Hello community, here is the log from the commit of package e2fsprogs.3806 for openSUSE:13.2:Update checked in at 2015-06-05 11:39:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/e2fsprogs.3806 (Old) and /work/SRC/openSUSE:13.2:Update/.e2fsprogs.3806.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "e2fsprogs.3806" Changes: -------- New Changes file: --- /dev/null 2015-05-15 19:41:08.266053825 +0200 +++ /work/SRC/openSUSE:13.2:Update/.e2fsprogs.3806.new/e2fsprogs.changes 2015-06-05 11:39:55.000000000 +0200 @@ -0,0 +1,1686 @@ +------------------------------------------------------------------- +Tue May 26 11:47:00 UTC 2015 - jack@suse.cz + +- libext2fs-fix-potential-buffer-overflow-in-closefs.patch: libext2fs: fix + potential buffer overflow in closefs() (bsc#918346 CVE-2015-1572) + +------------------------------------------------------------------- +Fri Jan 9 09:10:11 UTC 2015 - jack@suse.cz + +- e2fsck-fix-free-pointer-dereferences.patch: Fix use after free (bnc#912229) + +------------------------------------------------------------------- +Tue Sep 2 13:39:35 UTC 2014 - jack@suse.cz + +- Update to 1.42.12 + * fix e2fsck bugs when repairing bigalloc filesystems + * fix rare e2fsck bugs discovered by fs fuzzing + * resize2fs will use less memory when resizing large filesystems + ... + +------------------------------------------------------------------- +Tue Jul 15 15:52:16 UTC 2014 - jack@suse.cz + +- Remove e2fsck.conf since we don't need the changed default anymore. e2fsck + handles this type of problems automatically now and broken_system_clock has + other undesired sideeffects like skipped periodic checks (bnc#866283) + +------------------------------------------------------------------- +Tue Jul 15 15:43:06 UTC 2014 - jack@suse.cz + +- Update to 1.42.11 + * fix aborted journal replay in e2fsck with bigalloc + * make mke2fs refuse insane flex_bg sizes + * automatically fix last mount time and last write time in e2fsck + * fix mke2fs to properly create large filesystems on 32-bit systems + * mke2fs asks before wiping preexisting filesystem + * mke2fs can create filesystems with all metadata in the beginning + * fix resize2fs shrink operation in some corner cases + ... +- Remove filefrag-print-shared-extent-flag.patch: Merged upstream + +------------------------------------------------------------------- +Mon Apr 28 17:45:46 UTC 2014 - mfasheh@suse.com + +- Add filefrag-print-shared-extent-flag.patch: lets filefrag print shared + extent flag when it gets it. Helps with fate#316317 / bnc#868847. Patch + sent to upstream 4/17/2014. + +------------------------------------------------------------------- +Mon Jan 27 13:05:33 UTC 2014 - jack@suse.cz + +- Removed "-mini" spec file for now as it is causing troubles in Factory + and according to Coolo may not be needed after all. + +------------------------------------------------------------------- +Mon Jan 27 09:22:23 UTC 2014 - jack@suse.cz + +- update to 1.42.9 + * fixes in resize2fs, e2fsck, debugfs, and libext2fs to correctly handle + bigalloc filesystems + * fix rehashing of extent mapped directory in e2fsck + * fix e2fsck not to add lost+found in read-only mode + * fix buffer overruns in e2image + * fix tune2fs to properly update all backup superblocks when disabling quota + feature + * e2image support for efficient copying of filesystems + * fix complaint about uninitialized extents beyond EOF in e2fsck + * fix resize2fs to not corrupt filesystem in some