diff --git a/.gitignore b/.gitignore index 82a8f89..02d2344 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ e2fsprogs-1.41.12.tar.gz /e2fsprogs-1.42.10.tar.xz /e2fsprogs-1.42.11.tar.xz /e2fsprogs-1.42.12.tar.xz +/e2fsprogs-1.42.13.tar.xz diff --git a/e2fsprogs-1.42.12-closefs-cve.patch b/e2fsprogs-1.42.12-closefs-cve.patch deleted file mode 100644 index af219c4..0000000 --- a/e2fsprogs-1.42.12-closefs-cve.patch +++ /dev/null @@ -1,51 +0,0 @@ -commit 49d0fe2a14f2a23da2fe299643379b8c1d37df73 -Author: Theodore Ts'o -Date: Fri Feb 6 12:46:39 2015 -0500 - - libext2fs: fix potential buffer overflow in closefs() - - The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if - s_first_meta_bg is too big" had a typo in the fix for - ext2fs_closefs(). In practice most of the security exposure was from - the openfs path, since this meant if there was a carefully crafted - file system, buffer overrun would be triggered when the file system was - opened. - - However, if corrupted file system didn't trip over some corruption - check, and then the file system was modified via tune2fs or debugfs, - such that the superblock was marked dirty and then written out via the - closefs() path, it's possible that the buffer overrun could be - triggered when the file system is closed. - - Also clear up a signed vs unsigned warning while we're at it. - - Thanks to Nick Kralevich for asking me to look at - compiler warning in the code in question, which led me to notice the - bug in f66e6ce4446. - - Addresses: CVE-2015-1572 - - Signed-off-by: Theodore Ts'o - -diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c -index 1f99113..ab5b2fb 100644 ---- a/lib/ext2fs/closefs.c -+++ b/lib/ext2fs/closefs.c -@@ -287,7 +287,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags) - dgrp_t j; - #endif - char *group_ptr; -- int old_desc_blocks; -+ blk64_t old_desc_blocks; - struct ext2fs_numeric_progress_struct progress; - - EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS); -@@ -346,7 +346,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags) - group_ptr = (char *) group_shadow; - if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) { - old_desc_blocks = fs->super->s_first_meta_bg; -- if (old_desc_blocks > fs->super->s_first_meta_bg) -+ if (old_desc_blocks > fs->desc_blocks) - old_desc_blocks = fs->desc_blocks; - } else - old_desc_blocks = fs->desc_blocks; diff --git a/e2fsprogs-1.42.12-dumpe2fs-segfault.patch b/e2fsprogs-1.42.12-dumpe2fs-segfault.patch deleted file mode 100644 index 439a00f..0000000 --- a/e2fsprogs-1.42.12-dumpe2fs-segfault.patch +++ /dev/null @@ -1,25 +0,0 @@ -commit fecb231f6fc83cf4b4ddf7ec34ace3723803a499 -Author: Darrick J. Wong -Date: Fri Nov 7 21:26:14 2014 -0500 - - dumpe2fs: don't crash when the user provides no block device argument - - If the user doesn't provide any arguments, the guard fails to run and - the whole thing segfaults on ext2fs_open2(). Don't do that. - - Signed-off-by: Darrick J. Wong - Signed-off-by: Theodore Ts'o - -diff --git a/misc/dumpe2fs.c b/misc/dumpe2fs.c -index 1eae5a3..4185d6e 100644 ---- a/misc/dumpe2fs.c -+++ b/misc/dumpe2fs.c -@@ -575,7 +575,7 @@ int main (int argc, char ** argv) - usage(); - } - } -- if (argc - 1 > optind) { -+ if (optind != argc - 1) { - usage(); - exit(1); - } diff --git a/e2fsprogs-1.42.12-resize2fs-fsck.patch b/e2fsprogs-1.42.12-resize2fs-fsck.patch deleted file mode 100644 index 40f34e6..0000000 --- a/e2fsprogs-1.42.12-resize2fs-fsck.patch +++ /dev/null @@ -1,59 +0,0 @@ -commit 0462fd6db55de28d7e087d8d06ab20339acd8f67 -Author: Eric Sandeen -Date: Sun Dec 14 19:08:59 2014 -0500 - - resize2fs: don't require fsck to print min size - - My previous change ended up requiring that the filesystem - be fsck'd after the last mount, even if we are only querying - the minimum size. This is a bit draconian, and it burned - the Fedora installer, which wants to calculate minimum size - for every filesystem in the box at install time, which in turn - requires a full fsck of every filesystem. - - Try this one more time, and separate out the tests to make things - a bit more clear. If we're only printing the min size, don't - require the fsck, as this is a bit less dangerous/critical. - - Signed-off-by: Eric Sandeen - Signed-off-by: Theodore Ts'o - -diff --git a/resize/main.c b/resize/main.c -index 983d8c2..9a35af0 100644 ---- a/resize/main.c -+++ b/resize/main.c -@@ -321,10 +321,30 @@ int main (int argc, char ** argv) - } - fs->default_bitmap_type = EXT2FS_BMAP64_RBTREE; - -- if (!(mount_flags & EXT2_MF_MOUNTED)) { -- if (!force && ((fs->super->s_lastcheck < fs->super->s_mtime) || -- (fs->super->s_state & EXT2_ERROR_FS) || -- ((fs->super->s_state & EXT2_VALID_FS) == 0))) { -+ /* -+ * Before acting on an unmounted filesystem, make sure it's ok, -+ * unless the user is forcing it. -+ * -+ * We do ERROR and VALID checks even if we're only printing the -+ * minimimum size, because traversal of a badly damaged filesystem -+ * can cause issues as well. We don't require it to be fscked after -+ * the last mount time in this case, though, as this is a bit less -+ * risky. -+ */ -+ if (!force && !(mount_flags & EXT2_MF_MOUNTED)) { -+ int checkit = 0; -+ -+ if (fs->super->s_state & EXT2_ERROR_FS) -+ checkit = 1; -+ -+ if ((fs->super->s_state & EXT2_VALID_FS) == 0) -+ checkit = 1; -+ -+ if ((fs->super->s_lastcheck < fs->super->s_mtime) && -+ !print_min_size) -+ checkit = 1; -+ -+ if (checkit) { - fprintf(stderr, - _("Please run 'e2fsck -f %s' first.\n\n"), - device_name); diff --git a/e2fsprogs-1.42.12-time-fudge.patch b/e2fsprogs-1.42.12-time-fudge.patch deleted file mode 100644 index c97fc09..0000000 --- a/e2fsprogs-1.42.12-time-fudge.patch +++ /dev/null @@ -1,39 +0,0 @@ -From f096708126412c0569e40cfbd5740729976bf12a Mon Sep 17 00:00:00 2001 -From: Theodore Ts'o -Date: Sat, 28 Mar 2015 21:39:54 -0400 -Subject: e2fsck: use PROMPT_NONE for FUTURE_SB_LAST_*_FUDGED problems - -This allows us to print a message warning the user that there is -something funny going on with their hardware clock (probably time zone -issues caused by trying to be compatible with legacy OS's such as -Windows), without triggering a full file system check. - -Signed-off-by: Theodore Ts'o - -diff --git a/e2fsck/problem.c b/e2fsck/problem.c -index 12cf836..f442a33 100644 ---- a/e2fsck/problem.c -+++ b/e2fsck/problem.c -@@ -386,14 +386,14 @@ static struct e2fsck_problem problem_table[] = { - /* Last mount time is in the future (fudged) */ - { PR_0_FUTURE_SB_LAST_MOUNT_FUDGED, - N_("@S last mount time is in the future.\n\t(by less than a day, " -- "probably due to the hardware clock being incorrectly set) "), -- PROMPT_FIX, PR_PREEN_OK | PR_NO_OK }, -+ "probably due to the hardware clock being incorrectly set)\n"), -+ PROMPT_NONE, PR_PREEN_OK | PR_NO_OK }, - - /* Last write time is in the future (fudged) */ - { PR_0_FUTURE_SB_LAST_WRITE_FUDGED, - N_("@S last write time is in the future.