diff --git a/6000-blkid-avoid-FPE-crash-when-probing-a-HFS-superblock-.patch b/6000-blkid-avoid-FPE-crash-when-probing-a-HFS-superblock-.patch deleted file mode 100644 index 40d70d7736f2077a67bbdc8eaf8993b416c39716..0000000000000000000000000000000000000000 --- a/6000-blkid-avoid-FPE-crash-when-probing-a-HFS-superblock-.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e96393142ccd1da25ac1e2c9cebd7f20326f36c5 Mon Sep 17 00:00:00 2001 -From: Theodore Ts'o -Date: Tue, 10 Jul 2018 18:12:54 -0400 -Subject: [PATCH 001/131] blkid: avoid FPE crash when probing a HFS+ superblock - with a zero blocksize - -This problem was reported by Adam Buchbinder. - -Signed-off-by: Theodore Ts'o ---- - lib/blkid/probe.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/lib/blkid/probe.c b/lib/blkid/probe.c -index 865d9aa..283ee0a 100644 ---- a/lib/blkid/probe.c -+++ b/lib/blkid/probe.c -@@ -1184,6 +1184,8 @@ static int probe_hfs(struct blkid_probe *probe __BLKID_ATTR((unused)), - } - - -+#define HFSPLUS_SECTOR_SIZE 512 -+ - static int probe_hfsplus(struct blkid_probe *probe, - struct blkid_magic *id, - unsigned char *buf) -@@ -1247,6 +1249,9 @@ static int probe_hfsplus(struct blkid_probe *probe, - } - - blocksize = blkid_be32(hfsplus->blocksize); -+ if (blocksize < HFSPLUS_SECTOR_SIZE) -+ return 1; -+ - memcpy(extents, hfsplus->cat_file.extents, sizeof(extents)); - cat_block = blkid_be32(extents[0].start_block); - --- -1.8.3.1 - diff --git a/6000-e2fsck-abort-if-there-is-a-corrupted-directory-block.patch b/6000-e2fsck-abort-if-there-is-a-corrupted-directory-block.patch new file mode 100644 index 0000000000000000000000000000000000000000..6acdb4857782da2838b9c9deac42e23683cd36f5 --- /dev/null +++ b/6000-e2fsck-abort-if-there-is-a-corrupted-directory-block.patch @@ -0,0 +1,53 @@ +From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Thu, 19 Dec 2019 19:37:34 -0500 +Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when + rehashing + +In e2fsck pass 3a, when we are rehashing directories, at least in +theory, all of the directories should have had corruptions with +respect to directory entry structure fixed. However, it's possible +(for example, if the user declined a fix) that we can reach this stage +of processing with a corrupted directory entries. + +So check for that case and don't try to process a corrupted directory +block so we don't run into trouble in mutate_name() if there is a +zero-length file name. + +Addresses: TALOS-2019-0973 +Addresses: CVE-2019-5188 +Signed-off-by: Theodore Ts'o +--- + e2fsck/rehash.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c +index a5fc1be..3dd1e94 100644 +--- a/e2fsck/rehash.c ++++ b/e2fsck/rehash.c +@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs, + dir_offset += rec_len; + if (dirent->inode == 0) + continue; ++ if ((name_len) == 0) { ++ fd->err = EXT2_ET_DIR_CORRUPTED; ++ return BLOCK_ABORT; ++ } + if (!fd->compress && (name_len == 1) && + (dirent->name[0] == '.')) + continue; +@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs, + continue; + } + new_len = ext2fs_dirent_name_len(ent->dir); ++ if (new_len == 0) { ++ /* should never happen */ ++ ext2fs_unmark_valid(fs); ++ continue; ++ } + memcpy(new_name, ent->dir->name, new_len); + mutate_name(new_name, &new_len); + for (j=0; j < fd->num_array; j++) { +-- +1.8.3.1 + diff --git a/6001-AOSP-e2fsdroid-Fix-crash-with-invalid-command-line-a.patch b/6001-AOSP-e2fsdroid-Fix-crash-with-invalid-command-line-a.patch deleted file mode 100644 index 38028a9bbc299f11b2aef89f1c4b9c7eb10593a7..0000000000000000000000000000000000000000 --- a/6001-AOSP-e2fsdroid-Fix-crash-with-invalid-command-line-a.