From 8f2b8fbb46b2d008d9d750354af724548cca4ddb Mon Sep 17 00:00:00 2001 From: shangyibin Date: Tue, 15 Feb 2022 17:03:22 +0800 Subject: [PATCH 01/11] fix CVE-2021-3995 and CVE-2021-3996 cherry-pick from: f6783d8ca64383166c92276205134ff92b3b83bc --- backport-CVE-2021-3995.patch | 138 +++++++++++++++++++++ backport-CVE-2021-3996.patch | 226 +++++++++++++++++++++++++++++++++++ util-linux.spec | 40 ++----- 3 files changed, 376 insertions(+), 28 deletions(-) create mode 100644 backport-CVE-2021-3995.patch create mode 100644 backport-CVE-2021-3996.patch diff --git a/backport-CVE-2021-3995.patch b/backport-CVE-2021-3995.patch new file mode 100644 index 0000000..cd58532 --- /dev/null +++ b/backport-CVE-2021-3995.patch @@ -0,0 +1,138 @@ +From f3db9bd609494099f0c1b95231c5dfe383346929 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 24 Nov 2021 13:53:25 +0100 +Subject: [PATCH] libmount: fix UID check for FUSE umount [CVE-2021-3995] + +Improper UID check allows an unprivileged user to unmount FUSE +filesystems of users with similar UID. + +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929 +Conflict:NA +--- + include/strutils.h | 2 +- + libmount/src/context_umount.c | 13 +++-------- + libmount/src/mountP.h | 1 + + libmount/src/optstr.c | 42 +++++++++++++++++++++++++++++++++++ + 4 files changed, 47 insertions(+), 11 deletions(-) + +diff --git a/include/strutils.h b/include/strutils.h +index 4b3182f..50e493a 100644 +--- a/include/strutils.h ++++ b/include/strutils.h +@@ -88,8 +88,8 @@ static inline char *mem2strcpy(char *dest, const void *src, size_t n, size_t nma + if (n + 1 > nmax) + n = nmax - 1; + ++ memset(dest, '\0', nmax); + memcpy(dest, src, n); +- dest[nmax-1] = '\0'; + return dest; + } + +diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c +index 94f824b..0d77fff 100644 +--- a/libmount/src/context_umount.c ++++ b/libmount/src/context_umount.c +@@ -393,10 +393,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv) + struct libmnt_ns *ns_old; + const char *type = mnt_fs_get_fstype(cxt->fs); + const char *optstr; +- char *user_id = NULL; +- size_t sz; +- uid_t uid; +- char uidstr[sizeof(stringify_value(ULONG_MAX))]; ++ uid_t uid, entry_uid; + + *errsv = 0; + +@@ -414,10 +411,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv) + if (!optstr) + return 0; + +- if (mnt_optstr_get_option(optstr, "user_id", &user_id, &sz) != 0) +- return 0; +- +- if (sz == 0 || user_id == NULL) ++ if (mnt_optstr_get_uid(optstr, "user_id", &entry_uid) != 0) + return 0; + + /* get current user */ +@@ -434,8 +428,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv) + return 0; + } + +- snprintf(uidstr, sizeof(uidstr), "%lu", (unsigned long) uid); +- return strncmp(user_id, uidstr, sz) == 0; ++ return uid == entry_uid; + } + + /* +diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h +index d8ba0ab..4a2ddb3 100644 +--- a/libmount/src/mountP.h ++++ b/libmount/src/mountP.h +@@ -401,6 +401,7 @@ extern const struct libmnt_optmap *mnt_optmap_get_entry( + const struct libmnt_optmap **mapent); + + /* optstr.c */ ++extern int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid); + extern int mnt_optstr_remove_option_at(char **optstr, char *begin, char *end); + extern int mnt_optstr_fix_gid(char **optstr, char *value, size_t valsz, char **next); + extern int mnt_optstr_fix_uid(char **optstr, char *value, size_t valsz, char **next); +diff --git a/libmount/src/optstr.c b/libmount/src/optstr.c +index eea952b..8a92c32 100644 +--- a/libmount/src/optstr.c ++++ b/libmount/src/optstr.c +@@ -1090,6 +1090,48 @@ int mnt_optstr_fix_user(char **optstr) + return rc; + } + ++/* ++ * Converts value from @optstr addressed by @name to uid. ++ * ++ * Returns: 0 on success, 1 if not found, <0 on error ++ */ ++int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid) ++{ ++ char *value = NULL; ++ size_t valsz = 0; ++ char buf[sizeof(stringify_value(UINT64_MAX))]; ++ int rc; ++ uint64_t num; ++ ++ assert(optstr); ++ assert(name); ++ assert(uid); ++ ++ rc = mnt_optstr_get_option(optstr, name, &value, &valsz); ++ if (rc != 0) ++ goto fail; ++ ++ if (valsz > sizeof(buf) - 1) { ++ rc = -ERANGE; ++ goto fail; ++ } ++ mem2strcpy(buf, value, valsz, sizeof(buf)); ++ ++ rc = ul_strtou64(buf, &num, 10); ++ if (rc != 0) ++ goto fail; ++ if (num > ULONG_MAX || (uid_t) num != num) { ++ rc = -ERANGE; ++ goto fail; ++ } ++ *uid = (uid_t) num; ++ ++ return 0; ++fail: ++ DBG(UTILS, ul_debug("failed to convert '%s'= to number [rc=%d]", name, rc)); ++ return rc; ++} ++ + /** + * mnt_match_options: + * @optstr: options string +-- +2.27.0 + diff --git a/backport-CVE-2021-3996.patch b/backport-CVE-2021-3996.patch new file mode 100644 index 0000000..12b81e2 --- /dev/null +++ b/backport-CVE-2021-3996.patch @@ -0,0 +1,226 @@ +From 018a10907fa9885093f6d87401556932c2d8bd2b Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 4 Jan 2022 10:54:20 +0100 +Subject: [PATCH] libmount: fix (deleted) suffix issue [CVE-2021-3996] + +This issue is related to parsing the /proc/self/mountinfo file allows an +unprivileged user to unmount other user's filesystems that are either +world-writable themselves or mounted in a world-writable directory. + +The support for "(deleted)" is no more necessary as the Linux kernel does +not use it in /proc/self/mountinfo and /proc/self/mount files anymore. + +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b +Conflict:NA +--- + libmount/src/tab_parse.c | 5 ----- + tests/expected/findmnt/filter-options | 1 - + tests/expected/findmnt/filter-options-nameval-neg | 3 +-- + tests/expected/findmnt/filter-types-neg | 1 - + tests/expected/findmnt/outputs-default | 3 +-- + tests/expected/findmnt/outputs-force-tree | 3 +-- + tests/expected/findmnt/outputs-kernel | 3 +-- + tests/expected/libmount/tabdiff-mount | 1 - + tests/expected/libmount/tabdiff-move | 1 - + tests/expected/libmount/tabdiff-remount | 1 - + tests/expected/libmount/tabdiff-umount | 1 - + tests/expected/libmount/tabfiles-parse-mountinfo | 11 ----------- + tests/expected/libmount/tabfiles-py-parse-mountinfo | 11 ----------- + tests/ts/findmnt/files/mountinfo | 1 - + tests/ts/findmnt/files/mountinfo-nonroot | 1 - + tests/ts/libmount/files/mountinfo | 1 - + 16 files changed, 4 insertions(+), 44 deletions(-) + +diff --git a/libmount/src/tab_parse.c b/libmount/src/tab_parse.c +index 3a2cc0d..eec9758 100644 +--- a/libmount/src/tab_parse.c ++++ b/libmount/src/tab_parse.c +@@ -225,11 +225,6 @@ static int mnt_parse_mountinfo_line(struct libmnt_fs *fs, const char *s) + goto fail; + } + +- /* remove "\040(deleted)" suffix */ +- p = (char *) endswith(fs->target, PATH_DELETED_SUFFIX); +- if (p && *p) +- *p = '\0'; +- + s = skip_separator(s); + + /* (6) vfs options (fs-independent) */ +diff --git a/tests/expected/findmnt/filter-options b/tests/expected/findmnt/filter-options +index 2606bce..97b0ead 100644 +--- a/tests/expected/findmnt/filter-options ++++ b/tests/expected/findmnt/filter-options +@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS + /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime + /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-/mnt/foo /fooooo bar rw,relatime + rc=0 +diff --git a/tests/expected/findmnt/filter-options-nameval-neg b/tests/expected/findmnt/filter-options-nameval-neg +index 5471d65..f0467ef 100644 +--- a/tests/expected/findmnt/filter-options-nameval-neg ++++ b/tests/expected/findmnt/filter-options-nameval-neg +@@ -29,6 +29,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/findmnt/filter-types-neg b/tests/expected/findmnt/filter-types-neg +index 2606bce..97b0ead 100644 +--- a/tests/expected/findmnt/filter-types-neg ++++ b/tests/expected/findmnt/filter-types-neg +@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS + /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime + /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-/mnt/foo /fooooo bar rw,relatime + rc=0 +diff --git a/tests/expected/findmnt/outputs-default b/tests/expected/findmnt/outputs-default +index 5949579..0159935 100644 +--- a/tests/expected/findmnt/outputs-default ++++ b/tests/expected/findmnt/outputs-default +@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/findmnt/outputs-force-tree b/tests/expected/findmnt/outputs-force-tree +index 5949579..0159935 100644 +--- a/tests/expected/findmnt/outputs-force-tree ++++ b/tests/expected/findmnt/outputs-force-tree +@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/findmnt/outputs-kernel b/tests/expected/findmnt/outputs-kernel +index 5949579..0159935 100644 +--- a/tests/expected/findmnt/outputs-kernel ++++ b/tests/expected/findmnt/outputs-kernel +@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/libmount/tabdiff-mount b/tests/expected/libmount/tabdiff-mount +index 420aeac..3c18f8d 100644 +--- a/tests/expected/libmount/tabdiff-mount ++++ b/tests/expected/libmount/tabdiff-mount +@@ -1,3 +1,2 @@ + /dev/mapper/kzak-home on /home/kzak: MOUNTED +-/fooooo on /mnt/foo: MOUNTED + tmpfs on /mnt/test/foo bar: MOUNTED +diff --git a/tests/expected/libmount/tabdiff-move b/tests/expected/libmount/tabdiff-move +index 24f9bc7..95820d9 100644 +--- a/tests/expected/libmount/tabdiff-move ++++ b/tests/expected/libmount/tabdiff-move +@@ -1,3 +1,2 @@ + //foo.home/bar/ on /mnt/music: MOVED to /mnt/music +-/fooooo on /mnt/foo: UMOUNTED + tmpfs on /mnt/test/foo bar: UMOUNTED +diff --git a/tests/expected/libmount/tabdiff-remount b/tests/expected/libmount/tabdiff-remount +index 82ebeab..876bfd9 100644 +--- a/tests/expected/libmount/tabdiff-remount ++++ b/tests/expected/libmount/tabdiff-remount +@@ -1,4 +1,3 @@ + /dev/mapper/kzak-home on /home/kzak: REMOUNTED from 'rw,noatime,barrier=1,data=ordered' to 'ro,noatime,barrier=1,data=ordered' + //foo.home/bar/ on /mnt/sounds: REMOUNTED from 'rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' to 