sync community patches

backport-Fix-memory-leaks-in-the-chcpu.patch

@@ -0,0 +1,20 @@
+From a283ad4ed27b19da176e75d4bec521dea067fedc Mon Sep 17 00:00:00 2001
+From: jiazhenyuan <jiazhenyuan@uniontech.com>
+Date: Mon, 6 Sep 2021 16:50:27 +0800
+Subject: [PATCH] Fix memory leaks in the chcpu
+---
+ sys-utils/chcpu.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/sys-utils/chcpu.c b/sys-utils/chcpu.c
+index c4e5bc7e29..527bce5586 100644
+--- a/sys-utils/chcpu.c
++++ b/sys-utils/chcpu.c
+@@ -383,6 +383,7 @@ int main(int argc, char *argv[])
+ 		break;
+ 	}
+ 
++	CPU_FREE(cpu_set);
+ 	ul_unref_path(sys);
+ 
+ 	return rc == 0 ? EXIT_SUCCESS :

backport-chfn-Make-readline-prompt-for-each-field-on-a-separate-line.patch

@@ -0,0 +1,79 @@
+From 49848aa53ae3a599277e8ceb50feda565f140b45 Mon Sep 17 00:00:00 2001
+From: Damien Goutte-Gattat <dgouttegattat@incenp.org>
+Date: Sat, 27 Jun 2020 19:58:13 +0100
+Subject: [PATCH] chfn: Make readline prompt for each field on a separate line
+
+When readline is called to get user input, it is called without
+a prompt argument. As a result, if the user does not enter anything
+for a given field, then the next field is displayed on the same
+line, yielding the following output:
+
+  $ chfn
+  Changing finger information for user.
+  Password:
+  Name []: Office []: Office Phone []: Home Phone []:
+
+instead of the expected:
+
+  $ chfn
+  Changing finger information for user.
+  Password:
+  Full Name []:
+  Room Number []:
+  Work Phone []:
+  Home Phone []:
+
+This patch restores the expected behavior by feeding readline with
+a character to display as "prompt".
+
+[kzak@redhat.com: - do the same change in chsh
+                  - use ' ' rather than '\n' for non-readline code]
+
+Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ login-utils/chfn.c | 5 +++--
+ login-utils/chsh.c | 5 +++--
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/login-utils/chfn.c b/login-utils/chfn.c
+index b739555..eaba7f8 100644
+--- a/login-utils/chfn.c
++++ b/login-utils/chfn.c
+@@ -236,12 +236,13 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question,
+ 	if (!def_val)
+ 		def_val = "";
+ 	while (true) {
+-		printf("%s [%s]: ", question, def_val);
++		printf("%s [%s]:", question, def_val);
+ 		__fpurge(stdin);
+ #ifdef HAVE_LIBREADLINE
+ 		rl_bind_key('\t', rl_insert);
+-		if ((buf = readline(NULL)) == NULL)
++		if ((buf = readline(" ")) == NULL)
+ #else
++		putchar(' ');
+ 		if (getline(&buf, &dummy, stdin) < 0)
+ #endif
+ 			errx(EXIT_FAILURE, _("Aborted."));
+diff --git a/login-utils/chsh.c b/login-utils/chsh.c
+index a9ebec8..17cc9f1 100644
+--- a/login-utils/chsh.c
++++ b/login-utils/chsh.c
+@@ -205,10 +205,11 @@ static char *ask_new_shell(char *question, char *oldshell)
+ #endif
+ 	if (!oldshell)
+ 		oldshell = "";
+-	printf("%s [%s]\n", question, oldshell);
++	printf("%s [%s]:", question, oldshell);
+ #ifdef HAVE_LIBREADLINE
+-	if ((ans = readline("> ")) == NULL)
++	if ((ans = readline(" ")) == NULL)
+ #else
++	putchar(' ');
+ 	if (getline(&ans, &dummy, stdin) < 0)
+ #endif
+ 		return NULL;
+-- 
+2.27.0
+

backport-chfn-flush-stdout-before-reading-stdin-and-fix-uninitialized-variable.patch

@@ -0,0 +1,37 @@
+From 05907d0d9e7c85f33e168feab1eb36b464425054 Mon Sep 17 00:00:00 2001
+From: Lorenzo Beretta <vc.net.loreb@gmail.com>
+Date: Mon, 25 Oct 2021 14:06:00 +0200
+Subject: [PATCH] chfn: flush stdout before reading stdin and fix uninitialized
+ variable
+
+Same problem as described in https://github.com/karelzak/util-linux/pull/1481
+
+Signed-off-by: Lorenzo Beretta <vc.net.loreb@gmail.com>
+---
+ login-utils/chfn.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/login-utils/chfn.c b/login-utils/chfn.c
+index eaba7f8..aea26f7 100644
+--- a/login-utils/chfn.c
++++ b/login-utils/chfn.c
+@@ -228,7 +228,7 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question,
+ 			   char *def_val)
+ {
+ 	int len;
+-	char *buf;
++	char *buf = NULL; /* leave initialized to NULL or getline segfaults */
+ #ifndef HAVE_LIBREADLINE
+ 	size_t dummy = 0;
+ #endif
+@@ -243,6 +243,7 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question,
+ 		if ((buf = readline(" ")) == NULL)
+ #else
+ 		putchar(' ');
++		fflush(stdout);
+ 		if (getline(&buf, &dummy, stdin) < 0)
+ #endif
+ 			errx(EXIT_FAILURE, _("Aborted."));
+-- 
+2.27.0
+

