diff --git a/0001-MEMORYLEAK-DOS-LOAD-EXT-TABLE.patch b/0001-MEMORYLEAK-DOS-LOAD-EXT-TABLE.patch deleted file mode 100644 index eec8b38517ca99610522f46d77a036edc1cb4dc2..0000000000000000000000000000000000000000 --- a/0001-MEMORYLEAK-DOS-LOAD-EXT-TABLE.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Nur sleuthkit-4.6.7/tsk/vs/dos.c sleuthkit-4.6.7.new/tsk/vs/dos.c ---- sleuthkit-4.6.7/tsk/vs/dos.c 2019-08-03 04:20:57.000000000 +0800 -+++ sleuthkit-4.6.7.new/tsk/vs/dos.c 2020-12-09 17:35:47.356058422 +0800 -@@ -769,6 +769,7 @@ - tsk_error_set_errno(TSK_ERR_VS_BLK_NUM); - tsk_error_set_errstr - ("dos_load_ext_table: Loop in partition table detected"); -+ free(sect_buf); - return 1; - } - part_info = part_info->next; diff --git a/0002-Ensure-that-we-don-t-attempt-to-index-into-an-invali.patch b/0002-Ensure-that-we-don-t-attempt-to-index-into-an-invali.patch deleted file mode 100644 index 6e570e3e729e4026f915b74f07f42b8a2dea8b5f..0000000000000000000000000000000000000000 --- a/0002-Ensure-that-we-don-t-attempt-to-index-into-an-invali.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 77a5b8bf749d059ed3966dc7b6c4a67d265fc69b Mon Sep 17 00:00:00 2001 -From: esaunders -Date: Tue, 3 Dec 2019 17:28:38 -0500 -Subject: [PATCH 2/2] Ensure that we don't attempt to index into an invalid - offset in imap_buf. - ---- - tsk/fs/ext2fs.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/tsk/fs/ext2fs.c b/tsk/fs/ext2fs.c -index 5a480856..14715c11 100755 ---- a/tsk/fs/ext2fs.c -+++ b/tsk/fs/ext2fs.c -@@ -1051,6 +1051,19 @@ ext2fs_inode_walk(TSK_FS_INFO * fs, TSK_INUM_T start_inum, - grp_num * tsk_getu32(fs->endian, - ext2fs->fs->s_inodes_per_group) + 1; - -+ /* -+ * Ensure that inum - ibase refers to a valid offset in imap_buf. -+ */ -+ if ((inum - ibase) > fs->block_size) { -+ tsk_release_lock(&ext2fs->lock); -+ free(dino_buf); -+ tsk_error_reset(); -+ tsk_error_set_errno(TSK_ERR_FS_WALK_RNG); -+ tsk_error_set_errstr("%s: Invalid offset into imap_buf (inum %" PRIuINUM " - ibase %" PRIuINUM ")", -+ myname, inum, ibase); -+ return 1; -+ } -+ - /* - * Apply the allocated/unallocated restriction. - */ --- diff --git a/0003-Fix-bug-introduced-with-imap-offset-check.patch b/0003-Fix-bug-introduced-with-imap-offset-check.patch deleted file mode 100644 index 7d55f4cac155a4dcbe707c8291a4f1d7cefcbd0c..0000000000000000000000000000000000000000 --- a/0003-Fix-bug-introduced-with-imap-offset-check.patch +++ /dev/null @@ -1,47 +0,0 @@ -From f7a20cf162a02a4ce5301eb6b27bbc53fd5998b5 Mon Sep 17 00:00:00 2001 -From: Brian Carrier -Date: Wed, 29 Apr 2020 15:47:01 -0400 -Subject: [PATCH] Fix bug introduced with imap offset check - ---- - tsk/fs/ext2fs.c | 18 ++++++++++++++++-- - 1 file changed, 16 insertions(+), 2 deletions(-) - -diff --git a/tsk/fs/ext2fs.c b/tsk/fs/ext2fs.c -index 45dd18c2..1f56c943 100755 ---- a/tsk/fs/ext2fs.c -+++ b/tsk/fs/ext2fs.c -@@ -841,6 +841,20 @@ ext2fs_dinode_copy(EXT2FS_INFO * ext2fs, TSK_FS_META * fs_meta, - grp_num * tsk_getu32(fs->endian, - ext2fs->fs->s_inodes_per_group) + fs->first_inum; - -+ -+ /* -+ * Ensure that inum - ibase refers to a valid bit offset in imap_buf. -+ */ -+ if ((inum - ibase) > fs->block_size*8) { -+ tsk_release_lock(&ext2fs->lock); -+ tsk_error_reset(); -+ tsk_error_set_errno(TSK_ERR_FS_WALK_RNG); -+ tsk_error_set_errstr("ext2fs_dinode_copy: Invalid offset into imap_buf (inum %" PRIuINUM " - ibase %" PRIuINUM ")", -+ inum, ibase); -+ return 1; -+ } -+ -+ - /* - * Apply the allocated/unallocated restriction. - */ -@@ -1052,9 +1066,9 @@ ext2fs_inode_walk(TSK_FS_INFO * fs, TSK_INUM_T start_inum, - ext2fs->fs->s_inodes_per_group) + 1; - - /* -- * Ensure that inum - ibase refers to a valid offset in imap_buf. -+ * Ensure that inum - ibase refers to a valid bit offset in imap_buf. - */ -- if ((inum - ibase) > fs->block_size) { -+ if ((inum - ibase) > fs->block_size*8) { - tsk_release_lock(&ext2fs->lock); - free(dino_buf); - tsk_error_reset(); --- diff --git a/0004-Cast-attrseq-address-to-uintptr_t-so-that-the-correc.patch b/0004-Cast-attrseq-address-to-uintptr_t-so-that-the-correc.patch deleted file mode 100644 index 5a164543296fed517beb69ffac2a0e3800fbb1cc..0000000000000000000000000000000000000000 --- a/0004-Cast-attrseq-address-to-uintptr_t-so-that-the-correc.