diff --git a/backport-Fix-memory-leaks-in-the-chcpu.patch b/backport-Fix-memory-leaks-in-the-chcpu.patch new file mode 100644 index 0000000..3b0e959 --- /dev/null +++ b/backport-Fix-memory-leaks-in-the-chcpu.patch @@ -0,0 +1,20 @@ +From a283ad4ed27b19da176e75d4bec521dea067fedc Mon Sep 17 00:00:00 2001 +From: jiazhenyuan +Date: Mon, 6 Sep 2021 16:50:27 +0800 +Subject: [PATCH] Fix memory leaks in the chcpu +--- + sys-utils/chcpu.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sys-utils/chcpu.c b/sys-utils/chcpu.c +index c4e5bc7e29..527bce5586 100644 +--- a/sys-utils/chcpu.c ++++ b/sys-utils/chcpu.c +@@ -383,6 +383,7 @@ int main(int argc, char *argv[]) + break; + } + ++ CPU_FREE(cpu_set); + ul_unref_path(sys); + + return rc == 0 ? EXIT_SUCCESS : diff --git a/backport-chfn-Make-readline-prompt-for-each-field-on-a-separate-line.patch b/backport-chfn-Make-readline-prompt-for-each-field-on-a-separate-line.patch new file mode 100644 index 0000000..c09c382 --- /dev/null +++ b/backport-chfn-Make-readline-prompt-for-each-field-on-a-separate-line.patch @@ -0,0 +1,79 @@ +From 49848aa53ae3a599277e8ceb50feda565f140b45 Mon Sep 17 00:00:00 2001 +From: Damien Goutte-Gattat +Date: Sat, 27 Jun 2020 19:58:13 +0100 +Subject: [PATCH] chfn: Make readline prompt for each field on a separate line + +When readline is called to get user input, it is called without +a prompt argument. As a result, if the user does not enter anything +for a given field, then the next field is displayed on the same +line, yielding the following output: + + $ chfn + Changing finger information for user. + Password: + Name []: Office []: Office Phone []: Home Phone []: + +instead of the expected: + + $ chfn + Changing finger information for user. + Password: + Full Name []: + Room Number []: + Work Phone []: + Home Phone []: + +This patch restores the expected behavior by feeding readline with +a character to display as "prompt". + +[kzak@redhat.com: - do the same change in chsh + - use ' ' rather than '\n' for non-readline code] + +Signed-off-by: Damien Goutte-Gattat +Signed-off-by: Karel Zak +--- + login-utils/chfn.c | 5 +++-- + login-utils/chsh.c | 5 +++-- + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/login-utils/chfn.c b/login-utils/chfn.c +index b739555..eaba7f8 100644 +--- a/login-utils/chfn.c ++++ b/login-utils/chfn.c +@@ -236,12 +236,13 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question, + if (!def_val) + def_val = ""; + while (true) { +- printf("%s [%s]: ", question, def_val); ++ printf("%s [%s]:", question, def_val); + __fpurge(stdin); + #ifdef HAVE_LIBREADLINE + rl_bind_key('\t', rl_insert); +- if ((buf = readline(NULL)) == NULL) ++ if ((buf = readline(" ")) == NULL) + #else ++ putchar(' '); + if (getline(&buf, &dummy, stdin) < 0) + #endif + errx(EXIT_FAILURE, _("Aborted.")); +diff --git a/login-utils/chsh.c b/login-utils/chsh.c +index a9ebec8..17cc9f1 100644 +--- a/login-utils/chsh.c ++++ b/login-utils/chsh.c +@@ -205,10 +205,11 @@ static char *ask_new_shell(char *question, char *oldshell) + #endif + if (!oldshell) + oldshell = ""; +- printf("%s [%s]\n", question, oldshell); ++ printf("%s [%s]:", question, oldshell); + #ifdef HAVE_LIBREADLINE +- if ((ans = readline("> ")) == NULL) ++ if ((ans = readline(" ")) == NULL) + #else ++ putchar(' '); + if (getline(&ans, &dummy, stdin) < 0) + #endif + return NULL; +-- +2.27.0 + diff --git a/backport-chfn-flush-stdout-before-reading-stdin-and-fix-uninitialized-variable.patch b/backport-chfn-flush-stdout-before-reading-stdin-and-fix-uninitialized-variable.patch new file mode 100644 index 0000000..f10a06e --- /dev/null +++ b/backport-chfn-flush-stdout-before-reading-stdin-and-fix-uninitialized-variable.patch @@ -0,0 +1,37 @@ +From 05907d0d9e7c85f33e168feab1eb36b464425054 Mon Sep 17 00:00:00 2001 +From: Lorenzo Beretta +Date: Mon, 25 Oct 2021 14:06:00 +0200 +Subject: [PATCH] chfn: flush stdout before reading stdin and fix uninitialized + variable + +Same problem as described in https://github.com/karelzak/util-linux/pull/1481 + +Signed-off-by: Lorenzo Beretta +--- + login-utils/chfn.