diff --git a/SOURCES/e2fsprogs-1.45.6-Add-checks-for-fs-blocksize-0-which-could-cause-some.patch b/SOURCES/e2fsprogs-1.45.6-Add-checks-for-fs-blocksize-0-which-could-cause-some.patch
new file mode 100644
index 0000000..134b911
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-Add-checks-for-fs-blocksize-0-which-could-cause-some.patch
@@ -0,0 +1,100 @@
+From 0111635ea5798f98665714e161c3c7746184a04b Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Tue, 23 Feb 2021 16:02:42 -0500
+Subject: [PATCH 21/46] Add checks for fs->blocksize == 0 which could cause
+ some crashes
+Content-Type: text/plain
+
+This should never happeb, but some checks is useful, and also fixes
+some Coverity warnings.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ debugfs/do_journal.c | 2 --
+ lib/ext2fs/csum.c | 3 +++
+ lib/ext2fs/ext2_err.et.in | 3 +++
+ lib/ext2fs/inode.c | 4 ++++
+ misc/e2image.c | 5 +++--
+ 5 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/debugfs/do_journal.c b/debugfs/do_journal.c
+index 5091a530..8261fa95 100644
+--- a/debugfs/do_journal.c
++++ b/debugfs/do_journal.c
+@@ -528,8 +528,6 @@ static errcode_t journal_write(journal_t *journal,
+ }
+
+ err = journal_close_trans(&trans);
+- if (err)
+- goto error;
+ error:
+ return err;
+ }
+diff --git a/lib/ext2fs/csum.c b/lib/ext2fs/csum.c
+index 2151003b..28b3bb05 100644
+--- a/lib/ext2fs/csum.c
++++ b/lib/ext2fs/csum.c
+@@ -263,6 +263,9 @@ static errcode_t __get_dirent_tail(ext2_filsys fs,
+ errcode_t retval = 0;
+ __u16 (*translate)(__u16) = (need_swab ? disk_to_host16 : do_nothing16);
+
++ if (fs->blocksize < 1024)
++ return EXT2_FILSYS_CORRUPTED; /* Should never happen */
++
+ d = dirent;
+ top = EXT2_DIRENT_TAIL(dirent, fs->blocksize);
+
+diff --git a/lib/ext2fs/ext2_err.et.in b/lib/ext2fs/ext2_err.et.in
+index 0c76fee6..cf0e00ea 100644
+--- a/lib/ext2fs/ext2_err.et.in
++++ b/lib/ext2fs/ext2_err.et.in
+@@ -548,4 +548,7 @@ ec EXT2_ET_EA_INODE_CORRUPTED,
+ ec EXT2_ET_NO_GDESC,
+ "Group descriptors not loaded"
+
++ec EXT2_FILSYS_CORRUPTED,
++ "The internal ext2_filsys data structure appears to be corrupted"
++
+ end
+diff --git a/lib/ext2fs/inode.c b/lib/ext2fs/inode.c
+index c4377eeb..6f42882e 100644
+--- a/lib/ext2fs/inode.c
++++ b/lib/ext2fs/inode.c
+@@ -144,6 +144,8 @@ errcode_t ext2fs_open_inode_scan(ext2_filsys fs, int buffer_blocks,
+ errcode_t (*save_get_blocks)(ext2_filsys f, ext2_ino_t ino, blk_t *blocks);
+
+ EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS);
++ if (fs->blocksize < 1024)
++ return EXT2_FILSYS_CORRUPTED; /* Should never happen */
+
+ /*
+ * If fs->badblocks isn't set, then set it --- since the inode
+@@ -764,6 +766,8 @@ errcode_t ext2fs_read_inode2(ext2_filsys fs, ext2_ino_t ino,
+ int cache_slot, fail_csum;
+
+ EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS);
++ if (fs->blocksize < 1024)
++ return EXT2_FILSYS_CORRUPTED; /* Should never happen */
+
+ /* Check to see if user has an override function */
+ if (fs->read_inode &&
+diff --git a/misc/e2image.c b/misc/e2image.c
+index 892c5371..195fabb2 100644
+--- a/misc/e2image.c
++++ b/misc/e2image.c
+@@ -892,8 +892,9 @@ static errcode_t initialize_qcow2_image(int fd, ext2_filsys fs,
+ int cluster_bits = get_bits_from_size(fs->blocksize);
+ struct ext2_super_block *sb = fs->super;
+
+- if (fs->blocksize < 1024)
+- return EINVAL; /* Can never happen, but just in case... */
++ /* Sbould never happen, but just in case... */
++ if (cluster_bits < 0)
++ return EXT2_FILSYS_CORRUPTED;
+
+ /* Allocate header */
+ ret = ext2fs_get_memzero(sizeof(struct ext2_qcow2_hdr), &header);
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-Fix-clang-warnings.patch b/SOURCES/e2fsprogs-1.45.6-Fix-clang-warnings.patch
new file mode 100644
index 0000000..f4f696a
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-Fix-clang-warnings.patch
@@ -0,0 +1,104 @@
+From 1466a142efe5b20ddda2ce96c0d409dc294fd1b2 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Sat, 23 Jan 2021 00:57:18 -0500
+Subject: [PATCH 17/46] Fix clang warnings
+Content-Type: text/plain
+
+Clang gets unhappy when passing an unsigned char to string functions.
+For better or for worse we use __u8[] in the definition of the
+superblock. So cast them these to "char *" to prevent clang
+build-time warnings.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ e2fsck/unix.c | 2 +-
+ lib/ext2fs/mmp.c | 8 ++++----
+ misc/e2fuzz.c | 3 ++-
+ misc/mke2fs.c | 4 ++--
+ 4 files changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/e2fsck/unix.c b/e2fsck/unix.c
+index e71d7833..15a73e7c 100644
+--- a/e2fsck/unix.c
++++ b/e2fsck/unix.c
+@@ -1693,7 +1693,7 @@ failure:
+ * or informational messages to the user.
+ */
+ if (ctx->device_name == 0 && sb->s_volume_name[0])
+- ctx->device_name = string_copy(ctx, sb->s_volume_name,
++ ctx->device_name = string_copy(ctx, (char *) sb->s_volume_name,
+ sizeof(sb->s_volume_name));
+
+ if (ctx->device_name == 0)
+diff --git a/lib/ext2fs/mmp.c b/lib/ext2fs/mmp.c
+index e96a2273..973b9ecd 100644
+--- a/lib/ext2fs/mmp.c
++++ b/lib/ext2fs/mmp.c
+@@ -210,11 +210,11 @@ static errcode_t ext2fs_mmp_reset(ext2_filsys fs)
+ mmp_s->mmp_seq = EXT4_MMP_SEQ_CLEAN;
+ mmp_s->mmp_time = 0;
+ #ifdef HAVE_GETHOSTNAME
+- gethostname(mmp_s->mmp_nodename, sizeof(mmp_s->mmp_nodename));
++ gethostname((char *) mmp_s->mmp_nodename, sizeof(mmp_s->mmp_nodename));
+ #else
+ mmp_s->mmp_nodename[0] = '\0';
+ #endif
+- strncpy(mmp_s->mmp_bdevname, fs->device_name,
++ strncpy((char *) mmp_s->mmp_bdevname, fs->device_name,
+ sizeof(mmp_s->mmp_bdevname));
+
+ mmp_s->mmp_check_interval = fs->super->s_mmp_update_interval;
+@@ -352,11 +352,11 @@ clean_seq:
+
+ mmp_s->mmp_seq = seq = ext2fs_mmp_new_seq();
+ #ifdef HAVE_GETHOSTNAME
+- gethostname(mmp_s->mmp_nodename, sizeof(mmp_s->mmp_nodename));
++ gethostname((char *) mmp_s->mmp_nodename, sizeof(mmp_s->mmp_nodename));
+ #else
+ strcpy(mmp_s->mmp_nodename, "unknown host");
+ #endif
+- strncpy(mmp_s->mmp_bdevname, fs->device_name,
++ strncpy((char *) mmp_s->mmp_bdevname, fs->device_name,
+ sizeof(mmp_s->mmp_bdevname));
+
+ retval = ext2fs_mmp_write(fs, fs->super->s_mmp_block, fs->mmp_buf);
+diff --git a/misc/e2fuzz.c b/misc/e2fuzz.c
+index 7c0f776f..65b6ae73 100644
+--- a/misc/e2fuzz.c
++++ b/misc/e2fuzz.c
+@@ -172,7 +172,8 @@ static uint64_t rand_num(uint64_t min, uint64_t max)
+ for (i = 0; i < sizeof(x); i++)
+ px[i] = random();
+
+- return min + (uint64_t)((double)(max - min) * (x / (UINT64_MAX + 1.0)));
++ return min + (uint64_t)((double)(max - min) *
++ (x / ((double) UINT64_MAX + 1.0)));
+ }
+
+ static int process_fs(const char *fsname)
+diff --git a/misc/mke2fs.c b/misc/mke2fs.c
+index 27e7d174..0184a3a8 100644
+--- a/misc/mke2fs.c
++++ b/misc/mke2fs.c
+@@ -3151,7 +3151,7 @@ int main (int argc, char *argv[])
+ if (volume_label) {
+ memset(fs->super->s_volume_name, 0,
+ sizeof(fs->super->s_volume_name));
+- strncpy(fs->super->s_volume_name, volume_label,
++ strncpy((char *) fs->super->s_volume_name, volume_label,
+ sizeof(fs->super->s_volume_name));
+ }
+
+@@ -3161,7 +3161,7 @@ int main (int argc, char *argv[])
+ if (mount_dir) {
+ memset(fs->super->s_last_mounted, 0,
+ sizeof(fs->super->s_last_mounted));
+- strncpy(fs->super->s_last_mounted, mount_dir,
++ strncpy((char *) fs->super->s_last_mounted, mount_dir,
+ sizeof(fs->super->s_last_mounted));
+ }
+
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-append_pathname-check-the-value-returned-by-realloc.patch b/SOURCES/e2fsprogs-1.45.6-append_pathname-check-the-value-returned-by-realloc.patch
new file mode 100644
index 0000000..cfcc1f1
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-append_pathname-check-the-value-returned-by-realloc.patch
@@ -0,0 +1,48 @@
+From c74301ce5020c499445eb5c32bd70e4a1099a62d Mon Sep 17 00:00:00 2001
+From: wuguanghao <wuguanghao3@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:18 +0800
+Subject: [PATCH 29/46] append_pathname: check the value returned by realloc
+Content-Type: text/plain
+
+In append_pathname(), we need to add a new path to save the value
+returned by realloc, otherwise the name->path may be NULL, causing
+a segfault.
+
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ contrib/fsstress.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/fsstress.c b/contrib/fsstress.c
+index 2a983482..2136a903 100644
+--- a/contrib/fsstress.c
++++ b/contrib/fsstress.c
+@@ -599,6 +599,7 @@ void add_to_flist(int ft, int id, int parent)
+ void append_pathname(pathname_t * name, char *str)
+ {
+ int len;
++ char *path;
+
+ len = strlen(str);
+ #ifdef DEBUG
+@@ -609,7 +610,13 @@ void append_pathname(pathname_t * name, char *str)
+
+ }
+ #endif
+- name->path = realloc(name->path, name->len + 1 + len);
++ path = realloc(name->path, name->len + 1 + len);
++ if (path == NULL) {
++ fprintf(stderr, "fsstress: append_pathname realloc failed\n");
++ chdir(homedir);
++ abort();
++ }
++ name->path = path;
+ strcpy(&name->path[name->len], str);
+ name->len += len;
+ }
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-argv_parse-check-return-value-of-malloc-in-argv_pars.patch b/SOURCES/e2fsprogs-1.45.6-argv_parse-check-return-value-of-malloc-in-argv_pars.patch
new file mode 100644
index 0000000..11816ee
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-argv_parse-check-return-value-of-malloc-in-argv_pars.patch
@@ -0,0 +1,34 @@
+From 9e298ba470a6abc7d94fe659cf65fcb0b993c0b8 Mon Sep 17 00:00:00 2001
+From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:19 +0800
+Subject: [PATCH 30/46] argv_parse: check return value of malloc in
+ argv_parse()
+Content-Type: text/plain
+
+In argv_parse(), return value of malloc should be checked
+whether it is NULL, otherwise, it may cause a segfault error.
+
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/support/argv_parse.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/support/argv_parse.c b/lib/support/argv_parse.c
+index d22f6344..1f50f9e5 100644
+--- a/lib/support/argv_parse.c
++++ b/lib/support/argv_parse.c
+@@ -116,6 +116,8 @@ int argv_parse(char *in_buf, int *ret_argc, char ***ret_argv)
+ if (argv == 0) {
+ argv = malloc(sizeof(char *));
+ free(buf);
++ if (!argv)
++ return -1;
+ }
+ argv[argc] = 0;
+ if (ret_argc)
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-create_inode-set-xattrs-to-the-root-directory-as-wel.patch b/SOURCES/e2fsprogs-1.45.6-create_inode-set-xattrs-to-the-root-directory-as-wel.patch
new file mode 100644
index 0000000..00eab72
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-create_inode-set-xattrs-to-the-root-directory-as-wel.patch
@@ -0,0 +1,47 @@
+From ade5263a516e4081abc14f63a73a5e0a96bb3f71 Mon Sep 17 00:00:00 2001
+From: Antoine Tenart <antoine.tenart@bootlin.com>
+Date: Fri, 17 Jul 2020 12:08:46 +0200
+Subject: [PATCH 13/46] create_inode: set xattrs to the root directory as well
+Content-Type: text/plain
+
+populate_fs do copy the xattrs for all files and directories, but the
+root directory is skipped and as a result its extended attributes aren't
+set. This is an issue when using mkfs to build a full system image that
+can be used with SElinux in enforcing mode without making any runtime
+fix at first boot.
+
+This patch adds logic to set the root directory's extended attributes.
+
+Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ misc/create_inode.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/misc/create_inode.c b/misc/create_inode.c
+index 837f3875..6f8487b9 100644
+--- a/misc/create_inode.c
++++ b/misc/create_inode.c
+@@ -1050,9 +1050,17 @@ errcode_t populate_fs2(ext2_filsys fs, ext2_ino_t parent_ino,
+ file_info.path_max_len = 255;
+ file_info.path = calloc(file_info.path_max_len, 1);
+
++ retval = set_inode_xattr(fs, root, source_dir);
++ if (retval) {
++ com_err(__func__, retval,
++ _("while copying xattrs on root directory"));
++ goto out;
++ }
++
+ retval = __populate_fs(fs, parent_ino, source_dir, root, &hdlinks,
+ &file_info, fs_callbacks);
+
++out:
+ free(file_info.path);
+ free(hdlinks.hdl);
+ return retval;
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-debugfs-fix-double-free-in-realloc-error-path-in-rea.patch b/SOURCES/e2fsprogs-1.45.6-debugfs-fix-double-free-in-realloc-error-path-in-rea.patch
new file mode 100644
index 0000000..1ca7351
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-debugfs-fix-double-free-in-realloc-error-path-in-rea.patch
@@ -0,0 +1,35 @@
+From 4126c63885388e568ade780e9fed6ede37faf978 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 21 Jan 2021 16:01:14 -0500
+Subject: [PATCH 16/46] debugfs: fix double free in realloc() error path in
+ read_list()
+Content-Type: text/plain
+
+Fixes-Coverity-Bug: 1464575
+Fixes-Coverity-Bug: 1464571
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ debugfs/util.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/debugfs/util.c b/debugfs/util.c
+index 759bb392..091f6f65 100644
+--- a/debugfs/util.c
++++ b/debugfs/util.c
+@@ -545,10 +545,8 @@ errcode_t read_list(char *str, blk64_t **list, size_t *len)
+ goto err;
+ }
+ l = realloc(lst, sizeof(blk64_t) * (ln + y - x + 1));
+- if (l == NULL) {
+- retval = ENOMEM;
+- goto err;
+- }
++ if (l == NULL)
++ return ENOMEM;
+ lst = l;
+ for (; x <= y; x++)
+ lst[ln++] = x;
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-debugfs-fix-memory-allocation-failures-when-parsing-.patch b/SOURCES/e2fsprogs-1.45.6-debugfs-fix-memory-allocation-failures-when-parsing-.patch
new file mode 100644
index 0000000..624db65
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-debugfs-fix-memory-allocation-failures-when-parsing-.patch
@@ -0,0 +1,92 @@
+From b31f493cadc92023056a096d0281957c49fca22c Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Fri, 12 Feb 2021 21:43:00 -0500
+Subject: [PATCH 19/46] debugfs: fix memory allocation failures when parsing
+ journal_write arguments
+Content-Type: text/plain
+
+Fix double-free issues when parsing an invalid journal_write command,
+such as: "journal_write -b 12 -b BAD -b 42".