backport-chsh-fflush-stdout-before-reading-from-stdin.patch

@@ -0,0 +1,27 @@
+From 0a08200bd5664d1849e477f7f776ab4d13bb8422 Mon Sep 17 00:00:00 2001
+From: Lorenzo Beretta <vc.net.loreb@gmail.com>
+Date: Mon, 25 Oct 2021 15:28:02 +0200
+Subject: [PATCH] chsh: fflush stdout before reading from stdin
+
+Same problem as described in https://github.com/karelzak/util-linux/pull/1481
+
+Signed-off-by: Lorenzo Beretta <vc.net.loreb@gmail.com>
+---
+ login-utils/chsh.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/login-utils/chsh.c b/login-utils/chsh.c
+index 17cc9f1..63b8b29 100644
+--- a/login-utils/chsh.c
++++ b/login-utils/chsh.c
+@@ -210,6 +210,7 @@ static char *ask_new_shell(char *question, char *oldshell)
+ 	if ((ans = readline(" ")) == NULL)
+ #else
+ 	putchar(' ');
++	fflush(stdout);
+ 	if (getline(&ans, &dummy, stdin) < 0)
+ #endif
+ 		return NULL;
+-- 
+2.27.0
+

backport-column-segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch

@@ -0,0 +1,30 @@
+From 9714331843ef3a6d9c10ff1d3bc5fcf53d44d930 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 31 Aug 2021 12:31:15 +0200
+Subject: [PATCH] column: segmentation fault on invalid unicode input passed to
+ -s option
+
+The function mbs_to_wcs() returns NULL on invalid UTF.
+
+Fixes: https://github.com/karelzak/util-linux/issues/1425
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ text-utils/column.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/text-utils/column.c b/text-utils/column.c
+index 33c7f1f..5728dfb 100644
+--- a/text-utils/column.c
++++ b/text-utils/column.c
+@@ -769,6 +769,8 @@ int main(int argc, char **argv)
+ 		case 's':
+ 			free(ctl.input_separator);
+ 			ctl.input_separator = mbs_to_wcs(optarg);
++			if (!ctl.input_separator)
++				err(EXIT_FAILURE, _("failed to use input separator"));
+ 			ctl.greedy = 0;
+ 			break;
+ 		case 'T':
+-- 
+2.27.0
+

backport-libblkid-avoid-buffer-overflow-in-ocfs-superblock-parsing.patch

@@ -0,0 +1,39 @@
+From d7fa8ed63891b0058c5df8aa809e34de61008f51 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Sun, 9 Oct 2022 20:20:45 +0200
+Subject: [PATCH] libblkid: avoid buffer overflow in ocfs superblock parsing
+
+Label and mount values are checked only according to on-disk
+values and not checked against the real structure size.
+This can lead to reading of memory outside of superblock
+struct and subsequent crash.
+
+Reproducer found with OSS-Fuzz (issue 52270) running over
+cryptsetup project (blkid is used in header init).
+
+Signed-off-by: Milan Broz <gmazyland@gmail.com>
+---
+ libblkid/src/superblocks/ocfs.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/libblkid/src/superblocks/ocfs.c b/libblkid/src/superblocks/ocfs.c
+index 28df6ddfa4..e213d66b44 100644
+--- a/libblkid/src/superblocks/ocfs.c
++++ b/libblkid/src/superblocks/ocfs.c
+@@ -129,10 +129,12 @@ static int probe_ocfs(blkid_probe pr, const struct blkid_idmag *mag)
+ 		blkid_probe_set_value(pr, "SEC_TYPE",
+ 				(unsigned char *) "ntocfs", sizeof("ntocfs"));
+ 
+-	blkid_probe_set_label(pr, (unsigned char *) ovl.label,
+-				ocfslabellen(ovl));
+-	blkid_probe_set_value(pr, "MOUNT", (unsigned char *) ovh.mount,
+-				ocfsmountlen(ovh));
++	if (ocfslabellen(ovl) < sizeof(ovl.label))
++		blkid_probe_set_label(pr, (unsigned char *) ovl.label,
++					ocfslabellen(ovl));
++	if (ocfsmountlen(ovh) < sizeof(ovh.mount))
++		blkid_probe_set_value(pr, "MOUNT", (unsigned char *) ovh.mount,
++					ocfsmountlen(ovh));
+ 	blkid_probe_set_uuid(pr, ovl.vol_id);
+ 	blkid_probe_sprintf_version(pr, "%u.%u", maj, min);
+ 	return 0;

