aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-01-17 23:24:06 +0100
committerLeo <thinkabit.ukim@gmail.com>2020-01-18 14:39:01 +0100
commit18b5cab25223debddf802a6309b15db6947dba96 (patch)
tree0e9435aa3c98277877dda6d6b866e6e3d09f3962
parentd47526fa9b80409c05cb72d95cb44f39a818d02b (diff)
main/e2fsprogs: fix CVE-2019-5188
ref #11133
-rw-r--r--main/e2fsprogs/APKBUILD8
-rw-r--r--main/e2fsprogs/CVE-2019-5188.patch51
2 files changed, 57 insertions, 2 deletions
diff --git a/main/e2fsprogs/APKBUILD b/main/e2fsprogs/APKBUILD
index 13eba084415..97d7f71207f 100644
--- a/main/e2fsprogs/APKBUILD
+++ b/main/e2fsprogs/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=e2fsprogs
pkgver=1.44.2
-pkgrel=1
+pkgrel=2
pkgdesc="Standard Ext2/3/4 filesystem utilities"
url="http://e2fsprogs.sourceforge.net"
arch="all"
@@ -14,10 +14,13 @@ makedepends="$depends_dev linux-headers"
subpackages="$pkgname-dev $pkgname-doc libcom_err $pkgname-libs $pkgname-extra"
source="https://www.kernel.org/pub/linux/kernel/people/tytso/$pkgname/v$pkgver/$pkgname-$pkgver.tar.xz
CVE-2019-5094.patch
+ CVE-2019-5188.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 1.44.2-r2:
+# - CVE-2019-5188
# 1.44.2-r1:
# - CVE-2019-5094
@@ -71,4 +74,5 @@ extra() {
mv "$pkgdir"/usr "$subpkgdir"/
}
sha512sums="db34be8c2b606da565a46635d9ed859ccc28921c9a494dd90fbe461a400d0411b0ec6582d3a858adc916d68ec5e835814da798f1cb44710b75fc4efe0145eb90 e2fsprogs-1.44.2.tar.xz
-72e7d8199ea071802fbe74fbb2153253e5460412b115e03750ecac46d298aeb73bd8e7610a2d5b8be83b7125080c7e9e23d9b71baee1c7a4f68026344106a922 CVE-2019-5094.patch"
+72e7d8199ea071802fbe74fbb2153253e5460412b115e03750ecac46d298aeb73bd8e7610a2d5b8be83b7125080c7e9e23d9b71baee1c7a4f68026344106a922 CVE-2019-5094.patch
+88178e33f9754e203484d0fdb7abe3488116cde5884fdc4d36155ba7aa5ebda1d05558406ee9c67878c03d1fcfebf19a9bf9b18e41671276a27b593e2ea0fc6d CVE-2019-5188.patch"
diff --git a/main/e2fsprogs/CVE-2019-5188.patch b/main/e2fsprogs/CVE-2019-5188.patch
new file mode 100644
index 00000000000..840140540be
--- /dev/null
+++ b/main/e2fsprogs/CVE-2019-5188.patch
@@ -0,0 +1,51 @@
+diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c
+index 392ff2c..4808c3b 100644
+--- a/e2fsck/pass1b.c
++++ b/e2fsck/pass1b.c
+@@ -680,6 +680,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino,
+ fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx);
+ if (ctx->inode_bad_map)
+ ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino);
++ if (ctx->inode_reg_map)
++ ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino);
++ ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino);
++ ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino);
+ ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode));
+ quota_data_sub(ctx->qctx, &dp->inode, ino,
+ pb.dup_blocks * fs->blocksize);
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index 486e1f2..4579f84 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -159,6 +159,10 @@ static int fill_dir_block(ext2_filsys fs,
+ dir_offset += rec_len;
+ if (dirent->inode == 0)
+ continue;
++ if ((name_len) == 0) {
++ fd->err = EXT2_ET_DIR_CORRUPTED;
++ return BLOCK_ABORT;
++ }
+ if (!fd->compress && (name_len == 1) &&
+ (dirent->name[0] == '.'))
+ continue;
+@@ -398,6 +402,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs,
+ continue;
+ }
+ new_len = ext2fs_dirent_name_len(ent->dir);
++ if (new_len == 0) {
++ /* should never happen */
++ ext2fs_unmark_valid(fs);
++ continue;
++ }
+ memcpy(new_name, ent->dir->name, new_len);
+ mutate_name(new_name, &new_len);
+ for (j=0; j < fd->num_array; j++) {
+@@ -1016,6 +1025,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx)
+ if (!ext2fs_u32_list_iterate(iter, &ino))
+ break;
+ }
++ if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino))
++ continue;
+
+ pctx.dir = ino;
+ if (first) {