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/login-utils/chfn.c b/login-utils/chfn.c +index eaba7f8..aea26f7 100644 +--- a/login-utils/chfn.c ++++ b/login-utils/chfn.c +@@ -228,7 +228,7 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question, + char *def_val) + { + int len; +- char *buf; ++ char *buf = NULL; /* leave initialized to NULL or getline segfaults */ + #ifndef HAVE_LIBREADLINE + size_t dummy = 0; + #endif +@@ -243,6 +243,7 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question, + if ((buf = readline(" ")) == NULL) + #else + putchar(' '); ++ fflush(stdout); + if (getline(&buf, &dummy, stdin) < 0) + #endif + errx(EXIT_FAILURE, _("Aborted.")); +-- +2.27.0 + diff --git a/backport-chsh-fflush-stdout-before-reading-from-stdin.patch b/backport-chsh-fflush-stdout-before-reading-from-stdin.patch new file mode 100644 index 0000000..a28cfd1 --- /dev/null +++ b/backport-chsh-fflush-stdout-before-reading-from-stdin.patch @@ -0,0 +1,27 @@ +From 0a08200bd5664d1849e477f7f776ab4d13bb8422 Mon Sep 17 00:00:00 2001 +From: Lorenzo Beretta +Date: Mon, 25 Oct 2021 15:28:02 +0200 +Subject: [PATCH] chsh: fflush stdout before reading from stdin + +Same problem as described in https://github.com/karelzak/util-linux/pull/1481 + +Signed-off-by: Lorenzo Beretta +--- + login-utils/chsh.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/login-utils/chsh.c b/login-utils/chsh.c +index 17cc9f1..63b8b29 100644 +--- a/login-utils/chsh.c ++++ b/login-utils/chsh.c +@@ -210,6 +210,7 @@ static char *ask_new_shell(char *question, char *oldshell) + if ((ans = readline(" ")) == NULL) + #else + putchar(' '); ++ fflush(stdout); + if (getline(&ans, &dummy, stdin) < 0) + #endif + return NULL; +-- +2.27.0 + diff --git a/backport-column-segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch b/backport-column-segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch new file mode 100644 index 0000000..ed139dd --- /dev/null +++ b/backport-column-segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch @@ -0,0 +1,30 @@ +From 9714331843ef3a6d9c10ff1d3bc5fcf53d44d930 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 31 Aug 2021 12:31:15 +0200 +Subject: [PATCH] column: segmentation fault on invalid unicode input passed to + -s option + +The function mbs_to_wcs() returns NULL on invalid UTF. + +Fixes: https://github.com/karelzak/util-linux/issues/1425 +Signed-off-by: Karel Zak +--- + text-utils/column.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/text-utils/column.c b/text-utils/column.c +index 33c7f1f..5728dfb 100644 +--- a/text-utils/column.c ++++ b/text-utils/column.c +@@ -769,6 +769,8 @@ int main(int argc, char **argv) + case 's': + free(ctl.input_separator); + ctl.input_separator = mbs_to_wcs(optarg); ++ if (!ctl.input_separator) ++ err(EXIT_FAILURE, _("failed to use input separator")); + ctl.greedy = 0; + break; + case 'T': +-- +2.27.0 + diff --git a/backport-libblkid-avoid-buffer-overflow-in-ocfs-superblock-parsing.patch b/backport-libblkid-avoid-buffer-overflow-in-ocfs-superblock-parsing.patch new file mode 100644 index 0000000..b7af88c --- /dev/null +++ b/backport-libblkid-avoid-buffer-overflow-in-ocfs-superblock-parsing.patch @@ -0,0 +1,39 @@ +From d7fa8ed63891b0058c5df8aa809e34de61008f51 Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Sun, 9 Oct 2022 20:20:45 +0200 +Subject: [PATCH] libblkid: avoid buffer overflow in ocfs superblock parsing + +Label and mount values are checked only according to on-disk +values and not checked against the real structure size. +This can lead to reading of memory outside of superblock +struct and subsequent crash. + +Reproducer found with OSS-Fuzz (issue 52270) running over +cryptsetup project (blkid is used in header init). + +Signed-off-by: Milan Broz +--- + libblkid/src/superblocks/ocfs.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/libblkid/src/superblocks/ocfs.c b/libblkid/src/superblocks/ocfs.c +index 28df6ddfa4..e213d66b44 100644 +--- a/libblkid/src/superblocks/ocfs.c ++++ b/libblkid/src/superblocks/ocfs.c +@@ -129,10 +129,12 @@ static int probe_ocfs(blkid_probe pr, const struct blkid_idmag *mag) + blkid_probe_set_value(pr, "SEC_TYPE", + (unsigned char *) "ntocfs", sizeof("ntocfs")); + +- blkid_probe_set_label(pr, (unsigned char *) ovl.label, +- ocfslabellen(ovl)); +- blkid_probe_set_value(pr, "MOUNT", (unsigned char *) ovh.mount, +- ocfsmountlen(ovh)); ++ if (ocfslabellen(ovl) < sizeof(ovl.label)) ++ blkid_probe_set_label(pr, (unsigned char *) ovl.label, ++ ocfslabellen(ovl)); ++ if (ocfsmountlen(ovh) < sizeof(ovh.mount)) ++ blkid_probe_set_value(pr, "MOUNT", (unsigned char *) ovh.mount, ++ ocfsmountlen(ovh)); + blkid_probe_set_uuid(pr, ovl.vol_id); + blkid_probe_sprintf_version(pr, "%u.