backport-libblkid-cleanup-indentation.patch

@@ -0,0 +1,32 @@
+From c7471d8b3d4e796eee8ae041e5cbb55c5619318e Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Wed, 19 Oct 2022 11:24:30 +0200
+Subject: [PATCH] libblkid: cleanup indentation
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libblkid/src/superblocks/jmicron_raid.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libblkid/src/superblocks/jmicron_raid.c b/libblkid/src/superblocks/jmicron_raid.c
+index 9ef8cd3f8..ab2c829f0 100644
+--- a/libblkid/src/superblocks/jmicron_raid.c
++++ b/libblkid/src/superblocks/jmicron_raid.c
+@@ -17,10 +17,10 @@
+ #include "superblocks.h"
+ 
+ #define JM_SIGNATURE		"JM"
+-#define	JM_MINOR_VERSION(_x)	((_x)->version & 0xFF)
+-#define	JM_MAJOR_VERSION(_x)	((_x)->version >> 8)
+-#define	JM_SPARES	2
+-#define	JM_MEMBERS	8
++#define JM_MINOR_VERSION(_x)	((_x)->version & 0xFF)
++#define JM_MAJOR_VERSION(_x)	((_x)->version >> 8)
++#define JM_SPARES		2
++#define JM_MEMBERS		8
+ 
+ struct jm_metadata {
+ 	int8_t		signature[2];	/* 0x0 - 0x01 */
+-- 
+2.27.0
+

backport-libblkid-fix-jmicron-checksum-and-LE-to-CPU.patch

@@ -0,0 +1,92 @@
+From cb92f0d82ae634e46989d3dae673ae3f542f7dd9 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Fri, 21 Oct 2022 18:11:59 +0200
+Subject: [PATCH] libblkid: fix jmicron checksum and LE to CPU
+
+- don't cast packed struct to uint16_t pointer, use temporary value
+- calculate real count for the loop
+- convert all to LE for checksum calculation (jm_to_cpu() ignores fillers)
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libblkid/src/superblocks/jmicron_raid.c | 44 ++++++++++++++-----------
+ 1 file changed, 25 insertions(+), 19 deletions(-)
+
+diff --git a/libblkid/src/superblocks/jmicron_raid.c b/libblkid/src/superblocks/jmicron_raid.c
+index ab2c829f0..580c38533 100644
+--- a/libblkid/src/superblocks/jmicron_raid.c
++++ b/libblkid/src/superblocks/jmicron_raid.c
+@@ -55,35 +55,38 @@ static void jm_to_cpu(struct jm_metadata *jm)
+ {
+ 	unsigned int i;
+ 
+-	le16_to_cpu(jm->version);
+-	le16_to_cpu(jm->checksum);
+-	le32_to_cpu(jm->identity);
++	jm->version = le16_to_cpu(jm->version);
++	jm->checksum = le16_to_cpu(jm->checksum);
++	jm->identity = le32_to_cpu(jm->identity);
++	jm->segment.base = le32_to_cpu(jm->segment.base);
++	jm->segment.range = le32_to_cpu(jm->segment.range);
++	jm->segment.range2 = le16_to_cpu(jm->segment.range2);
+ 
+-	le32_to_cpu(jm->segment.base);
+-	le32_to_cpu(jm->segment.range);
+-	le16_to_cpu(jm->segment.range2);
+-
+-	le16_to_cpu(jm->attribute);
++	jm->attribute = le16_to_cpu(jm->attribute);
+ 
+ 	for (i = 0; i < JM_SPARES; i++)
+-		le32_to_cpu(jm->spare[i]);
++		jm->spare[i] = le32_to_cpu(jm->spare[i]);
+ 
+ 	for (i = 0; i < JM_MEMBERS; i++)
+-		le32_to_cpu(jm->member[i]);
++		jm->member[i] = le32_to_cpu(jm->member[i]);
+ }
+ 
+-static int jm_checksum(struct jm_metadata *jm)
++static int jm_checksum(const struct jm_metadata *jm)
+ {
+-	size_t count = 64;
+-	char *buf = (char *) jm;
+-	uint16_t *p = (uint16_t *) buf, sum = 0;
++        size_t count = sizeof(*jm) / sizeof(uint16_t);
++        uint16_t sum = 0;
++        unsigned char *ptr = (unsigned char *) jm;
++
++        while (count--) {
++                uint16_t val;
+ 
+-	assert(count <= sizeof(struct jm_metadata));
++                memcpy(&val, ptr, sizeof(uint16_t));
++                sum += le16_to_cpu(val);
+ 
+-	while (count--)
+-		sum += *p++;
++                ptr += sizeof(uint16_t);
++        }
+ 
+-	return !sum || sum == 1;
++        return sum == 0 || sum == 1;
+ }
+ 
+ static int probe_jmraid(blkid_probe pr,
+@@ -108,9 +111,12 @@ static int probe_jmraid(blkid_probe pr,
+ 	if (memcmp(jm->signature, JM_SIGNATURE, sizeof(JM_SIGNATURE) - 1) != 0)
+ 		return 1;
+ 
++	if (!jm_checksum(jm))
++		return 1;
++
+ 	jm_to_cpu(jm);
+ 
+-	if (!jm_checksum(jm))
++	if (jm->mode > 5)
+ 		return 1;
+ 
+ 	if (blkid_probe_sprintf_version(pr, "%u.%u",
+-- 
+2.27.0
+

