked-the-locations-of-MFT-and-MFTMirr-at-startup.patch | Checked the locations of MFT and MFTMirr at startup On startup make sure the lcns of the MFT and the MFTMirr are not null and they are different, so that the mounting is denied gracefully if they are. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jpandre@users.sourceforge.net> | no | https://github.com/tuxera/ntfs-3g/commit/894b7dd36e56ce7b52cfef9a105ef3eed07dc307 | 2021-01-26 | |
| 0005-Fix-multiple-buffer-overflows.patch | Fix multiple buffer overflows CVE-2021-33285, CVE-2021-35269, CVE-2021-35268, CVE-2021-33289, CVE-2021-33286, CVE-2021-35266, CVE-2021-33287, CVE-2021-35267, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. diff -urN ntfs-3g_ntfsprogs-2017.3.23AR.6/include/ntfs-3g/attrib.h ntfs-3g_ntfsprogs-2021.8.22/include/ntfs-3g/attrib.h |
Salvatore Bonaccorso <carnil@debian.org> | no | debian | vendor | 2021-09-05 |
| 0006-Used-a-default-usn-when-the-former-one-cannot-be-ret.patch | Used a default usn when the former one cannot be retrieved When creating a new MFT record, the former seq_no and usn are retrieved to avoid the new one to be mistaken for the former one. This may not be possible when the record is used for the first time or after some bad error. In such situation use default values. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | debian | https://github.com/tuxera/ntfs-3g/commit/a8818cf779d3a32f2f52337c6f258c16719625a3 | 2021-09-21 |
| 0007-Made-sure-there-is-no-null-character-in-an-attribute.patch | Made sure there is no null character in an attribute name When copying an attribute name which contains a null, it is truncated and this may lead to accessing non-allocated bytes when relying on the expected name length. Such names must therefore be rejected. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | debian | https://github.com/tuxera/ntfs-3g/commit/838b6e35b43062353998853eab50cd0675201ed7 | 2021-09-21 |
| 0008-Avoided-allocating-and-reading-an-attribute-beyond-i.patch | Avoided allocating and reading an attribute beyond its full size Before reading a full attribute value for internal use, its expected length has been checked to be < 0x40000. However the allocated size in the runlist may be much bigger as a consequence of a bug or malice. To prevent malloc'ing excessive size, restrict the size of the last run to read to the needed length. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | debian | https://github.com/tuxera/ntfs-3g/commit/60717a846deaaea47e50ce58872869f7bd1103b5 | 2021-09-21 |
| 0009-Made-sure-the-client-log-data-does-not-overflow-from.patch | Made sure the client log data does not overflow from restart page Strengthen the consistency check of the length of restart pages, and check that log client records are within such a restart page. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | debian | https://github.com/tuxera/ntfs-3g/commit/6efc1305c1951c1d72181f449f2fab68fa25fae8 | 2021-10-20 |
| 0010-Made-sure-there-is-no-null-character-in-an-attribute.patch | Made sure there is no null character in an attribute name (bis) When copying an attribute name which contains a null, it is truncated and this may lead to accessing non-allocated bytes when relying on the expected name length. Such (illegal) names must therefore be rejected. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | debian | https://github.com/tuxera/ntfs-3g/commit/5ce8941bf47291cd6ffe7cdb1797253f1cc3a86f | 2021-11-05 |
| 0011-Fixed-possible-out-of-buffer-condition-in-ntfsck.patch | Fixed possible out-of-buffer condition in ntfsck A bad usa_count could lead to an out-of-buffer condition. Just avoid the issue and report the error, still not fix it. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | debian | https://github.com/tuxera/ntfs-3g/commit/96412e28e5c7ac2d15f1cff8c825330bbb60976e | 2022-05-10 |
| 0012-Fixed-operation-on-little-endian-data.patch | Fixed operation on little endian data Forcing an even usa_of, in a recent security patch, must be made on cpu endian data. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | debian | https://github.com/tuxera/ntfs-3g/commit/bce5734a757fd59d70a52f4d4fe9abe260629b3a | 2022-05-10 |
| 0013-Returned-an-error-code-when-the-help-or-version-opti.patch | Returned an error code when the --help or --version options are used Accepting --help or --version options may leave the ntfs-3g process in an unclean state, so reject them while processing options. Also reject them in libfuse-lite. [Salvatore Bonaccorso: Backport to 2017.3.23AR.3 for context changes in src/ntfs-3g_common.c and src/ntfs-3g_common.h] |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | debian | https://github.com/tuxera/ntfs-3g/commit/7f81935f32e58e8fec22bc46683b1b067469405f | 2022-05-10 |
| 0014-Hardened-the-checking-of-directory-offset-requested-.patch | Hardened the checking of directory offset requested by a readdir When asked for the next directory entries, make sure the chunk offset is within valid values, otherwise return no more entries in chunk. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | debian | https://github.com/tuxera/ntfs-3g/commit/fb28eef6f1c26170566187c1ab7dc913a13ea43c | 2022-05-10 |
| 0015-Rejected-zero-sized-runs.patch | Rejected zero-sized runs A zero-size run is the universal way to indentify the end of a runlist, so we must reject zero-sized runs when decompressing a runlist. A zero-size data run is an error, and a zero-size hole is simply ignored. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | https://github.com/tuxera/ntfs-3g/commit/18bfc676119a1188e8135287b8327b0760ba44a1 | 2022-09-14 | |
| 0016-Avoided-merging-runlists-with-no-runs.patch | Avoided merging runlists with no runs Runlists with no runs are tolerated though not expected. However merging such runlists is problematic as there is no significant vcn to examine. So avoid merging them, and just return the other runlist. |
=?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> | no | https://github.com/tuxera/ntfs-3g/commit/76c3a799a97fbcedeeeca57f598be508ae2a1656 | 2022-09-14 | |
| 0017-Fix_use-after-free_in_ntfs_uppercase_mbs.patch | [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'. If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence, then 'n' will be less than 0 and the loop will terminate without storing anything in '*t'. After the loop the uppercase string's allocation is freed, however after it is freed it is unconditionally accessed through '*t', which points into the freed allocation, for the purpose of NULL- terminating the string. This leads to a use-after-free. Fixed by only NULL-terminating the string when no error has been thrown. Thanks for Jeffrey Bencteux for reporting this issue: https://github.com/tuxera/ntfs-3g/issues/84 |
Erik Larsson <erik@tuxera.com> | no | 2023-06-13 |