%u", maj, min); + return 0; diff --git a/backport-libblkid-cleanup-indentation.patch b/backport-libblkid-cleanup-indentation.patch new file mode 100644 index 0000000..07aa00f --- /dev/null +++ b/backport-libblkid-cleanup-indentation.patch @@ -0,0 +1,32 @@ +From c7471d8b3d4e796eee8ae041e5cbb55c5619318e Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 19 Oct 2022 11:24:30 +0200 +Subject: [PATCH] libblkid: cleanup indentation + +Signed-off-by: Karel Zak +--- + libblkid/src/superblocks/jmicron_raid.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libblkid/src/superblocks/jmicron_raid.c b/libblkid/src/superblocks/jmicron_raid.c +index 9ef8cd3f8..ab2c829f0 100644 +--- a/libblkid/src/superblocks/jmicron_raid.c ++++ b/libblkid/src/superblocks/jmicron_raid.c +@@ -17,10 +17,10 @@ + #include "superblocks.h" + + #define JM_SIGNATURE "JM" +-#define JM_MINOR_VERSION(_x) ((_x)->version & 0xFF) +-#define JM_MAJOR_VERSION(_x) ((_x)->version >> 8) +-#define JM_SPARES 2 +-#define JM_MEMBERS 8 ++#define JM_MINOR_VERSION(_x) ((_x)->version & 0xFF) ++#define JM_MAJOR_VERSION(_x) ((_x)->version >> 8) ++#define JM_SPARES 2 ++#define JM_MEMBERS 8 + + struct jm_metadata { + int8_t signature[2]; /* 0x0 - 0x01 */ +-- +2.27.0 + diff --git a/backport-libblkid-fix-jmicron-checksum-and-LE-to-CPU.patch b/backport-libblkid-fix-jmicron-checksum-and-LE-to-CPU.patch new file mode 100644 index 0000000..b7006ea --- /dev/null +++ b/backport-libblkid-fix-jmicron-checksum-and-LE-to-CPU.patch @@ -0,0 +1,92 @@ +From cb92f0d82ae634e46989d3dae673ae3f542f7dd9 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Fri, 21 Oct 2022 18:11:59 +0200 +Subject: [PATCH] libblkid: fix jmicron checksum and LE to CPU + +- don't cast packed struct to uint16_t pointer, use temporary value +- calculate real count for the loop +- convert all to LE for checksum calculation (jm_to_cpu() ignores fillers) + +Signed-off-by: Karel Zak +--- + libblkid/src/superblocks/jmicron_raid.c | 44 ++++++++++++++----------- + 1 file changed, 25 insertions(+), 19 deletions(-) + +diff --git a/libblkid/src/superblocks/jmicron_raid.c b/libblkid/src/superblocks/jmicron_raid.c +index ab2c829f0..580c38533 100644 +--- a/libblkid/src/superblocks/jmicron_raid.c ++++ b/libblkid/src/superblocks/jmicron_raid.c +@@ -55,35 +55,38 @@ static void jm_to_cpu(struct jm_metadata *jm) + { + unsigned int i; + +- le16_to_cpu(jm->version); +- le16_to_cpu(jm->checksum); +- le32_to_cpu(jm->identity); ++ jm->version = le16_to_cpu(jm->version); ++ jm->checksum = le16_to_cpu(jm->checksum); ++ jm->identity = le32_to_cpu(jm->identity); ++ jm->segment.base = le32_to_cpu(jm->segment.base); ++ jm->segment.range = le32_to_cpu(jm->segment.range); ++ jm->segment.range2 = le16_to_cpu(jm->segment.range2); + +- le32_to_cpu(jm->segment.base); +- le32_to_cpu(jm->segment.range); +- le16_to_cpu(jm->segment.range2); +- +- le16_to_cpu(jm->attribute); ++ jm->attribute = le16_to_cpu(jm->attribute); + + for (i = 0; i < JM_SPARES; i++) +- le32_to_cpu(jm->spare[i]); ++ jm->spare[i] = le32_to_cpu(jm->spare[i]); + + for (i = 0; i < JM_MEMBERS; i++) +- le32_to_cpu(jm->member[i]); ++ jm->member[i] = le32_to_cpu(jm->member[i]); + } + +-static int jm_checksum(struct jm_metadata *jm) ++static int jm_checksum(const struct jm_metadata *jm) + { +- size_t count = 64; +- char *buf = (char *) jm; +- uint16_t *p = (uint16_t *) buf, sum = 0; ++ size_t count = sizeof(*jm) / sizeof(uint16_t); ++ uint16_t sum = 0; ++ unsigned char *ptr = (unsigned char *) jm; ++ ++ while (count--) { ++ uint16_t val; + +- assert(count <= sizeof(struct jm_metadata)); ++ memcpy(&val, ptr, sizeof(uint16_t)); ++ sum += le16_to_cpu(val); + +- while (count--) +- sum += *p++; ++ ptr += sizeof(uint16_t); ++ } + +- return !sum || sum == 1; ++ return sum == 0 || sum == 1; + } + + static int probe_jmraid(blkid_probe pr, +@@ -108,9 +111,12 @@ static int probe_jmraid(blkid_probe pr, + if (memcmp(jm->signature, JM_SIGNATURE, sizeof(JM_SIGNATURE) - 1) != 0) + return 1; + ++ if (!jm_checksum(jm)) ++ return 1; ++ + jm_to_cpu(jm); + +- if (!jm_checksum(jm)) ++ if (jm->mode > 5) + return 1; + + if (blkid_probe_sprintf_version(pr, "%u.%u", +-- +2.27.0 + diff --git a/backport-libblkid-nvidia_raid-validate-checksum.patch b/backport-libblkid-nvidia_raid-validate-checksum.patch new file mode 100644 index 0000000..2915295 --- /dev/null +++ b/backport-libblkid-nvidia_raid-validate-checksum.patch @@ -0,0 +1,55 @@ +From 8a08c34aad61cb59c977212458bf55f5a81186e8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Thu, 2 Mar 2023 15:54:39 +0000 +Subject: [PATCH] libblkid: nvidia_raid: validate checksum +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +See #1843 + +Signed-off-by: Thomas Weißschuh +--- + libblkid/src/superblocks/nvidia_raid.