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 109ca428154925f6e031fbc817b48e9dc578f8db Mon Sep 17 00:00:00 2001 -From: esaunders -Date: Tue, 14 Jan 2020 15:45:44 -0500 -Subject: [PATCH] Cast attrseq address to uintptr_t so that the correct type - can be inferred for the + operator. - ---- - tsk/fs/ntfs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tsk/fs/ntfs.c b/tsk/fs/ntfs.c -index 837033ea..eeff809e 100755 ---- a/tsk/fs/ntfs.c -+++ b/tsk/fs/ntfs.c -@@ -1770,7 +1770,7 @@ ntfs_proc_attrseq(NTFS_INFO * ntfs, - // sanity check on bounds of attribute. Prevents other - // issues later on that use attr->len for bounds checks. - if (((uintptr_t) attr + tsk_getu32(fs->endian, -- attr->len)) > (uintptr_t) (a_attrseq + len)) { -+ attr->len)) > (uintptr_t)a_attrseq + len) { - break; - } - --- diff --git a/0005-Fix-Fuzz-buffer-overflow.patch b/0005-Fix-Fuzz-buffer-overflow.patch deleted file mode 100644 index b719e0b4d1a6c4e7065d328e4ad6c29ddb681c6c..0000000000000000000000000000000000000000 --- a/0005-Fix-Fuzz-buffer-overflow.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff -Nur sleuthkit-4.6.7/tsk/fs/ext2fs.c sleuthkit-4.6.7.new/tsk/fs/ext2fs.c ---- sleuthkit-4.6.7/tsk/fs/ext2fs.c 2020-12-16 14:43:46.929902964 +0800 -+++ sleuthkit-4.6.7.new/tsk/fs/ext2fs.c 2020-12-16 14:54:44.211056190 +0800 -@@ -1021,8 +1021,10 @@ - if ((fs_file = tsk_fs_file_alloc(fs)) == NULL) - return 1; - if ((fs_file->meta = -- tsk_fs_meta_alloc(EXT2FS_FILE_CONTENT_LEN)) == NULL) -+ tsk_fs_meta_alloc(EXT2FS_FILE_CONTENT_LEN)) == NULL) { -+ tsk_fs_file_close(fs_file); - return 1; -+ } - - // we need to handle fs->last_inum specially because it is for the - // virtual ORPHANS directory. Handle it outside of the loop. -@@ -1038,6 +1040,7 @@ - ext2fs->inode_size > - sizeof(ext2fs_inode) ? ext2fs->inode_size : sizeof(ext2fs_inode); - if ((dino_buf = (ext2fs_inode *) tsk_malloc(size)) == NULL) { -+ tsk_fs_file_close(fs_file); - return 1; - } - -@@ -1058,6 +1061,7 @@ - - if (ext2fs_imap_load(ext2fs, grp_num)) { - tsk_release_lock(&ext2fs->lock); -+ tsk_fs_file_close(fs_file); - free(dino_buf); - return 1; - } -@@ -1068,8 +1072,9 @@ - /* - * Ensure that inum - ibase refers to a valid bit offset in imap_buf. - */ -- if ((inum - ibase) > fs->block_size*8) { -+ if ((inum - ibase) >= fs->block_size*8) { - tsk_release_lock(&ext2fs->lock); -+ tsk_fs_file_close(fs_file); - free(dino_buf); - tsk_error_reset(); - tsk_error_set_errno(TSK_ERR_FS_WALK_RNG); -@@ -1120,7 +1125,7 @@ - * to the application. - */ - if (ext2fs_dinode_copy(ext2fs, fs_file->meta, inum, dino_buf)) { -- tsk_fs_meta_close(fs_file->meta); -+ tsk_fs_file_close(fs_file); - free(dino_buf); - return 1; - } -diff -Nur sleuthkit-4.6.7/tsk/fs/unix_misc.c sleuthkit-4.6.7.new/tsk/fs/unix_misc.c ---- sleuthkit-4.6.7/tsk/fs/unix_misc.c 2019-08-03 04:20:57.000000000 +0800 -+++ sleuthkit-4.6.7.new/tsk/fs/unix_misc.c 2020-12-16 14:56:46.852764086 +0800 -@@ -180,6 +180,7 @@ - } - tsk_error_set_errstr2("unix_make_data_run_indir: Block %" - PRIuDADDR, addr); -+ free(data_run); - return -1; - } - } diff --git a/0006-Add-attributes-file-nodesize-check.patch b/0006-Add-attributes-file-nodesize-check.patch index 0587cf9478431c2a2d4c5014dcbd7c9d053d68d8..19c1927ad5f84703e74f7efc3e8bef12bf8fe498 100644 --- a/0006-Add-attributes-file-nodesize-check.patch +++ b/0006-Add-attributes-file-nodesize-check.patch @@ -1,18 +1,18 @@ -From 6d709c18097b2b60a8583baf0714648a363b724e Mon Sep 17 00:00:00 2001 +From 1e5d36e31edc7a46d3cea0c1e65941f9dc753fc3 Mon Sep 17 00:00:00 2001 From: lingsheng Date: Fri, 18 Dec 2020 10:52:36 +0800 Subject: [PATCH] Add attributes file nodesize check --- - tsk/fs/hfs.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) + tsk/fs/hfs.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c -index 43dc2a9..636c4b7 100644 +index 3acc7ff..2f513cd 100644 --- a/tsk/fs/hfs.c +++ b/tsk/fs/hfs.c -@@ -3970,6 +3970,18 @@ hfs_load_extended_attrs(TSK_FS_FILE * fs_file, - return 0; +@@ -3922,6 +3922,18 @@ hfs_load_extended_attrs(TSK_FS_FILE * fs_file, + return 1; } + // Is the Attributes file nodesize valid? @@ -20,16 +20,16 @@ index 43dc2a9..636c4b7 100644 + if (attrFile.nodeSize < 512 || attrFile.nodeSize > 32768) { + if (tsk_verbose) + tsk_fprintf(stderr, -+ "hfs_load_extended_attrs: Attributes file nodesize is invalid\n"); -+ close_attr_file(&attrFile); -+ *isCompressed = FALSE; -+ *cmpType = 0; -+ return 0; ++ "hfs_load_extended_attrs: Attributes file nodesize is invalid\n"); ++ close_attr_file(&attrFile); ++ *isCompressed = FALSE; ++ *cmpType = 0; ++ return 0; + } + // A place to hold one node worth of data nodeData = (uint8_t *) malloc(attrFile.nodeSize); if (nodeData == NULL) { -- -2.23.0 +2.27.0 diff --git a/0007-Fixed-OOB-reads-in-hfs_cat_traverse.patch b/0007-Fixed-OOB-reads-in-hfs_cat_traverse.patch deleted file mode 100644 index c71a07d9320ada0f3684cdef62f2f11b8b364912..0000000000000000000000000000000000000000 --- a/0007-Fixed-OOB-reads-in-hfs_cat_traverse.