+
+Addresses-Coverity-Bug: 1464571
+Addresses-Coverity-Bug: 1464575
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ debugfs/do_journal.c | 8 ++++++--
+ debugfs/util.c | 15 +++++++--------
+ 2 files changed, 13 insertions(+), 10 deletions(-)
+
+diff --git a/debugfs/do_journal.c b/debugfs/do_journal.c
+index 15ef6829..5091a530 100644
+--- a/debugfs/do_journal.c
++++ b/debugfs/do_journal.c
+@@ -554,15 +554,19 @@ void do_journal_write(int argc, char *argv[], int sci_idx EXT2FS_ATTR((unused)),
+ switch (opt) {
+ case 'b':
+ err = read_list(optarg, &blist, &bn);
+- if (err)
++ if (err) {
+ com_err(argv[0], err,
+ "while reading block list");
++ goto out;
++ }
+ break;
+ case 'r':
+ err = read_list(optarg, &rlist, &rn);
+- if (err)
++ if (err) {
+ com_err(argv[0], err,
+ "while reading revoke list");
++ goto out;
++ }
+ break;
+ case 'c':
+ flags |= JOURNAL_WRITE_NO_COMMIT;
+diff --git a/debugfs/util.c b/debugfs/util.c
+index 091f6f65..bbb20ff6 100644
+--- a/debugfs/util.c
++++ b/debugfs/util.c
+@@ -521,7 +521,7 @@ errcode_t read_list(char *str, blk64_t **list, size_t *len)
+ blk64_t *lst = *list;
+ size_t ln = *len;
+ char *tok, *p = str;
+- errcode_t retval;
++ errcode_t retval = 0;
+
+ while ((tok = strtok(p, ","))) {
+ blk64_t *l;
+@@ -538,15 +538,17 @@ errcode_t read_list(char *str, blk64_t **list, size_t *len)
+ return errno;
+ } else if (*e != 0) {
+ retval = EINVAL;
+- goto err;
++ break;
+ }
+ if (y < x) {
+ retval = EINVAL;
+- goto err;
++ break;
+ }
+ l = realloc(lst, sizeof(blk64_t) * (ln + y - x + 1));
+- if (l == NULL)
+- return ENOMEM;
++ if (l == NULL) {
++ retval = ENOMEM;
++ break;
++ }
+ lst = l;
+ for (; x <= y; x++)
+ lst[ln++] = x;
+@@ -555,8 +557,5 @@ errcode_t read_list(char *str, blk64_t **list, size_t *len)
+
+ *list = lst;
+ *len = ln;
+- return 0;
+-err:
+- free(lst);
+ return retval;
+ }
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-debugfs-fix-memory-leak-problem-in-read_list.patch b/SOURCES/e2fsprogs-1.45.6-debugfs-fix-memory-leak-problem-in-read_list.patch
new file mode 100644
index 0000000..5847307
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-debugfs-fix-memory-leak-problem-in-read_list.patch
@@ -0,0 +1,46 @@
+From 9221fb77a7187957ed84e45bf6ad6f5e37755e5c Mon Sep 17 00:00:00 2001
+From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Date: Sat, 20 Feb 2021 16:41:29 +0800
+Subject: [PATCH 22/46] debugfs: fix memory leak problem in read_list()
+Content-Type: text/plain
+
+In read_list func, if strtoull() fails in while loop,
+we will return the error code directly. Then, memory of
+variable lst will be leaked without setting to *list.
+
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: linfeilong <linfeilong@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ debugfs/util.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/debugfs/util.c b/debugfs/util.c
+index bbb20ff6..37620295 100644
+--- a/debugfs/util.c
++++ b/debugfs/util.c
+@@ -530,12 +530,16 @@ errcode_t read_list(char *str, blk64_t **list, size_t *len)
+
+ errno = 0;
+ y = x = strtoull(tok, &e, 0);
+- if (errno)
+- return errno;
++ if (errno) {
++ retval = errno;
++ break;
++ }
+ if (*e == '-') {
+ y = strtoull(e + 1, NULL, 0);
+- if (errno)
+- return errno;
++ if (errno) {
++ retval = errno;
++ break;
++ }
+ } else if (*e != 0) {
+ retval = EINVAL;
+ break;
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-debugfs-fix-parse_uint-for-64-bit-fields.patch b/SOURCES/e2fsprogs-1.45.6-debugfs-fix-parse_uint-for-64-bit-fields.patch
new file mode 100644
index 0000000..f84eec3
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-debugfs-fix-parse_uint-for-64-bit-fields.patch
@@ -0,0 +1,54 @@
+From c78e3e170a63bb1804b47d4f5a6652aad0e4d3b2 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Tue, 6 Oct 2020 08:29:09 -0400
+Subject: [PATCH 12/46] debugfs: fix parse_uint for 64-bit fields
+Content-Type: text/plain
+
+The logic for handling 64-bit structure elements was reversed, which
+caused attempts to set fields like kbytes_written to fail:
+
+ % debugfs -w /tmp/foo.img
+ debugfs 1.45.6 (20-Mar-2020)
+ debugfs: set_super_value kbytes_written 1024
+ 64-bit field kbytes_written has a second 64-bit field
+ defined; BUG?!?
+
+https://github.com/tytso/e2fsprogs/issues/36
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ debugfs/set_fields.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/debugfs/set_fields.c b/debugfs/set_fields.c
+index 5142554d..281f2c5d 100644
+--- a/debugfs/set_fields.c
++++ b/debugfs/set_fields.c
+@@ -487,10 +487,7 @@ static errcode_t parse_uint(struct field_set_info *info, char *field,
+ n = num & mask;
+ switch (size) {
+ case 8:
+- /* Should never get here */
+- fprintf(stderr, "64-bit field %s has a second 64-bit field\n"
+- "defined; BUG?!?\n", info->name);
+- *u.ptr64 = 0;
++ *u.ptr64 = n;
+ break;
+ case 4:
+ *u.ptr32 = n;
+@@ -510,7 +507,10 @@ static errcode_t parse_uint(struct field_set_info *info, char *field,
+ size = 2;
+ switch (size) {
+ case 8:
+- *u.ptr64 = n;
++ /* Should never get here */
++ fprintf(stderr, "64-bit field %s has a second 64-bit field\n"
++ "defined; BUG?!?\n", info->name);
++ *u.ptr64 = 0;
+ break;
+ case 4:
+ *u.ptr32 = n;
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-e2fsck-add-maximum-string-length-specifiers-to-fscan.patch b/SOURCES/e2fsprogs-1.45.6-e2fsck-add-maximum-string-length-specifiers-to-fscan.patch
new file mode 100644
index 0000000..6a77f19
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-e2fsck-add-maximum-string-length-specifiers-to-fscan.patch
@@ -0,0 +1,42 @@
+From c9d064c7a4e4ffbfaf95098c57381ee5394a1346 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Tue, 10 Aug 2021 15:36:46 -0400
+Subject: [PATCH 45/46] e2fsck: add maximum string length specifiers to fscanf
+ format strings
+Content-Type: text/plain
+
+When parsing strings from /proc/apm and /proc/acpi/ac_adapter, add
+string length limits to prevent possible buffer overruns.
+
+Addresses-Coverty-Bug: 1297496
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ e2fsck/unix.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/e2fsck/unix.c b/e2fsck/unix.c
+index 15a73e7c..ddd384b1 100644
+--- a/e2fsck/unix.c
++++ b/e2fsck/unix.c
+@@ -302,7 +302,7 @@ static int is_on_batt(void)
+ }
+ f = fopen("/proc/apm", "r");
+ if (f) {
+- if (fscanf(f, "%s %s %s %x", tmp, tmp, tmp, &acflag) != 4)
++ if (fscanf(f, "%79s %79s %79s %x", tmp, tmp, tmp, &acflag) != 4)
+ acflag = 1;
+ fclose(f);
+ return (acflag != 1);
+@@ -318,7 +318,7 @@ static int is_on_batt(void)
+ f = fopen(fname, "r");
+ if (!f)
+ continue;
+- if (fscanf(f, "%s %s", tmp2, tmp) != 2)
++ if (fscanf(f, "%79s %79s", tmp2, tmp) != 2)
+ tmp[0] = 0;
+ fclose(f);
+ if (strncmp(tmp, "off-line", 8) == 0) {
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-e2fsck-fix-indexed-dir-rehash-failure-with-metadata_.patch b/SOURCES/e2fsprogs-1.45.6-e2fsck-fix-indexed-dir-rehash-failure-with-metadata_.patch
new file mode 100644
index 0000000..31af3a6
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-e2fsck-fix-indexed-dir-rehash-failure-with-metadata_.patch
@@ -0,0 +1,43 @@
+From 5ddac7d248ad346b80702a397c886df4d1ec4f08 Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Thu, 13 Feb 2020 11:15:57 +0100
+Subject: [PATCH 05/46] e2fsck: fix indexed dir rehash failure with
+ metadata_csum enabled
+Content-Type: text/plain
+
+E2fsck directory rehashing code can fail with ENOSPC due to a bug in
+ext2fs_htree_intnode_maxrecs() which fails to take metadata checksum
+into account and thus e.g. e2fsck can decide to create 1 indirect level
+of index tree when two are actually needed. Fix the logic to account for
+metadata checksum.
+
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ext2fs/ext2fs.h | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ext2fs/ext2fs.h b/lib/ext2fs/ext2fs.h
+index 32c75171..d9aec525 100644
+--- a/lib/ext2fs/ext2fs.h
++++ b/lib/ext2fs/ext2fs.h
+@@ -2040,7 +2040,13 @@ _INLINE_ blk_t ext2fs_inode_data_blocks(ext2_filsys fs,
+
+ _INLINE_ int ext2fs_htree_intnode_maxrecs(ext2_filsys fs, int blocks)
+ {
+- return blocks * ((fs->blocksize - 8) / sizeof(struct ext2_dx_entry));
++ int csum_size = 0;
++
++ if ((EXT2_SB(fs->super)->s_feature_ro_compat &
++ EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) != 0)
++ csum_size = sizeof(struct ext2_dx_tail);
++ return blocks * ((fs->blocksize - (8 + csum_size)) /
++ sizeof(struct ext2_dx_entry));
+ }
+
+ /*
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-e2fsck-fix-last-mount-write-time-when-e2fsck-is-forc.patch b/SOURCES/e2fsprogs-1.45.6-e2fsck-fix-last-mount-write-time-when-e2fsck-is-forc.patch
new file mode 100644
index 0000000..8babe73
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-e2fsck-fix-last-mount-write-time-when-e2fsck-is-forc.patch
@@ -0,0 +1,64 @@
+From b93c62c3d46ed363a88668d41a87500eb5d29f98 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Mon, 14 Jun 2021 15:27:25 +0200
+Subject: [PATCH 26/46] e2fsck: fix last mount/write time when e2fsck is forced
+Content-Type: text/plain
+
+With commit c52d930f e2fsck is no longer able to fix bad last
+mount/write time by default because it is conditioned on s_checkinterval
+not being zero, which it is by default.
+
+One place where it matters is when other e2fsprogs tools require to run
+full file system check before a certain operation. If the last mount
+time is for any reason in future, it will not allow it to run even if
+full e2fsck is ran.
+
+Fix it by checking the last mount/write time when the e2fsck is forced,
+except for the case where we know the system clock is broken.
+
+[ Reworked the conditionals so error messages claiming that the last
+ write/mount time were corrupted wouldn't be always printed when the
+ e2fsck was run with the -f option, thus causing 299 out of 372
+ regression tests to fail. -- TYT ]
+
+Fixes: c52d930f ("e2fsck: don't check for future superblock times if checkinterval == 0")
+Reported-by: Dusty Mabe <dustymabe@redhat.com>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ e2fsck/super.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/e2fsck/super.c b/e2fsck/super.c
+index e1c3f935..31e2ffb2 100644
+--- a/e2fsck/super.c
++++ b/e2fsck/super.c
+@@ -1038,9 +1038,9 @@ void check_super_block(e2fsck_t ctx)
+ * Check to see if the superblock last mount time or last
+ * write time is in the future.
+ */
+- if (!broken_system_clock && fs->super->s_checkinterval &&
+- !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
+- fs->super->s_mtime > (__u32) ctx->now) {
++ if (((ctx->options & E2F_OPT_FORCE) || fs->super->s_checkinterval) &&
++ !broken_system_clock && !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
++ (fs->super->s_mtime > (__u32) ctx->now)) {
+ pctx.num = fs->super->s_mtime;
+ problem = PR_0_FUTURE_SB_LAST_MOUNT;
+ if (fs->super->s_mtime <= (__u32) ctx->now + ctx->time_fudge)
+@@ -1050,9 +1050,9 @@ void check_super_block(e2fsck_t ctx)
+ fs->flags |= EXT2_FLAG_DIRTY;
+ }
+ }
+- if (!broken_system_clock && fs->super->s_checkinterval &&
+- !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
+- fs->super->s_wtime > (__u32) ctx->now) {
++ if (((ctx->options & E2F_OPT_FORCE) || fs->super->s_checkinterval) &&
++ !broken_system_clock && !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
++ (fs->super->s_wtime > (__u32) ctx->now)) {
+ pctx.num = fs->super->s_wtime;
+ problem = PR_0_FUTURE_SB_LAST_WRITE;
+ if (fs->super->s_wtime <= (__u32) ctx->now + ctx->time_fudge)
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-e2fsck-fix-off-by-one-check-when-validating-depth-of.patch b/SOURCES/e2fsprogs-1.45.6-e2fsck-fix-off-by-one-check-when-validating-depth-of.patch
new file mode 100644
index 0000000..d674ef2
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-e2fsck-fix-off-by-one-check-when-validating-depth-of.patch
@@ -0,0 +1,31 @@
+From 669a17d35cdfd9cf5b76e97016fae2df2d72e768 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Fri, 10 Apr 2020 00:30:52 -0400
+Subject: [PATCH 07/46] e2fsck: fix off-by-one check when validating depth of
+ an htree
+Content-Type: text/plain
+
+Fixes: 3f0cf6475399 ("e2fsprogs: add support for 3-level htree")
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ e2fsck/pass1.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/e2fsck/pass1.c b/e2fsck/pass1.c
+index c9e8bf82..38afda48 100644
+--- a/e2fsck/pass1.c
++++ b/e2fsck/pass1.c
+@@ -2685,7 +2685,7 @@ static int handle_htree(e2fsck_t ctx, struct problem_context *pctx,
+ return 1;
+
+ pctx->num = root->indirect_levels;
+- if ((root->indirect_levels > ext2_dir_htree_level(fs)) &&
++ if ((root->indirect_levels >= ext2_dir_htree_level(fs)) &&
+ fix_problem(ctx, PR_1_HTREE_DEPTH, pctx))
+ return 1;
+
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-e2fsck-use-size_t-instead-of-int-in-string_copy.patch b/SOURCES/e2fsprogs-1.45.6-e2fsck-use-size_t-instead-of-int-in-string_copy.patch
new file mode 100644
index 0000000..4f1f2e2
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-e2fsck-use-size_t-instead-of-int-in-string_copy.patch
@@ -0,0 +1,47 @@
+From 8a97e4f67f75a4584f7562b7e5d866431c88152e Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Fri, 5 Jun 2020 10:14:40 +0200
+Subject: [PATCH 09/46] e2fsck: use size_t instead of int in string_copy()
+Content-Type: text/plain
+
+len argument in string_copy() is int, but it is used with malloc(),
+strlen(), strncpy() and some callers use sizeof() to pass value in. So
+it really ought to be size_t rather than int. Fix it.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ e2fsck/e2fsck.h | 2 +-
+ e2fsck/util.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/e2fsck/e2fsck.h b/e2fsck/e2fsck.h
+index feb605c7..7e0895c2 100644
+--- a/e2fsck/e2fsck.h
++++ b/e2fsck/e2fsck.h
+@@ -608,7 +608,7 @@ extern void log_err(e2fsck_t ctx, const char *fmt, ...)
