Compare commits
3 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| 2efbd70098 | |||
| 56468f37dc | |||
| 7a9f5297bd |
33
util-linux-CVE-2025-14104-1.patch
Normal file
33
util-linux-CVE-2025-14104-1.patch
Normal file
@@ -0,0 +1,33 @@
|
||||
From aaa9e718c88d6916b003da7ebcfe38a3c88df8e6 Mon Sep 17 00:00:00 2001
|
||||
From: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
|
||||
Date: Sat, 24 May 2025 03:16:09 +0100
|
||||
Subject: [PATCH] Update setpwnam.c
|
||||
|
||||
---
|
||||
login-utils/setpwnam.c | 10 ++++++----
|
||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
|
||||
index 3e3c1abde..95e470b5a 100644
|
||||
--- a/login-utils/setpwnam.c
|
||||
+++ b/login-utils/setpwnam.c
|
||||
@@ -126,10 +126,12 @@ int setpwnam(struct passwd *pwd, const char *prefix)
|
||||
}
|
||||
|
||||
/* Is this the username we were sent to change? */
|
||||
- if (!found && linebuf[namelen] == ':' &&
|
||||
- !strncmp(linebuf, pwd->pw_name, namelen)) {
|
||||
- /* Yes! So go forth in the name of the Lord and
|
||||
- * change it! */
|
||||
+ if (!found &&
|
||||
+ strncmp(linebuf, pwd->pw_name, namelen) == 0 &&
|
||||
+ strlen(linebuf) > namelen &&
|
||||
+ linebuf[namelen] == ':') {
|
||||
+ /* Yes! But this time let’s not walk past the end of the buffer
|
||||
+ * in the name of the Lord, SUID, or anything else. */
|
||||
if (putpwent(pwd, fp) < 0)
|
||||
goto fail;
|
||||
found = 1;
|
||||
--
|
||||
2.51.0
|
||||
|
||||
27
util-linux-CVE-2025-14104-2.patch
Normal file
27
util-linux-CVE-2025-14104-2.patch
Normal file
@@ -0,0 +1,27 @@
|
||||
From 9a36d77012c4c771f8d51eba46b6e62c29bf572a Mon Sep 17 00:00:00 2001
|
||||
From: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
|
||||
Date: Mon, 26 May 2025 10:06:02 +0100
|
||||
Subject: [PATCH] Update bufflen
|
||||
|
||||
Update buflen
|
||||
---
|
||||
login-utils/setpwnam.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
|
||||
index 95e470b5a..7778e98f7 100644
|
||||
--- a/login-utils/setpwnam.c
|
||||
+++ b/login-utils/setpwnam.c
|
||||
@@ -99,7 +99,8 @@ int setpwnam(struct passwd *pwd, const char *prefix)
|
||||
goto fail;
|
||||
|
||||
namelen = strlen(pwd->pw_name);
|
||||
-
|
||||
+ if (namelen > buflen)
|
||||
+ buflen += namelen;
|
||||
linebuf = malloc(buflen);
|
||||
if (!linebuf)
|
||||
goto fail;
|
||||
--
|
||||
2.51.0
|
||||
|
||||
27
util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch
Normal file
27
util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch
Normal file
@@ -0,0 +1,27 @@
|
||||
From 908777470d403ec30c525472ba0d3701c9c5a223 Mon Sep 17 00:00:00 2001
|
||||
From: "Matthew R. Ochs" <mochs@nvidia.com>
|
||||
Date: Tue, 2 Sep 2025 13:28:36 -0700
|
||||
Subject: [PATCH] lscpu: Add NVIDIA Olympus arm64 core
|
||||
|
||||
Add an entry for NVIDIA Olympus arm64 core.
|
||||
|
||||
Signed-off-by: Matthew R. Ochs <mochs@nvidia.com>
|
||||
---
|
||||
sys-utils/lscpu-arm.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/sys-utils/lscpu-arm.c b/sys-utils/lscpu-arm.c
|
||||
index 8745599d4..9596691fd 100644
|
||||
--- a/sys-utils/lscpu-arm.c
|
||||
+++ b/sys-utils/lscpu-arm.c
|
||||
@@ -171,6 +171,7 @@ static const struct id_part nvidia_part[] = {
|
||||
{ 0x000, "Denver" },
|
||||
{ 0x003, "Denver 2" },
|
||||
{ 0x004, "Carmel" },
|
||||
+ { 0x010, "Olympus" },
|
||||
{ -1, "unknown" },
|
||||
};
|
||||
|
||||
--
|
||||
2.51.0
|
||||
|
||||
@@ -1,14 +1,16 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 28 23:05:38 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
|
||||
Sun Jan 11 14:32:31 UTC 2026 - Stanislav Brabec <sbrabec@suse.com>
|
||||
|
||||
- Create and own directories /etc/blkid.conf.d and
|
||||
/usr/etc/blkid.conf.d (boo#1235887#c3).