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 2701739f8ad80d14c36de1e3a7a35bd792fceabb Mon Sep 17 00:00:00 2001 -From: Joachim Metz -Date: Wed, 28 Apr 2021 09:40:47 +0200 -Subject: [PATCH] Fixed OOB reads in hfs_cat_traverse #1401 - ---- - tsk/fs/hfs.c | 46 +++++++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 43 insertions(+), 3 deletions(-) - -diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c -index 22618534ee..003db5a950 100644 ---- a/tsk/fs/hfs.c -+++ b/tsk/fs/hfs.c -@@ -469,6 +469,16 @@ hfs_ext_find_extent_record_attr(HFS_INFO * hfs, uint32_t cnid, - size_t rec_off; - hfs_btree_key_ext *key; - -+ // Make sure node is large enough, note that (rec + 1) * 2 is an offset -+ // relative to the end of node -+ if ((rec + 1) * 2 > (int) nodesize) { -+ tsk_error_set_errno(TSK_ERR_FS_GENFS); -+ tsk_error_set_errstr -+ ("hfs_ext_find_extent_record: offset of record %d in leaf node %d too small (%" -+ PRIu16 ")", rec, cur_node, nodesize); -+ free(node); -+ return 1; -+ } - // get the record offset in the node - rec_off = - tsk_getu16(fs->endian, -@@ -554,11 +564,21 @@ hfs_ext_find_extent_record_attr(HFS_INFO * hfs, uint32_t cnid, - int keylen; - TSK_FS_ATTR_RUN *attr_run; - -+ // Make sure node is large enough, note that (rec + 1) * 2 is an offset -+ // relative to the end of node -+ if ((rec + 1) * 2 > (int) nodesize) { -+ tsk_error_set_errno(TSK_ERR_FS_GENFS); -+ tsk_error_set_errstr -+ ("hfs_ext_find_extent_record_attr: offset of record %d in leaf node %d too small (%" -+ PRIu16 ")", rec, cur_node, nodesize); -+ free(node); -+ return 1; -+ } - // get the record offset in the node - rec_off = - tsk_getu16(fs->endian, - &node[nodesize - (rec + 1) * 2]); -- if (rec_off > nodesize) { -+ if (rec_off >= nodesize) { - tsk_error_set_errno(TSK_ERR_FS_GENFS); - tsk_error_set_errstr - ("hfs_ext_find_extent_record_attr: offset of record %d in leaf node %d too large (%d vs %" -@@ -821,11 +841,21 @@ hfs_cat_traverse(HFS_INFO * hfs, - uint8_t retval; - int keylen; - -+ // Make sure node is large enough, note that (rec + 1) * 2 is an offset -+ // relative to the end of node -+ if ((rec + 1) * 2 > (int) nodesize) { -+ tsk_error_set_errno(TSK_ERR_FS_GENFS); -+ tsk_error_set_errstr -+ ("hfs_cat_traverse: offset of record %d in leaf node %d too small (%" -+ PRIu16 ")", rec, cur_node, nodesize); -+ free(node); -+ return 1; -+ } - // get the record offset in the node - rec_off = - tsk_getu16(fs->endian, - &node[nodesize - (rec + 1) * 2]); -- if (rec_off > nodesize) { -+ if (rec_off >= nodesize) { - tsk_error_set_errno(TSK_ERR_FS_GENFS); - tsk_error_set_errstr - ("hfs_cat_traverse: offset of record %d in index node %d too large (%d vs %" -@@ -931,11 +961,21 @@ hfs_cat_traverse(HFS_INFO * hfs, - uint8_t retval; - int keylen; - -+ // Make sure node is large enough, note that (rec + 1) * 2 is an offset -+ // relative to the end of node -+ if ((rec + 1) * 2 > (int) nodesize) { -+ tsk_error_set_errno(TSK_ERR_FS_GENFS); -+ tsk_error_set_errstr -+ ("hfs_cat_traverse: offset of record %d in leaf node %d too small (%" -+ PRIu16 ")", rec, cur_node, nodesize); -+ free(node); -+ return 1; -+ } - // get the record offset in the node - rec_off = - tsk_getu16(fs->endian, - &node[nodesize - (rec + 1) * 2]); -- if (rec_off > nodesize) { -+ if (rec_off >= nodesize) { - tsk_error_set_errno(TSK_ERR_FS_GENFS); - tsk_error_set_errstr - ("hfs_cat_traverse: offset of record %d in leaf node %d too large (%d vs %" diff --git a/0008-left-shift.patch b/0008-left-shift.patch index 85bce3befe02851d629f935db5b0e974ba0fdf33..51a78dbd4790bbbdf4ce1a7e0e8bbca2da42cb94 100644 --- a/0008-left-shift.patch +++ b/0008-left-shift.patch @@ -1,4 +1,4 @@ -From 86b8f475811a20a477801a50eada3b43fb3129ea Mon Sep 17 00:00:00 2001 +From 1260a66b8fe7400250d33f98fcbce0fa848bfc09 Mon Sep 17 00:00:00 2001 From: caodongxia <315816521@qq.com> Date: Wed, 2 Jun 2021 19:18:22 +0800 Subject: [PATCH] create patch @@ -8,10 +8,10 @@ Subject: [PATCH] create patch 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tsk/base/tsk_base_i.h b/tsk/base/tsk_base_i.h -index 147ef13..de86b32 100644 +index ffa5cf3..c022302 100644 --- a/tsk/base/tsk_base_i.h +++ b/tsk/base/tsk_base_i.h -@@ -79,8 +79,8 @@ extern "C" { +@@ -85,8 +85,8 @@ extern "C" { */ #define tsk_getu16(endian, x) \ (uint16_t)(((endian) == TSK_LIT_ENDIAN) ? \ @@ -22,7 +22,7 @@ index 147ef13..de86b32 100644 /** \internal * Read a 16-bit signed value. -@@ -99,8 +99,8 @@ extern "C" { +@@ -105,8 +105,8 @@ extern "C" { */ #define tsk_getu24(endian, x) \ (uint32_t)(((endian) == TSK_LIT_ENDIAN) ? \ @@ -33,14 +33,14 @@ index 147ef13..de86b32 100644 -@@ -112,15 +112,15 @@ extern "C" { +@@ -118,15 +118,15 @@ extern "C" { */ #define tsk_getu32(endian, x) \ (uint32_t)( ((endian) == TSK_LIT_ENDIAN) ? \ - ((((uint8_t *)(x))[0] << 0) + \ - (((uint8_t *)(x))[1] << 8) + \ - (((uint8_t *)(x))[2] << 16) + \ -- (((uint8_t *)(x))[3] << 24) ) \ +- ((uint32_t)((uint8_t *)(x))[3] << 24) ) \ + (((unsigned int)(((uint8_t *)(x))[0]) << 0) + \ + ((unsigned int)(((uint8_t *)(x))[1]) << 8) + \ + ((unsigned int)(((uint8_t *)(x))[2]) << 16) + \ @@ -49,7 +49,7 @@ index 147ef13..de86b32 100644 - ((((uint8_t *)(x))[3] << 0) + \ - (((uint8_t *)(x))[2] << 8) + \ - (((uint8_t *)(x))[1] << 16) + \ -- (((uint8_t *)(x))[0] << 24) ) ) +- ((uint32_t)((uint8_t *)(x))[0] << 24) ) ) + (((unsigned int)(((uint8_t *)(x))[3]) << 0) + \ + ((unsigned int)(((uint8_t *)(x))[2]) << 8) + \ + ((unsigned int)(((uint8_t *)(x))[1]) << 16) + \ diff --git a/0009-fix-memleak-in-ntfs.patch b/0009-fix-memleak-in-ntfs.patch deleted file mode 100644 index 67a2f44a0a93d553cc1321064fe55aecf1c86a72..0000000000000000000000000000000000000000 --- a/0009-fix-memleak-in-ntfs.patch +++ /dev/null @@ -1,79 +0,0 @@ -From f7f44f8d321628d0a9d960d4183d2eba63ed29ed Mon Sep 17 00:00:00 2001 -From: Joachim Metz -Date: Thu, 22 Apr 2021 20:29:46 +0200 -Subject: [PATCH] Fixed leak in error path #1190 - ---- - tsk/fs/ntfs.c | 23 ++++++++++++++++++----- - 1 file changed, 18 insertions(+), 5 deletions(-) - -diff --git a/tsk/fs/ntfs.c b/tsk/fs/ntfs.c -index f55b849..e82abae 100755 ---- a/tsk/fs/ntfs.c -+++ b/tsk/fs/ntfs.c -@@ -592,7 +592,8 @@ ntfs_make_data_run(NTFS_INFO * ntfs, TSK_OFF_T start_vcn, - int64_t addr_offset = 0; - - /* allocate a new tsk_fs_attr_run */ -- if ((data_run = tsk_fs_attr_run_alloc()) == NULL) { -+ data_run = tsk_fs_attr_run_alloc(); -+ if (data_run == NULL) { - tsk_fs_attr_run_free(*a_data_run_head); - *a_data_run_head = NULL; - return TSK_ERR; -@@ -2015,8 +2016,10 @@ ntfs_proc_attrseq(NTFS_INFO * ntfs, - tsk_error_set_errno(TSK_ERR_FS_CORRUPT); - tsk_error_set_errstr("ntfs_proc_attrseq: Compression unit size 2^%d too large", - tsk_getu16(fs->endian, attr->c.nr.compusize)); -- if (fs_attr_run) -+ if (fs_attr_run) { - tsk_fs_attr_run_free(fs_attr_run); -+ fs_attr_run = NULL; -+ } - return TSK_COR; - } - -@@ -2056,9 +2059,10 @@ ntfs_proc_attrseq(NTFS_INFO * ntfs, - TSK_FS_ATTR_RES)) == NULL) { - tsk_error_errstr2_concat(" - proc_attrseq: getnew"); - // JRB: Coverity found leak. -- if (fs_attr_run) -+ if (fs_attr_run) { - tsk_fs_attr_run_free(fs_attr_run); -- fs_attr_run = NULL; -+ fs_attr_run = NULL; -+ } - return TSK_ERR; - } - -@@ -2098,10 +2102,15 @@ ntfs_proc_attrseq(NTFS_INFO * ntfs, - tsk_error_errstr2_concat("- proc_attrseq: set run"); - - // If the run wasn't saved to the attribute, free it now -- if (fs_attr_run && (fs_attr->nrd.run == NULL)) -+ if (fs_attr_run && (fs_attr->nrd.run == NULL)) { - tsk_fs_attr_run_free(fs_attr_run); -+ fs_attr_run = NULL; -+ } - return TSK_COR; - } -+ // fs_file has taken over managerment of fs_attr_run -+ fs_attr_run = NULL; -+ - // set the special functions - if (fs_file->meta->flags & TSK_FS_META_FLAG_COMP) { - fs_attr->w = ntfs_attr_walk_special; -@@ -2112,6 +2121,10 @@ ntfs_proc_attrseq(NTFS_INFO * ntfs, - else { - if (tsk_fs_attr_add_run(fs, fs_attr, fs_attr_run)) { - tsk_error_errstr2_concat(" - proc_attrseq: put run"); -+ if (fs_attr_run) { -+ tsk_fs_attr_run_free(fs_attr_run); -+ fs_attr_run = NULL; -+ } - return TSK_COR; - } - } --- -2.30.0 - diff --git a/0010-Fixed-HFS-BTree-key-OOB-read.patch b/0010-Fixed-HFS-BTree-key-OOB-read.patch deleted file mode 100644 index 575e1aab241c067b27849e76531f7cbf52af050e..0000000000000000000000000000000000000000 --- a/0010-Fixed-HFS-BTree-key-OOB-read.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 0954034dc1ac757cfc125539c41cc2b42525b303 Mon Sep 17 00:00:00 2001 -From: Joachim Metz -Date: Tue, 27 Apr 2021 06:22:02 +0200 -Subject: [PATCH] Fixed HFS BTree key OOB read - ---- - tsk/fs/hfs.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c -index 2935fc50e3..d3b92aaad7 100644 ---- a/tsk/fs/hfs.c -+++ b/tsk/fs/hfs.c -@@ -976,7 +976,9 @@ hfs_cat_traverse(HFS_INFO * hfs, - rec_off = - tsk_getu16(fs->endian, - &node[nodesize - (rec + 1) * 2]); -- if (rec_off >= nodesize) { -+ -+ // Need at least 2 bytes for key_len -+ if (rec_off >= nodesize - 2) { - tsk_error_set_errno(TSK_ERR_FS_GENFS); - tsk_error_set_errstr - ("hfs_cat_traverse: offset of record %d in leaf node %d too large (%d vs %" diff --git a/0011-Fixed-OOB-reads-in-hfs_cat_traverse.patch b/0011-Fixed-OOB-reads-in-hfs_cat_traverse.patch deleted file mode 100644 index bc6c70f0447247cad538a767a827b171d048239b..0000000000000000000000000000000000000000 --- a/0011-Fixed-OOB-reads-in-hfs_cat_traverse.