summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/changelog74
-rw-r--r--debian/control27
-rw-r--r--debian/copyright40
-rw-r--r--debian/gbp.conf3
-rw-r--r--debian/patches/CVE-2023-45897-out-of-bounds-memory-access67
-rw-r--r--debian/patches/series1
-rwxr-xr-xdebian/rules11
-rw-r--r--debian/source/format1
-rw-r--r--debian/upstream/signing-key.asc52
-rw-r--r--debian/watch2
10 files changed, 278 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..1b9f418
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,74 @@
+exfatprogs (1.2.0-1+deb12u1) bookworm; urgency=medium
+
+ * CVE-2023-45897 Add debian/patches/CVE-2023-45897-out-of-bounds-memory-access
+ to fix three out-of-bounds memory access issues.
+ * Add bookworm branch information to Vcs-Git and gbp.conf.
+
+ -- Sven Hoexter <hoexter@debian.org> Sat, 04 Nov 2023 17:56:01 +0100
+
+exfatprogs (1.2.0-1) unstable; urgency=medium
+
+ * New upstream release.
+ + New utilitiy exfat2img to dump exFAT metadata.
+ + fsck.exfat is now able to repair certain corruptions.
+ * Update Standards-Version to 4.6.1 - no changes required.
+ * Rewrite the package short and long description.
+
+ -- Sven Hoexter <hoexter@debian.org> Fri, 28 Oct 2022 14:48:05 +0200
+
+exfatprogs (1.1.3-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Update Standards-Version to 4.6.0 - no changes required.
+
+ -- Sven Hoexter <hoexter@debian.org> Wed, 17 Nov 2021 20:10:43 +0100
+
+exfatprogs (1.1.2-2) unstable; urgency=medium
+
+ * Post stable release upload to unstable.
+
+ -- Sven Hoexter <hoexter@debian.org> Mon, 16 Aug 2021 19:55:59 +0200
+
+exfatprogs (1.1.2-1) experimental; urgency=medium
+
+ * New upstream release, mainly bugfixes and
+ mkfs.exfat set 0x80 to DriveSelect of the boot sector, to
+ help Windows 10 recognize exFAT formatted partitions.
+
+ -- Sven Hoexter <hoexter@debian.org> Thu, 20 May 2021 10:41:20 +0200
+
+exfatprogs (1.1.1-1) experimental; urgency=medium
+
+ * New upstream release.
+ * Upload to experimental due to the freeze.
+
+ -- Sven Hoexter <hoexter@debian.org> Wed, 21 Apr 2021 17:59:15 +0200
+
+exfatprogs (1.1.0-1) unstable; urgency=medium
+
+ * New upstream release. (Closes: #982431)
+ Introduces new binaries dump.exfat and exfatlabel.
+ * Update Standards-Version to 4.5.1, updating debian/copyright.
+
+ -- Sven Hoexter <hoexter@debian.org> Wed, 10 Feb 2021 09:32:31 +0100
+
+exfatprogs (1.0.4-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Sven Hoexter <hoexter@debian.org> Fri, 31 Jul 2020 10:13:02 +0200
+
+exfatprogs (1.0.3-2) unstable; urgency=medium
+
+ * Add exfatprogs release signing key.
+ ID D58529CC5376E36D6E1E6F6234F230FAF78E48D3
+ Hyunchul Lee (Exfatprogs Release Signing Key) <hyc.lee@gmail.com>
+ * Source-Only upload to allow testing migration post new processing.
+
+ -- Sven Hoexter <hoexter@debian.org> Mon, 20 Jul 2020 09:30:07 +0200
+
+exfatprogs (1.0.3-1) unstable; urgency=medium
+
+ * Initial release. (Closes: #964265)
+
+ -- Sven Hoexter <hoexter@debian.org> Sun, 05 Jul 2020 21:41:15 +0200
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..c61e980
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,27 @@
+Source: exfatprogs
+Section: otherosfs
+Priority: optional
+Maintainer: Sven Hoexter <hoexter@debian.org>
+Build-Depends: debhelper-compat (= 13), pkg-config
+Standards-Version: 4.6.1
+Rules-Requires-Root: no
+Homepage: https://github.com/exfatprogs/exfatprogs
+Vcs-Git: https://git.sven.stormbind.net/exfatprogs.git -b bookworm
+Vcs-Browser: https://git.sven.stormbind.net/?p=sven/exfatprogs.git
+
+Package: exfatprogs
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Conflicts: exfat-utils
+Description: exFAT file system utilities
+ Tools to manage extended file allocation table filesystem.
