diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-11 09:57:33 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-11 09:59:12 +0000 |
commit | 74d4340a8a341da90ba9bc9f7ad2fa15fc29d92f (patch) | |
tree | 72eb03859c3a71e93a91036d67007bbef6b854cb | |
parent | 184fa95a5203e579a2caf369ba629f37afa69f78 (diff) | |
download | aports-74d4340a8a341da90ba9bc9f7ad2fa15fc29d92f.tar.bz2 aports-74d4340a8a341da90ba9bc9f7ad2fa15fc29d92f.tar.xz |
main/e2fsprogs: security fix for CVE-2015-0247
fixes #3943
-rw-r--r-- | main/e2fsprogs/APKBUILD | 13 | ||||
-rw-r--r-- | main/e2fsprogs/CVE-2015-0247.patch | 54 |
2 files changed, 64 insertions, 3 deletions
diff --git a/main/e2fsprogs/APKBUILD b/main/e2fsprogs/APKBUILD index 0c11e60e03..7771583981 100644 --- a/main/e2fsprogs/APKBUILD +++ b/main/e2fsprogs/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=e2fsprogs pkgver=1.42.7 -pkgrel=0 +pkgrel=1 pkgdesc="Standard Ext2/3/4 filesystem utilities" url="http://e2fsprogs.sourceforge.net" arch="all" @@ -10,7 +10,9 @@ depends= install= makedepends="util-linux-dev pkgconfig" subpackages="$pkgname-dev $pkgname-doc libcom_err" -source="http://downloads.sourceforge.net/sourceforge/e2fsprogs/e2fsprogs-$pkgver.tar.gz" +source="http://downloads.sourceforge.net/sourceforge/e2fsprogs/e2fsprogs-$pkgver.tar.gz + CVE-2015-0247.patch + " depends_dev="util-linux-dev" @@ -46,4 +48,9 @@ libcom_err() { mv "$pkgdir"/lib/libcom_err* "$subpkgdir"/lib/ } -md5sums="a1ec22ef003688dae9f76c74881b22b9 e2fsprogs-1.42.7.tar.gz" +md5sums="a1ec22ef003688dae9f76c74881b22b9 e2fsprogs-1.42.7.tar.gz +687730ae5bb3c62f38524197fcee8de6 CVE-2015-0247.patch" +sha256sums="dc6501b2e75d205e425196d753d92b129c568525d8aad08085c0aa69ee9e7345 e2fsprogs-1.42.7.tar.gz +ecee45031bc64cb3572602e0035963ccfe8ef8b2e116b67783f64e5d3bf9e6cc CVE-2015-0247.patch" +sha512sums="954dbb832c2614d20cfaa5233033b469f16bf96612cf25074a66da79a5b3abf5eb1b340781e351bde06daf13bbbf5db4643774858aa494b8a8394ea742b6f07b e2fsprogs-1.42.7.tar.gz +00263dab2ae1929bba74c3841874fb3f7609a4279404014adad31ccca0e4503e203b0ead1c4937708dce161f046b47314f797aba4b62d81a5e840c0f44ca8116 CVE-2015-0247.patch" diff --git a/main/e2fsprogs/CVE-2015-0247.patch b/main/e2fsprogs/CVE-2015-0247.patch new file mode 100644 index 0000000000..be7672c5c8 --- /dev/null +++ b/main/e2fsprogs/CVE-2015-0247.patch @@ -0,0 +1,54 @@ +From f66e6ce4446738c2c7f43d41988a3eb73347e2f5 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o <tytso@mit.edu> +Date: Sat, 9 Aug 2014 12:24:54 -0400 +Subject: libext2fs: avoid buffer overflow if s_first_meta_bg is too big + +If s_first_meta_bg is greater than the of number block group +descriptor blocks, then reading or writing the block group descriptors +will end up overruning the memory buffer allocated for the +descriptors. Fix this by limiting first_meta_bg to no more than +fs->desc_blocks. This doesn't correct the bad s_first_meta_bg value, +but it avoids causing the e2fsprogs userspace programs from +potentially crashing. + +Signed-off-by: Theodore Ts'o <tytso@mit.edu> + +diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c +index 4599eef..1f99113 100644 +--- a/lib/ext2fs/closefs.c ++++ b/lib/ext2fs/closefs.c +@@ -344,9 +344,11 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags) + * superblocks and group descriptors. + */ + group_ptr = (char *) group_shadow; +- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) ++ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) { + old_desc_blocks = fs->super->s_first_meta_bg; +- else ++ if (old_desc_blocks > fs->super->s_first_meta_bg) ++ old_desc_blocks = fs->desc_blocks; ++ } else + old_desc_blocks = fs->desc_blocks; + + ext2fs_numeric_progress_init(fs, &progress, NULL, +diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c +index a1a3517..ba501e6 100644 +--- a/lib/ext2fs/openfs.c ++++ b/lib/ext2fs/openfs.c +@@ -378,9 +378,11 @@ errcode_t ext2fs_open2(const char *name, const char *io_options, + #ifdef WORDS_BIGENDIAN + groups_per_block = EXT2_DESC_PER_BLOCK(fs->super); + #endif +- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) ++ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) { + first_meta_bg = fs->super->s_first_meta_bg; +- else ++ if (first_meta_bg > fs->desc_blocks) ++ first_meta_bg = fs->desc_blocks; ++ } else + first_meta_bg = fs->desc_blocks; + if (first_meta_bg) { + retval = io_channel_read_blk(fs->io, group_block + +-- +cgit v0.10.2 + |