Bug#827160: marked as done (jessie-pu: package dosfstools/3.0.27-1+deb8u1)

Debian Bug Tracking System Sat, 10 Feb 2018 04:46:23 -0800

Your message dated Sat, 10 Feb 2018 13:43:24 +0100
with message-id <20180210124324.fsz7wuaw4feqq...@betterave.cristau.org>
and subject line Re: Bug#827160: jessie-pu: package dosfstools/3.0.27-1+deb8u1
has caused the Debian Bug report #827160,
regarding jessie-pu: package dosfstools/3.0.27-1+deb8u1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
827160: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827160
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-CC: Andreas Bombe <a...@debian.org>

On my Debian Jessie machine, I would like to fix the two security issues
in dosfstools that show up in the debsecan report:
<URL: https://security-tracker.debian.org/tracker/CVE-2016-4804 >
<URL: https://security-tracker.debian.org/tracker/CVE-2016-4804 >.

The issues were fixed in Wheezy by the LTS team (DLA-474-1) and is also
fixed in unstable.  I would like to get it fixed in stable too, to get
it out of my debsecan list.

The attached patch is based on the patches in wheezy, and should solve
the problems.

Is it OK to upload the fix for stable?

I plan to push the changes to a debian/jessie branch on collab-maint
once I know the changes are acceptable for a stable update.

-- System Information:
Debian Release: 8.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=no_NO (charmap=locale: Cannot set
LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff --git a/debian/changelog b/debian/changelog
index 4f1e009..db765aa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+dosfstools (3.0.27-1+deb8u1) unstable; urgency=medium
+
+  * Non-maintainer upload to fix security issue.
+  * Added d/gbp.conf to document git branch used for Jessie updates.
+  * [CVE-2015-8872] Invalid memory read in fsck.vfat
+  * [CVE-2016-4804] Heap overflow in function read_fat()
+
+ -- Petter Reinholdtsen <p...@debian.org>  Mon, 13 Jun 2016 08:17:24 +0200
+
 dosfstools (3.0.27-1) unstable; urgency=medium
 
