pool/util-linux
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

.

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=160
This commit is contained in:
Dr. Werner Fink 2013-06-05 13:07:12 +00:00 committed by Git OBS Bridge
parent 1dd2f9d8c6
commit 007a355a6d
24 changed files with 239 additions and 1510 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
0001-Test-for-secure_getenv-too.patch
View File

@ -1,41 +0,0 @@
From a6f605ed6dcfdf2ea7f6b0bf68e18d8c9ce5ea96 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Tue, 5 Feb 2013 02:06:04 -0300
Subject: [PATCH] Test for secure_getenv too.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In current glibc versions, internal __secure_getenv
no longer exists and was replaced by secure_getenv()
Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
---
configure.ac | 1 +
lib/env.c | 5 +++--
2 files changed, 4 insertions(+), 2 deletions(-)
--- util-linux-2.21.2.orig/configure.ac
+++ util-linux-2.21.2/configure.ac
@@ -281,6 +281,7 @@ AC_CHECK_FUNCS(
posix_fadvise \
getmntinfo \
__secure_getenv \
+ secure_getenv \
warn \
warnx \
rpmatch])
--- util-linux-2.21.2.orig/lib/env.c
+++ util-linux-2.21.2/lib/env.c
@@ -98,8 +98,9 @@ char *safe_getenv(const char *arg)
return NULL;
#endif
#endif
-
-#ifdef HAVE___SECURE_GETENV
+#ifdef HAVE_SECURE_GETENV
+return secure_getenv(arg);
+#elif HAVE___SECURE_GETENV
return __secure_getenv(arg);
#else
return getenv(arg);

107
0001-include-bitops.h-Use-the-operating-system-byteswappi.patch
View File

@ -1,107 +0,0 @@
From f47373c950e812208f5db14cf728a54c31f750bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Wed, 26 Dec 2012 14:30:48 -0300
Subject: [PATCH 1/2] include/bitops.h: Use the operating system byteswapping
functions
There is no need to reinvent the wheel.
---
include/bitops.h | 69 +++++++++++++++-----------------------------------------
1 file changed, 18 insertions(+), 51 deletions(-)
diff --git a/include/bitops.h b/include/bitops.h
index 81375d0..89b418c 100644
--- a/include/bitops.h
+++ b/include/bitops.h
@@ -8,6 +8,9 @@
*/
#include <sys/param.h>
+#include <byteswap.h>
+#include <endian.h>
+
#ifndef NBBY
# define NBBY CHAR_BIT
#endif
@@ -22,63 +25,27 @@
/*
* Byte swab macros (based on linux/byteorder/swab.h)
*/
-#define swab16(x) \
- ((uint16_t)( \
- (((uint16_t)(x) & (uint16_t)0x00ffU) << 8) | \
- (((uint16_t)(x) & (uint16_t)0xff00U) >> 8) ))
-
-#define swab32(x) \
- ((uint32_t)( \
- (((uint32_t)(x) & (uint32_t)0x000000ffUL) << 24) | \
- (((uint32_t)(x) & (uint32_t)0x0000ff00UL) << 8) | \
- (((uint32_t)(x) & (uint32_t)0x00ff0000UL) >> 8) | \
- (((uint32_t)(x) & (uint32_t)0xff000000UL) >> 24) ))
-
-#define swab64(x) \
- ((uint64_t)( \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000000000ffULL) << 56) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x000000000000ff00ULL) << 40) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x0000000000ff0000ULL) << 24) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000ff000000ULL) << 8) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x000000ff00000000ULL) >> 8) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x0000ff0000000000ULL) >> 24) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00ff000000000000ULL) >> 40) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0xff00000000000000ULL) >> 56) ))
-
-
-#ifdef WORDS_BIGENDIAN
+#define swab16(x) bswap_16(x)
-#define cpu_to_le16(x) swab16(x)
-#define cpu_to_le32(x) swab32(x)
-#define cpu_to_le64(x) swab64(x)
-#define cpu_to_be16(x) ((uint16_t)(x))
-#define cpu_to_be32(x) ((uint32_t)(x))
-#define cpu_to_be64(x) ((uint64_t)(x))
+#define swab32(x) bswap_32(x)
-#define le16_to_cpu(x) swab16(x)
-#define le32_to_cpu(x) swab32(x)
-#define le64_to_cpu(x) swab64(x)
-#define be16_to_cpu(x) ((uint16_t)(x))
-#define be32_to_cpu(x) ((uint32_t)(x))
-#define be64_to_cpu(x) ((uint64_t)(x))
+#define swab64(x) bswap_64(x)
-#else /* !WORDS_BIGENDIAN */
+#define cpu_to_le16(x) htole16(x)
+#define cpu_to_le32(x) htole32(x)
+#define cpu_to_le64(x) htole64(x)
-#define cpu_to_le16(x) ((uint16_t)(x))
-#define cpu_to_le32(x) ((uint32_t)(x))
-#define cpu_to_le64(x) ((uint64_t)(x))
-#define cpu_to_be16(x) swab16(x)
-#define cpu_to_be32(x) swab32(x)
-#define cpu_to_be64(x) swab64(x)
+#define cpu_to_be16(x) htobe16(x)
+#define cpu_to_be32(x) htobe32(x)
+#define cpu_to_be64(x) htobe64(x)
-#define le16_to_cpu(x) ((uint16_t)(x))
-#define le32_to_cpu(x) ((uint32_t)(x))
-#define le64_to_cpu(x) ((uint64_t)(x))
-#define be16_to_cpu(x) swab16(x)
-#define be32_to_cpu(x) swab32(x)
-#define be64_to_cpu(x) swab64(x)
+#define le16_to_cpu(x) le16toh(x)
+#define le32_to_cpu(x) le32toh(x)
+#define le64_to_cpu(x) le64toh(x)
-#endif /* WORDS_BIGENDIAN */
+#define be16_to_cpu(x) be16toh(x)
+#define be32_to_cpu(x) be32toh(x)
+#define be64_to_cpu(x) be64toh(x)
#endif /* BITOPS_H */
--
1.8.0.2