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 47b9992636f2e155b09503497ee58d819993c40d Mon Sep 17 00:00:00 2001 -From: Joachim Metz -Date: Sat, 1 May 2021 07:46:49 +0200 -Subject: [PATCH] Fixed OOB reads in hfs_cat_traverse - ---- - tsk/fs/hfs.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c -index e3221152b7..01259cee2d 100644 ---- a/tsk/fs/hfs.c -+++ b/tsk/fs/hfs.c -@@ -483,7 +483,7 @@ hfs_ext_find_extent_record_attr(HFS_INFO * hfs, uint32_t cnid, - rec_off = - tsk_getu16(fs->endian, - &node[nodesize - (rec + 1) * 2]); -- if (rec_off + sizeof(hfs_btree_key_ext) > nodesize) { -+ if (rec_off >= nodesize - sizeof(hfs_btree_key_ext)) { - tsk_error_set_errno(TSK_ERR_FS_GENFS); - tsk_error_set_errstr - ("hfs_ext_find_extent_record_attr: offset of record %d in index node %d too large (%d vs %" -@@ -578,7 +578,8 @@ hfs_ext_find_extent_record_attr(HFS_INFO * hfs, uint32_t cnid, - rec_off = - tsk_getu16(fs->endian, - &node[nodesize - (rec + 1) * 2]); -- if (rec_off >= nodesize) { -+ -+ if (rec_off >= nodesize - sizeof(hfs_btree_key_ext)) { - tsk_error_set_errno(TSK_ERR_FS_GENFS); - tsk_error_set_errstr - ("hfs_ext_find_extent_record_attr: offset of record %d in leaf node %d too large (%d vs %" -@@ -855,7 +856,9 @@ hfs_cat_traverse(HFS_INFO * hfs, - rec_off = - tsk_getu16(fs->endian, - &node[nodesize - (rec + 1) * 2]); -- if (rec_off >= nodesize) { -+ -+ // Need at least 2 bytes for key_len -+ if (rec_off >= nodesize - 2) { - tsk_error_set_errno(TSK_ERR_FS_GENFS); - tsk_error_set_errstr - ("hfs_cat_traverse: offset of record %d in index node %d too large (%d vs %" diff --git a/0012-fix_oob_read8.patch b/0012-fix_oob_read8.patch deleted file mode 100644 index 95a12351ba6e306faea67e61762071cfcaf7815f..0000000000000000000000000000000000000000 --- a/0012-fix_oob_read8.patch +++ /dev/null @@ -1,240 +0,0 @@ -From bd5af353d9a6d8f936d59c2fda57cf7eb14c48f5 Mon Sep 17 00:00:00 2001 -From: Joachim Metz -Date: Sat, 1 May 2021 08:36:06 +0200 -Subject: [PATCH] fix_oob_read8 - ---- - tsk/fs/hfs.c | 28 ++++++++++++++++------- - tsk/fs/hfs_dent.c | 2 +- - tsk/fs/hfs_unicompare.c | 50 ++++++++++++++++++++++++++++++++--------- - tsk/fs/tsk_hfs.h | 4 ++-- - 4 files changed, 63 insertions(+), 21 deletions(-) - -diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c -index e3221152b..8ac63b016 100644 ---- a/tsk/fs/hfs.c -+++ b/tsk/fs/hfs.c -@@ -707,11 +707,17 @@ hfs_ext_find_extent_record_attr(HFS_INFO * hfs, uint32_t cnid, - */ - int - hfs_cat_compare_keys(HFS_INFO * hfs, const hfs_btree_key_cat * key1, -- const hfs_btree_key_cat * key2) -+ int keylen1, const hfs_btree_key_cat * key2) - { - TSK_FS_INFO *fs = (TSK_FS_INFO *) & (hfs->fs_info); - uint32_t cnid1, cnid2; - -+ if (keylen1 < 6) { -+ // Note that it would be better to return an error value here -+ // but the current function interface does not support this -+ // Also see issue #2365 -+ return -1; -+ } - cnid1 = tsk_getu32(fs->endian, key1->parent_cnid); - cnid2 = tsk_getu32(fs->endian, key2->parent_cnid); - -@@ -720,7 +726,7 @@ hfs_cat_compare_keys(HFS_INFO * hfs, const hfs_btree_key_cat * key1, - if (cnid1 > cnid2) - return 1; - -- return hfs_unicode_compare(hfs, &key1->name, &key2->name); -+ return hfs_unicode_compare(hfs, &key1->name, keylen1 - 6, &key2->name); - } - - -@@ -890,7 +896,7 @@ hfs_cat_traverse(HFS_INFO * hfs, - - /* save the info from this record unless it is too big */ - retval = -- a_cb(hfs, HFS_BT_NODE_TYPE_IDX, key, -+ a_cb(hfs, HFS_BT_NODE_TYPE_IDX, key, keylen, - cur_off + rec_off, ptr); - if (retval == HFS_BTREE_CB_ERR) { - tsk_error_set_errno(TSK_ERR_FS_GENFS); -@@ -1012,7 +1018,7 @@ hfs_cat_traverse(HFS_INFO * hfs, - // rec_cnid = tsk_getu32(fs->endian, key->file_id); - - retval = -- a_cb(hfs, HFS_BT_NODE_TYPE_LEAF, key, -+ a_cb(hfs, HFS_BT_NODE_TYPE_LEAF, key, keylen, - cur_off + rec_off, ptr); - if (retval == HFS_BTREE_CB_LEAF_STOP) { - is_done = 1; -@@ -1058,7 +1064,7 @@ typedef struct { - - static uint8_t - hfs_cat_get_record_offset_cb(HFS_INFO * hfs, int8_t level_type, -- const hfs_btree_key_cat * cur_key, -+ const hfs_btree_key_cat * cur_key, int cur_keylen, - TSK_OFF_T key_off, void *ptr) - { - HFS_CAT_GET_RECORD_OFFSET_DATA *offset_data = (HFS_CAT_GET_RECORD_OFFSET_DATA *)ptr; -@@ -1073,14 +1079,14 @@ hfs_cat_get_record_offset_cb(HFS_INFO * hfs, int8_t level_type, - tsk_getu32(hfs->fs_info.endian, cur_key->parent_cnid)); - - if (level_type == HFS_BT_NODE_TYPE_IDX) { -- int diff = hfs_cat_compare_keys(hfs, cur_key, targ_key); -+ int diff = hfs_cat_compare_keys(hfs, cur_key, cur_keylen, targ_key); - if (diff < 0) - return HFS_BTREE_CB_IDX_LT; - else - return HFS_BTREE_CB_IDX_EQGT; - } - else { -- int diff = hfs_cat_compare_keys(hfs, cur_key, targ_key); -+ int diff = hfs_cat_compare_keys(hfs, cur_key, cur_keylen, targ_key); - - // see