packages/util-linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!118 sync branch code

Browse Source 
From: @zhang-yao-2022 
Reviewed-by: @overweight 
Signed-off-by: @overweight
This commit is contained in:
openeuler-ci-bot 2022-11-02 09:18:50 +00:00 committed by Gitee
commit 6b445c2055
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
8 changed files with 644 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
backport-CVE-2021-3995.patch Normal file
View File

@ -0,0 +1,138 @@
From f3db9bd609494099f0c1b95231c5dfe383346929 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 24 Nov 2021 13:53:25 +0100
Subject: [PATCH] libmount: fix UID check for FUSE umount [CVE-2021-3995]
Improper UID check allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.
Signed-off-by: Karel Zak <kzak@redhat.com>
Reference:https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929
Conflict:NA
---
include/strutils.h | 2 +-
libmount/src/context_umount.c | 13 +++--------
libmount/src/mountP.h | 1 +
libmount/src/optstr.c | 42 +++++++++++++++++++++++++++++++++++
4 files changed, 47 insertions(+), 11 deletions(-)
diff --git a/include/strutils.h b/include/strutils.h
index 4b3182f..50e493a 100644
--- a/include/strutils.h
+++ b/include/strutils.h
@@ -88,8 +88,8 @@ static inline char *mem2strcpy(char *dest, const void *src, size_t n, size_t nma
if (n + 1 > nmax)
n = nmax - 1;
+ memset(dest, '\0', nmax);
memcpy(dest, src, n);
- dest[nmax-1] = '\0';
return dest;
}
diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c
index 94f824b..0d77fff 100644
--- a/libmount/src/context_umount.c
+++ b/libmount/src/context_umount.c
@@ -393,10 +393,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
struct libmnt_ns *ns_old;
const char *type = mnt_fs_get_fstype(cxt->fs);
const char *optstr;
- char *user_id = NULL;
- size_t sz;
- uid_t uid;
- char uidstr[sizeof(stringify_value(ULONG_MAX))];
+ uid_t uid, entry_uid;
*errsv = 0;
@@ -414,10 +411,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
if (!optstr)
return 0;
- if (mnt_optstr_get_option(optstr, "user_id", &user_id, &sz) != 0)
- return 0;
-
- if (sz == 0 || user_id == NULL)
+ if (mnt_optstr_get_uid(optstr, "user_id", &entry_uid) != 0)
return 0;
/* get current user */
@@ -434,8 +428,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
return 0;
}
- snprintf(uidstr, sizeof(uidstr), "%lu", (unsigned long) uid);
- return strncmp(user_id, uidstr, sz) == 0;
+ return uid == entry_uid;
}
/*
diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h
index d8ba0ab..4a2ddb3 100644
--- a/libmount/src/mountP.h
+++ b/libmount/src/mountP.h
@@ -401,6 +401,7 @@ extern const struct libmnt_optmap *mnt_optmap_get_entry(
const struct libmnt_optmap **mapent);
/* optstr.c */
+extern int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid);
extern int mnt_optstr_remove_option_at(char **optstr, char *begin, char *end);
extern int mnt_optstr_fix_gid(char **optstr, char *value, size_t valsz, char **next);
extern int mnt_optstr_fix_uid(char **optstr, char *value, size_t valsz, char **next);
diff --git a/libmount/src/optstr.c b/libmount/src/optstr.c
index eea952b..8a92c32 100644
--- a/libmount/src/optstr.c
+++ b/libmount/src/optstr.c
@@ -1090,6 +1090,48 @@ int mnt_optstr_fix_user(char **optstr)
return rc;
}
+/*
+ * Converts value from @optstr addressed by @name to uid.
+ *
+ * Returns: 0 on success, 1 if not found, <0 on error
+ */
+int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid)
+{
+ char *value = NULL;
+ size_t valsz = 0;
+ char buf[sizeof(stringify_value(UINT64_MAX))];
+ int rc;
+ uint64_t num;
+
+ assert(optstr);
+ assert(name);
+ assert(uid);
+
+ rc = mnt_optstr_get_option(optstr, name, &value, &valsz);
+ if (rc != 0)
+ goto fail;
+
+ if (valsz > sizeof(buf) - 1) {
+ rc = -ERANGE;
+ goto fail;
+ }
+ mem2strcpy(buf, value, valsz, sizeof(buf));
+
+ rc = ul_strtou64(buf, &num, 10);
+ if (rc != 0)
+ goto fail;
+ if (num > ULONG_MAX || (uid_t) num != num) {
+ rc = -ERANGE;
+ goto fail;
+ }
+ *uid = (uid_t) num;
+
+ return 0;
+fail:
+ DBG(UTILS, ul_debug("failed to convert '%s'= to number [rc=%d]", name, rc));
+ return rc;
+}
+
/**
* mnt_match_options:
* @optstr: options string
--
2.27.0