   * New upstream version 3.0.27
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..3926a07
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,3 @@
+[DEFAULT]
+debian-branch = debian/jessie
+pristine-tar = True
diff --git a/debian/patches/CVE-2015-8872.diff b/debian/patches/CVE-2015-8872.diff
new file mode 100644
index 0000000..07fb6c8
--- /dev/null
+++ b/debian/patches/CVE-2015-8872.diff
@@ -0,0 +1,22 @@
+https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7
+
+Index: dosfstools-collab/src/fat.c
+===================================================================
+--- dosfstools-collab.orig/src/fat.c	2016-06-13 08:07:44.669688617 +0200
++++ dosfstools-collab/src/fat.c	2016-06-13 08:07:44.665688587 +0200
+@@ -197,10 +197,12 @@
+ 	    data[1] = new >> 4;
+ 	} else {
+ 	    FAT_ENTRY subseqEntry;
+-	    get_fat(&subseqEntry, fs->fat, cluster + 1, fs);
++	    if (cluster != fs->clusters - 1)
++	        get_fat(&subseqEntry, fs->fat, cluster + 1, fs);
++	    else
++	        subseqEntry.value = 0;
+ 	    data[0] = new & 0xff;
+-	    data[1] = (new >> 8) | (cluster == fs->clusters - 1 ? 0 :
+-				    (0xff & subseqEntry.value) << 4);
++	    data[1] = (new >> 8) | ((0xff & subseqEntry.value) << 4);
+ 	}
+ 	size = 2;
+ 	break;
diff --git a/debian/patches/CVE-2016-4804.diff b/debian/patches/CVE-2016-4804.diff
new file mode 100644
index 0000000..d28174c
--- /dev/null
+++ b/debian/patches/CVE-2016-4804.diff
@@ -0,0 +1,64 @@
+https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52
+
+Index: dosfstools-collab/src/boot.c
+===================================================================
+--- dosfstools-collab.orig/src/boot.c	2016-06-13 07:59:10.337694024 +0200
++++ dosfstools-collab/src/boot.c	2016-06-13 08:00:46.290436480 +0200
+@@ -101,8 +101,8 @@
+ 	   (unsigned long long)fs->fat_start,
+ 	   (unsigned long long)fs->fat_start / lss);
+     printf("%10d FATs, %d bit entries\n", b->fats, fs->fat_bits);
+-    printf("%10d bytes per FAT (= %u sectors)\n", fs->fat_size,
+-	   fs->fat_size / lss);
++    printf("%10lld bytes per FAT (= %llu sectors)\n", (long long)fs->fat_size,
++	   (long long)fs->fat_size / lss);
+     if (!fs->root_cluster) {
+ 	printf("Root directory starts at byte %llu (sector %llu)\n",
+ 	       (unsigned long long)fs->root_start,
+@@ -326,7 +326,7 @@
+     struct boot_sector b;
+     unsigned total_sectors;
+     unsigned short logical_sector_size, sectors;
+-    unsigned fat_length;
++    off_t fat_length;
+     loff_t data_size;
+ 
+     fs_read(0, sizeof(b), &b);
+@@ -354,8 +354,12 @@
+     /* Can't access last odd sector anyway, so round down */
+     fs_test((loff_t) ((total_sectors & ~1) - 1) * (loff_t) logical_sector_size,
+ 	    logical_sector_size);
++
+     fat_length = le16toh(b.fat_length) ?
+ 	le16toh(b.fat_length) : le32toh(b.fat32_length);
++    if (!fat_length)
++        die("FAT size is zero.");
++
+     fs->fat_start = (loff_t) le16toh(b.reserved) * logical_sector_size;
+     fs->root_start = ((loff_t) le16toh(b.reserved) + b.fats * fat_length) *
+ 	logical_sector_size;
+@@ -363,7 +367,11 @@
+     fs->data_start = fs->root_start + ROUND_TO_MULTIPLE(fs->root_entries <<
+ 							MSDOS_DIR_BITS,
+ 							logical_sector_size);
++
+     data_size = (loff_t) total_sectors *logical_sector_size - fs->data_start;
++    if (data_size < fs->cluster_size)
++         die("Filesystem has no space for any data clusters");
++
+     fs->clusters = data_size / fs->cluster_size;
+     fs->root_cluster = 0;	/* indicates standard, pre-FAT32 root dir */
+     fs->fsinfo_start = 0;	/* no FSINFO structure */
+diff --git a/src/fsck.fat.h b/src/fsck.fat.h
+index e5ade5b..639b569 100644
+--- a/src/fsck.fat.h
++++ b/src/fsck.fat.h
+@@ -158,7 +158,7 @@ typedef struct {
+ typedef struct {
+     int nfats;
+     loff_t fat_start;
+-    unsigned int fat_size;	/* unit is bytes */
++    off_t fat_size;	/* unit is bytes */
+     unsigned int fat_bits;	/* size of a FAT entry */
+     unsigned int eff_fat_bits;	/* # of used bits in a FAT entry */
+     uint32_t root_cluster;	/* 0 for old-style root dir */
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..014ae4e
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+CVE-2016-4804.diff
+CVE-2015-8872.diff

--- End Message ---

--- Begin Message ---

On Thu, Nov  3, 2016 at 21:16:49 +0100, Petter Reinholdtsen wrote:

> Control: tags -1 -moreinfo
> 
> I believe I have provided all the requested information, and is
> unsure how much of my proposed changes is accepted by the release
> managers.  Can someone let me know what the status of this proposal is?
> 
At this point in jessie's lifecycle I don't think it's worth revisiting
this.  Closing, sorry it took so long.

Cheers,
Julien

--- End Message ---

Bug#827160: marked as done (jessie-pu: package dosfstools/3.0.27-1+deb8u1)

Reply via email to