if this record is for our file or if we passed the interesting entries - if (diff < 0) { -@@ -1653,9 +1659,15 @@ hfs_cat_file_lookup(HFS_INFO * hfs, TSK_INUM_T inum, HFS_ENTRY * entry, - - static uint8_t - hfs_find_highest_inum_cb(HFS_INFO * hfs, int8_t level_type, -- const hfs_btree_key_cat * cur_key, -+ const hfs_btree_key_cat * cur_key, int cur_keylen, - TSK_OFF_T key_off, void *ptr) - { -+ if (cur_keylen < 6) { -+ // Note that it would be better to return an error value here -+ // but the current function interface does not support this -+ // Also see issue #2365 -+ return -1; -+ } - // NOTE: This assumes that the biggest inum is the last one that we - // see. the traverse method does not currently promise that as part of - // its callback "contract". -diff --git a/tsk/fs/hfs_dent.c b/tsk/fs/hfs_dent.c -index e4cebf8a4..495588642 100644 ---- a/tsk/fs/hfs_dent.c -+++ b/tsk/fs/hfs_dent.c -@@ -198,7 +198,7 @@ typedef struct { - - static uint8_t - hfs_dir_open_meta_cb(HFS_INFO * hfs, int8_t level_type, -- const hfs_btree_key_cat * cur_key, -+ const hfs_btree_key_cat * cur_key, int cur_keylen, - TSK_OFF_T key_off, void *ptr) - { - HFS_DIR_OPEN_META_INFO *info = (HFS_DIR_OPEN_META_INFO *) ptr; -diff --git a/tsk/fs/hfs_unicompare.c b/tsk/fs/hfs_unicompare.c -index 752486af0..91d528b88 100644 ---- a/tsk/fs/hfs_unicompare.c -+++ b/tsk/fs/hfs_unicompare.c -@@ -109,7 +109,7 @@ - #include "tsk_hfs.h" - - static int hfs_unicode_compare_int(uint16_t endian, -- const hfs_uni_str * uni1, const hfs_uni_str * uni2); -+ const hfs_uni_str * uni1, int uni1_len, const hfs_uni_str * uni2); - - - /** -@@ -124,18 +124,31 @@ static int hfs_unicode_compare_int(uint16_t endian, - */ - int - hfs_unicode_compare(HFS_INFO * hfs, const hfs_uni_str * uni1, -- const hfs_uni_str * uni2) -+ int uni1_len, const hfs_uni_str * uni2) - { - if (hfs->is_case_sensitive) { - uint16_t l1, l2; - const uint8_t *s1, *s2; - uint16_t c1, c2; - -+ if (uni1_len < 2) { -+ // Note that it would be better to return an error value here -+ // but the current function interface does not support this -+ // Also see issue #2365 -+ return -1; -+ } - l1 = tsk_getu16(hfs->fs_info.endian, uni1->length); - l2 = tsk_getu16(hfs->fs_info.endian, uni2->length); - s1 = uni1->unicode; - s2 = uni2->unicode; - -+ // Note that l1 contains number of UTF-16 "characters" and uni1_len number of bytes. -+ if (l1 > (uni1_len - 2) / 2) { -+ // Note that it would be better to return an error value here -+ // but the current function interface does not support this -+ // Also see issue #2365 -+ return -1; -+ } - while (1) { - if ((l1 == 0) && (l2 == 0)) - return 0; -@@ -157,7 +170,7 @@ hfs_unicode_compare(HFS_INFO * hfs, const hfs_uni_str * uni1, - return 0; - } - else -- return hfs_unicode_compare_int(hfs->fs_info.endian, uni1, uni2); -+ return hfs_unicode_compare_int(hfs->fs_info.endian, uni1, uni1_len, uni2); - } - - extern uint16_t gLowerCaseTable[]; -@@ -169,17 +182,34 @@ extern uint16_t gLowerCaseTable[]; - */ - static int - hfs_unicode_compare_int(uint16_t endian, const hfs_uni_str * uni1, -- const hfs_uni_str * uni2) -+ int uni1_len, const hfs_uni_str * uni2) - { - uint16_t c1, c2; - uint16_t temp; - uint16_t *lowerCaseTable; -- -- const uint8_t *str1 = uni1->unicode; -- const uint8_t *str2 = uni2->unicode; -- uint16_t length1 = tsk_getu16(endian, uni1->length); -- uint16_t length2 = tsk_getu16(endian, uni2->length); -- -+ const uint8_t *str1 = NULL; -+ const uint8_t *str2 = NULL; -+ uint16_t length1 = 0; -+ uint16_t length2 = 0; -+ -+ if (uni1_len < 2) { -+ // Note that it would be better to return an error value here -+ // but the current function interface does not support this -+ // Also see issue #2365 -+ return -1; -+ } -+ str1 = uni1->unicode; -+ str2 = uni2->unicode; -+ length1 = tsk_getu16(endian, uni1->length); -+ length2 = tsk_getu16(endian, uni2->length); -+ -+ // Note that length1 contains number of UTF-16 "characters" and uni1_len number of bytes. -+ if (length1 > (uni1_len - 2) / 2) { -+ // Note that it would be better to return an error value here -+ // but the current function interface does not support this -+ // Also see issue #2365 -+ return -1; -+ } - lowerCaseTable = gLowerCaseTable; - - while (1) { -diff --git a/tsk/fs/tsk_hfs.h b/tsk/fs/tsk_hfs.h -index 7becb2ab3..4437b1c5a 100644 ---- a/tsk/fs/tsk_hfs.h -+++ b/tsk/fs/tsk_hfs.h -@@ -734,7 +734,7 @@ extern uint8_t hfs_UTF16toUTF8(TSK_FS_INFO *, uint8_t *, int, char *, int, - uint32_t); - - extern int hfs_unicode_compare(HFS_INFO *, const hfs_uni_str *, -- const hfs_uni_str *); -+ int, const hfs_uni_str *); - extern uint16_t hfs_get_idxkeylen(HFS_INFO * hfs, uint16_t