+ extern void e2fsck_read_bitmaps(e2fsck_t ctx);
+ extern void e2fsck_write_bitmaps(e2fsck_t ctx);
+ extern void preenhalt(e2fsck_t ctx);
+-extern char *string_copy(e2fsck_t ctx, const char *str, int len);
++extern char *string_copy(e2fsck_t ctx, const char *str, size_t len);
+ extern int fs_proc_check(const char *fs_name);
+ extern int check_for_modules(const char *fs_name);
+ #ifdef RESOURCE_TRACK
+diff --git a/e2fsck/util.c b/e2fsck/util.c
+index d98b8e47..88e0ea8a 100644
+--- a/e2fsck/util.c
++++ b/e2fsck/util.c
+@@ -135,7 +135,7 @@ void *e2fsck_allocate_memory(e2fsck_t ctx, unsigned long size,
+ }
+
+ char *string_copy(e2fsck_t ctx EXT2FS_ATTR((unused)),
+- const char *str, int len)
++ const char *str, size_t len)
+ {
+ char *ret;
+
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-e2image-fix-overflow-in-l2-table-processing.patch b/SOURCES/e2fsprogs-1.45.6-e2image-fix-overflow-in-l2-table-processing.patch
new file mode 100644
index 0000000..3862507
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-e2image-fix-overflow-in-l2-table-processing.patch
@@ -0,0 +1,38 @@
+From 1a97380b1cc4d167697e31e5fb663e805629c1ab Mon Sep 17 00:00:00 2001
+From: Artem Blagodarenko <artem.blagodarenko@gmail.com>
+Date: Thu, 22 Apr 2021 01:24:48 -0400
+Subject: [PATCH 25/46] e2image: fix overflow in l2 table processing
+Content-Type: text/plain
+
+For a large partition during e2image capture process
+it is possible to overflow offset at multiply operation.
+This leads to the situation when data is written to the
+position at the start of the image instead of the image end.
+
+Let's use the right cast to avoid integer overflow.
+
+Signed-off-by: Alexey Lyashkov <c17817@cray.com>
+Signed-off-by: Artem Blagodarenko <c17828@cray.com>
+HPE-bug-id: LUS-9368
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ext2fs/qcow2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/ext2fs/qcow2.c b/lib/ext2fs/qcow2.c
+index ee701f7a..20824170 100644
+--- a/lib/ext2fs/qcow2.c
++++ b/lib/ext2fs/qcow2.c
+@@ -238,7 +238,7 @@ int qcow2_write_raw_image(int qcow2_fd, int raw_fd,
+ if (offset == 0)
+ continue;
+
+- off_out = (l1_index * img.l2_size) +
++ off_out = ((__u64)l1_index * img.l2_size) +
+ l2_index;
+ off_out <<= img.cluster_bits;
+ ret = qcow2_copy_data(qcow2_fd, raw_fd, offset,
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-ext2ed-fix-potential-NULL-pointer-dereference-in-dup.patch b/SOURCES/e2fsprogs-1.45.6-ext2ed-fix-potential-NULL-pointer-dereference-in-dup.patch
new file mode 100644
index 0000000..bb6b713
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-ext2ed-fix-potential-NULL-pointer-dereference-in-dup.patch
@@ -0,0 +1,34 @@
+From c0a66f76f9c5b2ed0c2f20d1b59b4715f10a60f7 Mon Sep 17 00:00:00 2001
+From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:24 +0800
+Subject: [PATCH 33/46] ext2ed: fix potential NULL pointer dereference in
+ dupstr()
+Content-Type: text/plain
+
+In dupstr(), we should check return value of malloc().
+
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Reviewed-by: Wu Bo <wubo40@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ ext2ed/main.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ext2ed/main.c b/ext2ed/main.c
+index f7e7d7df..9d33a8e1 100644
+--- a/ext2ed/main.c
++++ b/ext2ed/main.c
+@@ -524,6 +524,8 @@ char *dupstr (char *src)
+ char *ptr;
+
+ ptr=(char *) malloc (strlen (src)+1);
++ if (!ptr)
++ return NULL;
+ strcpy (ptr,src);
+ return (ptr);
+ }
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-filefrag-handle-invalid-st_dev-and-blksize-cases.patch b/SOURCES/e2fsprogs-1.45.6-filefrag-handle-invalid-st_dev-and-blksize-cases.patch
new file mode 100644
index 0000000..a05c390
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-filefrag-handle-invalid-st_dev-and-blksize-cases.patch
@@ -0,0 +1,54 @@
+From 381bc5d98b2a8a65b1f559e31e67361a761aefee Mon Sep 17 00:00:00 2001
+From: Luis Henriques <lhenriques@suse.de>
+Date: Wed, 28 Oct 2020 15:55:50 +0000
+Subject: [PATCH 14/46] filefrag: handle invalid st_dev and blksize cases
+Content-Type: text/plain
+
+It is possible to crash filefrag with a "Floating point exception" in
+two different scenarios:
+
+1. When fstat() returns a device ID set to 0
+2. When FIGETBSZ ioctl returns a blocksize of 0
+
+In both scenarios a divide-by-zero will occur in frag_report() because
+variable blksize will be set to zero.
+
+I've managed to trigger this crash with an old CephFS kernel client,
+using xfstest generic/519. The first scenario has been fixed by kernel
+commit 75c9627efb72 ("ceph: map snapid to anonymous bdev ID"). The
+second scenario is also fixed with commit 8f97d1e99149 ("vfs: fix
+FIGETBSZ ioctl on an overlayfs file").
+
+However, it is desirable to handle these two scenarios gracefully by
+checking these conditions explicitly.
+
+Signed-off-by: Luis Henriques <lhenriques@suse.de>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ misc/filefrag.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/misc/filefrag.c b/misc/filefrag.c
+index 032535f3..a5b9bfe9 100644
+--- a/misc/filefrag.c
++++ b/misc/filefrag.c
+@@ -418,13 +418,13 @@ static int frag_report(const char *filename)
+ goto out_close;
+ }
+
+- if (last_device != st.st_dev) {
++ if ((last_device != st.st_dev) || !st.st_dev) {
+ if (fstatfs(fd, &fsinfo) < 0) {
+ rc = -errno;
+ perror("fstatfs");
+ goto out_close;
+ }
+- if (ioctl(fd, FIGETBSZ, &blksize) < 0)
++ if ((ioctl(fd, FIGETBSZ, &blksize) < 0) || !blksize)
+ blksize = fsinfo.f_bsize;
+ if (verbose)
+ printf("Filesystem type is: %lx\n",
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-lib-ss-error.c-check-return-value-malloc-in-ss_name.patch b/SOURCES/e2fsprogs-1.45.6-lib-ss-error.c-check-return-value-malloc-in-ss_name.patch
new file mode 100644
index 0000000..b476690
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-lib-ss-error.c-check-return-value-malloc-in-ss_name.patch
@@ -0,0 +1,33 @@
+From 693c06539f0c168c6edf32d25b4c64835a1e3f31 Mon Sep 17 00:00:00 2001
+From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:21 +0800
+Subject: [PATCH 32/46] lib/ss/error.c: check return value malloc in ss_name()
+Content-Type: text/plain
+
+In ss_name(), we should check return value of malloc(),
+otherwise, it may cause a segmentation fault problem.
+
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ss/error.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/ss/error.c b/lib/ss/error.c
+index 8d345a9f..656b71be 100644
+--- a/lib/ss/error.c
++++ b/lib/ss/error.c
+@@ -42,6 +42,8 @@ char *ss_name(int sci_idx)
+ (strlen(infop->subsystem_name)+
+ strlen(infop->current_request)+
+ 4));
++ if (ret_val == (char *)NULL)
++ return ((char *)NULL);
+ cp = ret_val;
+ cp1 = infop->subsystem_name;
+ while (*cp1)
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libext2fs-add-sanity-check-to-extent-manipulation.patch b/SOURCES/e2fsprogs-1.45.6-libext2fs-add-sanity-check-to-extent-manipulation.patch
new file mode 100644
index 0000000..fa47b22
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libext2fs-add-sanity-check-to-extent-manipulation.patch
@@ -0,0 +1,56 @@
+From 265fcf9204fd06f574578ebe780f24e62bac2e86 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Thu, 21 Apr 2022 19:31:48 +0200
+Subject: [PATCH 1/2] libext2fs: add sanity check to extent manipulation
+Content-Type: text/plain
+
+It is possible to have a corrupted extent tree in such a way that a leaf
+node contains zero extents in it. Currently if that happens and we try
+to traverse the tree we can end up accessing wrong data, or possibly
+even uninitialized memory. Make sure we don't do that.
+
+Additionally make sure that we have a sane number of bytes passed to
+memmove() in ext2fs_extent_delete().
+
+Note that e2fsck is currently unable to spot and fix such corruption in
+pass1.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Reported-by: Nils Bars <nils_bars@t-online.de>
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2068113
+Addresses: CVE-2022-1304
+Addresses-Debian-Bug: #1010263
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/extent.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c
+index ac3dbfec..a1b1905c 100644
+--- a/lib/ext2fs/extent.c
++++ b/lib/ext2fs/extent.c
+@@ -495,6 +495,10 @@ retry:
+ ext2fs_le16_to_cpu(eh->eh_entries);
+ newpath->max_entries = ext2fs_le16_to_cpu(eh->eh_max);
+
++ /* Make sure there is at least one extent present */
++ if (newpath->left <= 0)
++ return EXT2_ET_EXTENT_NO_DOWN;
++
+ if (path->left > 0) {
+ ix++;
+ newpath->end_blk = ext2fs_le32_to_cpu(ix->ei_block);
+@@ -1630,6 +1634,10 @@ errcode_t ext2fs_extent_delete(ext2_extent_handle_t handle, int flags)
+
+ cp = path->curr;
+
++ /* Sanity check before memmove() */
++ if (path->left < 0)
++ return EXT2_ET_EXTENT_LEAF_BAD;
++
+ if (path->left) {
+ memmove(cp, cp + sizeof(struct ext3_extent_idx),
+ path->left * sizeof(struct ext3_extent_idx));
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libext2fs-don-t-needlessly-byte-swap-the-group-descr.patch b/SOURCES/e2fsprogs-1.45.6-libext2fs-don-t-needlessly-byte-swap-the-group-descr.patch
new file mode 100644
index 0000000..c88f9a3
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libext2fs-don-t-needlessly-byte-swap-the-group-descr.patch
@@ -0,0 +1,58 @@
+From 1aecdcc5c805e5e2114dd14877e9e1771fb519bf Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 16 Jan 2020 19:17:26 -0500
+Subject: [PATCH 04/46] libext2fs: don't needlessly byte swap the group
+ descriptors in ext2fs_flush
+Content-Type: text/plain
+
+If the EXT2_FLAG_SUPER_ONLY is set, there's no reason to allocate the
+shadow block group descriptors and byte swap the group descriptors.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ext2fs/closefs.c | 24 ++++++++++++++----------
+ 1 file changed, 14 insertions(+), 10 deletions(-)
+
+diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c
+index 6814cdc3..69cbdd8c 100644
+--- a/lib/ext2fs/closefs.c
++++ b/lib/ext2fs/closefs.c
+@@ -331,20 +331,24 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
+ #ifdef WORDS_BIGENDIAN
+ retval = EXT2_ET_NO_MEMORY;
+ retval = ext2fs_get_mem(SUPERBLOCK_SIZE, &super_shadow);
+- if (retval)
+- goto errout;
+- retval = ext2fs_get_array(fs->desc_blocks, fs->blocksize,
+- &group_shadow);
+ if (retval)
+ goto errout;
+ memcpy(super_shadow, fs->super, sizeof(struct ext2_super_block));
+- memcpy(group_shadow, fs->group_desc, (size_t) fs->blocksize *
+- fs->desc_blocks);
+-
+ ext2fs_swap_super(super_shadow);
+- for (j = 0; j < fs->group_desc_count; j++) {
+- gdp = ext2fs_group_desc(fs, group_shadow, j);
+- ext2fs_swap_group_desc2(fs, gdp);
++
++ if (((fs->flags & EXT2_FLAG_SUPER_ONLY) == 0) &&
++ !ext2fs_has_feature_journal_dev(fs->super)) {
++ retval = ext2fs_get_array(fs->desc_blocks, fs->blocksize,
++ &group_shadow);
++ if (retval)
++ goto errout;
++ memcpy(group_shadow, fs->group_desc, (size_t) fs->blocksize *
++ fs->desc_blocks);
++
++ for (j = 0; j < fs->group_desc_count; j++) {
++ gdp = ext2fs_group_desc(fs, group_shadow, j);
++ ext2fs_swap_group_desc2(fs, gdp);
++ }
+ }
+ #else
+ super_shadow = fs->super;
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-crash-in-ext2fs_image_super_write-on-B.patch b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-crash-in-ext2fs_image_super_write-on-B.patch
new file mode 100644
index 0000000..c4f4dab
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-crash-in-ext2fs_image_super_write-on-B.patch
@@ -0,0 +1,69 @@
+From 20a8dbefbc0510430aa7744692221b843b657f62 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Tue, 14 Jan 2020 10:58:10 -0500
+Subject: [PATCH 02/46] libext2fs: fix crash in ext2fs_image_super_write() on
+ Big Endian systems
+Content-Type: text/plain
+
+This is a similar fix as c9a8c53b17cc ("libext2fs: fix crash in
+ext2fs_open2() on Big Endian systems").
+
+Commit e6069a05: ("Teach ext2fs_open2() to honor the
+EXT2_FLAG_SUPER_ONLY flag") changed how the function
+ext2fs_group_desc() handled a request for a gdp pointer for a group
+larger than the number of groups in the file system; it now returns
+NULL, instead of returning a pointer beyond the end of the array.
+
+Previously, the ext2fs_imager_super_write() function would swap all of
+the block group descriptors in a block, even if they are beyond the
+end of the file system. This was OK, since we were not overrunning
+the allocated memory, since it was rounded to a block boundary. But
+now that ext2fs_group_desc() would return NULL for those gdp, it would
+cause ext2fs_open2(), when it was byte swapping the block group
+descriptors on Big Endian systems, to dereference a null pointer and
+crash.
+
+This commit adds a NULL pointer check to avoid byte swapping those
+block group descriptors in a bg descriptor block, but which are beyond
+the end of the file system, to address this crash.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reported-by: Anatoly Pugachev <matorola@gmail.com>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ext2fs/imager.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lib/ext2fs/imager.c b/lib/ext2fs/imager.c
+index b3ede9a8..f8d67d86 100644
+--- a/lib/ext2fs/imager.c
++++ b/lib/ext2fs/imager.c
+@@ -249,10 +249,10 @@ errcode_t ext2fs_image_super_write(ext2_filsys fs, int fd,
+ * if needed
+ */
+ groups_per_block = EXT2_DESC_PER_BLOCK(fs->super);
+- gdp = (struct ext2_group_desc *) cp;
+ for (j=0; j < groups_per_block*fs->desc_blocks; j++) {
+ gdp = ext2fs_group_desc(fs, fs->group_desc, j);
+- ext2fs_swap_group_desc2(fs, gdp);
++ if (gdp)
++ ext2fs_swap_group_desc2(fs, gdp);
+ }
+ #endif
+
+@@ -261,10 +261,10 @@ errcode_t ext2fs_image_super_write(ext2_filsys fs, int fd,
+
+ #ifdef WORDS_BIGENDIAN
+ groups_per_block = EXT2_DESC_PER_BLOCK(fs->super);
+- gdp = (struct ext2_group_desc *) cp;
+ for (j=0; j < groups_per_block*fs->desc_blocks; j++) {
+ gdp = ext2fs_group_desc(fs, fs->group_desc, j);
+- ext2fs_swap_group_desc2(fs, gdp);
++ if (gdp)
++ ext2fs_swap_group_desc2(fs, gdp);
+ }
+ #endif
+
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-crash-in-ext2fs_open2-on-Big-Endian-sy.patch b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-crash-in-ext2fs_open2-on-Big-Endian-sy.patch
new file mode 100644
index 0000000..2f1d2cc
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-crash-in-ext2fs_open2-on-Big-Endian-sy.patch
@@ -0,0 +1,59 @@
+From db2efc9e0a8cdb70afc8dd7c9621da9376da7afb Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 26 Dec 2019 23:19:54 -0500
+Subject: [PATCH 01/46] libext2fs: fix crash in ext2fs_open2() on Big Endian
+ systems
+Content-Type: text/plain
+
+Commit e6069a05: ("Teach ext2fs_open2() to honor the
+EXT2_FLAG_SUPER_ONLY flag") changed how the function
+ext2fs_group_desc() handled a request for a gdp pointer for a group
+larger than the number of groups in the file system; it now returns
+NULL, instead of returning a pointer beyond the end of the array.
