1 files changed, 0 insertions, 59 deletions
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch
deleted file mode 100644
index b904e46bda..0000000000
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 49d0fe2a14f2a23da2fe299643379b8c1d37df73 Mon Sep 17 00:00:00 2001
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Fri, 6 Feb 2015 12:46:39 -0500
-Subject: [PATCH] libext2fs: fix potential buffer overflow in closefs()
-Upstream-Status: Backport
-CVE: CVE-2015-1572
-The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if
-s_first_meta_bg is too big" had a typo in the fix for
-ext2fs_closefs().  In practice most of the security exposure was from
-the openfs path, since this meant if there was a carefully crafted
-file system, buffer overrun would be triggered when the file system was
-opened.
-However, if corrupted file system didn't trip over some corruption
-check, and then the file system was modified via tune2fs or debugfs,
-such that the superblock was marked dirty and then written out via the
-closefs() path, it's possible that the buffer overrun could be
-triggered when the file system is closed.
-Also clear up a signed vs unsigned warning while we're at it.
-Thanks to Nick Kralevich <nnk@google.com> for asking me to look at
-compiler warning in the code in question, which led me to notice the
-bug in f66e6ce4446.
-Addresses: CVE-2015-1572
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
- lib/ext2fs/closefs.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c
-index 1f99113..ab5b2fb 100644
--- a/lib/ext2fs/closefs.c
-+++ b/lib/ext2fs/closefs.c
-@@ -287,7 +287,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
-        dgrp_t          j;
- #endif
-        char    *group_ptr;
-       int     old_desc_blocks;
-+       blk64_t old_desc_blocks;
-        struct ext2fs_numeric_progress_struct progress;
- 
-        EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS);
-@@ -346,7 +346,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
-        group_ptr = (char *) group_shadow;
-        if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
-                old_desc_blocks = fs->super->s_first_meta_bg;
-               if (old_desc_blocks > fs->super->s_first_meta_bg)
-+               if (old_desc_blocks > fs->desc_blocks)
-                        old_desc_blocks = fs->desc_blocks;
-        } else
-                old_desc_blocks = fs->desc_blocks;
-- 
-2.1.0

diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch deleted file mode 100644 index b904e46bda..0000000000 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch +++ /dev/null
@@ -1,59 +0,0 @@
1	From 49d0fe2a14f2a23da2fe299643379b8c1d37df73 Mon Sep 17 00:00:00 2001
2	From: Theodore Ts'o <tytso@mit.edu>
3	Date: Fri, 6 Feb 2015 12:46:39 -0500
4	Subject: [PATCH] libext2fs: fix potential buffer overflow in closefs()
5
6	Upstream-Status: Backport
7	CVE: CVE-2015-1572
8
9	The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if
10	s_first_meta_bg is too big" had a typo in the fix for
11	ext2fs_closefs(). In practice most of the security exposure was from
12	the openfs path, since this meant if there was a carefully crafted
13	file system, buffer overrun would be triggered when the file system was
14	opened.
15
16	However, if corrupted file system didn't trip over some corruption
17	check, and then the file system was modified via tune2fs or debugfs,
18	such that the superblock was marked dirty and then written out via the
19	closefs() path, it's possible that the buffer overrun could be
20	triggered when the file system is closed.
21
22	Also clear up a signed vs unsigned warning while we're at it.
23
24	Thanks to Nick Kralevich <nnk@google.com> for asking me to look at
25	compiler warning in the code in question, which led me to notice the
26	bug in f66e6ce4446.
27
28	Addresses: CVE-2015-1572
29
30	Signed-off-by: Theodore Ts'o <tytso@mit.edu>
31	---
32	lib/ext2fs/closefs.c \| 4 ++--
33	1 file changed, 2 insertions(+), 2 deletions(-)
34
35	diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c
36	index 1f99113..ab5b2fb 100644
37	--- a/lib/ext2fs/closefs.c
38	+++ b/lib/ext2fs/closefs.c
39	@@ -287,7 +287,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
40	dgrp_t j;
41	#endif
42	char *group_ptr;
43	- int old_desc_blocks;
44	+ blk64_t old_desc_blocks;
45	struct ext2fs_numeric_progress_struct progress;
46
47	EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS);
48	@@ -346,7 +346,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
49	group_ptr = (char *) group_shadow;
50	if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
51	old_desc_blocks = fs->super->s_first_meta_bg;
52	- if (old_desc_blocks > fs->super->s_first_meta_bg)
53	+ if (old_desc_blocks > fs->desc_blocks)
54	old_desc_blocks = fs->desc_blocks;
55	} else
56	old_desc_blocks = fs->desc_blocks;
57	--
58	2.1.0
59