226
backport-CVE-2021-3996.patch Normal file
View File

@ -0,0 +1,226 @@
From 018a10907fa9885093f6d87401556932c2d8bd2b Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 4 Jan 2022 10:54:20 +0100
Subject: [PATCH] libmount: fix (deleted) suffix issue [CVE-2021-3996]
This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
The support for "(deleted)" is no more necessary as the Linux kernel does
not use it in /proc/self/mountinfo and /proc/self/mount files anymore.
Signed-off-by: Karel Zak <kzak@redhat.com>
Reference:https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b
Conflict:NA
---
libmount/src/tab_parse.c | 5 -----
tests/expected/findmnt/filter-options | 1 -
tests/expected/findmnt/filter-options-nameval-neg | 3 +--
tests/expected/findmnt/filter-types-neg | 1 -
tests/expected/findmnt/outputs-default | 3 +--
tests/expected/findmnt/outputs-force-tree | 3 +--
tests/expected/findmnt/outputs-kernel | 3 +--
tests/expected/libmount/tabdiff-mount | 1 -
tests/expected/libmount/tabdiff-move | 1 -
tests/expected/libmount/tabdiff-remount | 1 -
tests/expected/libmount/tabdiff-umount | 1 -
tests/expected/libmount/tabfiles-parse-mountinfo | 11 -----------
tests/expected/libmount/tabfiles-py-parse-mountinfo | 11 -----------
tests/ts/findmnt/files/mountinfo | 1 -
tests/ts/findmnt/files/mountinfo-nonroot | 1 -
tests/ts/libmount/files/mountinfo | 1 -
16 files changed, 4 insertions(+), 44 deletions(-)
diff --git a/libmount/src/tab_parse.c b/libmount/src/tab_parse.c
index 3a2cc0d..eec9758 100644
--- a/libmount/src/tab_parse.c
+++ b/libmount/src/tab_parse.c
@@ -225,11 +225,6 @@ static int mnt_parse_mountinfo_line(struct libmnt_fs *fs, const char *s)
goto fail;
}
- /* remove "\040(deleted)" suffix */
- p = (char *) endswith(fs->target, PATH_DELETED_SUFFIX);
- if (p && *p)
- *p = '\0';
-
s = skip_separator(s);
/* (6) vfs options (fs-independent) */
diff --git a/tests/expected/findmnt/filter-options b/tests/expected/findmnt/filter-options
index 2606bce..97b0ead 100644
--- a/tests/expected/findmnt/filter-options
+++ b/tests/expected/findmnt/filter-options
@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS
/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-/mnt/foo /fooooo bar rw,relatime
rc=0
diff --git a/tests/expected/findmnt/filter-options-nameval-neg b/tests/expected/findmnt/filter-options-nameval-neg
index 5471d65..f0467ef 100644
--- a/tests/expected/findmnt/filter-options-nameval-neg
+++ b/tests/expected/findmnt/filter-options-nameval-neg
@@ -29,6 +29,5 @@ TARGET SOURCE FSTYPE OPTIO
|-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
| `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
|-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-`-/mnt/foo /fooooo bar rw,relatime
+`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
rc=0
diff --git a/tests/expected/findmnt/filter-types-neg b/tests/expected/findmnt/filter-types-neg
index 2606bce..97b0ead 100644
--- a/tests/expected/findmnt/filter-types-neg
+++ b/tests/expected/findmnt/filter-types-neg
@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS
/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-/mnt/foo /fooooo bar rw,relatime
rc=0
diff --git a/tests/expected/findmnt/outputs-default b/tests/expected/findmnt/outputs-default
index 5949579..0159935 100644
--- a/tests/expected/findmnt/outputs-default
+++ b/tests/expected/findmnt/outputs-default
@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
|-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
| `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
|-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-`-/mnt/foo /fooooo bar rw,relatime
+`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
rc=0
diff --git a/tests/expected/findmnt/outputs-force-tree b/tests/expected/findmnt/outputs-force-tree
index 5949579..0159935 100644
--- a/tests/expected/findmnt/outputs-force-tree
+++ b/tests/expected/findmnt/outputs-force-tree
@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
|-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
| `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
|-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-`-/mnt/foo /fooooo bar rw,relatime