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 4eca2aef6a8a0e7678afb76c1eda1756c039c481 Mon Sep 17 00:00:00 2001 -From: David Anderson -Date: Fri, 2 Mar 2018 15:38:38 -0800 -Subject: [PATCH 004/131] AOSP: e2fsdroid: Fix crash with invalid command line - args - -If a sparse file fails to load, an inconsistent channel pointer will be -returned, causing e2fsdroid to crash on exit. - -Signed-off-by: Theodore Ts'o - -Bug: 64109868 -Change-Id: If1606c7c49d5569323db5b5fce4826f24ba76383 -From AOSP commit: 0f31d29a968eed6dc3c96eb47fd34e8608a2580c ---- - lib/ext2fs/sparse_io.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/lib/ext2fs/sparse_io.c b/lib/ext2fs/sparse_io.c -index d0828a8..5e0e2cd 100644 ---- a/lib/ext2fs/sparse_io.c -+++ b/lib/ext2fs/sparse_io.c -@@ -185,14 +185,22 @@ err_params: - static errcode_t sparse_open_channel(struct sparse_io_params *sparse_params, - int flags, io_channel *channel) - { -+ errcode_t retval; - io_channel io; - - io = calloc(1, sizeof(struct struct_io_channel)); - io->magic = EXT2_ET_MAGIC_IO_CHANNEL; - io->block_size = 0; - io->refcount = 1; -+ -+ retval = io_manager_configure(sparse_params, flags, io); -+ if (retval) { -+ free(io); -+ return retval; -+ } -+ - *channel = io; -- return io_manager_configure(sparse_params, flags, io); -+ return 0; - } - - static errcode_t read_sparse_argv(const char *name, bool is_fd, --- -1.8.3.1 - diff --git a/6002-e2fsck-fix-fd-leak-in-reserve_stdio_fds.patch b/6002-e2fsck-fix-fd-leak-in-reserve_stdio_fds.patch deleted file mode 100644 index 04349a71947088e2908fa054e3c7c34d25fc5a41..0000000000000000000000000000000000000000 --- a/6002-e2fsck-fix-fd-leak-in-reserve_stdio_fds.patch +++ /dev/null @@ -1,30 +0,0 @@ -From ac5936d78d520b9edac15994728bb8b0364814e6 Mon Sep 17 00:00:00 2001 -From: Theodore Ts'o -Date: Sat, 11 Aug 2018 20:47:08 -0400 -Subject: [PATCH 033/131] e2fsck: fix fd leak in reserve_stdio_fds - -Signed-off-by: Theodore Ts'o -Reviewed-by: Lukas Czerner ---- - e2fsck/unix.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/e2fsck/unix.c b/e2fsck/unix.c -index 90065b3..2df22b1 100644 ---- a/e2fsck/unix.c -+++ b/e2fsck/unix.c -@@ -617,9 +617,10 @@ static void reserve_stdio_fds(void) - fprintf(stderr, _("ERROR: Couldn't open " - "/dev/null (%s)\n"), - strerror(errno)); -- break; -+ return; - } - } -+ (void) close(fd); - } - - #ifdef HAVE_SIGNAL_H --- -1.8.3.1 - diff --git a/6003-libext2fs-fix-uninitialized-length-in-rep_strdup.patch b/6003-libext2fs-fix-uninitialized-length-in-rep_strdup.patch deleted file mode 100644 index 8fb7572e804bac42fb88c827a327775d691af974..0000000000000000000000000000000000000000 --- a/6003-libext2fs-fix-uninitialized-length-in-rep_strdup.patch +++ /dev/null @@ -1,37 +0,0 @@ -From dd3b4cc367ce5c9208f0ef9960ddf34d6d0a45b9 Mon Sep 17 00:00:00 2001 -From: Theodore Ts'o -Date: Sat, 18 Aug 2018 13:29:41 -0400 -Subject: [PATCH 043/131] libext2fs: fix uninitialized length in rep_strdup() - -For platforms whose libc don't supply strdup(), the replacement strdup -function in lib/ext2fs/tdb.c needs to always initialize the length -variable. - -Reported-by: Vladyslav Tsilytskyi -Signed-off-by: Theodore Ts'o ---- - lib/ext2fs/tdb.