a0b0fcfe21
Fixes: CVE-2015-8872 - if the third to last entry was written on a FAT12 filesystem with an odd number of clusters, the second to last entry would be corrupted. This corruption may also lead to invalid memory accesses when the corrupted entry becomes out of bounds and is used late. CVE-2016-4804 - the variable used for storing the FAT size (in bytes) was an unsigned int. Since the size in sectors read from the BPB was not sufficiently checked, this could end up being zero after multiplying it with the sector size while some offsets still stayed excessive. Ultimately it would cause segfaults when accessing FAT entries for which no memory was allocated. Converted package to autotools infra to match upstream. The install options are now removals, enabled compatibilty symlinks and exec-prefix set to / to match previous install names/locations. Accounted for optional udev usage. Dropped musl compatibility patch since it's upstream. Add upstream patch to keep sectors a multiple of sectors per track since it makes mtools cranky. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 lines
144 B
Plaintext
3 lines
144 B
Plaintext
# Locally calculated after checking pgp signature
|
|
sha256 9037738953559d1efe04fc5408b6846216cc0138f7f9d32de80b6ec3c35e7daf dosfstools-4.0.tar.xz
|