Package: e2fsprogs | Debian Sources

Package: e2fsprogs / 1.43.4-2+deb9u1

Metadata

Package	Version	Patches format
e2fsprogs	1.43.4-2+deb9u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
e2fsprogs 1.43.4 release fixup \| (download)	tmp/e2fsprogs-1.43.4/e2fsprogs.lsm \| 4 2 + 2 - 0 ! tmp/e2fsprogs-1.43.4/e2fsprogs.spec \| 2 1 + 1 - 0 ! 2 files changed, 3 insertions(+), 3 deletions(-)	e2fsprogs 1.43.4 release fixup The orig tar.gz that was uploaded to e2fsprogs 1.43.4-1 was not the final release tarball; it had an outdated version of e2fsprogs.lsm and e2fsprogs.spec. This doesn't affect generated binary packages of e2fsprogs at all, but let's correct it to make it easier generate updated packages.
enable metadata_csum by default \| (download)	misc/mke2fs.conf.in \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	enable metadata_csum by default For debian testing let's be more aggressive about testing the metadata_csum feature.
libsupport add checks to prevent buffer .patch \| (download)	lib/support/mkquota.c \| 1 1 + 0 - 0 ! lib/support/quotaio_tree.c \| 71 47 + 24 - 0 ! lib/support/quotaio_v2.c \| 28 28 + 0 - 0 ! 3 files changed, 76 insertions(+), 24 deletions(-)	libsupport: add checks to prevent buffer overrun bugs in quota code A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck. To fix this, add sanity checks to the quota header fields as well as to block number references in the quota tree. Addresses: CVE-2019-5094 Addresses: TALOS-2019-0887 Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit 8dbe7b475ec5e91ed767239f0e85880f416fc384)

Patch

File delta

Description

e2fsprogs 1.43.4 release fixup | (download)

tmp/e2fsprogs-1.43.4/e2fsprogs.lsm | 4 2 + 2 - 0 !
tmp/e2fsprogs-1.43.4/e2fsprogs.spec | 2 1 + 1 - 0 !
2 files changed, 3 insertions(+), 3 deletions(-)

 e2fsprogs 1.43.4 release fixup
 The orig tar.gz that was uploaded to e2fsprogs 1.43.4-1 was not the
 final release tarball; it had an outdated version of e2fsprogs.lsm
 and e2fsprogs.spec.  This doesn't affect generated binary packages of
 e2fsprogs at all, but let's correct it to make it easier generate
 updated packages.

enable metadata_csum by default | (download)

misc/mke2fs.conf.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 enable metadata_csum by default
 For debian testing let's be more aggressive about testing the
 metadata_csum feature.

libsupport add checks to prevent buffer .patch | (download)

lib/support/mkquota.c | 1 1 + 0 - 0 !
lib/support/quotaio_tree.c | 71 47 + 24 - 0 !
lib/support/quotaio_v2.c | 28 28 + 0 - 0 !
3 files changed, 76 insertions(+), 24 deletions(-)

 libsupport: add checks to prevent buffer overrun bugs in quota code

A maliciously corrupted file systems can trigger buffer overruns in
the quota code used by e2fsck.  To fix this, add sanity checks to the
quota header fields as well as to block number references in the quota
tree.

Addresses: CVE-2019-5094
Addresses: TALOS-2019-0887
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
(cherry picked from commit 8dbe7b475ec5e91ed767239f0e85880f416fc384)