+`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
rc=0
diff --git a/tests/expected/findmnt/outputs-kernel b/tests/expected/findmnt/outputs-kernel
index 5949579..0159935 100644
--- a/tests/expected/findmnt/outputs-kernel
+++ b/tests/expected/findmnt/outputs-kernel
@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
|-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
| `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
|-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-`-/mnt/foo /fooooo bar rw,relatime
+`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
rc=0
diff --git a/tests/expected/libmount/tabdiff-mount b/tests/expected/libmount/tabdiff-mount
index 420aeac..3c18f8d 100644
--- a/tests/expected/libmount/tabdiff-mount
+++ b/tests/expected/libmount/tabdiff-mount
@@ -1,3 +1,2 @@
/dev/mapper/kzak-home on /home/kzak: MOUNTED
-/fooooo on /mnt/foo: MOUNTED
tmpfs on /mnt/test/foo bar: MOUNTED
diff --git a/tests/expected/libmount/tabdiff-move b/tests/expected/libmount/tabdiff-move
index 24f9bc7..95820d9 100644
--- a/tests/expected/libmount/tabdiff-move
+++ b/tests/expected/libmount/tabdiff-move
@@ -1,3 +1,2 @@
//foo.home/bar/ on /mnt/music: MOVED to /mnt/music
-/fooooo on /mnt/foo: UMOUNTED
tmpfs on /mnt/test/foo bar: UMOUNTED
diff --git a/tests/expected/libmount/tabdiff-remount b/tests/expected/libmount/tabdiff-remount
index 82ebeab..876bfd9 100644
--- a/tests/expected/libmount/tabdiff-remount
+++ b/tests/expected/libmount/tabdiff-remount
@@ -1,4 +1,3 @@
/dev/mapper/kzak-home on /home/kzak: REMOUNTED from 'rw,noatime,barrier=1,data=ordered' to 'ro,noatime,barrier=1,data=ordered'
//foo.home/bar/ on /mnt/sounds: REMOUNTED from 'rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' to 'ro,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344'
-/fooooo on /mnt/foo: UMOUNTED
tmpfs on /mnt/test/foo bar: UMOUNTED
diff --git a/tests/expected/libmount/tabdiff-umount b/tests/expected/libmount/tabdiff-umount
index a3e0fe4..c7be725 100644
--- a/tests/expected/libmount/tabdiff-umount
+++ b/tests/expected/libmount/tabdiff-umount
@@ -1,3 +1,2 @@
/dev/mapper/kzak-home on /home/kzak: UMOUNTED
-/fooooo on /mnt/foo: UMOUNTED
tmpfs on /mnt/test/foo bar: UMOUNTED
diff --git a/tests/expected/libmount/tabfiles-parse-mountinfo b/tests/expected/libmount/tabfiles-parse-mountinfo
index 47eb770..d5ba524 100644
--- a/tests/expected/libmount/tabfiles-parse-mountinfo
+++ b/tests/expected/libmount/tabfiles-parse-mountinfo
@@ -351,17 +351,6 @@ id: 47
parent: 20
devno: 0:38
------ fs:
-source: /fooooo
-target: /mnt/foo
-fstype: bar
-optstr: rw,relatime
-VFS-optstr: rw,relatime
-FS-opstr: rw
-root: /
-id: 48
-parent: 20
-devno: 0:39
------- fs:
source: tmpfs
target: /mnt/test/foo bar
fstype: tmpfs
diff --git a/tests/expected/libmount/tabfiles-py-parse-mountinfo b/tests/expected/libmount/tabfiles-py-parse-mountinfo
index 47eb770..d5ba524 100644
--- a/tests/expected/libmount/tabfiles-py-parse-mountinfo
+++ b/tests/expected/libmount/tabfiles-py-parse-mountinfo
@@ -351,17 +351,6 @@ id: 47
parent: 20
devno: 0:38
------ fs:
-source: /fooooo
-target: /mnt/foo
-fstype: bar
-optstr: rw,relatime
-VFS-optstr: rw,relatime
-FS-opstr: rw
-root: /
-id: 48
-parent: 20
-devno: 0:39
------- fs:
source: tmpfs
target: /mnt/test/foo bar
fstype: tmpfs
diff --git a/tests/ts/findmnt/files/mountinfo b/tests/ts/findmnt/files/mountinfo
index 475ea1a..ff1e664 100644
--- a/tests/ts/findmnt/files/mountinfo
+++ b/tests/ts/findmnt/files/mountinfo
@@ -30,4 +30,3 @@
44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
diff --git a/tests/ts/findmnt/files/mountinfo-nonroot b/tests/ts/findmnt/files/mountinfo-nonroot
index e15b467..87b421d 100644
--- a/tests/ts/findmnt/files/mountinfo-nonroot
+++ b/tests/ts/findmnt/files/mountinfo-nonroot
@@ -29,4 +29,3 @@
44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
diff --git a/tests/ts/libmount/files/mountinfo b/tests/ts/libmount/files/mountinfo
index c063071..2b01740 100644
--- a/tests/ts/libmount/files/mountinfo
+++ b/tests/ts/libmount/files/mountinfo
@@ -30,5 +30,4 @@
44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
49 20 0:56 / /mnt/test/foo bar rw,relatime shared:323 - tmpfs tmpfs rw
--
2.27.0