keylen, - const hfs_btree_header_record * header); - -@@ -765,7 +765,7 @@ extern char hfs_is_hard_link(TSK_FS_INFO * fs, TSK_INUM_T inum); - * @param ptr Pointer to data that was passed into parent - */ - typedef uint8_t(*TSK_HFS_BTREE_CB) (HFS_INFO *, int8_t level_type, -- const hfs_btree_key_cat * cur_key, -+ const hfs_btree_key_cat * cur_key, int cur_keylen, - TSK_OFF_T key_off, void *ptr); - // return values for callback - #define HFS_BTREE_CB_IDX_LT 1 // current key is less than target (keeps looking in node) --- -2.33.0 - diff --git a/0013-fix_oob_read13.patch b/0013-fix_oob_read13.patch deleted file mode 100644 index a4120bfecb6f42fb3ea006e260dcdbe4155a05d0..0000000000000000000000000000000000000000 --- a/0013-fix_oob_read13.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 6bac602fc47bd668fb0b8c14ce64c073ecc2de63 Mon Sep 17 00:00:00 2001 -From: Joachim Metz -Date: Fri, 18 Jun 2021 13:52:41 +0200 -Subject: [PATCH] fix_oob_read13 - ---- - tsk/fs/hfs.c | 8 ++++---- - tsk/fs/hfs_dent.c | 14 +++++++++++++- - tsk/fs/tsk_hfs.h | 2 +- - 3 files changed, 18 insertions(+), 6 deletions(-) - -diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c -index 8ac63b016..95d178031 100644 ---- a/tsk/fs/hfs.c -+++ b/tsk/fs/hfs.c -@@ -896,7 +896,7 @@ hfs_cat_traverse(HFS_INFO * hfs, - - /* save the info from this record unless it is too big */ - retval = -- a_cb(hfs, HFS_BT_NODE_TYPE_IDX, key, keylen, -+ a_cb(hfs, HFS_BT_NODE_TYPE_IDX, key, keylen, nodesize, - cur_off + rec_off, ptr); - if (retval == HFS_BTREE_CB_ERR) { - tsk_error_set_errno(TSK_ERR_FS_GENFS); -@@ -1018,7 +1018,7 @@ hfs_cat_traverse(HFS_INFO * hfs, - // rec_cnid = tsk_getu32(fs->endian, key->file_id); - - retval = -- a_cb(hfs, HFS_BT_NODE_TYPE_LEAF, key, keylen, -+ a_cb(hfs, HFS_BT_NODE_TYPE_LEAF, key, keylen, nodesize, - cur_off + rec_off, ptr); - if (retval == HFS_BTREE_CB_LEAF_STOP) { - is_done = 1; -@@ -1064,7 +1064,7 @@ typedef struct { - - static uint8_t - hfs_cat_get_record_offset_cb(HFS_INFO * hfs, int8_t level_type, -- const hfs_btree_key_cat * cur_key, int cur_keylen, -+ const hfs_btree_key_cat * cur_key, int cur_keylen, size_t node_size, - TSK_OFF_T key_off, void *ptr) - { - HFS_CAT_GET_RECORD_OFFSET_DATA *offset_data = (HFS_CAT_GET_RECORD_OFFSET_DATA *)ptr; -@@ -1659,7 +1659,7 @@ hfs_cat_file_lookup(HFS_INFO * hfs, TSK_INUM_T inum, HFS_ENTRY * entry, - - static uint8_t - hfs_find_highest_inum_cb(HFS_INFO * hfs, int8_t level_type, -- const hfs_btree_key_cat * cur_key, int cur_keylen, -+ const hfs_btree_key_cat * cur_key, int cur_keylen, size_t node_size, - TSK_OFF_T key_off, void *ptr) - { - if (cur_keylen < 6) { -diff --git a/tsk/fs/hfs_dent.c b/tsk/fs/hfs_dent.c -index 495588642..b88627e53 100644 ---- a/tsk/fs/hfs_dent.c -+++ b/tsk/fs/hfs_dent.c -@@ -198,7 +198,7 @@ typedef struct { - - static uint8_t - hfs_dir_open_meta_cb(HFS_INFO * hfs, int8_t level_type, -- const hfs_btree_key_cat * cur_key, int cur_keylen, -+ const hfs_btree_key_cat * cur_key, int cur_keylen, size_t nodesize, - TSK_OFF_T key_off, void *ptr) - { - HFS_DIR_OPEN_META_INFO *info = (HFS_DIR_OPEN_META_INFO *) ptr; -@@ -233,7 +233,19 @@ hfs_dir_open_meta_cb(HFS_INFO * hfs, int8_t level_type, - cur_key->parent_cnid) > info->cnid) { - return HFS_BTREE_CB_LEAF_STOP; - } -+ // Need at least 2 bytes for key_len -+ if (cur_keylen < 2) { -+ tsk_error_set_errno(TSK_ERR_FS_GENFS); -+ tsk_error_set_errstr("hfs_dir_open_meta: cur_keylen value out of bounds"); -+ return HFS_BTREE_CB_ERR; -+ } - rec_off2 = 2 + tsk_getu16(hfs->fs_info.endian, cur_key->key_len); -+ -+ if ((nodesize < 2) || (rec_off2 >= nodesize - 2)) { -+ tsk_error_set_errno(TSK_ERR_FS_GENFS); -+ tsk_error_set_errstr("hfs_dir_open_meta: nodesize value out of bounds"); -+ return HFS_BTREE_CB_ERR; -+ } - rec_type = tsk_getu16(hfs->fs_info.endian, &rec_buf[rec_off2]); - - // Catalog entry is for a file -diff --git a/tsk/fs/tsk_hfs.h b/tsk/fs/tsk_hfs.h -index 4437b1c5a..2530e0cfe 100644 ---- a/tsk/fs/tsk_hfs.h -+++ b/tsk/fs/tsk_hfs.h -@@ -765,7 +765,7 @@ extern char hfs_is_hard_link(TSK_FS_INFO * fs, TSK_INUM_T inum); - * @param ptr Pointer to data that was passed into parent - */ - typedef uint8_t(*TSK_HFS_BTREE_CB) (HFS_INFO *, int8_t level_type, -- const hfs_btree_key_cat * cur_key, int cur_keylen, -+ const hfs_btree_key_cat * cur_key, int cur_keylen, size_t node_size, - TSK_OFF_T key_off, void *ptr); - // return values for callback - #define HFS_BTREE_CB_IDX_LT 1 // current key is less than target (keeps looking in node) --- -2.33.0 - diff --git a/0014-Fixed-OOB-reads-in-hfs_dir_open_meta_cb.patch b/0014-Fixed-OOB-reads-in-hfs_dir_open_meta_cb.patch deleted file mode 100644 index cf3e842d8578378cb594c9c74c2d9d24920a7175..0000000000000000000000000000000000000000 --- a/0014-Fixed-OOB-reads-in-hfs_dir_open_meta_cb.patch +++ /dev/null @@ -1,28 +0,0 @@ -From beb68f543261a28ee25b945bb79d39213decd2cd Mon Sep 17 00:00:00 2001 -From: Joachim Metz -Date: Fri, 18 Jun 2021 16:34:18 +0200 -Subject: [PATCH] Fixed OOB reads in hfs_dir_open_meta_cb - ---- - tsk/fs/hfs_dent.