Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gfs2-utils for openSUSE:Factory checked in at 2023-08-21 11:45:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gfs2-utils (Old) and /work/SRC/openSUSE:Factory/.gfs2-utils.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gfs2-utils" Mon Aug 21 11:45:58 2023 rev:7 rq:1104965 version:3.5.1 Changes: -------- --- /work/SRC/openSUSE:Factory/gfs2-utils/gfs2-utils.changes 2023-08-10 15:33:40.744080925 +0200 +++ /work/SRC/openSUSE:Factory/.gfs2-utils.new.1766/gfs2-utils.changes 2023-08-21 11:46:14.307764354 +0200 @@ -1,0 +2,17 @@ +Mon Aug 21 01:22:00 UTC 2023 - Heming Zhao <heming.z...@suse.com> + +- Update to version 3.5.1: + * Don't use char arrays as temporary buffers + * libgfs2: Separate gfs and gfs2 code in lgfs2_sb_out() + * Re-enable -Wstrict-aliasing + * gfs2_convert: Clean up strict-aliasing warnings + * libgfs2: Fix strict-aliasing warning in lgfs2_rgrp_bitbuf_alloc + * gfs2_jadd: Fix format string warnings on 32-bit + * gfs2_edit: Fix savemeta test failures in 32-bit environments + +- Back port bugfix patch after tag 3.5.1 + + 0001-fsck.gfs2-Tighten-offset-check-in-check_eattr_entrie.patch + + 0002-fsck.gfs2-Fix-max-xattr-record-length-check.patch + + 0003-fsck.gfs2-Fix-xattr-offset-checks-in-p1_check_eattr_.patch + +------------------------------------------------------------------- Old: ---- gfs2-utils-3.5.0.tar.xz New: ---- 0001-fsck.gfs2-Tighten-offset-check-in-check_eattr_entrie.patch 0002-fsck.gfs2-Fix-max-xattr-record-length-check.patch 0003-fsck.gfs2-Fix-xattr-offset-checks-in-p1_check_eattr_.patch gfs2-utils-3.5.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gfs2-utils.spec ++++++ --- /var/tmp/diff_new_pack.8B3yIg/_old 2023-08-21 11:46:15.267766193 +0200 +++ /var/tmp/diff_new_pack.8B3yIg/_new 2023-08-21 11:46:15.275766208 +0200 @@ -17,19 +17,13 @@ Name: gfs2-utils -Version: 3.5.0 +Version: 3.5.1 Release: 0 Summary: Utilities for managing the global file system (GFS2) License: GPL-2.0-or-later AND LGPL-2.0-or-later Group: System/Filesystems URL: https://pagure.io/gfs2-utils -# The source for this package was pulled from the upstream git tree. -# Use the following commands to generate the tarball: -# git clone git://git.fedorahosted.org/gfs2-utils.git -# cd gfs2-utils -# ./make-tarball.sh -# -Source: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz +Source: https://pagure.io/gfs2-utils/archive/%{version}/%{name}-%{version}.tar.gz BuildRequires: autoconf BuildRequires: automake BuildRequires: bison @@ -47,6 +41,11 @@ BuildRequires: ncurses-devel BuildRequires: zlib-devel +# Upstream patches +Patch1: 0001-fsck.gfs2-Tighten-offset-check-in-check_eattr_entrie.patch +Patch2: 0002-fsck.gfs2-Fix-max-xattr-record-length-check.patch +Patch3: 0003-fsck.gfs2-Fix-xattr-offset-checks-in-p1_check_eattr_.patch + %description The gfs2-utils package contains a number of utilities for creating, checking, modifying, and correcting any inconsistencies in GFS2 @@ -55,6 +54,10 @@ %prep %setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + %build #NOCONFIGURE=1 ./autogen.sh ++++++ 0001-fsck.gfs2-Tighten-offset-check-in-check_eattr_entrie.patch ++++++ >From caab270a739d619cfa3b8d4c57789cb6b1ef94e8 Mon Sep 17 00:00:00 2001 From: Andrew Price <anpr...@redhat.com> Date: Thu, 11 May 2023 17:04:34 +0100 Subject: [PATCH] fsck.gfs2: Tighten offset check in check_eattr_entries() The "offset >= bsize" check is insufficient as it doesn't detect invalid ea_header offsets less than one ea_header from the end of the block. This fixes an unlikely fsck.gfs2 buffer over-read that can occur. For the bug to occur: 1. The last valid xattr header must not have GFS2_EAFLAG_LAST set 2. Its ea_rec_len must result in an offset of the next xattr within 15 bytes of the end of the block A segfault can then occur if this region contains non-zero data that results in the loop continuing with another bad offset and another bad read, and so on. Signed-off-by: Andrew Price <anpr...@redhat.com> --- gfs2/fsck/metawalk.