'ro,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' +-/fooooo on /mnt/foo: UMOUNTED + tmpfs on /mnt/test/foo bar: UMOUNTED +diff --git a/tests/expected/libmount/tabdiff-umount b/tests/expected/libmount/tabdiff-umount +index a3e0fe4..c7be725 100644 +--- a/tests/expected/libmount/tabdiff-umount ++++ b/tests/expected/libmount/tabdiff-umount +@@ -1,3 +1,2 @@ + /dev/mapper/kzak-home on /home/kzak: UMOUNTED +-/fooooo on /mnt/foo: UMOUNTED + tmpfs on /mnt/test/foo bar: UMOUNTED +diff --git a/tests/expected/libmount/tabfiles-parse-mountinfo b/tests/expected/libmount/tabfiles-parse-mountinfo +index 47eb770..d5ba524 100644 +--- a/tests/expected/libmount/tabfiles-parse-mountinfo ++++ b/tests/expected/libmount/tabfiles-parse-mountinfo +@@ -351,17 +351,6 @@ id: 47 + parent: 20 + devno: 0:38 + ------ fs: +-source: /fooooo +-target: /mnt/foo +-fstype: bar +-optstr: rw,relatime +-VFS-optstr: rw,relatime +-FS-opstr: rw +-root: / +-id: 48 +-parent: 20 +-devno: 0:39 +------- fs: + source: tmpfs + target: /mnt/test/foo bar + fstype: tmpfs +diff --git a/tests/expected/libmount/tabfiles-py-parse-mountinfo b/tests/expected/libmount/tabfiles-py-parse-mountinfo +index 47eb770..d5ba524 100644 +--- a/tests/expected/libmount/tabfiles-py-parse-mountinfo ++++ b/tests/expected/libmount/tabfiles-py-parse-mountinfo +@@ -351,17 +351,6 @@ id: 47 + parent: 20 + devno: 0:38 + ------ fs: +-source: /fooooo +-target: /mnt/foo +-fstype: bar +-optstr: rw,relatime +-VFS-optstr: rw,relatime +-FS-opstr: rw +-root: / +-id: 48 +-parent: 20 +-devno: 0:39 +------- fs: + source: tmpfs + target: /mnt/test/foo bar + fstype: tmpfs +diff --git a/tests/ts/findmnt/files/mountinfo b/tests/ts/findmnt/files/mountinfo +index 475ea1a..ff1e664 100644 +--- a/tests/ts/findmnt/files/mountinfo ++++ b/tests/ts/findmnt/files/mountinfo +@@ -30,4 +30,3 @@ + 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500 + 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw + 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw +diff --git a/tests/ts/findmnt/files/mountinfo-nonroot b/tests/ts/findmnt/files/mountinfo-nonroot +index e15b467..87b421d 100644 +--- a/tests/ts/findmnt/files/mountinfo-nonroot ++++ b/tests/ts/findmnt/files/mountinfo-nonroot +@@ -29,4 +29,3 @@ + 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500 + 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw + 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw +diff --git a/tests/ts/libmount/files/mountinfo b/tests/ts/libmount/files/mountinfo +index c063071..2b01740 100644 +--- a/tests/ts/libmount/files/mountinfo ++++ b/tests/ts/libmount/files/mountinfo +@@ -30,5 +30,4 @@ + 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500 + 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw + 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw + 49 20 0:56 / /mnt/test/foo bar rw,relatime shared:323 - tmpfs tmpfs rw +-- +2.27.0 + diff --git a/util-linux.spec b/util-linux.spec index 975192d..5bf4776 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.37.2 -Release: 5 +Release: 3 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -18,19 +18,12 @@ Source7: util-linux-su-l.pamd Source8: util-linux-runuser.pamd Source9: util-linux-runuser-l.pamd -Patch0: 2.36-login-lastlog-create.patch -Patch1: Add-check-to-resolve-uname26-version-test-failed.patch -Patch2: SKIPPED-no-root-permissions-test.patch -Patch3: backport-su-bash-completion-offer-usernames-rather-than-files.patch -Patch4: backport-Fix-memory-leaks-in-the-chcpu.patch -Patch5: backport-logger-fix-prio-prefix-doesn-t-use-priority-default.patch -Patch6: backport-vipw-flush-stdout-before-getting-answer.patch -Patch7: backport-login-Restore-tty-size-after-calling-vhangup.patch -Patch8: backport-Forward-value-of-sector_size-instead-of-its-address.patch -Patch9: backport-libfdisk-dereference-of-possibly-NULL-gcc-analyzer.patch -Patch10: backport-libfdisk-check-calloc-return-gcc-analyzer.patch -Patch11: backport-mcookie-fix-infinite-loop-when-use-f.patch -Patch12: backport-sfdisk-write-empty-label-also-when-only-ignored-part.patch +Patch6000: 2.36-login-lastlog-create.patch +Patch6001: backport-CVE-2021-3995.patch +Patch6002: backport-CVE-2021-3996.patch + +Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch +Patch9001: SKIPPED-no-root-permissions-test.patch BuildRequires: audit-libs-devel >= 1.0.6 gettext-devel libselinux-devel ncurses-devel pam-devel zlib-devel popt-devel BuildRequires: libutempter-devel systemd-devel systemd libuser-devel libcap-ng-devel python3-devel gcc @@ -395,22 +388,13 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog -* Wed Jun 29 2022 shangyibin - 2.37.2-5 -- Type:bugfix -- ID:NA +* Tue Feb 15 2021 shangyibin - 2.37.2-3 +- Type:CVE +- ID:CVE-2021-3995 CVE-2021-3996 - SUG:NA -- DESC:Fallback to move hexdump from util-linux to util-linux-devel - Fallback solve yum failure because of files conflicts +- DESC:fix CVE-2021-3995 CVE-2021-3996 -* Mon Jun 20 2022 shangyibin - 2.37.2-4 -- Type:bugfix -- ID:NA -- SUG:NA -- DESC:sync patches - move hexdump from util-linux to util-linux-devel - solve yum failure because of files conflicts - -* Wed Jun 15 2022 shangyibin - 2.37.2-3 +* Mon Jan 10 2022 shangyibin - 2.37.2-2 - Type:bugfix - ID:NA - SUG:NA From f6b496d2af3f2bc20b940d46ba8a7ae40be38892 Mon Sep 17 00:00:00 2001 From: konglidong Date: Wed, 15 Jun 2022 18:03:03 +0800 Subject: [PATCH 02/11] modify bad date in changelog cherry-pick from: c8e1babd9cb8bafb8ec099c5db9e6dc5ed04d936 --- util-linux.