diff --git a/exfatprogs.spec b/exfatprogs.spec index 64a8e3b..76d23af 100644 --- a/exfatprogs.spec +++ b/exfatprogs.spec @@ -1,11 +1,13 @@ Name: exfatprogs Version: 1.2.2 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Userspace utilities for exFAT filesystems License: GPL-2.0-only URL: https://github.com/%{name}/%{name} Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.xz +Patch0: v1.2.3-exfat2img-fix-Missing-Initialization.patch +Patch1: v1.2.3-tune-label-fix-USE_AFTER_FREE.patch BuildRequires: autoconf BuildRequires: automake @@ -17,7 +19,7 @@ BuildRequires: make Utilities for formatting and repairing exFAT filesystems. %prep -%autosetup +%autosetup -p1 %build autoreconf -vif @@ -46,13 +48,16 @@ autoreconf -vif %{_mandir}/man8/tune.exfat.* %changelog +* Mon Jul 01 2024 Pavel Reichl - 1.2.2-5 +- Fox High impact true positive findings + * Mon Jun 24 2024 Troy Dawson - 1.2.2-4 - Bump release for June 2024 mass rebuild * Fri Jan 19 2024 Fedora Release Engineering - 1.2.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -* Tue Oct 30 2023 Pavel Reichl - 1.2.2-2 +* Mon Oct 30 2023 Pavel Reichl - 1.2.2-2 - Convert License tag to SPDX format * Sat Oct 28 2023 Simone Caronni - 1.2.2-1 diff --git a/v1.2.3-exfat2img-fix-Missing-Initialization.patch b/v1.2.3-exfat2img-fix-Missing-Initialization.patch new file mode 100644 index 0000000..9b19e6f --- /dev/null +++ b/v1.2.3-exfat2img-fix-Missing-Initialization.patch @@ -0,0 +1,29 @@ +From 79b5b71cc6a1dbc45eeb63f53a6b51aa924309c8 Mon Sep 17 00:00:00 2001 +From: Pavel Reichl +Date: Mon, 13 Nov 2023 08:13:27 +0100 +Subject: [PATCH] exfat2img: fix Missing Initialization + +exfatprogs-1.2.2/exfat2img/exfat2img.c:895: uninit_use: Using uninitialized value "ret". + +Signed-off-by: Pavel Reichl +Signed-off-by: Namjae Jeon +--- + exfat2img/exfat2img.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/exfat2img/exfat2img.c b/exfat2img/exfat2img.c +index 3f83588..f1a4ef2 100644 +--- a/exfat2img/exfat2img.c ++++ b/exfat2img/exfat2img.c +@@ -762,7 +762,7 @@ static ssize_t read_stream(int fd, void *buf, size_t len) + + static int restore_from_stdin(struct exfat2img *ei) + { +- int in_fd, ret; ++ int in_fd, ret = 0; + unsigned char cc; + unsigned int clu, end_clu; + unsigned int cc_clu_count; +-- +2.45.2 + diff --git a/v1.2.3-tune-label-fix-USE_AFTER_FREE.patch b/v1.2.3-tune-label-fix-USE_AFTER_FREE.patch new file mode 100644 index 0000000..71c009d --- /dev/null +++ b/v1.2.3-tune-label-fix-USE_AFTER_FREE.patch @@ -0,0 +1,43 @@ +From 8e4f2e671a154549d07ec45cb3c9cfe31b27b27f Mon Sep 17 00:00:00 2001 +From: Pavel Reichl +Date: Mon, 13 Nov 2023 08:37:06 +0100 +Subject: [PATCH] tune: label: fix USE_AFTER_FREE + +double_free: Calling free frees pointer bs which has already been freed. + +if exfat_alloc_exfat fails it already frees exfat->bs via exfat_free_exfat + +Signed-off-by: Pavel Reichl +Signed-off-by: Namjae Jeon +--- + label/label.c | 1 - + tune/tune.c | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/label/label.c b/label/label.c +index 8cd5748..b110670 100644 +--- a/label/label.c ++++ b/label/label.c +@@ -105,7 +105,6 @@ int main(int argc, char *argv[]) + + exfat = exfat_alloc_exfat(&bd, bs); + if (!exfat) { +- free(bs); + ret = -ENOMEM; + goto close_fd_out; + } +diff --git a/tune/tune.c b/tune/tune.c +index f883556..fdb8c94 100644 +--- a/tune/tune.c ++++ b/tune/tune.c +@@ -129,7 +129,6 @@ int main(int argc, char *argv[]) + + exfat = exfat_alloc_exfat(&bd, bs); + if (!exfat) { +- free(bs); + ret = -ENOMEM; + goto close_fd_out; + } +-- +2.45.2 +