git://git.whamcloud.com - tools/e2fsprogs.git/log

Whamcloud - gitweb

git://git.whamcloud.com / tools / e2fsprogs.git / log

Theodore Ts'o [Sun, 1 Sep 2019 04:59:16 +0000 (00:59 -0400)]

libsupport: add checks to prevent buffer overrun bugs in quota code

A maliciously corrupted file systems can trigger buffer overruns in
the quota code used by e2fsck. To fix this, add sanity checks to the
quota header fields as well as to block number references in the quota
tree.

Addresses: CVE-2019-5094
Addresses: TALOS-2019-0887
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
(cherry picked from commit 8dbe7b475ec5e91ed767239f0e85880f416fc384)

Gbp-Pq: Name libsupport-add-checks-to-prevent-buffer-.patch

commit | commitdiff | tree

Theodore Ts'o [Fri, 4 Jan 2019 03:27:37 +0000 (22:27 -0500)]

Revert "e4defrag: use 64-bit counters to track # files defragged"

This reverts commit 3293ea9ecbe1d622f9cf6c41d705d82fbae6a3e3.

This wasn't really the right fix, since there can't be more than 2**32
files in a file system. The real issue is when the number of files in
a directory change during the e4defrag run.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Gbp-Pq: Name revert-e4defrag-use-64-bit-counters-to-t.patch

commit | commitdiff | tree

Theodore Y. Ts'o [Wed, 25 Sep 2019 17:37:44 +0000 (13:37 -0400)]

e2fsprogs (1.44.5-1+deb10u2) buster-security; urgency=high

* Fix CVE-2019-5094: potential buffer overrun in e2fsck (Closes: #941139)

[dgit import unpatched e2fsprogs 1.44.5-1+deb10u2]

commit | commitdiff | tree

Theodore Y. Ts'o [Wed, 25 Sep 2019 17:37:44 +0000 (13:37 -0400)]

Import e2fsprogs_1.44.5-1+deb10u2.debian.tar.xz

[dgit import tarball e2fsprogs 1.44.5-1+deb10u2 e2fsprogs_1.44.5-1+deb10u2.debian.tar.xz]

commit | commitdiff | tree

Theodore Y. Ts'o [Sun, 16 Dec 2018 03:46:49 +0000 (22:46 -0500)]

Import e2fsprogs_1.44.5.orig.tar.gz

[dgit import orig e2fsprogs_1.44.5.orig.tar.gz]

Mirror of git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git

RSS Atom