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/libblkid/src/superblocks/nvidia_raid.c b/libblkid/src/superblocks/nvidia_raid.c +index 35c663c8d..f59a0e100 100644 +--- a/libblkid/src/superblocks/nvidia_raid.c ++++ b/libblkid/src/superblocks/nvidia_raid.c +@@ -27,6 +27,14 @@ struct nv_metadata { + #define NVIDIA_SUPERBLOCK_SIZE 120 + + ++static int nvraid_verify_checksum(blkid_probe pr, const struct nv_metadata *nv) ++{ ++ uint32_t csum = le32_to_cpu(nv->chksum); ++ for (size_t i = 0; i < le32_to_cpu(nv->size); i++) ++ csum += le32_to_cpu(((uint32_t *) nv)[i]); ++ return blkid_probe_verify_csum(pr, csum, le32_to_cpu(nv->chksum)); ++} ++ + static int probe_nvraid(blkid_probe pr, + const struct blkid_idmag *mag __attribute__((__unused__))) + { +@@ -42,7 +50,7 @@ static int probe_nvraid(blkid_probe pr, + nv = (struct nv_metadata *) + blkid_probe_get_buffer(pr, + off, +- sizeof(struct nv_metadata)); ++ NVIDIA_SUPERBLOCK_SIZE); + if (!nv) + return errno ? -errno : 1; + +@@ -50,6 +58,8 @@ static int probe_nvraid(blkid_probe pr, + return 1; + if (le32_to_cpu(nv->size) * 4 != NVIDIA_SUPERBLOCK_SIZE) + return 1; ++ if (!nvraid_verify_checksum(pr, nv)) ++ return 1; + if (blkid_probe_sprintf_version(pr, "%u", le16_to_cpu(nv->version)) != 0) + return 1; + if (blkid_probe_set_magic(pr, off, sizeof(nv->vendor), +-- +2.27.0 + diff --git a/backport-libblkid-nvidia_raid-verify-superblock-size.patch b/backport-libblkid-nvidia_raid-verify-superblock-size.patch new file mode 100644 index 0000000..62ea0b5 --- /dev/null +++ b/backport-libblkid-nvidia_raid-verify-superblock-size.patch @@ -0,0 +1,38 @@ +From d8d164db5ee217034dea7788263b532114bcd2fd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Thu, 2 Mar 2023 15:27:58 +0000 +Subject: [PATCH] libblkid: nvidia_raid: verify superblock size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Thomas Weißschuh +--- + libblkid/src/superblocks/nvidia_raid.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libblkid/src/superblocks/nvidia_raid.c b/libblkid/src/superblocks/nvidia_raid.c +index 5db8ec260..35c663c8d 100644 +--- a/libblkid/src/superblocks/nvidia_raid.c ++++ b/libblkid/src/superblocks/nvidia_raid.c +@@ -24,6 +24,8 @@ struct nv_metadata { + } __attribute__((packed)); + + #define NVIDIA_SIGNATURE "NVIDIA" ++#define NVIDIA_SUPERBLOCK_SIZE 120 ++ + + static int probe_nvraid(blkid_probe pr, + const struct blkid_idmag *mag __attribute__((__unused__))) +@@ -46,6 +48,8 @@ static int probe_nvraid(blkid_probe pr, + + if (memcmp(nv->vendor, NVIDIA_SIGNATURE, sizeof(NVIDIA_SIGNATURE)-1) != 0) + return 1; ++ if (le32_to_cpu(nv->size) * 4 != NVIDIA_SUPERBLOCK_SIZE) ++ return 1; + if (blkid_probe_sprintf_version(pr, "%u", le16_to_cpu(nv->version)) != 0) + return 1; + if (blkid_probe_set_magic(pr, off, sizeof(nv->vendor), +-- +2.27.0 + diff --git a/backport-libblkid-use-checksum-for-jmicron.patch b/backport-libblkid-use-checksum-for-jmicron.patch new file mode 100644 index 0000000..f4e0eed --- /dev/null +++ b/backport-libblkid-use-checksum-for-jmicron.patch @@ -0,0 +1,122 @@ +From cf68e2c897a29f8a3a1c8402574bbb49adf5a52a Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 19 Oct 2022 11:16:17 +0200 +Subject: [PATCH] libblkid: use checksum for jmicron + +Addresses: https://github.com/util-linux/util-linux/pull/1843 +Signed-off-by: Karel Zak +--- + libblkid/src/superblocks/jmicron_raid.c | 83 ++++++++++++++++++++++--- + 1 file changed, 74 insertions(+), 9 deletions(-) + +diff --git a/libblkid/src/superblocks/jmicron_raid.c b/libblkid/src/superblocks/jmicron_raid.c +index ca7986733..9ef8cd3f8 100644 +--- a/libblkid/src/superblocks/jmicron_raid.c ++++ b/libblkid/src/superblocks/jmicron_raid.c +@@ -16,14 +16,75 @@ + + #include "superblocks.h" + ++#define JM_SIGNATURE "JM" ++#define JM_MINOR_VERSION(_x) ((_x)->version & 0xFF) ++#define JM_MAJOR_VERSION(_x) ((_x)->version >> 8) ++#define JM_SPARES 2 ++#define JM_MEMBERS 8 ++ + struct jm_metadata { +- int8_t signature[2]; +- uint8_t minor_version; +- uint8_t major_version; +- uint16_t checksum; +-}; ++ int8_t signature[2]; /* 0x0 - 0x01 */ + +-#define JM_SIGNATURE "JM" ++ uint16_t version; /* 0x03 - 0x04 JMicron version */ ++ ++ uint16_t checksum; /* 0x04 - 0x05 */ ++ uint8_t filler[10]; ++ ++ uint32_t identity; /* 0x10 - 0x13 */ ++ ++ struct { ++ uint32_t base; /* 0x14 - 0x17 */ ++ uint32_t range; /* 