new file mode 100644

@@ -0,0 +1,65 @@

+From febbc583319b567fe3d83e521cc2ace9be8d1501 Mon Sep 17 00:00:00 2001

+From: Benjamin Lim <jarsp.ctf@gmail.com>

+Date: Fri, 29 Mar 2019 07:29:45 -0400

+Subject: [PATCH] Fix ext4 block group descriptor sizing

+

+Ext4 allows for arbitrarily sized block group descriptors when 64-bit

+addressing is enabled, which was previously not properly supported. This

+patch dynamically allocates a chunk of memory of the correct size.

+

+Signed-off-by: Benjamin Lim <jarsp.ctf@gmail.com>

+Signed-off-by Ajay Kaher <akaher@vmware.com?

+

+---

+ fs/ext4/ext4_common.c | 19 +++++++++++++++----

+ 1 file changed, 15 insertions(+), 4 deletions(-)

+

+diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c

+index feffbfa..464c33d 100644

+--- a/fs/ext4/ext4_common.c

+@@ -1587,7 +1587,7 @@ static int ext4fs_blockgroup

+ 

+ int ext4fs_read_inode(struct ext2_data *data, int ino, struct ext2_inode *inode)

+ {

+-	struct ext2_block_group blkgrp;

++	struct ext2_block_group *blkgrp;

+ 	struct ext2_sblock *sblock = &data->sblock;

+ 	struct ext_filesystem *fs = get_fs();

+ 	int log2blksz = get_fs()->dev_desc->log2blksz;

+@@ -1595,17 +1595,28 @@ int ext4fs_read_inode(struct ext2_data *data, int ino, struct ext2_inode *inode)

+ 	long int blkno;

+ 	unsigned int blkoff;

+ 

++	/* Allocate blkgrp based on gdsize (for 64-bit support). */

++	blkgrp = zalloc(get_fs()->gdsize);

++	if (!blkgrp)

++		return 0;

++

+ 	/* It is easier to calculate if the first inode is 0. */

+ 	ino--;

+ 	status = ext4fs_blockgroup(data, ino / le32_to_cpu

+-				   (sblock->inodes_per_group), &blkgrp);

+-	if (status == 0)

++				   (sblock->inodes_per_group), blkgrp);

++	if (status == 0) {

++		free(blkgrp);

+ 		return 0;

++	}

+ 

+ 	inodes_per_block = EXT2_BLOCK_SIZE(data) / fs->inodesz;

+-	blkno = ext4fs_bg_get_inode_table_id(&blkgrp, fs) +

++	blkno = ext4fs_bg_get_inode_table_id(blkgrp, fs) +

+ 	    (ino % le32_to_cpu(sblock->inodes_per_group)) / inodes_per_block;

+ 	blkoff = (ino % inodes_per_block) * fs->inodesz;

++

++	/* Free blkgrp as it is no longer required. */

++	free(blkgrp);

++

+ 	/* Read the inode. */

+ 	status = ext4fs_devread((lbaint_t)blkno << (LOG2_BLOCK_SIZE(data) -

+ 				log2blksz), blkoff,

+-- 

+2.7.4

+

+

@@ -3,7 +3,7 @@

 Summary:        U-Boot EFI firmware

 Name:		u-boot

 Version:	2019.01

-Release:	1%{?dist}

+Release:	2%{?dist}

 License:	GPLv2

 Url:            http://www.denx.de/wiki/U-Boot

 Vendor:		VMware, Inc.

@@ -17,6 +17,10 @@ Patch1:		0004-Fix-MMC1-external-SD-slot-on-Samsun.patch

 Patch2:		0005-Fix-no-usb.patch

 Patch3:         add_tcp_wget_support.patch

 Patch4:         add-saveenv-in-bootcmd.patch

+

+# CVE-2019-11059

+Patch5:         0001-Fix_ext4_block_group_descriptor_sizing.patch

+

 Group:          Development/Tools

 BuildArch:      aarch64

@@ -37,6 +41,7 @@ env variables from linux shell prompt.

 %patch2 -p1

 %patch3 -p1

 %patch4 -p1

+%patch5 -p1

 %build

 cp %{SOURCE1} configs/

@@ -58,6 +63,8 @@ install -D -m 0644 %{SOURCE2} %{buildroot}/etc/fw_env.config

 /usr/bin/fw_setenv

 %changelog

+*   Wed May 15 2019 Ajay Kaher <akaher@vmware.com> 2019.01-2

+-   Fix CVE-2019-11059

 *   Fri Feb 22 2019 Tapas Kundu <tkundu@vmware.com> 2019.01-1

 -   Updating to 2019.01

 -   Added patch for tcp and wget support