+
+Previously, the ext2fs_open2() function would swap all of the block
+group descriptors in a block, even if they are beyond the end of the
+file system. This was OK, since we were not overrunning the allocated
+memory, since it was rounded to a block boundary. But now that
+ext2fs_group_desc() would return NULL for those gdp, it would cause
+ext2fs_open2(), when it was byte swapping the block group descriptors
+on Big Endian systems, to dereference a null pointer and crash.
+
+This commit adds a NULL pointer check to avoid byte swapping those
+block group descriptors in a bg descriptor block, but which are beyond
+the end of the file system, to address this crash.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reported-by: Anatoly Pugachev <matorola@gmail.com>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ext2fs/openfs.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c
+index 51b54a44..e457ce1a 100644
+--- a/lib/ext2fs/openfs.c
++++ b/lib/ext2fs/openfs.c
+@@ -433,7 +433,8 @@ errcode_t ext2fs_open2(const char *name, const char *io_options,
+ gdp = (struct ext2_group_desc *) dest;
+ for (j=0; j < groups_per_block*first_meta_bg; j++) {
+ gdp = ext2fs_group_desc(fs, fs->group_desc, j);
+- ext2fs_swap_group_desc2(fs, gdp);
++ if (gdp)
++ ext2fs_swap_group_desc2(fs, gdp);
+ }
+ #endif
+ dest += fs->blocksize*first_meta_bg;
+@@ -453,7 +454,8 @@ errcode_t ext2fs_open2(const char *name, const char *io_options,
+ for (j=0; j < groups_per_block; j++) {
+ gdp = ext2fs_group_desc(fs, fs->group_desc,
+ i * groups_per_block + j);
+- ext2fs_swap_group_desc2(fs, gdp);
++ if (gdp)
++ ext2fs_swap_group_desc2(fs, gdp);
+ }
+ #endif
+ dest += fs->blocksize;
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-crash-when-ext2fs_mmp_stop-is-called-b.patch b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-crash-when-ext2fs_mmp_stop-is-called-b.patch
new file mode 100644
index 0000000..350d3ef
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-crash-when-ext2fs_mmp_stop-is-called-b.patch
@@ -0,0 +1,36 @@
+From df34e45c71cff889927a412c6296d02866cdc5cc Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Sun, 14 Feb 2021 23:51:45 -0500
+Subject: [PATCH 20/46] libext2fs: fix crash when ext2fs_mmp_stop() is called
+ before MMP is initialized
+Content-Type: text/plain
+
+The fatal_error() function in e2fsck can call ext2fs_mmp_stop() on a
+file system where MMP hasn't yet been initialized. When that happens,
+instead of crashing, have ext2fs_mmp_stop() return success, since mmp
+doesn't need to be stopped if it hasn't even been initialized yet.
+
+Addresses-Debian-Bug: #696609
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ext2fs/mmp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ext2fs/mmp.c b/lib/ext2fs/mmp.c
+index 973b9ecd..eddc66a7 100644
+--- a/lib/ext2fs/mmp.c
++++ b/lib/ext2fs/mmp.c
+@@ -401,7 +401,8 @@ errcode_t ext2fs_mmp_stop(ext2_filsys fs)
+ errcode_t retval = 0;
+
+ if (!ext2fs_has_feature_mmp(fs->super) ||
+- !(fs->flags & EXT2_FLAG_RW) || (fs->flags & EXT2_FLAG_SKIP_MMP))
++ !(fs->flags & EXT2_FLAG_RW) || (fs->flags & EXT2_FLAG_SKIP_MMP) ||
++ (fs->mmp_buf == NULL) || (fs->mmp_cmp == NULL))
+ goto mmp_error;
+
+ retval = ext2fs_mmp_read(fs, fs->super->s_mmp_block, fs->mmp_buf);
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-incorrect-negative-error-return-in-uni.patch b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-incorrect-negative-error-return-in-uni.patch
new file mode 100644
index 0000000..02d8e3c
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-incorrect-negative-error-return-in-uni.patch
@@ -0,0 +1,52 @@
+From c951a12b1594158bb87fbc4d8a89b326c34e711f Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 21 Jan 2021 16:00:01 -0500
+Subject: [PATCH 15/46] libext2fs: fix incorrect negative error return in unix
+ and sparse io managers
+Content-Type: text/plain
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ext2fs/sparse_io.c | 4 ++--
+ lib/ext2fs/unix_io.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ext2fs/sparse_io.c b/lib/ext2fs/sparse_io.c
+index 5e0e2cd9..f287e76d 100644
+--- a/lib/ext2fs/sparse_io.c
++++ b/lib/ext2fs/sparse_io.c
+@@ -138,7 +138,7 @@ static errcode_t io_manager_configure(struct sparse_io_params *params,
+ retval = io_manager_import_sparse(params, sm, io);
+ if (retval) {
+ if (!params->block_size || !params->blocks_count) {
+- retval = -EINVAL;
++ retval = EINVAL;
+ goto err_params;
+ }
+ sm->block_size = params->block_size;
+@@ -229,7 +229,7 @@ static errcode_t read_sparse_argv(const char *name, bool is_fd,
+
+ if (ret < 1) {
+ free(sparse_params->file);
+- return -EINVAL;
++ return EINVAL;
+ }
+ return 0;
+ }
+diff --git a/lib/ext2fs/unix_io.c b/lib/ext2fs/unix_io.c
+index 628e60c3..2bcd435c 100644
+--- a/lib/ext2fs/unix_io.c
++++ b/lib/ext2fs/unix_io.c
+@@ -733,7 +733,7 @@ static errcode_t unixfd_open(const char *str_fd, int flags,
+ #if defined(HAVE_FCNTL)
+ fd_flags = fcntl(fd, F_GETFD);
+ if (fd_flags == -1)
+- return -EBADF;
++ return EBADF;
+
+ flags = 0;
+ if (fd_flags & O_RDWR)
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-potential-buffer-overrun-in-__get_dire.patch b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-potential-buffer-overrun-in-__get_dire.patch
new file mode 100644
index 0000000..c193075
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-potential-buffer-overrun-in-__get_dire.patch
@@ -0,0 +1,40 @@
+From b7466a55e89aa6d6a649734f2b1b24a03390bcef Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Wed, 26 Aug 2020 16:29:29 -0400
+Subject: [PATCH 08/46] libext2fs: fix potential buffer overrun in
+ __get_dirent_tail()
+Content-Type: text/plain
+
+If the file system is corrupted, there is a potential of a read-only
+buffer overrun. Fortunately, we don't actually use the result of that
+pointer dereference, and the overrun is at most 64k.
+
+Google-Bug-Id: #158564737
+Fixes: eb88b751745b ("libext2fs: make ext2fs_dirent_has_tail() more strict")
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ext2fs/csum.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/ext2fs/csum.c b/lib/ext2fs/csum.c
+index a7172580..2151003b 100644
+--- a/lib/ext2fs/csum.c
++++ b/lib/ext2fs/csum.c
+@@ -266,12 +266,11 @@ static errcode_t __get_dirent_tail(ext2_filsys fs,
+ d = dirent;
+ top = EXT2_DIRENT_TAIL(dirent, fs->blocksize);
+
+- rec_len = translate(d->rec_len);
+ while ((void *) d < top) {
++ rec_len = translate(d->rec_len);
+ if ((rec_len < 8) || (rec_len & 0x03))
+ return EXT2_ET_DIR_CORRUPTED;
+ d = (struct ext2_dir_entry *)(((char *)d) + rec_len);
+- rec_len = translate(d->rec_len);
+ }
+
+ if ((void *)d > ((void *)dirent + fs->blocksize))
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-segault-when-setting-an-xattr-with-an-.patch b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-segault-when-setting-an-xattr-with-an-.patch
new file mode 100644
index 0000000..1369133
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-segault-when-setting-an-xattr-with-an-.patch
@@ -0,0 +1,212 @@
+From 9beb50cd2c05f69f1231eb1f4579d6770ef48359 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Sun, 7 Feb 2021 23:21:58 -0500
+Subject: [PATCH 18/46] libext2fs: fix segault when setting an xattr with an
+ unknown prefix
+Content-Type: text/plain
+
+Also avoid unnecessary calls to find_ea_index() by caching the short
+name and name index in the ext2_attr structure.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ext2fs/ext_attr.c | 64 +++++++++++++++++++++----------------------
+ 1 file changed, 32 insertions(+), 32 deletions(-)
+
+diff --git a/lib/ext2fs/ext_attr.c b/lib/ext2fs/ext_attr.c
+index 871319a5..8a7a17cf 100644
+--- a/lib/ext2fs/ext_attr.c
++++ b/lib/ext2fs/ext_attr.c
+@@ -293,7 +293,9 @@ errcode_t ext2fs_adjust_ea_refcount(ext2_filsys fs, blk_t blk,
+
+ /* Manipulate the contents of extended attribute regions */
+ struct ext2_xattr {
++ int name_index;
+ char *name;
++ char *short_name;
+ void *value;
+ unsigned int value_len;
+ ext2_ino_t ea_ino;
+@@ -643,29 +645,23 @@ write_xattrs_to_buffer(ext2_filsys fs, struct ext2_xattr *attrs, int count,
+ struct ext2_xattr *x;
+ struct ext2_ext_attr_entry *e = entries_start;
+ char *end = (char *) entries_start + storage_size;
+- const char *shortname;
+ unsigned int value_size;
+- int idx, ret;
+ errcode_t err;
+
+ memset(entries_start, 0, storage_size);
+ for (x = attrs; x < attrs + count; x++) {
+- /* Calculate index and shortname position */
+- shortname = x->name;
+- ret = find_ea_index(x->name, &shortname, &idx);
+-
+ value_size = ((x->value_len + EXT2_EXT_ATTR_PAD - 1) /
+ EXT2_EXT_ATTR_PAD) * EXT2_EXT_ATTR_PAD;
+
+ /* Fill out e appropriately */
+- e->e_name_len = strlen(shortname);
+- e->e_name_index = (ret ? idx : 0);
++ e->e_name_len = strlen(x->short_name);
++ e->e_name_index = x->name_index;
+
+ e->e_value_size = x->value_len;
+ e->e_value_inum = x->ea_ino;
+
+ /* Store name */
+- memcpy((char *)e + sizeof(*e), shortname, e->e_name_len);
++ memcpy((char *)e + sizeof(*e), x->short_name, e->e_name_len);
+ if (x->ea_ino) {
+ e->e_value_offs = 0;
+ } else {
+@@ -875,6 +871,8 @@ static errcode_t read_xattrs_from_buffer(struct ext2_xattr_handle *handle,
+ memcpy(x->name + prefix_len,
+ (char *)entry + sizeof(*entry),
+ entry->e_name_len);
++ x->short_name = x->name + prefix_len;
++ x->name_index = entry->e_name_index;
+
+ /* Check & copy value */
+ if (!ext2fs_has_feature_ea_inode(handle->fs->super) &&
+@@ -1302,7 +1300,8 @@ out:
+ }
+
+ static errcode_t xattr_update_entry(ext2_filsys fs, struct ext2_xattr *x,
+- const char *name, const void *value,
++ const char *name, const char *short_name,
++ int index, const void *value,
+ size_t value_len, int in_inode)
+ {
+ ext2_ino_t ea_ino = 0;
+@@ -1336,8 +1335,11 @@ static errcode_t xattr_update_entry(ext2_filsys fs, struct ext2_xattr *x,
+ goto fail;
+ }
+
+- if (!x->name)
++ if (!x->name) {
+ x->name = new_name;
++ x->short_name = new_name + (short_name - name);
++ }
++ x->name_index = index;
+
+ if (x->value)
+ ext2fs_free_mem(&x->value);
+@@ -1356,31 +1358,27 @@ fail:
+ }
+
+ static int xattr_find_position(struct ext2_xattr *attrs, int count,
+- const char *name)
++ const char *shortname, int name_idx)
+ {
+ struct ext2_xattr *x;
+ int i;
+- const char *shortname, *x_shortname;
+- int name_idx, x_name_idx;
+ int shortname_len, x_shortname_len;
+
+- find_ea_index(name, &shortname, &name_idx);
+ shortname_len = strlen(shortname);
+
+ for (i = 0, x = attrs; i < count; i++, x++) {
+- find_ea_index(x->name, &x_shortname, &x_name_idx);
+- if (name_idx < x_name_idx)
++ if (name_idx < x->name_index)
+ break;
+- if (name_idx > x_name_idx)
++ if (name_idx > x->name_index)
+ continue;
+
+- x_shortname_len = strlen(x_shortname);
++ x_shortname_len = strlen(x->short_name);
+ if (shortname_len < x_shortname_len)
+ break;
+ if (shortname_len > x_shortname_len)
+ continue;
+
+- if (memcmp(shortname, x_shortname, shortname_len) <= 0)
++ if (memcmp(shortname, x->short_name, shortname_len) <= 0)
+ break;
+ }
+ return i;
+@@ -1395,8 +1393,8 @@ static errcode_t xattr_array_update(struct ext2_xattr_handle *h,
+ struct ext2_xattr tmp;
+ int add_to_ibody;
+ int needed;
+- int name_len, name_idx;
+- const char *shortname;
++ int name_len, name_idx = 0;
++ const char *shortname = name;
+ int new_idx;
+ int ret;
+
+@@ -1423,7 +1421,8 @@ static errcode_t xattr_array_update(struct ext2_xattr_handle *h,
+
+ /* Update the existing entry. */
+ ret = xattr_update_entry(h->fs, &h->attrs[old_idx], name,
+- value, value_len, in_inode);
++ shortname, name_idx, value,
++ value_len, in_inode);
+ if (ret)
+ return ret;
+ if (h->ibody_count <= old_idx) {
+@@ -1451,7 +1450,8 @@ static errcode_t xattr_array_update(struct ext2_xattr_handle *h,
+ if (old_idx >= 0) {
+ /* Update the existing entry. */
+ ret = xattr_update_entry(h->fs, &h->attrs[old_idx], name,
+- value, value_len, in_inode);
++ shortname, name_idx, value,
++ value_len, in_inode);
+ if (ret)
+ return ret;
+ if (old_idx < h->ibody_count) {
+@@ -1460,7 +1460,8 @@ static errcode_t xattr_array_update(struct ext2_xattr_handle *h,
+ * entries in the block are sorted.
+ */
+ new_idx = xattr_find_position(h->attrs + h->ibody_count,
+- h->count - h->ibody_count, name);
++ h->count - h->ibody_count,
++ shortname, name_idx);
+ new_idx += h->ibody_count - 1;
+ tmp = h->attrs[old_idx];
+ memmove(h->attrs + old_idx, h->attrs + old_idx + 1,
+@@ -1472,7 +1473,8 @@ static errcode_t xattr_array_update(struct ext2_xattr_handle *h,
+ }
+
+ new_idx = xattr_find_position(h->attrs + h->ibody_count,
+- h->count - h->ibody_count, name);
++ h->count - h->ibody_count,
++ shortname, name_idx);
+ new_idx += h->ibody_count;
+ add_to_ibody = 0;
+
+@@ -1483,8 +1485,8 @@ add_new:
+ return ret;
+ }
+
+- ret = xattr_update_entry(h->fs, &h->attrs[h->count], name, value,
+- value_len, in_inode);
++ ret = xattr_update_entry(h->fs, &h->attrs[h->count], name, shortname,
++ name_idx, value, value_len, in_inode);
+ if (ret)
+ return ret;
+
+@@ -1502,12 +1504,10 @@ static int space_used(struct ext2_xattr *attrs, int count)
+ {
+ int total = 0;
+ struct ext2_xattr *x;
+- const char *shortname;
+- int i, len, name_idx;
++ int i, len;
+
+ for (i = 0, x = attrs; i < count; i++, x++) {
+- find_ea_index(x->name, &shortname, &name_idx);
+- len = strlen(shortname);
++ len = strlen(x->short_name);
+ total += EXT2_EXT_ATTR_LEN(len);
+ if (!x->ea_ino)
+ total += EXT2_EXT_ATTR_SIZE(x->value_len);
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-unexpected-NULL-variable.patch b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-unexpected-NULL-variable.patch
new file mode 100644
index 0000000..8800559
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libext2fs-fix-unexpected-NULL-variable.patch
@@ -0,0 +1,39 @@
+From 92d055879d510a1a51315301ea788445cd11aacb Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Fri, 6 Aug 2021 11:58:16 +0200
+Subject: [PATCH 40/46] libext2fs: fix unexpected NULL variable
+Content-Type: text/plain
+
+The ext2fs_check_mount_point() function can be called with mtpt being
+NULL as for example from ext2fs_check_if_mounted(). However in the
+is_swap_device condition we use the mtpt in strncpy without checking
+whether it is non-null first.
