This fixes CVE-2019-5188:
A code execution vulnerability exists in the directory rehashing
functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4
directory can cause an out-of-bounds write on the stack, resulting
in code execution. An attacker can corrupt a partition to trigger
this vulnerability.
Also change the hash file to the new spacing convention introduced
by Yann E. Morin.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop musl build fix patch; issue fixed in upstream commit 98c6113b4147
("Define __GNUC_PREREQ if necessary").
Drop the forced -DHAVE_SYS_STAT_H; issue fixed in upstream commit
68192a8f83e00 ("util: allow subst to build in cross build environemnt").
Drop libmagic disable in the host package. RHEL 5 is no longer a
supported host platform; cfr. commit 27797caf76 ("docs/manual: update
host gcc minimum required version").
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
From the release notes (https://lwn.net/Articles/750103/):
E2fsprogs 1.44.0 introduced a regression introduced which caused e2fsck
to fail to support HTree directories on big-endian systems. Fix how we
read block numbers for internal htree nodes.
Removed a potential memory leak from fsck.
E2image now correctly creates e2image files for bigalloc file systems.
Dumpe2fs and debugfs now correctly support e2image files for file
systems that have the meta_bg option enabled.
E2fsck and debugfs now correctly handle delete inodes (including
processing the orphaned inode list in the case of e2fsck) for bigalloc
file systems. (Addresses Google Bug: #73795618)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop 0001-libext2fs-fix-build-failure-in-swapfs.c-on-big-endia.patch as it
is now upstream.
Only contains minor bugfixes since 1.43.8 and no new features.
>From the release notes:
Remove the huge file flag from libe2p (and hence from chattr/lsattr),
since it was never made visible by the kernel. Remove the description
of some compression related flags, and add a description of the
encrypted file flag, and the project hierarchy flag.
Remove a misplaced "MNP is unsupported" message from debugfs.
Fix a build failure in lib/ext2fs/swapfs.c on big-endian systems.
(Addresses Debian Bug #886119)
Fix various Debian packaging issues. (Addresses Debian Bug #269569).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Upstream patches removed.
- Do not autoreconf since this was neecessary for one of those patches
that are now upstream. Also remove host-gettext dependency for the
same reason.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add new fuse2fs option and disable it for host-e2fsprogs to avoid
carrying over unused/unnecessary distro/host dependencies.
Move E2FSPROGS_DEPENDENCIES to the top to avoid nasty mistakes (like
resetting a previous conditional addition).
License file renamed from COPYING to NOTICE.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also update hash file
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
For some reason the kernel.org download hash doesn't match the
sourceforge hash so switch to kernel.org for the download.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