78
add-canonicalize_path_restricted.patch
View File

@ -1,78 +0,0 @@
From 33c5fd0c5a774458470c86f9d318d8c48a9c9ccb Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 26 Nov 2012 16:24:28 +0100
Subject: [PATCH] lib/canonicalize: add canonicalize_path_restricted() to
canonicalize without suid permisssions
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
include/canonicalize.h | 1 +
lib/canonicalize.c | 42 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+)
Index: util-linux-2.21.2/include/canonicalize.h
===================================================================
--- util-linux-2.21.2.orig/include/canonicalize.h
+++ util-linux-2.21.2/include/canonicalize.h
@@ -4,6 +4,7 @@
#include "c.h" /* for PATH_MAX */
extern char *canonicalize_path(const char *path);
+extern char *canonicalize_path_restricted(const char *path);
extern char *canonicalize_dm_name(const char *ptname);
#endif /* CANONICALIZE_H */
Index: util-linux-2.21.2/lib/canonicalize.c
===================================================================
--- util-linux-2.21.2.orig/lib/canonicalize.c
+++ util-linux-2.21.2/lib/canonicalize.c
@@ -188,6 +188,48 @@ canonicalize_path(const char *path)
return strdup(canonical);
}
+char *
+canonicalize_path_restricted(const char *path)
+{
+ char canonical[PATH_MAX+2];
+ char *p = NULL;
+ int errsv;
+ uid_t euid;
+ gid_t egid;
+
+ if (path == NULL)
+ return NULL;
+
+ euid = geteuid();
+ egid = getegid();
+
+ /* drop permissions */
+ if (setegid(getgid()) < 0 || seteuid(getuid()) < 0)
+ return NULL;
+
+ errsv = errno = 0;
+
+ if (myrealpath(path, canonical, PATH_MAX+1)) {
+ p = strrchr(canonical, '/');
+ if (p && strncmp(p, "/dm-", 4) == 0 && isdigit(*(p + 4)))
+ p = canonicalize_dm_name(p+1);
+ else
+ p = NULL;
+ if (!p)
+ p = strdup(canonical);
+ } else
+ errsv = errno;
+
+ /* restore */
+ if (setegid(egid) < 0 || seteuid(euid) < 0) {
+ free(p);
+ return NULL;
+ }
+
+ errno = errsv;
+ return p;
+}
+
#ifdef TEST_PROGRAM_CANONICALIZE
int main(int argc, char **argv)

26
fdisk-tinfo.patch
View File

@ -1,18 +1,12 @@
Index: util-linux-2.21-rc2/fdisk/Makefile.am
===================================================================
--- util-linux-2.21-rc2.orig/fdisk/Makefile.am
+++ util-linux-2.21-rc2/fdisk/Makefile.am
@@ -64,9 +64,13 @@ sbin_PROGRAMS += cfdisk
dist_man_MANS += cfdisk.8
cfdisk_SOURCES = cfdisk.c $(fdisk_common)
cfdisk_CFLAGS = $(cflags_blkid)
--- util-linux-2.23.1/fdisks/Makemodule.am
+++ util-linux-2.23.1/fdisks/Makemodule.am 2013-06-05 09:58:30.753439465 +0000
@@ -79,6 +79,9 @@ endif
if HAVE_SLANG
cfdisk_LDADD += -lslang
else
+if HAVE_TINFO
+cfdisk_LDADD = -ltinfo @NCURSES_LIBS@ $(ldadd_blkid)
+else
cfdisk_LDADD = @NCURSES_LIBS@ $(ldadd_blkid)
endif
endif
+cfdisk_LDADD += -ltinfo
+endif
endif # !ARCH_SPARC
endif # !ARCH_M68K
if HAVE_NCURSES
cfdisk_LDADD += @NCURSES_LIBS@
endif

14
fdiskbsdlabel.patch
View File

@ -1,14 +0,0 @@
Index: util-linux-2.21.2/fdisk/fdiskbsdlabel.h
===================================================================
--- util-linux-2.21.2.orig/fdisk/fdiskbsdlabel.h
+++ util-linux-2.21.2/fdisk/fdiskbsdlabel.h
@@ -48,7 +48,8 @@
#if defined (__i386__) || defined (__sparc__) || defined (__arm__) || \
defined (__mips__) || defined (__s390__) || defined (__sh__) || \
- defined(__x86_64__) || defined (__avr32__) || defined(__cris__)
+ defined(__x86_64__) || defined (__avr32__) || defined(__cris__) || \
+ defined(__aarch64__)
#define BSD_LABELSECTOR 1
#define BSD_LABELOFFSET 0
#elif defined (__alpha__) || defined (__powerpc__) || defined (__ia64__) || defined (__hppa__)