+ This package provides tools to create, check, dump and label
+ the filesystem. It contains
+ - mkfs.exfat to create an exFAT filesystem
+ - fsck.exfat to check and repair an exFAT filesystem
+ - tune.exfat to print and edit the volume label or serial
+ - dump.exfat to show on-disk information of an exFAT filesystem
+ - exfat2img to dump exFAT metadata
+ The tools included in this package are the exfatprogs
+ maintained by Samsung and LG engineers, who provided Linux exFAT
+ support.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..65cb319
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,40 @@
+This work was packaged for Debian by:
+ Sven Hoexter <sven@stormbind.net> on Sat, 04 Jul 2020 19:06:23 +0200
+
+It was downloaded from:
+ https://github.com/exfatprogs/exfatprogs/releases
+
+Upstream Author:
+ Namjae Jeon <linkinjeon@kernel.org>
+ Hyunchul Lee <hyc.lee@gmail.com>
+
+Copyright:
+ Copyright (C) 2019, 2021 Namjae Jeon <linkinjeon@kernel.org>
+ Copyright (C) 2020 Hyunchul Lee <hyc.lee@gmail.com>
+ Copyright (C) 2020 The Android Open Source Project
+ Copyright (C) 1989-2018 Free Software Foundation, Inc.
+
+License:
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ On any Debian system, you can find the complete text of the GNU GPL
+ (GNU General Public License) in the file "/usr/share/common-licenses/GPL-2".
+
+
+The Debian packaging is:
+ Copyright (C) 2020-2021 Sven Hoexter <sven@stormbind.net>
+
+and is licensed under the GPL version 2 or later,
+see "/usr/share/common-licenses/GPL-2".
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..cabf8bc
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,3 @@
+[DEFAULT]
+pristine-tar = True
+debian-branch = bookworm
diff --git a/debian/patches/CVE-2023-45897-out-of-bounds-memory-access b/debian/patches/CVE-2023-45897-out-of-bounds-memory-access
new file mode 100644
index 0000000..85a296f
--- /dev/null
+++ b/debian/patches/CVE-2023-45897-out-of-bounds-memory-access
@@ -0,0 +1,67 @@
+Description: CVE-2023-45897 out-of-bounds memory access
+Origin: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf
+ https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4
+ https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae
+Last-Update: 2023-10-31
+Index: exfatprogs/exfat2img/exfat2img.c
+===================================================================
+--- exfatprogs.orig/exfat2img/exfat2img.c
++++ exfatprogs/exfat2img/exfat2img.c
+@@ -319,7 +319,7 @@ static int read_file_dentry_set(struct e
+ if (!node)
+ return -ENOMEM;
+
+- for (i = 2; i <= file_de->file_num_ext; i++) {
++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) {
+ ret = exfat_de_iter_get(iter, i, &dentry);
+ if (ret || dentry->type != EXFAT_NAME)
+ break;
+Index: exfatprogs/fsck/fsck.c
+===================================================================
