!29 Integrate community patches

From: @hifi521
Reviewed-by: 
Signed-off-by:

0006-e2fsck-fix-indexed-dir-rehash-failure-with-metadata_.patch

@@ -0,0 +1,41 @@
+From 9e6ec24e709d9a0ad5d2f11b5ec5ed232b87b16e Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Thu, 13 Feb 2020 11:15:57 +0100
+Subject: [PATCH] e2fsck: fix indexed dir rehash failure with metadata_csum
+ enabled
+
+E2fsck directory rehashing code can fail with ENOSPC due to a bug in
+ext2fs_htree_intnode_maxrecs() which fails to take metadata checksum
+into account and thus e.g. e2fsck can decide to create 1 indirect level
+of index tree when two are actually needed. Fix the logic to account for
+metadata checksum.
+
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/ext2fs.h | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ext2fs/ext2fs.h b/lib/ext2fs/ext2fs.h
+index c9499839..69c8a3ff 100644
+--- a/lib/ext2fs/ext2fs.h
++++ b/lib/ext2fs/ext2fs.h
+@@ -2047,7 +2047,13 @@ _INLINE_ blk_t ext2fs_inode_data_blocks(ext2_filsys fs,
+ 
+ _INLINE_ int ext2fs_htree_intnode_maxrecs(ext2_filsys fs, int blocks)
+ {
+-	return blocks * ((fs->blocksize - 8) / sizeof(struct ext2_dx_entry));
++	int csum_size = 0;
++
++	if ((EXT2_SB(fs->super)->s_feature_ro_compat &
++	     EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) != 0)
++		csum_size = sizeof(struct ext2_dx_tail);
++	return blocks * ((fs->blocksize - (8 + csum_size)) /
++						sizeof(struct ext2_dx_entry));
+ }
+ 
+ /*
+-- 
+2.25.1
+

0007-libext2fs-retry-reading-superblock-on-open-when-chec.patch

@@ -0,0 +1,53 @@
+From 6338a8467564c3a0a12e9fcb08bdd748d736ac2f Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Sun, 17 May 2020 23:05:11 -0400
+Subject: [PATCH] libext2fs: retry reading superblock on open when checksum is
+ bad
+
+When opening a file system which is mounted, it's possible that when
+ext2fs_open2() is racing with the kernel modifying the orphaned inode
+list, the superblock's checksum could be incorrect.  So retry reading
+the superblock in the hopes that the problem will self-correct.
+
+Google-Bug-Id: 151453112
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/openfs.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c
+index 51b54a44..ae54870e 100644
+--- a/lib/ext2fs/openfs.c
++++ b/lib/ext2fs/openfs.c
+@@ -134,6 +134,7 @@ errcode_t ext2fs_open2(const char *name, const char *io_options,
+ 	int		j;
+ #endif
+ 	char		*time_env;
++	int		csum_retries = 0;
+ 
+ 	EXT2_CHECK_MAGIC(manager, EXT2_ET_MAGIC_IO_MANAGER);
+ 
+@@ -221,6 +222,7 @@ errcode_t ext2fs_open2(const char *name, const char *io_options,
+ 		if (retval)
+ 			goto cleanup;
+ 	}
++retry:
+ 	retval = io_channel_read_blk(fs->io, superblock, -SUPERBLOCK_SIZE,
+ 				     fs->super);
+ 	if (retval)
+@@ -232,8 +234,11 @@ errcode_t ext2fs_open2(const char *name, const char *io_options,
+ 		retval = 0;
+ 		if (!ext2fs_verify_csum_type(fs, fs->super))
+ 			retval = EXT2_ET_UNKNOWN_CSUM;
+-		if (!ext2fs_superblock_csum_verify(fs, fs->super))
++		if (!ext2fs_superblock_csum_verify(fs, fs->super)) {
++			if (csum_retries++ < 3)
++				goto retry;
+ 			retval = EXT2_ET_SB_CSUM_INVALID;
++		}
+ 	}
+ 
+ #ifdef WORDS_BIGENDIAN
+-- 
+2.25.1
+

0008-libext2fs-fix-potential-buffer-overrun-in-__get_dire.patch

@@ -0,0 +1,40 @@
+From 7b63656df911172efea39295266501cdd91869d7 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Wed, 26 Aug 2020 16:29:29 -0400
+Subject: [PATCH] libext2fs: fix potential buffer overrun in
+ __get_dirent_tail()
+
+If the file system is corrupted, there is a potential of a read-only
+buffer overrun.  Fortunately, we don't actually use the result of that
+pointer dereference, and the overrun is at most 64k.
+
+Conflict:if ((char *)d > ((char *)dirent + fs-blocksize))->if ((void *) > ((void *)dirent + fs->blocksize))
+
+Google-Bug-Id: #158564737
+Fixes: eb88b751745b ("libext2fs: make ext2fs_dirent_has_tail() more strict")
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/csum.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/ext2fs/csum.c b/lib/ext2fs/csum.c
+index 54b53a3c..9b0b7908 100644
+--- a/lib/ext2fs/csum.c
++++ b/lib/ext2fs/csum.c
+@@ -266,12 +266,11 @@ static errcode_t __get_dirent_tail(ext2_filsys fs,
+ 	d = dirent;
+ 	top = EXT2_DIRENT_TAIL(dirent, fs->blocksize);
+ 
+-	rec_len = translate(d->rec_len);
+ 	while ((void *) d < top) {
++		rec_len = translate(d->rec_len);
+ 		if ((rec_len < 8) || (rec_len & 0x03))
+ 			return EXT2_ET_DIR_CORRUPTED;
+ 		d = (struct ext2_dir_entry *)(((char *)d) + rec_len);
+-		rec_len = translate(d->rec_len);
+ 	}
+ 
+ 	if ((void *)d > ((void *)dirent + fs->blocksize))
+-- 
+2.25.1
+

