Commit Graph

2 Commits

Author SHA1 Message Date
Gustavo Zacarias
a0b0fcfe21 dosfstools: security bump to version 4.0
Fixes:

CVE-2015-8872 - if the third to last entry was written on a FAT12
filesystem with an odd number of clusters, the second to last entry
would be corrupted. This corruption may also lead to invalid memory
accesses when the corrupted entry becomes out of bounds and is used
late.

CVE-2016-4804 - the variable used for storing the FAT size (in bytes)
was an unsigned int. Since the size in sectors read from the BPB was not
sufficiently checked, this could end up being zero after multiplying it
with the sector size while some offsets still stayed excessive.
Ultimately it would cause segfaults when accessing FAT entries for which
no memory was allocated.

Converted package to autotools infra to match upstream.

The install options are now removals, enabled compatibilty symlinks and
exec-prefix set to / to match previous install names/locations.

Accounted for optional udev usage.

Dropped musl compatibility patch since it's upstream.

Add upstream patch to keep sectors a multiple of sectors per track since
it makes mtools cranky.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-05-31 13:21:25 +02:00
Gustavo Zacarias
7171a0e7a0 dosfstools: bump to version 3.0.28
Change to new homepage since maintainer changed as well.
Add hash file based on tarball signature file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-06-26 09:44:35 +02:00