|
||||
- Add missingok for /etc/blkid.conf.
|
||||
- Fix heap buffer overread in setpwnam() when processing 256-byte
|
||||
usernames (bsc#1254666, CVE-2025-14104,
|
||||
util-linux-CVE-2025-14104-1.patch,
|
||||
util-linux-CVE-2025-14104-2.patch).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 20 18:12:46 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
|
||||
Sun Oct 19 02:43:15 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
|
||||
|
||||
- Move blkid.conf to /usr/etc (boo#1235887).
|
||||
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682,
|
||||
util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 14 22:29:47 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
|
||||
|
||||
@@ -110,6 +110,12 @@ Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch
|
||||
# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
|
||||
Patch3: util-linux-bash-completion-su-chsh-l.patch
|
||||
Patch5: static_lib.patch
|
||||
# PATCH-FEATURE-UPSTREAM util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch jsc#PED-13682 sbrabec@suse.com -- lscpu: Add support for NVIDIA Olympus arm64 core.
|
||||
Patch6: util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch
|
||||
# PATCH-FIX-SECURITY util-linux-CVE-2025-14104-1.patch bsc1254666 CVE-2025-14104 -- Fix heap buffer overread in setpwnam() when processing 256-byte usernames.
|
||||
Patch7: util-linux-CVE-2025-14104-1.patch
|
||||
# PATCH-FIX-SECURITY util-linux-CVE-2025-14104-2.patch bsc1254666 CVE-2025-14104 -- Fix heap buffer overread in setpwnam() when processing 256-byte usernames.
|
||||
Patch8: util-linux-CVE-2025-14104-2.patch
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: bc
|
||||
BuildRequires: binutils-devel
|
||||
@@ -614,9 +620,7 @@ fi
|
||||
%if "%ulbuild" == "base"
|
||||
%make_install
|
||||
mkdir -p %{buildroot}{%{_distconfdir}/default,%{_pam_vendordir},%{_sysconfdir}/issue.d}
|
||||
install -m 644 %{SOURCE51} %{buildroot}%{_distconfdir}/blkid.conf
|
||||
touch %{buildroot}%{_sysconfdir}/blkid.conf
|
||||
mkdir %{buildroot}%{_sysconfdir}/blkid.conf.d %{buildroot}%{_distconfdir}/blkid.conf.d
|
||||
install -m 644 %{SOURCE51} %{buildroot}%{_sysconfdir}/blkid.conf
|
||||
install -m 644 %{SOURCE8} %{buildroot}%{_pam_vendordir}/login
|
||||
install -m 644 %{SOURCE9} %{buildroot}%{_pam_vendordir}/remote
|
||||
%if 0%{?suse_version} <= 1500
|
||||
@@ -979,6 +983,7 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || :
|
||||
# defined no_config
|
||||
|
||||
%config %dir %{_sysconfdir}/issue.d
|
||||
|
||||
%if %{ul_extra_bin_sbin}
|
||||
%core /bin/kill
|
||||
%core %verify(not mode) %attr(%ul_suid,root,root) /bin/su
|
||||
@@ -1367,10 +1372,8 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || :
|
||||
%license README.licensing
|
||||
%license COPYING
|
||||
%license Documentation/licenses/*
|
||||
%ghost %config(missingok) %{_sysconfdir}/blkid.conf
|
||||
%config %dir %{_sysconfdir}/blkid.conf.d
|
||||
%{_distconfdir}/blkid.conf
|
||||
%dir %{_distconfdir}/blkid.conf.d
|
||||
%config(noreplace) %{_sysconfdir}/blkid.conf
|
||||
|
||||
%{_datadir}/bash-completion/completions/*
|
||||
%exclude %{_datadir}/bash-completion/completions/findmnt
|
||||
%exclude %{_datadir}/bash-completion/completions/logger
|
||||
@@ -1395,11 +1398,10 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || :
|
||||
# Systemd files #
|
||||
#################
|
||||
%if "%ulsubset" == "systemd"
|
||||
%exclude %{_distconfdir}/blkid.conf
|
||||
%exclude %dir %{_distconfdir}/blkid.conf.d
|
||||
%exclude %config(missingok) %{_sysconfdir}/blkid.conf
|
||||
%exclude %config %{_sysconfdir}/blkid.conf.d
|
||||
%exclude %config(noreplace) %{_sysconfdir}/blkid.conf
|
||||
|
||||
%exclude %config %dir %{_sysconfdir}/issue.d
|
||||
|
||||
%if %{ul_extra_bin_sbin}
|
||||
/bin/findmnt
|
||||
/bin/logger
|
||||
|
||||
Reference in New Issue
Block a user