Update release notes, version files, etc., for 1.40.3 release.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

5 files changed, 163 insertions, 10 deletions

diff --git a/README b/README
index 13878022..e57aa50e 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-	This is the new version (1.40.2) of the second extended file
+	This is the new version (1.40.3) of the second extended file
 system management programs.
 
 	From time to time, I release new versions of e2fsprogs, to fix
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index b3a605c6..378d0e08 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,3 +1,119 @@
+E2fsprogs 1.40.3 (December 5, 2007)
+===================================
+
+Fix a potential security vulnerability where an untrusted filesystem
+can be corrupted in such a way that a program using libext2fs will
+allocate a buffer which is far too small.  This can lead to either a
+crash or potentially a heap-based buffer overflow crash.  No known
+exploits exist, but main concern is where an untrusted user who
+possesses privileged access in a guest Xen environment could corrupt a
+filesystem which is then accessed by the pygrub program, running as
+root in the dom0 host environment, thus allowing the untrusted user to
+gain privileged access in the host OS.  Thanks to the McAfee AVERT
+Research group for reporting this issue.  (Addresses CVE-2007-5497.)
+
+Fix hueristics in blkid which could cause a disk without partitions to
+be incorrectly skipped when a loopback device is present.  (Addresses
+Red Hat Bugzilla #400321.)
+
+Fix e2image so that in raw mode it does not create an image file which
+is one byte too large.
+
+Change mke2fs's usage message so it recommends the preferred -E option
+instead of the deprecated -R option.
+
+Enhance the blkid library so it will recognize squashfs filesystems.
+(Addresses Red Hat Bugzilla #305151.)
+
+Enhance e2fsck so it will force the backup superblocks to be backed up
+if the filesystem is consistent and key constants have been changed
+(i.e., by an on-line resize) or by e2fsck in the course of its
+operations.
+
+Enhance blkid's detection of FAT filesystems; so that USB disks with
+only a single bootable partition will not get missed.
+
+E2fsck will no longer mark a filesystem as invalid if it has time
+errors (i.e., if superblock mount time or last write time is in the
+future) and the user refuses to fix the problem.
+
+The Ubuntu init scripts don't properly set the system time correctly
+from hardware clock if the hardware clock is configured to tick local
+time instead of GMT time.  Work around this as best as we can by
+providing an option, buggy_init_scripts, in /etc/e2fsck.conf which can
+be set on Ubuntu systems.  (Addresses Debian Bug #441093, and Ubuntu
+Bug #131201.)
+
+Fix fsck to ignore /etc/fstab entries for bind mounts.  (Addresses Red
+Hat Bugzilla #151533.)
+
+Fix e2fsck so that if the superblock is corrupt, but still looks
+vaguely like an ext2/3/4 superblock, that it automatically tries to
+fall back to the backup superblock, instead of failing with a hard
+error.
+
+Make the e2fsprogs program more robust so that they will not crash
+when opening a corrupt filesystem where s_inode_size is zero.
+
+Change e2fsck so it uses sscanf() instead of atoi() so it non-numeric
+arguments are detected as such and the parse error is reported to the
+user.   (Addresses Debian Bug #435381.)
+
+Change e2fsck so it will not complain if a file has blocks reallocated
+up to the next multiple of a system's page size.
+
+Fix bug in ext2fs_check_desc() which will cause e2fsck to complain
+about (valid) filesystems where the inode table extends to the last
+block of the block group.  (Addresses Red Hat Bugzilla #214765.)
+
+Fix a bug in ext2fs_initialize() which causes mke2fs to fail while
+allocating inode tables for some relatively rare odd disk sizes.
+(Addresses Red Hat Bugzilla #241767.)
+
+Add Catalan translation and update Dutch and Swedish translations
+from the Translation Project.
+
+Fix big-endian byte-swapping bug in ext2fs_swap_inode_full().  We
+still had an issue when trying to figure out whether we need to
+byte-swap fast symlinks that contained extended attributes.
+
+Fixed spelling mistakes, typos, and otherwise clarified man pages.
+(Addresses SourceForge Bug #1821333.)
+
+
+Programmer's Notes:
+-------------------
+
+Fix mke2fs tests to avoid needing any significant ^M (CR) characters
+
+Add "make check" to the RPM spec file
+
+Fix "make install" and 'make unstall" in misc/Makefile.in so that it
+works correctly when the prefix is not the root directory.
+
+Fix the resize2fs tests, r_move_itable and r_resize_inode, so they
+clena up after themselves by deleting the test.img temporary file
+after completing the test.
+
+Fixed a corner case bug ext2fs_unlink() when trying to delete the
+first directory entry in a directory block and the last directory
+entry in the previous directory block is not in use.  Fortunately
+ext2fs_unlink() is only used by debugfs and e2fsck, and in e2fsck in
+places where it is extremely unlikely to run into this corner case.
+
+Fix missing dependency which would cuase parallel builds to fail.
+(Addresses Sourceforge Bug #1842331.)
+
+Fix a build error on newer gcc caused by lib/ext2fs/ismounted.c
+calling open(O_CREATE) with a missing mode parameter.
+
+Fix the test_ss.c in lib/ss so it can be used as an example
+application program for the library as well as a regression test
+suite.
+
+Fix ext2fs_dblist_dir_iterate() so that error codes and abort codes
+are properly passed back up through the call stack.
+
 E2fsprogs 1.40.2 (July 12, 2007)
 ================================
 
@@ -304,7 +420,8 @@ the superblock.  Omit by default printing superblocks that are likely
 found in located in an ext3 journal unless an explicit -j option is
 given.
 