40
backport-fix-by-ignoring-EINVAL-on-remount-of-proc.patch Normal file
View File

@ -0,0 +1,40 @@
From 1961dccea09176a401bc8fc5e1769ab426308314 Mon Sep 17 00:00:00 2001
From: benaryorg <binary@benary.org>
Date: Fri, 4 Jun 2021 12:34:52 +0000
Subject: [PATCH] fix #648 by ignoring EINVAL on-remount of proc
When using --mount-proc=/some/path then unshare fails if the path provided is not already mounted due to the mount(2) call to change the propagation of the mount.
In such a case mount(2) returns EINVAL, which however is used for a variety of other errors.
If this error is ignored mistakenly the effects however should be neglible since:
1. the mount of proc afterwards happens regardless, errors of which are not ignored
2. the propagation change of root uses MS_REC, which shold already change the propagation of all mounts recursively
Furthermore /proc is not touched if --mount-proc specifies a different mount point.
This should not cause too much unexpected behaviour due to point 2 from above in any case.
Specifying --mount-proc with a different path also means that unshare(3) is not instructed to touch /proc, thus /proc not being touched should not be unexpected.
As a side note, if unshare is called with /proc as an (implicit) parameter to --mount-proc then /proc is a stacked mount, meaning if /proc is unmounted it in the namespace the host /proc is visible again, thus not touching /proc with a different parameter does not constitute more information leakage than the alternative, quite contary it may even be the desired behaviour.
Signed-off-by: benaryorg <binary@benary.org>
---
sys-utils/unshare.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c
index e5627d3c64..820691ba35 100644
--- a/sys-utils/unshare.c
+++ b/sys-utils/unshare.c
@@ -650,8 +650,11 @@ int main(int argc, char *argv[])
err(EXIT_FAILURE, _("cannot chdir to '%s'"), newdir);
if (procmnt) {
- if (!newroot && mount("none", procmnt, NULL, MS_PRIVATE|MS_REC, NULL) != 0)
- err(EXIT_FAILURE, _("cannot change %s filesystem propagation"), procmnt);
+ if (!newroot && mount("none", procmnt, NULL, MS_PRIVATE|MS_REC, NULL))
+ /* custom procmnt means that proc is very likely not mounted, causing EINVAL
+ ignoring the error in this specific instance is safe */
+ if(errno != EINVAL)
+ err(EXIT_FAILURE, _("cannot change %s filesystem propagation"), procmnt);
if (mount("proc", procmnt, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL) != 0)
err(EXIT_FAILURE, _("mount %s failed"), procmnt);
}