0009-tune2fs-reset-MMP-state-on-error-exit.patch

@@ -0,0 +1,394 @@
+From a2292f8a5108b6b651008c34e272f7a149040557 Mon Sep 17 00:00:00 2001
+From: Andreas Dilger <adilger@whamcloud.com>
+Date: Wed, 17 Jun 2020 05:40:49 -0600
+Subject: [PATCH] tune2fs: reset MMP state on error exit
+
+If tune2fs cannot perform the requested change, ensure that the MMP
+block is reset to the unused state before exiting.  Otherwise, the
+filesystem will be left with mmp_seq = EXT4_MMP_SEQ_FSCK set, which
+prevents it from being mounted afterward:
+
+    EXT4-fs warning (device dm-9): ext4_multi_mount_protect:311:
+        fsck is running on the filesystem
+
+Add a test to try some failed tune2fs operations and verify that the
+MMP block is left in a clean state afterward.
+
+Lustre-bug-id: https://jira.whamcloud.com/browse/LU-13672
+Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ misc/tune2fs.c                | 84 ++++++++++++++++++++---------------
+ tests/t_mmp_2off/script       |  4 +-
+ tests/t_mmp_fail/is_slow_test |  0
+ tests/t_mmp_fail/name         |  1 +
+ tests/t_mmp_fail/script       | 44 ++++++++++++++++++
+ 5 files changed, 95 insertions(+), 38 deletions(-)
+ create mode 100644 tests/t_mmp_fail/is_slow_test
+ create mode 100644 tests/t_mmp_fail/name
+ create mode 100644 tests/t_mmp_fail/script
+
+diff --git a/misc/tune2fs.c b/misc/tune2fs.c
+index 39cf8587..a481d8f3 100644
+--- a/misc/tune2fs.c
++++ b/misc/tune2fs.c
+@@ -423,7 +423,7 @@ static int update_mntopts(ext2_filsys fs, char *mntopts)
+ 	return 0;
+ }
+ 
+-static void check_fsck_needed(ext2_filsys fs, const char *prompt)
++static int check_fsck_needed(ext2_filsys fs, const char *prompt)
+ {
+ 	/* Refuse to modify anything but a freshly checked valid filesystem. */
+ 	if (!(fs->super->s_state & EXT2_VALID_FS) ||
+@@ -433,15 +433,17 @@ static void check_fsck_needed(ext2_filsys fs, const char *prompt)
+ 		puts(_(please_fsck));
+ 		if (mount_flags & EXT2_MF_READONLY)
+ 			printf("%s", _("(and reboot afterwards!)\n"));
+-		exit(1);
++		return 1;
+ 	}
+ 
+ 	/* Give the admin a few seconds to bail out of a dangerous op. */
+ 	if (!getenv("TUNE2FS_FORCE_PROMPT") && (!isatty(0) || !isatty(1)))
+-		return;
++		return 0;
+ 
+ 	puts(prompt);
+ 	proceed_question(5);
++
++	return 0;
+ }
+ 
+ static void request_dir_fsck_afterwards(ext2_filsys fs)
+@@ -1224,12 +1226,13 @@ mmp_error:
+ 
+ 	if (FEATURE_ON(E2P_FEATURE_RO_INCOMPAT,
+ 		       EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)) {
+-		check_fsck_needed(fs,
+-			_("Enabling checksums could take some time."));
++		if (check_fsck_needed(fs,
++			_("Enabling checksums could take some time.")))
++			return 1;
+ 		if (mount_flags & EXT2_MF_MOUNTED) {
+ 			fputs(_("Cannot enable metadata_csum on a mounted "
+ 				"filesystem!\n"), stderr);
+-			exit(1);
++			return 1;
+ 		}
+ 		if (!ext2fs_has_feature_extents(fs->super))
+ 			printf("%s",
+@@ -1265,12 +1268,13 @@ mmp_error:
+ 			EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)) {
+ 		__u32	test_features[3];
+ 
+-		check_fsck_needed(fs,
+-			_("Disabling checksums could take some time."));
++		if (check_fsck_needed(fs,
++			_("Disabling checksums could take some time.")))
++			return 1;
+ 		if (mount_flags & EXT2_MF_MOUNTED) {
+ 			fputs(_("Cannot disable metadata_csum on a mounted "
+ 				"filesystem!\n"), stderr);
+-			exit(1);
++			return 1;
+ 		}
+ 		rewrite_checksums = 1;
+ 
+@@ -1311,7 +1315,7 @@ mmp_error:
+ 		if (mount_flags & EXT2_MF_MOUNTED) {
+ 			fputs(_("Cannot enable uninit_bg on a mounted "
+ 				"filesystem!\n"), stderr);
+-			exit(1);
++			return 1;
+ 		}
+ 
+ 		/* Do not enable uninit_bg when metadata_csum enabled */
+@@ -1326,7 +1330,7 @@ mmp_error:
+ 		if (mount_flags & EXT2_MF_MOUNTED) {
+ 			fputs(_("Cannot disable uninit_bg on a mounted "
+ 				"filesystem!\n"), stderr);
+-			exit(1);
++			return 1;
+ 		}
+ 
+ 		err = disable_uninit_bg(fs,
+@@ -1345,7 +1349,7 @@ mmp_error:
+ 		if (mount_flags & EXT2_MF_MOUNTED) {
+ 			fprintf(stderr, _("Cannot enable 64-bit mode "
+ 					  "while mounted!\n"));
+-			exit(1);
++			return 1;
+ 		}
+ 		ext2fs_clear_feature_64bit(sb);
+ 		feature_64bit = 1;
+@@ -1355,7 +1359,7 @@ mmp_error:
+ 		if (mount_flags & EXT2_MF_MOUNTED) {
+ 			fprintf(stderr, _("Cannot disable 64-bit mode "
+ 					  "while mounted!\n"));
+-			exit(1);
++			return 1;
+ 		}
+ 		ext2fs_set_feature_64bit(sb);
+ 		feature_64bit = -1;
+@@ -1385,7 +1389,7 @@ mmp_error:
+ 		if (fs->super->s_inode_size == EXT2_GOOD_OLD_INODE_SIZE) {
+ 			fprintf(stderr, _("Cannot enable project feature; "
+ 					  "inode size too small.\n"));
+-			exit(1);
++			return 1;
+ 		}
+ 		Q_flag = 1;
+ 		quota_enable[PRJQUOTA] = QOPT_ENABLE;
+@@ -1452,8 +1456,9 @@ mmp_error:
+ 				      stderr);
+ 				return 1;
+ 			}
+-			check_fsck_needed(fs, _("Recalculating checksums "
+-						"could take some time."));
++			if (check_fsck_needed(fs, _("Recalculating checksums "
++						     "could take some time.")))
++				return 1;
+ 			rewrite_checksums = 1;
+ 		}
+ 	}
+@@ -1566,7 +1571,7 @@ err:
+ 	return 1;
+ }
+ 
+-static void handle_quota_options(ext2_filsys fs)
++static int handle_quota_options(ext2_filsys fs)
+ {
+ 	errcode_t retval;
+ 	quota_ctx_t qctx;
+@@ -1580,13 +1585,13 @@ static void handle_quota_options(ext2_filsys fs)
+ 			break;
+ 	if (qtype == MAXQUOTAS)
+ 		/* Nothing to do. */
+-		return;
++		return 0;
+ 
+ 	if (quota_enable[PRJQUOTA] == QOPT_ENABLE &&
+ 	    fs->super->s_inode_size == EXT2_GOOD_OLD_INODE_SIZE) {
+ 		fprintf(stderr, _("Cannot enable project quota; "
+ 				  "inode size too small.\n"));
+-		exit(1);
++		return 1;
+ 	}
+ 
+ 	for (qtype = 0; qtype < MAXQUOTAS; qtype++) {
+@@ -1598,7 +1603,7 @@ static void handle_quota_options(ext2_filsys fs)
+ 	if (retval) {
+ 		com_err(program_name, retval,
+ 			_("while initializing quota context in support library"));
+-		exit(1);
++		return 1;
+ 	}
+ 
+ 	if (qtype_bits)
+@@ -1614,7 +1619,7 @@ static void handle_quota_options(ext2_filsys fs)
+ 					com_err(program_name, retval,
+ 						_("while updating quota limits (%d)"),
+ 						qtype);
+-					exit(1);
++					return 1;
+ 				}
+ 			}
+ 			retval = quota_write_inode(qctx, 1 << qtype);
+@@ -1622,7 +1627,7 @@ static void handle_quota_options(ext2_filsys fs)
+ 				com_err(program_name, retval,
+ 					_("while writing quota file (%d)"),
+ 					qtype);
+-				exit(1);
++				return 1;
+ 			}
+ 			/* Enable Quota feature if one of quota enabled */
+ 			if (!ext2fs_has_feature_quota(fs->super)) {
+@@ -1640,7 +1645,7 @@ static void handle_quota_options(ext2_filsys fs)
+ 				com_err(program_name, retval,
+ 					_("while removing quota file (%d)"),
+ 					qtype);
+-				exit(1);
++				return 1;
+ 			}
+ 			if (qtype == PRJQUOTA) {
+ 				ext2fs_clear_feature_project(fs->super);
+@@ -1663,7 +1668,7 @@ static void handle_quota_options(ext2_filsys fs)
+ 	}
+ 	if (need_dirty)
+ 		ext2fs_mark_super_dirty(fs);
+-	return;
++	return 0;
+ }
+ 
+ static int option_handle_function(char *token)
+@@ -2958,8 +2963,10 @@ retry_open:
+ 			rc = 1;
+ 			goto closefs;
+ 		}
+-		check_fsck_needed(fs,
++		rc = check_fsck_needed(fs,
+ 			_("Resizing inodes could take some time."));
++		if (rc)
++			goto closefs;
+ 		/*
+ 		 * If inode resize is requested use the
+ 		 * Undo I/O manager
+@@ -3015,16 +3022,16 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n"
+ 	/* Recover the journal if possible. */
+ 	if ((open_flag & EXT2_FLAG_RW) && !(mount_flags & (EXT2_MF_BUSY | EXT2_MF_MOUNTED)) &&
+ 	    ext2fs_has_feature_journal_needs_recovery(fs->super)) {
+-		errcode_t err;
+-
+ 		printf(_("Recovering journal.\n"));
+-		err = ext2fs_run_ext3_journal(&fs);
+-		if (err) {
+-			com_err("tune2fs", err, "while recovering journal.\n");
++		retval = ext2fs_run_ext3_journal(&fs);
++		if (retval) {
++			com_err("tune2fs", retval,
++				"while recovering journal.\n");
+ 			printf(_("Please run e2fsck -fy %s.\n"), argv[1]);
+ 			if (fs)
+ 				ext2fs_close_free(&fs);
+-			exit(1);
++			rc = 1;
++			goto closefs;
+ 		}
+ 		sb = fs->super;
+ 	}
+@@ -3128,13 +3135,13 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n"
+ 			fputs(_("Warning: label too long, truncating.\n"),
+ 			      stderr);
+ 		memset(sb->s_volume_name, 0, sizeof(sb->s_volume_name));
+-		strncpy(sb->s_volume_name, new_label,
++		strncpy((char *)sb->s_volume_name, new_label,
+ 			sizeof(sb->s_volume_name));
+ 		ext2fs_mark_super_dirty(fs);
+ 	}
+ 	if (M_flag) {
+ 		memset(sb->s_last_mounted, 0, sizeof(sb->s_last_mounted));
+-		strncpy(sb->s_last_mounted, new_last_mounted,
++		strncpy((char *)sb->s_last_mounted, new_last_mounted,
+ 			sizeof(sb->s_last_mounted));
+ 		ext2fs_mark_super_dirty(fs);
+ 	}
+@@ -3176,7 +3183,9 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n"
+ 			rc = 1;
+ 			goto closefs;
+ 		}
+-		handle_quota_options(fs);
++		rc = handle_quota_options(fs);
++		if (rc)
++			goto closefs;
+ 	}
+ 
+ 	if (U_flag) {
+@@ -3188,9 +3197,11 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n"
+ 		if (!ext2fs_has_feature_csum_seed(fs->super) &&
+ 		    (ext2fs_has_feature_metadata_csum(fs->super) ||
+ 		     ext2fs_has_feature_ea_inode(fs->super))) {
+-			check_fsck_needed(fs,
++			rc = check_fsck_needed(fs,
+ 				_("Setting the UUID on this "
+ 				  "filesystem could take some time."));
++			if (rc)
++				goto closefs;
+ 			rewrite_checksums = 1;
+ 		}
+ 
+@@ -3212,7 +3223,8 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n"
+ 					"metadata_csum_seed' and re-run this "
+ 					"command.\n"), stderr);
+ 				try_confirm_csum_seed_support();
+-				exit(1);
++				rc = 1;
++				goto closefs;
+ 			}
+ 
+ 			/*
+diff --git a/tests/t_mmp_2off/script b/tests/t_mmp_2off/script
+index ccd859b2..1cd07191 100644
+--- a/tests/t_mmp_2off/script
++++ b/tests/t_mmp_2off/script
+@@ -8,7 +8,7 @@ if [ "$status" != 0 ] ; then
+ 	return $status
+ fi
+ 
+-$TUNE2FS -O ^mmp $TMPFILE > $test_name.log 2>&1
++$TUNE2FS -O ^mmp $TMPFILE >> $test_name.log 2>&1
+ status=$?
+ if [ "$status" != 0 ] ; then
+ 	echo "tune2fs -O ^mmp failed" > $test_name.failed
+@@ -16,7 +16,7 @@ if [ "$status" != 0 ] ; then
+ 	return $status
+ fi
+ 
+-$FSCK $FSCK_OPT $TMPFILE > $test_name.log 2>&1
++$FSCK $FSCK_OPT $TMPFILE >> $test_name.log 2>&1
+ status=$?
+ if [ "$status" = 0 ] ; then
+ 	echo "$test_name: $test_description: ok"
+diff --git a/tests/t_mmp_fail/is_slow_test b/tests/t_mmp_fail/is_slow_test
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/tests/t_mmp_fail/name b/tests/t_mmp_fail/name
+new file mode 100644
+index 00000000..e872ddaa
+--- /dev/null
++++ b/tests/t_mmp_fail/name
+@@ -0,0 +1 @@
++error running tune2fs with MMP
+diff --git a/tests/t_mmp_fail/script b/tests/t_mmp_fail/script
+new file mode 100644
+index 00000000..5fa6a846
+--- /dev/null
++++ b/tests/t_mmp_fail/script
+@@ -0,0 +1,44 @@
++FSCK_OPT=-yf
++
++$MKE2FS -q -F -o Linux -I 128 -b 1024 -O mmp $TMPFILE 100 > $test_name.log 2>&1
++status=$?
++if [ "$status" != 0 ] ; then
++	echo "mke2fs -O mmp failed" > $test_name.failed
++	echo "$test_name: $test_description: failed"
++	return $status
++fi
++
++$TUNE2FS -O project $TMPFILE >> $test_name.log 2>&1
++status=$?
++if [ "$status" == 0 ] ; then
++	echo "'tune2fs -O project' succeeded on small inode" > $test_name.failed
++	echo "$test_name: $test_description: failed"
++	return 1
++fi
++$TUNE2FS -o bad_option $TMPFILE >> $test_name.log 2>&1
++status=$?
++if [ "$status" == 0 ] ; then
++	echo "'tune2fs -o bad_option' succeeded" > $test_name.failed
++	echo "$test_name: $test_description: failed"
++	return 1
++fi
++$E2MMPSTATUS -i $TMPFILE >> $test_name.log 2>&1
++$E2MMPSTATUS $TMPFILE >> $test_name.log 2>&1
++status=$?
++if [ "$status" != 0 ] ; then
++	echo "$TUNE2FS left MMP block in bad state" > $test_name.failed
++	echo "$test_name: $test_description: failed"
++	return $status
++fi
++
++$FSCK $FSCK_OPT $TMPFILE >> $test_name.log 2>&1
++status=$?
++if [ "$status" = 0 ] ; then
++	echo "$test_name: $test_description: ok"
++	touch $test_name.ok
++else
++	echo "e2fsck after MMP disable failed" > $test_name.failed
++	echo "$test_name: $test_description: failed"
++	return $status
++fi
++rm -f $TMPFILE
+-- 
+2.25.1
+

