[OE-core] [PATCH] e2fsprogs: update to 1.45.5
Robert Yang
liezhi.yang at windriver.com
Tue Mar 10 10:31:56 UTC 2020
Hi Armin,
On 2/24/20 11:19 PM, akuster808 wrote:
>
>
> On 2/24/20 3:13 AM, Robert Yang wrote:
>>
>> On 2/24/20 6:23 PM, Richard Purdie wrote:
>>> On Sun, 2020-02-23 at 19:12 -0800, Armin Kuster wrote:
>>>> Dropping patch 0001-misc-create_inode.c-set-dir-s-mode-
>>>> correctly.patch as upstream has not been accepted for over 2 years
>>>> and we should not carry it if upstream has not taking it after all
>>>> that time.
>>>
>>> Looking at the patch, this worries me a lot. Why have upstream not
>>> taken it? Did they say it was incorrect?
>>
>> I can't find any records about it, maybe I didn't send it because of
>> some reason.
>>
>> We still need it. I refreshed the patch and sent to upstream.
>>
>> @Armin, The refreshed patch is in the attachment.
>
> Will do. thanks for the feedback.
Seems that e2fsprogs didn't update to 1.45.5. After I sent the patch to
upstream, they fixed the issue in another way:
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=f106b01c98d7abc12af39aad4024f17ffa14dc06
If you upgrade it to 1.45.5, you can use the upstream patch
to replace the current one, but if you don't upgrade it,
I'm leaning to keep the current patch since some context are different.
// Robert
>
> - armin
>>
>> // Robert
>>
>>>
>>> We wrote the original code to handle offline root here so its entirely
>>> possible this is a value issue and we'll break filesystems if we don't
>>> have that patch :(
>>>
>>> I can't take a change like this without more info, CVE or not.
>>
>>>
>>> Cheers,
>>>
>>> Richard
>>>
>>>
>>>> Includes: CVE-2019-5188
>>>>
>>>> see http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5
>>>> for more information.
>>>>
>>>> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
>>>> ---
>>>> ...ate_inode.c-set-dir-s-mode-correctly.patch | 41 ---------------
>>>> ----
>>>> ...2fsprogs_1.45.4.bb => e2fsprogs_1.45.5.bb} | 3 +-
>>>> 2 files changed, 1 insertion(+), 43 deletions(-)
>>>> delete mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-
>>>> misc-create_inode.c-set-dir-s-mode-correctly.patch
>>>> rename meta/recipes-devtools/e2fsprogs/{e2fsprogs_1.45.4.bb =>
>>>> e2fsprogs_1.45.5.bb} (97%)
>>>>
>>>> diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-
>>>> create_inode.c-set-dir-s-mode-correctly.patch b/meta/recipes-
>>>> devtools/e2fsprogs/e2fsprogs/0001-misc-create_inode.c-set-dir-s-mode-
>>>> correctly.patch
>>>> deleted file mode 100644
>>>> index fc4a5409860..00000000000
>>>> --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-
>>>> create_inode.c-set-dir-s-mode-correctly.patch
>>>> +++ /dev/null
>>>> @@ -1,41 +0,0 @@
>>>> -From f6d188580c2c9599319076fee22f2424652c711c Mon Sep 17 00:00:00
>>>> 2001
>>>> -From: Robert Yang <liezhi.yang at windriver.com>
>>>> -Date: Wed, 13 Sep 2017 19:55:35 -0700
>>>> -Subject: [PATCH] misc/create_inode.c: set dir's mode correctly
>>>> -
>>>> -The dir's mode has been set by ext2fs_mkdir() with umask, so
>>>> -reset it to the source's mode in set_inode_extra().
>>>> -
>>>> -Fixed when source dir's mode is 521, but tarball would be 721, this
>>>> was
>>>> -incorrect.
>>>> -
>>>> -Upstream-Status: Submitted
>>>> -
>>>> -Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
>>>> ----
>>>> - misc/create_inode.c | 9 ++++++++-
>>>> - 1 file changed, 8 insertions(+), 1 deletion(-)
>>>> -
>>>> -diff --git a/misc/create_inode.c b/misc/create_inode.c
>>>> -index 8ce3faf..50fbaa8 100644
>>>> ---- a/misc/create_inode.c
>>>> -+++ b/misc/create_inode.c
>>>> -@@ -116,7 +116,14 @@ static errcode_t set_inode_extra(ext2_filsys
>>>> fs, ext2_ino_t ino,
>>>> -
>>>> - inode.i_uid = st->st_uid;
>>>> - inode.i_gid = st->st_gid;
>>>> -- inode.i_mode |= st->st_mode;
>>>> -+ /*
>>>> -+ * The dir's mode has been set by ext2fs_mkdir() with umask, so
>>>> -+ * reset it to the source's mode
>>>> -+ */
>>>> -+ if S_ISDIR(st->st_mode)
>>>> -+ inode.i_mode = LINUX_S_IFDIR | st->st_mode;
>>>> -+ else
>>>> -+ inode.i_mode |= st->st_mode;
>>>> - inode.i_atime = st->st_atime;
>>>> - inode.i_mtime = st->st_mtime;
>>>> - inode.i_ctime = st->st_ctime;
>>>> ---
>>>> -2.10.2
>>>> -
>>>> diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb
>>>> b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.5.bb
>>>> similarity index 97%
>>>> rename from meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb
>>>> rename to meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.5.bb
>>>> index 6e69eea21c3..7cd42b8137a 100644
>>>> --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb
>>>> +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.5.bb
>>>> @@ -4,7 +4,6 @@ SRC_URI += "file://remove.ldconfig.call.patch \
>>>> file://run-ptest \
>>>> file://ptest.patch \
>>>> file://mkdir_p.patch \
>>>> - file://0001-misc-create_inode.c-set-dir-s-mode-
>>>> correctly.patch \
>>>> file://0001-configure.ac-correct-AM_GNU_GETTEXT.patch \
>>>> file://0001-intl-do-not-try-to-use-gettext-defines-that-
>>>> no-longe.patch \
>>>> "
>>>> @@ -13,7 +12,7 @@ SRC_URI_append_class-native = "
>>>> file://e2fsprogs-fix-missing-check-for-permissio
>>>> file://quiet-debugfs.patch \
>>>> "
>>>> -SRCREV = "984ff8d6a0a1d5dc300505f67b38ed5047d51dac"
>>>> +SRCREV = "c2b1ec5fbc99ab8a2b71dae45d486b3ea004f618"
>>>> UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+\.\d+(\.\d+)*)$"
>>>> EXTRA_OECONF += "--libdir=${base_libdir}
>>>> --sbindir=${base_sbindir} \
>>>> --
>>>> 2.17.1
>>>>
>>>
>>>
>
>
More information about the Openembedded-core
mailing list