0x18 - 0x1B range */ ++ uint16_t range2; /* 0x1C - 0x1D range2 */ ++ } segment; ++ ++ int8_t name[16]; /* 0x20 - 0x2F */ ++ ++ uint8_t mode; /* 0x30 RAID level */ ++ uint8_t block; /* 0x31 stride size (2=4K, 3=8K, ...) */ ++ uint16_t attribute; /* 0x32 - 0x33 */ ++ uint8_t filler1[4]; ++ ++ uint32_t spare[JM_SPARES]; /* 0x38 - 0x3F */ ++ uint32_t member[JM_MEMBERS]; /* 0x40 - 0x5F */ ++ ++ uint8_t filler2[0x20]; ++} __attribute__ ((packed)); ++ ++static void jm_to_cpu(struct jm_metadata *jm) ++{ ++ unsigned int i; ++ ++ le16_to_cpu(jm->version); ++ le16_to_cpu(jm->checksum); ++ le32_to_cpu(jm->identity); ++ ++ le32_to_cpu(jm->segment.base); ++ le32_to_cpu(jm->segment.range); ++ le16_to_cpu(jm->segment.range2); ++ ++ le16_to_cpu(jm->attribute); ++ ++ for (i = 0; i < JM_SPARES; i++) ++ le32_to_cpu(jm->spare[i]); ++ ++ for (i = 0; i < JM_MEMBERS; i++) ++ le32_to_cpu(jm->member[i]); ++} ++ ++static int jm_checksum(struct jm_metadata *jm) ++{ ++ size_t count = 64; ++ char *buf = (char *) jm; ++ uint16_t *p = (uint16_t *) buf, sum = 0; ++ ++ assert(count <= sizeof(struct jm_metadata)); ++ ++ while (count--) ++ sum += *p++; ++ ++ return !sum || sum == 1; ++} + + static int probe_jmraid(blkid_probe pr, + const struct blkid_idmag *mag __attribute__((__unused__))) +@@ -46,8 +107,14 @@ static int probe_jmraid(blkid_probe pr, + + if (memcmp(jm->signature, JM_SIGNATURE, sizeof(JM_SIGNATURE) - 1) != 0) + return 1; ++ ++ jm_to_cpu(jm); ++ ++ if (!jm_checksum(jm)) ++ return 1; ++ + if (blkid_probe_sprintf_version(pr, "%u.%u", +- jm->major_version, jm->minor_version) != 0) ++ JM_MAJOR_VERSION(jm), JM_MINOR_VERSION(jm)) != 0) + return 1; + if (blkid_probe_set_magic(pr, off, sizeof(jm->signature), + (unsigned char *) jm->signature)) +@@ -61,5 +128,3 @@ const struct blkid_idinfo jmraid_idinfo = { + .probefunc = probe_jmraid, + .magics = BLKID_NONE_MAGIC + }; +- +- +-- +2.27.0 + diff --git a/backport-logger-fix-prio-prefix-doesnot-use-priority-default.patch b/backport-logger-fix-prio-prefix-doesnot-use-priority-default.patch new file mode 100644 index 0000000..296d24e --- /dev/null +++ b/backport-logger-fix-prio-prefix-doesnot-use-priority-default.patch @@ -0,0 +1,37 @@ +From 02f859392754038f383dabeb32effec4ae1f02ba Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 16 Sep 2021 12:20:25 +0200 +Subject: [PATCH] logger: fix --prio-prefix doesn't use --priority default + +The commit b9ef27f have added priority check, but it introduced +regression as the default priority (as specified by --priority) is +ignored. + +This patch fixes this problem, but it also removes extra check for +"kern facility", it's unnecessary and inconsistent with the rest of +logger. + +Fixes: https://github.com/karelzak/util-linux/issues/1450 +Signed-off-by: Karel Zak +--- + misc-utils/logger.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/misc-utils/logger.c b/misc-utils/logger.c +index a7736eb..4120871 100644 +--- a/misc-utils/logger.c ++++ b/misc-utils/logger.c +@@ -1003,8 +1003,8 @@ static void logger_stdin(struct logger_ctl *ctl) + if (c == '>' && 0 <= pri && pri <= 191) { + /* valid RFC PRI values */ + i = 0; +- if (pri < 8) /* kern facility is forbidden */ +- pri |= 8; ++ if ((pri & LOG_FACMASK) == 0) ++ pri |= (default_priority & LOG_FACMASK); + ctl->pri = pri; + } else + ctl->pri = default_priority; +-- +2.27.0 + diff --git a/backport-logger-fix-size-use-for-stdin.patch b/backport-logger-fix-size-use-for-stdin.patch new file mode 100644 index 0000000..3fa24d2 --- /dev/null +++ b/backport-logger-fix-size-use-for-stdin.patch @@ -0,0 +1,64 @@ +From 58e4ee082bca100034791a4a74481f263bb30a25 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 21 Oct 2021 18:47:40 +0200 +Subject: [PATCH] logger: fix --size use for stdin +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The stdin version counts log header into the message size, but +for example when it reads message from argv[] it counts only message +itself. + + $ logger --stderr --size 3 "abcd" + <13>Oct 21 18:48:29 kzak: abc + + $ echo "abcd" | logger --stderr --size 3 + logger: cannot allocate 18446744073709551597 bytes: Cannot allocate memory + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2011602 +Signed-off-by: Karel Zak +--- + misc-utils/logger.c | 13 ++----------- + 1 file changed, 2 insertions(+), 11 deletions(-) + +diff --git a/misc-utils/logger.c b/misc-utils/logger.c +index d3b3343..15d5dc5 100644 +--- a/misc-utils/logger.c ++++ b/misc-utils/logger.c +@@ -981,9 +981,7 @@ static void logger_stdin(struct logger_ctl *ctl) + */ + int default_priority = ctl->pri; + int last_pri = default_priority; +- size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr); +- size_t allocated_usrmsg_size = max_usrmsg_size; +- char *buf = xmalloc(allocated_usrmsg_size + 2 + 2); ++ char *buf = xmalloc(ctl->max_message_size + 2 + 2); + int pri; + int c; + size_t i; +@@ -1011,20 +1009,13 @@ static void logger_stdin(struct logger_ctl *ctl) + + if (ctl->pri != last_pri) { + generate_syslog_header(ctl); +- max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr); +- +- if (max_usrmsg_size > allocated_usrmsg_size) { +- allocated_usrmsg_size = max_usrmsg_size; +- buf = xrealloc(buf, allocated_usrmsg_size + 2 + 2); +- } +- + last_pri = ctl->pri; + } + if (c != EOF && c != '\n') + c = getchar(); + } + +- while (c != EOF && c != '\n' && i < max_usrmsg_size) { ++ while (c != EOF && c != '\n' && i < ctl->max_message_size) { + buf[i++] = c; + c = getchar(); + } +-- +2.27.0 + diff --git a/backport-logger-realloc-buffer-when-header-size-changed.patch b/backport-logger-realloc-buffer-when-header-size-changed.patch new file mode 100644 index 0000000..a542097 --- /dev/null +++ b/backport-logger-realloc-buffer-when-header-size-changed.patch @@ -0,0 +1,64 @@ +From b0a8b8cd9c34600dda7d0503aac2dc0af3012fdc Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 21 Oct 2021 16:00:01 +0200 +Subject: [PATCH] logger: realloc buffer when header size changed + +This is probably paranoid optimization, but when we generate a new +header we need to be sure that buffer is not smaller than calculated +maximal size of user's data. + +Signed-off-by: Karel Zak +--- + misc-utils/logger.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +diff --git a/misc-utils/logger.c b/misc-utils/logger.c +index 23da164cd6..4511ab1141 100644 +--- a/misc-utils/logger.c ++++ b/misc-utils/logger.c +@@ -979,11 +979,11 @@ static void logger_stdin(struct logger_ctl *ctl) + * update header timestamps and to reflect possible priority changes. + * The initial header is generated by logger_open(). + */ +- int has_header = 1; + int default_priority = ctl->pri; + int last_pri = default_priority; + size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr); +- char *const buf = xmalloc(max_usrmsg_size + 2 + 2); ++ size_t allocated_usrmsg_size = max_usrmsg_size; ++ char *buf = xmalloc(allocated_usrmsg_size + 2 + 2); + int pri; + int c; + size_t i; +@@ -1010,9 +1010,14 @@ static void logger_stdin(struct logger_ctl *ctl) + ctl->pri = default_priority; + + if (ctl->pri != last_pri) { +- has_header = 0; +- max_usrmsg_size = +- ctl->max_message_size - strlen(ctl->hdr); ++ generate_syslog_header(ctl); ++ max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr); ++ ++ if (max_usrmsg_size > allocated_usrmsg_size) { ++ allocated_usrmsg_size = max_usrmsg_size; ++ buf = xrealloc(buf, allocated_usrmsg_size + 2 + 2); ++ } ++ + last_pri = ctl->pri; + } + if (c != EOF && c != '\n') +@@ -1025,12 +1030,8 @@ static void logger_stdin(struct logger_ctl *ctl) + } + buf[i] = '\0'; + +- if (i > 0 || !ctl->skip_empty_lines) { +- if (!has_header) +- generate_syslog_header(ctl); ++ if (i > 0 || !ctl->skip_empty_lines) + write_output(ctl, buf); +- has_header = 0; +- } + + if (c == '\n') /* discard line terminator */ + c = getchar(); diff --git a/backport-login-Restore-tty-size-after-calling-vhangup.patch b/backport-login-Restore-tty-size-after-calling-vhangup.patch new file mode 100644 index 0000000..4066b6e --- /dev/null +++ b/backport-login-Restore-tty-size-after-calling-vhangup.patch @@ -0,0 +1,58 @@ +From 7e58b71dfa9bf27f574fd79424f56206f44fa806 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Sat, 30 Oct 2021 15:56:14 +0100 +Subject: [PATCH] login: Restore tty size after calling vhangup() + +If login receives the tty to work on via stdin, stdout and stderr, +login might end up closing the remaining open file descriptors to +the tty just before it calls vhangup(). When the last open file +descriptors to a tty are closed, it's configured size is reset to +0x0. To avoid this from happening, save the size before closing +the stdin, stdout and stderr file descriptors and reapply the size +after the tty is re-opened. + +Fixes #1484 +--- + login-utils/login.