Package: e2fsprogs / 1.43.4-2+deb9u1

Metadata

Package Version Patches format
e2fsprogs 1.43.4-2+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
e2fsprogs 1.43.4 release fixup | (download)

tmp/e2fsprogs-1.43.4/e2fsprogs.lsm | 4 2 + 2 - 0 !
tmp/e2fsprogs-1.43.4/e2fsprogs.spec | 2 1 + 1 - 0 !
2 files changed, 3 insertions(+), 3 deletions(-)

 e2fsprogs 1.43.4 release fixup
 The orig tar.gz that was uploaded to e2fsprogs 1.43.4-1 was not the
 final release tarball; it had an outdated version of e2fsprogs.lsm
 and e2fsprogs.spec.  This doesn't affect generated binary packages of
 e2fsprogs at all, but let's correct it to make it easier generate
 updated packages.
enable metadata_csum by default | (download)

misc/mke2fs.conf.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 enable metadata_csum by default
 For debian testing let's be more aggressive about testing the
 metadata_csum feature.
libsupport add checks to prevent buffer .patch | (download)

lib/support/mkquota.c | 1 1 + 0 - 0 !
lib/support/quotaio_tree.c | 71 47 + 24 - 0 !
lib/support/quotaio_v2.c | 28 28 + 0 - 0 !
3 files changed, 76 insertions(+), 24 deletions(-)

 libsupport: add checks to prevent buffer overrun bugs in quota code

A maliciously corrupted file systems can trigger buffer overruns in
the quota code used by e2fsck.  To fix this, add sanity checks to the
quota header fields as well as to block number references in the quota
tree.

Addresses: CVE-2019-5094
Addresses: TALOS-2019-0887
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
(cherry picked from commit 8dbe7b475ec5e91ed767239f0e85880f416fc384)