corner cases + * fix e2fsck crashes when deleting invalid symlink, directory larger than 2GB + ... + +------------------------------------------------------------------- +Tue Dec 10 00:45:47 UTC 2013 - nfbrown@suse.com + +- Created "-mini" version of package which doesn't + build "info" and so doesn't depend on makeinfo, + texinfo, and all of tex. This should allow packages + in the bootstrap cycle (such as krb5-mini) to + build-depends of libraries from here. + +------------------------------------------------------------------- +Thu Jun 27 10:54:12 UTC 2013 - jack@suse.cz + +- update to 1.42.8 + * e2fsck: detect and fix invalid extents at leaf block tails + * e2fsck: allow checking ro root fs with external journal + * fix offline resizing of fs with flex_bg && !resize_inode + * fix resize2fs to not leave bitmaps beyond fs end + * fixed e2image for large (>32-bit) filesystems + * debugfs fixes +- Removed upstreamed patches: + e2p-Fix-s-handling-in-parse_num_blocks2.patch + resize-bigalloc_check-should-have-return-type-void.patch + libext2fs-Fix-return-value-in-ext2fs_test_block_bitm.patch + libext2fs-Provide-prototype-for-ext2fs_symlink.patch + +------------------------------------------------------------------- +Tue Feb 26 18:02:26 UTC 2013 - jack@suse.cz + +- Fix compilation for Fedora targets in Build Service + +------------------------------------------------------------------- +Mon Feb 25 16:01:07 UTC 2013 - jack@suse.cz + +- Fix compilation warnings by patches: + e2p-Fix-s-handling-in-parse_num_blocks2.patch + libext2fs-Fix-return-value-in-ext2fs_test_block_bitm.patch + libext2fs-Provide-prototype-for-ext2fs_symlink.patch + resize-bigalloc_check-should-have-return-type-void.patch + +------------------------------------------------------------------- +Fri Feb 22 15:46:21 UTC 2013 - jack@suse.cz + +- update to 1.42.7 + * Fix various off-line resizing bugs + * New filefrag options to improve output formatting + * mke2fs improvements for bigalloc filesystems + * Fix e2fsck to properly detect corruption of internal extent tree nodes + * Improve CPU efficiency of e2fsck + * Various debugfs improvements + ... +- refreshed e2fsprogs-1.41.1-splash_support.patch + +------------------------------------------------------------------- +Fri Feb 8 12:49:06 UTC 2013 - fcrozat@suse.com + +- Install the correct source file as /etc/e2fsck.conf. + +------------------------------------------------------------------- +Tue Sep 25 22:06:09 UTC 2012 - jack@suse.cz + +- update to 1.42.6 + * Fixed a potential seg fault in e2fsck when there is an I/O error while reading the superblock + * Various resize2fs fixes + * Various quota related fixes + * Fixed filefrag so that it correctly reports the number of extents + * Fixed filefrag so it will not crash with a segfault on files from a virtual file system such as /proc + * Fixed a problem if e2fsck where if the root file system is mounted read-only, e2fsck would not clear an error indication in the journal superblock. + * Fixed a bug in how e2fsck would uniquify directory entry names + * Manpage updates + ... +- removed e2fsprogs-1.42-voidreturn_value_declared.patch because it makes + no longer any sence due to upstream changes + +------------------------------------------------------------------- +Tue Sep 11 12:00:55 UTC 2012 - coolo@suse.com + +- add makeinfo as explicit buildrequire + +------------------------------------------------------------------- +Fri Aug 24 09:36:51 UTC 2012 - idonmez@suse.com + +- Add an /etc/e2fsck.conf file with broken_system_clock=1 to fix + first part of bnc#775268 + +------------------------------------------------------------------- +Thu Jun 14 07:47:40 UTC 2012 - coolo@suse.com + +- update to 1.42.4 + * Fix 64-bit block number bugs in e2fsck, dumpe2fs, and debugfs which + could corrupt file systems + * Fixed e2fsck's handling of how errors propagate from the journal to + the file system superblock + * Fixed a false positive complaint from e2fsck if all of the extents + in the last extent block are uninitialized and located after the + end of the file. + * dumpe2fs will display the journal's error indicator in the + superblock if it is set + * Fixed a bug which caused e2fsck to incorrectly use O_EXCLUSIVE in + some corner cases. + * Fix truncation of extent-mapped inodes in e2fsck and libext2fs + * Fixed i_blocks accounting in bigalloc file systems. + * Add support for btrfs's No_COW flag to lsattr and chattr + * Debugfs interprets the date strings of the form "@ddd" as ddd + seconds after the epoch + * Updated/fixed various man pages (Closes: #674453, #674694) + +------------------------------------------------------------------- +Wed May 23 20:49:09 UTC 2012 - jack@suse.cz + +- Updated to 1.42.3 + - Fix a bug in the Unix I/O manager which could cause corruption of file + systems with more than 16TB when e2fsprogs is compiled in 32-bit mode. + - Improve the support for integrated quota files. + - Fixed a regression introduced in 1.42.2 which would cause applications + outside of e2fsprogs which did not pass the EXT2_FLAG_64BIT to crash. + - Fix a bug which would cause mke2fs to fail creating the journal if + /etc/mtab and /proc/mounts are missing. + - Updated/fixed various man page. + - Updated translations. +------------------------------------------------------------------- +Wed May 23 11:12:42 UTC 2012 - jack@suse.cz + +- Added dependency of e2fsprogs package on particular versions of libext2fs + and libcom_err to avoid problems with missing symbols + +------------------------------------------------------------------- ++++ 1489 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.2:Update/.e2fsprogs.3806.new/e2fsprogs.changes New: ---- README.SUSE baselibs.conf e2fsck-fix-free-pointer-dereferences.patch e2fsprogs-1.41.1-splash_support.patch e2fsprogs-1.42-ext2fsh_implicit.patch e2fsprogs-1.42-implicit_fortify_decl.patch e2fsprogs-1.42.12.tar.gz e2fsprogs.changes e2fsprogs.spec libcom_err-compile_et_permissions.patch libext2fs-fix-potential-buffer-overflow-in-closefs.patch pre_checkin.sh ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ e2fsprogs.spec ++++++ # # spec file for package e2fsprogs # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define build_mini 0 Name: e2fsprogs %if 0%{?suse_version} >= 1010 # Hint for ZYPP Supplements: filesystem(ext2) filesystem(ext3) filesystem(ext4) %endif BuildRequires: autoconf BuildRequires: automake BuildRequires: libblkid-devel BuildRequires: libuuid-devel BuildRequires: pkg-config %if ! %{build_mini} %if 0%{?suse_version} > 1220 BuildRequires: makeinfo %endif # Define info macros if missing (for Fedora builds) %if 0%{!?