34
backport-fstat-dir-itself.patch Normal file
View File

@ -0,0 +1,34 @@
From 2f26f8aae1ece618ff7ade997609509f0b60d400 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 6 Sep 2021 11:52:09 +0200
Subject: [PATCH] lib/path: fstat dir itself
Signed-off-by: Karel Zak <kzak@redhat.com>
---
lib/path.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/path.c b/lib/path.c
index 21f9bd1..f0b010e 100644
--- a/lib/path.c
+++ b/lib/path.c
@@ -350,10 +350,12 @@ int ul_path_stat(struct path_cxt *pc, struct stat *sb, const char *path)
int dir = ul_path_get_dirfd(pc);
if (dir < 0)
return dir;
- if (*path == '/')
- path++;
-
- rc = fstatat(dir, path, sb, 0);
+ if (path) {
+ if (*path == '/')
+ path++;
+ rc = fstatat(dir, path, sb, 0);
+ } else
+ rc = fstat(dir, sb); /* dir itself */
if (rc && errno == ENOENT
&& pc->redirect_on_enoent
--
2.33.0

61
fix-size-use-for-stdin.patch Normal file
View File

@ -0,0 +1,61 @@
From 58e4ee082bca100034791a4a74481f263bb30a25 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 21 Oct 2021 18:47:40 +0200
Subject: [PATCH] logger: fix --size use for stdin
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The stdin version counts log header into the message size, but
for example when it reads message from argv[] it counts only message
itself.
$ logger --stderr --size 3 "abcd"
<13>Oct 21 18:48:29 kzak: abc
$ echo "abcd" | logger --stderr --size 3
logger: cannot allocate 18446744073709551597 bytes: Cannot allocate memory
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2011602
Signed-off-by: Karel Zak <kzak@redhat.com>
---
misc-utils/logger.c | 13 ++-----------
1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/misc-utils/logger.c b/misc-utils/logger.c
index 25ff2b9308..50ae211056 100644
--- a/misc-utils/logger.c
+++ b/misc-utils/logger.c
@@ -976,9 +976,7 @@ static void logger_stdin(struct logger_ctl *ctl)
*/
int default_priority = ctl->pri;
int last_pri = default_priority;
- size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr);
- size_t allocated_usrmsg_size = max_usrmsg_size;
- char *buf = xmalloc(allocated_usrmsg_size + 2 + 2);
+ char *buf = xmalloc(ctl->max_message_size + 2 + 2);
int pri;
int c;
size_t i;
@@ -1006,20 +1004,13 @@ static void logger_stdin(struct logger_ctl *ctl)
if (ctl->pri != last_pri) {
generate_syslog_header(ctl);
- max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr);
-
- if (max_usrmsg_size > allocated_usrmsg_size) {
- allocated_usrmsg_size = max_usrmsg_size;
- buf = xrealloc(buf, allocated_usrmsg_size + 2 + 2);
- }
-
last_pri = ctl->pri;
}
if (c != EOF && c != '\n')
c = getchar();
}
- while (c != EOF && c != '\n' && i < max_usrmsg_size) {
+ while (c != EOF && c != '\n' && i < ctl->max_message_size) {
buf[i++] = c;
c = getchar();
}

