From owner-svn-ports-all@FreeBSD.ORG Tue Feb 24 00:17:53 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1964B8A7; Tue, 24 Feb 2015 00:17:53 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0284F808; Tue, 24 Feb 2015 00:17:53 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t1O0HqVs036000; Tue, 24 Feb 2015 00:17:52 GMT (envelope-from mandree@FreeBSD.org) Received: (from mandree@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t1O0Hoiw035989; Tue, 24 Feb 2015 00:17:50 GMT (envelope-from mandree@FreeBSD.org) Message-Id: <201502240017.t1O0Hoiw035989@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: mandree set sender to mandree@FreeBSD.org using -f From: Matthias Andree Date: Tue, 24 Feb 2015 00:17:50 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r379717 - in head/sysutils/e2fsprogs: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2015 00:17:53 -0000 Author: mandree Date: Tue Feb 24 00:17:50 2015 New Revision: 379717 URL: https://svnweb.freebsd.org/changeset/ports/379717 QAT: https://qat.redports.org/buildarchive/r379717/ Log: Cherry-pick a security fix and a few other fixes from the upstream Git repository. Note that CVE-2015-0247 had already been fixed in 1.42.12 proper. Security: 2a4bcd7d-bbb8-11e4-903c-080027ef73ec Security: CVE-2015-1572 Added: head/sysutils/e2fsprogs/files/patch-zzz-160f131deed7d3db2aa958051eef7ae8fafa8539 (contents, props changed) head/sysutils/e2fsprogs/files/patch-zzz-407916f5af4443e0ddd9469c57fc1684c07f9294 (contents, props changed) head/sysutils/e2fsprogs/files/patch-zzz-63b4cbb8bc8602d5dfe80413005142a7b59c25ef (contents, props changed) head/sysutils/e2fsprogs/files/patch-zzz-CVE-2015-1572-49d0fe2a14f2a23da2fe299643379b8c1d37df73 (contents, props changed) head/sysutils/e2fsprogs/files/patch-zzz-beec19ff21d41c84dbbc2ab8d0df25147912ff59 (contents, props changed) head/sysutils/e2fsprogs/files/patch-zzz-dab7435917698bb490cce61fc8be1be0a862cf66 (contents, props changed) head/sysutils/e2fsprogs/files/patch-zzz-e9a5c6e3607d17641543aa5e801af22563fb1410 (contents, props changed) Modified: head/sysutils/e2fsprogs/Makefile Modified: head/sysutils/e2fsprogs/Makefile ============================================================================== --- head/sysutils/e2fsprogs/Makefile Mon Feb 23 23:20:56 2015 (r379716) +++ head/sysutils/e2fsprogs/Makefile Tue Feb 24 00:17:50 2015 (r379717) @@ -3,7 +3,7 @@ PORTNAME= e2fsprogs PORTVERSION= 1.42.12 -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES?= sysutils MASTER_SITES= KERNEL_ORG/linux/kernel/people/tytso/${PORTNAME}/v${PORTVERSION} Added: head/sysutils/e2fsprogs/files/patch-zzz-160f131deed7d3db2aa958051eef7ae8fafa8539 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/e2fsprogs/files/patch-zzz-160f131deed7d3db2aa958051eef7ae8fafa8539 Tue Feb 24 00:17:50 2015 (r379717) @@ -0,0 +1,48 @@ +From 160f131deed7d3db2aa958051eef7ae8fafa8539 Mon Sep 17 00:00:00 2001 +From: Eric Sandeen +Date: Thu, 23 Oct 2014 16:27:32 -0500 +Subject: libext2fs: fix endian handling of ext3_extent_header + +This turned up when trying to resize a filesystem containing +a file with many extents on PPC64. + +Fix all locations where ext3_extent_header members aren't +handled in an endian-safe manner. + +Signed-off-by: Eric Sandeen +Signed-off-by: Theodore Ts'o +Reviewed-by: Darrick J. Wong + +diff --git a/lib/ext2fs/ext3_extents.h b/lib/ext2fs/ext3_extents.h +index 88fabc9..fcf4d86 100644 +--- ./lib/ext2fs/ext3_extents.h ++++ ./lib/ext2fs/ext3_extents.h +@@ -95,15 +95,20 @@ struct ext3_ext_path { + ((struct ext3_extent_idx *) (((char *) (__hdr__)) + \ + sizeof(struct ext3_extent_header))) + #define EXT_HAS_FREE_INDEX(__path__) \ +- ((__path__)->p_hdr->eh_entries < (__path__)->p_hdr->eh_max) ++ (ext2fs_le16_to_cpu((__path__)->p_hdr->eh_entries) < \ ++ ext2fs_le16_to_cpu((__path__)->p_hdr->eh_max)) + #define EXT_LAST_EXTENT(__hdr__) \ +- (EXT_FIRST_EXTENT((__hdr__)) + (__hdr__)->eh_entries - 1) ++ (EXT_FIRST_EXTENT((__hdr__)) + \ ++ ext2fs_le16_to_cpu((__hdr__)->eh_entries) - 1) + #define EXT_LAST_INDEX(__hdr__) \ +- (EXT_FIRST_INDEX((__hdr__)) + (__hdr__)->eh_entries - 1) ++ (EXT_FIRST_INDEX((__hdr__)) + \ ++ ext2fs_le16_to_cpu((__hdr__)->eh_entries) - 1) + #define EXT_MAX_EXTENT(__hdr__) \ +- (EXT_FIRST_EXTENT((__hdr__)) + (__hdr__)->eh_max - 1) ++ (EXT_FIRST_EXTENT((__hdr__)) + \ ++ ext2fs_le16_to_cpu((__hdr__)->eh_max) - 1) + #define EXT_MAX_INDEX(__hdr__) \ +- (EXT_FIRST_INDEX((__hdr__)) + (__hdr__)->eh_max - 1) ++ (EXT_FIRST_INDEX((__hdr__)) + \ ++ ext2fs_le16_to_cpu((__hdr__)->eh_max) - 1) + + #endif /* _LINUX_EXT3_EXTENTS */ + +-- +cgit v0.10.2 + Added: head/sysutils/e2fsprogs/files/patch-zzz-407916f5af4443e0ddd9469c57fc1684c07f9294 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/e2fsprogs/files/patch-zzz-407916f5af4443e0ddd9469c57fc1684c07f9294 Tue Feb 24 00:17:50 2015 (r379717) @@ -0,0 +1,32 @@ +From 407916f5af4443e0ddd9469c57fc1684c07f9294 Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Fri, 7 Nov 2014 21:27:53 -0500 +Subject: libext2fs: fix endian handling error; reduce fragmentation some + +If we're going to read the "nr - 1" entry in an indirect block for use +as a "goal" input to the block allocator, we need to byteswap the +entry. While we're at it, if we're allocating blocks for the zeroth +entry in the indirect block, we might as well use the indirect block +as the starting point to try to reduce fragmentation. + +(d_fallocate_blkmap will test this...) + +Signed-off-by: Darrick J. Wong +Signed-off-by: Theodore Ts'o + +diff --git a/lib/ext2fs/bmap.c b/lib/ext2fs/bmap.c +index db2fd72..a8bb00d 100644 +--- ./lib/ext2fs/bmap.c ++++ ./lib/ext2fs/bmap.c +@@ -67,7 +67,7 @@ static _BMAP_INLINE_ errcode_t block_ind_bmap(ext2_filsys fs, int flags, + #endif + + if (!b && (flags & BMAP_ALLOC)) { +- b = nr ? ((blk_t *) block_buf)[nr-1] : 0; ++ b = nr ? ext2fs_le32_to_cpu(((blk_t *)block_buf)[nr - 1]) : ind; + retval = ext2fs_alloc_block(fs, b, + block_buf + fs->blocksize, &b); + if (retval) +-- +cgit v0.10.2 + Added: head/sysutils/e2fsprogs/files/patch-zzz-63b4cbb8bc8602d5dfe80413005142a7b59c25ef ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/e2fsprogs/files/patch-zzz-63b4cbb8bc8602d5dfe80413005142a7b59c25ef Tue Feb 24 00:17:50 2015 (r379717) @@ -0,0 +1,128 @@ +From 63b4cbb8bc8602d5dfe80413005142a7b59c25ef Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Tue, 2 Dec 2014 22:00:04 -0500 +Subject: misc: fix infinite loop when finding the start of the hugefile start + range + +When looking for the start of the hugefile range, the 'next' variable +is incorrectly decremented. If we happened to find a single free +block, the effect of this decrement is that blk == next, which means +that we never modify the loop control variable, so get_start_block +never returns. + +Signed-off-by: Darrick J. Wong +Signed-off-by: Theodore Ts'o + +diff --git a/misc/mk_hugefiles.c b/misc/mk_hugefiles.c +index 8291f01..5f56a79 100644 +--- ./misc/mk_hugefiles.c ++++ ./misc/mk_hugefiles.c +@@ -437,7 +437,6 @@ static blk64_t get_start_block(ext2_filsys fs, blk64_t slack) + blk, last_blk, &next); + if (retval) + next = last_blk; +- next--; + + if (next - blk > slack) { + blk += slack; +diff --git a/tests/m_hugefile_slack/expect b/tests/m_hugefile_slack/expect +new file mode 100644 +index 0000000..96a628a +--- /dev/null ++++ ./tests/m_hugefile_slack/expect +@@ -0,0 +1,18 @@ ++tune2fs test ++Creating filesystem with 786432 1k blocks and 98304 inodes ++Superblock backups stored on blocks: ++ 8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409, 663553 ++ ++Allocating group tables: done ++Writing inode tables: done ++Creating journal (16384 blocks): done ++Creating 6368 huge file(s) with 117 blocks each: done ++Writing superblocks and filesystem accounting information: done ++ ++Pass 1: Checking inodes, blocks, and sizes ++Pass 2: Checking directory structure ++Pass 3: Checking directory connectivity ++Pass 4: Checking reference counts ++Pass 5: Checking group summary information ++ ++Exit status is 0 +diff --git a/tests/m_hugefile_slack/name b/tests/m_hugefile_slack/name +new file mode 100644 +index 0000000..8d51fd6 +--- /dev/null ++++ ./tests/m_hugefile_slack/name +@@ -0,0 +1 @@ ++mke2fs creating a hugefile fs with a lot of slack +diff --git a/tests/m_hugefile_slack/script b/tests/m_hugefile_slack/script +new file mode 100644 +index 0000000..eecb2d7 +--- /dev/null ++++ ./tests/m_hugefile_slack/script +@@ -0,0 +1,61 @@ ++if test -x $RESIZE2FS_EXE -a -x $DEBUGFS_EXE; then ++ ++FSCK_OPT=-fn ++OUT=$test_name.log ++EXP=$test_dir/expect ++CONF=$TMPFILE.conf ++ ++#gzip -d < $EXP.gz > $EXP ++ ++cat > $CONF << ENDL ++[fs_types] ++ ext4h = { ++ features = has_journal,extent,huge_file,uninit_bg,dir_nlink,extra_isize,sparse_super,filetype,dir_index,ext_attr,^resize_inode,^meta_bg,^flex_bg,64bit ++ blocksize = 1024 ++ inode_size = 256 ++ make_hugefiles = true ++ hugefiles_dir = / ++ hugefiles_slack = 12000K ++ hugefiles_name = aaaaa ++ hugefiles_digits = 4 ++ hugefiles_size = 117K ++ zero_hugefiles = false ++ } ++ENDL ++ ++echo "tune2fs test" > $OUT ++ ++MKE2FS_CONFIG=$CONF $MKE2FS -F -T ext4h -I 128 $TMPFILE 786432 >> $OUT 2>&1 ++rm -rf $CONF ++ ++# dump and check. if we get this far, we succeeded... ++$FSCK $FSCK_OPT -N test_filesys $TMPFILE >> $OUT 2>&1 ++status=$? ++echo Exit status is $status >> $OUT ++ ++rm $TMPFILE ++ ++# ++# Do the verification ++# ++ ++sed -f $cmd_dir/filter.sed -e "s;$TMPFILE;test.img;" -e 's/test_filesys:.*//g' < $OUT > $OUT.new ++mv $OUT.new $OUT ++ ++cmp -s $OUT $EXP ++status=$? ++ ++if [ "$status" = 0 ] ; then ++ echo "$test_name: $test_description: ok" ++ touch $test_name.ok ++else ++ echo "$test_name: $test_description: failed" ++ diff $DIFF_OPTS $EXP $OUT > $test_name.failed ++fi ++ ++unset IMAGE FSCK_OPT OUT EXP CONF ++ ++else #if test -x $RESIZE2FS_EXE -a -x $DEBUGFS_EXE; then ++ echo "$test_name: $test_description: skipped" ++fi ++ +-- +cgit v0.10.2 + Added: head/sysutils/e2fsprogs/files/patch-zzz-CVE-2015-1572-49d0fe2a14f2a23da2fe299643379b8c1d37df73 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/e2fsprogs/files/patch-zzz-CVE-2015-1572-49d0fe2a14f2a23da2fe299643379b8c1d37df73 Tue Feb 24 00:17:50 2015 (r379717) @@ -0,0 +1,53 @@ +From 49d0fe2a14f2a23da2fe299643379b8c1d37df73 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Fri, 6 Feb 2015 12:46:39 -0500 +Subject: libext2fs: fix potential buffer overflow in closefs() + +The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if +s_first_meta_bg is too big" had a typo in the fix for +ext2fs_closefs(). In practice most of the security exposure was from +the openfs path, since this meant if there was a carefully crafted +file system, buffer overrun would be triggered when the file system was +opened. + +However, if corrupted file system didn't trip over some corruption +check, and then the file system was modified via tune2fs or debugfs, +such that the superblock was marked dirty and then written out via the +closefs() path, it's possible that the buffer overrun could be +triggered when the file system is closed. + +Also clear up a signed vs unsigned warning while we're at it. + +Thanks to Nick Kralevich for asking me to look at +compiler warning in the code in question, which led me to notice the +bug in f66e6ce4446. + +Addresses: CVE-2015-1572 + +Signed-off-by: Theodore Ts'o + +diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c +index 1f99113..ab5b2fb 100644 +--- ./lib/ext2fs/closefs.c ++++ ./lib/ext2fs/closefs.c +@@ -287,7 +287,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags) + dgrp_t j; + #endif + char *group_ptr; +- int old_desc_blocks; ++ blk64_t old_desc_blocks; + struct ext2fs_numeric_progress_struct progress; + + EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS); +@@ -346,7 +346,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags) + group_ptr = (char *) group_shadow; + if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) { + old_desc_blocks = fs->super->s_first_meta_bg; +- if (old_desc_blocks > fs->super->s_first_meta_bg) ++ if (old_desc_blocks > fs->desc_blocks) + old_desc_blocks = fs->desc_blocks; + } else + old_desc_blocks = fs->desc_blocks; +-- +cgit v0.10.2 + Added: head/sysutils/e2fsprogs/files/patch-zzz-beec19ff21d41c84dbbc2ab8d0df25147912ff59 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/e2fsprogs/files/patch-zzz-beec19ff21d41c84dbbc2ab8d0df25147912ff59 Tue Feb 24 00:17:50 2015 (r379717) @@ -0,0 +1,48 @@ +From beec19ff21d41c84dbbc2ab8d0df25147912ff59 Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Wed, 5 Nov 2014 11:14:26 -0500 +Subject: e2fsck: fix dangling pointer when dir_info array is resized + +e2fsck uses an array to store directory usage information during pass +3; the usage context also contains a pointer to the last directory +looked up. When expanding the dir_info array, this cache pointer +needs to be cleared if the array resize changed the pointer location, +or else we'll later walk off the end of this dead pointer. + +Signed-off-by: Darrick J. Wong +Reported-by: Sami Liedes +Signed-off-by: Theodore Ts'o + +diff --git a/e2fsck/dirinfo.c b/e2fsck/dirinfo.c +index 4a9019b..dab5a13 100644 +--- ./e2fsck/dirinfo.c ++++ ./e2fsck/dirinfo.c +@@ -121,7 +121,7 @@ static void setup_db(e2fsck_t ctx) + void e2fsck_add_dir_info(e2fsck_t ctx, ext2_ino_t ino, ext2_ino_t parent) + { + struct dir_info_db *db; +- struct dir_info *dir, ent; ++ struct dir_info *dir, ent, *old_array; + int i, j; + errcode_t retval; + unsigned long old_size; +@@ -136,6 +136,7 @@ void e2fsck_add_dir_info(e2fsck_t ctx, ext2_ino_t ino, ext2_ino_t parent) + if (ctx->dir_info->count >= ctx->dir_info->size) { + old_size = ctx->dir_info->size * sizeof(struct dir_info); + ctx->dir_info->size += 10; ++ old_array = ctx->dir_info->array; + retval = ext2fs_resize_mem(old_size, ctx->dir_info->size * + sizeof(struct dir_info), + &ctx->dir_info->array); +@@ -147,6 +148,8 @@ void e2fsck_add_dir_info(e2fsck_t ctx, ext2_ino_t ino, ext2_ino_t parent) + ctx->dir_info->size -= 10; + return; + } ++ if (old_array != ctx->dir_info->array) ++ ctx->dir_info->last_lookup = NULL; + } + + ent.ino = ino; +-- +cgit v0.10.2 + Added: head/sysutils/e2fsprogs/files/patch-zzz-dab7435917698bb490cce61fc8be1be0a862cf66 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/e2fsprogs/files/patch-zzz-dab7435917698bb490cce61fc8be1be0a862cf66 Tue Feb 24 00:17:50 2015 (r379717) @@ -0,0 +1,31 @@ +From dab7435917698bb490cce61fc8be1be0a862cf66 Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Sat, 25 Oct 2014 13:56:42 -0700 +Subject: libext2fs: directory iteration mustn't walk off the buffer end + +When we're iterating a directory, the loop control code reads the +length of the next directory record, failing to account for the fact +that there must be at least 8 bytes (the minimum size of a directory +entry) left in the buffer to read the next directory record. Fix the +loop conditional so that we don't read off the end of the buffer. + +Signed-off-by: Darrick J. Wong +Reported-by: Sami Liedes +Signed-off-by: Theodore Ts'o + +diff --git a/lib/ext2fs/dir_iterate.c b/lib/ext2fs/dir_iterate.c +index 589af69..0744ee8 100644 +--- ./lib/ext2fs/dir_iterate.c ++++ ./lib/ext2fs/dir_iterate.c +@@ -202,7 +202,7 @@ int ext2fs_process_dir_block(ext2_filsys fs, + if (ctx->errcode) + return BLOCK_ABORT; + +- while (offset < fs->blocksize) { ++ while (offset < fs->blocksize - 8) { + dirent = (struct ext2_dir_entry *) (ctx->buf + offset); + if (ext2fs_get_rec_len(fs, dirent, &rec_len)) + return BLOCK_ABORT; +-- +cgit v0.10.2 + Added: head/sysutils/e2fsprogs/files/patch-zzz-e9a5c6e3607d17641543aa5e801af22563fb1410 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/e2fsprogs/files/patch-zzz-e9a5c6e3607d17641543aa5e801af22563fb1410 Tue Feb 24 00:17:50 2015 (r379717) @@ -0,0 +1,45 @@ +From e9a5c6e3607d17641543aa5e801af22563fb1410 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Thu, 11 Sep 2014 12:24:07 -0400 +Subject: e2fsck: notice when the realloc of dir_info fails + +If the reallocation of dir_info fails, we will eventually cause e2fsck +to fail with an internal error. So if the realloc fails, print a +message and bail out with a fatal error early when at the time of the +reallocation failure. + +Signed-off-by: Theodore Ts'o + +diff --git a/e2fsck/dirinfo.c b/e2fsck/dirinfo.c +index dbaf471..4a9019b 100644 +--- ./e2fsck/dirinfo.c ++++ ./e2fsck/dirinfo.c +@@ -140,6 +140,10 @@ void e2fsck_add_dir_info(e2fsck_t ctx, ext2_ino_t ino, ext2_ino_t parent) + sizeof(struct dir_info), + &ctx->dir_info->array); + if (retval) { ++ fprintf(stderr, "Couldn't reallocate dir_info " ++ "structure to %d entries\n", ++ ctx->dir_info->size); ++ fatal_error(ctx, 0); + ctx->dir_info->size -= 10; + return; + } +diff --git a/e2fsck/dx_dirinfo.c b/e2fsck/dx_dirinfo.c +index 7838a40..be53fff 100644 +--- ./e2fsck/dx_dirinfo.c ++++ ./e2fsck/dx_dirinfo.c +@@ -40,6 +40,10 @@ void e2fsck_add_dx_dir(e2fsck_t ctx, ext2_ino_t ino, int num_blocks) + sizeof(struct dx_dir_info), + &ctx->dx_dir_info); + if (retval) { ++ fprintf(stderr, "Couldn't reallocate dx_dir_info " ++ "structure to %d entries\n", ++ ctx->dx_dir_info_size); ++ fatal_error(ctx, 0); + ctx->dx_dir_info_size -= 10; + return; + } +-- +cgit v0.10.2 +