-Updated French and Dutch translations and added Vietnamese translation.
+Updated Spanish, French and Dutch translations and added Catalan
+translation.  (Addresses Debian bug: #411562)
 
 Use FreeBSD's DIOCGMEDIASIZE and DIOCGDINFO ioctls if available when
 determining a partition's size, since binary searching to determine
diff --git a/debian/changelog b/debian/changelog
index fb599e02..737242a6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,39 @@
+e2fsprogs (1.40.3-1) unstable; urgency=medium
+
+  * New upstream release
+  * libext2fs: Add checks to prevent integer overflows passed to
+      malloc().  Fixes security issue related to Xen's pygrub: CVE-2007-5497
+  * libss: Fix parallel build failure
+  * e2fsprogs: fix blkid whole-disk scanning heuristics
+  * libext2fs: Fix a corner case bug in ext2fs_unlink
+  * fix check_mntent_file() to pass mode for open(O_CREAT)
+  * Fix errors in test_ss.c so it can be an example application and test case
+  * e2image in raw-mode appends an extra byte to image-file
+  * Fix typo in the summary section of the blkid man page
+  * mke2fs: Change usage message to use -E instead -R, which is deprecated
+  * libblkid: recognize squashfs filesystems on BE systems.
+  * libblkid: detect squashfs
+  * e2fsck: backup superblocks if key constants have changed
+  * e2fsck: update the backup superblocks if the feature bitmasks are changed
+  * ext2fs_dblist_dir_iterate: Fix ABORT propagation logic
+  * libblkid: Add more magic numbers that might mean there is a FAT filesystem
+  * e2fsck: Don't mark the filesystem invalid because of time errors
+  * Work around lame Ubuntu init scripts / installer bugs
+  * fsck: Ignore /etc/fstab entries for bind mounts
+  * e2fsck: If the superblock is corrupt, automatically retry with the backup sb
+  * Don't crash if s_inode_size is zero
+  * Use sscanf instead of atoi when parsing e2fsck options
+  * Add Catalan translation and update Spanish, French, and Dutch
+      translations from the Translation Project.  (Closes: #411562)
+  * Fix typo and clarify the uuidgen man page
+  * Make sure $prefix/etc is created before installing mke2fs.conf
+  * e2fsck: Allow i_size to be rounded up to the size of a VM page
+  * Fix a bug in ext2fs_initialize() which causes mke2fs to fail while
+       allocating inode tables for some relatively rare odd disk sizes.
+  * Fix big-endian byte-swapping bug in ext2fs_swap_inode_full()
+
+ -- Theodore Y. Ts'o <tytso@mit.edu>  Wed, 05 Dec 2007 20:04:28 -0500
+
 e2fsprogs (1.40.2-1) unstable; urgency=low
 
   * New upstream release
diff --git a/e2fsprogs.lsm b/e2fsprogs.lsm
index 10ed8700..22202e92 100644
--- a/e2fsprogs.lsm
+++ b/e2fsprogs.lsm
@@ -1,15 +1,15 @@
 Begin3
 Title:          EXT2 Filesystem utilities
-Version:        1.40
-Entered-date:   24June2007
+Version:        1.40.3
+Entered-date:   05Dec2007
 Description:    The filesystem utilities for the EXT2 filesystem, including 
 		e2fsck, mke2fs, dumpe2fs, fsck, and others.
 Keywords:       utilities, fsck, filesystem, Ext2fs
 Author:         tytso@mit.edu (Theodore Tso)
 Maintained-by:  tytso@mit.edu (Theodore Tso)
 Primary-site:   download.sourceforge.net /pub/sourceforge/e2fsprogs
-		4064kB e2fsprogs-1.40.tar.gz
-		476kB e2fsprogs-libs-1.40.tar.gz
+		3976kB e2fsprogs-1.40.3.tar.gz
+		432kB e2fsprogs-libs-1.40.3.tar.gz
                 1kB   e2fsprogs-1.40.lsm
 Alternate-site: 
 Platforms:	linux 1.2.x/1.3.x/2.0.x/2.1.x/2.2.x/2.3.x/2.4.x/2.5.x/2.6.x
diff --git a/version.h b/version.h
index d0d1d1e1..388e015d 100644
--- a/version.h
+++ b/version.h
@@ -3,9 +3,9 @@
  * programs.
  * 
  * Copyright 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003,
- * 2004, 2005 by Theodore Ts'o.  This file may be redistributed under
- * the GNU Public License.
+ * 2004, 2005, 2006, 2007 by Theodore Ts'o.  This file may be
+ * redistributed under the GNU Public License.
  */
 
-#define E2FSPROGS_VERSION "1.40.2"
-#define E2FSPROGS_DATE "12-Jul-2007"
+#define E2FSPROGS_VERSION "1.40.3"
+#define E2FSPROGS_DATE "05-Dec-2007"