diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-11 09:57:33 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-11 09:57:58 +0000 |
| commit | c3971aa6e58a94e80bac49a8cd3b15b6beaffc79 (patch) | |
| tree | cb457a6148f36e1b2ea919481761c7305f2a006e | |
| parent | 485b41b3291d315e60859e9146014dd14183e8c9 (diff) | |
| download | aports-c3971aa6e58a94e80bac49a8cd3b15b6beaffc79.tar.bz2 aports-c3971aa6e58a94e80bac49a8cd3b15b6beaffc79.tar.xz | |
main/e2fsprogs: security fix for CVE-2015-0247
fixes #3944
| -rw-r--r-- | main/e2fsprogs/APKBUILD | 15 | ||||
| -rw-r--r-- | main/e2fsprogs/CVE-2015-0247.patch | 54 |
2 files changed, 64 insertions, 5 deletions
diff --git a/main/e2fsprogs/APKBUILD b/main/e2fsprogs/APKBUILD index d494f77f79..51b7f1f9b3 100644 --- a/main/e2fsprogs/APKBUILD +++ b/main/e2fsprogs/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=e2fsprogs pkgver=1.42.8 -pkgrel=1 +pkgrel=2 pkgdesc="Standard Ext2/3/4 filesystem utilities" url="http://e2fsprogs.sourceforge.net" arch="all" @@ -11,7 +11,9 @@ install= makedepends="util-linux-dev pkgconfig" subpackages="$pkgname-dev $pkgname-doc libcom_err" source="http://downloads.sourceforge.net/sourceforge/e2fsprogs/e2fsprogs-$pkgver.tar.gz - fix_uint64_t.patch" + fix_uint64_t.patch + CVE-2015-0247.patch + " depends_dev="util-linux-dev" @@ -57,8 +59,11 @@ libcom_err() { } md5sums="8ef664b6eb698aa6b733df59b17b9ed4 e2fsprogs-1.42.8.tar.gz -64cc1406a634a16b6e411a49e67715e9 fix_uint64_t.patch" +64cc1406a634a16b6e411a49e67715e9 fix_uint64_t.patch +687730ae5bb3c62f38524197fcee8de6 CVE-2015-0247.patch" sha256sums="b984aaf1fe888d6a4cf8c2e8d397207879599b5368f1d33232c1ec9d68d00c97 e2fsprogs-1.42.8.tar.gz -4ad117a5bbd9d134b0e65b89094c3efe276c3a3456f45bd7842dd046803ec861 fix_uint64_t.patch" +4ad117a5bbd9d134b0e65b89094c3efe276c3a3456f45bd7842dd046803ec861 fix_uint64_t.patch +ecee45031bc64cb3572602e0035963ccfe8ef8b2e116b67783f64e5d3bf9e6cc CVE-2015-0247.patch" sha512sums="69447105cbfec6099a8b7686d7cb8f4727d8c7c3f438acd0ec065ece70c225ce2c5e72e22ba16d88ef6dac81112b7571083d0cadd2fd1c82415c959ae632e61c e2fsprogs-1.42.8.tar.gz -b8645d1d83527f1ddd8a59b8a3f4658b226d76fc381fde6f38f77d3866038541a237d3a31ced657ad9950c798da299b33cdf55b138f71ab352d62969d9b995ae fix_uint64_t.patch" +b8645d1d83527f1ddd8a59b8a3f4658b226d76fc381fde6f38f77d3866038541a237d3a31ced657ad9950c798da299b33cdf55b138f71ab352d62969d9b995ae fix_uint64_t.patch +00263dab2ae1929bba74c3841874fb3f7609a4279404014adad31ccca0e4503e203b0ead1c4937708dce161f046b47314f797aba4b62d81a5e840c0f44ca8116 CVE-2015-0247.patch" diff --git a/main/e2fsprogs/CVE-2015-0247.patch b/main/e2fsprogs/CVE-2015-0247.patch new file mode 100644 index 0000000000..be7672c5c8 --- /dev/null +++ b/main/e2fsprogs/CVE-2015-0247.patch @@ -0,0 +1,54 @@ +From f66e6ce4446738c2c7f43d41988a3eb73347e2f5 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o <tytso@mit.edu> +Date: Sat, 9 Aug 2014 12:24:54 -0400 +Subject: libext2fs: avoid buffer overflow if s_first_meta_bg is too big + +If s_first_meta_bg is greater than the of number block group +descriptor blocks, then reading or writing the block group descriptors +will end up overruning the memory buffer allocated for the +descriptors. Fix this by limiting first_meta_bg to no more than +fs->desc_blocks. This doesn't correct the bad s_first_meta_bg value, +but it avoids causing the e2fsprogs userspace programs from +potentially crashing. + +Signed-off-by: Theodore Ts'o <tytso@mit.edu> + +diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c +index 4599eef..1f99113 100644 +--- a/lib/ext2fs/closefs.c ++++ b/lib/ext2fs/closefs.c +@@ -344,9 +344,11 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags) + * superblocks and group descriptors. + */ + group_ptr = (char *) group_shadow; +- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) ++ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) { + old_desc_blocks = fs->super->s_first_meta_bg; +- else ++ if (old_desc_blocks > fs->super->s_first_meta_bg) ++ old_desc_blocks = fs->desc_blocks; ++ } else + old_desc_blocks = fs->desc_blocks; + + ext2fs_numeric_progress_init(fs, &progress, NULL, +diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c +index a1a3517..ba501e6 100644 +--- a/lib/ext2fs/openfs.c ++++ b/lib/ext2fs/openfs.c +@@ -378,9 +378,11 @@ errcode_t ext2fs_open2(const char *name, const char *io_options, + #ifdef WORDS_BIGENDIAN + groups_per_block = EXT2_DESC_PER_BLOCK(fs->super); + #endif +- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) ++ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) { + first_meta_bg = fs->super->s_first_meta_bg; +- else ++ if (first_meta_bg > fs->desc_blocks) ++ first_meta_bg = fs->desc_blocks; ++ } else + first_meta_bg = fs->desc_blocks; + if (first_meta_bg) { + retval = io_channel_read_blk(fs->io, group_block + +-- +cgit v0.10.2 + |