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gfs2/fsck/metawalk.c b/gfs2/fsck/metawalk.c index 66316e4d864c..819a7e670f73 100644 --- a/gfs2/fsck/metawalk.c +++ b/gfs2/fsck/metawalk.c @@ -846,6 +846,7 @@ static int check_eattr_entries(struct fsck_cx *cx, struct lgfs2_inode *ip, int i; int error = 0, err; uint32_t offset = (uint32_t)sizeof(struct gfs2_meta_header); + uint32_t offset_limit = ip->i_sbd->sd_bsize - sizeof(struct gfs2_ea_header); if (!pass->check_eattr_entry) return 0; @@ -894,7 +895,7 @@ static int check_eattr_entries(struct fsck_cx *cx, struct lgfs2_inode *ip, } offset += be32_to_cpu(ea_hdr->ea_rec_len); if (ea_hdr->ea_flags & GFS2_EAFLAG_LAST || - offset >= ip->i_sbd->sd_bsize || ea_hdr->ea_rec_len == 0){ + offset > offset_limit || ea_hdr->ea_rec_len == 0) { break; } ea_hdr_prev = ea_hdr; -- 2.35.3 ++++++ 0002-fsck.gfs2-Fix-max-xattr-record-length-check.patch ++++++ >From f50a6c8aa6175c5763fb076da0efd07f36adb698 Mon Sep 17 00:00:00 2001 From: Andrew Price <anpr...@redhat.com> Date: Thu, 11 May 2023 18:28:04 +0100 Subject: [PATCH] fsck.gfs2: Fix max xattr record length check xattr blocks have a meta header so the max size to check ea_rec_len against is one meta header less than the block size. Fixes detection of bad ea_rec_len values that result in offsets up to 24 bytes past the end of the block. Signed-off-by: Andrew Price <anpr...@redhat.com> --- gfs2/fsck/pass1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gfs2/fsck/pass1.c b/gfs2/fsck/pass1.c index 206929fcdbd5..ebd66e2c9bc5 100644 --- a/gfs2/fsck/pass1.c +++ b/gfs2/fsck/pass1.c @@ -881,7 +881,7 @@ static int p1_check_eattr_entries(struct fsck_cx *cx, struct lgfs2_inode *ip, char ea_name[256]; uint32_t offset = (uint32_t)(((unsigned long)ea_hdr) - ((unsigned long)leaf_bh->b_data)); - uint32_t max_size = sdp->sd_bsize; + uint32_t max_size = sdp->sd_bsize - sizeof(struct gfs2_meta_header); uint32_t avail_size; int max_ptrs; -- 2.35.3 ++++++ 0003-fsck.gfs2-Fix-xattr-offset-checks-in-p1_check_eattr_.patch ++++++ >From d85e19e45f1df1cc4a933c84b8e7ff25df1959d4 Mon Sep 17 00:00:00 2001 From: Andrew Price <anpr...@redhat.com> Date: Mon, 22 May 2023 11:24:26 +0100 Subject: [PATCH] fsck.gfs2: Fix xattr offset checks in p1_check_eattr_entries Valid ea_header offsets fall within the block, at the block boundary, but not in the final 15 bytes of the block as that would result in a partial ea_header. Make sure these cases are all taken into account in the ea_rec_len checks in p1_check_eattr_entries(). Also improve logging of erroneous values. Signed-off-by: Andrew Price <anpr...@redhat.com> --- gfs2/fsck/pass1.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/gfs2/fsck/pass1.c b/gfs2/fsck/pass1.c index ebd66e2c9bc5..df2d8c4e59e9 100644 --- a/gfs2/fsck/pass1.c +++ b/gfs2/fsck/pass1.c @@ -879,9 +879,10 @@ static int p1_check_eattr_entries(struct fsck_cx *cx, struct lgfs2_inode *ip, { struct lgfs2_sbd *sdp = ip->i_sbd; char ea_name[256]; + uint32_t offset_limit = sdp->sd_bsize - sizeof(struct gfs2_ea_header); uint32_t offset = (uint32_t)(((unsigned long)ea_hdr) - ((unsigned long)leaf_bh->b_data)); - uint32_t max_size = sdp->sd_bsize - sizeof(struct gfs2_meta_header); + uint32_t rec_len = be32_to_cpu(ea_hdr->ea_rec_len); uint32_t avail_size; int max_ptrs; @@ -890,12 +891,14 @@ static int p1_check_eattr_entries(struct fsck_cx *cx, struct lgfs2_inode *ip, return ask_remove_eattr_entry(cx, leaf_bh, ea_hdr, ea_hdr_prev, 1, 1); } - if (offset + be32_to_cpu(ea_hdr->ea_rec_len) > max_size){ - log_err( _("EA rec length too long\n")); + if (offset + rec_len > offset_limit && + offset + rec_len != sdp->sd_bsize) { + log_err( _("EA record length too long (%"PRIu32"+%"PRIu32")\n"), + offset, rec_len); return ask_remove_eattr_entry(cx, leaf_bh, ea_hdr, ea_hdr_prev, 1, 1); } - if (offset + be32_to_cpu(ea_hdr->ea_rec_len) == max_size && + if (offset + rec_len == sdp->sd_bsize && (ea_hdr->ea_flags & GFS2_EAFLAG_LAST) == 0){ log_err( _("last EA has no last entry flag\n")); return ask_remove_eattr_entry(cx, leaf_bh, ea_hdr, -- 2.35.3