\n\t(by less than a day, " -- "probably due to the hardware clock being incorrectly set). "), -- PROMPT_FIX, PR_PREEN_OK | PR_NO_OK }, -+ "probably due to the hardware clock being incorrectly set)\n"), -+ PROMPT_NONE, PR_PREEN_OK | PR_NO_OK }, - - /* Block group checksum (latch question) is invalid. */ - { PR_0_GDT_CSUM_LATCH, --- -cgit v0.10.2 - - diff --git a/e2fsprogs-1.42.12-use-after-free-fix.patch b/e2fsprogs-1.42.12-use-after-free-fix.patch deleted file mode 100644 index 738ee27..0000000 --- a/e2fsprogs-1.42.12-use-after-free-fix.patch +++ /dev/null @@ -1,44 +0,0 @@ -commit ebdf895b43a1ce499e4d2556a201e2a753fc422f -Author: Theodore Ts'o -Date: Wed Oct 8 11:18:41 2014 -0400 - - e2fsck: fix free pointer dereferences - - Commit 47fee2ef6a23a introduces some free pointer dereference bugs by - not clearing ctx->fs after calling ext2fs_close_free(). - - Reported-by: Matthias Andree - Cc: Lukas Czerner - Signed-off-by: Theodore Ts'o - -diff --git a/e2fsck/unix.c b/e2fsck/unix.c -index 66debcd..10036e7 100644 ---- a/e2fsck/unix.c -+++ b/e2fsck/unix.c -@@ -458,7 +458,7 @@ static void check_if_skip(e2fsck_t ctx) - } - log_out(ctx, "\n"); - skip: -- ext2fs_close_free(&fs); -+ ext2fs_close_free(&ctx->fs); - e2fsck_free_context(ctx); - exit(FSCK_OK); - } -@@ -1462,7 +1462,7 @@ failure: - /* - * Restart in order to reopen fs but this time start mmp. - */ -- ext2fs_close_free(&fs); -+ ext2fs_close_free(&ctx->fs); - flags &= ~EXT2_FLAG_SKIP_MMP; - goto restart; - } -@@ -1692,7 +1692,7 @@ no_journal: - _("while resetting context")); - fatal_error(ctx, 0); - } -- ext2fs_close_free(&fs); -+ ext2fs_close_free(&ctx->fs); - goto restart; - } - if (run_result & E2F_FLAG_ABORT) diff --git a/e2fsprogs.spec b/e2fsprogs.spec index eef5262..c0c016e 100644 --- a/e2fsprogs.spec +++ b/e2fsprogs.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing ext2, ext3, and ext4 filesystems Name: e2fsprogs -Version: 1.42.12 -Release: 5%{?dist} +Version: 1.42.13 +Release: 1%{?dist} # License tags based on COPYING file distinctions for various components License: GPLv2 @@ -11,11 +11,6 @@ Source1: ext2_types-wrapper.h Source2: e2fsck.conf Patch1: e2fsprogs-1.40.4-sb_feature_check_ignore.patch -Patch2: e2fsprogs-1.42.12-use-after-free-fix.patch -Patch3: e2fsprogs-1.42.12-closefs-cve.patch -Patch4: e2fsprogs-1.42.12-dumpe2fs-segfault.patch -Patch5: e2fsprogs-1.42.12-resize2fs-fsck.patch -Patch6: e2fsprogs-1.42.12-time-fudge.patch Url: http://e2fsprogs.sourceforge.net/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -155,11 +150,6 @@ It was originally inspired by the Multics SubSystem library. # mildly unsafe but 'til I get something better, avoid full fsck # after an selinux install... %patch1 -p1 -b .featurecheck -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 %build %configure --enable-elf-shlibs --enable-nls --disable-uuidd --disable-fsck \ @@ -341,6 +331,9 @@ exit 0 %{_libdir}/pkgconfig/ss.pc %changelog +* Mon May 18 2015 Eric Sandeen 1.42.13-1 +- New upstream release + * Thu Apr 30 2015 Eric Sandeen 1.42.12-5 - Don't trigger full check within time fudge window (#1202024) diff --git a/sources b/sources index ea92325..16a0191 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f54fc83e4c974d4efcb60c29a1a4cd6f e2fsprogs-1.42.12.tar.xz +ce8e4821f5f53d4ebff4195038e38673 e2fsprogs-1.42.13.tar.xz