From patchwork Wed Feb  5 16:56:23 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Titouan Christophe <titouan.christophe@railnova.eu>
X-Patchwork-Id: 1233914
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=busybox.net (client-ip=140.211.166.138;
	helo=whitealder.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=railnova.eu
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=railnova-eu.20150623.gappssmtp.com
	header.i=@railnova-eu.20150623.gappssmtp.com
	header.a=rsa-sha256 header.s=20150623 header.b=MEBIXHgj;
	dkim-atps=neutral
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 48CSQC3nwBz9sS9
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Thu,  6 Feb 2020 03:56:35 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id E27438167F;
	Wed,  5 Feb 2020 16:56:33 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id naOoz-vMzt0q; Wed,  5 Feb 2020 16:56:33 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by whitealder.osuosl.org (Postfix) with ESMTP id 1EBE7853E3;
	Wed,  5 Feb 2020 16:56:33 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id 52D431BF302
	for <buildroot@lists.busybox.net>;
	Wed,  5 Feb 2020 16:56:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 4F6F08167F
	for <buildroot@lists.busybox.net>;
	Wed,  5 Feb 2020 16:56:32 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id fg2GjtE2szwf for <buildroot@lists.busybox.net>;
	Wed,  5 Feb 2020 16:56:31 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com
	[209.85.221.66])
	by whitealder.osuosl.org (Postfix) with ESMTPS id 0BD5A853E3
	for <buildroot@buildroot.org>; Wed,  5 Feb 2020 16:56:31 +0000 (UTC)
Received: by mail-wr1-f66.google.com with SMTP id t3so3603701wru.7
	for <buildroot@buildroot.org>; Wed, 05 Feb 2020 08:56:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=railnova-eu.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=L7YwcpcXjliy7hoyAruIFUZOiqs36VNj5JLgxyOPAJI=;
	b=MEBIXHgjssXuLhPRNgIu3/wmQeqMh0vY+wwxXkneEPYTglf+QuQiiGidDPpYbJdQ4Y
	I8k6JZ1m4NyMRzevfajajsiR1H3LEJEzeLKdKU9cnotKYoGBgFctoMIKVBjt+hznvcEB
	fjTpVTCjnaMA0SQXITcu+Fi/r2sNQa1Rk4zalhVZmst/5MAxZ7ZLzBbc5UtYjgSqM3P+
	AjQLHXu5n6k04TNlW+evDn2mCFbXpF6wnpxNMfSglXIpCOBZ0iTj2DGpAq/ZWH3zArjM
	uHqeqntk6C/y+lhNNtkFLu0nOPdDcjHL50D9q7+DEZndnkpox4tURzzUl3OcxNFmjA/C
	wQWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=L7YwcpcXjliy7hoyAruIFUZOiqs36VNj5JLgxyOPAJI=;
	b=Xe6hSEx51dKDkIP7giMBND0s5fQslCYRhyv76GHHdre+kOocYUOG63UM6clFOY604K
	L6TCL5gdX4XxQO/QRLeovscKtQBRBwhgXagLDPOaQEZsc9ahtqJTEspk1ZShCiMzp1L4
	NT/Cb0sQ2EE1l8DBlAP8CNZX+cikPqOO1pH/BcOKPP6jJSikmYdKpVz3cwy8AuqcxIwH
	liTCYumjj+dSCFKEbwjNQft5N94mO+ReeLT9W2NQb5amZqQtXsLcfvQ6UeG6LKMyrZ0y
	HWBAMPMumhaKcDdwRuP0RydBOyigodUJpNJnX5GtxTXV6ZE/hhJrpTzP+WYYHD6GsDGy
	hbRw==
X-Gm-Message-State: APjAAAXTOvV/Cp/SzVTeo3zqUzaW9ctTzy6O8JSgKmt2uK/SJ2kIUXoL
	eWZ+ue7RsqXwQHdhYPmERhfItkIt2UwKSw==
X-Google-Smtp-Source: 
 APXvYqz8gF6JJ5NxRxYYIsOjmb0GJ+tV58jpYQzSYpctoUQ9tT81oF72rj4NufPJowO0N/m14s45zg==
X-Received: by 2002:a5d:62d0:: with SMTP id
	o16mr29148223wrv.197.1580921789117;
	Wed, 05 Feb 2020 08:56:29 -0800 (PST)
Received: from localhost.localdomain ([2620:0:1055:fd00:463c:fbe1:fd20:7f18])
	by smtp.gmail.com with ESMTPSA id
	l15sm505823wrv.39.2020.02.05.08.56.27
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Wed, 05 Feb 2020 08:56:28 -0800 (PST)
From: Titouan Christophe <titouan.christophe@railnova.eu>
To: buildroot@buildroot.org
Date: Wed,  5 Feb 2020 17:56:23 +0100
Message-Id: <20200205165623.9537-1-titouan.christophe@railnova.eu>
X-Mailer: git-send-email 2.24.1
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 1/1] package/e2fsprogs: security bump to version
	1.45.5
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Titouan Christophe <titouan.christophe@railnova.eu>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