0010-e2fsck-use-size_t-instead-of-int-in-string_copy.patch

@@ -0,0 +1,46 @@
+From 0c6fe31f328e7244164d8a954488f5738caaf915 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Fri, 5 Jun 2020 10:14:40 +0200
+Subject: [PATCH] e2fsck: use size_t instead of int in string_copy()
+
+len argument in string_copy() is int, but it is used with malloc(),
+strlen(), strncpy() and some callers use sizeof() to pass value in. So
+it really ought to be size_t rather than int. Fix it.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ e2fsck/e2fsck.h | 2 +-
+ e2fsck/util.c   | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/e2fsck/e2fsck.h b/e2fsck/e2fsck.h
+index feb605c7..7e0895c2 100644
+--- a/e2fsck/e2fsck.h
++++ b/e2fsck/e2fsck.h
+@@ -608,7 +608,7 @@ extern void log_err(e2fsck_t ctx, const char *fmt, ...)
+ extern void e2fsck_read_bitmaps(e2fsck_t ctx);
+ extern void e2fsck_write_bitmaps(e2fsck_t ctx);
+ extern void preenhalt(e2fsck_t ctx);
+-extern char *string_copy(e2fsck_t ctx, const char *str, int len);
++extern char *string_copy(e2fsck_t ctx, const char *str, size_t len);
+ extern int fs_proc_check(const char *fs_name);
+ extern int check_for_modules(const char *fs_name);
+ #ifdef RESOURCE_TRACK
+diff --git a/e2fsck/util.c b/e2fsck/util.c
+index 8cebd95a..425fe88e 100644
+--- a/e2fsck/util.c
++++ b/e2fsck/util.c
+@@ -135,7 +135,7 @@ void *e2fsck_allocate_memory(e2fsck_t ctx, unsigned long size,
+ }
+ 
+ char *string_copy(e2fsck_t ctx EXT2FS_ATTR((unused)),
+-		  const char *str, int len)
++		  const char *str, size_t len)
+ {
+ 	char	*ret;
+ 
+-- 
+2.25.1
+

0011-libext2fs-fix-incorrect-negative-error-return-in-uni.patch

@@ -0,0 +1,50 @@
+From dd2ed58ab1873304ba2e7d0a0e49ec87981aafc7 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 21 Jan 2021 16:00:01 -0500
+Subject: [PATCH] libext2fs: fix incorrect negative error return in unix and
+ sparse io managers
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/sparse_io.c | 4 ++--
+ lib/ext2fs/unix_io.c   | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ext2fs/sparse_io.c b/lib/ext2fs/sparse_io.c
+index 5e0e2cd9..f287e76d 100644
+--- a/lib/ext2fs/sparse_io.c
++++ b/lib/ext2fs/sparse_io.c
+@@ -138,7 +138,7 @@ static errcode_t io_manager_configure(struct sparse_io_params *params,
+ 	retval = io_manager_import_sparse(params, sm, io);
+ 	if (retval) {
+ 		if (!params->block_size || !params->blocks_count) {
+-			retval = -EINVAL;
++			retval = EINVAL;
+ 			goto err_params;
+ 		}
+ 		sm->block_size = params->block_size;
+@@ -229,7 +229,7 @@ static errcode_t read_sparse_argv(const char *name, bool is_fd,
+ 
+ 	if (ret < 1) {
+ 		free(sparse_params->file);
+-		return -EINVAL;
++		return EINVAL;
+ 	}
+ 	return 0;
+ }
+diff --git a/lib/ext2fs/unix_io.c b/lib/ext2fs/unix_io.c
+index 628e60c3..2bcd435c 100644
+--- a/lib/ext2fs/unix_io.c
++++ b/lib/ext2fs/unix_io.c
+@@ -733,7 +733,7 @@ static errcode_t unixfd_open(const char *str_fd, int flags,
+ #if defined(HAVE_FCNTL)
+ 	fd_flags = fcntl(fd, F_GETFD);
+ 	if (fd_flags == -1)
+-		return -EBADF;
++		return EBADF;
+ 
+ 	flags = 0;
+ 	if (fd_flags & O_RDWR)
+-- 
+2.25.1
+

0012-debugfs-fix-double-free-in-realloc-error-path-in-rea.patch

@@ -0,0 +1,33 @@
+From 12c415fb0bf4aba496d5be0516e75a54bfca6c54 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 21 Jan 2021 16:01:14 -0500
+Subject: [PATCH] debugfs: fix double free in realloc() error path in
+ read_list()
+
+Fixes-Coverity-Bug: 1464575
+Fixes-Coverity-Bug: 1464571
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ debugfs/util.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/debugfs/util.c b/debugfs/util.c
+index da3a7ef7..fb05e897 100644
+--- a/debugfs/util.c
++++ b/debugfs/util.c
+@@ -545,10 +545,8 @@ errcode_t read_list(char *str, blk64_t **list, size_t *len)
+ 			goto err;
+ 		}
+ 		l = realloc(lst, sizeof(blk64_t) * (ln + y - x + 1));
+-		if (l == NULL) {
+-			retval = ENOMEM;
+-			goto err;
+-		}
++		if (l == NULL)
++			return ENOMEM;
+ 		lst = l;
+ 		for (; x <= y; x++)
+ 			lst[ln++] = x;
+-- 
+2.25.1
+

0013-tune2fs-fix-resource-leak-in-handle_quota_options.patch

@@ -0,0 +1,45 @@
+From 32c2b19945676367db636bb23d57cac7d46cb8c5 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 21 Jan 2021 16:07:25 -0500
+Subject: [PATCH] tune2fs: fix resource leak in handle_quota_options()
+
+Addresses-Coverity-Bug: 1467672
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ misc/tune2fs.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/misc/tune2fs.c b/misc/tune2fs.c
+index a481d8f3..48b8ce85 100644
+--- a/misc/tune2fs.c
++++ b/misc/tune2fs.c
+@@ -1619,6 +1619,8 @@ static int handle_quota_options(ext2_filsys fs)
+ 					com_err(program_name, retval,
+ 						_("while updating quota limits (%d)"),
+ 						qtype);
++				quota_errout:
++					quota_release_context(&qctx);
+ 					return 1;
+ 				}
+ 			}
+@@ -1627,7 +1629,7 @@ static int handle_quota_options(ext2_filsys fs)
+ 				com_err(program_name, retval,
+ 					_("while writing quota file (%d)"),
+ 					qtype);
+-				return 1;
++				goto quota_errout;
+ 			}
+ 			/* Enable Quota feature if one of quota enabled */
+ 			if (!ext2fs_has_feature_quota(fs->super)) {
+@@ -1645,7 +1647,7 @@ static int handle_quota_options(ext2_filsys fs)
+ 				com_err(program_name, retval,
+ 					_("while removing quota file (%d)"),
+ 					qtype);
+-				return 1;
++				goto quota_errout;
+ 			}
+ 			if (qtype == PRJQUOTA) {
+ 				ext2fs_clear_feature_project(fs->super);
+-- 
+2.25.1
+

0014-libext2fs-fix-UBSAN-warning-in-ext2fs_mmp_new_seq.patch

@@ -0,0 +1,36 @@
+From c3c41d4ffbdbbce2e7199ece8f76cea0310de820 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 21 Jan 2021 23:27:00 -0500
+Subject: [PATCH] libext2fs: fix UBSAN warning in ext2fs_mmp_new_seq()
+
+Left shifting the pid by 16 bits can cause a UBSAN warning if the pid
+is greater than or equal to 2**16.  It doesn't matter since we're just
+using the pid to seed for a pseudo-random number generator, but
+silence the warning by just swapping the high and low 16 bits of the
+pid instead.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/mmp.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ext2fs/mmp.c b/lib/ext2fs/mmp.c
+index e96a2273..223b617d 100644
+--- a/lib/ext2fs/mmp.c
++++ b/lib/ext2fs/mmp.c
+@@ -172,9 +172,11 @@ unsigned ext2fs_mmp_new_seq(void)
+ #ifdef CONFIG_MMP
+ 	unsigned new_seq;
+ 	struct timeval tv;
++	unsigned long pid = getpid();
+ 
+ 	gettimeofday(&tv, 0);
+-	srand((getpid() << 16) ^ getuid() ^ tv.tv_sec ^ tv.tv_usec);
++	pid = (pid >> 16) | ((pid & 0xFFFF) << 16);
++	srand(pid ^ getuid() ^ tv.tv_sec ^ tv.tv_usec);
+ 
+ 	gettimeofday(&tv, 0);
+ 	/* Crank the random number generator a few times */
+-- 
+2.25.1
+