64
realloc-buffer-when-header-size-changed.patch Normal file
View File

@ -0,0 +1,64 @@
From b0a8b8cd9c34600dda7d0503aac2dc0af3012fdc Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 21 Oct 2021 16:00:01 +0200
Subject: [PATCH] logger: realloc buffer when header size changed
This is probably paranoid optimization, but when we generate a new
header we need to be sure that buffer is not smaller than calculated
maximal size of user's data.
Signed-off-by: Karel Zak <kzak@redhat.com>
---
misc-utils/logger.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/misc-utils/logger.c b/misc-utils/logger.c
index 23da164cd6..4511ab1141 100644
--- a/misc-utils/logger.c
+++ b/misc-utils/logger.c
@@ -979,11 +979,11 @@ static void logger_stdin(struct logger_ctl *ctl)
* update header timestamps and to reflect possible priority changes.
* The initial header is generated by logger_open().
*/
- int has_header = 1;
int default_priority = ctl->pri;
int last_pri = default_priority;
size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr);
- char *const buf = xmalloc(max_usrmsg_size + 2 + 2);
+ size_t allocated_usrmsg_size = max_usrmsg_size;
+ char *buf = xmalloc(allocated_usrmsg_size + 2 + 2);
int pri;
int c;
size_t i;
@@ -1010,9 +1010,14 @@ static void logger_stdin(struct logger_ctl *ctl)
ctl->pri = default_priority;
if (ctl->pri != last_pri) {
- has_header = 0;
- max_usrmsg_size =
- ctl->max_message_size - strlen(ctl->hdr);
+ generate_syslog_header(ctl);
+ max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr);
+
+ if (max_usrmsg_size > allocated_usrmsg_size) {
+ allocated_usrmsg_size = max_usrmsg_size;
+ buf = xrealloc(buf, allocated_usrmsg_size + 2 + 2);
+ }
+
last_pri = ctl->pri;
}
if (c != EOF && c != '\n')
@@ -1025,12 +1030,8 @@ static void logger_stdin(struct logger_ctl *ctl)
}
buf[i] = '\0';
- if (i > 0 || !ctl->skip_empty_lines) {
- if (!has_header)
- generate_syslog_header(ctl);
+ if (i > 0 || !ctl->skip_empty_lines)
write_output(ctl, buf);
- has_header = 0;
- }
if (c == '\n') /* discard line terminator */
c = getchar();

27
segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch Normal file
View File

@ -0,0 +1,27 @@
From 9714331843ef3a6d9c10ff1d3bc5fcf53d44d930 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 31 Aug 2021 12:31:15 +0200
Subject: [PATCH] column: segmentation fault on invalid unicode input passed to
-s option
The function mbs_to_wcs() returns NULL on invalid UTF.
Fixes: https://github.com/karelzak/util-linux/issues/1425
Signed-off-by: Karel Zak <kzak@redhat.com>
---
text-utils/column.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/text-utils/column.c b/text-utils/column.c
index 1bc90e84e3..f9878e4422 100644
--- a/text-utils/column.c
+++ b/text-utils/column.c
@@ -814,6 +814,8 @@ int main(int argc, char **argv)
case 's':
free(ctl.input_separator);
ctl.input_separator = mbs_to_wcs(optarg);
+ if (!ctl.input_separator)
+ err(EXIT_FAILURE, _("failed to use input separator"));
ctl.greedy = 0;
break;
case 'T':

