On Mon, Apr 14, 2025 at 03:21:56PM +0100, Matthew Wilcox wrote: > On Mon, Apr 14, 2025 at 04:18:27PM +0200, Christian Brauner wrote: > > On Mon, Apr 14, 2025 at 09:45:25PM +0800, now4yreal wrote: > > > Dear Linux Security Maintainers, > > > I would like to report a OOB-read vulnerability in the HFS+ file > > > system, which I discovered using our in-house developed kernel fuzzer, > > > Symsyz. > > > > Bug reports from non-official syzbot instances are generally not > > accepted. > > > > hfs and hfsplus are orphaned filesystems since at least 2014. Bug > > reports for such filesystems won't receive much attention from the core > > maintainers. > > > > I'm very very close to putting them on the chopping block as they're > > slowly turning into pointless burdens. > > I've tried asking some people who are long term Apple & Linux people, > but haven't been able to find anyone interested in becoming maintainer. > Let's drop both hfs & hfsplus. Ten years of being unmaintained is > long enough. Agreed. If needed there are FUSE implementations to access .dmg files with HFS/HFS+ or other standalone tools. https://github.com/0x09/hfsfuse https://github.com/darlinghq/darling-dmg