This fixes CVE-2019-5188:
A code execution vulnerability exists in the directory rehashing
functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4
directory can cause an out-of-bounds write on the stack, resulting
in code execution. An attacker can corrupt a partition to trigger
this vulnerability.

Also change the hash file to the new spacing convention introduced
by Yann E. Morin.

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
---
 package/e2fsprogs/e2fsprogs.hash | 10 +++++-----
 package/e2fsprogs/e2fsprogs.mk   |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package/e2fsprogs/e2fsprogs.hash b/package/e2fsprogs/e2fsprogs.hash
index c9018715c7..3ecbe4eaa7 100644
--- a/package/e2fsprogs/e2fsprogs.hash
+++ b/package/e2fsprogs/e2fsprogs.hash
@@ -1,6 +1,6 @@
-# https://mirrors.edge.kernel.org/pub/linux/kernel/people/tytso/e2fsprogs/v1.45.4/sha256sums.asc
-sha256 65faf6b590ca1da97440d6446bd11de9e0914b42553740ba5d9d2a796fa0dc02  e2fsprogs-1.45.4.tar.xz
+# https://mirrors.edge.kernel.org/pub/linux/kernel/people/tytso/e2fsprogs/v1.45.5/sha256sums.asc
+sha256  f9faccc0d90f73556e797dc7cc5979b582bd50d3f8609c0f2ad48c736d44aede  e2fsprogs-1.45.5.tar.xz
 # Locally calculated
-sha256 5da5ef153e559c1d990d4c3eedbedd4442db892d37eae1f35fff069de8ec9020  NOTICE
-sha256 032989b508f1a72ebee5b3417e55d06d473f9ee203e45ab11864a7e49cdec63d  lib/ss/mit-sipb-copyright.h
-sha256 47182fe6631a32f271a15bbe210751b3825b7199f588879aac7d4804fc8b4b8f  lib/et/internal.h
+sha256  5da5ef153e559c1d990d4c3eedbedd4442db892d37eae1f35fff069de8ec9020  NOTICE
+sha256  032989b508f1a72ebee5b3417e55d06d473f9ee203e45ab11864a7e49cdec63d  lib/ss/mit-sipb-copyright.h
+sha256  47182fe6631a32f271a15bbe210751b3825b7199f588879aac7d4804fc8b4b8f  lib/et/internal.h
diff --git a/package/e2fsprogs/e2fsprogs.mk b/package/e2fsprogs/e2fsprogs.mk
index 28fd78047f..fd59f701d6 100644
--- a/package/e2fsprogs/e2fsprogs.mk
+++ b/package/e2fsprogs/e2fsprogs.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-E2FSPROGS_VERSION = 1.45.4
+E2FSPROGS_VERSION = 1.45.5
 E2FSPROGS_SOURCE = e2fsprogs-$(E2FSPROGS_VERSION).tar.xz
 E2FSPROGS_SITE = $(BR2_KERNEL_MIRROR)/linux/kernel/people/tytso/e2fsprogs/v$(E2FSPROGS_VERSION)
 E2FSPROGS_LICENSE = GPL-2.0, MIT-like with advertising clause (libss and libet)