59
libmount-add-MNT_ERR_LOOPDEV.patch
View File

@ -1,59 +0,0 @@
From 82756a747e4bcfc13a27b7618d889af080649584 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 28 May 2012 12:26:36 +0200
Subject: [PATCH] libmount: add MNT_ERR_LOOPDEV
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
lib/loopdev.c | 4 ++++
libmount/src/context_loopdev.c | 1 +
libmount/src/libmount.h.in | 1 +
3 files changed, 6 insertions(+), 0 deletions(-)
Index: util-linux-2.21.2/lib/loopdev.c
===================================================================
--- util-linux-2.21.2.orig/lib/loopdev.c
+++ util-linux-2.21.2/lib/loopdev.c
@@ -173,6 +173,8 @@ int loopcxt_init(struct loopdev_cxt *lc,
*/
void loopcxt_deinit(struct loopdev_cxt *lc)
{
+ int errsv = errno;
+
if (!lc)
return;
@@ -183,6 +185,8 @@ void loopcxt_deinit(struct loopdev_cxt *
loopcxt_set_device(lc, NULL);
loopcxt_deinit_iterator(lc);
+
+ errno = errsv;
}
/*
Index: util-linux-2.21.2/libmount/src/context_loopdev.c
===================================================================
--- util-linux-2.21.2.orig/libmount/src/context_loopdev.c
+++ util-linux-2.21.2/libmount/src/context_loopdev.c
@@ -261,6 +261,7 @@ int mnt_context_setup_loopdev(struct lib
if (loopdev || rc != -EBUSY) {
DBG(CXT, mnt_debug_h(cxt, "failed to setup device"));
+ rc = -MNT_ERR_LOOPDEV;
goto done;
}
DBG(CXT, mnt_debug_h(cxt, "loopdev stolen...trying again"));
Index: util-linux-2.21.2/libmount/src/libmount.h.in
===================================================================
--- util-linux-2.21.2.orig/libmount/src/libmount.h.in
+++ util-linux-2.21.2/libmount/src/libmount.h.in
@@ -126,6 +126,7 @@ enum {
#define MNT_ERR_NOFSTAB 5000 /* not found required entry in fstab */
#define MNT_ERR_NOFSTYPE 5001 /* failed to detect filesystem type */
#define MNT_ERR_NOSOURCE 5002 /* required mount source undefined */
+#define MNT_ERR_LOOPDEV 5003 /* loopdev setup failed, errno set by libc */
/* init.c */
extern void mnt_init_debug(int mask);

68
libmount-add-special-MNT_ERR-codes.patch
View File

@ -1,68 +0,0 @@
From 47dea49b4cb4a4a98a6c518cc17f6d2c92be9528 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 24 Apr 2012 11:57:32 +0200
Subject: [PATCH] libmount: add special MNT_ERR_ codes
... to detect some situations where standard -errno is too generic.
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
libmount/src/context.c | 20 ++++++++++----------
libmount/src/libmount.h.in | 12 ++++++++++++
2 files changed, 22 insertions(+), 10 deletions(-)
Index: util-linux-2.21.2/libmount/src/context.c
===================================================================
--- util-linux-2.21.2.orig/libmount/src/context.c
+++ util-linux-2.21.2/libmount/src/context.c
@@ -1186,7 +1186,7 @@ int mnt_context_prepare_srcpath(struct l
if (cache)
path = mnt_resolve_tag(t, v, cache);
- rc = path ? mnt_fs_set_source(cxt->fs, path) : -EINVAL;
+ rc = path ? mnt_fs_set_source(cxt->fs, path) : -MNT_ERR_NOSOURCE;
} else if (cache && !mnt_fs_is_pseudofs(cxt->fs)) {
/*
@@ -1247,7 +1247,7 @@ int mnt_context_prepare_target(struct li
cache = mnt_context_get_cache(cxt);
if (cache) {
char *path = mnt_resolve_path(tgt, cache);
- if (strcmp(path, tgt))
+ if (path && strcmp(path, tgt) != 0)
rc = mnt_fs_set_target(cxt->fs, path);
}
@@ -1543,7 +1543,7 @@ static int apply_table(struct libmnt_con
}
if (!fs)
- return -EINVAL;
+ return -MNT_ERR_NOFSTAB; /* not found */
DBG(CXT, mnt_debug_h(cxt, "apply entry:"));
DBG(CXT, mnt_fs_print_debug(fs, stderr));
Index: util-linux-2.21.2/libmount/src/libmount.h.in
===================================================================
--- util-linux-2.21.2.orig/libmount/src/libmount.h.in
+++ util-linux-2.21.2/libmount/src/libmount.h.in
@@ -115,6 +115,18 @@ enum {
MNT_ACT_UMOUNT
};
+/*
+ * Errors -- by default libmount returns -errno for generic errors (ENOMEM,
+ * EINVAL, ...) and for mount(2) errors, but for some specific operations it
+ * returns private error codes. Note that maximum system errno value should be
+ * 4095 on UNIXes.
+ *
+ * See also mnt_context_get_syscall_errno() and mnt_context_get_helper_status().
+ */
+#define MNT_ERR_NOFSTAB 5000 /* not found required entry in fstab */
+#define MNT_ERR_NOFSTYPE 5001 /* failed to detect filesystem type */
+#define MNT_ERR_NOSOURCE 5002 /* required mount source undefined */
+
/* init.c */
extern void mnt_init_debug(int mask);