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/lib/ext2fs/tdb.c b/lib/ext2fs/tdb.c -index 195a4c0..5091b12 100644 ---- a/lib/ext2fs/tdb.c -+++ b/lib/ext2fs/tdb.c -@@ -79,12 +79,10 @@ static char *rep_strdup(const char *s) - { - char *ret; - int length; -+ - if (!s) - return NULL; -- -- if (!length) -- length = strlen(s); -- -+ length = strlen(s); - ret = malloc(length + 1); - if (ret) { - strncpy(ret, s, length); --- -1.8.3.1 - diff --git a/6004-tune2fs-fix-dereference-of-freed-memory-after-journa.patch b/6004-tune2fs-fix-dereference-of-freed-memory-after-journa.patch deleted file mode 100644 index 7300d55ea82f4e02c3f9ee2a5b7151cdf705d571..0000000000000000000000000000000000000000 --- a/6004-tune2fs-fix-dereference-of-freed-memory-after-journa.patch +++ /dev/null @@ -1,29 +0,0 @@ -From ed50488ec0f0edc9156651da004d37f7b111920b Mon Sep 17 00:00:00 2001 -From: Theodore Ts'o -Date: Sun, 19 Aug 2018 16:46:04 -0400 -Subject: [PATCH 054/131] tune2fs: fix dereference of freed memory after - journal replay - -This can be found by running the test t_replay_and_set under valgrind. - -Reported-by: Chris Clayton -Signed-off-by: Theodore Ts'o ---- - misc/tune2fs.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/misc/tune2fs.c b/misc/tune2fs.c -index 723f7ae..b8cddfa 100644 ---- a/misc/tune2fs.c -+++ b/misc/tune2fs.c -@@ -3051,6 +3051,7 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n" - ext2fs_close_free(&fs); - exit(1); - } -+ sb = fs->super; - } - #endif - --- -1.8.3.1 - diff --git a/6005-libe2p-avoid-segfault-when-s_nr_users-is-too-high.patch b/6005-libe2p-avoid-segfault-when-s_nr_users-is-too-high.patch deleted file mode 100644 index 5e224c7b69d9bc33b66fb70398d3e65940b8d8e9..0000000000000000000000000000000000000000 --- a/6005-libe2p-avoid-segfault-when-s_nr_users-is-too-high.patch +++ /dev/null @@ -1,84 +0,0 @@ -From b0ec76d623f737a32abc5ab8bb7198bf1d9939a4 Mon Sep 17 00:00:00 2001 -From: Lukas Czerner -Date: Tue, 14 Aug 2018 16:37:53 +0200 -Subject: [PATCH 070/131] libe2p: avoid segfault when s_nr_users is too high - -Currently in e2fsprogs tools it's possible to access out of bounds -memory when reading list of ids sharing a journal log -(journal_superblock_t->s_users[]) in case where s_nr_users is too high. - -This is because we never check whether the s_nr_users fits into the -restriction of JFS_USERS_MAX. Fix it by checking that nr_users is not -bigger than JFS_USERS_MAX and error out when possiblem. - -Also add test for dumpe2fs. The rest would require involving external -journal which is not possible to test with e2fsprogs test suite at the -moment. - -Signed-off-by: Lukas Czerner -Signed-off-by: Theodore Ts'o ---- - lib/e2p/ljs.c | 4 +- - lib/ext2fs/mkjournal.c | 2 + - misc/tune2fs.c | 11 ++++ - -diff --git a/lib/e2p/ljs.c b/lib/e2p/ljs.c -index 0b1bead..c99126b 100644 ---- a/lib/e2p/ljs.c -+++ b/lib/e2p/ljs.c -@@ -101,10 +101,10 @@ void e2p_list_journal_super(FILE *f, char *journal_sb_buf, - e2p_be32(jsb->s_checksum)); - if ((nr_users > 1) || - !e2p_is_null_uuid(&jsb->s_users[0])) { -- for (i=0; i < nr_users; i++) { -+ for (i=0; i < nr_users && i < JFS_USERS_MAX; i++) { - printf(i ? " %s\n" - : "Journal users: %s\n", -- e2p_uuid2str(&jsb->s_users[i*16])); -+ e2p_uuid2str(&jsb->s_users[i * UUID_SIZE])); - } - } - if (jsb->s_errno != 0) -diff --git a/lib/ext2fs/mkjournal.c