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/tsk/fs/hfs_dent.c b/tsk/fs/hfs_dent.c -index b88627e53..54460f14b 100644 ---- a/tsk/fs/hfs_dent.c -+++ b/tsk/fs/hfs_dent.c -@@ -295,6 +295,11 @@ hfs_dir_open_meta_cb(HFS_INFO * hfs, int8_t level_type, - - /* This is a normal file in the folder */ - else if (rec_type == HFS_FILE_RECORD) { -+ if ((nodesize < sizeof(hfs_file)) || (rec_off2 >= nodesize - sizeof(hfs_file))) { -+ tsk_error_set_errno(TSK_ERR_FS_GENFS); -+ tsk_error_set_errstr("hfs_dir_open_meta: nodesize value out of bounds"); -+ return HFS_BTREE_CB_ERR; -+ } - hfs_file *file = (hfs_file *) & rec_buf[rec_off2]; - // This could be a hard link. We need to test this CNID, and follow it if necessary. - unsigned char is_err; --- -2.33.0 - diff --git a/sleuthkit-4.12.1.tar.gz b/sleuthkit-4.12.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..38619588be4f3041a8b031cb72aed5fc002812d0 Binary files /dev/null and b/sleuthkit-4.12.1.tar.gz differ diff --git a/sleuthkit-4.6.7.tar.gz b/sleuthkit-4.6.7.tar.gz deleted file mode 100644 index 9604539f8c7775cb1cb6b9786ad62c7ec016c13c..0000000000000000000000000000000000000000 Binary files a/sleuthkit-4.6.7.tar.gz and /dev/null differ diff --git a/sleuthkit.spec b/sleuthkit.spec index 892be84389d145dd8c79c2bd11cc7d336cda55ab..1426f049b0e216d97b38268e0472163777b52a62 100644 --- a/sleuthkit.spec +++ b/sleuthkit.spec @@ -1,30 +1,15 @@ Name: sleuthkit -Version: 4.6.7 -Release: 11 +Version: 4.12.1 +Release: 1 Summary: Tools for file system and volume forensic analysis License: CPL and IBM and GPLv2+ URL: http://www.sleuthkit.org Source0: https://github.com/sleuthkit/sleuthkit/releases/download/sleuthkit-%{version}/sleuthkit-%{version}.tar.gz -Patch0001: 0001-MEMORYLEAK-DOS-LOAD-EXT-TABLE.patch -Patch0002: 0002-Ensure-that-we-don-t-attempt-to-index-into-an-invali.patch -Patch0003: 0003-Fix-bug-introduced-with-imap-offset-check.patch -Patch0004: 0004-Cast-attrseq-address-to-uintptr_t-so-that-the-correc.patch -Patch0005: 0005-Fix-Fuzz-buffer-overflow.patch -Patch0006: 0006-Add-attributes-file-nodesize-check.patch -Patch0007: 0007-Fixed-OOB-reads-in-hfs_cat_traverse.patch -Patch0008: 0008-left-shift.patch -Patch0009: 0009-fix-memleak-in-ntfs.patch -Patch0010: 0010-Fixed-HFS-BTree-key-OOB-read.patch -Patch0011: 0011-Fixed-OOB-reads-in-hfs_cat_traverse.patch -#https://github.com/sleuthkit/sleuthkit/pull/2453/commits/bd5af353d9a6d8f936d59c2fda57cf7eb14c48f5 -Patch0012: 0012-fix_oob_read8.patch -#https://github.com/sleuthkit/sleuthkit/pull/2453/commits/6bac602fc47bd668fb0b8c14ce64c073ecc2de63 -Patch0013: 0013-fix_oob_read13.patch -#https://github.com/sleuthkit/sleuthkit/pull/2453/commits/beb68f543261a28ee25b945bb79d39213decd2cd -Patch0014: 0014-Fixed-OOB-reads-in-hfs_dir_open_meta_cb.patch - -BuildRequires: gcc-c++ afflib-devel >= 3.3.4 libewf-devel perl-generators sqlite-devel +Patch0001: 0006-Add-attributes-file-nodesize-check.patch +Patch0002: 0008-left-shift.patch + +BuildRequires: gcc-c++ afflib-devel >= 3.3.4 libewf-devel perl-generators sqlite-devel libtool autoconf %{?_with_java: BuildRequires: java-devel >= 1:1.6.0 jpackage-utils @@ -61,6 +46,7 @@ The help package contains manual pages and other related files for %{name}. %prep %autosetup -n %{name}-%{version} -p1 +autoreconf -vif %build %configure --disable-static %{!?_with_java:--disable-java} @@ -82,8 +68,8 @@ sed -i.rpath 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool %exclude %{_bindir}/fcat %{_bindir}/{ffind,fiwalk,fls,fsstat,hfind,icat} %{_bindir}/{ifind,ils,img_cat,img_stat,istat,jcat,sorter} -%{_bindir}/{jpeg_extract,jls,mactime,mmcat,mmls,mmstat,sigfind} -%{_bindir}/{srch_strings,tsk_comparedir,tsk_gettimes,tsk_loaddb,tsk_recover,usnjls} +%{_bindir}/{jpeg_extract,jls,mactime,mmcat,mmls,mmstat,pstat,sigfind} +%{_bindir}/{srch_strings,tsk_comparedir,tsk_gettimes,tsk_imageinfo,tsk_loaddb,tsk_recover,usnjls} %exclude %{_mandir}/man1/fcat.1* %dir %{_datadir}/tsk %{_datadir}/tsk/sorter/ @@ -92,11 +78,15 @@ sed -i.rpath 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool %files devel %{_includedir}/tsk/ %{_libdir}/*.so +%{_libdir}/pkgconfig/tsk.pc %files help %{_mandir}/man1/* %changelog +* Mon Oct 16 2023 wulei - 4.12.1-1 +- Update to 4.12.1 + * Thu Mar 10 2022 xuping - 4.6.7-11 - Fixed OOB read in hfs_dir_open_meta_cb