0015-libext2fs-fix-segault-when-setting-an-xattr-with-an-.patch

@@ -0,0 +1,210 @@
+From 9f4e9fbbe23b54ccac7412f593704d5948e2007d Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Sun, 7 Feb 2021 23:21:58 -0500
+Subject: [PATCH] libext2fs: fix segault when setting an xattr with an unknown
+ prefix
+
+Also avoid unnecessary calls to find_ea_index() by caching the short
+name and name index in the ext2_attr structure.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/ext_attr.c | 64 +++++++++++++++++++++----------------------
+ 1 file changed, 32 insertions(+), 32 deletions(-)
+
+diff --git a/lib/ext2fs/ext_attr.c b/lib/ext2fs/ext_attr.c
+index 4580d2e1..77e9d35b 100644
+--- a/lib/ext2fs/ext_attr.c
++++ b/lib/ext2fs/ext_attr.c
+@@ -293,7 +293,9 @@ errcode_t ext2fs_adjust_ea_refcount(ext2_filsys fs, blk_t blk,
+ 
+ /* Manipulate the contents of extended attribute regions */
+ struct ext2_xattr {
++	int name_index;
+ 	char *name;
++	char *short_name;
+ 	void *value;
+ 	unsigned int value_len;
+ 	ext2_ino_t ea_ino;
+@@ -644,29 +646,23 @@ write_xattrs_to_buffer(ext2_filsys fs, struct ext2_xattr *attrs, int count,
+ 	struct ext2_xattr *x;
+ 	struct ext2_ext_attr_entry *e = entries_start;
+ 	char *end = (char *) entries_start + storage_size;
+-	const char *shortname;
+ 	unsigned int value_size;
+-	int idx, ret;
+ 	errcode_t err;
+ 
+ 	memset(entries_start, 0, storage_size);
+ 	for (x = attrs; x < attrs + count; x++) {
+-		/* Calculate index and shortname position */
+-		shortname = x->name;
+-		ret = find_ea_index(x->name, &shortname, &idx);
+-
+ 		value_size = ((x->value_len + EXT2_EXT_ATTR_PAD - 1) /
+ 			      EXT2_EXT_ATTR_PAD) * EXT2_EXT_ATTR_PAD;
+ 
+ 		/* Fill out e appropriately */
+-		e->e_name_len = strlen(shortname);
+-		e->e_name_index = (ret ? idx : 0);
++		e->e_name_len = strlen(x->short_name);
++		e->e_name_index = x->name_index;
+ 
+ 		e->e_value_size = x->value_len;
+ 		e->e_value_inum = x->ea_ino;
+ 
+ 		/* Store name */
+-		memcpy((char *)e + sizeof(*e), shortname, e->e_name_len);
++		memcpy((char *)e + sizeof(*e), x->short_name, e->e_name_len);
+ 		if (x->ea_ino) {
+ 			e->e_value_offs = 0;
+ 		} else {
+@@ -876,6 +872,8 @@ static errcode_t read_xattrs_from_buffer(struct ext2_xattr_handle *handle,
+ 			memcpy(x->name + prefix_len,
+ 			       (char *)entry + sizeof(*entry),
+ 			       entry->e_name_len);
++		x->short_name = x->name + prefix_len;
++		x->name_index = entry->e_name_index;
+ 
+ 		/* Check & copy value */
+ 		if (!ext2fs_has_feature_ea_inode(handle->fs->super) &&
+@@ -1303,7 +1301,8 @@ out:
+ }
+ 
+ static errcode_t xattr_update_entry(ext2_filsys fs, struct ext2_xattr *x,
+-				    const char *name, const void *value,
++				    const char *name, const char *short_name,
++				    int index, const void *value,
+ 				    size_t value_len, int in_inode)
+ {
+ 	ext2_ino_t ea_ino = 0;
+@@ -1337,8 +1336,11 @@ static errcode_t xattr_update_entry(ext2_filsys fs, struct ext2_xattr *x,
+ 			goto fail;
+ 	}
+ 
+-	if (!x->name)
++	if (!x->name) {
+ 		x->name = new_name;
++		x->short_name = new_name + (short_name  - name);
++	}
++	x->name_index = index;
+ 
+ 	if (x->value)
+ 		ext2fs_free_mem(&x->value);
+@@ -1357,31 +1359,27 @@ fail:
+ }
+ 
+ static int xattr_find_position(struct ext2_xattr *attrs, int count,
+-			       const char *name)
++			       const char *shortname, int name_idx)
+ {
+ 	struct ext2_xattr *x;
+ 	int i;
+-	const char *shortname, *x_shortname;
+-	int name_idx, x_name_idx;
+ 	int shortname_len, x_shortname_len;
+ 
+-	find_ea_index(name, &shortname, &name_idx);
+ 	shortname_len = strlen(shortname);
+ 
+ 	for (i = 0, x = attrs; i < count; i++, x++) {
+-		find_ea_index(x->name, &x_shortname, &x_name_idx);
+-		if (name_idx < x_name_idx)
++		if (name_idx < x->name_index)
+ 			break;
+-		if (name_idx > x_name_idx)
++		if (name_idx > x->name_index)
+ 			continue;
+ 
+-		x_shortname_len = strlen(x_shortname);
++		x_shortname_len = strlen(x->short_name);
+ 		if (shortname_len < x_shortname_len)
+ 			break;
+ 		if (shortname_len > x_shortname_len)
+ 			continue;
+ 
+-		if (memcmp(shortname, x_shortname, shortname_len) <= 0)
++		if (memcmp(shortname, x->short_name, shortname_len) <= 0)
+ 			break;
+ 	}
+ 	return i;
+@@ -1396,8 +1394,8 @@ static errcode_t xattr_array_update(struct ext2_xattr_handle *h,
+ 	struct ext2_xattr tmp;
+ 	int add_to_ibody;
+ 	int needed;
+-	int name_len, name_idx;
+-	const char *shortname;
++	int name_len, name_idx = 0;
++	const char *shortname = name;
+ 	int new_idx;
+ 	int ret;
+ 
+@@ -1424,7 +1422,8 @@ static errcode_t xattr_array_update(struct ext2_xattr_handle *h,
+ 
+ 		/* Update the existing entry. */
+ 		ret = xattr_update_entry(h->fs, &h->attrs[old_idx], name,
+-					 value, value_len, in_inode);
++					 shortname, name_idx, value,
++					 value_len, in_inode);
+ 		if (ret)
+ 			return ret;
+ 		if (h->ibody_count <= old_idx) {
+@@ -1452,7 +1451,8 @@ static errcode_t xattr_array_update(struct ext2_xattr_handle *h,
+ 	if (old_idx >= 0) {
+ 		/* Update the existing entry. */
+ 		ret = xattr_update_entry(h->fs, &h->attrs[old_idx], name,
+-					 value, value_len, in_inode);
++					 shortname, name_idx, value,
++					 value_len, in_inode);
+ 		if (ret)
+ 			return ret;
+ 		if (old_idx < h->ibody_count) {
+@@ -1461,7 +1461,8 @@ static errcode_t xattr_array_update(struct ext2_xattr_handle *h,
+ 			 * entries in the block are sorted.
+ 			 */
+ 			new_idx = xattr_find_position(h->attrs + h->ibody_count,
+-				h->count - h->ibody_count, name);
++						      h->count - h->ibody_count,
++						      shortname, name_idx);
+ 			new_idx += h->ibody_count - 1;
+ 			tmp = h->attrs[old_idx];
+ 			memmove(h->attrs + old_idx, h->attrs + old_idx + 1,
+@@ -1473,7 +1474,8 @@ static errcode_t xattr_array_update(struct ext2_xattr_handle *h,
+ 	}
+ 
+ 	new_idx = xattr_find_position(h->attrs + h->ibody_count,
+-				      h->count - h->ibody_count, name);
++				      h->count - h->ibody_count,
++				      shortname, name_idx);
+ 	new_idx += h->ibody_count;
+ 	add_to_ibody = 0;
+ 
+@@ -1484,8 +1486,8 @@ add_new:
+ 			return ret;
+ 	}
+ 
+-	ret = xattr_update_entry(h->fs, &h->attrs[h->count], name, value,
+-				 value_len, in_inode);
++	ret = xattr_update_entry(h->fs, &h->attrs[h->count], name, shortname,
++				 name_idx, value, value_len, in_inode);
+ 	if (ret)
+ 		return ret;
+ 
+@@ -1503,12 +1505,10 @@ static int space_used(struct ext2_xattr *attrs, int count)
+ {
+ 	int total = 0;
+ 	struct ext2_xattr *x;
+-	const char *shortname;
+-	int i, len, name_idx;
++	int i, len;
+ 
+ 	for (i = 0, x = attrs; i < count; i++, x++) {
+-		find_ea_index(x->name, &shortname, &name_idx);
+-		len = strlen(shortname);
++		len = strlen(x->short_name);
+ 		total += EXT2_EXT_ATTR_LEN(len);
+ 		if (!x->ea_ino)
+ 			total += EXT2_EXT_ATTR_SIZE(x->value_len);
+-- 
+2.25.1
+

0016-mke2fs-fix-a-importing-a-directory-with-an-ACL-and-i.patch

@@ -0,0 +1,39 @@
+From 67e6ae0a354057bdc2639896893196bea7a2f822 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Tue, 9 Feb 2021 17:11:23 -0500
+Subject: [PATCH] mke2fs: fix a importing a directory with an ACL and inline
+ data
+
+If an inode which is copied into a file system using "mke2fs -d" has
+an ACL (or extended attributes) and it is also using inline data, when
+the extended attribute(s) are copied in, the inline data gets dropped due to a missing call to ext2fs_xattrs_read().
+
+Conflict:delete test cases
+
+Addresses-Debian-Bug: #971014
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ misc/create_inode.c            |   7 ++
+ 1 files changed, 7 insertions(+)
+
+diff --git a/misc/create_inode.c b/misc/create_inode.c
+index 6f8487b9..194b06a2 100644
+--- a/misc/create_inode.c
++++ b/misc/create_inode.c
+@@ -166,6 +166,13 @@ static errcode_t set_inode_xattr(ext2_filsys fs, ext2_ino_t ino,
+ 		return retval;
+ 	}
+ 
++	retval = ext2fs_xattrs_read(handle);
++	if (retval) {
++		com_err(__func__, retval,
++			_("while reading xattrs for inode %u"), ino);
++		return retval;
++	}
++
+ 	retval = ext2fs_get_mem(size, &list);
+ 	if (retval) {
+ 		com_err(__func__, retval, _("while allocating memory"));
+-- 
+2.25.1
+