%install_info_prereq:1} %define install_info_prereq info %define install_info sbin/install-info %define install_info_delete sbin/install-info --delete %endif Requires: %install_info_prereq %endif # bug437293 %ifarch ppc64 Obsoletes: e2fsprogs-64bit %endif %if %{build_mini} Conflicts: e2fsprogs Conflicts: e2fsprogs-devel Conflicts: libext2fs2 Conflicts: libext2fs-devel Conflicts: libcom_err2 Conflicts: libcom_err-devel %else Conflicts: e2fsprogs-mini Conflicts: e2fsprogs-mini-devel Conflicts: libext2fs2-mini Conflicts: libext2fs-mini-devel Conflicts: libcom_err2-mini Conflicts: libcom_err-mini-devel %endif # Version: 1.42.12 Release: 0 Summary: Utilities for the Second Extended File System License: GPL-2.0 Group: System/Filesystems Url: http://e2fsprogs.sourceforge.net Requires: libcom_err2 >= %{version} Requires: libext2fs2 >= %{version} Source: http://downloads.sourceforge.net/project/e2fsprogs/e2fsprogs/v%{version}/e2fsprogs-%{version}.tar.gz Source2: README.SUSE Source3: baselibs.conf # # e2fsprogs patches # Patch1: e2fsprogs-1.41.1-splash_support.patch # libcom_err patches Patch3: libcom_err-compile_et_permissions.patch Patch4: e2fsprogs-1.42-implicit_fortify_decl.patch Patch5: e2fsprogs-1.42-ext2fsh_implicit.patch Patch6: e2fsck-fix-free-pointer-dereferences.patch Patch7: libext2fs-fix-potential-buffer-overflow-in-closefs.patch # Do not suppress make commands BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Utilities needed to create and maintain ext2 and ext3 file systems under Linux. Included in this package are: chattr, lsattr, mke2fs, mklost+found, tune2fs, e2fsck, resize2fs, and badblocks. %package devel Summary: Dummy development package License: LGPL-2.0 Group: Development/Libraries/C and C++ # bug437293 %ifarch ppc64 Obsoletes: e2fsprogs-devel-64bit %endif # Requires: libblkid-devel Requires: libext2fs-devel = %version Requires: libuuid-devel %description devel Dummy development package for backwards compatibility. %if %{build_mini} %package -n libext2fs2-mini %else %package -n libext2fs2 %endif Summary: Ext2fs library License: LGPL-2.0 Group: System/Filesystems %if %{build_mini} %description -n libext2fs2-mini %else %description -n libext2fs2 %endif The basic Ext2fs shared library. %if %{build_mini} %package -n libext2fs-mini-devel %else %package -n libext2fs-devel %endif Summary: Development files for libext2fs License: LGPL-2.0 Group: Development/Libraries/C and C++ Requires: libcom_err-devel Requires: libext2fs2 = %version %if %{build_mini} %description -n libext2fs-mini-devel %else %description -n libext2fs-devel %endif Development files for libext2fs. %if %{build_mini} %package -n libcom_err2-mini %else %package -n libcom_err2 %endif Summary: E2fsprogs error reporting library License: MIT Group: System/Filesystems # bug437293 %ifarch ppc64 Obsoletes: libcom_err-64bit Obsoletes: libcom_err2-64bit %endif # Provides: libcom_err = %{version} Obsoletes: libcom_err <= 1.40 %if %{build_mini} %description -n libcom_err2-mini %else %description -n libcom_err2 %endif com_err is an error message display library. %if %{build_mini} %package -n libcom_err-mini-devel %else %package -n libcom_err-devel %endif Summary: Development files for libcom_err License: MIT Group: Development/Libraries/C and C++ # bug437293 %ifarch ppc64 Obsoletes: libcom_err-devel-64bit %endif # Requires: glibc-devel Requires: libcom_err2 = %version %if %{build_mini} %description -n libcom_err-mini-devel %else %description -n libcom_err-devel %endif Development files for the com_err error message display library. %prep %setup -q -n e2fsprogs-%{version} # e2fsprogs patches %patch1 # libcom_err patches %patch3 -p1 %patch4 %patch5 %patch6 -p1 %patch7 -p1 cp %{SOURCE2} . %build autoreconf --force --install %configure \ --disable-evms \ --with-root-prefix='' \ --enable-elf-shlibs \ --disable-libblkid \ --disable-libuuid \ --disable-uuidd \ --disable-fsck \ CFLAGS="$RPM_OPT_FLAGS" %if %{build_mini} rm -rf doc %endif make %{?