From ab446a2b8d6784c3952c4e1945c073e5cf4eb030 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 11:51:58 +0200 Subject: Adding debian version 1.2.0-1+deb12u1. Signed-off-by: Daniel Baumann --- debian/changelog | 74 ++++++++++++++++++++++ debian/control | 27 ++++++++ debian/copyright | 40 ++++++++++++ debian/gbp.conf | 3 + .../CVE-2023-45897-out-of-bounds-memory-access | 67 ++++++++++++++++++++ debian/patches/series | 1 + debian/rules | 11 ++++ debian/source/format | 1 + debian/upstream/signing-key.asc | 52 +++++++++++++++ debian/watch | 2 + 10 files changed, 278 insertions(+) create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/gbp.conf create mode 100644 debian/patches/CVE-2023-45897-out-of-bounds-memory-access create mode 100644 debian/patches/series create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 debian/upstream/signing-key.asc create mode 100644 debian/watch diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..1b9f418 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,74 @@ +exfatprogs (1.2.0-1+deb12u1) bookworm; urgency=medium + + * CVE-2023-45897 Add debian/patches/CVE-2023-45897-out-of-bounds-memory-access + to fix three out-of-bounds memory access issues. + * Add bookworm branch information to Vcs-Git and gbp.conf. + + -- Sven Hoexter Sat, 04 Nov 2023 17:56:01 +0100 + +exfatprogs (1.2.0-1) unstable; urgency=medium + + * New upstream release. + + New utilitiy exfat2img to dump exFAT metadata. + + fsck.exfat is now able to repair certain corruptions. + * Update Standards-Version to 4.6.1 - no changes required. + * Rewrite the package short and long description. + + -- Sven Hoexter Fri, 28 Oct 2022 14:48:05 +0200 + +exfatprogs (1.1.3-1) unstable; urgency=medium + + * New upstream release. + * Update Standards-Version to 4.6.0 - no changes required. + + -- Sven Hoexter Wed, 17 Nov 2021 20:10:43 +0100 + +exfatprogs (1.1.2-2) unstable; urgency=medium + + * Post stable release upload to unstable. + + -- Sven Hoexter Mon, 16 Aug 2021 19:55:59 +0200 + +exfatprogs (1.1.2-1) experimental; urgency=medium + + * New upstream release, mainly bugfixes and + mkfs.exfat set 0x80 to DriveSelect of the boot sector, to + help Windows 10 recognize exFAT formatted partitions. + + -- Sven Hoexter Thu, 20 May 2021 10:41:20 +0200 + +exfatprogs (1.1.1-1) experimental; urgency=medium + + * New upstream release. + * Upload to experimental due to the freeze. + + -- Sven Hoexter Wed, 21 Apr 2021 17:59:15 +0200 + +exfatprogs (1.1.0-1) unstable; urgency=medium + + * New upstream release. (Closes: #982431) + Introduces new binaries dump.exfat and exfatlabel. + * Update Standards-Version to 4.5.1, updating debian/copyright. + + -- Sven Hoexter Wed, 10 Feb 2021 09:32:31 +0100 + +exfatprogs (1.0.4-1) unstable; urgency=medium + + * New upstream release. + + -- Sven Hoexter Fri, 31 Jul 2020 10:13:02 +0200 + +exfatprogs (1.0.3-2) unstable; urgency=medium + + * Add exfatprogs release signing key. + ID D58529CC5376E36D6E1E6F6234F230FAF78E48D3 + Hyunchul Lee (Exfatprogs Release Signing Key) + * Source-Only