backport-libblkid-nvidia_raid-validate-checksum.patch

@@ -0,0 +1,55 @@
+From 8a08c34aad61cb59c977212458bf55f5a81186e8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Thu, 2 Mar 2023 15:54:39 +0000
+Subject: [PATCH] libblkid: nvidia_raid: validate checksum
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+See #1843
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ libblkid/src/superblocks/nvidia_raid.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/libblkid/src/superblocks/nvidia_raid.c b/libblkid/src/superblocks/nvidia_raid.c
+index 35c663c8d..f59a0e100 100644
+--- a/libblkid/src/superblocks/nvidia_raid.c
++++ b/libblkid/src/superblocks/nvidia_raid.c
+@@ -27,6 +27,14 @@ struct nv_metadata {
+ #define NVIDIA_SUPERBLOCK_SIZE		120
+ 
+ 
++static int nvraid_verify_checksum(blkid_probe pr, const struct nv_metadata *nv)
++{
++	uint32_t csum = le32_to_cpu(nv->chksum);
++	for (size_t i = 0; i < le32_to_cpu(nv->size); i++)
++		csum += le32_to_cpu(((uint32_t *) nv)[i]);
++	return blkid_probe_verify_csum(pr, csum, le32_to_cpu(nv->chksum));
++}
++
+ static int probe_nvraid(blkid_probe pr,
+ 		const struct blkid_idmag *mag __attribute__((__unused__)))
+ {
+@@ -42,7 +50,7 @@ static int probe_nvraid(blkid_probe pr,
+ 	nv = (struct nv_metadata *)
+ 		blkid_probe_get_buffer(pr,
+ 				off,
+-				sizeof(struct nv_metadata));
++				NVIDIA_SUPERBLOCK_SIZE);
+ 	if (!nv)
+ 		return errno ? -errno : 1;
+ 
+@@ -50,6 +58,8 @@ static int probe_nvraid(blkid_probe pr,
+ 		return 1;
+ 	if (le32_to_cpu(nv->size) * 4 != NVIDIA_SUPERBLOCK_SIZE)
+ 		return 1;
++	if (!nvraid_verify_checksum(pr, nv))
++		return 1;
+ 	if (blkid_probe_sprintf_version(pr, "%u", le16_to_cpu(nv->version)) != 0)
+ 		return 1;
+ 	if (blkid_probe_set_magic(pr, off, sizeof(nv->vendor),
+-- 
+2.27.0
+

backport-libblkid-nvidia_raid-verify-superblock-size.patch

@@ -0,0 +1,38 @@
+From d8d164db5ee217034dea7788263b532114bcd2fd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Thu, 2 Mar 2023 15:27:58 +0000
+Subject: [PATCH] libblkid: nvidia_raid: verify superblock size
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ libblkid/src/superblocks/nvidia_raid.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libblkid/src/superblocks/nvidia_raid.c b/libblkid/src/superblocks/nvidia_raid.c
+index 5db8ec260..35c663c8d 100644
+--- a/libblkid/src/superblocks/nvidia_raid.c
++++ b/libblkid/src/superblocks/nvidia_raid.c
+@@ -24,6 +24,8 @@ struct nv_metadata {
+ } __attribute__((packed));
+ 
+ #define NVIDIA_SIGNATURE		"NVIDIA"
++#define NVIDIA_SUPERBLOCK_SIZE		120
++
+ 
+ static int probe_nvraid(blkid_probe pr,
+ 		const struct blkid_idmag *mag __attribute__((__unused__)))
+@@ -46,6 +48,8 @@ static int probe_nvraid(blkid_probe pr,
+ 
+ 	if (memcmp(nv->vendor, NVIDIA_SIGNATURE, sizeof(NVIDIA_SIGNATURE)-1) != 0)
+ 		return 1;
++	if (le32_to_cpu(nv->size) * 4 != NVIDIA_SUPERBLOCK_SIZE)
++		return 1;
+ 	if (blkid_probe_sprintf_version(pr, "%u", le16_to_cpu(nv->version)) != 0)
+ 		return 1;
+ 	if (blkid_probe_set_magic(pr, off, sizeof(nv->vendor),
+-- 
+2.27.0
+