0017-mke2fs-fix-resource-leak-on-error-path-when-creating.patch

@@ -0,0 +1,27 @@
+From fb874e6ff42bee3ee327afc2651483b83311b445 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 11 Feb 2021 10:45:13 -0500
+Subject: [PATCH] mke2fs: fix resource leak on error path when creating inodes
+
+Addresses-Coverity-Bug: 1472856
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ misc/create_inode.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/misc/create_inode.c b/misc/create_inode.c
+index 194b06a2..67bf94cf 100644
+--- a/misc/create_inode.c
++++ b/misc/create_inode.c
+@@ -170,7 +170,7 @@ static errcode_t set_inode_xattr(ext2_filsys fs, ext2_ino_t ino,
+ 	if (retval) {
+ 		com_err(__func__, retval,
+ 			_("while reading xattrs for inode %u"), ino);
+-		return retval;
++		goto out;
+ 	}
+ 
+ 	retval = ext2fs_get_mem(size, &list);
+-- 
+2.25.1
+

0018-libext2fs-fix-incorrect-error-code-return-in-ext2fs_.patch

@@ -0,0 +1,28 @@
+From 1b25ea248c2335d39968b770a95dda4eae6b6fa4 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Fri, 12 Feb 2021 15:10:11 -0500
+Subject: [PATCH] libext2fs: fix incorrect error code return in
+ ext2fs_add_jounral_inode3()
+
+Addresses-Coverity-Bug: 1472255
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/mkjournal.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/ext2fs/mkjournal.c b/lib/ext2fs/mkjournal.c
+index 732ba7d6..bc8c57bf 100644
+--- a/lib/ext2fs/mkjournal.c
++++ b/lib/ext2fs/mkjournal.c
+@@ -524,7 +524,7 @@ errcode_t ext2fs_add_journal_inode3(ext2_filsys fs, struct ext2fs_journal_params
+ 			retval = ioctl(fd, EXT2_IOC_SETFLAGS, &f);
+ 			close(fd);
+ 			if (retval)
+-				return retval;
++				return errno;
+ 		}
+ #endif
+ #endif
+-- 
+2.25.1
+

0019-debugfs-fix-memory-allocation-failures-when-parsing-.patch

@@ -0,0 +1,89 @@
+From 462c424500a592723887b861f857650523bab359 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Fri, 12 Feb 2021 21:43:00 -0500
+Subject: [PATCH] debugfs: fix memory allocation failures when parsing
+ journal_write arguments
+
+Fix double-free issues when parsing an invalid journal_write command,
+such as: "journal_write -b 12 -b BAD -b 42".
+
+Conflict:return ENOMEM
+
+---
+ debugfs/do_journal.c |  8 ++++++--
+ debugfs/util.c       | 15 +++++++--------
+ 2 files changed, 13 insertions(+), 10 deletions(-)
+
+diff --git a/debugfs/do_journal.c b/debugfs/do_journal.c
+index 15ef682..5091a53 100644
+--- a/debugfs/do_journal.c
++++ b/debugfs/do_journal.c
+@@ -554,15 +554,19 @@ void do_journal_write(int argc, char *argv[], int sci_idx EXT2FS_ATTR((unused)),
+ 		switch (opt) {
+ 		case 'b':
+ 			err = read_list(optarg, &blist, &bn);
+-			if (err)
++			if (err) {
+ 				com_err(argv[0], err,
+ 					"while reading block list");
++				goto out;
++			}
+ 			break;
+ 		case 'r':
+ 			err = read_list(optarg, &rlist, &rn);
+-			if (err)
++			if (err) {
+ 				com_err(argv[0], err,
+ 					"while reading revoke list");
++				goto out;
++			}
+ 			break;
+ 		case 'c':
+ 			flags |= JOURNAL_WRITE_NO_COMMIT;
+diff --git a/debugfs/util.c b/debugfs/util.c
+index 091f6f6..5e84912 100644
+--- a/debugfs/util.c
++++ b/debugfs/util.c
+@@ -521,7 +521,7 @@ errcode_t read_list(char *str, blk64_t **list, size_t *len)
+ 	blk64_t *lst = *list;
+ 	size_t ln = *len;
+ 	char *tok, *p = str;
+-	errcode_t retval;
++	errcode_t retval = 0;
+ 
+ 	while ((tok = strtok(p, ","))) {
+ 		blk64_t *l;
+@@ -538,15 +538,17 @@ errcode_t read_list(char *str, blk64_t **list, size_t *len)
+ 				return errno;
+ 		} else if (*e != 0) {
+ 			retval = EINVAL;
+-			goto err;
++			break;
+ 		}
+ 		if (y < x) {
+ 			retval = EINVAL;
+-			goto err;
++			break;
+ 		}
+ 		l = realloc(lst, sizeof(blk64_t) * (ln + y - x + 1));
+-		if (l == NULL)
+-			return ENOMEM;
++		if (l == NULL) {
++			retval = ENOMEM;
++			break;
++		}
+ 		lst = l;
+ 		for (; x <= y; x++)
+ 			lst[ln++] = x;
+@@ -555,8 +557,5 @@ errcode_t read_list(char *str, blk64_t **list, size_t *len)
+ 
+ 	*list = lst;
+ 	*len = ln;
+-	return 0;
+-err:
+-	free(lst);
+ 	return retval;
+ }
+-- 
+1.8.3.1
+

0020-debugfs-fix-logdump-on-file-systems-with-block-sizes.patch

@@ -0,0 +1,30 @@
+From 28e22540e24fd2a70b8adf805fad4961f5234d21 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Sat, 13 Feb 2021 10:35:50 -0500
+Subject: [PATCH] debugfs: fix logdump on file systems with block sizes > 8192
+
+Conflict: delete blocksize EXT2_MAX_BLOCK_SIZE compare 
+
+Addresses-Coverity-Bug: 1472879
+Addresses-Coverity-Bug: 1472880
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ debugfs/logdump.c | 4 ++--
+ 1 file changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/debugfs/logdump.c b/debugfs/logdump.c
+index 5d3f3d9a..6826b250 100644
+--- a/debugfs/logdump.c
++++ b/debugfs/logdump.c
+@@ -350,7 +350,7 @@ static void dump_journal(char *cmdname, FILE *out_file,
+ {
+ 	struct ext2_super_block *sb;
+ 	char			jsb_buffer[1024];
+-	char			buf[8192];
++	char			buf[EXT2_MAX_BLOCK_SIZE];
+ 	journal_superblock_t	*jsb;
+ 	unsigned int		blocksize = 1024;
+ 	int			retval;
+-- 
+2.25.1
+

0021-libext2fs-fix-crash-when-ext2fs_mmp_stop-is-called-b.patch

@@ -0,0 +1,34 @@
+From 71f9bf7b08f2f7b632323719a4e69e94e0567a70 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Sun, 14 Feb 2021 23:51:45 -0500
+Subject: [PATCH] libext2fs: fix crash when ext2fs_mmp_stop() is called before
+ MMP is initialized
+
+The fatal_error() function in e2fsck can call ext2fs_mmp_stop() on a
+file system where MMP hasn't yet been initialized.  When that happens,
+instead of crashing, have ext2fs_mmp_stop() return success, since mmp
+doesn't need to be stopped if it hasn't even been initialized yet.
+
+Addresses-Debian-Bug: #696609
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/mmp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ext2fs/mmp.c b/lib/ext2fs/mmp.c
+index c21ae272..023dccf4 100644
+--- a/lib/ext2fs/mmp.c
++++ b/lib/ext2fs/mmp.c
+@@ -403,7 +403,8 @@ errcode_t ext2fs_mmp_stop(ext2_filsys fs)
+ 	errcode_t retval = 0;
+ 
+ 	if (!ext2fs_has_feature_mmp(fs->super) ||
+-	    !(fs->flags & EXT2_FLAG_RW) || (fs->flags & EXT2_FLAG_SKIP_MMP))
++	    !(fs->flags & EXT2_FLAG_RW) || (fs->flags & EXT2_FLAG_SKIP_MMP) ||
++	    (fs->mmp_buf == NULL) || (fs->mmp_cmp == NULL))
+ 		goto mmp_error;
+ 
+ 	retval = ext2fs_mmp_read(fs, fs->super->s_mmp_block, fs->mmp_buf);
+-- 
+2.25.1
+

0022-debugfs-fix-dump_metadata_block-for-block-sizes-8192.patch

@@ -0,0 +1,26 @@
+From ea82add307c4bc820423abc8acc2f155720cf914 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Tue, 16 Feb 2021 00:30:24 -0500
+Subject: [PATCH] debugfs: fix dump_metadata_block() for block sizes > 8192
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ debugfs/logdump.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/debugfs/logdump.c b/debugfs/logdump.c
+index ea01db7a..3181e6fa 100644
+--- a/debugfs/logdump.c
++++ b/debugfs/logdump.c
+@@ -771,7 +771,7 @@ static void dump_metadata_block(FILE *out_file, struct journal_source *source,
+ 				tid_t transaction)
+ {
+ 	int		retval;
+-	char 		buf[8192];
++	char 		buf[EXT2_MAX_BLOCK_SIZE];
+ 
+ 	if (!(dump_all
+ 	      || (fs_blocknr == block_to_dump)
+-- 
+2.25.1
+

0023-debugfs-fix-memory-leak-problem-in-read_list.patch

@@ -0,0 +1,44 @@
+From 989a4189698c4efa53b521b6ad8236bbfc3452c3 Mon Sep 17 00:00:00 2001
+From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Date: Sat, 20 Feb 2021 16:41:29 +0800
+Subject: [PATCH] debugfs: fix memory leak problem in read_list()
+
+In read_list func, if strtoull() fails in while loop,
+we will return the error code directly. Then, memory of
+variable lst will be leaked without setting to *list.
+
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: linfeilong <linfeilong@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ debugfs/util.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/debugfs/util.c b/debugfs/util.c
+index be6b550e..9e880548 100644
+--- a/debugfs/util.c
++++ b/debugfs/util.c
+@@ -530,12 +530,16 @@ errcode_t read_list(char *str, blk64_t **list, size_t *len)
+ 
+ 		errno = 0;
+ 		y = x = strtoull(tok, &e, 0);
+-		if (errno)
+-			return errno;
++		if (errno) {
++			retval = errno;
++			break;
++		}
+ 		if (*e == '-') {
+ 			y = strtoull(e + 1, NULL, 0);
+-			if (errno)
+-				return errno;
++			if (errno) {
++				retval = errno;
++				break;
++			}
+ 		} else if (*e != 0) {
+ 			retval = EINVAL;
+ 			break;
+-- 
+2.25.1
+