_smp_mflags} V=1 #Guarantee that tranlations match the source messages make -C po update-po %install make install install-libs DESTDIR=$RPM_BUILD_ROOT ELF_INSTALL_DIR=/%{_libdir} %{find_lang} e2fsprogs rm $RPM_BUILD_ROOT%{_libdir}/e2initrd_helper rm -f $RPM_BUILD_ROOT/%{_sbindir}/mkfs.ext4dev rm -f $RPM_BUILD_ROOT/%{_sbindir}/fsck.ext4dev rm -f $RPM_BUILD_ROOT/usr/share/man/man8/mkfs.ext4dev.8* rm -f $RPM_BUILD_ROOT/usr/share/man/man8/fsck.ext4dev.8* # Need libext2fs.a for silo find "%buildroot/%_libdir" -type f -name "*.a" \ %ifarch %sparc ! -name libext2fs.a \ %endif -print -delete #UsrMerge mkdir %{buildroot}/sbin ln -s %{_sbindir}/badblocks %{buildroot}/sbin/badblocks ln -s %{_sbindir}/debugfs %{buildroot}/sbin/debugfs ln -s %{_sbindir}/dumpe2fs %{buildroot}/sbin/dumpe2fs ln -s %{_sbindir}/e2undo %{buildroot}/sbin/e2undo ln -s %{_sbindir}/e2fsck %{buildroot}/sbin/e2fsck ln -s %{_sbindir}/e2label %{buildroot}/sbin/e2label ln -s %{_sbindir}/fsck.ext2 %{buildroot}/sbin/fsck.ext2 ln -s %{_sbindir}/fsck.ext3 %{buildroot}/sbin/fsck.ext3 ln -s %{_sbindir}/fsck.ext4 %{buildroot}/sbin/fsck.ext4 ln -s %{_sbindir}/mke2fs %{buildroot}/sbin/mke2fs ln -s %{_sbindir}/mkfs.ext2 %{buildroot}/sbin/mkfs.ext2 ln -s %{_sbindir}/mkfs.ext3 %{buildroot}/sbin/mkfs.ext3 ln -s %{_sbindir}/mkfs.ext4 %{buildroot}/sbin/mkfs.ext4 ln -s %{_sbindir}/resize2fs %{buildroot}/sbin/resize2fs ln -s %{_sbindir}/tune2fs %{buildroot}/sbin/tune2fs ln -s %{_sbindir}/e2image %{buildroot}/sbin/e2image ln -s %{_sbindir}/logsave %{buildroot}/sbin/logsave mkdir %{buildroot}/%{_lib} pushd %{buildroot}/%{_libdir} LIBNAMES=$(ls *.so.*) popd for libName in $LIBNAMES; do ln -s %{_libdir}/$libName %{buildroot}/%{_lib}; done #EndUsrMerge %post /sbin/ldconfig %if ! %{build_mini} %install_info --info-dir=%{_infodir} %{_infodir}/libext2fs.info.gz %endif %postun /sbin/ldconfig %if ! %{build_mini} %install_info_delete --info-dir=%{_infodir} %{_infodir}/libext2fs.info.gz %endif %if %{build_mini} %post -n libext2fs2-mini -p /sbin/ldconfig %else %post -n libext2fs2 -p /sbin/ldconfig %endif %if %{build_mini} %postun -n libext2fs2-mini -p /sbin/ldconfig %else %postun -n libext2fs2 -p /sbin/ldconfig %endif %if %{build_mini} %post -n libcom_err2-mini -p /sbin/ldconfig %else %post -n libcom_err2 -p /sbin/ldconfig %endif %if %{build_mini} %postun -n libcom_err2-mini -p /sbin/ldconfig %else %postun -n libcom_err2 -p /sbin/ldconfig %endif %files -f e2fsprogs.lang %defattr(-, root, root) %doc RELEASE-NOTES README %config /etc/mke2fs.conf #UsrMerge /sbin/badblocks /sbin/debugfs /sbin/dumpe2fs /sbin/e2undo /sbin/e2fsck /sbin/e2label /sbin/fsck.ext2 /sbin/fsck.ext3 /sbin/fsck.ext4 /sbin/mke2fs /sbin/mkfs.ext2 /sbin/mkfs.ext3 /sbin/mkfs.ext4 /sbin/resize2fs /sbin/tune2fs /sbin/e2image /sbin/logsave #EndUsrMerge %{_sbindir}/badblocks %{_sbindir}/debugfs %{_sbindir}/dumpe2fs %{_sbindir}/e2undo %{_sbindir}/e2fsck %{_sbindir}/e2label %{_sbindir}/fsck.ext2 %{_sbindir}/fsck.ext3 %{_sbindir}/fsck.ext4 %{_sbindir}/mke2fs %{_sbindir}/mkfs.ext2 %{_sbindir}/mkfs.ext3 %{_sbindir}/mkfs.ext4 %{_sbindir}/resize2fs %{_sbindir}/tune2fs %{_sbindir}/e2image %{_sbindir}/logsave %{_bindir}/chattr %{_bindir}/lsattr %{_sbindir}/mklost+found %{_sbindir}/filefrag %{_sbindir}/e2freefrag %{_sbindir}/e4defrag %if ! %{build_mini} %{_infodir}/libext2fs.info.gz %endif %{_mandir}/man1/chattr.1.gz %{_mandir}/man1/lsattr.1.gz %{_mandir}/man5/ext?.5.gz %{_mandir}/man5/e2fsck.conf.5.gz %{_mandir}/man5/mke2fs.conf.5.gz %{_mandir}/man8/*.8.gz %files devel %defattr(-,root,root) %doc README.SUSE %if %{build_mini} %files -n libext2fs2-mini %else %files -n libext2fs2 %endif %defattr(-, root, root) #UsrMerge /%{_lib}/libext2fs.so.