Set link to e2fsprogs.23990 via maintenance_release request

Rev SUSE:SLE-12-SP4:Update/5 Md5 dbffc6374ae5d10643c714e6b79c5d53 2022-05-17 07:14:11 abergmann None
This commit is contained in:
OBS User abergmann 2022-05-17 07:14:11 +00:00 committed by Git OBS Bridge
parent d773d8e72a
commit bd69f86437
3 changed files with 87 additions and 10 deletions

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Apr 29 15:54:25 UTC 2022 - Jan Kara <jack@suse.cz>
- libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add
sanity check to extent manipulation (bsc#1198446 CVE-2022-1304)
-------------------------------------------------------------------
Mon Mar 30 09:57:19 UTC 2020 - Jan Kara <jack@suse.cz>

View File

@ -1,7 +1,7 @@
#
# spec file for package e2fsprogs
#
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -48,17 +48,17 @@ Obsoletes: e2fsprogs-64bit
%if %{build_mini}
Conflicts: e2fsprogs
Conflicts: e2fsprogs-devel
Conflicts: libext2fs2
Conflicts: libext2fs-devel
Conflicts: libcom_err2
Conflicts: libcom_err-devel
Conflicts: libcom_err2
Conflicts: libext2fs-devel
Conflicts: libext2fs2
%else
Conflicts: e2fsprogs-mini
Conflicts: e2fsprogs-mini-devel
Conflicts: libext2fs2-mini
Conflicts: libext2fs-mini-devel
Conflicts: libcom_err2-mini
Conflicts: libcom_err-mini-devel
Conflicts: libcom_err2-mini
Conflicts: libext2fs-mini-devel
Conflicts: libext2fs2-mini
%endif
#
Version: 1.43.8
@ -66,7 +66,7 @@ Release: 0
Summary: Utilities for the Second Extended File System
License: GPL-2.0-only
Group: System/Filesystems
Url: http://e2fsprogs.sourceforge.net
URL: http://e2fsprogs.sourceforge.net
Requires(post): coreutils
Requires: libcom_err2 >= %{version}
Requires: libext2fs2 >= %{version}
@ -92,6 +92,7 @@ Patch13: ext2fs-update-allocation-info-earlier-in-ext2fs_mkdi.patch
Patch14: ext2fs-implement-dir-entry-creation-in-htree-directo.patch
Patch15: tests-add-test-to-excercise-indexed-directories-with.patch
Patch16: tune2fs-update-dir-checksums-when-clearing-dir_index.patch
Patch17: libext2fs-add-sanity-check-to-extent-manipulation.patch
# Do not suppress make commands
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -119,6 +120,7 @@ Dummy development package for backwards compatibility.
%if %{build_mini}
%package -n libext2fs2-mini
%else
%package -n libext2fs2
%endif
Summary: Ext2fs library
@ -128,6 +130,7 @@ Group: System/Filesystems
%if %{build_mini}
%description -n libext2fs2-mini
%else
%description -n libext2fs2
%endif
The basic Ext2fs shared library.
@ -135,6 +138,7 @@ The basic Ext2fs shared library.
%if %{build_mini}
%package -n libext2fs-mini-devel
%else
%package -n libext2fs-devel
%endif
Summary: Development files for libext2fs
@ -146,6 +150,7 @@ Requires: libext2fs2 = %version
%if %{build_mini}
%description -n libext2fs-mini-devel
%else
%description -n libext2fs-devel
%endif
Development files for libext2fs.
@ -166,6 +171,7 @@ Development files for libext2fs. Static libraries.
%if %{build_mini}
%package -n libcom_err2-mini
%else
%package -n libcom_err2
%endif
Summary: E2fsprogs error reporting library
@ -183,6 +189,7 @@ Obsoletes: libcom_err <= 1.40
%if %{build_mini}
%description -n libcom_err2-mini
%else
%description -n libcom_err2
%endif
com_err is an error message display library.
@ -190,6 +197,7 @@ com_err is an error message display library.
%if %{build_mini}
%package -n libcom_err-mini-devel
%else
%package -n libcom_err-devel
%endif
Summary: Development files for libcom_err
@ -206,6 +214,7 @@ Requires: libcom_err2 = %version
%if %{build_mini}
%description -n libcom_err-mini-devel
%else
%description -n libcom_err-devel
%endif
Development files for the com_err error message display library.
@ -247,6 +256,7 @@ Development files for the com_err error message display library. Static librarie
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
cp %{SOURCE2} .
%build
@ -301,6 +311,7 @@ popd
for libName in $LIBNAMES;
do ln -s %{_libdir}/$libName %{buildroot}/%{_lib};
done
#EndUsrMerge
%post
/sbin/ldconfig
@ -412,6 +423,7 @@ done
%if %{build_mini}
%files -n libext2fs2-mini
%else
%files -n libext2fs2
%endif
%defattr(-, root, root)
@ -425,6 +437,7 @@ done
%if %{build_mini}
%files -n libext2fs-mini-devel
%else
%files -n libext2fs-devel
%endif
%defattr(-, root, root)
@ -438,6 +451,7 @@ done
%if %{build_mini}
%files -n libcom_err2-mini
%else
%files -n libcom_err2
%endif
%defattr(-, root, root)
@ -451,6 +465,7 @@ done
%if %{build_mini}
%files -n libcom_err-mini-devel
%else
%files -n libcom_err-devel
%endif
%defattr(-, root, root)

View File

@ -0,0 +1,56 @@
From ab51d587bb9b229b1fade1afd02e1574c1ba5c76 Mon Sep 17 00:00:00 2001
From: Lukas Czerner <lczerner@redhat.com>
Date: Thu, 21 Apr 2022 19:31:48 +0200
Subject: [PATCH] libext2fs: add sanity check to extent manipulation
References: bsc#1198446 CVE-2022-1304
It is possible to have a corrupted extent tree in such a way that a leaf
node contains zero extents in it. Currently if that happens and we try
to traverse the tree we can end up accessing wrong data, or possibly
even uninitialized memory. Make sure we don't do that.
Additionally make sure that we have a sane number of bytes passed to
memmove() in ext2fs_extent_delete().
Note that e2fsck is currently unable to spot and fix such corruption in
pass1.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reported-by: Nils Bars <nils_bars@t-online.de>
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2068113
Addresses: CVE-2022-1304
Addresses-Debian-Bug: #1010263
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
lib/ext2fs/extent.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c
index b324c7b0f8c8..1a206a16c13f 100644
--- a/lib/ext2fs/extent.c
+++ b/lib/ext2fs/extent.c
@@ -495,6 +495,10 @@ retry:
ext2fs_le16_to_cpu(eh->eh_entries);
newpath->max_entries = ext2fs_le16_to_cpu(eh->eh_max);
+ /* Make sure there is at least one extent present */
+ if (newpath->left <= 0)
+ return EXT2_ET_EXTENT_NO_DOWN;
+
if (path->left > 0) {
ix++;
newpath->end_blk = ext2fs_le32_to_cpu(ix->ei_block);
@@ -1630,6 +1634,10 @@ errcode_t ext2fs_extent_delete(ext2_extent_handle_t handle, int flags)
cp = path->curr;
+ /* Sanity check before memmove() */
+ if (path->left < 0)
+ return EXT2_ET_EXTENT_LEAF_BAD;
+
if (path->left) {
memmove(cp, cp + sizeof(struct ext3_extent_idx),
path->left * sizeof(struct ext3_extent_idx));
--
2.34.1