0024-debugfs-fix-rdump-and-ls-to-handle-uids-and-gids-655.patch

@@ -0,0 +1,50 @@
+From 37c2008f1356ba64132514346c1916f7ecc83ddb Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 25 Feb 2021 17:26:07 -0500
+Subject: [PATCH] debugfs: fix rdump and ls to handle uids and gids > 65536
+ correctly
+
+https://github.com/tytso/e2fsprogs/issues/63
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ debugfs/dump.c | 6 +++---
+ debugfs/ls.c   | 2 +-
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/debugfs/dump.c b/debugfs/dump.c
+index fdd66198..42f5204a 100644
+--- a/debugfs/dump.c
++++ b/debugfs/dump.c
+@@ -81,12 +81,12 @@ static void fix_perms(const char *cmd, const struct ext2_inode *inode,
+ 		com_err(cmd, errno, "while setting permissions of %s", name);
+ 
+ #ifndef HAVE_FCHOWN
+-	i = chown(name, inode->i_uid, inode->i_gid);
++	i = chown(name, inode_uid(*inode), inode_gid(*inode));
+ #else
+ 	if (fd != -1)
+-		i = fchown(fd, inode->i_uid, inode->i_gid);
++		i = fchown(fd, inode_uid(*inode), inode_gid(*inode));
+ 	else
+-		i = chown(name, inode->i_uid, inode->i_gid);
++		i = chown(name, inode_uid(*inode), inode_gid(*inode));
+ #endif
+ 	if (i == -1)
+ 		com_err(cmd, errno, "while changing ownership of %s", name);
+diff --git a/debugfs/ls.c b/debugfs/ls.c
+index fae2a653..525f084b 100644
+--- a/debugfs/ls.c
++++ b/debugfs/ls.c
+@@ -114,7 +114,7 @@ static int list_dir_proc(ext2_ino_t dir EXT2FS_ATTR((unused)),
+ 		} else
+ 			memset(&inode, 0, sizeof(struct ext2_inode));
+ 		fprintf(ls->f,"/%u/%06o/%d/%d/%.*s/", ino, inode.i_mode,
+-			inode.i_uid, inode.i_gid, thislen, dirent->name);
++			inode_uid(inode), inode_gid(inode), thislen, dirent->name);
+ 		if (LINUX_S_ISDIR(inode.i_mode))
+ 			fprintf(ls->f, "/");
+ 		else
+-- 
+2.25.1
+

0025-e2image-fix-overflow-in-l2-table-processing.patch

@@ -0,0 +1,36 @@
+From f11448318f99aa5fde27aea6b73420d6c495a4f6 Mon Sep 17 00:00:00 2001
+From: Artem Blagodarenko <artem.blagodarenko@gmail.com>
+Date: Thu, 22 Apr 2021 01:24:48 -0400
+Subject: [PATCH] e2image: fix overflow in l2 table processing
+
+For a large partition during e2image capture process
+it is possible to overflow offset at multiply operation.
+This leads to the situation when data is written to the
+position at the start of the image instead of the image end.
+
+Let's use the right cast to avoid integer overflow.
+
+Signed-off-by: Alexey Lyashkov <c17817@cray.com>
+Signed-off-by: Artem Blagodarenko <c17828@cray.com>
+HPE-bug-id: LUS-9368
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/qcow2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/ext2fs/qcow2.c b/lib/ext2fs/qcow2.c
+index ee701f7a..20824170 100644
+--- a/lib/ext2fs/qcow2.c
++++ b/lib/ext2fs/qcow2.c
+@@ -238,7 +238,7 @@ int qcow2_write_raw_image(int qcow2_fd, int raw_fd,
+ 			if (offset == 0)
+ 				continue;
+ 
+-			off_out = (l1_index * img.l2_size) +
++			off_out = ((__u64)l1_index * img.l2_size) +
+ 				  l2_index;
+ 			off_out <<= img.cluster_bits;
+ 			ret = qcow2_copy_data(qcow2_fd, raw_fd, offset,
+-- 
+2.25.1
+

0026-e2fsck-fix-last-mount-write-time-when-e2fsck-is-forc.patch

@@ -0,0 +1,63 @@
+From 2c69c94217b6db083d601d4fd62d6ab6c1628fee Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Mon, 14 Jun 2021 15:27:25 +0200
+Subject: [PATCH] e2fsck: fix last mount/write time when e2fsck is forced
+
+With commit c52d930f e2fsck is no longer able to fix bad last
+mount/write time by default because it is conditioned on s_checkinterval
+not being zero, which it is by default.
+
+One place where it matters is when other e2fsprogs tools require to run
+full file system check before a certain operation. If the last mount
+time is for any reason in future, it will not allow it to run even if
+full e2fsck is ran.
+
+Fix it by checking the last mount/write time when the e2fsck is forced,
+except for the case where we know the system clock is broken.
+
+[ Reworked the conditionals so error messages claiming that the last
+  write/mount time were corrupted wouldn't be always printed when the
+  e2fsck was run with the -f option, thus causing 299 out of 372
+  regression tests to fail.  -- TYT ]
+
+Fixes: c52d930f ("e2fsck: don't check for future superblock times if checkinterval == 0")
+Reported-by: Dusty Mabe <dustymabe@redhat.com>
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ e2fsck/super.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/e2fsck/super.c b/e2fsck/super.c
+index e1c3f935..31e2ffb2 100644
+--- a/e2fsck/super.c
++++ b/e2fsck/super.c
+@@ -1038,9 +1038,9 @@ void check_super_block(e2fsck_t ctx)
+ 	 * Check to see if the superblock last mount time or last
+ 	 * write time is in the future.
+ 	 */
+-	if (!broken_system_clock && fs->super->s_checkinterval &&
+-	    !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
+-	    fs->super->s_mtime > (__u32) ctx->now) {
++	if (((ctx->options & E2F_OPT_FORCE) || fs->super->s_checkinterval) &&
++	    !broken_system_clock && !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
++	    (fs->super->s_mtime > (__u32) ctx->now)) {
+ 		pctx.num = fs->super->s_mtime;
+ 		problem = PR_0_FUTURE_SB_LAST_MOUNT;
+ 		if (fs->super->s_mtime <= (__u32) ctx->now + ctx->time_fudge)
+@@ -1050,9 +1050,9 @@ void check_super_block(e2fsck_t ctx)
+ 			fs->flags |= EXT2_FLAG_DIRTY;
+ 		}
+ 	}
+-	if (!broken_system_clock && fs->super->s_checkinterval &&
+-	    !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
+-	    fs->super->s_wtime > (__u32) ctx->now) {
++	if (((ctx->options & E2F_OPT_FORCE) || fs->super->s_checkinterval) &&
++	    !broken_system_clock && !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
++	    (fs->super->s_wtime > (__u32) ctx->now)) {
+ 		pctx.num = fs->super->s_wtime;
+ 		problem = PR_0_FUTURE_SB_LAST_WRITE;
+ 		if (fs->super->s_wtime <= (__u32) ctx->now + ctx->time_fudge)
+-- 
+2.25.1
+

0027-profile_create_node-set-magic-before-strdup-name-to-.patch

@@ -0,0 +1,41 @@
+From cac906a942f41b9b8515b10877d3e0b23ef548a9 Mon Sep 17 00:00:00 2001
+From: wuguanghao <wuguanghao3@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:13 +0800
+Subject: [PATCH] profile_create_node: set magic before strdup(name) to avoid
+ memory leak
+
+If new->magic != PROF_MAGIC_NODE, profile_free_node() don't free node.
+This will cause the node to be unable to be released correctly and
+a memory leak will occur.
+
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Reviewed-by: Wu Bo <wubo40@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/support/profile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/support/profile.c b/lib/support/profile.c
+index 585ed595..f54739e7 100644
+--- a/lib/support/profile.c
++++ b/lib/support/profile.c
+@@ -1093,6 +1093,7 @@ errcode_t profile_create_node(const char *name, const char *value,
+ 	if (!new)
+ 		return ENOMEM;
+ 	memset(new, 0, sizeof(struct profile_node));
++	new->magic = PROF_MAGIC_NODE;
+ 	new->name = strdup(name);
+ 	if (new->name == 0) {
+ 	    profile_free_node(new);
+@@ -1105,7 +1106,6 @@ errcode_t profile_create_node(const char *name, const char *value,
+ 		    return ENOMEM;
+ 		}
+ 	}
+-	new->magic = PROF_MAGIC_NODE;
+ 
+ 	*ret_node = new;
+ 	return 0;
+-- 
+2.25.1
+

0028-tdb_transaction_recover-fix-memory-leak.patch

@@ -0,0 +1,31 @@
+From 1b673e44c169994bf91b31a431e72ae0692549c1 Mon Sep 17 00:00:00 2001
+From: wuguanghao <wuguanghao3@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:14 +0800
+Subject: [PATCH] tdb_transaction_recover: fix memory leak
+
+In tdb_transaction_recover(), need free data before return,
+otherwise it will cause memory leak.
+
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Reviewed-by: Wu Bo <wubo40@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/tdb.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/ext2fs/tdb.c b/lib/ext2fs/tdb.c
+index 5091b128..0fb94815 100644
+--- a/lib/ext2fs/tdb.c
++++ b/lib/ext2fs/tdb.c
+@@ -2186,6 +2186,7 @@ int tdb_transaction_recover(struct tdb_context *tdb)
+ 				   rec.data_len, 0) == -1) {
+ 		TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to read recovery data\n"));
+ 		tdb->ecode = TDB_ERR_IO;
++		free(data);
+ 		return -1;
+ 	}
+ 
+-- 
+2.25.1
+

0029-zap_sector-fix-memory-leak.patch

@@ -0,0 +1,35 @@
+From c3215a532441a9a397d1b12c63827e8f7233938b Mon Sep 17 00:00:00 2001
+From: wuguanghao <wuguanghao3@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:15 +0800
+Subject: [PATCH] zap_sector: fix memory leak
+
+In zap_sector(), need free buf before return,
+otherwise it will cause memory leak.
+
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Reviewed-by: Wu Bo <wubo40@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ misc/mke2fs.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/misc/mke2fs.c b/misc/mke2fs.c
+index 54aa340a..9fa6eaa7 100644
+--- a/misc/mke2fs.c
++++ b/misc/mke2fs.c
+@@ -585,8 +585,10 @@ static void zap_sector(ext2_filsys fs, int sect, int nsect)
+ 		else {
+ 			magic = (unsigned int *) (buf + BSD_LABEL_OFFSET);
+ 			if ((*magic == BSD_DISKMAGIC) ||
+-			    (*magic == BSD_MAGICDISK))
++			    (*magic == BSD_MAGICDISK)) {
++				free(buf);
+ 				return;
++			}
+ 		}
+ 	}
+ 
+-- 
+2.25.1
+