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/login-utils/login.c b/login-utils/login.c +index c08d380..648d3d2 100644 +--- a/login-utils/login.c ++++ b/login-utils/login.c +@@ -362,6 +362,7 @@ static void init_tty(struct login_context *cxt) + { + struct stat st; + struct termios tt, ttt; ++ struct winsize ws; + + cxt->tty_mode = (mode_t) getlogindefs_num("TTYPERM", TTY_MODE); + +@@ -392,6 +393,12 @@ static void init_tty(struct login_context *cxt) + } + #endif + ++ /* The TTY size might be reset to 0x0 by the kernel when we close the stdin/stdout/stderr file ++ * descriptors so let's save the size now so we can reapply it later */ ++ memset(&ws, 0, sizeof(struct winsize)); ++ if (ioctl(STDIN_FILENO, TIOCGWINSZ, &ws) < 0) ++ syslog(LOG_WARNING, _("TIOCGWINSZ ioctl failed: %m")); ++ + tcgetattr(0, &tt); + ttt = tt; + ttt.c_cflag &= ~HUPCL; +@@ -423,6 +430,11 @@ static void init_tty(struct login_context *cxt) + + /* restore tty modes */ + tcsetattr(0, TCSAFLUSH, &tt); ++ ++ /* Restore tty size */ ++ if (ws.ws_row > 0 || ws.ws_col > 0) ++ if (ioctl(STDIN_FILENO, TIOCSWINSZ, &ws) < 0) ++ syslog(LOG_WARNING, _("TIOCSWINSZ ioctl failed: %m")); + } + + +-- +2.27.0 + diff --git a/backport-lsblk-fix-endless-loop-if-device-specified-more-than-once.patch b/backport-lsblk-fix-endless-loop-if-device-specified-more-than-once.patch new file mode 100644 index 0000000..e6eb26d --- /dev/null +++ b/backport-lsblk-fix-endless-loop-if-device-specified-more-than-once.patch @@ -0,0 +1,41 @@ +From 9eb31ca7f7971101846bd3668be5d7807200fa2f Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 19 Sep 2022 14:23:25 +0200 +Subject: [PATCH] lsblk: fix endless loop if device specified more than once + +Fixes: https://github.com/util-linux/util-linux/issues/1814 +Signed-off-by: Karel Zak +--- + misc-utils/lsblk-devtree.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/misc-utils/lsblk-devtree.c b/misc-utils/lsblk-devtree.c +index ce9d3e84f7..6f9dc54b3c 100644 +--- a/misc-utils/lsblk-devtree.c ++++ b/misc-utils/lsblk-devtree.c +@@ -282,8 +282,25 @@ void lsblk_unref_devtree(struct lsblk_devtree *tr) + } + } + ++static int has_root(struct lsblk_devtree *tr, struct lsblk_device *dev) ++{ ++ struct lsblk_iter itr; ++ struct lsblk_device *x = NULL; ++ ++ lsblk_reset_iter(&itr, LSBLK_ITER_FORWARD); ++ ++ while (lsblk_devtree_next_root(tr, &itr, &x) == 0) { ++ if (x == dev) ++ return 1; ++ } ++ return 0; ++} ++ + int lsblk_devtree_add_root(struct lsblk_devtree *tr, struct lsblk_device *dev) + { ++ if (has_root(tr, dev)) ++ return 0; ++ + if (!lsblk_devtree_has_device(tr, dev)) + lsblk_devtree_add_device(tr, dev); + diff --git a/backport-mcookie-fix-infinite-loop-when-use-f.patch b/backport-mcookie-fix-infinite-loop-when-use-f.patch new file mode 100644 index 0000000..aa0a2d7 --- /dev/null +++ b/backport-mcookie-fix-infinite-loop-when-use-f.patch @@ -0,0 +1,23 @@ +From 60e5bb73990260836b087735a9c69deab8af4c81 Mon Sep 17 00:00:00 2001 +From: Hiroaki Sengoku +Date: Fri, 15 Oct 2021 14:02:46 +0900 +Subject: [PATCH] mcookie: fix infinite-loop when use -f + +Signed-off-by: Karel Zak +--- + misc-utils/mcookie.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/misc-utils/mcookie.c b/misc-utils/mcookie.c +index 315740127e..be5c34ae4c 100644 +--- a/misc-utils/mcookie.c ++++ b/misc-utils/mcookie.c +@@ -65,7 +65,7 @@ static uint64_t hash_file(struct mcookie_control *ctl, int fd) + rdsz = wanted - count; + + r = read_all(fd, (char *) buf, rdsz); +- if (r < 0) ++ if (r <= 0) + break; + ul_MD5Update(&ctl->ctx, buf, r); + count += r; diff --git a/backport-su-offer-usernames-rather-than-files.patch b/backport-su-offer-usernames-rather-than-files.patch new file mode 100644 index 0000000..5ea936d --- /dev/null +++ b/backport-su-offer-usernames-rather-than-files.patch @@ -0,0 +1,24 @@ +From 059811d096f0051d911f884d47ebc6147630990a Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 31 Aug 2021 12:51:40 +0200 +Subject: [PATCH] su: (bash-completion) offer usernames rather than files + +Fixes: https://github.com/karelzak/util-linux/issues/1424 +Signed-off-by: Karel Zak +--- + bash-completion/su | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bash-completion/su b/bash-completion/su +index 309505085d..913e445230 100644 +--- a/bash-completion/su ++++ b/bash-completion/su +@@ -41,7 +41,7 @@ _su_module() + esac + local IFS=$'\n' + compopt -o filenames +- COMPREPLY=( $(compgen -f -- $cur) ) ++ COMPREPLY=( $(compgen -u -- $cur) ) + return 0 + } + complete -F _su_module su diff --git a/backport-vipw-flush-stdout-before-getting-answer.patch b/backport-vipw-flush-stdout-before-getting-answer.patch new file mode 100644 index 0000000..3b9c560 --- /dev/null +++ b/backport-vipw-flush-stdout-before-getting-answer.patch @@ -0,0 +1,35 @@ +From 34a9b65587a7d704db0344e859511af4a6756c89 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C3=89rico=20Nogueira?