[arch-commits] Commit in e2fsprogs/trunk (CVE-2015-1572.patch PKGBUILD)
Ronald van Haren
ronald at archlinux.org
Mon Mar 2 15:18:54 UTC 2015
Date: Monday, March 2, 2015 @ 16:18:54
Author: ronald
Revision: 232410
upgpkg: e2fsprogs 1.42.12-2
FS#44015: CVE-2015-1572 backport
Added:
e2fsprogs/trunk/CVE-2015-1572.patch
Modified:
e2fsprogs/trunk/PKGBUILD
---------------------+
CVE-2015-1572.patch | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 8 +++++--
2 files changed, 59 insertions(+), 2 deletions(-)
Added: CVE-2015-1572.patch
===================================================================
--- CVE-2015-1572.patch (rev 0)
+++ CVE-2015-1572.patch 2015-03-02 15:18:54 UTC (rev 232410)
@@ -0,0 +1,53 @@
+From 49d0fe2a14f2a23da2fe299643379b8c1d37df73 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso at mit.edu>
+Date: Fri, 6 Feb 2015 12:46:39 -0500
+Subject: libext2fs: fix potential buffer overflow in closefs()
+
+The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if
+s_first_meta_bg is too big" had a typo in the fix for
+ext2fs_closefs(). In practice most of the security exposure was from
+the openfs path, since this meant if there was a carefully crafted
+file system, buffer overrun would be triggered when the file system was
+opened.
+
+However, if corrupted file system didn't trip over some corruption
+check, and then the file system was modified via tune2fs or debugfs,
+such that the superblock was marked dirty and then written out via the
+closefs() path, it's possible that the buffer overrun could be
+triggered when the file system is closed.
+
+Also clear up a signed vs unsigned warning while we're at it.
+
+Thanks to Nick Kralevich <nnk at google.com> for asking me to look at
+compiler warning in the code in question, which led me to notice the
+bug in f66e6ce4446.
+
+Addresses: CVE-2015-1572
+
+Signed-off-by: Theodore Ts'o <tytso at mit.edu>
+
+diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c
+index 1f99113..ab5b2fb 100644
+--- a/lib/ext2fs/closefs.c
++++ b/lib/ext2fs/closefs.c
+@@ -287,7 +287,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
+ dgrp_t j;
+ #endif
+ char *group_ptr;
+- int old_desc_blocks;
++ blk64_t old_desc_blocks;
+ struct ext2fs_numeric_progress_struct progress;
+
+ EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS);
+@@ -346,7 +346,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
+ group_ptr = (char *) group_shadow;
+ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
+ old_desc_blocks = fs->super->s_first_meta_bg;
+- if (old_desc_blocks > fs->super->s_first_meta_bg)
++ if (old_desc_blocks > fs->desc_blocks)
+ old_desc_blocks = fs->desc_blocks;
+ } else
+ old_desc_blocks = fs->desc_blocks;
+--
+cgit v0.10.2
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-03-02 12:48:15 UTC (rev 232409)
+++ PKGBUILD 2015-03-02 15:18:54 UTC (rev 232410)
@@ -4,7 +4,7 @@
pkgname=e2fsprogs
pkgver=1.42.12
-pkgrel=1
+pkgrel=2
pkgdesc="Ext2/3/4 filesystem utilities"
arch=('i686' 'x86_64')
license=('GPL' 'LGPL' 'MIT')
@@ -13,11 +13,12 @@
depends=('sh' 'libutil-linux')
makedepends=('bc' 'util-linux')
source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pkgver}.tar.gz"
- 'MIT-LICENSE')
+ 'CVE-2015-1572.patch' 'MIT-LICENSE')
backup=('etc/mke2fs.conf')
options=('staticlibs')
install=${pkgname}.install
sha1sums=('083c1bb0d1e85672e8038a2fadf70b24e7409db7'
+ '7d0a46b59ea298e517f983f8ff67d29a0307f1ba'
'f4a0d5b0cdb980e3fedd6f5e7dde0b0ffb7bbdfb')
prepare() {
@@ -25,6 +26,9 @@
# Remove unnecessary init.d directory
sed -i '/init\.d/s|^|#|' misc/Makefile.in
+
+ # backport CVE 2015-1572 fix
+ patch -Np1 -i "${srcdir}/CVE-2015-1572.patch"
}
build() {
More information about the arch-commits
mailing list