82
util-linux.spec
View File

@ -3,7 +3,7 @@
Name: util-linux
Version: 2.37.2
Release: 5
Release: 8
Summary: A random collection of Linux utilities
License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@ -18,19 +18,27 @@ Source7: util-linux-su-l.pamd
Source8: util-linux-runuser.pamd
Source9: util-linux-runuser-l.pamd
Patch0: 2.36-login-lastlog-create.patch
Patch1: Add-check-to-resolve-uname26-version-test-failed.patch
Patch2: SKIPPED-no-root-permissions-test.patch
Patch3: backport-su-bash-completion-offer-usernames-rather-than-files.patch
Patch4: backport-Fix-memory-leaks-in-the-chcpu.patch
Patch5: backport-logger-fix-prio-prefix-doesn-t-use-priority-default.patch
Patch6: backport-vipw-flush-stdout-before-getting-answer.patch
Patch7: backport-login-Restore-tty-size-after-calling-vhangup.patch
Patch8: backport-Forward-value-of-sector_size-instead-of-its-address.patch
Patch9: backport-libfdisk-dereference-of-possibly-NULL-gcc-analyzer.patch
Patch10: backport-libfdisk-check-calloc-return-gcc-analyzer.patch
Patch11: backport-mcookie-fix-infinite-loop-when-use-f.patch
Patch12: backport-sfdisk-write-empty-label-also-when-only-ignored-part.patch
Patch6000: 2.36-login-lastlog-create.patch
Patch6001: backport-CVE-2021-3995.patch
Patch6002: backport-CVE-2021-3996.patch
Patch6003: realloc-buffer-when-header-size-changed.patch
Patch6004: fix-size-use-for-stdin.patch
Patch6005: segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch
Patch6006: backport-fix-by-ignoring-EINVAL-on-remount-of-proc.patch
Patch6007: backport-su-bash-completion-offer-usernames-rather-than-files.patch
Patch6008: backport-Fix-memory-leaks-in-the-chcpu.patch
Patch6009: backport-logger-fix-prio-prefix-doesn-t-use-priority-default.patch
Patch6010: backport-vipw-flush-stdout-before-getting-answer.patch
Patch6011: backport-login-Restore-tty-size-after-calling-vhangup.patch
Patch6012: backport-Forward-value-of-sector_size-instead-of-its-address.patch
Patch6013: backport-libfdisk-dereference-of-possibly-NULL-gcc-analyzer.patch
Patch6014: backport-libfdisk-check-calloc-return-gcc-analyzer.patch
Patch6015: backport-mcookie-fix-infinite-loop-when-use-f.patch
Patch6016: backport-sfdisk-write-empty-label-also-when-only-ignored-part.patch
Patch6017: backport-fstat-dir-itself.patch
Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch
Patch9001: SKIPPED-no-root-permissions-test.patch
BuildRequires: audit-libs-devel >= 1.0.6 gettext-devel libselinux-devel ncurses-devel pam-devel zlib-devel popt-devel
BuildRequires: libutempter-devel systemd-devel systemd libuser-devel libcap-ng-devel python3-devel gcc
@ -177,6 +185,7 @@ unset LINGUAS || :
%make_build %{_build_arg0__} %{_build_arg1__}
%check
export TS_OPT_misc_setarch_known_fail="yes"
make check
%install
@ -395,33 +404,50 @@ fi
%{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}
%changelog
* Wed Jun 29 2022 shangyibin <shangyibin1@h-partners.com> - 2.37.2-5
* Sat Jul 30 2022 zhangyao<zhangyao108@hhuawei.com> - 2.37.2-8
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Fallback to move hexdump from util-linux to util-linux-devel
Fallback solve yum failure because of files conflicts
- DESC:Sync community patches
* Mon Jun 20 2022 shangyibin <shangyibin1@h-partners.com> - 2.37.2-4
* Thu Jun 30 2022 shangyibin<shangyibin1@h-partners.com> - 2.37.2-7
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:sync patches
move hexdump from util-linux to util-linux-devel
solve yum failure because of files conflicts
- DESC:Sync community patches
* Wed Jun 15 2022 shangyibin <shangyibin1@h-partners.com> - 2.37.2-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix test fail
* Thu Jun 09 2022 renhongxun<renhongxun@h-partners.com> - 2.37.2-2
* Wed Jun 08 2022 renhongxun<renhongxun@h-partners.com> - 2.37.2-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:move hardlink/uclampset completions from util-linux-help to util-linux
* Sat Feb 19 2022 shangyibin<shangyibin1@h-partners.com> - 2.37.2-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix by ignoring EINVAL on remount of proc
* Fri Feb 18 2022 shangyibin<shangyibin1@h-partners.com> - 2.37.2-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:realloc buffer when header size changed
fix size use for stdin
segmentation fault on invalid unicode input passed to -s option
* Mon Feb 14 2022 shangyibin<shangyibin1@h-partners.com> - 2.37.2-3
- Type:CVE
- ID:CVE-2021-3995 CVE-2021-3996
- SUG:NA
- DESC:fix CVE-2021-3995 CVE-2021-3996
* Mon Jan 10 2022 shangyibin <shangyibin1@huawei.com> - 2.37.2-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix test fail
* Mon Dec 27 2021 tianwei <tianwei12@huawei.com> - 2.37.2-1
- Type:enhancement
- ID:NA