backport-libblkid-use-checksum-for-jmicron.patch

@@ -0,0 +1,122 @@
+From cf68e2c897a29f8a3a1c8402574bbb49adf5a52a Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Wed, 19 Oct 2022 11:16:17 +0200
+Subject: [PATCH] libblkid: use checksum for jmicron
+
+Addresses: https://github.com/util-linux/util-linux/pull/1843
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libblkid/src/superblocks/jmicron_raid.c | 83 ++++++++++++++++++++++---
+ 1 file changed, 74 insertions(+), 9 deletions(-)
+
+diff --git a/libblkid/src/superblocks/jmicron_raid.c b/libblkid/src/superblocks/jmicron_raid.c
+index ca7986733..9ef8cd3f8 100644
+--- a/libblkid/src/superblocks/jmicron_raid.c
++++ b/libblkid/src/superblocks/jmicron_raid.c
+@@ -16,14 +16,75 @@
+ 
+ #include "superblocks.h"
+ 
++#define JM_SIGNATURE		"JM"
++#define	JM_MINOR_VERSION(_x)	((_x)->version & 0xFF)
++#define	JM_MAJOR_VERSION(_x)	((_x)->version >> 8)
++#define	JM_SPARES	2
++#define	JM_MEMBERS	8
++
+ struct jm_metadata {
+-	int8_t		signature[2];
+-	uint8_t		minor_version;
+-	uint8_t		major_version;
+-	uint16_t	checksum;
+-};
++	int8_t		signature[2];	/* 0x0 - 0x01 */
+ 
+-#define JM_SIGNATURE		"JM"
++	uint16_t	version;	/* 0x03 - 0x04 JMicron version */
++
++	uint16_t	checksum;	/* 0x04 - 0x05 */
++	uint8_t		filler[10];
++
++	uint32_t	identity;	/* 0x10 - 0x13 */
++
++	struct {
++		uint32_t	base;	/* 0x14 - 0x17 */
++		uint32_t	range;	/* 0x18 - 0x1B range */
++		uint16_t	range2;	/* 0x1C - 0x1D range2 */
++	} segment;
++
++	int8_t		name[16];	/* 0x20 - 0x2F */
++
++	uint8_t		mode;		/* 0x30 RAID level */
++	uint8_t		block;		/* 0x31 stride size (2=4K, 3=8K, ...) */
++	uint16_t	attribute;	/* 0x32 - 0x33 */
++	uint8_t		filler1[4];
++
++	uint32_t	spare[JM_SPARES];	/* 0x38 - 0x3F */
++	uint32_t	member[JM_MEMBERS];	/* 0x40 - 0x5F */
++
++	uint8_t		filler2[0x20];
++} __attribute__ ((packed));
++
++static void jm_to_cpu(struct jm_metadata *jm)
++{
++	unsigned int i;
++
++	le16_to_cpu(jm->version);
++	le16_to_cpu(jm->checksum);
++	le32_to_cpu(jm->identity);
++
++	le32_to_cpu(jm->segment.base);
++	le32_to_cpu(jm->segment.range);
++	le16_to_cpu(jm->segment.range2);
++
++	le16_to_cpu(jm->attribute);
++
++	for (i = 0; i < JM_SPARES; i++)
++		le32_to_cpu(jm->spare[i]);
++
++	for (i = 0; i < JM_MEMBERS; i++)
++		le32_to_cpu(jm->member[i]);
++}
++
++static int jm_checksum(struct jm_metadata *jm)
++{
++	size_t count = 64;
++	char *buf = (char *) jm;
++	uint16_t *p = (uint16_t *) buf, sum = 0;
++
++	assert(count <= sizeof(struct jm_metadata));
++
++	while (count--)
++		sum += *p++;
++
++	return !sum || sum == 1;
++}
+ 
+ static int probe_jmraid(blkid_probe pr,
+ 		const struct blkid_idmag *mag __attribute__((__unused__)))
+@@ -46,8 +107,14 @@ static int probe_jmraid(blkid_probe pr,
+ 
+ 	if (memcmp(jm->signature, JM_SIGNATURE, sizeof(JM_SIGNATURE) - 1) != 0)
+ 		return 1;
++
++	jm_to_cpu(jm);
++
++	if (!jm_checksum(jm))
++		return 1;
++
+ 	if (blkid_probe_sprintf_version(pr, "%u.%u",
+-				jm->major_version, jm->minor_version) != 0)
++			JM_MAJOR_VERSION(jm), JM_MINOR_VERSION(jm)) != 0)
+ 		return 1;
+ 	if (blkid_probe_set_magic(pr, off, sizeof(jm->signature),
+ 				(unsigned char *) jm->signature))
+@@ -61,5 +128,3 @@ const struct blkid_idinfo jmraid_idinfo = {
+ 	.probefunc	= probe_jmraid,
+ 	.magics		= BLKID_NONE_MAGIC
+ };
+-
+-
+-- 
+2.27.0
+

backport-logger-fix-prio-prefix-doesnot-use-priority-default.patch

@@ -0,0 +1,37 @@
+From 02f859392754038f383dabeb32effec4ae1f02ba Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 16 Sep 2021 12:20:25 +0200
+Subject: [PATCH] logger: fix --prio-prefix doesn't use --priority default
+
+The commit b9ef27f have added priority check, but it introduced
+regression as the default priority (as specified by --priority) is
+ignored.
+
+This patch fixes this problem, but it also removes extra check for
+"kern facility", it's unnecessary and inconsistent with the rest of
+logger.
+
+Fixes: https://github.com/karelzak/util-linux/issues/1450
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ misc-utils/logger.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/misc-utils/logger.c b/misc-utils/logger.c
+index a7736eb..4120871 100644
+--- a/misc-utils/logger.c
++++ b/misc-utils/logger.c
+@@ -1003,8 +1003,8 @@ static void logger_stdin(struct logger_ctl *ctl)
+ 			if (c == '>' && 0 <= pri && pri <= 191) {
+ 				/* valid RFC PRI values */
+ 				i = 0;
+-				if (pri < 8)	/* kern facility is forbidden */
+-					pri |= 8;
++				if ((pri & LOG_FACMASK) == 0)
++					pri |= (default_priority & LOG_FACMASK);
+ 				ctl->pri = pri;
+ 			} else
+ 				ctl->pri = default_priority;
+-- 
+2.27.0
+

