Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-CC: Andreas Bombe <a...@debian.org>
On my Debian Jessie machine, I would like to fix the two security issues in dosfstools that show up in the debsecan report: <URL: https://security-tracker.debian.org/tracker/CVE-2016-4804 > <URL: https://security-tracker.debian.org/tracker/CVE-2016-4804 >. The issues were fixed in Wheezy by the LTS team (DLA-474-1) and is also fixed in unstable. I would like to get it fixed in stable too, to get it out of my debsecan list. The attached patch is based on the patches in wheezy, and should solve the problems. Is it OK to upload the fix for stable? I plan to push the changes to a debian/jessie branch on collab-maint once I know the changes are acceptable for a stable update. -- System Information: Debian Release: 8.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=no_NO (charmap=locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory ISO-8859-1) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog index 4f1e009..db765aa 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +dosfstools (3.0.27-1+deb8u1) unstable; urgency=medium + + * Non-maintainer upload to fix security issue. + * Added d/gbp.conf to document git branch used for Jessie updates. + * [CVE-2015-8872] Invalid memory read in fsck.vfat + * [CVE-2016-4804] Heap overflow in function read_fat() + + -- Petter Reinholdtsen <p...@debian.org> Mon, 13 Jun 2016 08:17:24 +0200 + dosfstools (3.0.27-1) unstable; urgency=medium * New upstream version 3.0.27 diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..3926a07 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,3 @@ +[DEFAULT] +debian-branch = debian/jessie +pristine-tar = True diff --git a/debian/patches/CVE-2015-8872.diff b/debian/patches/CVE-2015-8872.diff new file mode 100644 index 0000000..07fb6c8 --- /dev/null +++ b/debian/patches/CVE-2015-8872.diff @@ -0,0 +1,22 @@ +https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7 + +Index: dosfstools-collab/src/fat.c +=================================================================== +--- dosfstools-collab.orig/src/fat.c 2016-06-13 08:07:44.669688617 +0200 ++++ dosfstools-collab/src/fat.c 2016-06-13 08:07:44.665688587 +0200 +@@ -197,10 +197,12 @@ + data[1] = new >> 4; + } else { + FAT_ENTRY subseqEntry; +- get_fat(&subseqEntry, fs->fat, cluster + 1, fs); ++ if (cluster != fs->clusters - 1) ++ get_fat(&subseqEntry, fs->fat, cluster + 1, fs); ++ else ++ subseqEntry.value = 0; + data[0] = new & 0xff; +- data[1] = (new >> 8) | (cluster == fs->clusters - 1 ? 0 : +- (0xff & subseqEntry.value) << 4); ++ data[1] = (new >> 8) | ((0xff & subseqEntry.value) << 4); + } + size = 2; + break; diff --git a/debian/patches/CVE-2016-4804.diff b/debian/patches/CVE-2016-4804.diff new file mode 100644 index 0000000..d28174c --- /dev/null +++ b/debian/patches/CVE-2016-4804.diff @@ -0,0 +1,64 @@ +https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52 + +Index: dosfstools-collab/src/boot.c +=================================================================== +--- dosfstools-collab.orig/src/boot.c 2016-06-13 07:59:10.337694024 +0200 ++++ dosfstools-collab/src/boot.c 2016-06-13 08:00:46.290436480 +0200 +@@ -101,8 +101,8 @@ + (unsigned long long)fs->fat_start, + (unsigned long long)fs->fat_start / lss); + printf("%10d FATs, %d bit entries\n", b->fats, fs->fat_bits); +- printf("%10d bytes per FAT (= %u sectors)\n", fs->fat_size, +- fs->fat_size / lss); ++ printf("%10lld bytes per FAT (= %llu sectors)\n", (long long)fs->fat_size, ++ (long long)fs->fat_size / lss); + if (!fs->root_cluster) { + printf("Root directory starts at byte %llu (sector %llu)\n", + (unsigned long long)fs->root_start, +@@ -326,7 +326,7 @@ + struct boot_sector b; + unsigned total_sectors; + unsigned short logical_sector_size, sectors; +- unsigned fat_length; ++ off_t fat_length; + loff_t data_size; + + fs_read(0, sizeof(b), &b); +@@ -354,8 +354,12 @@ + /* Can't access last odd sector anyway, so round down */ + fs_test((loff_t) ((total_sectors & ~1) - 1) * (loff_t) logical_sector_size, + logical_sector_size); ++ + fat_length = le16toh(b.fat_length) ? + le16toh(b.fat_length) : le32toh(b.fat32_length); ++ if (!fat_length) ++ die("FAT size is zero."); ++ + fs->fat_start = (loff_t) le16toh(b.reserved) * logical_sector_size; + fs->root_start = ((loff_t) le16toh(b.reserved) + b.fats * fat_length) * + logical_sector_size; +@@ -363,7 +367,11 @@ + fs->data_start = fs->root_start + ROUND_TO_MULTIPLE(fs->root_entries << + MSDOS_DIR_BITS, + logical_sector_size); ++ + data_size = (loff_t) total_sectors *logical_sector_size - fs->data_start; ++ if (data_size < fs->cluster_size) ++ die("Filesystem has no space for any data clusters"); ++ + fs->clusters = data_size / fs->cluster_size; + fs->root_cluster = 0; /* indicates standard, pre-FAT32 root dir */ + fs->fsinfo_start = 0; /* no FSINFO structure */ +diff --git a/src/fsck.fat.h b/src/fsck.fat.h +index e5ade5b..639b569 100644 +--- a/src/fsck.fat.h ++++ b/src/fsck.fat.h +@@ -158,7 +158,7 @@ typedef struct { + typedef struct { + int nfats; + loff_t fat_start; +- unsigned int fat_size; /* unit is bytes */ ++ off_t fat_size; /* unit is bytes */ + unsigned int fat_bits; /* size of a FAT entry */ + unsigned int eff_fat_bits; /* # of used bits in a FAT entry */ + uint32_t root_cluster; /* 0 for old-style root dir */ diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..014ae4e --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,2 @@ +CVE-2016-4804.diff +CVE-2015-8872.diff