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util-linux.spec b/util-linux.spec index 5bf4776..ac9cfaf 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -388,7 +388,7 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog -* Tue Feb 15 2021 shangyibin - 2.37.2-3 +* Tue Feb 15 2022 shangyibin - 2.37.2-3 - Type:CVE - ID:CVE-2021-3995 CVE-2021-3996 - SUG:NA From 2a284f34720b6a85ff03e1aa4dcae1bb92df388d Mon Sep 17 00:00:00 2001 From: shangyibin Date: Thu, 30 Jun 2022 11:43:32 +0800 Subject: [PATCH 03/11] Sync community patches cherry-pick from: 71d623e11e7f9769d716adf07810f0d43b8147df --- util-linux.spec | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/util-linux.spec b/util-linux.spec index ac9cfaf..18c7f70 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.37.2 -Release: 3 +Release: 4 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -21,6 +21,16 @@ Source9: util-linux-runuser-l.pamd Patch6000: 2.36-login-lastlog-create.patch Patch6001: backport-CVE-2021-3995.patch Patch6002: backport-CVE-2021-3996.patch +Patch6003: backport-su-bash-completion-offer-usernames-rather-than-files.patch +Patch6004: backport-Fix-memory-leaks-in-the-chcpu.patch +Patch6005: backport-logger-fix-prio-prefix-doesn-t-use-priority-default.patch +Patch6006: backport-vipw-flush-stdout-before-getting-answer.patch +Patch6007: backport-login-Restore-tty-size-after-calling-vhangup.patch +Patch6008: backport-Forward-value-of-sector_size-instead-of-its-address.patch +Patch6009: backport-libfdisk-dereference-of-possibly-NULL-gcc-analyzer.patch +Patch6010: backport-libfdisk-check-calloc-return-gcc-analyzer.patch +Patch6011: backport-mcookie-fix-infinite-loop-when-use-f.patch +Patch6012: backport-sfdisk-write-empty-label-also-when-only-ignored-part.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: SKIPPED-no-root-permissions-test.patch @@ -388,6 +398,12 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog +* Thu Jun 30 2022 shangyibin - 2.37.2-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Sync community patches + * Tue Feb 15 2022 shangyibin - 2.37.2-3 - Type:CVE - ID:CVE-2021-3995 CVE-2021-3996 From 4d7a0a282125ba86deccabd9bac501e8de1b85f9 Mon Sep 17 00:00:00 2001 From: rwx403335 Date: Wed, 8 Jun 2022 17:33:00 +0800 Subject: [PATCH 04/11] move hardlink/uclampset completions from util-linux-help to util-linux cherry-pick from: d33ca3ffaad42c7798919ac4b791fbab0088a611 --- util-linux.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/util-linux.spec b/util-linux.spec index 18c7f70..8ef11dc 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.37.2 -Release: 4 +Release: 6 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -398,7 +398,13 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog -* Thu Jun 30 2022 shangyibin - 2.37.2-4 +* Wed Jun 08 2022 renhongxun - 2.37.2-6 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:move hardlink/uclampset completions from util-linux-help to util-linux + +* Sat Feb 19 2022 shangyibin - 2.37.2-5 - Type:bugfix - ID:NA - SUG:NA From a41a63be620ee5b03f43cd2ab971370efddec259 Mon Sep 17 00:00:00 2001 From: shangyibin Date: Thu, 17 Feb 2022 14:14:24 +0800 Subject: [PATCH 05/11] realloc buffer when header size changed fix size use for stdin segmentation fault on invalid unicode input passed to -s option cherry-pick from: 10e9faf901605af5713bc89a5a36631f2025a956 --- fix-size-use-for-stdin.patch | 61 ++++++++++++++++++ realloc-buffer-when-header-size-changed.patch | 64 +++++++++++++++++++ ...lid-unicode-input-passed-to-s-option.patch | 27 ++++++++ util-linux.spec | 33 ++++++---- 4 files changed, 174 insertions(+), 11 deletions(-) create mode 100644 fix-size-use-for-stdin.patch create mode 100644 realloc-buffer-when-header-size-changed.patch create mode 100644 segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch diff --git a/fix-size-use-for-stdin.patch b/fix-size-use-for-stdin.patch new file mode 100644 index 0000000..ee4bdd4 --- /dev/null +++ b/fix-size-use-for-stdin.patch @@ -0,0 +1,61 @@ +From 58e4ee082bca100034791a4a74481f263bb30a25 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 21 Oct 2021 18:47:40 +0200 +Subject: [PATCH] logger: fix --size use for stdin +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The stdin version counts log header into the message size, but +for example when it reads message from argv[] it counts only message +itself. + + $ logger --stderr --size 3 "abcd" + <13>Oct 21 18:48:29 kzak: abc + + $ echo "abcd" | logger --stderr --size 3 + logger: cannot allocate 18446744073709551597 bytes: Cannot allocate memory + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2011602 +Signed-off-by: Karel Zak +--- + misc-utils/logger.c | 13 ++----------- + 1 file changed, 2 insertions(+), 11 deletions(-) + +diff --git a/misc-utils/logger.c b/misc-utils/logger.c +index 25ff2b9308..50ae211056 100644 +--- a/misc-utils/logger.c ++++ b/misc-utils/logger.c +@@ -976,9 +976,7 @@ static void logger_stdin(struct logger_ctl *ctl) + */ + int default_priority = ctl->pri; + int last_pri = default_priority; +- size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr); +- size_t allocated_usrmsg_size = max_usrmsg_size; +- char *buf = xmalloc(allocated_usrmsg_size + 2 + 2); ++ char *buf = xmalloc(ctl->max_message_size + 2 + 2); + int pri; + int c; + size_t i; +@@ -1006,20 +1004,13 @@ static void logger_stdin(struct logger_ctl *ctl) + + if (ctl->pri != last_pri) { + generate_syslog_header(ctl); +- max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr); +- +- if (max_usrmsg_size > allocated_usrmsg_size) { +- allocated_usrmsg_size = max_usrmsg_size; +- buf = xrealloc(buf, allocated_usrmsg_size + 2 + 2); +- } +- + last_pri = ctl->pri; + } + if (c != EOF && c != '\n') + c = getchar(); + } + +- while (c != EOF && c != '\n' && i < max_usrmsg_size) { ++ while (c != EOF && c != '\n' && i < ctl->max_message_size) { + buf[i++] = c; + c = getchar(); + } diff --git a/realloc-buffer-when-header-size-changed.patch b/realloc-buffer-when-header-size-changed.patch new file mode 100644 index 0000000..a542097 --- /dev/null +++ b/realloc-buffer-when-header-size-changed.patch @@ -0,0 +1,64 @@ +From b0a8b8cd9c34600dda7d0503aac2dc0af3012fdc Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 21 Oct 2021 16:00:01 +0200 +Subject: [PATCH] logger: realloc buffer when header size changed + +This is probably paranoid optimization, but when we generate a new +header we need to be sure that buffer is not smaller than calculated +maximal size of user's data. + +Signed-off-by: Karel Zak +--- + misc-utils/logger.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +diff --git a/misc-utils/logger.c b/misc-utils/logger.c +index 23da164cd6..4511ab1141 100644 +--- a/misc-utils/logger.c ++++ b/misc-utils/logger.c +@@ -979,11 +979,11 @@ static void logger_stdin(struct logger_ctl *ctl) + * update header timestamps and to reflect possible priority changes. + * The initial header is generated by logger_open(). + */ +- int has_header = 1; + int default_priority = ctl->pri; + int last_pri = default_priority; + size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr); +- char *const buf = xmalloc(max_usrmsg_size + 2 + 2); ++ size_t allocated_usrmsg_size = max_usrmsg_size; ++ char *buf = xmalloc(allocated_usrmsg_size + 2 + 2); + int pri; + int c; + size_t i; +@@ -1010,9 +1010,14 @@ static void logger_stdin(struct logger_ctl *ctl) + ctl->pri = default_priority; + + if (ctl->pri != last_pri) { +- has_header = 0; +- max_usrmsg_size = +- ctl->max_message_size - strlen(ctl->hdr); ++ generate_syslog_header(ctl); ++ max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr); ++ ++ if (max_usrmsg_size > allocated_usrmsg_size) { ++ allocated_usrmsg_size = max_usrmsg_size; ++ buf = xrealloc(buf, allocated_usrmsg_size + 2 + 2); ++ } ++ + last_pri = ctl->pri; + } + if (c != EOF && c != '\n') +@@ -1025,12 +1030,8 @@ static void logger_stdin(struct logger_ctl *ctl) + } + buf[i] = '\0'; + +- if (i > 0 || !ctl->skip_empty_lines) { +- if (!has_header) +- generate_syslog_header(ctl); ++ if (i > 0 || !ctl->skip_empty_lines) + write_output(ctl, buf); +- has_header = 0; +- } + + if (c == '\n') /* discard line terminator */ + c = getchar(); diff --git a/segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch b/segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch new file mode 100644 index 0000000..f08047c --- /dev/null +++ b/segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch @@ -0,0 +1,27 @@ +From 9714331843ef3a6d9c10ff1d3bc5fcf53d44d930 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 31 Aug 2021 12:31:15 +0200 +Subject: [PATCH] column: segmentation fault on invalid unicode input passed to + -s option + +The function mbs_to_wcs() returns NULL on invalid UTF. + +Fixes: https://github.com/karelzak/util-linux/issues/1425 +Signed-off-by: Karel Zak +--- + text-utils/column.