115
libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
View File

@ -1,115 +0,0 @@
From e90e7401d0c318c9dac4a0204e2bca86949b1d32 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 14 Jun 2012 14:19:26 +0200
Subject: [PATCH] libmount: don't use nosuid,noexec,nodev for cifs user=foo
mount -t cifs //127.0.0.1/users /mnt/smb -o user=root,password=linux
is incorrectly translated to
mount.cifs -o noexec,nosuid,nodev,user=root,password=linux ...
The command mount(8) should be sensitive to "user" (without "=<name>")
only. The correct cifs command line is:
mount.cifs -o user=root,password=linux
Addresses: https://bugzilla.novell.com/show_bug.cgi?id=766157
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
libmount/src/context_mount.c | 29 +++++++++++++++++++++++++++--
libmount/src/optstr.c | 9 +++++----
2 files changed, 32 insertions(+), 6 deletions(-)
Index: util-linux-2.21.2/libmount/src/context_mount.c
===================================================================
--- util-linux-2.21.2.orig/libmount/src/context_mount.c
+++ util-linux-2.21.2/libmount/src/context_mount.c
@@ -53,6 +53,15 @@ static int fix_optstr(struct libmnt_cont
if (cxt->mountflags & MS_PROPAGATION)
cxt->mountflags &= (MS_PROPAGATION | MS_REC | MS_SILENT);
+ /*
+ * The "user" options is our business (so we can modify the option),
+ * but exception is command line for /sbin/mount.<type> helpers. Let's
+ * save the original user=<name> to call the helpers with unchanged
+ * "user" setting.
+ *
+ * Don't check for MNT_MS_USER in cxt->user_mountflags, the flag maybe
+ * removed by evaluate_permissions().
+ */
if (!mnt_optstr_get_option(fs->user_optstr, "user", &val, &valsz)) {
if (val) {
cxt->orig_user = strndup(val, valsz);
@@ -196,6 +205,10 @@ err:
/*
* this has to be called before fix_optstr()
+ *
+ * Note that user=<name> maybe be used by some filesystems as filesystem
+ * specific option (e.g. cifs). Yes, developers of such filesystems have
+ * allocated pretty hot place in hell...
*/
static int evaluate_permissions(struct libmnt_context *cxt)
{
@@ -233,10 +246,22 @@ static int evaluate_permissions(struct l
}
/*
- * Note that MS_OWNERSECURE and MS_SECURE mount options
- * are applied by mnt_optstr_get_flags() from mnt_context_merge_mflags()
+ * MS_OWNERSECURE and MS_SECURE mount options are already
+ * applied by mnt_optstr_get_flags() in mnt_context_merge_mflags()
+ * if "user" (but no user=<name> !) options is set.
+ *
+ * Let's ignore all user=<name> (if <name> is set) requests.
*/
+ if (cxt->user_mountflags & MNT_MS_USER) {
+ size_t valsz = 0;
+ if (!mnt_optstr_get_option(cxt->fs->user_optstr,
+ "user", NULL, &valsz) && valsz) {
+
+ DBG(CXT, mnt_debug_h(cxt, "perms: user=<name> detected, ignore"));
+ cxt->user_mountflags &= ~MNT_MS_USER;
+ }
+ }
/*
* MS_OWNER: Allow owners to mount when fstab contains the
Index: util-linux-2.21.2/libmount/src/optstr.c
===================================================================
--- util-linux-2.21.2.orig/libmount/src/optstr.c
+++ util-linux-2.21.2/libmount/src/optstr.c
@@ -579,7 +579,7 @@ int mnt_optstr_get_flags(const char *opt
{
struct libmnt_optmap const *maps[2];
char *name, *str = (char *) optstr;
- size_t namesz = 0;
+ size_t namesz = 0, valsz = 0;
int nmaps = 0;
assert(optstr);
@@ -596,7 +596,7 @@ int mnt_optstr_get_flags(const char *opt
*/
maps[nmaps++] = mnt_get_builtin_optmap(MNT_USERSPACE_MAP);
- while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, NULL)) {
+ while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, &valsz)) {
const struct libmnt_optmap *ent;
const struct libmnt_optmap *m;
@@ -610,9 +610,10 @@ int mnt_optstr_get_flags(const char *opt
else
*flags |= ent->id;
- } else if (nmaps == 2 && m == maps[1]) {
+ } else if (nmaps == 2 && m == maps[1] && valsz == 0) {
/*
- * Special case -- translate "user" to MS_ options
+ * Special case -- translate "user" (but no user=) to
+ * MS_ options
*/
if (ent->mask & MNT_INVERT)
continue;

39
login-close-tty-before-vhangup.patch
View File

@ -1,39 +0,0 @@
From 2e7035646eb85851171cc2e989bfa858a4f00cd4 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 12 Jul 2012 16:33:52 +0200
Subject: login: close tty before vhangup()
Git-commit: 2e7035646eb85851171cc2e989bfa858a4f00cd4
Patch-mainline: v2.22-rc1
References: bnc#778842
Let's close all tty file descriptors before vhangup() call.
References: https://lkml.org/lkml/2012/6/5/145
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
login-utils/login.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/login-utils/login.c b/login-utils/login.c
index fe13d8d..c0cc00a 100644
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -409,6 +409,14 @@ static void init_tty(struct login_context *cxt)
/* Kill processes left on this tty */
tcsetattr(0, TCSAFLUSH, &ttt);
+ /*
+ * Let's close file decriptors before vhangup
+ * https://lkml.org/lkml/2012/6/5/145
+ */
+ close(STDIN_FILENO);
+ close(STDOUT_FILENO);
+ close(STDERR_FILENO);
+
signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */
vhangup();
signal(SIGHUP, SIG_DFL);
--
1.7.12