+
+This should not be a problem on linux since the previous attempt to open
+the device exclusively would have prevented us from ever reaching the
+problematic strncpy. However it's still a bug and can cause problems on
+other systems, fix it by conditioning strncpy on mtpt not being null.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/ismounted.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ext2fs/ismounted.c b/lib/ext2fs/ismounted.c
+index 46d330d9..c28475d4 100644
+--- a/lib/ext2fs/ismounted.c
++++ b/lib/ext2fs/ismounted.c
+@@ -393,7 +393,8 @@ errcode_t ext2fs_check_mount_point(const char *device, int *mount_flags,
+
+ if (is_swap_device(device)) {
+ *mount_flags = EXT2_MF_MOUNTED | EXT2_MF_SWAP;
+- strncpy(mtpt, "<swap>", mtlen);
++ if (mtpt)
++ strncpy(mtpt, "<swap>", mtlen);
+ } else {
+ #ifdef HAVE_SETMNTENT
+ retval = check_mntent(device, mount_flags, mtpt, mtlen);
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libext2fs-remove-augmented-rbtree-functionality.patch b/SOURCES/e2fsprogs-1.45.6-libext2fs-remove-augmented-rbtree-functionality.patch
new file mode 100644
index 0000000..4f1670c
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libext2fs-remove-augmented-rbtree-functionality.patch
@@ -0,0 +1,118 @@
+From 1a95588e8090a2ac6cab364e5a24be219f50710b Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Fri, 6 Aug 2021 11:58:17 +0200
+Subject: [PATCH 41/46] libext2fs: remove augmented rbtree functionality
+Content-Type: text/plain
+
+Rbtree code was originally taken from linux kernel. This includes the
+augmented rbtree functionality, however this was never intended to be
+used and is not used still. Just remove it.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/rbtree.c | 68 ---------------------------------------------
+ lib/ext2fs/rbtree.h | 8 ------
+ 2 files changed, 76 deletions(-)
+
+diff --git a/lib/ext2fs/rbtree.c b/lib/ext2fs/rbtree.c
+index 5b92099d..74426fa6 100644
+--- a/lib/ext2fs/rbtree.c
++++ b/lib/ext2fs/rbtree.c
+@@ -280,74 +280,6 @@ void ext2fs_rb_erase(struct rb_node *node, struct rb_root *root)
+ __rb_erase_color(child, parent, root);
+ }
+
+-static void ext2fs_rb_augment_path(struct rb_node *node, rb_augment_f func, void *data)
+-{
+- struct rb_node *parent;
+-
+-up:
+- func(node, data);
+- parent = ext2fs_rb_parent(node);
+- if (!parent)
+- return;
+-
+- if (node == parent->rb_left && parent->rb_right)
+- func(parent->rb_right, data);
+- else if (parent->rb_left)
+- func(parent->rb_left, data);
+-
+- node = parent;
+- goto up;
+-}
+-
+-/*
+- * after inserting @node into the tree, update the tree to account for
+- * both the new entry and any damage done by rebalance
+- */
+-void ext2fs_rb_augment_insert(struct rb_node *node, rb_augment_f func, void *data)
+-{
+- if (node->rb_left)
+- node = node->rb_left;
+- else if (node->rb_right)
+- node = node->rb_right;
+-
+- ext2fs_rb_augment_path(node, func, data);
+-}
+-
+-/*
+- * before removing the node, find the deepest node on the rebalance path
+- * that will still be there after @node gets removed
+- */
+-struct rb_node *ext2fs_rb_augment_erase_begin(struct rb_node *node)
+-{
+- struct rb_node *deepest;
+-
+- if (!node->rb_right && !node->rb_left)
+- deepest = ext2fs_rb_parent(node);
+- else if (!node->rb_right)
+- deepest = node->rb_left;
+- else if (!node->rb_left)
+- deepest = node->rb_right;
+- else {
+- deepest = ext2fs_rb_next(node);
+- if (deepest->rb_right)
+- deepest = deepest->rb_right;
+- else if (ext2fs_rb_parent(deepest) != node)
+- deepest = ext2fs_rb_parent(deepest);
+- }
+-
+- return deepest;
+-}
+-
+-/*
+- * after removal, update the tree to account for the removed entry
+- * and any rebalance damage.
+- */
+-void ext2fs_rb_augment_erase_end(struct rb_node *node, rb_augment_f func, void *data)
+-{
+- if (node)
+- ext2fs_rb_augment_path(node, func, data);
+-}
+-
+ /*
+ * This function returns the first node (in sort order) of the tree.
+ */
+diff --git a/lib/ext2fs/rbtree.h b/lib/ext2fs/rbtree.h
+index 9e806779..a4eb35ae 100644
+--- a/lib/ext2fs/rbtree.h
++++ b/lib/ext2fs/rbtree.h
+@@ -161,14 +161,6 @@ static inline void ext2fs_rb_clear_node(struct rb_node *node)
+ extern void ext2fs_rb_insert_color(struct rb_node *, struct rb_root *);
+ extern void ext2fs_rb_erase(struct rb_node *, struct rb_root *);
+
+-typedef void (*rb_augment_f)(struct rb_node *node, void *data);
+-
+-extern void ext2fs_rb_augment_insert(struct rb_node *node,
+- rb_augment_f func, void *data);
+-extern struct rb_node *ext2fs_rb_augment_erase_begin(struct rb_node *node);
+-extern void ext2fs_rb_augment_erase_end(struct rb_node *node,
+- rb_augment_f func, void *data);
+-
+ /* Find logical next and previous nodes in a tree */
+ extern struct rb_node *ext2fs_rb_next(struct rb_node *);
+ extern struct rb_node *ext2fs_rb_prev(struct rb_node *);
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libext2fs-teach-ext2fs_flush-to-check-if-group-descr.patch b/SOURCES/e2fsprogs-1.45.6-libext2fs-teach-ext2fs_flush-to-check-if-group-descr.patch
new file mode 100644
index 0000000..1b2961f
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libext2fs-teach-ext2fs_flush-to-check-if-group-descr.patch
@@ -0,0 +1,35 @@
+From 4b74f91ad7480d71853ae1170d065917afc426a2 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 16 Jan 2020 18:56:49 -0500
+Subject: [PATCH 03/46] libext2fs: teach ext2fs_flush() to check if group
+ descriptors are loaded
+Content-Type: text/plain
+
+If the EXT2_FLAG_SUPER_ONLY is not set, and the group descriptors are
+not loaded, ext2fs_flush[2]() will return EXT2_ET_NO_GDESC.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ext2fs/closefs.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c
+index 1d4d5b7f..6814cdc3 100644
+--- a/lib/ext2fs/closefs.c
++++ b/lib/ext2fs/closefs.c
+@@ -293,6 +293,11 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
+
+ EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS);
+
++ if ((fs->flags & EXT2_FLAG_SUPER_ONLY) == 0 &&
++ !ext2fs_has_feature_journal_dev(fs->super) &&
++ fs->group_desc == NULL)
++ return EXT2_ET_NO_GDESC;
++
+ fs_state = fs->super->s_state;
+ feature_incompat = fs->super->s_feature_incompat;
+
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libss-Add-missing-error-handling-for-fdopen.patch b/SOURCES/e2fsprogs-1.45.6-libss-Add-missing-error-handling-for-fdopen.patch
new file mode 100644
index 0000000..e19ea78
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libss-Add-missing-error-handling-for-fdopen.patch
@@ -0,0 +1,42 @@
+From 91a846631015734d322d11e3b8ff82d650ab7a8e Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Fri, 6 Aug 2021 11:58:19 +0200
+Subject: [PATCH 43/46] libss: Add missing error handling for fdopen()
+Content-Type: text/plain
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ss/list_rqs.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/lib/ss/list_rqs.c b/lib/ss/list_rqs.c
+index 021a3835..89e37bb2 100644
+--- a/lib/ss/list_rqs.c
++++ b/lib/ss/list_rqs.c
+@@ -12,6 +12,9 @@
+ */
+ #include "config.h"
+ #include "ss_internal.h"
++#ifdef HAVE_UNISTD_H
++#include <unistd.h>
++#endif
+ #include <signal.h>
+ #include <setjmp.h>
+ #include <sys/wait.h>
+@@ -46,6 +49,12 @@ void ss_list_requests(int argc __SS_ATTR((unused)),
+ return;
+ }
+ output = fdopen(fd, "w");
++ if (!output) {
++ perror("fdopen");
++ close(fd);
++ (void) signal(SIGINT, func);
++ return;
++ }
+ sigprocmask(SIG_SETMASK, &omask, (sigset_t *) 0);
+
+ fprintf (output, "Available %s requests:\n\n",
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libss-fix-possible-NULL-pointer-dereferece-on-alloca.patch b/SOURCES/e2fsprogs-1.45.6-libss-fix-possible-NULL-pointer-dereferece-on-alloca.patch
new file mode 100644
index 0000000..db5ad3d
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libss-fix-possible-NULL-pointer-dereferece-on-alloca.patch
@@ -0,0 +1,36 @@
+From 422643f4758b0a0345d84b2d19312269472e2a00 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Thu, 17 Feb 2022 10:24:59 +0100
+Subject: [PATCH 2/2] libss: fix possible NULL pointer dereferece on allocation
+ failure
+Content-Type: text/plain
+
+Currently in ss_execute_command() we're missng a check to see if the
+memory allocation was succesful. Fix it by checking the return from
+malloc and returning ENOMEM if it had failed.
+
+[ Removed addition of the SS_ET_ENOMEM entry to the the libss error
+ table. -TYT ]
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ss/execute_cmd.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/ss/execute_cmd.c b/lib/ss/execute_cmd.c
+index d443a468..2e2c8cfa 100644
+--- a/lib/ss/execute_cmd.c
++++ b/lib/ss/execute_cmd.c
+@@ -171,6 +171,8 @@ int ss_execute_command(int sci_idx, register char *argv[])
+ for (argp = argv; *argp; argp++)
+ argc++;
+ argp = (char **)malloc((argc+1)*sizeof(char *));
++ if (!argp)
++ return(ENOMEM);
+ for (i = 0; i <= argc; i++)
+ argp[i] = argv[i];
+ i = really_execute_command(sci_idx, argc, &argp);
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libss-handle-memory-allcation-failure-in-ss_help.patch b/SOURCES/e2fsprogs-1.45.6-libss-handle-memory-allcation-failure-in-ss_help.patch
new file mode 100644
index 0000000..8199e89
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libss-handle-memory-allcation-failure-in-ss_help.patch
@@ -0,0 +1,33 @@
+From 22c751c1ab47277e90f63ac774288f67d2e42c51 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Fri, 6 Aug 2021 11:58:18 +0200
+Subject: [PATCH 42/46] libss: handle memory allcation failure in ss_help()
+Content-Type: text/plain
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ss/help.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ss/help.c b/lib/ss/help.c
+index 96eb1092..a22b4017 100644
+--- a/lib/ss/help.c
++++ b/lib/ss/help.c
+@@ -96,7 +96,12 @@ void ss_help(int argc, char const * const *argv, int sci_idx, pointer info_ptr)
+ }
+ if (fd < 0) {
+ #define MSG "No info found for "
+- char *buf = malloc(strlen (MSG) + strlen (argv[1]) + 1);
++ char *buf = malloc(strlen (MSG) + strlen (argv[1]) + 1);
++ if (!buf) {
++ ss_perror(sci_idx, 0,
++ "couldn't allocate memory to print error message");
++ return;
++ }
+ strcpy(buf, MSG);
+ strcat(buf, argv[1]);
+ ss_perror(sci_idx, 0, buf);
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-libsupport-fix-potental-NULL-pointer-dereferences-in.patch b/SOURCES/e2fsprogs-1.45.6-libsupport-fix-potental-NULL-pointer-dereferences-in.patch
new file mode 100644
index 0000000..216d288
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-libsupport-fix-potental-NULL-pointer-dereferences-in.patch
@@ -0,0 +1,66 @@
+From c976fd2e72678a171693d2b6333c2c499ef4d588 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Fri, 6 Aug 2021 11:58:20 +0200
+Subject: [PATCH 44/46] libsupport: fix potental NULL pointer dereferences in
+ quota functions
+Content-Type: text/plain
+
+get_dq() function can fail when the memory allocation fails and so we
+could end up dereferencing NULL pointer. Fix it.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/support/mkquota.c | 8 ++++++--
+ lib/support/quotaio_tree.c | 2 +-
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c
+index ef50c9ab..280b1046 100644
+--- a/lib/support/mkquota.c
++++ b/lib/support/mkquota.c
+@@ -432,7 +432,8 @@ void quota_data_sub(quota_ctx_t qctx, struct ext2_inode_large *inode,
+ dict = qctx->quota_dict[qtype];
+ if (dict) {
+ dq = get_dq(dict, get_qid(inode, qtype));
+- dq->dq_dqb.dqb_curspace -= space;
++ if (dq)
++ dq->dq_dqb.dqb_curspace -= space;
+ }
+ }
+ }
+@@ -459,7 +460,8 @@ void quota_data_inodes(quota_ctx_t qctx, struct ext2_inode_large *inode,
+ dict = qctx->quota_dict[qtype];
+ if (dict) {
+ dq = get_dq(dict, get_qid(inode, qtype));
+- dq->dq_dqb.dqb_curinodes += adjust;
++ if (dq)
++ dq->dq_dqb.dqb_curinodes += adjust;
+ }
+ }
+ }
+@@ -532,6 +534,8 @@ static int scan_dquots_callback(struct dquot *dquot, void *cb_data)
+ struct dquot *dq;
+
+ dq = get_dq(quota_dict, dquot->dq_id);
++ if (!dq)
++ return -1;
+ dq->dq_id = dquot->dq_id;
+ dq->dq_flags |= DQF_SEEN;
+
+diff --git a/lib/support/quotaio_tree.c b/lib/support/quotaio_tree.c
+index 6cc4fb5b..5910e637 100644
+--- a/lib/support/quotaio_tree.c
++++ b/lib/support/quotaio_tree.c
+@@ -601,7 +601,7 @@ static int report_tree(struct dquot *dquot, unsigned int blk, int depth,
+ __le32 *ref = (__le32 *) buf;
+
+ if (!buf)
+- return 0;
++ return -1;
+
+ read_blk(dquot->dq_h, blk, buf);
+ if (depth == QT_TREEDEPTH - 1) {
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-lsattr-check-whether-path-is-NULL-in-lsattr_dir_proc.patch b/SOURCES/e2fsprogs-1.45.6-lsattr-check-whether-path-is-NULL-in-lsattr_dir_proc.patch
new file mode 100644
index 0000000..fd58064
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-lsattr-check-whether-path-is-NULL-in-lsattr_dir_proc.patch
@@ -0,0 +1,36 @@
+From 18850fa92c398f4a60827dd5da020f9af0822424 Mon Sep 17 00:00:00 2001
+From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Date: Wed, 28 Jul 2021 09:56:48 +0800
+Subject: [PATCH 37/46] lsattr: check whether path is NULL in lsattr_dir_proc()
+Content-Type: text/plain
+
+In lsattr_dir_proc(), if malloc() return NULL, it will cause
+a segmentation fault problem.