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/text-utils/column.c b/text-utils/column.c +index 1bc90e84e3..f9878e4422 100644 +--- a/text-utils/column.c ++++ b/text-utils/column.c +@@ -814,6 +814,8 @@ int main(int argc, char **argv) + case 's': + free(ctl.input_separator); + ctl.input_separator = mbs_to_wcs(optarg); ++ if (!ctl.input_separator) ++ err(EXIT_FAILURE, _("failed to use input separator")); + ctl.greedy = 0; + break; + case 'T': diff --git a/util-linux.spec b/util-linux.spec index 8ef11dc..1bcc51c 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -21,16 +21,19 @@ Source9: util-linux-runuser-l.pamd Patch6000: 2.36-login-lastlog-create.patch Patch6001: backport-CVE-2021-3995.patch Patch6002: backport-CVE-2021-3996.patch -Patch6003: backport-su-bash-completion-offer-usernames-rather-than-files.patch -Patch6004: backport-Fix-memory-leaks-in-the-chcpu.patch -Patch6005: backport-logger-fix-prio-prefix-doesn-t-use-priority-default.patch -Patch6006: backport-vipw-flush-stdout-before-getting-answer.patch -Patch6007: backport-login-Restore-tty-size-after-calling-vhangup.patch -Patch6008: backport-Forward-value-of-sector_size-instead-of-its-address.patch -Patch6009: backport-libfdisk-dereference-of-possibly-NULL-gcc-analyzer.patch -Patch6010: backport-libfdisk-check-calloc-return-gcc-analyzer.patch -Patch6011: backport-mcookie-fix-infinite-loop-when-use-f.patch -Patch6012: backport-sfdisk-write-empty-label-also-when-only-ignored-part.patch +Patch6003: realloc-buffer-when-header-size-changed.patch +Patch6004: fix-size-use-for-stdin.patch +Patch6005: segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch +Patch6006: backport-su-bash-completion-offer-usernames-rather-than-files.patch +Patch6007: backport-Fix-memory-leaks-in-the-chcpu.patch +Patch6008: backport-logger-fix-prio-prefix-doesn-t-use-priority-default.patch +Patch6009: backport-vipw-flush-stdout-before-getting-answer.patch +Patch6010: backport-login-Restore-tty-size-after-calling-vhangup.patch +Patch6011: backport-Forward-value-of-sector_size-instead-of-its-address.patch +Patch6012: backport-libfdisk-dereference-of-possibly-NULL-gcc-analyzer.patch +Patch6013: backport-libfdisk-check-calloc-return-gcc-analyzer.patch +Patch6014: backport-mcookie-fix-infinite-loop-when-use-f.patch +Patch6015: backport-sfdisk-write-empty-label-also-when-only-ignored-part.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: SKIPPED-no-root-permissions-test.patch @@ -410,7 +413,15 @@ fi - SUG:NA - DESC:Sync community patches -* Tue Feb 15 2022 shangyibin - 2.37.2-3 +* Fri Feb 18 2022 shangyibin - 2.37.2-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:realloc buffer when header size changed + fix size use for stdin + segmentation fault on invalid unicode input passed to -s option + +* Mon Feb 14 2021 shangyibin - 2.37.2-3 - Type:CVE - ID:CVE-2021-3995 CVE-2021-3996 - SUG:NA From a157a9ab24f218ee8f5007e4d6d5c65c9c0353f2 Mon Sep 17 00:00:00 2001 From: shangyibin Date: Sat, 19 Feb 2022 18:02:46 +0800 Subject: [PATCH 06/11] fix by ignoring EINVAL on remount of proc cherry-pick from: 0b7633309620df26f57673682eca33806b3826e7 --- ...y-ignoring-EINVAL-on-remount-of-proc.patch | 40 +++++++++++++++++++ util-linux.spec | 24 ++++++----- 2 files changed, 53 insertions(+), 11 deletions(-) create mode 100644 backport-fix-by-ignoring-EINVAL-on-remount-of-proc.patch diff --git a/backport-fix-by-ignoring-EINVAL-on-remount-of-proc.patch b/backport-fix-by-ignoring-EINVAL-on-remount-of-proc.patch new file mode 100644 index 0000000..38d663e --- /dev/null +++ b/backport-fix-by-ignoring-EINVAL-on-remount-of-proc.patch @@ -0,0 +1,40 @@ +From 1961dccea09176a401bc8fc5e1769ab426308314 Mon Sep 17 00:00:00 2001 +From: benaryorg +Date: Fri, 4 Jun 2021 12:34:52 +0000 +Subject: [PATCH] fix #648 by ignoring EINVAL on-remount of proc + +When using --mount-proc=/some/path then unshare fails if the path provided is not already mounted due to the mount(2) call to change the propagation of the mount. +In such a case mount(2) returns EINVAL, which however is used for a variety of other errors. +If this error is ignored mistakenly the effects however should be neglible since: + +1. the mount of proc afterwards happens regardless, errors of which are not ignored +2. the propagation change of root uses MS_REC, which shold already change the propagation of all mounts recursively + +Furthermore /proc is not touched if --mount-proc specifies a different mount point. +This should not cause too much unexpected behaviour due to point 2 from above in any case. +Specifying --mount-proc with a different path also means that unshare(3) is not instructed to touch /proc, thus /proc not being touched should not be unexpected. +As a side note, if unshare is called with /proc as an (implicit) parameter to --mount-proc then /proc is a stacked mount, meaning if /proc is unmounted it in the namespace the host /proc is visible again, thus not touching /proc with a different parameter does not constitute more information leakage than the alternative, quite contary it may even be the desired behaviour. + +Signed-off-by: benaryorg +--- + sys-utils/unshare.