51
mount-new-add-loopdev-specific-error-message.patch
View File

@ -1,51 +0,0 @@
From 10389b1e4535dda7d27e5ab39d3d4f9d7868a5c9 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 28 May 2012 12:26:41 +0200
Subject: [PATCH] mount: (new) add loopdev specific error message
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/mount.c | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
Index: util-linux-2.21.2/sys-utils/mount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/mount.c
+++ util-linux-2.21.2/sys-utils/mount.c
@@ -354,6 +354,9 @@ try_readonly:
return MOUNT_EX_SUCCESS; /* mount(2) success */
}
+ mnt_context_get_mflags(cxt, &mflags); /* mount(2) flags */
+ mnt_context_get_user_mflags(cxt, &uflags); /* userspace flags */
+
if (!mnt_context_syscall_called(cxt)) {
/*
* libmount errors (extra library checks)
@@ -382,7 +385,15 @@ try_readonly:
else
warnx(_("mount source not defined"));
return MOUNT_EX_USAGE;
-
+ case -MNT_ERR_LOOPDEV:
+ if (errno == ENOENT
+ && (uflags & MNT_MS_ENCRYPTION)
+ && src && stat(src, &st) == 0)
+ warnx(_("%s: failed to setup loop device "
+ "(probably unknown encryption type)"), src);
+ else
+ warn(_("%s: failed to setup loop device"), src);
+ return MOUNT_EX_FAIL;
default:
return handle_generic_errors(rc, _("%s: mount failed"),
tgt ? tgt : src);
@@ -406,8 +417,6 @@ try_readonly:
*/
syserr = mnt_context_get_syscall_errno(cxt);
- mnt_context_get_mflags(cxt, &mflags); /* mount(2) flags */
- mnt_context_get_user_mflags(cxt, &uflags); /* userspace flags */
switch(syserr) {
case EPERM:

25
mount-new-allow-sloppy-for-non-root.patch
View File

@ -1,25 +0,0 @@
From e26de525e21677c680d87f63e4dafbe4859365bf Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 14 Jun 2012 14:43:21 +0200
Subject: [PATCH] mount: (new) allow sloppy for non-root
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=825836
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/mount.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Index: util-linux-2.21.2/sys-utils/mount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/mount.c
+++ util-linux-2.21.2/sys-utils/mount.c
@@ -732,7 +732,7 @@ int main(int argc, char **argv)
longopts, NULL)) != -1) {
/* only few options are allowed for non-root users */
- if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpri", c))
+ if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpris", c))
exit_non_root(option_to_longopt(c, longopts));
switch(c) {

46
mount-new-improve-error-messages.patch
View File

@ -1,46 +0,0 @@
From 58f108ef2b9c8cc0362e7781a72e5e921dc383b3 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 17 Apr 2012 11:36:36 +0200
Subject: [PATCH] mount: (new) improve error messages
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/mount.c | 15 +++++++--------
1 files changed, 7 insertions(+), 8 deletions(-)
Index: util-linux-2.21.2/sys-utils/mount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/mount.c
+++ util-linux-2.21.2/sys-utils/mount.c
@@ -367,16 +367,13 @@ try_readonly:
return MOUNT_EX_USAGE;
}
- /*
- * TODO: add mnt_context_fstab_applied() to check if we found
- * target/source in the file.
- */
- if (!tgt) {
- if (mflags & MS_REMOUNT)
- warnx(_("%s not mounted"), src ? src : tgt);
- else
+ if (!tgt || (!src && !(mflags & MS_PROPAGATION))) {
+ if (!mnt_context_fstab_applied(cxt))
warnx(_("can't find %s in %s"), src ? src : tgt,
mnt_get_fstab_path());
+ else if (mflags & MS_REMOUNT)
+ warnx(_("%s not mounted"), src ? src : tgt);
+
return MOUNT_EX_USAGE;
}
@@ -485,6 +482,8 @@ try_readonly:
case EINVAL:
if (mflags & MS_REMOUNT)
warnx(_("%s not mounted or bad option"), tgt);
+ else if (mflags & MS_PROPAGATION)
+ warnx(_("%s is not mountpoint or bad option"), tgt);
else
warnx(_("wrong fs type, bad option, bad superblock on %s,\n"
" missing codepage or helper program, or other error"),

56
mount-new-use-MNT_ERR-for-error-messages.patch
View File

@ -1,56 +0,0 @@
From ba24923e97e099668b8c96dba9596c90cb58c417 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 24 Apr 2012 11:59:18 +0200
Subject: [PATCH] mount: (new) use MNT_ERR_ for error messages
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/mount.c | 27 +++++++++++++--------------
1 files changed, 13 insertions(+), 14 deletions(-)
Index: util-linux-2.21.2/sys-utils/mount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/mount.c
+++ util-linux-2.21.2/sys-utils/mount.c
@@ -365,29 +365,28 @@ try_readonly:
case -EBUSY:
warnx(_("%s is already mounted"), src);
return MOUNT_EX_USAGE;
- }
-
- if (!tgt || (!src && !(mflags & MS_PROPAGATION))) {
- if (!mnt_context_fstab_applied(cxt))
+ case -MNT_ERR_NOFSTAB:
warnx(_("can't find %s in %s"), src ? src : tgt,
mnt_get_fstab_path());
- else if (mflags & MS_REMOUNT)
- warnx(_("%s not mounted"), src ? src : tgt);
-
return MOUNT_EX_USAGE;
- }
-
- if (!mnt_context_get_fstype(cxt)) {
+ case -MNT_ERR_NOFSTYPE:
if (restricted)
warnx(_("I could not determine the filesystem type, "
"and none was specified"));
else
warnx(_("you must specify the filesystem type"));
return MOUNT_EX_USAGE;
- }
+ case -MNT_ERR_NOSOURCE:
+ if (src)
+ warnx(_("can't find %s"), src);
+ else
+ warnx(_("mount source not defined"));
+ return MOUNT_EX_USAGE;
+
+ default:
return handle_generic_errors(rc, _("%s: mount failed"),
tgt ? tgt : src);
-
+ }
} else if (mnt_context_get_syscall_errno(cxt) == 0) {
/*
* mount(2) syscall success, but something else failed