+--- exfatprogs.orig/fsck/fsck.c
++++ exfatprogs/fsck/fsck.c
+@@ -769,7 +769,7 @@ ask_again:
+ char *rename = NULL;
+ __u16 hash;
+ struct exfat_dentry *stream_de;
+- int name_len, ret;
++ int ret;
+
+ switch (num) {
+ case 1:
+@@ -798,11 +798,11 @@ ask_again:
+ if (ret < 0)
+ return ret;
+
++ ret >>=1;
+ memcpy(dentry->name_unicode, utf16_name, ENTRY_NAME_MAX * 2);
+- name_len = exfat_utf16_len(utf16_name, ENTRY_NAME_MAX * 2);
+- hash = exfat_calc_name_hash(iter->exfat, utf16_name, (int)name_len);
++ hash = exfat_calc_name_hash(iter->exfat, utf16_name, ret);
+ exfat_de_iter_get_dirty(iter, 1, &stream_de);
+- stream_de->stream_name_len = (__u8)name_len;
++ stream_de->stream_name_len = (__u8)ret;
+ stream_de->stream_name_hash = cpu_to_le16(hash);
+ }
+
+@@ -856,7 +856,7 @@ static int read_file_dentry_set(struct e
+ if (!node)
+ return -ENOMEM;
+
+- for (i = 2; i <= file_de->file_num_ext; i++) {
++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) {
+ ret = exfat_de_iter_get(iter, i, &dentry);
+ if (ret || dentry->type != EXFAT_NAME) {
+ if (i > 2 && repair_file_ask(iter, NULL, ER_DE_NAME,
+Index: exfatprogs/include/exfat_ondisk.h
+===================================================================
+--- exfatprogs.orig/include/exfat_ondisk.h
++++ exfatprogs/include/exfat_ondisk.h
+@@ -40,6 +40,7 @@
+ /* exFAT allows 8388608(256MB) directory entries */
+ #define MAX_EXFAT_DENTRIES 8388608
+ #define MIN_FILE_DENTRIES 3
++#define MAX_NAME_DENTRIES 17
+
+ /* dentry types */
+ #define MSDOS_DELETED 0xE5 /* deleted mark */
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..4449077
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2023-45897-out-of-bounds-memory-access
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..d3e0345
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,11 @@
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+%:
+ dh $@
+
+override_dh_installchangelogs:
+ dh_installchangelogs NEWS
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
new file mode 100644
index 0000000..f7b0572
--- /dev/null
+++ b/debian/upstream/signing-key.asc
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF7+kIUBEADNPHQM0SPJym79kmMYgvDBjFYgxzOvNWz+7iwX/J8eH3M8Zvml
+P5UyCT0NenryAfWugZWVyqphjQflaCmSZS9uP3kfabn2dDaWodd++CWA5qezSvam
+jZc2jw1g26qJCgR6RqXlQ+cY2gnKPfzJk8B6J3S2V7MCnX9LKGH0YUYfHjh01K6T
+A6ZI3cgp/6SJmOsR0j67IkHwHNeJw0t5jmURZQbSMUtyqEvKvpgfn4Ss96IgSuNW
+wT9dbNEEiqpg+fz8ym8iFR6YSJHwIWyjk0sNderdXDJx1Ly/hF8PpTwy0oKRnaYT
+fRoiop7UsXBTRIhTqemNnRISV3OoJm/q/yOqmwPQ8d7PudBfnhwrR0FDisKGljto
+2SmwPRuuej5AtfwZA+cjmeCCjicp0JbSwaEyLElD3JSvefAjKWZWt/vj3zq6d3uO
+H2+i4oOcor10l8+C7O31mdmBf8DCy2LTp1ACSbrVmVCSzLiF/RcWaXDLxrYU53mH
+eXGuskcMFfCP9+E108PrSfOBgvpZZMyo1fXlxq/6kkLL0RpP4zmnpvB+Lopbq12U
+AWBnly6XQJh+wYoufII+uj1seRuCHUuLAbBlBcoMd2udW1TACMqlDZpg9U8zstt1