+
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ misc/lsattr.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/misc/lsattr.c b/misc/lsattr.c
+index 0d954376..55080e92 100644
+--- a/misc/lsattr.c
++++ b/misc/lsattr.c
+@@ -144,6 +144,11 @@ static int lsattr_dir_proc (const char * dir_name, struct dirent * de,
+ int dir_len = strlen(dir_name);
+
+ path = malloc(dir_len + strlen (de->d_name) + 2);
++ if (!path) {
++ fputs(_("Couldn't allocate path variable in lsattr_dir_proc\n"),
++ stderr);
++ return -1;
++ }
+
+ if (dir_len && dir_name[dir_len-1] == '/')
+ sprintf (path, "%s%s", dir_name, de->d_name);
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-misc-fix-potential-segmentation-fault-problem-in-sca.patch b/SOURCES/e2fsprogs-1.45.6-misc-fix-potential-segmentation-fault-problem-in-sca.patch
new file mode 100644
index 0000000..854d287
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-misc-fix-potential-segmentation-fault-problem-in-sca.patch
@@ -0,0 +1,35 @@
+From 4a92545b8711df405dc804236d66386780696ce1 Mon Sep 17 00:00:00 2001
+From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:20 +0800
+Subject: [PATCH 31/46] misc: fix potential segmentation fault problem in
+ scandir()
+Content-Type: text/plain
+
+In scandir(), temp_list[num_dent] is allocated by calling
+malloc(), we should check whether malloc() returns NULL before
+accessing temp_list[num_dent].
+
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ misc/create_inode.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/misc/create_inode.c b/misc/create_inode.c
+index 6f8487b9..38f37beb 100644
+--- a/misc/create_inode.c
++++ b/misc/create_inode.c
+@@ -752,6 +752,8 @@ static int scandir(const char *dir_name, struct dirent ***name_list,
+ }
+ // add the copy of dirent to the list
+ temp_list[num_dent] = (struct dirent*)malloc((dent->d_reclen + 3) & ~3);
++ if (!temp_list[num_dent])
++ goto out;
+ memcpy(temp_list[num_dent], dent, dent->d_reclen);
+ num_dent++;
+ }
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-mke2fs-fix-up-check-for-hardlinks-always-false-if-in.patch b/SOURCES/e2fsprogs-1.45.6-mke2fs-fix-up-check-for-hardlinks-always-false-if-in.patch
new file mode 100644
index 0000000..d0e12b6
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-mke2fs-fix-up-check-for-hardlinks-always-false-if-in.patch
@@ -0,0 +1,84 @@
+From d74f2e031418fb877c97c86a9c6b58eb30a4592c Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 21 Jul 2020 18:25:03 -0700
+Subject: [PATCH 10/46] mke2fs: fix up check for hardlinks always false if
+ inode > 0xFFFFFFFF
+Content-Type: text/plain
+
+While file has a large inode number (> 0xFFFFFFFF), mkfs.ext4 could
+not parse hardlink correctly.
+
+Prepare three hardlink files for mkfs.ext4
+
+$ ls -il rootfs_ota/a rootfs_ota/boot/b rootfs_ota/boot/c
+11026675846 -rw-r--r-- 3 hjia users 0 Jul 20 17:44 rootfs_ota/a
+11026675846 -rw-r--r-- 3 hjia users 0 Jul 20 17:44 rootfs_ota/boot/b
+11026675846 -rw-r--r-- 3 hjia users 0 Jul 20 17:44 rootfs_ota/boot/c
+
+$ truncate -s 1M rootfs_ota.ext4
+
+$ mkfs.ext4 -F -i 8192 rootfs_ota.ext4 -L otaroot -U fd5f8768-c779-4dc9-adde-165a3d863349 -d rootfs_ota
+
+$ mkdir mnt && sudo mount rootfs_ota.ext4 mnt
+
+$ ls -il mnt/a mnt/boot/b mnt/boot/c
+12 -rw-r--r-- 1 hjia users 0 Jul 20 17:44 mnt/a
+14 -rw-r--r-- 1 hjia users 0 Jul 20 17:44 mnt/boot/b
+15 -rw-r--r-- 1 hjia users 0 Jul 20 17:44 mnt/boot/c
+
+After applying this fix
+$ ls -il mnt/a mnt/boot/b mnt/boot/c
+12 -rw-r--r-- 3 hjia users 0 Jul 20 17:44 mnt/a
+12 -rw-r--r-- 3 hjia users 0 Jul 20 17:44 mnt/boot/b
+12 -rw-r--r-- 3 hjia users 0 Jul 20 17:44 mnt/boot/c
+
+Since commit [382ed4a1 e2fsck: use proper types for variables][1]
+applied, it used ext2_ino_t instead of ino_t for referencing inode
+numbers, but the type of is_hardlink's `ino' should not be instead,
+The ext2_ino_t is 32bit, if inode > 0xFFFFFFFF, its value will be
+truncated.
+
+Add a debug printf to show the value of inode, when it check for hardlink
+files, it will always return false if inode > 0xFFFFFFFF
+|--- a/misc/create_inode.c
+|+++ b/misc/create_inode.c
+|@@ -605,6 +605,7 @@ static int is_hardlink(struct hdlinks_s *hdlinks, dev_t dev, ext2_ino_t ino)
+| {
+| int i;
+|
+|+ printf("%s %d, %lX, %lX\n", __FUNCTION__, __LINE__, hdlinks->hdl[i].src_ino, ino);
+| for (i = 0; i < hdlinks->count; i++) {
+| if (hdlinks->hdl[i].src_dev == dev &&
+| hdlinks->hdl[i].src_ino == ino)
+
+Here is debug message:
+is_hardlink 608, 2913DB886, 913DB886
+
+The length of ext2_ino_t is 32bit (typedef __u32 __bitwise ext2_ino_t;),
+and ino_t is 64bit on 64bit system (such as x86-64), recover `ino' to ino_t.
+
+[1] https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=382ed4a1c2b60acb9db7631e86dda207bde6076e
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ misc/create_inode.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/misc/create_inode.c b/misc/create_inode.c
+index e8d1df6b..837f3875 100644
+--- a/misc/create_inode.c
++++ b/misc/create_inode.c
+@@ -601,7 +601,7 @@ out:
+ return err;
+ }
+
+-static int is_hardlink(struct hdlinks_s *hdlinks, dev_t dev, ext2_ino_t ino)
++static int is_hardlink(struct hdlinks_s *hdlinks, dev_t dev, ino_t ino)
+ {
+ int i;
+
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-mke2fs-only-try-discarding-a-single-block-to-test-if.patch b/SOURCES/e2fsprogs-1.45.6-mke2fs-only-try-discarding-a-single-block-to-test-if.patch
new file mode 100644
index 0000000..414a180
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-mke2fs-only-try-discarding-a-single-block-to-test-if.patch
@@ -0,0 +1,57 @@
+From 2831f4202dd1bec289a9a3459d553fcffda0f280 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Sun, 18 Jul 2021 09:15:28 -0400
+Subject: [PATCH 34/46] mke2fs: only try discarding a single block to test if
+ discard works
+Content-Type: text/plain
+
+Commit d2bfdc7ff15c ("Use punch hole as "discard" on regular files")
+added a test to see if the storage device actually supports discard.
+The intent was to try discarding the first block but since
+io_channel_discard() interprets the offset and count arguments in
+blocks, and not bytes, mke2fs was actually discarding the first 16
+megabytes (when the block size is 4k). This is normally not a
+problem, since most file systems are larger than that, and requests to
+discard beyond the end of the block device are ignored.
+
+However, when creating a small file system as part of a image
+containing multiple partitions, the initial test discard can end up
+discarding data beyond the file system being created.
+
+Addresses-Debian-Bug: #989630
+Reported-by: Josh Triplett <josh@joshtriplett.org>
+Fixes: d2bfdc7ff15c ("Use punch hole as "discard" on regular files")
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ misc/mke2fs.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/misc/mke2fs.c b/misc/mke2fs.c
+index 389d0981..b2bb2847 100644
+--- a/misc/mke2fs.c
++++ b/misc/mke2fs.c
+@@ -2768,7 +2768,7 @@ static int mke2fs_discard_device(ext2_filsys fs)
+ struct ext2fs_numeric_progress_struct progress;
+ blk64_t blocks = ext2fs_blocks_count(fs->super);
+ blk64_t count = DISCARD_STEP_MB;
+- blk64_t cur;
++ blk64_t cur = 0;
+ int retval = 0;
+
+ /*
+@@ -2776,10 +2776,9 @@ static int mke2fs_discard_device(ext2_filsys fs)
+ * we do not print numeric progress resulting in failure
+ * afterwards.
+ */
+- retval = io_channel_discard(fs->io, 0, fs->blocksize);
++ retval = io_channel_discard(fs->io, 0, 1);
+ if (retval)
+ return retval;
+- cur = fs->blocksize;
+
+ count *= (1024 * 1024);
+ count /= fs->blocksize;
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-mmp-do-not-use-O_DIRECT-when-working-with-regular-fi.patch b/SOURCES/e2fsprogs-1.45.6-mmp-do-not-use-O_DIRECT-when-working-with-regular-fi.patch
new file mode 100644
index 0000000..5f24e6b
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-mmp-do-not-use-O_DIRECT-when-working-with-regular-fi.patch
@@ -0,0 +1,68 @@
+From d80424f5ceaa3a7a8ce7dbf6bacca32f2f05fdeb Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Thu, 18 Feb 2021 10:51:46 +0100
+Subject: [PATCH 23/46] mmp: do not use O_DIRECT when working with regular file
+Content-Type: text/plain
+
+Currently the mmp block is read using O_DIRECT to avoid any caching that
+may be done by the VM. However when working with regular files this
+creates alignment issues when the device of the host file system has
+sector size larger than the blocksize of the file system in the file
+we're working with.
+
+This can be reproduced with t_mmp_fail test when run on the device with
+4k sector size because the mke2fs fails when trying to read the mmp
+block.
+
+Fix it by disabling O_DIRECT when working with regular files. I don't
+think there is any risk of doing so since the file system layer, unlike
+shared block device, should guarantee cache consistency.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Reviewed-by: Eric Sandeen <sandeen@redhat.com>
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/mmp.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/lib/ext2fs/mmp.c b/lib/ext2fs/mmp.c
+index eddc66a7..626fe395 100644
+--- a/lib/ext2fs/mmp.c
++++ b/lib/ext2fs/mmp.c
+@@ -57,21 +57,21 @@ errcode_t ext2fs_mmp_read(ext2_filsys fs, blk64_t mmp_blk, void *buf)
+ * regardless of how the io_manager is doing reads, to avoid caching of
+ * the MMP block by the io_manager or the VM. It needs to be fresh. */
+ if (fs->mmp_fd <= 0) {
++ struct stat st;
+ int flags = O_RDWR | O_DIRECT;
+
+-retry:
++ /*
++ * There is no reason for using O_DIRECT if we're working with
++ * regular file. Disabling it also avoids problems with
++ * alignment when the device of the host file system has sector
++ * size larger than blocksize of the fs we're working with.
++ */
++ if (stat(fs->device_name, &st) == 0 &&
++ S_ISREG(st.st_mode))
++ flags &= ~O_DIRECT;
++
+ fs->mmp_fd = open(fs->device_name, flags);
+ if (fs->mmp_fd < 0) {
+- struct stat st;
+-
+- /* Avoid O_DIRECT for filesystem image files if open
+- * fails, since it breaks when running on tmpfs. */
+- if (errno == EINVAL && (flags & O_DIRECT) &&
+- stat(fs->device_name, &st) == 0 &&
+- S_ISREG(st.st_mode)) {
+- flags &= ~O_DIRECT;
+- goto retry;
+- }
+ retval = EXT2_ET_MMP_OPEN_DIRECT;
+ goto out;
+ }
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-quota-Do-not-account-space-used-by-project-quota-fil.patch b/SOURCES/e2fsprogs-1.45.6-quota-Do-not-account-space-used-by-project-quota-fil.patch
new file mode 100644
index 0000000..bb13dd1
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-quota-Do-not-account-space-used-by-project-quota-fil.patch
@@ -0,0 +1,39 @@
+From 7c9b477d25a81ef736a832d66793a75860394d6f Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Mon, 12 Jul 2021 17:43:08 +0200
+Subject: [PATCH 39/46] quota: Do not account space used by project quota file
+ to quota
+Content-Type: text/plain
+
+Project quota files have high inode numbers but are not accounted in
+quota usage. Do not track them when computing quota usage.
+
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/support/mkquota.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c
+index 6f7ae6d6..ef50c9ab 100644
+--- a/lib/support/mkquota.c
++++ b/lib/support/mkquota.c
+@@ -500,9 +500,11 @@ errcode_t quota_compute_usage(quota_ctx_t qctx)
+ }
+ if (ino == 0)
+ break;
+- if (inode->i_links_count &&
+- (ino == EXT2_ROOT_INO ||
+- ino >= EXT2_FIRST_INODE(fs->super))) {
++ if (!inode->i_links_count)
++ continue;
++ if (ino == EXT2_ROOT_INO ||
++ (ino >= EXT2_FIRST_INODE(fs->super) &&
++ ino != quota_type2inum(PRJQUOTA, fs->super))) {
+ space = ext2fs_get_stat_i_blocks(fs,
+ EXT2_INODE(inode)) << 9;
+ quota_data_add(qctx, inode, ino, space);
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-resize2fs-avoid-allocating-over-the-MMP-block.patch b/SOURCES/e2fsprogs-1.45.6-resize2fs-avoid-allocating-over-the-MMP-block.patch
new file mode 100644
index 0000000..b571571
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-resize2fs-avoid-allocating-over-the-MMP-block.patch
@@ -0,0 +1,41 @@
+From a7a6126b94b9b6b0f88b5a5cc90d069974c89901 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Sat, 6 Mar 2021 23:08:12 -0500
+Subject: [PATCH 24/46] resize2fs: avoid allocating over the MMP block
+Content-Type: text/plain
+
+When resizing past the point where the reserve inode has reserved
+space for the block group descriptors to expand, and resize2fs (in an
+offline resize) needs to move the allocation bitmaps and/or inode
+table around, it's possible for resize2fs to allocate over the MMP
+block, which would be bad.
+
+Prevent this from happening by reserving the MMP block as a file
+system metadata block (which it is) in resize2fs's accounting.
+
+Addresses-Debian-Bug: #984472
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ resize/resize2fs.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/resize/resize2fs.c b/resize/resize2fs.c
+index 26050fec..e8401e79 100644
+--- a/resize/resize2fs.c
++++ b/resize/resize2fs.c
+@@ -1176,6 +1176,11 @@ static errcode_t mark_table_blocks(ext2_filsys fs,
+ if (blk)
+ ext2fs_mark_block_bitmap2(bmap, blk);
+ }
++ /* Reserve the MMP block */
++ if (ext2fs_has_feature_mmp(fs->super) &&
++ fs->super->s_mmp_block > fs->super->s_first_data_block &&
++ fs->super->s_mmp_block < ext2fs_blocks_count(fs->super))
++ ext2fs_mark_block_bitmap2(bmap, fs->super->s_mmp_block);
+ return 0;
+ }
+
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-resize2fs-prevent-block-group-descriptors-from-overf.patch b/SOURCES/e2fsprogs-1.45.6-resize2fs-prevent-block-group-descriptors-from-overf.patch
new file mode 100644
index 0000000..0593576
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-resize2fs-prevent-block-group-descriptors-from-overf.patch
@@ -0,0 +1,59 @@
+From 742255d914bf06fa8e8a3f048aae2c738657af52 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Fri, 2 Oct 2020 14:47:25 -0400
+Subject: [PATCH 11/46] resize2fs: prevent block group descriptors from
+ overflowing the first bg
+Content-Type: text/plain
+
+For 1k block file systems, resizing a file system larger than
+1073610752 blocks will result in the size of the block group
+descriptors to be so large that it will overlap with the backup
+superblock in block group #1. This problem can be reproduced via:
+
+ mke2fs -t ext4 /tmp/foo.img 200M
+ resize2fs /tmp/foo.img 1T
+ e2fsck -f /tmp/foo.img
+
+https://github.com/tytso/e2fsprogs/issues/50
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ resize/main.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/resize/main.c b/resize/main.c
+index a0c31c06..5e771d2a 100644
+--- a/resize/main.c
++++ b/resize/main.c
+@@ -269,6 +269,8 @@ int main (int argc, char ** argv)
+ long sysval;
+ int len, mount_flags;
+ char *mtpt, *undo_file = NULL;
++ dgrp_t new_group_desc_count;
++ unsigned long new_desc_blocks;
+
+ #ifdef ENABLE_NLS
+ setlocale(LC_MESSAGES, "");
+@@ -528,6 +530,18 @@ int main (int argc, char ** argv)
+ exit(1);
+ }
+ }
++ new_group_desc_count = ext2fs_div64_ceil(new_size -
++ fs->super->s_first_data_block,
++ EXT2_BLOCKS_PER_GROUP(fs->super));
++ new_desc_blocks = ext2fs_div_ceil(new_group_desc_count,
++ EXT2_DESC_PER_BLOCK(fs->super));
++ if ((new_desc_blocks + fs->super->s_first_data_block) >
++ EXT2_BLOCKS_PER_GROUP(fs->super)) {
++ com_err(program_name, 0,
++ _("New size results in too many block group "
++ "descriptors.\n"));
++ exit(1);
++ }
+
+ if (!force && new_size < min_size) {
+ com_err(program_name, 0,
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-ss_add_info_dir-fix-error-handling-when-memory-alloc.patch b/SOURCES/e2fsprogs-1.45.6-ss_add_info_dir-fix-error-handling-when-memory-alloc.patch
new file mode 100644
index 0000000..f2f0e08
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-ss_add_info_dir-fix-error-handling-when-memory-alloc.patch
@@ -0,0 +1,48 @@
+From 7fa914a178bbda39e3ed75326e18b183784fd57e Mon Sep 17 00:00:00 2001
+From: Wu Guanghao <wuguanghao3@huawei.com>
+Date: Wed, 28 Jul 2021 09:56:45 +0800
+Subject: [PATCH 35/46] ss_add_info_dir: fix error handling when memory
+ allocation fails
+Content-Type: text/plain
+
+If the realloc() and malloc() calls fail, avoid a memory leak as well
+as a potential seg fault.