102
mount-sanitize-paths-from-non-root-users.patch
View File

@ -1,102 +0,0 @@
From 5ebbc3865d1e53ef42e5f121c41faab23dd59075 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 26 Nov 2012 14:30:22 +0100
Subject: [PATCH] mount: sanitize paths from non-root users
$ mount /root/.ssh/../../dev/sda2
mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
this is too promiscuous. It seems better to ignore on command line
specified paths which are not resolve-able for non-root users.
Fixed version:
$ mount /root/.ssh/../../dev/sda2
mount: /root/.ssh/../../dev/sda2: Permission denied
$ mount /dev/sda2
mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
Note that this bug has no relation to mount(2) permissions evaluation
in suid mode. The way how non-root user specifies paths on command
line is completely irrelevant for comparison with fstab entries.
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/Makefile.am | 1 +
sys-utils/mount.c | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 36 insertions(+)
Index: util-linux-2.21.2/sys-utils/Makefile.am
===================================================================
--- util-linux-2.21.2.orig/sys-utils/Makefile.am
+++ util-linux-2.21.2/sys-utils/Makefile.am
@@ -64,6 +64,7 @@ dist_man_MANS += mount.8 ../mount/fstab.
mount_SOURCES = mount.c \
$(top_srcdir)/lib/env.c \
$(top_srcdir)/lib/xgetpass.c \
+ $(top_srcdir)/lib/canonicalize.c \
$(top_srcdir)/lib/strutils.c
mount_LDADD = $(ul_libmount_la) $(SELINUX_LIBS)
Index: util-linux-2.21.2/sys-utils/mount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/mount.c
+++ util-linux-2.21.2/sys-utils/mount.c
@@ -38,6 +38,7 @@
#include "strutils.h"
#include "exitcodes.h"
#include "xalloc.h"
+#include "canonicalize.h"
/*** TODO: DOCS:
*
@@ -572,6 +573,37 @@ static struct libmnt_table *append_fstab
return fstab;
}
+/*
+ * Check source and target paths -- non-root user should not be able to
+ * resolve paths which are unreadable for him.
+ */
+static void sanitize_paths(struct libmnt_context *cxt)
+{
+ const char *p;
+ struct libmnt_fs *fs = mnt_context_get_fs(cxt);
+
+ if (!fs)
+ return;
+
+ p = mnt_fs_get_target(fs);
+ if (p) {
+ char *np = canonicalize_path_restricted(p);
+ if (!np)
+ err(MOUNT_EX_USAGE, "%s", p);
+ mnt_fs_set_target(fs, np);
+ free(np);
+ }
+
+ p = mnt_fs_get_srcpath(fs);
+ if (p) {
+ char *np = canonicalize_path_restricted(p);
+ if (!np)
+ err(MOUNT_EX_USAGE, "%s", p);
+ mnt_fs_set_source(fs, np);
+ free(np);
+ }
+}
+
static void __attribute__((__noreturn__)) usage(FILE *out)
{
fputs(USAGE_HEADER, out);
@@ -880,6 +912,9 @@ int main(int argc, char **argv)
} else
usage(stderr);
+ if (mnt_context_is_restricted(cxt))
+ sanitize_paths(cxt);
+
if (oper) {
/* MS_PROPAGATION operations, let's set the mount flags */
mnt_context_set_mflags(cxt, oper);

84
umount-sanitize-paths-from-non-root-users.patch
View File

@ -1,84 +0,0 @@
From cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 26 Nov 2012 16:25:46 +0100
Subject: [PATCH] umount: sanitize paths from non-root users
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/Makefile.am | 4 +++-
sys-utils/umount.c | 32 ++++++++++++++++++++++++++++++--
2 files changed, 33 insertions(+), 3 deletions(-)
Index: util-linux-2.21.2/sys-utils/Makefile.am
===================================================================
--- util-linux-2.21.2.orig/sys-utils/Makefile.am
+++ util-linux-2.21.2/sys-utils/Makefile.am
@@ -71,7 +71,9 @@ mount_LDADD = $(ul_libmount_la) $(SELINU
mount_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir)
mount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
-umount_SOURCES = umount.c $(top_srcdir)/lib/env.c
+umount_SOURCES = umount.c \
+ $(top_srcdir)/lib/env.c \
+ $(top_srcdir)/lib/canonicalize.c
umount_LDADD = $(ul_libmount_la)
umount_CFLAGS = $(AM_CFLAGS) $(SUID_CFLAGS) -I$(ul_libmount_incdir)
umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
Index: util-linux-2.21.2/sys-utils/umount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/umount.c
+++ util-linux-2.21.2/sys-utils/umount.c
@@ -34,6 +34,7 @@
#include "env.h"
#include "optutils.h"
#include "exitcodes.h"
+#include "canonicalize.h"
static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)),
const char *filename, int line)
@@ -277,6 +278,24 @@ static int umount_one(struct libmnt_cont
return rc;
}
+/*
+ * Check path -- non-root user should not be able to resolve path which is
+ * unreadable for him.
+ */
+static char *sanitize_path(const char *path)
+{
+ char *p;
+
+ if (!path)
+ return NULL;
+
+ p = canonicalize_path_restricted(path);
+ if (!p)
+ err(MOUNT_EX_USAGE, "%s", path);
+
+ return p;
+}
+
int main(int argc, char **argv)
{
int c, rc = 0, all = 0;
@@ -388,8 +407,17 @@ int main(int argc, char **argv)
} else if (argc < 1) {
usage(stderr);
- } else while (argc--)
- rc += umount_one(cxt, *argv++);
+ } else while (argc--) {
+ char *path = *argv++;
+
+ if (mnt_context_is_restricted(cxt))
+ path = sanitize_path(path);
+
+ rc += umount_one(cxt, path);
+
+ if (mnt_context_is_restricted(cxt))
+ free(path);
+ }
mnt_free_context(cxt);
return rc;