backport-logger-fix-size-use-for-stdin.patch

@@ -0,0 +1,64 @@
+From 58e4ee082bca100034791a4a74481f263bb30a25 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 21 Oct 2021 18:47:40 +0200
+Subject: [PATCH] logger: fix --size use for stdin
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The stdin version counts log header into the message size, but
+for example when it reads message from argv[] it counts only message
+itself.
+
+ $ logger --stderr  --size 3 "abcd"
+ <13>Oct 21 18:48:29 kzak: abc
+
+ $ echo "abcd" | logger --stderr  --size 3
+ logger: cannot allocate 18446744073709551597 bytes: Cannot allocate memory
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2011602
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ misc-utils/logger.c | 13 ++-----------
+ 1 file changed, 2 insertions(+), 11 deletions(-)
+
+diff --git a/misc-utils/logger.c b/misc-utils/logger.c
+index d3b3343..15d5dc5 100644
+--- a/misc-utils/logger.c
++++ b/misc-utils/logger.c
+@@ -981,9 +981,7 @@ static void logger_stdin(struct logger_ctl *ctl)
+ 	 */
+ 	int default_priority = ctl->pri;
+ 	int last_pri = default_priority;
+-	size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr);
+-	size_t allocated_usrmsg_size = max_usrmsg_size;
+-	char *buf = xmalloc(allocated_usrmsg_size + 2 + 2);
++	char *buf = xmalloc(ctl->max_message_size + 2 + 2);
+ 	int pri;
+ 	int c;
+ 	size_t i;
+@@ -1011,20 +1009,13 @@ static void logger_stdin(struct logger_ctl *ctl)
+ 
+ 			if (ctl->pri != last_pri) {
+ 				generate_syslog_header(ctl);
+-				max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr);
+-
+-				if (max_usrmsg_size > allocated_usrmsg_size) {
+-					allocated_usrmsg_size = max_usrmsg_size;
+-					buf = xrealloc(buf, allocated_usrmsg_size + 2 + 2);
+-				}
+-
+ 				last_pri = ctl->pri;
+ 			}
+ 			if (c != EOF && c != '\n')
+ 				c = getchar();
+ 		}
+ 
+-		while (c != EOF && c != '\n' && i < max_usrmsg_size) {
++		while (c != EOF && c != '\n' && i < ctl->max_message_size) {
+ 			buf[i++] = c;
+ 			c = getchar();
+ 		}
+-- 
+2.27.0
+

backport-logger-realloc-buffer-when-header-size-changed.patch

@@ -0,0 +1,64 @@
+From b0a8b8cd9c34600dda7d0503aac2dc0af3012fdc Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 21 Oct 2021 16:00:01 +0200
+Subject: [PATCH] logger: realloc buffer when header size changed
+
+This is probably paranoid optimization, but when we generate a new
+header we need to be sure that buffer is not smaller than calculated
+maximal size of user's data.
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ misc-utils/logger.c | 21 +++++++++++----------
+ 1 file changed, 11 insertions(+), 10 deletions(-)
+
+diff --git a/misc-utils/logger.c b/misc-utils/logger.c
+index 23da164cd6..4511ab1141 100644
+--- a/misc-utils/logger.c
++++ b/misc-utils/logger.c
+@@ -979,11 +979,11 @@ static void logger_stdin(struct logger_ctl *ctl)
+ 	 * update header timestamps and to reflect possible priority changes.
+ 	 * The initial header is generated by logger_open().
+ 	 */
+-	int has_header = 1;
+ 	int default_priority = ctl->pri;
+ 	int last_pri = default_priority;
+ 	size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr);
+-	char *const buf = xmalloc(max_usrmsg_size + 2 + 2);
++	size_t allocated_usrmsg_size = max_usrmsg_size;
++	char *buf = xmalloc(allocated_usrmsg_size + 2 + 2);
+ 	int pri;
+ 	int c;
+ 	size_t i;
+@@ -1010,9 +1010,14 @@ static void logger_stdin(struct logger_ctl *ctl)
+ 				ctl->pri = default_priority;
+ 
+ 			if (ctl->pri != last_pri) {
+-				has_header = 0;
+-				max_usrmsg_size =
+-				    ctl->max_message_size - strlen(ctl->hdr);
++				generate_syslog_header(ctl);
++				max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr);
++
++				if (max_usrmsg_size > allocated_usrmsg_size) {
++					allocated_usrmsg_size = max_usrmsg_size;
++					buf = xrealloc(buf, allocated_usrmsg_size + 2 + 2);
++				}
++
+ 				last_pri = ctl->pri;
+ 			}
+ 			if (c != EOF && c != '\n')
+@@ -1025,12 +1030,8 @@ static void logger_stdin(struct logger_ctl *ctl)
+ 		}
+ 		buf[i] = '\0';
+ 
+-		if (i > 0 || !ctl->skip_empty_lines) {
+-			if (!has_header)
+-				generate_syslog_header(ctl);
++		if (i > 0 || !ctl->skip_empty_lines)
+ 			write_output(ctl, buf);
+-			has_header = 0;
+-		}
+ 
+ 		if (c == '\n')	/* discard line terminator */
+ 			c = getchar();

