Difuse/difos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tools/e2fsprogs: update to 1.46.6

Browse source 
Release information:
https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6

Remove upstreamed patch:
- 004-CVE-2022-1304-libext2fs-add-sanity-check-to-extent-manipulation.patch

Refresh patch:
- 003-no-crond.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
This commit is contained in:
Nick Hainke 2023-02-05 21:14:19 +01:00 committed by Hauke Mehrtens
parent 628870146d
commit 38350650cb
3 changed files with 7 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
tools/e2fsprogs/Makefile
View file

@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=e2fsprogs PKG_NAME:=e2fsprogs
PKG_CPE_ID:=cpe:/a:e2fsprogs_project:e2fsprogs PKG_CPE_ID:=cpe:/a:e2fsprogs_project:e2fsprogs
PKG_VERSION:=1.46.5 PKG_VERSION:=1.46.6
PKG_HASH:=2f16c9176704cf645dc69d5b15ff704ae722d665df38b2ed3cfc249757d8d81e PKG_HASH:=a77517f19ff5e4e97ede63536566865dd5d48654e13fc145f5f2249ef7c4f4fc
PKG_RELEASE:=2 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/linux/kernel/people/tytso/e2fsprogs/v$(PKG_VERSION)/ PKG_SOURCE_URL:=@KERNEL/linux/kernel/people/tytso/e2fsprogs/v$(PKG_VERSION)/

8
tools/e2fsprogs/patches/003-no-crond.patch
View file

@ -1,11 +1,11 @@
--- a/configure --- a/configure
+++ b/configure +++ b/configure
@@ -12538,7 +12538,7 @@ $as_echo_n "checking for system crontab @@ -15259,7 +15259,7 @@ then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${crond_dir}" >&5 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${crond_dir}" >&5
$as_echo "${crond_dir}" >&6; } printf "%s\n" "${crond_dir}" >&6; }
- have_crond="yes" - have_crond="yes"
+ have_crond="no"; with_crond_dir="" + have_crond="no"; with_crond_dir=""
else else $as_nop

50
tools/e2fsprogs/patches/004-CVE-2022-1304-libext2fs-add-sanity-check-to-extent-manipulation.patch
View file

@ -1,50 +0,0 @@
From ab51d587bb9b229b1fade1afd02e1574c1ba5c76 Mon Sep 17 00:00:00 2001
From: Lukas Czerner <lczerner@redhat.com>
Date: Thu, 21 Apr 2022 19:31:48 +0200
Subject: libext2fs: add sanity check to extent manipulation
It is possible to have a corrupted extent tree in such a way that a leaf
node contains zero extents in it. Currently if that happens and we try
to traverse the tree we can end up accessing wrong data, or possibly
even uninitialized memory. Make sure we don't do that.
Additionally make sure that we have a sane number of bytes passed to
memmove() in ext2fs_extent_delete().
Note that e2fsck is currently unable to spot and fix such corruption in
pass1.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reported-by: Nils Bars <nils_bars@t-online.de>
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2068113
Addresses: CVE-2022-1304
Addresses-Debian-Bug: #1010263
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
lib/ext2fs/extent.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/lib/ext2fs/extent.c
+++ b/lib/ext2fs/extent.c
@@ -495,6 +495,10 @@ retry:
ext2fs_le16_to_cpu(eh->eh_entries);
newpath->max_entries = ext2fs_le16_to_cpu(eh->eh_max);
+ /* Make sure there is at least one extent present */
+ if (newpath->left <= 0)
+ return EXT2_ET_EXTENT_NO_DOWN;
+
if (path->left > 0) {
ix++;
newpath->end_blk = ext2fs_le32_to_cpu(ix->ei_block);
@@ -1630,6 +1634,10 @@ errcode_t ext2fs_extent_delete(ext2_exte
cp = path->curr;
+ /* Sanity check before memmove() */
+ if (path->left < 0)
+ return EXT2_ET_EXTENT_LEAF_BAD;
+
if (path->left) {
memmove(cp, cp + sizeof(struct ext3_extent_idx),
path->left * sizeof(struct ext3_extent_idx));