* /%{_lib}/libe2p.so.* #EndUsrMerge %{_libdir}/libext2fs.so.* %{_libdir}/libe2p.so.* %if %{build_mini} %files -n libext2fs-mini-devel %else %files -n libext2fs-devel %endif %defattr(-, root, root) %{_libdir}/libext2fs.so %ifarch %sparc %{_libdir}/libext2fs.a %endif %{_libdir}/libe2p.so /usr/include/ext2fs /usr/include/e2p %_libdir/pkgconfig/e2p.pc %_libdir/pkgconfig/ext2fs.pc %if %{build_mini} %files -n libcom_err2-mini %else %files -n libcom_err2 %endif %defattr(-, root, root) #UsrMerge /%{_lib}/libcom_err.so.* /%{_lib}/libss.so.* #EndUsrMerge %{_libdir}/libcom_err.so.* %{_libdir}/libss.so.* %if %{build_mini} %files -n libcom_err-mini-devel %else %files -n libcom_err-devel %endif %defattr(-, root, root) %_bindir/compile_et %_bindir/mk_cmds %{_libdir}/libcom_err.so %{_libdir}/libss.so %_libdir/pkgconfig/com_err.pc %_libdir/pkgconfig/ss.pc %_includedir/com_err.h %_includedir/et %_includedir/ss %_datadir/et %_datadir/ss %{_mandir}/man1/compile_et.1.gz %{_mandir}/man1/mk_cmds.1.gz %{_mandir}/man3/com_err.3.gz %changelog ++++++ README.SUSE ++++++ e2fsprogs-devel --------------- Since the e2fsprogs libraries has been split out into own packages, each having its own devel package libext2fs-devel libblkid-devel libuuid-devel libcom_err-devel the e2fsprogs-devel package is deprecated and is provided for temporary backwards compatibility only. ++++++ baselibs.conf ++++++ libext2fs2 libcom_err2 obsoletes "libcom_err-<targettype> <= <version>" e2fsprogs e2fsprogs-devel libext2fs-devel requires -libext2fs-<targettype> requires "libext2fs2-<targettype> = <version>" libcom_err-devel requires -libcom_err-<targettype> requires "libcom_err2-<targettype> = <version>" ++++++ e2fsck-fix-free-pointer-dereferences.patch ++++++
From ebdf895b43a1ce499e4d2556a201e2a753fc422f Mon Sep 17 00:00:00 2001 From: Theodore Ts'o
Date: Wed, 8 Oct 2014 11:18:41 -0400 Subject: [PATCH] e2fsck: fix free pointer dereferences References: bnc#912229
Commit 47fee2ef6a23a introduces some free pointer dereference bugs by
not clearing ctx->fs after calling ext2fs_close_free().
Reported-by: Matthias Andree
From 49d0fe2a14f2a23da2fe299643379b8c1d37df73 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o
Date: Fri, 6 Feb 2015 12:46:39 -0500 Subject: [PATCH] libext2fs: fix potential buffer overflow in closefs() References: bsc#918346 CVE-2015-1572
The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if
s_first_meta_bg is too big" had a typo in the fix for
ext2fs_closefs(). In practice most of the security exposure was from
the openfs path, since this meant if there was a carefully crafted
file system, buffer overrun would be triggered when the file system was
opened.
However, if corrupted file system didn't trip over some corruption
check, and then the file system was modified via tune2fs or debugfs,
such that the superblock was marked dirty and then written out via the
closefs() path, it's possible that the buffer overrun could be
triggered when the file system is closed.
Also clear up a signed vs unsigned warning while we're at it.
Thanks to Nick Kralevich