0030-misc-fix-potential-segmentation-fault-problem-in-sca.patch

@@ -0,0 +1,32 @@
+From f9033bd2e82c6f5963034cd59f7273770374b598 Mon Sep 17 00:00:00 2001
+From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:20 +0800
+Subject: [PATCH] misc: fix potential segmentation fault problem in scandir()
+
+In scandir(), temp_list[num_dent] is allocated by calling
+malloc(), we should check whether malloc() returns NULL before
+accessing temp_list[num_dent].
+
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ misc/create_inode.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/misc/create_inode.c b/misc/create_inode.c
+index d62e1cb4..c00d5458 100644
+--- a/misc/create_inode.c
++++ b/misc/create_inode.c
+@@ -771,6 +771,8 @@ static int scandir(const char *dir_name, struct dirent ***name_list,
+ 		}
+ 		// add the copy of dirent to the list
+ 		temp_list[num_dent] = (struct dirent*)malloc((dent->d_reclen + 3) & ~3);
++		if (!temp_list[num_dent])
++			goto out;
+ 		memcpy(temp_list[num_dent], dent, dent->d_reclen);
+ 		num_dent++;
+ 	}
+-- 
+2.25.1
+

0031-ext2ed-fix-potential-NULL-pointer-dereference-in-dup.patch

@@ -0,0 +1,31 @@
+From 29a61d8940b8a6a967a56c927d4703597f1d82e5 Mon Sep 17 00:00:00 2001
+From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Date: Wed, 30 Jun 2021 16:27:24 +0800
+Subject: [PATCH] ext2ed: fix potential NULL pointer dereference in dupstr()
+
+In dupstr(), we should check return value of malloc().
+
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Reviewed-by: Wu Bo <wubo40@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ ext2ed/main.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ext2ed/main.c b/ext2ed/main.c
+index f7e7d7df..9d33a8e1 100644
+--- a/ext2ed/main.c
++++ b/ext2ed/main.c
+@@ -524,6 +524,8 @@ char *dupstr (char *src)
+ 	char *ptr;
+ 
+ 	ptr=(char *) malloc (strlen (src)+1);
++	if (!ptr)
++		return NULL;
+ 	strcpy (ptr,src);
+ 	return (ptr);
+ }
+-- 
+2.25.1
+

0032-ss_add_info_dir-fix-error-handling-when-memory-alloc.patch

@@ -0,0 +1,46 @@
+From feccf49871de4b05f9d99aca2df578947be98188 Mon Sep 17 00:00:00 2001
+From: Wu Guanghao <wuguanghao3@huawei.com>
+Date: Wed, 28 Jul 2021 09:56:45 +0800
+Subject: [PATCH] ss_add_info_dir: fix error handling when memory allocation
+ fails
+
+If the realloc() and malloc() calls fail, avoid a memory leak as well
+as a potential seg fault.
+
+[ Fix error code setting to avoid depending on malloc() and realloc()
+  setting errno. -- TYT ]
+
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Reviewed-by: Wu Bo <wubo40@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ss/help.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/ss/help.c b/lib/ss/help.c
+index 5204401b..96eb1092 100644
+--- a/lib/ss/help.c
++++ b/lib/ss/help.c
+@@ -148,13 +148,16 @@ void ss_add_info_dir(int sci_idx, char *info_dir, int *code_ptr)
+     dirs = (char **)realloc((char *)dirs,
+ 			    (unsigned)(n_dirs + 2)*sizeof(char *));
+     if (dirs == (char **)NULL) {
+-	info->info_dirs = (char **)NULL;
+-	*code_ptr = errno;
++	*code_ptr = ENOMEM;
+ 	return;
+     }
+     info->info_dirs = dirs;
+     dirs[n_dirs + 1] = (char *)NULL;
+     dirs[n_dirs] = malloc((unsigned)strlen(info_dir)+1);
++    if (dirs[n_dirs] == (char *)NULL) {
++        *code_ptr = ENOMEM;
++        return;
++    }
+     strcpy(dirs[n_dirs], info_dir);
+     *code_ptr = 0;
+ }
+-- 
+2.25.1
+

0033-ss_create_invocation-fix-error-handling-when-memory-.patch

@@ -0,0 +1,110 @@
+From eccdde1ff381591cae935ddd5444ac9445c94fc3 Mon Sep 17 00:00:00 2001
+From: Wu Guanghao <wuguanghao3@huawei.com>
+Date: Wed, 28 Jul 2021 09:56:46 +0800
+Subject: [PATCH] ss_create_invocation: fix error handling when memory
+ allocation fails
+
+In ss_create_invocation(), it is necessary to check whether
+returned by malloc is a null pointer.
+
+Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ss/invocation.c | 42 +++++++++++++++++++++++++++++++++---------
+ 1 file changed, 33 insertions(+), 9 deletions(-)
+
+diff --git a/lib/ss/invocation.c b/lib/ss/invocation.c
+index 457e7a2c..bf5ea0ce 100644
+--- a/lib/ss/invocation.c
++++ b/lib/ss/invocation.c
+@@ -26,29 +26,33 @@ int ss_create_invocation(const char *subsystem_name, const char *version_string,
+ 			 void *info_ptr, ss_request_table *request_table_ptr,
+ 			 int *code_ptr)
+ {
+-	register int sci_idx;
+-	register ss_data *new_table;
+-	register ss_data **table;
++	int sci_idx;
++	ss_data *new_table = NULL;
++	ss_data **table = NULL;
++	ss_data **realloc_table = NULL;
+ 
+ 	*code_ptr = 0;
+ 	table = _ss_table;
+ 	new_table = (ss_data *) malloc(sizeof(ss_data));
++	if (!new_table)
++		goto out;
+ 
+ 	if (table == (ss_data **) NULL) {
+ 		table = (ss_data **) malloc(2 * size);
++		if (!table)
++			goto out;
+ 		table[0] = table[1] = (ss_data *)NULL;
+ 	}
+ 	initialize_ss_error_table ();
+ 
+ 	for (sci_idx = 1; table[sci_idx] != (ss_data *)NULL; sci_idx++)
+ 		;
+-	table = (ss_data **) realloc((char *)table,
++	realloc_table = (ss_data **) realloc((char *)table,
+ 				     ((unsigned)sci_idx+2)*size);
+-	if (table == NULL) {
+-		*code_ptr = ENOMEM;
+-		free(new_table);
+-		return 0;
+-	}
++	if (realloc_table == NULL)
++		goto out;
++
++	table = realloc_table;
+ 	table[sci_idx+1] = (ss_data *) NULL;
+ 	table[sci_idx] = new_table;
+ 
+@@ -57,9 +61,15 @@ int ss_create_invocation(const char *subsystem_name, const char *version_string,
+ 	new_table->argv = (char **)NULL;
+ 	new_table->current_request = (char *)NULL;
+ 	new_table->info_dirs = (char **)malloc(sizeof(char *));
++	if (!new_table->info_dirs)
++		goto out;
++
+ 	*new_table->info_dirs = (char *)NULL;
+ 	new_table->info_ptr = info_ptr;
+ 	new_table->prompt = malloc((unsigned)strlen(subsystem_name)+4);
++	if (!new_table->prompt)
++		goto out;
++
+ 	strcpy(new_table->prompt, subsystem_name);
+ 	strcat(new_table->prompt, ":  ");
+ #ifdef silly
+@@ -71,6 +81,9 @@ int ss_create_invocation(const char *subsystem_name, const char *version_string,
+ 	new_table->flags.abbrevs_disabled = 0;
+ 	new_table->rqt_tables =
+ 		(ss_request_table **) calloc(2, sizeof(ss_request_table *));
++	if (!new_table->rqt_tables)
++		goto out;
++
+ 	*(new_table->rqt_tables) = request_table_ptr;
+ 	*(new_table->rqt_tables+1) = (ss_request_table *) NULL;
+ 
+@@ -85,6 +98,17 @@ int ss_create_invocation(const char *subsystem_name, const char *version_string,
+ 	ss_get_readline(sci_idx);
+ #endif
+ 	return(sci_idx);
++
++out:
++	if (new_table) {
++		free(new_table->prompt);
++		free(new_table->info_dirs);
++	}
++	free(new_table);
++	free(table);
++	*code_ptr = ENOMEM;
++	return 0;
++
+ }
+ 
+ void
+-- 
+2.25.1
+

0034-ss_create_invocation-fix-potential-unititalized-refe.patch

@@ -0,0 +1,28 @@
+From e20b37fac1fc357f0424a99414fcdb0a628bcff7 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Tue, 3 Aug 2021 11:03:34 -0400
+Subject: [PATCH] ss_create_invocation: fix potential unititalized reference in
+ error path
+
+Fixes: eccdde1ff381 ("ss_create_invocation: fix error handling when ...")
+Addresses-Coverity-Bug: 1489771
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ss/invocation.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/ss/invocation.c b/lib/ss/invocation.c
+index bf5ea0ce..7d7458a7 100644
+--- a/lib/ss/invocation.c
++++ b/lib/ss/invocation.c
+@@ -36,6 +36,7 @@ int ss_create_invocation(const char *subsystem_name, const char *version_string,
+ 	new_table = (ss_data *) malloc(sizeof(ss_data));
+ 	if (!new_table)
+ 		goto out;
++	memset(new_table, 0, sizeof(ss_data));
+ 
+ 	if (table == (ss_data **) NULL) {
+ 		table = (ss_data **) malloc(2 * size);
+-- 
+2.25.1
+

0035-libext2fs-fix-unexpected-NULL-variable.patch

@@ -0,0 +1,38 @@
+From 794983ac1a98abd5124407a86f929fb5ea9acd07 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Fri, 6 Aug 2021 11:58:16 +0200
+Subject: [PATCH] libext2fs: fix unexpected NULL variable
+
+The ext2fs_check_mount_point() function can be called with mtpt being
+NULL as for example from ext2fs_check_if_mounted(). However in the
+is_swap_device condition we use the mtpt in strncpy without checking
+whether it is non-null first.
+
+This should not be a problem on linux since the previous attempt to open
+the device exclusively would have prevented us from ever reaching the
+problematic strncpy. However it's still a bug and can cause problems on
+other systems, fix it by conditioning strncpy on mtpt not being null.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/ismounted.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ext2fs/ismounted.c b/lib/ext2fs/ismounted.c
+index c9e6a9d0..aee7d726 100644
+--- a/lib/ext2fs/ismounted.c
++++ b/lib/ext2fs/ismounted.c
+@@ -393,7 +393,8 @@ errcode_t ext2fs_check_mount_point(const char *device, int *mount_flags,
+ 
+ 	if (is_swap_device(device)) {
+ 		*mount_flags = EXT2_MF_MOUNTED | EXT2_MF_SWAP;
+-		strncpy(mtpt, "<swap>", mtlen);
++		if (mtpt)
++			strncpy(mtpt, "<swap>", mtlen);
+ 	} else {
+ #ifdef HAVE_SETMNTENT
+ 		retval = check_mntent(device, mount_flags, mtpt, mtlen);
+-- 
+2.25.1
+

