From 53c2704411a2f9fa8c338fed5a0378e30a99ce83 Mon Sep 17 00:00:00 2001
From: Eric Sandeen <sandeen@redhat.com>
Date: Tue, 17 Feb 2015 13:36:36 -0600
Subject: Fix use after free Fix time-based fsck if set in superblock

---
 e2fsck.conf                                |  4 +--
 e2fsprogs-1.42.12-use-after-free-fix.patch | 44 ++++++++++++++++++++++++++++++
 e2fsprogs.spec                             |  8 +++++-
 3 files changed, 53 insertions(+), 3 deletions(-)
 create mode 100644 e2fsprogs-1.42.12-use-after-free-fix.patch

diff --git a/e2fsck.conf b/e2fsck.conf
index b774f9e..5f1e800 100644
--- a/e2fsck.conf
+++ b/e2fsck.conf
@@ -1,3 +1,3 @@
 [options]
-# This will prevent e2fsck from stopping boot just because the clock is wrong
-broken_system_clock = 1
+# If set to 1, prevent e2fsck from stopping boot just because the clock is wrong
+broken_system_clock = 0
diff --git a/e2fsprogs-1.42.12-use-after-free-fix.patch b/e2fsprogs-1.42.12-use-after-free-fix.patch
new file mode 100644
index 0000000..738ee27
--- /dev/null
+++ b/e2fsprogs-1.42.12-use-after-free-fix.patch
@@ -0,0 +1,44 @@
+commit ebdf895b43a1ce499e4d2556a201e2a753fc422f
+Author: Theodore Ts'o <tytso@mit.edu>
+Date:   Wed Oct 8 11:18:41 2014 -0400
+
+    e2fsck: fix free pointer dereferences
+    
+    Commit 47fee2ef6a23a introduces some free pointer dereference bugs by
+    not clearing ctx->fs after calling ext2fs_close_free().
+    
+    Reported-by: Matthias Andree <mandree@FreeBSD.org>
+    Cc: Lukas Czerner <lczerner@redhat.com>
+    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+diff --git a/e2fsck/unix.c b/e2fsck/unix.c
+index 66debcd..10036e7 100644
+--- a/e2fsck/unix.c
++++ b/e2fsck/unix.c
+@@ -458,7 +458,7 @@ static void check_if_skip(e2fsck_t ctx)
+ 	}
+ 	log_out(ctx, "\n");
+ skip:
+-	ext2fs_close_free(&fs);
++	ext2fs_close_free(&ctx->fs);
+ 	e2fsck_free_context(ctx);
+ 	exit(FSCK_OK);
+ }
+@@ -1462,7 +1462,7 @@ failure:
+ 		/*
+ 		 * Restart in order to reopen fs but this time start mmp.
+ 		 */
+-		ext2fs_close_free(&fs);
++		ext2fs_close_free(&ctx->fs);
+ 		flags &= ~EXT2_FLAG_SKIP_MMP;
+ 		goto restart;
+ 	}
+@@ -1692,7 +1692,7 @@ no_journal:
+ 				_("while resetting context"));
+ 			fatal_error(ctx, 0);
+ 		}
+-		ext2fs_close_free(&fs);
++		ext2fs_close_free(&ctx->fs);
+ 		goto restart;
+ 	}
+ 	if (run_result & E2F_FLAG_ABORT)
diff --git a/e2fsprogs.spec b/e2fsprogs.spec
index 0b7f8a0..e8bdc91 100644
--- a/e2fsprogs.spec
+++ b/e2fsprogs.spec
@@ -1,7 +1,7 @@
 Summary: Utilities for managing ext2, ext3, and ext4 filesystems
 Name: e2fsprogs
 Version: 1.42.12
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 # License tags based on COPYING file distinctions for various components
 License: GPLv2
@@ -11,6 +11,7 @@ Source1: ext2_types-wrapper.h
 Source2: e2fsck.conf
 
 Patch1: e2fsprogs-1.40.4-sb_feature_check_ignore.patch
+Patch2: e2fsprogs-1.42.12-use-after-free-fix.patch
 
 Url: http://e2fsprogs.sourceforge.net/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -150,6 +151,7 @@ It was originally inspired by the Multics SubSystem library.
 # mildly unsafe but 'til I get something better, avoid full fsck
 # after an selinux install...
 %patch1 -p1 -b .featurecheck
+%patch2 -p1
 
 %build
 %configure --enable-elf-shlibs --enable-nls --disable-uuidd --disable-fsck \
@@ -331,6 +333,10 @@ exit 0
 %{_libdir}/pkgconfig/ss.pc
 
 %changelog
+* Tue Feb 17 2015 Eric Sandeen <sandeen@redhat.com> 1.42.12-2
+- Fix use after free
+- Re-enable time-based fsck if set in superblock (e2fsck.conf)
+
 * Fri Aug 29 2014 Eric Sandeen <sandeen@redhat.com> 1.42.12-1
 - New upstream release
 
-- 
cgit