backport-login-Restore-tty-size-after-calling-vhangup.patch

@@ -0,0 +1,58 @@
+From 7e58b71dfa9bf27f574fd79424f56206f44fa806 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Sat, 30 Oct 2021 15:56:14 +0100
+Subject: [PATCH] login: Restore tty size after calling vhangup()
+
+If login receives the tty to work on via stdin, stdout and stderr,
+login might end up closing the remaining open file descriptors to
+the tty just before it calls vhangup(). When the last open file
+descriptors to a tty are closed, it's configured size is reset to
+0x0. To avoid this from happening, save the size before closing
+the stdin, stdout and stderr file descriptors and reapply the size
+after the tty is re-opened.
+
+Fixes #1484
+---
+ login-utils/login.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/login-utils/login.c b/login-utils/login.c
+index c08d380..648d3d2 100644
+--- a/login-utils/login.c
++++ b/login-utils/login.c
+@@ -362,6 +362,7 @@ static void init_tty(struct login_context *cxt)
+ {
+ 	struct stat st;
+ 	struct termios tt, ttt;
++	struct winsize ws;
+ 
+ 	cxt->tty_mode = (mode_t) getlogindefs_num("TTYPERM", TTY_MODE);
+ 
+@@ -392,6 +393,12 @@ static void init_tty(struct login_context *cxt)
+ 	}
+ #endif
+ 
++	/* The TTY size might be reset to 0x0 by the kernel when we close the stdin/stdout/stderr file
++	 * descriptors so let's save the size now so we can reapply it later */
++	memset(&ws, 0, sizeof(struct winsize));
++	if (ioctl(STDIN_FILENO, TIOCGWINSZ, &ws) < 0)
++		syslog(LOG_WARNING, _("TIOCGWINSZ ioctl failed: %m"));
++
+ 	tcgetattr(0, &tt);
+ 	ttt = tt;
+ 	ttt.c_cflag &= ~HUPCL;
+@@ -423,6 +430,11 @@ static void init_tty(struct login_context *cxt)
+ 
+ 	/* restore tty modes */
+ 	tcsetattr(0, TCSAFLUSH, &tt);
++
++	/* Restore tty size */
++	if (ws.ws_row > 0 || ws.ws_col > 0)
++		if (ioctl(STDIN_FILENO, TIOCSWINSZ, &ws) < 0)
++			syslog(LOG_WARNING, _("TIOCSWINSZ ioctl failed: %m"));
+ }
+ 
+ 
+-- 
+2.27.0
+

backport-lsblk-fix-endless-loop-if-device-specified-more-than-once.patch

@@ -0,0 +1,41 @@
+From 9eb31ca7f7971101846bd3668be5d7807200fa2f Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Mon, 19 Sep 2022 14:23:25 +0200
+Subject: [PATCH] lsblk: fix endless loop if device specified more than once
+
+Fixes: https://github.com/util-linux/util-linux/issues/1814
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ misc-utils/lsblk-devtree.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/misc-utils/lsblk-devtree.c b/misc-utils/lsblk-devtree.c
+index ce9d3e84f7..6f9dc54b3c 100644
+--- a/misc-utils/lsblk-devtree.c
++++ b/misc-utils/lsblk-devtree.c
+@@ -282,8 +282,25 @@ void lsblk_unref_devtree(struct lsblk_devtree *tr)
+ 	}
+ }
+ 
++static int has_root(struct lsblk_devtree *tr, struct lsblk_device *dev)
++{
++	struct lsblk_iter itr;
++	struct lsblk_device *x = NULL;
++
++	lsblk_reset_iter(&itr, LSBLK_ITER_FORWARD);
++
++	while (lsblk_devtree_next_root(tr, &itr, &x) == 0) {
++		if (x == dev)
++			return 1;
++	}
++	return 0;
++}
++
+ int lsblk_devtree_add_root(struct lsblk_devtree *tr, struct lsblk_device *dev)
+ {
++	if (has_root(tr, dev))
++		return 0;
++
+ 	if (!lsblk_devtree_has_device(tr, dev))
+ 		lsblk_devtree_add_device(tr, dev);
+ 

backport-mcookie-fix-infinite-loop-when-use-f.patch

@@ -0,0 +1,23 @@
+From 60e5bb73990260836b087735a9c69deab8af4c81 Mon Sep 17 00:00:00 2001
+From: Hiroaki Sengoku <sengoku@senri.gcd.org>
+Date: Fri, 15 Oct 2021 14:02:46 +0900
+Subject: [PATCH] mcookie: fix infinite-loop when use -f
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ misc-utils/mcookie.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/misc-utils/mcookie.c b/misc-utils/mcookie.c
+index 315740127e..be5c34ae4c 100644
+--- a/misc-utils/mcookie.c
++++ b/misc-utils/mcookie.c
+@@ -65,7 +65,7 @@ static uint64_t hash_file(struct mcookie_control *ctl, int fd)
+ 			rdsz = wanted - count;
+ 
+ 		r = read_all(fd, (char *) buf, rdsz);
+-		if (r < 0)
++		if (r <= 0)
+ 			break;
+ 		ul_MD5Update(&ctl->ctx, buf, r);
+ 		count += r;

backport-su-offer-usernames-rather-than-files.patch

@@ -0,0 +1,24 @@
+From 059811d096f0051d911f884d47ebc6147630990a Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 31 Aug 2021 12:51:40 +0200
+Subject: [PATCH] su: (bash-completion) offer usernames rather than files
+
+Fixes: https://github.com/karelzak/util-linux/issues/1424
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ bash-completion/su | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bash-completion/su b/bash-completion/su
+index 309505085d..913e445230 100644
+--- a/bash-completion/su
++++ b/bash-completion/su
+@@ -41,7 +41,7 @@ _su_module()
+ 	esac
+ 	local IFS=$'\n'
+ 	compopt -o filenames
+-	COMPREPLY=( $(compgen -f -- $cur) )
++	COMPREPLY=( $(compgen -u -- $cur) )
+ 	return 0
+ }
+ complete -F _su_module su