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c +index e5627d3c64..820691ba35 100644 +--- a/sys-utils/unshare.c ++++ b/sys-utils/unshare.c +@@ -650,8 +650,11 @@ int main(int argc, char *argv[]) + err(EXIT_FAILURE, _("cannot chdir to '%s'"), newdir); + + if (procmnt) { +- if (!newroot && mount("none", procmnt, NULL, MS_PRIVATE|MS_REC, NULL) != 0) +- err(EXIT_FAILURE, _("cannot change %s filesystem propagation"), procmnt); ++ if (!newroot && mount("none", procmnt, NULL, MS_PRIVATE|MS_REC, NULL)) ++ /* custom procmnt means that proc is very likely not mounted, causing EINVAL ++ ignoring the error in this specific instance is safe */ ++ if(errno != EINVAL) ++ err(EXIT_FAILURE, _("cannot change %s filesystem propagation"), procmnt); + if (mount("proc", procmnt, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL) != 0) + err(EXIT_FAILURE, _("mount %s failed"), procmnt); + } diff --git a/util-linux.spec b/util-linux.spec index 1bcc51c..36f1df7 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -24,16 +24,18 @@ Patch6002: backport-CVE-2021-3996.patch Patch6003: realloc-buffer-when-header-size-changed.patch Patch6004: fix-size-use-for-stdin.patch Patch6005: segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch -Patch6006: backport-su-bash-completion-offer-usernames-rather-than-files.patch -Patch6007: backport-Fix-memory-leaks-in-the-chcpu.patch -Patch6008: backport-logger-fix-prio-prefix-doesn-t-use-priority-default.patch -Patch6009: backport-vipw-flush-stdout-before-getting-answer.patch -Patch6010: backport-login-Restore-tty-size-after-calling-vhangup.patch -Patch6011: backport-Forward-value-of-sector_size-instead-of-its-address.patch -Patch6012: backport-libfdisk-dereference-of-possibly-NULL-gcc-analyzer.patch -Patch6013: backport-libfdisk-check-calloc-return-gcc-analyzer.patch -Patch6014: backport-mcookie-fix-infinite-loop-when-use-f.patch -Patch6015: backport-sfdisk-write-empty-label-also-when-only-ignored-part.patch +Patch6006: backport-fix-by-ignoring-EINVAL-on-remount-of-proc.patch +Patch6007: backport-su-bash-completion-offer-usernames-rather-than-files.patch +Patch6008: backport-Fix-memory-leaks-in-the-chcpu.patch +Patch6009: backport-logger-fix-prio-prefix-doesn-t-use-priority-default.patch +Patch6010: backport-vipw-flush-stdout-before-getting-answer.patch +Patch6011: backport-login-Restore-tty-size-after-calling-vhangup.patch +Patch6012: backport-Forward-value-of-sector_size-instead-of-its-address.patch +Patch6013: backport-libfdisk-dereference-of-possibly-NULL-gcc-analyzer.patch +Patch6014: backport-libfdisk-check-calloc-return-gcc-analyzer.patch +Patch6015: backport-mcookie-fix-infinite-loop-when-use-f.patch +Patch6016: backport-sfdisk-write-empty-label-also-when-only-ignored-part.patch + Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: SKIPPED-no-root-permissions-test.patch @@ -411,7 +413,7 @@ fi - Type:bugfix - ID:NA - SUG:NA -- DESC:Sync community patches +- DESC:fix by ignoring EINVAL on remount of proc * Fri Feb 18 2022 shangyibin - 2.37.2-4 - Type:bugfix From 6544e3d96330622d97ab1aad42a206fad1d2e27e Mon Sep 17 00:00:00 2001 From: zhangyao2022 Date: Sat, 30 Jul 2022 08:22:09 +0000 Subject: [PATCH 07/11] =?UTF-8?q?=E6=B7=BB=E5=8A=A0patch=E6=96=87=E4=BB=B6?= =?UTF-8?q?=20cherry-pick=20from:=20ef19ef88bb17c30e9cfb084c2ca4dbecc79b7e?= =?UTF-8?q?7d?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backport-fstat-dir-itself.patch | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 backport-fstat-dir-itself.patch diff --git a/backport-fstat-dir-itself.patch b/backport-fstat-dir-itself.patch new file mode 100644 index 0000000..66b52c6 --- /dev/null +++ b/backport-fstat-dir-itself.patch @@ -0,0 +1,33 @@ +From 2f26f8aae1ece618ff7ade997609509f0b60d400 Mon Sep 17 00:00:00 2001 +From: zhangyao +Date: Sat, 30 Jul 2022 10:38:37 +0800 +Subject: [PATCH] fstat dir itself + +--- + lib/path.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/lib/path.c b/lib/path.c +index 21f9bd1..f0b010e 100644 +--- a/lib/path.c ++++ b/lib/path.c +@@ -350,10 +350,12 @@ int ul_path_stat(struct path_cxt *pc, struct stat *sb, const char *path) + int dir = ul_path_get_dirfd(pc); + if (dir < 0) + return dir; +- if (*path == '/') +- path++; +- +- rc = fstatat(dir, path, sb, 0); ++ if (path) { ++ if (*path == '/') ++ path++; ++ rc = fstatat(dir, path, sb, 0); ++ } else ++ rc = fstat(dir, sb); /* dir itself */ + + if (rc && errno == ENOENT + && pc->redirect_on_enoent +-- +2.33.0 + From cf778af1bd9ec309d4ea9aff063693243ea78e49 Mon Sep 17 00:00:00 2001 From: zhangyao2022 Date: Sat, 30 Jul 2022 08:26:28 +0000 Subject: [PATCH 08/11] update util-linux.spec. cherry-pick from: 294d21caa43c93da1032365c1bae2be2d4c22a1e --- util-linux.spec | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/util-linux.spec b/util-linux.spec index 36f1df7..cf3db9f 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.37.2 -Release: 6 +Release: 8 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -35,6 +35,7 @@ Patch6013: backport-libfdisk-dereference-of-possibly-NULL-gcc-analyzer.patc Patch6014: backport-libfdisk-check-calloc-return-gcc-analyzer.patch Patch6015: backport-mcookie-fix-infinite-loop-when-use-f.patch Patch6016: backport-sfdisk-write-empty-label-also-when-only-ignored-part.patch +Patch6017: backport-fstat-dir-itself.