b/lib/ext2fs/mkjournal.c -index 7f78291..a90e80e 100644 ---- a/lib/ext2fs/mkjournal.c -+++ b/lib/ext2fs/mkjournal.c -@@ -401,6 +401,8 @@ errcode_t ext2fs_add_journal_device(ext2_filsys fs, ext2_filsys journal_dev) - - /* Check and see if this filesystem has already been added */ - nr_users = ntohl(jsb->s_nr_users); -+ if (nr_users > JFS_USERS_MAX) -+ return EXT2_ET_CORRUPT_JOURNAL_SB; - for (i=0; i < nr_users; i++) { - if (memcmp(fs->super->s_uuid, - &jsb->s_users[i*16], 16) == 0) -diff --git a/misc/tune2fs.c b/misc/tune2fs.c -index b8cddfa..ec977b8 100644 ---- a/misc/tune2fs.c -+++ b/misc/tune2fs.c -@@ -292,6 +292,12 @@ static int remove_journal_device(ext2_filsys fs) - jsb = (journal_superblock_t *) buf; - /* Find the filesystem UUID */ - nr_users = ntohl(jsb->s_nr_users); -+ if (nr_users > JFS_USERS_MAX) { -+ fprintf(stderr, _("Journal superblock is corrupted, nr_users\n" -+ "is too high (%d).\n"), nr_users); -+ commit_remove_journal = 1; -+ goto no_valid_journal; -+ } - - if (!journal_user(fs->super->s_uuid, jsb->s_users, nr_users)) { - fputs(_("Filesystem's UUID not found on journal device.\n"), -@@ -2850,6 +2856,11 @@ fs_update_journal_user(struct ext2_super_block *sb, __u8 old_uuid[UUID_SIZE]) - jsb = (journal_superblock_t *) buf; - /* Find the filesystem UUID */ - nr_users = ntohl(jsb->s_nr_users); -+ if (nr_users > JFS_USERS_MAX) { -+ fprintf(stderr, _("Journal superblock is corrupted, nr_users\n" -+ "is too high (%d).\n"), nr_users); -+ return EXT2_ET_CORRUPT_JOURNAL_SB; -+ } - - j_uuid = journal_user(old_uuid, jsb->s_users, nr_users); - if (j_uuid == NULL) { - diff --git a/6006-e2freefrag-fix-free-blocks-count-during-live-scan.patch b/6006-e2freefrag-fix-free-blocks-count-during-live-scan.patch deleted file mode 100644 index bd03b75f02f24255d60973f8db4bfc598d225bbe..0000000000000000000000000000000000000000 --- a/6006-e2freefrag-fix-free-blocks-count-during-live-scan.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 93accdce51cabf2070206834c140a208c1753c35 Mon Sep 17 00:00:00 2001 -From: "Darrick J. Wong" -Date: Thu, 8 Nov 2018 10:44:31 -0800 -Subject: [PATCH 092/131] e2freefrag: fix free blocks count during live scan - -In e2freefrag live scan mode, we take the free block count from the -ondisk superblock. This leads to screwy histogram percentages: - -Extent Size Range : Free extents Free Blocks Percent - 4M... 8M- : 5 8234 1.05% - 64M... 128M- : 2 52279 6.64% - 512M... 1024M- : 1 202752 25.74% - -...because there could be superblock updates in the journal that haven't -yet been checkpointed. The online scan is perfectly capable of tallying -the free blocks on its own, so teach it do that and make a more accurate -report. - -Reported-by: Elana Hashman -Signed-off-by: Darrick J. Wong -Signed-off-by: Theodore Ts'o ---- - misc/e2freefrag.c | 26 ++++++++++++++++---------- - 1 file changed, 16 insertions(+), 10 deletions(-) - -diff --git a/misc/e2freefrag.c b/misc/e2freefrag.c -index 268fac9..20b79b3 100644 ---- a/misc/e2freefrag.c -+++ b/misc/e2freefrag.c -@@ -163,7 +163,8 @@ static void scan_block_bitmap(ext2_filsys fs, struct chunk_info *info) - - #if defined(HAVE_EXT2_IOCTLS) && !defined(DEBUGFS) - # define FSMAP_EXTENTS 1024 --static int scan_online(ext2_filsys fs, struct chunk_info *info) -+static int scan_online(ext2_filsys fs, struct chunk_info *info, -+ blk64_t *free_blks) - { - struct fsmap_head *fsmap; - struct fsmap *extent; -@@ -204,6 +205,7 @@ static int scan_online(ext2_filsys fs, struct chunk_info *info) - fsmap->fmh_keys[1].fmr_offset = ULLONG_MAX; - fsmap->fmh_keys[1].fmr_flags = UINT_MAX; - -+ *free_blks = 0; - /* Fill the extent histogram with live data */ - while (1) { - ret = ioctl(fd, FS_IOC_GETFSMAP, fsmap); -@@ -225,6 +227,7 @@ static int scan_online(ext2_filsys fs, struct chunk_info *info) - continue; - update_chunk_stats(info, - extent->fmr_length / fs->blocksize); -+ *free_blks += (extent->fmr_length / fs->blocksize); - } - - p = &fsmap->fmh_recs[fsmap->fmh_entries - 1]; -@@ -236,13 +239,15 @@ static int scan_online(ext2_filsys fs, struct chunk_info *info) - return 1; - } - #else --# define scan_online(fs, info) (0) -+# define scan_online(fs, info, free_blks) (0) - #endif /* HAVE_EXT2_IOCTLS */ - --static errcode_t scan_offline(ext2_filsys fs, struct chunk_info *info) -+static errcode_t scan_offline(ext2_filsys fs, struct chunk_info *info, -+ blk64_t *free_blks) - { - errcode_t retval; - -+ *free_blks = ext2fs_free_blocks_count(fs->super); - retval = ext2fs_read_block_bitmap(fs); - if (retval) - return retval; -@@ -251,7 +256,7 @@ static errcode_t scan_offline(ext2_filsys fs, struct chunk_info *info) - } - - static errcode_t dump_chunk_info(ext2_filsys fs, struct chunk_info *info, -- FILE *f) -+ FILE *f, blk64_t free_blks) - { - unsigned long total_chunks; - const char *unitp = "KMGTPEZY"; -@@ -261,8 +266,8 @@ static errcode_t dump_chunk_info(ext2_filsys fs, struct chunk_info *info, - - fprintf(f, "Total blocks: %llu\nFree blocks: %llu (%0.1f%%)\n", - ext2fs_blocks_count(fs->super), -- ext2fs_free_blocks_count(fs->super), -- (double)ext2fs_free_blocks_count(fs->super) * 100 / -+ free_blks, -+ (double)free_blks * 100 / - ext2fs_blocks_count(fs->super)); - - if (info->chunkbytes) { -@@ -306,7 +311,7 @@ static errcode_t dump_chunk_info(ext2_filsys fs, struct chunk_info *info, - info->histogram.fc_chunks[i], - info->histogram.fc_blocks[i], - (double)info->histogram.fc_blocks[i] * 100 / -- ext2fs_free_blocks_count(fs->super)); -+ free_blks); - } - start = end; - if (start == 1<<10) { -@@ -330,14 +335,15 @@ static void close_device(char *device_name, ext2_filsys fs) - static void collect_info(ext2_filsys fs, struct chunk_info *chunk_info, FILE *f) - { - unsigned int retval = 0; -+ blk64_t free_blks = 0; - - fprintf(f, "Device: %s\n", fs->device_name); - fprintf(f, "Blocksize: %u bytes\n", fs->blocksize); - - init_chunk_info(fs, chunk_info); -- if (!scan_online(fs, chunk_info)) { -+ if (!scan_online(fs, chunk_info, &free_blks)) { - init_chunk_info(fs, chunk_info); -- retval = scan_offline(fs, chunk_info); -+ retval = scan_offline(fs, chunk_info, &free_blks); - } - if (retval) { - com_err(fs->device_name, retval, "while reading block bitmap"); -@@ -345,7 +351,7 @@ static void collect_info(ext2_filsys fs, struct chunk_info *chunk_info, FILE *f) - exit(1); - } - -- retval = dump_chunk_info(fs, chunk_info, f); -+ retval = dump_chunk_info(fs, chunk_info, f, free_blks); - if (retval) { - com_err(fs->device_name, retval, "while dumping chunk info"); - close_device(fs->device_name, fs); --- -1.8.3.1 - diff --git a/6007-e2freefrag-fix-memory-leak-in-scan_online.patch b/6007-e2freefrag-fix-memory-leak-in-scan_online.patch deleted file mode 100644 index 093a367e6a167b6d723efb41583a979149fe42a3..0000000000000000000000000000000000000000 --- a/6007-e2freefrag-fix-memory-leak-in-scan_online.