6
util-linux-2.12r-fdisk_remove_bogus_warnings.patch
View File

@ -1,7 +1,7 @@
Index: util-linux-2.21-rc2/fdisk/fdisk.c
Index: util-linux-2.21-rc2/fdisks/fdisk.c
===================================================================
--- util-linux-2.21-rc2.orig/fdisk/fdisk.c
+++ util-linux-2.21-rc2/fdisk/fdisk.c
--- util-linux-2.21-rc2.orig/fdisks/fdisk.c
+++ util-linux-2.21-rc2/fdisks/fdisk.c
@@ -1767,6 +1767,7 @@ static void check_consistency(struct par
/* compute logical ending (c, h, s) */
long2chs(get_start_sect(p) + get_nr_sects(p) - 1, &lec, &leh, &les);

13
util-linux-2.20-libmount-deps.patch
View File

@ -1,13 +0,0 @@
Index: util-linux-2.21.2/libmount/src/Makefile.am
===================================================================
--- util-linux-2.21.2.orig/libmount/src/Makefile.am
+++ util-linux-2.21.2/libmount/src/Makefile.am
@@ -30,7 +30,7 @@ nodist_libmount_la_SOURCES = mountP.h
libmount_la_LIBADD = $(ul_libblkid_la) $(SELINUX_LIBS)
-libmount_la_DEPENDENCIES = $(libmount_la_LIBADD) libmount.sym libmount.h.in
+libmount_la_DEPENDENCIES = $(ul_libblkid_la) libmount.sym libmount.h.in
libmount_la_LDFLAGS = -Wl,--version-script=$(ul_libmount_srcdir)/libmount.sym \
-version-info $(LIBMOUNT_VERSION_INFO)