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch @@ -403,6 +404,18 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog +* Sat Jul 30 2022 zhangyao - 2.37.2-8 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Sync community patches + +* Thu Jun 30 2022 shangyibin - 2.37.2-7 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Sync community patches + * Wed Jun 08 2022 renhongxun - 2.37.2-6 - Type:bugfix - ID:NA From ee59a47c9738b2f683efcc8c0d89bb749fe0afc4 Mon Sep 17 00:00:00 2001 From: zhangyao2022 Date: Sat, 30 Jul 2022 08:57:48 +0000 Subject: [PATCH 09/11] update backport-fstat-dir-itself.patch. cherry-pick from: eb4d721549c1a9ad36990812035902ae01b5185e --- backport-fstat-dir-itself.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backport-fstat-dir-itself.patch b/backport-fstat-dir-itself.patch index 66b52c6..98db490 100644 --- a/backport-fstat-dir-itself.patch +++ b/backport-fstat-dir-itself.patch @@ -1,5 +1,5 @@ From 2f26f8aae1ece618ff7ade997609509f0b60d400 Mon Sep 17 00:00:00 2001 -From: zhangyao +From: Karel Zak Date: Sat, 30 Jul 2022 10:38:37 +0800 Subject: [PATCH] fstat dir itself From 28a15c27d77cba1d10fd176a68450965b4273609 Mon Sep 17 00:00:00 2001 From: zhangyao2022 Date: Sat, 30 Jul 2022 09:21:06 +0000 Subject: [PATCH 10/11] update backport-fstat-dir-itself.patch. cherry-pick from: c4c53db67a4608da21f4b5a6d8932c61c182209a --- backport-fstat-dir-itself.patch | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/backport-fstat-dir-itself.patch b/backport-fstat-dir-itself.patch index 98db490..aceb3fb 100644 --- a/backport-fstat-dir-itself.patch +++ b/backport-fstat-dir-itself.patch @@ -1,8 +1,9 @@ From 2f26f8aae1ece618ff7ade997609509f0b60d400 Mon Sep 17 00:00:00 2001 From: Karel Zak -Date: Sat, 30 Jul 2022 10:38:37 +0800 -Subject: [PATCH] fstat dir itself +Date: Mon, 6 Sep 2021 11:52:09 +0200 +Subject: [PATCH] lib/path: fstat dir itself +Signed-off-by: Karel Zak --- lib/path.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) From d1b81d313c1ea4a9631dde0e35cbb5b38fef25a2 Mon Sep 17 00:00:00 2001 From: z30031144 Date: Mon, 31 Oct 2022 13:31:42 +0800 Subject: [PATCH 11/11] change upstream_major and modify bad date in changelog cherry-pick from: 5bef2e46e6e95a4280dc66257e8f4abe61797a2f --- util-linux.spec | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/util-linux.spec b/util-linux.spec index cf3db9f..9788c32 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -25,19 +25,18 @@ Patch6003: realloc-buffer-when-header-size-changed.patch Patch6004: fix-size-use-for-stdin.patch Patch6005: segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch Patch6006: backport-fix-by-ignoring-EINVAL-on-remount-of-proc.patch -Patch6007: backport-su-bash-completion-offer-usernames-rather-than-files.patch -Patch6008: backport-Fix-memory-leaks-in-the-chcpu.patch -Patch6009: backport-logger-fix-prio-prefix-doesn-t-use-priority-default.patch -Patch6010: backport-vipw-flush-stdout-before-getting-answer.patch -Patch6011: backport-login-Restore-tty-size-after-calling-vhangup.patch -Patch6012: backport-Forward-value-of-sector_size-instead-of-its-address.patch -Patch6013: backport-libfdisk-dereference-of-possibly-NULL-gcc-analyzer.patch +Patch6007: backport-su-bash-completion-offer-usernames-rather-than-files.patch +Patch6008: backport-Fix-memory-leaks-in-the-chcpu.patch +Patch6009: backport-logger-fix-prio-prefix-doesn-t-use-priority-default.patch +Patch6010: backport-vipw-flush-stdout-before-getting-answer.patch +Patch6011: backport-login-Restore-tty-size-after-calling-vhangup.patch +Patch6012: backport-Forward-value-of-sector_size-instead-of-its-address.patch +Patch6013: backport-libfdisk-dereference-of-possibly-NULL-gcc-analyzer.patch Patch6014: backport-libfdisk-check-calloc-return-gcc-analyzer.patch Patch6015: backport-mcookie-fix-infinite-loop-when-use-f.patch Patch6016: backport-sfdisk-write-empty-label-also-when-only-ignored-part.patch Patch6017: backport-fstat-dir-itself.patch - Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: SKIPPED-no-root-permissions-test.patch @@ -186,6 +185,7 @@ unset LINGUAS || : %make_build %{_build_arg0__} %{_build_arg1__} %check +export TS_OPT_misc_setarch_known_fail="yes" make check %install @@ -436,7 +436,7 @@ fi fix size use for stdin segmentation fault on invalid unicode input passed to -s option -* Mon Feb 14 2021 shangyibin - 2.37.2-3 +* Mon Feb 14 2022 shangyibin - 2.37.2-3 - Type:CVE - ID:CVE-2021-3995 CVE-2021-3996 - SUG:NA @@ -448,12 +448,6 @@ fi - SUG:NA - DESC:fix test fail -* Thu Jun 09 2022 renhongxun - 2.37.2-2 -- Type:bugfix -- ID:NA -- SUG:NA -- DESC:move hardlink/uclampset completions from util-linux-help to util-linux - * Mon Dec 27 2021 tianwei - 2.37.2-1 - Type:enhancement - ID:NA