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 7d671e66cc409f458e72d4668e248c091337ea29 Mon Sep 17 00:00:00 2001 -From: Lukas Czerner -Date: Mon, 11 Feb 2019 11:52:50 -0500 -Subject: [PATCH 132/202] e2freefrag: fix memory leak in scan_online() - -Signed-off-by: Lukas Czerner -Signed-off-by: Theodore Ts'o ---- - misc/e2freefrag.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/misc/e2freefrag.c b/misc/e2freefrag.c -index 20b79b3..b80b742 100644 ---- a/misc/e2freefrag.c -+++ b/misc/e2freefrag.c -@@ -235,7 +235,7 @@ static int scan_online(ext2_filsys fs, struct chunk_info *info, - break; - fsmap_advance(fsmap); - } -- -+ free(fsmap); - return 1; - } - #else --- -2.7.4 - diff --git a/6008-create_inode-fix-potential-memory-leak-in-path_appen.patch b/6008-create_inode-fix-potential-memory-leak-in-path_appen.patch deleted file mode 100644 index 303f281f1395963f4accc63cee5f0ce754a5f78d..0000000000000000000000000000000000000000 --- a/6008-create_inode-fix-potential-memory-leak-in-path_appen.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 21dde7ba356a26f10b9b6153069b26dfb0b97e41 Mon Sep 17 00:00:00 2001 -From: Lukas Czerner -Date: Mon, 11 Feb 2019 12:00:10 -0500 -Subject: [PATCH 133/202] create_inode: fix potential memory leak in - path_append() - -If realloc() fails in path_append() we will lose a memory pointed to by -target->path. Fix it. - -path_append() is used by mke2fs and e2fsdroid. - -Signed-off-by: Lukas Czerner -Signed-off-by: Theodore Ts'o ---- - misc/create_inode.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/misc/create_inode.c b/misc/create_inode.c -index 1b35c76..aa865a4 100644 ---- a/misc/create_inode.c -+++ b/misc/create_inode.c -@@ -704,10 +704,12 @@ struct file_info { - static errcode_t path_append(struct file_info *target, const char *file) - { - if (strlen(file) + target->path_len + 1 > target->path_max_len) { -+ void *p; - target->path_max_len *= 2; -- target->path = realloc(target->path, target->path_max_len); -- if (!target->path) -+ p = realloc(target->path, target->path_max_len); -+ if (p == NULL) - return EXT2_ET_NO_MEMORY; -+ target->path = p; - } - target->path_len += sprintf(target->path + target->path_len, "/%s", - file); --- -2.7.4 - diff --git a/6009-mke2fs-fix-check-for-absurdly-large-devices.patch b/6009-mke2fs-fix-check-for-absurdly-large-devices.patch deleted file mode 100644 index 7ffbc9b752dbf98893629dc5315142b06b10d5ca..0000000000000000000000000000000000000000 --- a/6009-mke2fs-fix-check-for-absurdly-large-devices.patch +++ /dev/null @@ -1,42 +0,0 @@ -From f6cf3e61932596c8d00e170d69ae2529f3a8dc81 Mon Sep 17 00:00:00 2001 -From: Andreas Dilger -Date: Sun, 5 May 2019 18:33:46 -0400 -Subject: [PATCH 185/202] mke2fs: fix check for absurdly large devices - -The check in mke2fs is intended to be for the number of blocks in the -filesystem exceeding the maximum number of addressable blocks in 2^32 -bitmaps, which is (2^32 * 8 bits/byte * blocksize) = 2^47 blocks, -or 2^59 bytes = 512PiB for the common 4KiB blocksize. - -However, s_log_blocksize holds log2(blocksize_in_kb), so the current -calculation is a factor of 2^10 too small. This caused mke2fs to fail -while trying to format a 900TB filesystem. - -Fixes: 101ef2e93c25 ("mke2fs: Avoid crashes / infinite loops for absurdly large devices") -Signed-off-by: Andreas Dilger -Signed-off-by: Theodore Ts'o ---- - misc/mke2fs.