+
+[ Fix error code setting to avoid depending on malloc() and realloc()
+ setting errno. -- TYT ]
+
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Reviewed-by: Wu Bo <wubo40@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ss/help.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/ss/help.c b/lib/ss/help.c
+index 5204401b..96eb1092 100644
+--- a/lib/ss/help.c
++++ b/lib/ss/help.c
+@@ -148,13 +148,16 @@ void ss_add_info_dir(int sci_idx, char *info_dir, int *code_ptr)
+ dirs = (char **)realloc((char *)dirs,
+ (unsigned)(n_dirs + 2)*sizeof(char *));
+ if (dirs == (char **)NULL) {
+- info->info_dirs = (char **)NULL;
+- *code_ptr = errno;
++ *code_ptr = ENOMEM;
+ return;
+ }
+ info->info_dirs = dirs;
+ dirs[n_dirs + 1] = (char *)NULL;
+ dirs[n_dirs] = malloc((unsigned)strlen(info_dir)+1);
++ if (dirs[n_dirs] == (char *)NULL) {
++ *code_ptr = ENOMEM;
++ return;
++ }
+ strcpy(dirs[n_dirs], info_dir);
+ *code_ptr = 0;
+ }
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-ss_create_invocation-fix-error-handling-when-memory-.patch b/SOURCES/e2fsprogs-1.45.6-ss_create_invocation-fix-error-handling-when-memory-.patch
new file mode 100644
index 0000000..2c950de
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-ss_create_invocation-fix-error-handling-when-memory-.patch
@@ -0,0 +1,112 @@
+From e46e4a8c3c298ec05092008966072d73437c9728 Mon Sep 17 00:00:00 2001
+From: Wu Guanghao <wuguanghao3@huawei.com>
+Date: Wed, 28 Jul 2021 09:56:46 +0800
+Subject: [PATCH 36/46] ss_create_invocation: fix error handling when memory
+ allocation fails
+Content-Type: text/plain
+
+In ss_create_invocation(), it is necessary to check whether
+returned by malloc is a null pointer.
+
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ss/invocation.c | 42 +++++++++++++++++++++++++++++++++---------
+ 1 file changed, 33 insertions(+), 9 deletions(-)
+
+diff --git a/lib/ss/invocation.c b/lib/ss/invocation.c
+index 457e7a2c..bf5ea0ce 100644
+--- a/lib/ss/invocation.c
++++ b/lib/ss/invocation.c
+@@ -26,29 +26,33 @@ int ss_create_invocation(const char *subsystem_name, const char *version_string,
+ void *info_ptr, ss_request_table *request_table_ptr,
+ int *code_ptr)
+ {
+- register int sci_idx;
+- register ss_data *new_table;
+- register ss_data **table;
++ int sci_idx;
++ ss_data *new_table = NULL;
++ ss_data **table = NULL;
++ ss_data **realloc_table = NULL;
+
+ *code_ptr = 0;
+ table = _ss_table;
+ new_table = (ss_data *) malloc(sizeof(ss_data));
++ if (!new_table)
++ goto out;
+
+ if (table == (ss_data **) NULL) {
+ table = (ss_data **) malloc(2 * size);
++ if (!table)
++ goto out;
+ table[0] = table[1] = (ss_data *)NULL;
+ }
+ initialize_ss_error_table ();
+
+ for (sci_idx = 1; table[sci_idx] != (ss_data *)NULL; sci_idx++)
+ ;
+- table = (ss_data **) realloc((char *)table,
++ realloc_table = (ss_data **) realloc((char *)table,
+ ((unsigned)sci_idx+2)*size);
+- if (table == NULL) {
+- *code_ptr = ENOMEM;
+- free(new_table);
+- return 0;
+- }
++ if (realloc_table == NULL)
++ goto out;
++
++ table = realloc_table;
+ table[sci_idx+1] = (ss_data *) NULL;
+ table[sci_idx] = new_table;
+
+@@ -57,9 +61,15 @@ int ss_create_invocation(const char *subsystem_name, const char *version_string,
+ new_table->argv = (char **)NULL;
+ new_table->current_request = (char *)NULL;
+ new_table->info_dirs = (char **)malloc(sizeof(char *));
++ if (!new_table->info_dirs)
++ goto out;
++
+ *new_table->info_dirs = (char *)NULL;
+ new_table->info_ptr = info_ptr;
+ new_table->prompt = malloc((unsigned)strlen(subsystem_name)+4);
++ if (!new_table->prompt)
++ goto out;
++
+ strcpy(new_table->prompt, subsystem_name);
+ strcat(new_table->prompt, ": ");
+ #ifdef silly
+@@ -71,6 +81,9 @@ int ss_create_invocation(const char *subsystem_name, const char *version_string,
+ new_table->flags.abbrevs_disabled = 0;
+ new_table->rqt_tables =
+ (ss_request_table **) calloc(2, sizeof(ss_request_table *));
++ if (!new_table->rqt_tables)
++ goto out;
++
+ *(new_table->rqt_tables) = request_table_ptr;
+ *(new_table->rqt_tables+1) = (ss_request_table *) NULL;
+
+@@ -85,6 +98,17 @@ int ss_create_invocation(const char *subsystem_name, const char *version_string,
+ ss_get_readline(sci_idx);
+ #endif
+ return(sci_idx);
++
++out:
++ if (new_table) {
++ free(new_table->prompt);
++ free(new_table->info_dirs);
++ }
++ free(new_table);
++ free(table);
++ *code_ptr = ENOMEM;
++ return 0;
++
+ }
+
+ void
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-ss_create_invocation-fix-potential-unititalized-refe.patch b/SOURCES/e2fsprogs-1.45.6-ss_create_invocation-fix-potential-unititalized-refe.patch
new file mode 100644
index 0000000..4b7f809
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-ss_create_invocation-fix-potential-unititalized-refe.patch
@@ -0,0 +1,30 @@
+From 1f70da1ff20ed99f2a3ac26a61a6492279bd44de Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Tue, 3 Aug 2021 11:03:34 -0400
+Subject: [PATCH 38/46] ss_create_invocation: fix potential unititalized
+ reference in error path
+Content-Type: text/plain
+
+Fixes: eccdde1ff381 ("ss_create_invocation: fix error handling when ...")
+Addresses-Coverity-Bug: 1489771
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ss/invocation.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/ss/invocation.c b/lib/ss/invocation.c
+index bf5ea0ce..7d7458a7 100644
+--- a/lib/ss/invocation.c
++++ b/lib/ss/invocation.c
+@@ -36,6 +36,7 @@ int ss_create_invocation(const char *subsystem_name, const char *version_string,
+ new_table = (ss_data *) malloc(sizeof(ss_data));
+ if (!new_table)
+ goto out;
++ memset(new_table, 0, sizeof(ss_data));
+
+ if (table == (ss_data **) NULL) {
+ table = (ss_data **) malloc(2 * size);
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-tdb_transaction_recover-fix-memory-leak.patch b/SOURCES/e2fsprogs-1.45.6-tdb_transaction_recover-fix-memory-leak.patch
new file mode 100644
index 0000000..43ae5a4
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-tdb_transaction_recover-fix-memory-leak.patch
@@ -0,0 +1,33 @@
+From a6f7be73206a27f6b5eb95ed66095d38110560cc Mon Sep 17 00:00:00 2001
+From: wuguanghao <wuguanghao3@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:14 +0800
+Subject: [PATCH 27/46] tdb_transaction_recover: fix memory leak
+Content-Type: text/plain
+
+In tdb_transaction_recover(), need free data before return,
+otherwise it will cause memory leak.
+
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Reviewed-by: Wu Bo <wubo40@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ lib/ext2fs/tdb.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/ext2fs/tdb.c b/lib/ext2fs/tdb.c
+index 5091b128..0fb94815 100644
+--- a/lib/ext2fs/tdb.c
++++ b/lib/ext2fs/tdb.c
+@@ -2186,6 +2186,7 @@ int tdb_transaction_recover(struct tdb_context *tdb)
+ rec.data_len, 0) == -1) {
+ TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to read recovery data\n"));
+ tdb->ecode = TDB_ERR_IO;
++ free(data);
+ return -1;
+ }
+
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-tests-Add-option-to-print-diff-output-of-failed-test.patch b/SOURCES/e2fsprogs-1.45.6-tests-Add-option-to-print-diff-output-of-failed-test.patch
new file mode 100644
index 0000000..cb5f7a3
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-tests-Add-option-to-print-diff-output-of-failed-test.patch
@@ -0,0 +1,33 @@
+From 4b2fa25a97e53636dfe216198a1e97266cf0709a Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Thu, 2 Sep 2021 12:58:52 +0200
+Subject: [PATCH 46/46] tests: Add option to print diff output of failed tests
+Content-Type: text/plain
+
+Add variable $PRINT_FAILED which when set will print the diff output of
+a failed test.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ tests/test_one.in | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/tests/test_one.in b/tests/test_one.in
+index 5d7607ad..78499ad0 100644
+--- a/tests/test_one.in
++++ b/tests/test_one.in
+@@ -82,6 +82,10 @@ if [ $elapsed -gt 60 -a ! -f $test_dir/is_slow_test ]; then
+ echo "$test_name: consider adding $test_dir/is_slow_test"
+ fi
+
++if [ -n "$PRINT_FAILED" -a -f $test_name.failed ] ; then
++ cat $test_name.failed
++fi
++
+ if [ "$SKIP_UNLINK" != "true" ] ; then
+ rm -f $TMPFILE
+ fi
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-tune2fs-update-dir-checksums-when-clearing-dir_index.patch b/SOURCES/e2fsprogs-1.45.6-tune2fs-update-dir-checksums-when-clearing-dir_index.patch
new file mode 100644
index 0000000..f8dae8d
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-tune2fs-update-dir-checksums-when-clearing-dir_index.patch
@@ -0,0 +1,284 @@
+From fb4a6ed596f6a9f6b1c6d3d9307ef8259d988c04 Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Thu, 13 Feb 2020 11:16:02 +0100
+Subject: [PATCH 06/46] tune2fs: update dir checksums when clearing dir_index
+ feature
+Content-Type: text/plain
+
+When clearing dir_index feature while metadata_csum is enabled, we have
+to rewrite checksums of all indexed directories to update checksums of
+internal tree nodes.
+
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ misc/tune2fs.c | 143 ++++++++++++++++++++++++++++++++-----------------
+ 1 file changed, 95 insertions(+), 48 deletions(-)
+
+diff --git a/misc/tune2fs.c b/misc/tune2fs.c
+index 39cf8587..a7a779b8 100644
+--- a/misc/tune2fs.c
++++ b/misc/tune2fs.c
+@@ -504,7 +504,8 @@ struct rewrite_dir_context {
+ char *buf;
+ errcode_t errcode;
+ ext2_ino_t dir;
+- int is_htree;
++ int is_htree:1;
++ int clear_htree:1;
+ };
+
+ static int rewrite_dir_block(ext2_filsys fs,
+@@ -523,8 +524,13 @@ static int rewrite_dir_block(ext2_filsys fs,
+ if (ctx->errcode)
+ return BLOCK_ABORT;
+
+- /* if htree node... */
+- if (ctx->is_htree)
++ /*
++ * if htree node... Note that if we are clearing htree structures from
++ * the directory, we treat the htree internal block as an ordinary leaf.
++ * The code below will do the right thing and make space for checksum
++ * there.
++ */
++ if (ctx->is_htree && !ctx->clear_htree)
+ ext2fs_get_dx_countlimit(fs, (struct ext2_dir_entry *)ctx->buf,
+ &dcl, &dcl_offset);
+ if (dcl) {
+@@ -653,7 +659,8 @@ static errcode_t rewrite_directory(ext2_filsys fs, ext2_ino_t dir,
+ if (retval)
+ return retval;
+
+- ctx.is_htree = (inode->i_flags & EXT2_INDEX_FL);
++ ctx.is_htree = !!(inode->i_flags & EXT2_INDEX_FL);
++ ctx.clear_htree = !ext2fs_has_feature_dir_index(fs->super);
+ ctx.dir = dir;
+ ctx.errcode = 0;
+ retval = ext2fs_block_iterate3(fs, dir, BLOCK_FLAG_READ_ONLY |
+@@ -664,6 +671,13 @@ static errcode_t rewrite_directory(ext2_filsys fs, ext2_ino_t dir,
+ if (retval)
+ return retval;
+
++ if (ctx.is_htree && ctx.clear_htree) {
++ inode->i_flags &= ~EXT2_INDEX_FL;
++ retval = ext2fs_write_inode(fs, dir, inode);
++ if (retval)
++ return retval;
++ }
++
+ return ctx.errcode;
+ }
+
+@@ -818,28 +832,67 @@ static void rewrite_one_inode(struct rewrite_context *ctx, ext2_ino_t ino,
+ fatal_err(retval, "while rewriting extended attribute");
+ }
+
+-/*
+- * Forcibly set checksums in all inodes.
+- */
+-static void rewrite_inodes(ext2_filsys fs)
++#define REWRITE_EA_FL 0x01 /* Rewrite EA inodes */
++#define REWRITE_DIR_FL 0x02 /* Rewrite directories */
++#define REWRITE_NONDIR_FL 0x04 /* Rewrite other inodes */
++#define REWRITE_ALL (REWRITE_EA_FL | REWRITE_DIR_FL | REWRITE_NONDIR_FL)
++
++static void rewrite_inodes_pass(struct rewrite_context *ctx, unsigned int flags)
+ {
+ ext2_inode_scan scan;
+ errcode_t retval;
+ ext2_ino_t ino;
+ struct ext2_inode *inode;
+- int pass;
++ int rewrite;
++
++ retval = ext2fs_get_mem(ctx->inode_size, &inode);
++ if (retval)
++ fatal_err(retval, "while allocating memory");
++
++ retval = ext2fs_open_inode_scan(ctx->fs, 0, &scan);
++ if (retval)
++ fatal_err(retval, "while opening inode scan");
++
++ do {
++ retval = ext2fs_get_next_inode_full(scan, &ino, inode,
++ ctx->inode_size);
++ if (retval)
++ fatal_err(retval, "while getting next inode");
++ if (!ino)
++ break;
++
++ rewrite = 0;
++ if (inode->i_flags & EXT4_EA_INODE_FL) {
++ if (flags & REWRITE_EA_FL)
++ rewrite = 1;
++ } else if (LINUX_S_ISDIR(inode->i_mode)) {
++ if (flags & REWRITE_DIR_FL)
++ rewrite = 1;
++ } else {
++ if (flags & REWRITE_NONDIR_FL)
++ rewrite = 1;
++ }
++ if (rewrite)
++ rewrite_one_inode(ctx, ino, inode);
++ } while (ino);
++ ext2fs_close_inode_scan(scan);
++ ext2fs_free_mem(&inode);
++}
++
++/*
++ * Forcibly rewrite checksums in inodes specified by 'flags'
++ */
++static void rewrite_inodes(ext2_filsys fs, unsigned int flags)
++{
+ struct rewrite_context ctx = {
+ .fs = fs,
+ .inode_size = EXT2_INODE_SIZE(fs->super),
+ };
++ errcode_t retval;
+
+ if (fs->super->s_creator_os == EXT2_OS_HURD)
+ return;
+
+- retval = ext2fs_get_mem(ctx.inode_size, &inode);
+- if (retval)
+- fatal_err(retval, "while allocating memory");
+-
+ retval = ext2fs_get_memzero(ctx.inode_size, &ctx.zero_inode);
+ if (retval)
+ fatal_err(retval, "while allocating memory");
+@@ -858,39 +911,16 @@ static void rewrite_inodes(ext2_filsys fs)
+ *
+ * pass 2: go over other inodes to update their checksums.