= +Date: Fri, 22 Oct 2021 14:28:50 -0300 +Subject: [PATCH] vipw: flush stdout before getting answer. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Otherwise the question is displayed only after the user presses Return, +and the program looks like it's hanging. + +This happens at least on musl libc. + +Reported by @loreb. + +Signed-off-by: Érico Nogueira +--- + login-utils/vipw.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/login-utils/vipw.c b/login-utils/vipw.c +index 38953b7..bd0bac5 100644 +--- a/login-utils/vipw.c ++++ b/login-utils/vipw.c +@@ -364,6 +364,7 @@ int main(int argc, char *argv[]) + * which means they can be translated. */ + printf(_("Would you like to edit %s now [y/n]? "), orig_file); + ++ fflush(stdout); + if (fgets(response, sizeof(response), stdin) && + rpmatch(response) == RPMATCH_YES) + edit_file(1); +-- +2.27.0 + diff --git a/util-linux.spec b/util-linux.spec index 5839f37..ca24c66 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -2,7 +2,7 @@ Name: util-linux Version: 2.35.2 -Release: 12 +Release: 13 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -57,6 +57,25 @@ Patch18: backport-libblkid-use-sys-to-read-all-block-devices.patch Patch19: backpaort-fix-rounding-in-size_to_human_string.patch Patch20: backpaort-fix-uint64_t-overflow.patch Patch21: backpaort-update-fdisk-outputs-due-to-sizes-rounding-change.patch +Patch22: backport-column-segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch +Patch23: backport-su-offer-usernames-rather-than-files.patch +Patch24: backport-Fix-memory-leaks-in-the-chcpu.patch +Patch25: backport-logger-fix-prio-prefix-doesnot-use-priority-default.patch +Patch26: backport-mcookie-fix-infinite-loop-when-use-f.patch +Patch27: backport-logger-realloc-buffer-when-header-size-changed.patch +Patch28: backport-logger-fix-size-use-for-stdin.patch +Patch29: backport-vipw-flush-stdout-before-getting-answer.patch +Patch30: backport-chfn-Make-readline-prompt-for-each-field-on-a-separate-line.patch +Patch31: backport-chfn-flush-stdout-before-reading-stdin-and-fix-uninitialized-variable.patch +Patch32: backport-chsh-fflush-stdout-before-reading-from-stdin.patch +Patch33: backport-login-Restore-tty-size-after-calling-vhangup.patch +Patch34: backport-lsblk-fix-endless-loop-if-device-specified-more-than-once.patch +Patch35: backport-libblkid-avoid-buffer-overflow-in-ocfs-superblock-parsing.patch +Patch36: backport-libblkid-use-checksum-for-jmicron.patch +Patch37: backport-libblkid-cleanup-indentation.patch +Patch38: backport-libblkid-fix-jmicron-checksum-and-LE-to-CPU.patch +Patch39: backport-libblkid-nvidia_raid-verify-superblock-size.patch +Patch40: backport-libblkid-nvidia_raid-validate-checksum.patch Patch6000: backport-CVE-2021-37600.patch Patch6001: backport-add-ul_strtou64.patch Patch6002: backport-CVE-2021-3995.patch @@ -410,6 +429,31 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog +* Tue Nov 28 2023 zhangyao - 2.35.2-13 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:sync community patches + backport-column-segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch + backport-su-offer-usernames-rather-than-files.patch + backport-Fix-memory-leaks-in-the-chcpu.patch + backport-logger-fix-prio-prefix-doesnot-use-priority-default.patch + backport-mcookie-fix-infinite-loop-when-use-f.patch + backport-logger-realloc-buffer-when-header-size-changed.patch + backport-logger-fix-size-use-for-stdin.patch + backport-vipw-flush-stdout-before-getting-answer.patch + backport-chfn-Make-readline-prompt-for-each-field-on-a-separate-line.patch + backport-chfn-flush-stdout-before-reading-stdin-and-fix-uninitialized-variable.patch + backport-chsh-fflush-stdout-before-reading-from-stdin.patch + backport-login-Restore-tty-size-after-calling-vhangup.patch + backport-lsblk-fix-endless-loop-if-device-specified-more-than-once.patch + backport-libblkid-avoid-buffer-overflow-in-ocfs-superblock-parsing.patch + backport-libblkid-use-checksum-for-jmicron.patch + backport-libblkid-cleanup-indentation.patch + backport-libblkid-fix-jmicron-checksum-and-LE-to-CPU.patch + backport-libblkid-nvidia_raid-verify-superblock-size.patch + backport-libblkid-nvidia_raid-validate-checksum.patch + * Wed Sep 7 2022 Xiaole He - 2.35.2-12 - Type:bugfix - ID:NA