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/misc/mke2fs.c b/misc/mke2fs.c -index 9152360..0ba2bf3 100644 ---- a/misc/mke2fs.c -+++ b/misc/mke2fs.c -@@ -2183,9 +2183,11 @@ profile_error: - } - /* - * Guard against group descriptor count overflowing... Mostly to avoid -- * strange results for absurdly large devices. -+ * strange results for absurdly large devices. This is in log2: -+ * (blocksize) * (bits per byte) * (maximum number of block groups) - */ -- if (fs_blocks_count > ((1ULL << (fs_param.s_log_block_size + 3 + 32)) - 1)) { -+ if (fs_blocks_count > -+ (1ULL << (EXT2_BLOCK_SIZE_BITS(&fs_param) + 3 + 32)) - 1) { - fprintf(stderr, _("%s: Size of device (0x%llx blocks) %s " - "too big to create\n\t" - "a filesystem using a blocksize of %d.\n"), --- -2.7.4 - diff --git a/e2fsprogs-1.44.3.tar.xz b/e2fsprogs-1.45.3.tar.xz similarity index 45% rename from e2fsprogs-1.44.3.tar.xz rename to e2fsprogs-1.45.3.tar.xz index a9f3bab690e5d648394dd99543163400434a1413..ac6a1b18092ccaf2f39c7572c76006b4ac04499f 100644 Binary files a/e2fsprogs-1.44.3.tar.xz and b/e2fsprogs-1.45.3.tar.xz differ diff --git a/e2fsprogs.spec b/e2fsprogs.spec index d713a713ffea84d1ca44dc80d824de2503c45d19..a90fd341055c5a7d165823d1ca75762515f5b19a 100644 --- a/e2fsprogs.spec +++ b/e2fsprogs.spec @@ -1,20 +1,12 @@ Name: e2fsprogs -Version: 1.44.3 -Release: 8 +Version: 1.45.3 +Release: 1 Summary: Second extended file system management tools License: GPLv2 and LGPLv2 and MIT URL: http://e2fsprogs.sourceforge.net/ Source0: https://www.kernel.org/pub/linux/kernel/people/tytso/%{name}/v%{version}/%{name}-%{version}.tar.xz -Patch6000: 6000-blkid-avoid-FPE-crash-when-probing-a-HFS-superblock-.patch -Patch6001: 6001-AOSP-e2fsdroid-Fix-crash-with-invalid-command-line-a.patch -Patch6002: 6002-e2fsck-fix-fd-leak-in-reserve_stdio_fds.patch -Patch6003: 6003-libext2fs-fix-uninitialized-length-in-rep_strdup.patch -Patch6004: 6004-tune2fs-fix-dereference-of-freed-memory-after-journa.patch -Patch6005: 6005-libe2p-avoid-segfault-when-s_nr_users-is-too-high.patch -Patch6006: 6006-e2freefrag-fix-free-blocks-count-during-live-scan.patch -Patch6007: 6007-e2freefrag-fix-memory-leak-in-scan_online.patch -Patch6008: 6008-create_inode-fix-potential-memory-leak-in-path_appen.patch -Patch6009: 6009-mke2fs-fix-check-for-absurdly-large-devices.patch + +Patch6000: 6000-e2fsck-abort-if-there-is-a-corrupted-directory-block.patch Patch9000: 9000-mke2fs-check.patch BuildRequires: gcc git pkgconfig texinfo @@ -97,13 +89,18 @@ exit 0 %doc README RELEASE-NOTES %license NOTICE %config(noreplace) /etc/mke2fs.conf +%config(noreplace) /etc/e2scrub.conf %{_bindir}/chattr +%{_bindir}/fuse2fs %{_bindir}/lsattr +%{_libdir}/e2fsprogs/e2scrub_fail %{_libdir}/libe2p.so.* %{_libdir}/libext2fs.so.* %{_libdir}/libcom_err.so.* %{_libdir}/libss.so.* %{_sbindir}/* +%{_udevrulesdir}/*.rules +%{_unitdir}/e2scrub* %files devel %{_bindir}/compile_et @@ -127,6 +124,18 @@ exit 0 %{_mandir}/man8/* %changelog +* Mon Jan 14 2020 openEuler Buildteam - 1.45.3-1 +- Type:cves +- ID:CVE-2019-5188 +- SUG:restart +- DESC:backport patch to fix CVE-2019-5188. + +* Mon Jan 14 2020 openEuler Buildteam - 1.45.3-0 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:update package from 1.44.3 to 1.45.3. + * Mon Jan 13 2020 openEuler Buildteam - 1.44.3-8 - Type:enhancement - ID:NA