upload to allow testing migration post new processing. + + -- Sven Hoexter Mon, 20 Jul 2020 09:30:07 +0200 + +exfatprogs (1.0.3-1) unstable; urgency=medium + + * Initial release. (Closes: #964265) + + -- Sven Hoexter Sun, 05 Jul 2020 21:41:15 +0200 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..c61e980 --- /dev/null +++ b/debian/control @@ -0,0 +1,27 @@ +Source: exfatprogs +Section: otherosfs +Priority: optional +Maintainer: Sven Hoexter +Build-Depends: debhelper-compat (= 13), pkg-config +Standards-Version: 4.6.1 +Rules-Requires-Root: no +Homepage: https://github.com/exfatprogs/exfatprogs +Vcs-Git: https://git.sven.stormbind.net/exfatprogs.git -b bookworm +Vcs-Browser: https://git.sven.stormbind.net/?p=sven/exfatprogs.git + +Package: exfatprogs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: exfat-utils +Description: exFAT file system utilities + Tools to manage extended file allocation table filesystem. + This package provides tools to create, check, dump and label + the filesystem. It contains + - mkfs.exfat to create an exFAT filesystem + - fsck.exfat to check and repair an exFAT filesystem + - tune.exfat to print and edit the volume label or serial + - dump.exfat to show on-disk information of an exFAT filesystem + - exfat2img to dump exFAT metadata + The tools included in this package are the exfatprogs + maintained by Samsung and LG engineers, who provided Linux exFAT + support. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..65cb319 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,40 @@ +This work was packaged for Debian by: + Sven Hoexter on Sat, 04 Jul 2020 19:06:23 +0200 + +It was downloaded from: + https://github.com/exfatprogs/exfatprogs/releases + +Upstream Author: + Namjae Jeon + Hyunchul Lee + +Copyright: + Copyright (C) 2019, 2021 Namjae Jeon + Copyright (C) 2020 Hyunchul Lee + Copyright (C) 2020 The Android Open Source Project + Copyright (C) 1989-2018 Free Software Foundation, Inc. + +License: + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + On any Debian system, you can find the complete text of the GNU GPL + (GNU General Public License) in the file "/usr/share/common-licenses/GPL-2". + + +The Debian packaging is: + Copyright (C) 2020-2021 Sven Hoexter + +and is licensed under the GPL version 2 or later, +see "/usr/share/common-licenses/GPL-2". diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..cabf8bc --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,3 @@ +[DEFAULT] +pristine-tar = True +debian-branch = bookworm diff --git a/debian/patches/CVE-2023-45897-out-of-bounds-memory-access b/debian/patches/CVE-2023-45897-out-of-bounds-memory-access new file mode 100644 index 0000000..85a296f --- /dev/null +++ b/debian/patches/CVE-2023-45897-out-of-bounds-memory-access @@ -0,0 +1,67 @@ +Description: CVE-2023-45897 out-of-bounds memory access +Origin: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf + https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4 + https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae +Last-Update: 2023-10-31 +Index: exfatprogs/exfat2img/exfat2img.c +=================================================================== +--- exfatprogs.orig/exfat2img/exfat2img.c ++++ exfatprogs/exfat2img/exfat2img.c +@@ -319,7 +319,7 @@ static int read_file_dentry_set(struct e + if (!node) + return -ENOMEM; + +- for (i = 2; i <= file_de->file_num_ext; i++) { ++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) { + ret = exfat_de_iter_get(iter, i, &dentry); + if (ret || dentry->type != EXFAT_NAME) + break; +Index: exfatprogs/fsck/fsck.c +=================================================================== +--- exfatprogs.orig/fsck/fsck.c ++++ exfatprogs/fsck/fsck.c +@@ -769,7 +769,7 @@ ask_again: + char *rename = NULL; + __u16 hash; + struct exfat_dentry *stream_de; +- int name_len, ret; ++ int ret; + + switch (num) { + case 1: +@@ -798,11 +798,11 @@ ask_again: + if (ret < 0) + return ret; + ++ ret >>=1; + memcpy(dentry->name_unicode, utf16_name, ENTRY_NAME_MAX * 2); +- name_len = exfat_utf16_len(utf16_name, ENTRY_NAME_MAX * 2); +- hash = exfat_calc_name_hash(iter->exfat, utf16_name, (int)name_len); ++ hash = exfat_calc_name_hash(iter->exfat, utf16_name, ret); + exfat_de_iter_get_dirty(iter, 1, &stream_de); +- stream_de->stream_name_len = (__u8)name_len; ++ stream_de->stream_name_len = (__u8)ret; + stream_de->stream_name_hash = cpu_to_le16(hash); + } + +@@ -856,7 +856,7 @@ static int read_file_dentry_set(struct e + if (!node) + return -ENOMEM; + +- for (i = 2; i <= file_de->file_num_ext; i++) { ++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) { + ret = exfat_de_iter_get(iter, i, &dentry); + if (ret || dentry->type != EXFAT_NAME) { + if (i > 2 && repair_file_ask(iter, NULL, ER_DE_NAME, +Index: exfatprogs/include/exfat_ondisk.h +=================================================================== +--- exfatprogs.orig/include/exfat_ondisk.h ++++ exfatprogs/include/exfat_ondisk.h +@@ -40,6 +40,7 @@ + /* exFAT allows 8388608(256MB) directory entries */ + #define MAX_EXFAT_DENTRIES 8388608 + #define MIN_FILE_DENTRIES 3 ++#define MAX_NAME_DENTRIES 17 + + /* dentry types */ + #define MSDOS_DELETED 0xE5 /* deleted mark */ diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..4449077 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +CVE-2023-45897-out-of-bounds-memory-access diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..d3e0345 --- /dev/null +++ b/debian/rules @@ -0,0 +1,11 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +%: + dh $@ + +override_dh_installchangelogs: + dh_installchangelogs NEWS diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..f7b0572 --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF7+kIUBEADNPHQM0SPJym79kmMYgvDBjFYgxzOvNWz+7iwX/J8eH3M8Zvml +P5UyCT0NenryAfWugZWVyqphjQflaCmSZS9uP3kfabn2dDaWodd++CWA5qezSvam +jZc2jw1g26qJCgR6RqXlQ+cY2gnKPfzJk8B6J3S2V7MCnX9LKGH0YUYfHjh01K6T +A6ZI3cgp/6SJmOsR0j67IkHwHNeJw0t5jmURZQbSMUtyqEvKvpgfn4Ss96IgSuNW +wT9dbNEEiqpg+fz8ym8iFR6YSJHwIWyjk0sNderdXDJx1Ly/hF8PpTwy0oKRnaYT +fRoiop7UsXBTRIhTqemNnRISV3OoJm/q/yOqmwPQ8d7PudBfnhwrR0FDisKGljto +2SmwPRuuej5AtfwZA+cjmeCCjicp0JbSwaEyLElD3JSvefAjKWZWt/vj3zq6d3uO +H2+i4oOcor10l8+C7O31mdmBf8DCy2LTp1ACSbrVmVCSzLiF/RcWaXDLxrYU53mH +eXGuskcMFfCP9+E108PrSfOBgvpZZMyo1fXlxq/6kkLL0RpP4zmnpvB+Lopbq12U +AWBnly6XQJh+wYoufII+uj1seRuCHUuLAbBlBcoMd2udW1TACMqlDZpg9U8zstt1 +GbnEHa0FllPlPpP1gHVjQq6qXj7fuDsH9KfZuEsW782Ug8yZPbAPMNoW2wARAQAB +tEFIeXVuY2h1bCBMZWUgKEV4ZmF0cHJvZ3MgUmVsZWFzZSBTaWduaW5nIEtleSkg +PGh5Yy5sZWVAZ21haWwuY29tPokCVAQTAQoAPhYhBNWFKcxTduNtbh5vYjTyMPr3 +jkjTBQJe/pCFAhsDBQkB4TOABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEDTy +MPr3jkjTr/0P/2zKlBs9ySEchaucuNFbZi4idd14VXzfn98XpmbgFRN6KP9tVywy +CRcOBCOiaPFziLlyadUTK82Zx0oZq6GHw847bkfp812saDZsCK1+WKJ6q0VJ3fRj +WzlZivHKB7UzytFoM2AYDMEP2XDNSa0Vizjh1XkTuJcKiF2chbpc75dSaFyia65D +VK30Oh+1nFx/bhMYy4DStHVsudyUcAf2WxB3ONfodnS6Q0JBB6p3rcS3CmBQIiy2 +PAghsaRqll7cCYOL5zJHsrnn0UGHDCxI3MJdzp3e+kWXaJVuaJrdWzG3AfH+OO+/ +qxAymGPX3B8Ofz2SkyPgu3qcCL7f0WKwG0SR69KXHX1SU4fIZhy7upFM6cpox+UG +oKqcUGs+Yr0TqEXFpxcVPpXQMdrH6M5iHQpS3HjfspJ9w45tunLksM+9D/So1/Tf +IhUsG9XnoLv0HTjmDZLXedpezRsNqs6+EDW3u0IE6lGHacnUFaErDg9W6cy5vzHc +tiJ0D36r34PINIVGYUgTqehsbTuSG+dW5rRfTO3vk6yfKXP8ZM6K3k0gqBTHOokt ++hSaZjTNc4FlMHbdo4AXUGsq9ruoZ4XBAvXlyH0gkJLJjgqQTqEwcHFVMgZ1JVYZ +lCJBWWECRyRNuuNfMQz30Oy48+8hwAkPBo5JG3YYf1v3Vn31S+iqwz0/uQINBF7+ +kIUBEAC6BPAk4g8Sc1B3TgHXQZ+rm/vXQH+HPhHMfazdbbXkEwpaVWcHRdOHieMy +8VH8ox4qmC7MFxEpnBy2MyDhWbDYXP0MWXnGE/EQwl5wOVzB/k8WR/jTCi71BMcI +XwbakN7FNDm94NsGHw5W1phnnr3cA3t17Hf9qcA0UIeKv6zxkAKGQqnzDmyKZri4 +tzQnMrx6woLBdbb8CPTkGtX5OZOQoNyQwGGW60UiiMddMCKVm4vGGFS7cLCCAZ5F +oPxPBZBURJZj8h1XojjguK75AqUQVopYA+DdwxrxYnvXKxZBdzWplOnHb3Zxig3H +KlhDJ+u2uelDqk+LvEEKzMNw6OqmTXyxSx6dwYlsK6ViiE3k+s/3ijTvw8v4GIRd +x7UXDOtNnYmR8VHROj65zLjI3ACr98wXtxOKgV63utc63sHYnUOODw+ZNIOt+lEE +RUPTQwaNnDa3SJ4ES7W7Kvql2eGgl1BUatIeD6dOel9TT1oiFbfru3aVgKCbamRk +21eDB9tSdmOOp4kdbtdeqO97BojKhcmVPk3MIT2l5TjWirBUm0kXFYSo0uExGdmC +BdVoHgb5/1+Poi9wv4K7cdnzqWUmNuycZE+rBRpSdlxt2geNB/dFGB20urRj4Srv +3e4zRR7hfSTY14KvNXsch7wmVbC0ssBn67o3rUsAqnqLMASGBQARAQABiQI8BBgB +CgAmFiEE1YUpzFN2421uHm9iNPIw+veOSNMFAl7+kIUCGwwFCQHhM4AACgkQNPIw ++veOSNNm0RAAjOKfnU/4pDrlRPqQG4eJIYnpWjCnaiMW9IpHjw5ABW4LVY7TrBY2 +QMbq3tMl+k9QpO8rVmgS69EqkPy85Hvw3sAkPWfJxPmCbIr8lhaUsyJNUtqu33ks +YOwV/AhCFPzZKY/0REc/6M+7j6mJreWFaQIrTYDssDBcLvSRViHT/30oGCFcDoMW +cIFe5TUbGgDMeggAVRskeySi61Tdm09K27SBB1ZeENVz8mgDrUpyKjyypNCG5TA1 +5DVvznSDkpRWOPe39IQkpbaeLsDRP0E2ji73ecRFAJm9yRtp3g5LcmLdY8LCWTPU +Nw8i2cSYbV4vc5J086lMdQr5QlMv+Zn9thTQbZv4ugNSbd+nzUnAyES3jG5VlYja +OW9CF5fQYbkLF4Jo1g4fEMSe8PVF06DNhvptKDz4jTTs92Nn0WLDUZ7o7U1DvPhV +YrT3kzO0FQ/9vz8FWfoRqUbfg3tkLejq/i/Z2/1H+9CP9lcunJgAE+uIfE8NkKBn +clNz7NyQo7KaKf8aIFWnNSA8jSayXfOdxIH+oM8pxRwkxTtgEdMHcU/rlBKSe5uQ +dzzNOmf8TQnT0KdRaPcn+7W47jmrdGZS1s8Hc24BsI+lUCcveOEeEpWQP4nh4kN/ +BGP92eQrsAuU6D6k22nmklM3IJataXKGS+v9FuN/uyP0W9J5I0hMD+Q= +=7Z4U +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..6076b3c --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=4 +opts=pgpsigurlmangle=s/$/.asc/ https://github.com/exfatprogs/exfatprogs/releases .*/exfatprogs-(\d\S*)\.tar\.xz \ No newline at end of file -- cgit v1.2.3