I explored the ntfs-3g case and found there are no security bugs affecting chrome os.
Upgrading would be only meanful for supporting newer compression alghoritms

Sorry, tagged the wrong blocking bug number

Proposed patch

Deleted: tmp_12314-ntfs-3g stable update-757585267.patch 2.9 KB

tmp_12314-ntfs-3g stable update-757585267.patch 2.9 KB Download

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/337425b1133156797f31ae96757f58a55b208830

commit 337425b1133156797f31ae96757f58a55b208830
Author: Ben Chan <benchan@chromium.org>
Date: Fri May 19 20:57:51 2017

sys-fs/ntfs3g: upgrade to 2017.3.23

This CL imports ntfs3g 2017.3.23 from upstream Gentoo, with the
following modifications:

- EAPI is downgraded from 6 to 5.
- CL:7015 is carried over to make the setuid-root ntfs-3g binary to be
  owned and executed by the ntfs-3g group.
- Re-enable the use of the gold linker.

BUG= chromium:722628 
TEST=Tested the following:
1. `emerge-$BOARD ntfs3g`
2. Verify the ownership and permissions of the ntfs-3g binary on the
   built image, i.e. ( root:ntfs-3g  rws--x---  /usr/bin/ntfs-3g )
3. Run platform_CrosDisksFilesystem test.
4. Insert an NTFS formatted USB drive and verify read/write operations
   on the drive via File.app.

Change-Id: Ifa58a1d6c30ced0feef4fb3173d67ee110240fa5
Reviewed-on: https://chromium-review.googlesource.com/506462
Commit-Ready: Ben Chan <benchan@chromium.org>
Tested-by: Ben Chan <benchan@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[delete] https://crrev.com/0170f4909915ef8e233412e5f4445e8f13af5f37/sys-fs/ntfs3g/ntfs3g-2012.1.15-r4.ebuild
[delete] https://crrev.com/0170f4909915ef8e233412e5f4445e8f13af5f37/sys-fs/ntfs3g/ntfs3g-2012.1.15-r1.ebuild
[add] https://crrev.com/337425b1133156797f31ae96757f58a55b208830/sys-fs/ntfs3g/ntfs3g-2017.3.23.ebuild
[modify] https://crrev.com/337425b1133156797f31ae96757f58a55b208830/sys-fs/ntfs3g/Manifest
[add] https://crrev.com/337425b1133156797f31ae96757f58a55b208830/sys-fs/ntfs3g/files/ntfs3g-2016.2.22-sysmacros.patch
[modify] https://crrev.com/337425b1133156797f31ae96757f58a55b208830/sys-fs/ntfs3g/metadata.xml

Hey, but while upgrading, why the lowntfs-g binary shouldn’t beconcerned by the execution restriction?

Deleted: 0001-Apply-the-suid-restriction-on-lowntfs-3g-in-order-to.patch 918 bytes

0001-Apply-the-suid-restriction-on-lowntfs-3g-in-order-to.patch 918 bytes Download

Re# 13: lowntfs-3g isn't currently needed for our use cases, so we will simply remove the binary from our image.

would you do this in a separate issue?

Deleted: 0001-remove-the-lowntfs-3g-binary-and-only-use-ntfs-3g-fo.patch 132 KB

0001-remove-the-lowntfs-3g-binary-and-only-use-ntfs-3g-fo.patch 132 KB Download

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/feb679de49f311c03d56d77b6012dc8b636bf3cf

commit feb679de49f311c03d56d77b6012dc8b636bf3cf
Author: Ben Chan <benchan@chromium.org>
Date: Sun May 21 10:06:25 2017

sys-fs/ntfs3g: skip installing unused lowntfs-3g

We only use ntfs3g on ChromeOS, so this CL skips installing the unused
lowntfs-3g.

BUG= chromium:722628 
TEST=Tested the following:
1. Verify that /usr/bin/lowntfs-3g and /usr/sbin/mount.lowntfs-3g no
   longer exist in the image.
2. Run platform_CrosDisksFilesystem test.
3. Insert an NTFS formatted USB drive and verify read/write operations
   on the drive via File.app.

Change-Id: Ida491b99243d1fec5fff1f53cb27afb8c1d52e5e
Reviewed-on: https://chromium-review.googlesource.com/510035
Commit-Ready: Ben Chan <benchan@chromium.org>
Tested-by: Ben Chan <benchan@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[rename] https://crrev.com/feb679de49f311c03d56d77b6012dc8b636bf3cf/sys-fs/ntfs3g/ntfs3g-2017.3.23-r1.ebuild

Sorry, but why building the lowntfs-3g binary if it’s not about removing it after?

Re 17: That avoids patching upstream ntfs3g source files (only ebuild modification is needed), which helps minimize the porting effort when we upgrade the package again in the future.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/c0daee8eedd5e51517f46482932f3f324579861e

commit c0daee8eedd5e51517f46482932f3f324579861e
Author: Mike Frysinger <vapier@chromium.org>
Date: Fri May 26 00:16:02 2017

ntfs3g: apply patches

The conversion to EAPI=5 missed applying these patches.

BUG= chromium:722628 
TEST=build still works

Change-Id: Ic2e592e045f8a8809392c1ec796729767c1b063c
Reviewed-on: https://chromium-review.googlesource.com/514722
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Ben Chan <benchan@chromium.org>

[rename] https://crrev.com/c0daee8eedd5e51517f46482932f3f324579861e/sys-fs/ntfs3g/ntfs3g-2017.3.23-r2.ebuild