backport-vipw-flush-stdout-before-getting-answer.patch

@@ -0,0 +1,35 @@
+From 34a9b65587a7d704db0344e859511af4a6756c89 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=89rico=20Nogueira?= <erico.erc@gmail.com>
+Date: Fri, 22 Oct 2021 14:28:50 -0300
+Subject: [PATCH] vipw: flush stdout before getting answer.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Otherwise the question is displayed only after the user presses Return,
+and the program looks like it's hanging.
+
+This happens at least on musl libc.
+
+Reported by @loreb.
+
+Signed-off-by: Érico Nogueira <erico.erc@gmail.com>
+---
+ login-utils/vipw.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/login-utils/vipw.c b/login-utils/vipw.c
+index 38953b7..bd0bac5 100644
+--- a/login-utils/vipw.c
++++ b/login-utils/vipw.c
+@@ -364,6 +364,7 @@ int main(int argc, char *argv[])
+ 		 * which means they can be translated. */
+ 		printf(_("Would you like to edit %s now [y/n]? "), orig_file);
+ 
++		fflush(stdout);
+ 		if (fgets(response, sizeof(response), stdin) &&
+ 		    rpmatch(response) == RPMATCH_YES)
+ 			edit_file(1);
+-- 
+2.27.0
+

util-linux.spec

@@ -2,7 +2,7 @@
 
 Name:           util-linux
 Version:        2.35.2
-Release:        12
+Release:        13
 Summary:        A random collection of Linux utilities
 License:        GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 URL:            https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@@ -57,6 +57,25 @@ Patch18:        backport-libblkid-use-sys-to-read-all-block-devices.patch
 Patch19:        backpaort-fix-rounding-in-size_to_human_string.patch
 Patch20:        backpaort-fix-uint64_t-overflow.patch
 Patch21:        backpaort-update-fdisk-outputs-due-to-sizes-rounding-change.patch
+Patch22:        backport-column-segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch
+Patch23:        backport-su-offer-usernames-rather-than-files.patch
+Patch24:        backport-Fix-memory-leaks-in-the-chcpu.patch
+Patch25:        backport-logger-fix-prio-prefix-doesnot-use-priority-default.patch
+Patch26:        backport-mcookie-fix-infinite-loop-when-use-f.patch
+Patch27:        backport-logger-realloc-buffer-when-header-size-changed.patch
+Patch28:        backport-logger-fix-size-use-for-stdin.patch
+Patch29:        backport-vipw-flush-stdout-before-getting-answer.patch
+Patch30:        backport-chfn-Make-readline-prompt-for-each-field-on-a-separate-line.patch
+Patch31:        backport-chfn-flush-stdout-before-reading-stdin-and-fix-uninitialized-variable.patch
+Patch32:        backport-chsh-fflush-stdout-before-reading-from-stdin.patch
+Patch33:        backport-login-Restore-tty-size-after-calling-vhangup.patch
+Patch34:        backport-lsblk-fix-endless-loop-if-device-specified-more-than-once.patch
+Patch35:        backport-libblkid-avoid-buffer-overflow-in-ocfs-superblock-parsing.patch
+Patch36:        backport-libblkid-use-checksum-for-jmicron.patch
+Patch37:        backport-libblkid-cleanup-indentation.patch
+Patch38:        backport-libblkid-fix-jmicron-checksum-and-LE-to-CPU.patch
+Patch39:        backport-libblkid-nvidia_raid-verify-superblock-size.patch
+Patch40:        backport-libblkid-nvidia_raid-validate-checksum.patch
 Patch6000:      backport-CVE-2021-37600.patch
 Patch6001:      backport-add-ul_strtou64.patch
 Patch6002:      backport-CVE-2021-3995.patch
@@ -410,6 +429,31 @@ fi
 %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}
 
 %changelog
+* Tue Nov 28 2023 zhangyao<zhangyao108@huawei.com> - 2.35.2-13
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:sync community patches
+       backport-column-segmentation-fault-on-invalid-unicode-input-passed-to-s-option.patch
+       backport-su-offer-usernames-rather-than-files.patch
+       backport-Fix-memory-leaks-in-the-chcpu.patch
+       backport-logger-fix-prio-prefix-doesnot-use-priority-default.patch
+       backport-mcookie-fix-infinite-loop-when-use-f.patch
+       backport-logger-realloc-buffer-when-header-size-changed.patch
+       backport-logger-fix-size-use-for-stdin.patch
+       backport-vipw-flush-stdout-before-getting-answer.patch
+       backport-chfn-Make-readline-prompt-for-each-field-on-a-separate-line.patch
+       backport-chfn-flush-stdout-before-reading-stdin-and-fix-uninitialized-variable.patch
+       backport-chsh-fflush-stdout-before-reading-from-stdin.patch
+       backport-login-Restore-tty-size-after-calling-vhangup.patch
+       backport-lsblk-fix-endless-loop-if-device-specified-more-than-once.patch
+       backport-libblkid-avoid-buffer-overflow-in-ocfs-superblock-parsing.patch
+       backport-libblkid-use-checksum-for-jmicron.patch
+       backport-libblkid-cleanup-indentation.patch
+       backport-libblkid-fix-jmicron-checksum-and-LE-to-CPU.patch
+       backport-libblkid-nvidia_raid-verify-superblock-size.patch
+       backport-libblkid-nvidia_raid-validate-checksum.patch
+
 * Wed Sep  7 2022 Xiaole He <hexiaole@kylinos.cn> - 2.35.2-12
 - Type:bugfix
 - ID:NA