#815 Issue closed: 'ebiso' < 0.2.2 may corrupt random files

Labels: bug, fixed / solved / done

jsmeix opened issue at 2016-04-05 08:45:

'ebiso' is used to make an UEFI bootable ISO image
of the rear recovery system mainly on openSUSE
and SUSE Linux Enterprise systems.

The ebiso autor @gozora found a captious bug in ebiso
versions before 0.2.2, see
https://github.com/gozora/ebiso/releases/tag/v0.2.2

It can cause (under certain circumstances) corruption
of random file by overwriting one byte with zero ('\0').
This overwrite always happens on the end of block
of 2048 bytes so for this reason it can remain unnoticed
most of the time.

In general the ISO should be safe once user is able to boot from it.
I.e. users who are careful and verify that their disaster recovery
procedure actually works should be safe.

Nevertheless to be even more on the safe side
users who use ebiso < 0.2.2 should update it.

ebiso >= 0.2.2 RPM packages are available from the
openSUSE build service project "Archiving:Backup:Rear"
for the 64-bit x86_64 architecture for various openSUSE
and SUSE Linux Enterprise versions.

For direct RPM package download go to
http://download.opensuse.org/repositories/Archiving:/Backup:/Rear/
and select your exact matching openSUSE
or SUSE Linux Enterprise version and then
the "x86_64" sub-directory.

After ebiso RPM package update, verify again that your
disaster recovery procedure actually works, cf.
"No disaster recovery without testing and continuous validation"
and "Version upgrades with Relax-and-Recover (rear)" at
https://en.opensuse.org/SDB:Disaster_Recovery

jsmeix commented at 2016-04-05 10:41:

Regardless that ebiso is already fixed
I like to keep this issue open for some time
so that others can more easily notice it.

jsmeix commented at 2016-04-08 12:20:

There is another ebiso bugfix update:

ebiso version 0.2.3.1 RPM packages
are available from the same repositories
as mentioned above in https://github.com/rear/rear/issues/815#issue-145926677

For details see the ebiso upstream issues
https://github.com/gozora/ebiso/issues/6
https://github.com/gozora/ebiso/releases/tag/v0.2.3
https://github.com/gozora/ebiso/issues/7
and the openSUSE bugzilla issue
http://bugzilla.opensuse.org/show_bug.cgi?id=974360

jsmeix commented at 2016-06-06 09:54:

I think I kept this issue open long enough for others to notice it
and there was no single follow-up here
so that I close it now.

gozora commented at 2016-06-06 11:01:

Fine for me ...

[Export of Github issue for rear/rear.]