+GbnEHa0FllPlPpP1gHVjQq6qXj7fuDsH9KfZuEsW782Ug8yZPbAPMNoW2wARAQAB
+tEFIeXVuY2h1bCBMZWUgKEV4ZmF0cHJvZ3MgUmVsZWFzZSBTaWduaW5nIEtleSkg
+PGh5Yy5sZWVAZ21haWwuY29tPokCVAQTAQoAPhYhBNWFKcxTduNtbh5vYjTyMPr3
+jkjTBQJe/pCFAhsDBQkB4TOABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEDTy
+MPr3jkjTr/0P/2zKlBs9ySEchaucuNFbZi4idd14VXzfn98XpmbgFRN6KP9tVywy
+CRcOBCOiaPFziLlyadUTK82Zx0oZq6GHw847bkfp812saDZsCK1+WKJ6q0VJ3fRj
+WzlZivHKB7UzytFoM2AYDMEP2XDNSa0Vizjh1XkTuJcKiF2chbpc75dSaFyia65D
+VK30Oh+1nFx/bhMYy4DStHVsudyUcAf2WxB3ONfodnS6Q0JBB6p3rcS3CmBQIiy2
+PAghsaRqll7cCYOL5zJHsrnn0UGHDCxI3MJdzp3e+kWXaJVuaJrdWzG3AfH+OO+/
+qxAymGPX3B8Ofz2SkyPgu3qcCL7f0WKwG0SR69KXHX1SU4fIZhy7upFM6cpox+UG
+oKqcUGs+Yr0TqEXFpxcVPpXQMdrH6M5iHQpS3HjfspJ9w45tunLksM+9D/So1/Tf
+IhUsG9XnoLv0HTjmDZLXedpezRsNqs6+EDW3u0IE6lGHacnUFaErDg9W6cy5vzHc
+tiJ0D36r34PINIVGYUgTqehsbTuSG+dW5rRfTO3vk6yfKXP8ZM6K3k0gqBTHOokt
++hSaZjTNc4FlMHbdo4AXUGsq9ruoZ4XBAvXlyH0gkJLJjgqQTqEwcHFVMgZ1JVYZ
+lCJBWWECRyRNuuNfMQz30Oy48+8hwAkPBo5JG3YYf1v3Vn31S+iqwz0/uQINBF7+
+kIUBEAC6BPAk4g8Sc1B3TgHXQZ+rm/vXQH+HPhHMfazdbbXkEwpaVWcHRdOHieMy
+8VH8ox4qmC7MFxEpnBy2MyDhWbDYXP0MWXnGE/EQwl5wOVzB/k8WR/jTCi71BMcI
+XwbakN7FNDm94NsGHw5W1phnnr3cA3t17Hf9qcA0UIeKv6zxkAKGQqnzDmyKZri4
+tzQnMrx6woLBdbb8CPTkGtX5OZOQoNyQwGGW60UiiMddMCKVm4vGGFS7cLCCAZ5F
+oPxPBZBURJZj8h1XojjguK75AqUQVopYA+DdwxrxYnvXKxZBdzWplOnHb3Zxig3H
+KlhDJ+u2uelDqk+LvEEKzMNw6OqmTXyxSx6dwYlsK6ViiE3k+s/3ijTvw8v4GIRd
+x7UXDOtNnYmR8VHROj65zLjI3ACr98wXtxOKgV63utc63sHYnUOODw+ZNIOt+lEE
+RUPTQwaNnDa3SJ4ES7W7Kvql2eGgl1BUatIeD6dOel9TT1oiFbfru3aVgKCbamRk
+21eDB9tSdmOOp4kdbtdeqO97BojKhcmVPk3MIT2l5TjWirBUm0kXFYSo0uExGdmC
+BdVoHgb5/1+Poi9wv4K7cdnzqWUmNuycZE+rBRpSdlxt2geNB/dFGB20urRj4Srv
+3e4zRR7hfSTY14KvNXsch7wmVbC0ssBn67o3rUsAqnqLMASGBQARAQABiQI8BBgB
+CgAmFiEE1YUpzFN2421uHm9iNPIw+veOSNMFAl7+kIUCGwwFCQHhM4AACgkQNPIw
++veOSNNm0RAAjOKfnU/4pDrlRPqQG4eJIYnpWjCnaiMW9IpHjw5ABW4LVY7TrBY2
+QMbq3tMl+k9QpO8rVmgS69EqkPy85Hvw3sAkPWfJxPmCbIr8lhaUsyJNUtqu33ks
+YOwV/AhCFPzZKY/0REc/6M+7j6mJreWFaQIrTYDssDBcLvSRViHT/30oGCFcDoMW
+cIFe5TUbGgDMeggAVRskeySi61Tdm09K27SBB1ZeENVz8mgDrUpyKjyypNCG5TA1
+5DVvznSDkpRWOPe39IQkpbaeLsDRP0E2ji73ecRFAJm9yRtp3g5LcmLdY8LCWTPU
+Nw8i2cSYbV4vc5J086lMdQr5QlMv+Zn9thTQbZv4ugNSbd+nzUnAyES3jG5VlYja
+OW9CF5fQYbkLF4Jo1g4fEMSe8PVF06DNhvptKDz4jTTs92Nn0WLDUZ7o7U1DvPhV
+YrT3kzO0FQ/9vz8FWfoRqUbfg3tkLejq/i/Z2/1H+9CP9lcunJgAE+uIfE8NkKBn
+clNz7NyQo7KaKf8aIFWnNSA8jSayXfOdxIH+oM8pxRwkxTtgEdMHcU/rlBKSe5uQ
+dzzNOmf8TQnT0KdRaPcn+7W47jmrdGZS1s8Hc24BsI+lUCcveOEeEpWQP4nh4kN/
+BGP92eQrsAuU6D6k22nmklM3IJataXKGS+v9FuN/uyP0W9J5I0hMD+Q=
+=7Z4U
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..6076b3c
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,2 @@
+version=4
+opts=pgpsigurlmangle=s/$/.asc/ https://github.com/exfatprogs/exfatprogs/releases .*/exfatprogs-(\d\S*)\.tar\.xz \ No newline at end of file