Bug#779466: marked as done (unblock: e2fsprogs/1.42.12-1.1)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 1 Mar 2015 01:50:15 +0100
with message-id <20150301005015.GA23484@dogguy.org>
and subject line Re: Bug#779466: unblock: e2fsprogs/1.42.12-1.1
has caused the Debian Bug report #779466,
regarding unblock: e2fsprogs/1.42.12-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
779466: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779466
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: e2fsprogs/1.42.12-1.1
• From: Michael Gilbert <mgilbert@debian.org>
• Date: Sat, 28 Feb 2015 19:17:47 -0500
• Message-id: <[🔎] CANTw=MNj4WJedgkvUZyz4tPQFqbQz4h3Vf27WC0X=zyFbtjwnw@mail.gmail.com>

package: release.debian.org
user: release.debian.org@packages.debian.org
usertags: unblock
severity: normal
x-debbugs-cc: debian-boot@lists.debian.org

Please consider unblocking e2fsprogs.  A security issue is fixed.

unblock e2fsprogs/1.42.12-1.1
unblock-udeb e2fsprogs/1.42.12-1.1

diff -Nru e2fsprogs-1.42.12/debian/changelog e2fsprogs-1.42.12/debian/changelog
--- e2fsprogs-1.42.12/debian/changelog	2014-08-29 12:51:13.000000000 +0000
+++ e2fsprogs-1.42.12/debian/changelog	2015-02-22 02:18:20.000000000 +0000
@@ -1,3 +1,10 @@
+e2fsprogs (1.42.12-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2015-1572: incomplete fix for CVE-2015-0247 (closes: #778948).
+
+ -- Michael Gilbert <mgilbert@debian.org>  Sun, 22 Feb 2015 01:50:57 +0000
+
 e2fsprogs (1.42.12-1) unstable; urgency=low
 
   * New upstream version
diff -Nru e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch
--- e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch	1970-01-01 00:00:00.000000000 +0000
+++ e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch	2015-02-22 02:18:20.000000000 +0000
@@ -0,0 +1,48 @@
+From 49d0fe2a14f2a23da2fe299643379b8c1d37df73
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Fri, 6 Feb 2015 12:46:39 -0500
+Subject: libext2fs: fix potential buffer overflow in closefs()
+
+The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if
+s_first_meta_bg is too big" had a typo in the fix for
+ext2fs_closefs().  In practice most of the security exposure was from
+the openfs path, since this meant if there was a carefully crafted
+file system, buffer overrun would be triggered when the file system was
+opened.
+
+However, if corrupted file system didn't trip over some corruption
+check, and then the file system was modified via tune2fs or debugfs,
+such that the superblock was marked dirty and then written out via the
+closefs() path, it's possible that the buffer overrun could be
+triggered when the file system is closed.
+
+Also clear up a signed vs unsigned warning while we're at it.
+
+Thanks to Nick Kralevich <nnk@google.com> for asking me to look at
+compiler warning in the code in question, which led me to notice the
+bug in f66e6ce4446.
+
+Addresses: CVE-2015-1572
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+--- a/lib/ext2fs/closefs.c
++++ b/lib/ext2fs/closefs.c
+@@ -287,7 +287,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
+ 	dgrp_t		j;
+ #endif
+ 	char	*group_ptr;
+-	int	old_desc_blocks;
++	blk64_t	old_desc_blocks;
+ 	struct ext2fs_numeric_progress_struct progress;
+ 
+ 	EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS);
+@@ -346,7 +346,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
+ 	group_ptr = (char *) group_shadow;
+ 	if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
+ 		old_desc_blocks = fs->super->s_first_meta_bg;
+-		if (old_desc_blocks > fs->super->s_first_meta_bg)
++		if (old_desc_blocks > fs->desc_blocks)
+ 			old_desc_blocks = fs->desc_blocks;
+ 	} else
+ 		old_desc_blocks = fs->desc_blocks;
diff -Nru e2fsprogs-1.42.12/debian/patches/series e2fsprogs-1.42.12/debian/patches/series
--- e2fsprogs-1.42.12/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ e2fsprogs-1.42.12/debian/patches/series	2015-02-22 02:18:20.000000000 +0000
@@ -0,0 +1 @@
+CVE-2015-1572.patch

--- End Message ---

--- Begin Message ---

• To: Cyril Brulebois <kibi@debian.org>, 779466-done@bugs.debian.org, Michael Gilbert <mgilbert@debian.org>
• Subject: Re: Bug#779466: unblock: e2fsprogs/1.42.12-1.1
• From: Mehdi Dogguy <mehdi@dogguy.org>
• Date: Sun, 1 Mar 2015 01:50:15 +0100
• Message-id: <20150301005015.GA23484@dogguy.org>
• In-reply-to: <[🔎] 20150301004343.GA1885@mraw.org>
• References: <[🔎] CANTw=MNj4WJedgkvUZyz4tPQFqbQz4h3Vf27WC0X=zyFbtjwnw@mail.gmail.com> <[🔎] 20150301004343.GA1885@mraw.org>

On Sun, Mar 01, 2015 at 01:43:43AM +0100, Cyril Brulebois <kibi@debian.org> wrote:
> Control: tag -1 d-i confirmed
> 
> Michael Gilbert <mgilbert@debian.org> (2015-02-28):
> > package: release.debian.org
> > user: release.debian.org@packages.debian.org
> > usertags: unblock
> > severity: normal
> > x-debbugs-cc: debian-boot@lists.debian.org
> > 
> > Please consider unblocking e2fsprogs.  A security issue is fixed.
> > 
> > unblock e2fsprogs/1.42.12-1.1
> > unblock-udeb e2fsprogs/1.42.12-1.1
> 
> No objections at first glance.
> 

Thanks for the ack. I've added an unblock hint.

Regards,

-- 
Mehdi Dogguy

--- End Message ---