Hello community, here is the log from the commit of package e2fsprogs for openSUSE:Leap:15.2 checked in at 2020-02-16 18:25:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/e2fsprogs (Old) and /work/SRC/openSUSE:Leap:15.2/.e2fsprogs.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "e2fsprogs" Sun Feb 16 18:25:27 2020 rev:30 rq:769253 version:1.43.8 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/e2fsprogs/e2fsprogs.changes 2020-01-15 14:53:27.489523888 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.e2fsprogs.new.26092/e2fsprogs.changes 2020-02-16 18:25:32.266630602 +0100 @@ -1,0 +2,9 @@ +Thu Jan 9 14:25:34 UTC 2020 - Jan Kara <[email protected]> + +- e2fsck-abort-if-there-is-a-corrupted-directory-block.patch: e2fsck: abort if + there is a corrupted directory block when rehashing (bsc#1160571 + CVE-2019-5188) +- e2fsck-don-t-try-to-rehash-a-deleted-directory.patch: 2fsck: don't try to + rehash a deleted directory (bsc#1160571 CVE-2019-5188) + +------------------------------------------------------------------- New: ---- e2fsck-abort-if-there-is-a-corrupted-directory-block.patch e2fsck-don-t-try-to-rehash-a-deleted-directory.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ e2fsprogs.spec ++++++ --- /var/tmp/diff_new_pack.FxC3jT/_old 2020-02-16 18:25:32.962630956 +0100 +++ /var/tmp/diff_new_pack.FxC3jT/_new 2020-02-16 18:25:32.966630958 +0100 @@ -86,6 +86,8 @@ Patch8: libext2fs-call-fsync-2-to-clear-stale-errors-for-a-n.patch Patch9: libsupport-add-checks-to-prevent-buffer-overrun-bugs.patch Patch10: resize2fs-Make-minimum-size-estimates-more-reliable.patch +Patch11: e2fsck-abort-if-there-is-a-corrupted-directory-block.patch +Patch12: e2fsck-don-t-try-to-rehash-a-deleted-directory.patch # Do not suppress make commands BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -235,6 +237,8 @@ %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 +%patch12 -p1 cp %{SOURCE2} . %build ++++++ e2fsck-abort-if-there-is-a-corrupted-directory-block.patch ++++++ >From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001 From: Theodore Ts'o <[email protected]> Date: Thu, 19 Dec 2019 19:37:34 -0500 Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when rehashing References: bsc#1160571 CVE-2019-5188 In e2fsck pass 3a, when we are rehashing directories, at least in theory, all of the directories should have had corruptions with respect to directory entry structure fixed. However, it's possible (for example, if the user declined a fix) that we can reach this stage of processing with a corrupted directory entries. So check for that case and don't try to process a corrupted directory block so we don't run into trouble in mutate_name() if there is a zero-length file name. Addresses: TALOS-2019-0973 Addresses: CVE-2019-5188 Signed-off-by: Theodore Ts'o <[email protected]> Acked-by: Jan Kara <[email protected]> --- e2fsck/rehash.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c index a5fc1be1a210..3dd1e94131c6 100644 --- a/e2fsck/rehash.c +++ b/e2fsck/rehash.c @@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs, dir_offset += rec_len; if (dirent->inode == 0) continue; + if ((name_len) == 0) { + fd->err = EXT2_ET_DIR_CORRUPTED; + return BLOCK_ABORT; + } if (!fd->compress && (name_len == 1) && (dirent->name[0] == '.')) continue; @@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs, continue; } new_len = ext2fs_dirent_name_len(ent->dir); + if (new_len == 0) { + /* should never happen */ + ext2fs_unmark_valid(fs); + continue; + } memcpy(new_name, ent->dir->name, new_len); mutate_name(new_name, &new_len); for (j=0; j < fd->num_array; j++) { -- 2.16.4 ++++++ e2fsck-don-t-try-to-rehash-a-deleted-directory.patch ++++++ >From 71ba13755337e19c9a826dfc874562a36e1b24d3 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o <[email protected]> Date: Thu, 19 Dec 2019 19:45:06 -0500 Subject: [PATCH] e2fsck: don't try to rehash a deleted directory References: bsc#1160571 CVE-2019-5188 If directory has been deleted in pass1[bcd] processing, then we shouldn't try to rehash the directory in pass 3a when we try to rehash/reoptimize directories. Signed-off-by: Theodore Ts'o <[email protected]> Acked-by: Jan Kara <[email protected]> --- e2fsck/pass1b.c | 4 ++++ e2fsck/rehash.c | 2 ++ 2 files changed, 6 insertions(+) diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c index 5693b9cfcc5a..bca701cab94f 100644 --- a/e2fsck/pass1b.c +++ b/e2fsck/pass1b.c @@ -705,6 +705,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino, fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx); if (ctx->inode_bad_map) ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino); + if (ctx->inode_reg_map) + ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino); + ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino); + ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino); ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode)); quota_data_sub(ctx->qctx, &dp->inode, ino, pb.dup_blocks * fs->blocksize); diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c index 3dd1e94131c6..2c908be04d70 100644 --- a/e2fsck/rehash.c +++ b/e2fsck/rehash.c @@ -1028,6 +1028,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx) if (!ext2fs_u32_list_iterate(iter, &ino)) break; } + if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino)) + continue; pctx.dir = ino; if (first) { -- 2.16.4