0036-libsupport-fix-potental-NULL-pointer-dereferences-in.patch

@@ -0,0 +1,65 @@
+From 0a219efe5b0bd1fd8c517877467d1d62d08b8f75 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Fri, 6 Aug 2021 11:58:20 +0200
+Subject: [PATCH] libsupport: fix potental NULL pointer dereferences in quota
+ functions
+
+get_dq() function can fail when the memory allocation fails and so we
+could end up dereferencing NULL pointer. Fix it.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/support/mkquota.c      | 8 ++++++--
+ lib/support/quotaio_tree.c | 2 +-
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c
+index dce077e6..ec932d13 100644
+--- a/lib/support/mkquota.c
++++ b/lib/support/mkquota.c
+@@ -433,7 +433,8 @@ void quota_data_sub(quota_ctx_t qctx, struct ext2_inode_large *inode,
+ 		dict = qctx->quota_dict[qtype];
+ 		if (dict) {
+ 			dq = get_dq(dict, get_qid(inode, qtype));
+-			dq->dq_dqb.dqb_curspace -= space;
++			if (dq)
++				dq->dq_dqb.dqb_curspace -= space;
+ 		}
+ 	}
+ }
+@@ -460,7 +461,8 @@ void quota_data_inodes(quota_ctx_t qctx, struct ext2_inode_large *inode,
+ 		dict = qctx->quota_dict[qtype];
+ 		if (dict) {
+ 			dq = get_dq(dict, get_qid(inode, qtype));
+-			dq->dq_dqb.dqb_curinodes += adjust;
++			if (dq)
++				dq->dq_dqb.dqb_curinodes += adjust;
+ 		}
+ 	}
+ }
+@@ -533,6 +535,8 @@ static int scan_dquots_callback(struct dquot *dquot, void *cb_data)
+ 	struct dquot *dq;
+ 
+ 	dq = get_dq(quota_dict, dquot->dq_id);
++	if (!dq)
++		return -1;
+ 	dq->dq_id = dquot->dq_id;
+ 	dq->dq_flags |= DQF_SEEN;
+ 
+diff --git a/lib/support/quotaio_tree.c b/lib/support/quotaio_tree.c
+index 6cc4fb5b..5910e637 100644
+--- a/lib/support/quotaio_tree.c
++++ b/lib/support/quotaio_tree.c
+@@ -601,7 +601,7 @@ static int report_tree(struct dquot *dquot, unsigned int blk, int depth,
+ 	__le32 *ref = (__le32 *) buf;
+ 
+ 	if (!buf)
+-		return 0;
++		return -1;
+ 
+ 	read_blk(dquot->dq_h, blk, buf);
+ 	if (depth == QT_TREEDEPTH - 1) {
+-- 
+2.25.1
+

0037-libext2fs-fix-coverity-nits-in-tdb.c.patch

@@ -0,0 +1,55 @@
+From 95954ac7b4bb0ffb6dffa101ef6d575ff228dd1a Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Tue, 10 Aug 2021 14:52:15 -0400
+Subject: [PATCH] libext2fs: fix coverity nits in tdb.c
+
+Address unchecked returned value and a string not null terminated warnings.
+
+Addresses-Coverity-Bug: 709473
+Addresses-Coverity-Bug: 709474
+Addresses-Coverity-Bug: 1464578
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/ext2fs/tdb.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/ext2fs/tdb.c b/lib/ext2fs/tdb.c
+index dc5c0ff6..b07b2917 100644
+--- a/lib/ext2fs/tdb.c
++++ b/lib/ext2fs/tdb.c
+@@ -3089,9 +3089,10 @@ void tdb_increment_seqnum_nonblock(struct tdb_context *tdb)
+ 	/* we ignore errors from this, as we have no sane way of
+ 	   dealing with them.
+ 	*/
+-	tdb_ofs_read(tdb, TDB_SEQNUM_OFS, &seqnum);
++	if (tdb_ofs_read(tdb, TDB_SEQNUM_OFS, &seqnum) == -1)
++		return;
+ 	seqnum++;
+-	tdb_ofs_write(tdb, TDB_SEQNUM_OFS, &seqnum);
++	(void) tdb_ofs_write(tdb, TDB_SEQNUM_OFS, &seqnum);
+ }
+ 
+ /*
+@@ -3692,7 +3693,8 @@ int tdb_get_seqnum(struct tdb_context *tdb)
+ {
+ 	tdb_off_t seqnum=0;
+ 
+-	tdb_ofs_read(tdb, TDB_SEQNUM_OFS, &seqnum);
++	if (tdb_ofs_read(tdb, TDB_SEQNUM_OFS, &seqnum) == -1)
++		return 0;
+ 	return seqnum;
+ }
+ 
+@@ -3914,7 +3916,8 @@ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
+ 	}
+ 
+ 	if (read(tdb->fd, &tdb->header, sizeof(tdb->header)) != sizeof(tdb->header)
+-	    || strcmp(tdb->header.magic_food, TDB_MAGIC_FOOD) != 0
++	    || memcmp(tdb->header.magic_food, TDB_MAGIC_FOOD,
++		      sizeof(TDB_MAGIC_FOOD)) != 0
+ 	    || (tdb->header.version != TDB_VERSION
+ 		&& !(rev = (tdb->header.version==TDB_BYTEREV(TDB_VERSION))))) {
+ 		/* its not a valid database - possibly initialise it */
+-- 
+2.25.1
+

e2fsprogs.spec

@@ -1,6 +1,6 @@
 Name:           e2fsprogs
 Version:        1.45.6
-Release:        6
+Release:        7
 Summary:        Second extended file system management tools
 License:        GPLv2 and LGPLv2 and MIT
 URL:            http://e2fsprogs.sourceforge.net/
@@ -12,6 +12,39 @@ Patch3:      0003-mke2fs-fix-up-check-for-hardlinks-always-false-if-in.patch
 Patch4:      0004-add-device-check-in-ismount-process.patch
 Patch5:      0005-libss-add-newer-libreadline.so.8-to-dlopen-path.patch
 
+Patch6:		0006-e2fsck-fix-indexed-dir-rehash-failure-with-metadata_.patch
+Patch7:		0007-libext2fs-retry-reading-superblock-on-open-when-chec.patch
+Patch8:		0008-libext2fs-fix-potential-buffer-overrun-in-__get_dire.patch
+Patch9:		0009-tune2fs-reset-MMP-state-on-error-exit.patch
+Patch10:	0010-e2fsck-use-size_t-instead-of-int-in-string_copy.patch
+Patch11:	0011-libext2fs-fix-incorrect-negative-error-return-in-uni.patch
+Patch12:	0012-debugfs-fix-double-free-in-realloc-error-path-in-rea.patch
+Patch13:	0013-tune2fs-fix-resource-leak-in-handle_quota_options.patch
+Patch14:	0014-libext2fs-fix-UBSAN-warning-in-ext2fs_mmp_new_seq.patch
+Patch15:	0015-libext2fs-fix-segault-when-setting-an-xattr-with-an-.patch
+Patch16:	0016-mke2fs-fix-a-importing-a-directory-with-an-ACL-and-i.patch
+Patch17:	0017-mke2fs-fix-resource-leak-on-error-path-when-creating.patch
+Patch18:	0018-libext2fs-fix-incorrect-error-code-return-in-ext2fs_.patch
+Patch19:	0019-debugfs-fix-memory-allocation-failures-when-parsing-.patch
+Patch20:	0020-debugfs-fix-logdump-on-file-systems-with-block-sizes.patch
+Patch21:	0021-libext2fs-fix-crash-when-ext2fs_mmp_stop-is-called-b.patch
+Patch22:	0022-debugfs-fix-dump_metadata_block-for-block-sizes-8192.patch
+Patch23:	0023-debugfs-fix-memory-leak-problem-in-read_list.patch
+Patch24:	0024-debugfs-fix-rdump-and-ls-to-handle-uids-and-gids-655.patch
+Patch25:	0025-e2image-fix-overflow-in-l2-table-processing.patch
+Patch26:	0026-e2fsck-fix-last-mount-write-time-when-e2fsck-is-forc.patch
+Patch27:	0027-profile_create_node-set-magic-before-strdup-name-to-.patch
+Patch28:	0028-tdb_transaction_recover-fix-memory-leak.patch
+Patch29:	0029-zap_sector-fix-memory-leak.patch
+Patch30:	0030-misc-fix-potential-segmentation-fault-problem-in-sca.patch
+Patch31:	0031-ext2ed-fix-potential-NULL-pointer-dereference-in-dup.patch
+Patch32:	0032-ss_add_info_dir-fix-error-handling-when-memory-alloc.patch
+Patch33:	0033-ss_create_invocation-fix-error-handling-when-memory-.patch
+Patch34:	0034-ss_create_invocation-fix-potential-unititalized-refe.patch
+Patch35:	0035-libext2fs-fix-unexpected-NULL-variable.patch
+Patch36:	0036-libsupport-fix-potental-NULL-pointer-dereferences-in.patch
+Patch37:	0037-libext2fs-fix-coverity-nits-in-tdb.c.patch
+
 BuildRequires:  gcc pkgconfig texinfo
 BuildRequires:  fuse-devel libblkid-devel libuuid-devel
 BuildRequires:  audit
@@ -132,6 +165,9 @@ exit 0
 %{_mandir}/man8/*
 
 %changelog
+* Mon Nov 15 2021 zhanchengbin <zhanchengbin1@huawei.com> - 1.45.6-7
+- DESC: integrate community patches.
+
 * Sun Sep 13 2021 lixiaokeng <lixiaokeng@huawei.com> - 1.45.6-6
 - DESC: add newer libreadline.so.8 to dlopen path