+ */
+- if (ext2fs_has_feature_ea_inode(fs->super))
+- pass = 1;
+- else
+- pass = 2;
+- for (;pass <= 2; pass++) {
+- retval = ext2fs_open_inode_scan(fs, 0, &scan);
+- if (retval)
+- fatal_err(retval, "while opening inode scan");
+-
+- do {
+- retval = ext2fs_get_next_inode_full(scan, &ino, inode,
+- ctx.inode_size);
+- if (retval)
+- fatal_err(retval, "while getting next inode");
+- if (!ino)
+- break;
+-
+- if (((pass == 1) &&
+- (inode->i_flags & EXT4_EA_INODE_FL)) ||
+- ((pass == 2) &&
+- !(inode->i_flags & EXT4_EA_INODE_FL)))
+- rewrite_one_inode(&ctx, ino, inode);
+- } while (ino);
+-
+- ext2fs_close_inode_scan(scan);
+- }
++ if (ext2fs_has_feature_ea_inode(fs->super) && (flags & REWRITE_EA_FL))
++ rewrite_inodes_pass(&ctx, REWRITE_EA_FL);
++ flags &= ~REWRITE_EA_FL;
++ rewrite_inodes_pass(&ctx, flags);
+
+ ext2fs_free_mem(&ctx.zero_inode);
+ ext2fs_free_mem(&ctx.ea_buf);
+- ext2fs_free_mem(&inode);
+ }
+
+-static void rewrite_metadata_checksums(ext2_filsys fs)
++static void rewrite_metadata_checksums(ext2_filsys fs, unsigned int flags)
+ {
+ errcode_t retval;
+ dgrp_t i;
+@@ -902,7 +932,7 @@ static void rewrite_metadata_checksums(ext2_filsys fs)
+ retval = ext2fs_read_bitmaps(fs);
+ if (retval)
+ fatal_err(retval, "while reading bitmaps");
+- rewrite_inodes(fs);
++ rewrite_inodes(fs, flags);
+ ext2fs_mark_ib_dirty(fs);
+ ext2fs_mark_bb_dirty(fs);
+ ext2fs_mmp_update2(fs, 1);
+@@ -1201,6 +1231,23 @@ mmp_error:
+ uuid_generate((unsigned char *) sb->s_hash_seed);
+ }
+
++ if (FEATURE_OFF(E2P_FEATURE_COMPAT, EXT2_FEATURE_COMPAT_DIR_INDEX) &&
++ ext2fs_has_feature_metadata_csum(sb)) {
++ check_fsck_needed(fs,
++ _("Disabling directory index on filesystem with "
++ "checksums could take some time."));
++ if (mount_flags & EXT2_MF_MOUNTED) {
++ fputs(_("Cannot disable dir_index on a mounted "
++ "filesystem!\n"), stderr);
++ exit(1);
++ }
++ /*
++ * Clearing dir_index on checksummed filesystem requires
++ * rewriting all directories to update checksums.
++ */
++ rewrite_checksums |= REWRITE_DIR_FL;
++ }
++
+ if (FEATURE_OFF(E2P_FEATURE_INCOMPAT, EXT4_FEATURE_INCOMPAT_FLEX_BG)) {
+ if (ext2fs_check_desc(fs)) {
+ fputs(_("Clearing the flex_bg flag would "
+@@ -1244,7 +1291,7 @@ mmp_error:
+ "The larger fields afforded by this feature "
+ "enable full-strength checksumming. "
+ "Run resize2fs -b to rectify.\n"));
+- rewrite_checksums = 1;
++ rewrite_checksums = REWRITE_ALL;
+ /* metadata_csum supersedes uninit_bg */
+ ext2fs_clear_feature_gdt_csum(fs->super);
+
+@@ -1272,7 +1319,7 @@ mmp_error:
+ "filesystem!\n"), stderr);
+ exit(1);
+ }
+- rewrite_checksums = 1;
++ rewrite_checksums = REWRITE_ALL;
+
+ /* Enable uninit_bg unless the user expressly turned it off */
+ memcpy(test_features, old_features, sizeof(test_features));
+@@ -1454,7 +1501,7 @@ mmp_error:
+ }
+ check_fsck_needed(fs, _("Recalculating checksums "
+ "could take some time."));
+- rewrite_checksums = 1;
++ rewrite_checksums = REWRITE_ALL;
+ }
+ }
+
+@@ -3191,7 +3238,7 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n"
+ check_fsck_needed(fs,
+ _("Setting the UUID on this "
+ "filesystem could take some time."));
+- rewrite_checksums = 1;
++ rewrite_checksums = REWRITE_ALL;
+ }
+
+ if (ext2fs_has_group_desc_csum(fs)) {
+@@ -3302,7 +3349,7 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n"
+ if (retval == 0) {
+ printf(_("Setting inode size %lu\n"),
+ new_inode_size);
+- rewrite_checksums = 1;
++ rewrite_checksums = REWRITE_ALL;
+ } else {
+ printf("%s", _("Failed to change inode size\n"));
+ rc = 1;
+@@ -3311,7 +3358,7 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n"
+ }
+
+ if (rewrite_checksums)
+- rewrite_metadata_checksums(fs);
++ rewrite_metadata_checksums(fs, rewrite_checksums);
+
+ if (l_flag)
+ list_super(sb);
+--
+2.35.1
+
diff --git a/SOURCES/e2fsprogs-1.45.6-zap_sector-fix-memory-leak.patch b/SOURCES/e2fsprogs-1.45.6-zap_sector-fix-memory-leak.patch
new file mode 100644
index 0000000..66e0bc5
--- /dev/null
+++ b/SOURCES/e2fsprogs-1.45.6-zap_sector-fix-memory-leak.patch
@@ -0,0 +1,37 @@
+From 8f0e75091cfcbdfbfa0f6d0e379e153ddaa268ac Mon Sep 17 00:00:00 2001
+From: wuguanghao <wuguanghao3@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:15 +0800
+Subject: [PATCH 28/46] zap_sector: fix memory leak
+Content-Type: text/plain
+
+In zap_sector(), need free buf before return,
+otherwise it will cause memory leak.
+
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Reviewed-by: Wu Bo <wubo40@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+---
+ misc/mke2fs.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/misc/mke2fs.c b/misc/mke2fs.c
+index 0184a3a8..389d0981 100644
+--- a/misc/mke2fs.c
++++ b/misc/mke2fs.c
+@@ -582,8 +582,10 @@ static void zap_sector(ext2_filsys fs, int sect, int nsect)
+ else {
+ magic = (unsigned int *) (buf + BSD_LABEL_OFFSET);
+ if ((*magic == BSD_DISKMAGIC) ||
+- (*magic == BSD_MAGICDISK))
++ (*magic == BSD_MAGICDISK)) {
++ free(buf);
+ return;
++ }
+ }
+ }
+
+--
+2.35.1
+
diff --git a/SPECS/e2fsprogs.spec b/SPECS/e2fsprogs.spec
index d12fe7f..4e5b47b 100644
--- a/SPECS/e2fsprogs.spec
+++ b/SPECS/e2fsprogs.spec
@@ -1,7 +1,7 @@
Summary: Utilities for managing ext2, ext3, and ext4 file systems
Name: e2fsprogs
Version: 1.45.6
-Release: 4%{?dist}
+Release: 5%{?dist}
# License tags based on COPYING file distinctions for various components
License: GPLv2
@@ -38,6 +38,54 @@ Patch7: e2fsprogs-1.45.6-mke2fs-Escape-double-quotes-when-parsing-mke2fs.conf.pa
Patch8: 0001-reisze2fs-sanity-check-free-block-group-counts-when-.patch
Patch9: 0001-tests-support-older-versions-of-timeout-in-r_corrupt.patch
Patch10: 0001-tests-specify-inode-size-in-r_corrupt_fs.patch
+Patch11: e2fsprogs-1.45.6-libext2fs-fix-crash-in-ext2fs_open2-on-Big-Endian-sy.patch
+Patch12: e2fsprogs-1.45.6-libext2fs-fix-crash-in-ext2fs_image_super_write-on-B.patch
+Patch13: e2fsprogs-1.45.6-libext2fs-teach-ext2fs_flush-to-check-if-group-descr.patch
+Patch14: e2fsprogs-1.45.6-libext2fs-don-t-needlessly-byte-swap-the-group-descr.patch
+Patch15: e2fsprogs-1.45.6-e2fsck-fix-indexed-dir-rehash-failure-with-metadata_.patch
+Patch16: e2fsprogs-1.45.6-tune2fs-update-dir-checksums-when-clearing-dir_index.patch
+Patch17: e2fsprogs-1.45.6-e2fsck-fix-off-by-one-check-when-validating-depth-of.patch
+Patch18: e2fsprogs-1.45.6-libext2fs-fix-potential-buffer-overrun-in-__get_dire.patch
+Patch19: e2fsprogs-1.45.6-e2fsck-use-size_t-instead-of-int-in-string_copy.patch
+Patch20: e2fsprogs-1.45.6-mke2fs-fix-up-check-for-hardlinks-always-false-if-in.patch
+Patch21: e2fsprogs-1.45.6-resize2fs-prevent-block-group-descriptors-from-overf.patch
+Patch22: e2fsprogs-1.45.6-debugfs-fix-parse_uint-for-64-bit-fields.patch
+Patch23: e2fsprogs-1.45.6-create_inode-set-xattrs-to-the-root-directory-as-wel.patch
+Patch24: e2fsprogs-1.45.6-filefrag-handle-invalid-st_dev-and-blksize-cases.patch
+Patch25: e2fsprogs-1.45.6-libext2fs-fix-incorrect-negative-error-return-in-uni.patch
+Patch26: e2fsprogs-1.45.6-debugfs-fix-double-free-in-realloc-error-path-in-rea.patch
+Patch27: e2fsprogs-1.45.6-Fix-clang-warnings.patch
+Patch28: e2fsprogs-1.45.6-libext2fs-fix-segault-when-setting-an-xattr-with-an-.patch
+Patch29: e2fsprogs-1.45.6-debugfs-fix-memory-allocation-failures-when-parsing-.patch
+Patch30: e2fsprogs-1.45.6-libext2fs-fix-crash-when-ext2fs_mmp_stop-is-called-b.patch
+Patch31: e2fsprogs-1.45.6-Add-checks-for-fs-blocksize-0-which-could-cause-some.patch
+Patch32: e2fsprogs-1.45.6-debugfs-fix-memory-leak-problem-in-read_list.patch
+Patch33: e2fsprogs-1.45.6-mmp-do-not-use-O_DIRECT-when-working-with-regular-fi.patch
+Patch34: e2fsprogs-1.45.6-resize2fs-avoid-allocating-over-the-MMP-block.patch
+Patch35: e2fsprogs-1.45.6-e2image-fix-overflow-in-l2-table-processing.patch
+Patch36: e2fsprogs-1.45.6-e2fsck-fix-last-mount-write-time-when-e2fsck-is-forc.patch
+Patch37: e2fsprogs-1.45.6-tdb_transaction_recover-fix-memory-leak.patch
+Patch38: e2fsprogs-1.45.6-zap_sector-fix-memory-leak.patch
+Patch39: e2fsprogs-1.45.6-append_pathname-check-the-value-returned-by-realloc.patch
+Patch40: e2fsprogs-1.45.6-argv_parse-check-return-value-of-malloc-in-argv_pars.patch
+Patch41: e2fsprogs-1.45.6-misc-fix-potential-segmentation-fault-problem-in-sca.patch
+Patch42: e2fsprogs-1.45.6-lib-ss-error.c-check-return-value-malloc-in-ss_name.patch
+Patch43: e2fsprogs-1.45.6-ext2ed-fix-potential-NULL-pointer-dereference-in-dup.patch
+Patch44: e2fsprogs-1.45.6-mke2fs-only-try-discarding-a-single-block-to-test-if.patch
+Patch45: e2fsprogs-1.45.6-ss_add_info_dir-fix-error-handling-when-memory-alloc.patch
+Patch46: e2fsprogs-1.45.6-ss_create_invocation-fix-error-handling-when-memory-.patch
+Patch47: e2fsprogs-1.45.6-lsattr-check-whether-path-is-NULL-in-lsattr_dir_proc.patch
+Patch48: e2fsprogs-1.45.6-ss_create_invocation-fix-potential-unititalized-refe.patch
+Patch49: e2fsprogs-1.45.6-quota-Do-not-account-space-used-by-project-quota-fil.patch
+Patch50: e2fsprogs-1.45.6-libext2fs-fix-unexpected-NULL-variable.patch
+Patch51: e2fsprogs-1.45.6-libext2fs-remove-augmented-rbtree-functionality.patch
+Patch52: e2fsprogs-1.45.6-libss-handle-memory-allcation-failure-in-ss_help.patch
+Patch53: e2fsprogs-1.45.6-libss-Add-missing-error-handling-for-fdopen.patch
+Patch54: e2fsprogs-1.45.6-libsupport-fix-potental-NULL-pointer-dereferences-in.patch
+Patch55: e2fsprogs-1.45.6-e2fsck-add-maximum-string-length-specifiers-to-fscan.patch
+Patch56: e2fsprogs-1.45.6-tests-Add-option-to-print-diff-output-of-failed-test.patch
+Patch57: e2fsprogs-1.45.6-libext2fs-add-sanity-check-to-extent-manipulation.patch
+Patch58: e2fsprogs-1.45.6-libss-fix-possible-NULL-pointer-dereferece-on-alloca.patch
%description
The e2fsprogs package contains a number of utilities for creating,
@@ -167,6 +215,54 @@ It was originally inspired by the Multics SubSystem library.
%patch8 -p1
%patch9 -p1
%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
+%patch20 -p1
+%patch21 -p1
+%patch22 -p1
+%patch23 -p1
+%patch24 -p1
+%patch25 -p1
+%patch26 -p1
+%patch27 -p1
+%patch28 -p1
+%patch29 -p1
+%patch30 -p1
+%patch31 -p1
+%patch32 -p1
+%patch33 -p1
+%patch34 -p1
+%patch35 -p1
+%patch36 -p1
+%patch37 -p1
+%patch38 -p1
+%patch39 -p1
+%patch40 -p1
+%patch41 -p1
+%patch42 -p1
+%patch43 -p1
+%patch44 -p1
+%patch45 -p1
+%patch46 -p1
+%patch47 -p1
+%patch48 -p1
+%patch49 -p1
+%patch50 -p1
+%patch51 -p1
+%patch52 -p1
+%patch53 -p1
+%patch54 -p1
+%patch55 -p1
+%patch56 -p1
+%patch57 -p1
+%patch58 -p1
%build
%configure CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \
@@ -190,7 +286,7 @@ chmod +w %{buildroot}%{_libdir}/*.a
%find_lang %{name}
%check
-make fullcheck
+make PRINT_FAILED=yes fullcheck
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
@@ -329,6 +425,10 @@ exit 0
%{_libdir}/pkgconfig/ss.pc
%changelog
+* Wed May 11 2022 Lukas Czerner <lczerner@redhat.com> 1.45.6-5
+- Update e2fsprogs with upstream fixes and improvements (#2083621)
+- Fix out-of-bounds read/write via crafter filesystem (#2073548)
+
* Wed Feb 16 2022 Lukas Czerner <lczerner@redhat.com> 1.45.6-4
- Sanity check free block group counts when calculating minimum size (#2054129)