535
util-linux-2.21.2-noenc.diff
View File

@ -1,535 +0,0 @@
From e1f7680ca45c5173f7853feb76dd093cec8d17ad Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Fri, 15 Jun 2012 09:38:36 +0200
Subject: [PATCH] remove obsolete encryption support from losetup
kernel cryptoloop is deprecated since ages and support for cryptoloop in
util-linux is incomplete/broken.
- no password hashing
- last 8 bit of key are always set to zero
- no binary keys possible (stops reading key at \n and \0)
In the past some Distros added the above features with patches. So
remove cryptoloop support from util-linux completely to make sure
people won't try using it.
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
---
include/loopdev.h | 3 --
lib/loopdev.c | 56 ----------------------------------------
libmount/src/context_loopdev.c | 22 +++-------------
mount/mount.8 | 9 +-----
mount/mount.c | 20 +++++---------
sys-utils/losetup.8 | 29 ++------------------
sys-utils/losetup.c | 30 +++++----------------
sys-utils/mount.8 | 7 +----
sys-utils/mount.c | 34 +-----------------------
9 files changed, 25 insertions(+), 185 deletions(-)
diff --git a/include/loopdev.h b/include/loopdev.h
index 906bee0..030f215 100644
--- a/include/loopdev.h
+++ b/include/loopdev.h
@@ -165,9 +165,6 @@ int loopcxt_set_offset(struct loopdev_cxt *lc, uint64_t offset);
int loopcxt_set_sizelimit(struct loopdev_cxt *lc, uint64_t sizelimit);
int loopcxt_set_flags(struct loopdev_cxt *lc, uint32_t flags);
int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename);
-int loopcxt_set_encryption(struct loopdev_cxt *lc,
- const char *encryption,
- const char *password);
extern char *loopcxt_get_backing_file(struct loopdev_cxt *lc);
extern int loopcxt_get_backing_devno(struct loopdev_cxt *lc, dev_t *devno);
diff --git a/lib/loopdev.c b/lib/loopdev.c
index fd3f9ba..807984e 100644
--- a/lib/loopdev.c
+++ b/lib/loopdev.c
@@ -963,62 +963,6 @@ int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename)
return 0;
}
-static int digits_only(const char *s)
-{
- while (*s)
- if (!isdigit(*s++))
- return 0;
- return 1;
-}
-
-/*
- * @lc: context
- * @encryption: encryption name / type (see lopsetup man page)
- * @password
- *
- * Note that the encryption functionality is deprecated an unmaintained. Use
- * cryptsetup (it also supports AES-loops).
- *
- * The setting is removed by loopcxt_set_device() loopcxt_next()!
- *
- * Returns: 0 on success, <0 on error.
- */
-int loopcxt_set_encryption(struct loopdev_cxt *lc,
- const char *encryption,
- const char *password)
-{
- if (!lc)
- return -EINVAL;
-
- DBG(lc, loopdev_debug("setting encryption '%s'", encryption));
-
- if (encryption && *encryption) {
- if (digits_only(encryption)) {
- lc->info.lo_encrypt_type = atoi(encryption);
- } else {
- lc->info.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
- snprintf((char *)lc->info.lo_crypt_name, LO_NAME_SIZE,
- "%s", encryption);
- }
- }
-
- switch (lc->info.lo_encrypt_type) {
- case LO_CRYPT_NONE:
- lc->info.lo_encrypt_key_size = 0;
- break;
- default:
- DBG(lc, loopdev_debug("setting encryption key"));
- memset(lc->info.lo_encrypt_key, 0, LO_KEY_SIZE);
- strncpy((char *)lc->info.lo_encrypt_key, password, LO_KEY_SIZE);
- lc->info.lo_encrypt_key[LO_KEY_SIZE - 1] = '\0';
- lc->info.lo_encrypt_key_size = LO_KEY_SIZE;
- break;
- }
-
- DBG(lc, loopdev_debug("encryption successfully set"));
- return 0;
-}
-
/*
* @cl: context
*
diff --git a/libmount/src/context_loopdev.c b/libmount/src/context_loopdev.c
index 023c952..863ee3d 100644
--- a/libmount/src/context_loopdev.c
+++ b/libmount/src/context_loopdev.c
@@ -7,7 +7,6 @@
/*
* DOCS: - "lo@" prefix for fstype is unsupported
- * - encyption= mount option for loop device is unssuported
*/
#include <blkid.h>
@@ -35,8 +34,7 @@ int mnt_context_is_loopdev(struct libmnt_context *cxt)
if (cxt->user_mountflags & (MNT_MS_LOOP |
MNT_MS_OFFSET |
- MNT_MS_SIZELIMIT |
- MNT_MS_ENCRYPTION)) {
+ MNT_MS_SIZELIMIT)) {
DBG(CXT, mnt_debug_h(cxt, "loopdev specific options detected"));
return 1;
@@ -134,7 +132,7 @@ static int is_mounted_same_loopfile(struct libmnt_context *cxt,
int mnt_context_setup_loopdev(struct libmnt_context *cxt)
{
const char *backing_file, *optstr, *loopdev = NULL;
- char *val = NULL, *enc = NULL, *pwd = NULL;
+ char *val = NULL;
size_t len;
struct loopdev_cxt lc;
int rc = 0, lo_flags = 0;
@@ -200,13 +198,8 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
*/
if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
- enc = strndup(val, len);
- if (val && !enc)
- rc = -ENOMEM;
- if (enc && cxt->pwd_get_cb) {
- DBG(CXT, mnt_debug_h(cxt, "asking for pass"));
- pwd = cxt->pwd_get_cb(cxt);
- }
+ DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
+ rc = -EINVAL;
}
if (rc == 0 && is_mounted_same_loopfile(cxt,
@@ -245,8 +238,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
rc = loopcxt_set_offset(&lc, offset);
if (!rc && sizelimit)
rc = loopcxt_set_sizelimit(&lc, sizelimit);
- if (!rc && enc && pwd)
- loopcxt_set_encryption(&lc, enc, pwd);
if (!rc)
loopcxt_set_flags(&lc, lo_flags);
if (rc) {
@@ -298,11 +289,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
loopcxt_set_fd(&lc, -1, 0);
}
done:
- free(enc);
- if (pwd && cxt->pwd_release_cb) {
- DBG(CXT, mnt_debug_h(cxt, "release pass"));
- cxt->pwd_release_cb(cxt, pwd);
- }
loopcxt_deinit(&lc);
return rc;
}
diff --git a/mount/mount.8 b/mount/mount.8
index 789d9fe..0644e8e 100644
--- a/mount/mount.8
+++ b/mount/mount.8
@@ -535,11 +535,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths
file. This option can be used together with the
.B \-f
flag for already canonicalized absolut paths.
-.IP "\fB\-p, \-\-pass\-fd \fInum\fP"
-In case of a loop mount with encryption, read the passphrase from
-file descriptor
-.I num
-instead of from the terminal.
.IP "\fB\-s\fP"
Tolerate sloppy mount options rather than failing. This will ignore
mount options not supported by a filesystem type. Not all filesystems
@@ -2708,8 +2703,8 @@ not specified or the filesystem is known for libblkid, for example:
.B "mount -t ext3 /tmp/disk.img /mnt"
.sp
.RE
-This type of mount knows about four options, namely
-.BR loop ", " offset ", " sizelimit " and " encryption ,
+This type of mount knows about three options, namely
+.BR loop ", " offset ", " sizelimit " ,
that are really options to
.BR \%losetup (8).
(These options can be used in addition to those specific
diff --git a/mount/mount.c b/mount/mount.c
index 396f357..b69fd61 100644
--- a/mount/mount.c
+++ b/mount/mount.c
@@ -83,9 +83,6 @@ static int mounttype = 0;
/* True if (ruid != euid) or (0 != ruid), i.e. only "user" mounts permitted. */
static int restricted = 1;
-/* Contains the fd to read the passphrase from, if any. */
-static int pfd = -1;
-
#ifdef HAVE_LIBMOUNT_MOUNT
static struct libmnt_update *mtab_update;
static char *mtab_opts;
@@ -1262,7 +1259,7 @@ loop_check(const char **spec, const char **type, int *flags,
*type = opt_vfstype;
}
- *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit || opt_encryption);
+ *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit);
*loopfile = *spec;
/* Automatically create a loop device from a regular file if a filesystem
@@ -1317,6 +1314,11 @@ loop_check(const char **spec, const char **type, int *flags,
return EX_FAIL;
}
+ if (opt_encryption) {
+ error("mount: %s", _("encryption not supported, use cryptsetup(8) instead"));
+ return EX_FAIL;
+ }
+
loopcxt_init(&lc, 0);
/* loopcxt_enable_debug(&lc, 1); */
@@ -1525,14 +1527,6 @@ update_mtab_entry(const char *spec, const char *node, const char *type,
#endif /* !HAVE_LIBMOUNT_MOUNT */
static void
-set_pfd(char *s) {
- if (!isdigit(*s))
- die(EX_USAGE,
- _("mount: argument to -p or --pass-fd must be a number"));
- pfd = atoi(optarg);
-}
-
-static void
cdrom_setspeed(const char *spec) {
#define CDROM_SELECT_SPEED 0x5322 /* Set the CD-ROM speed */
if (opt_speed) {
@@ -2579,7 +2573,7 @@ main(int argc, char *argv[]) {
test_opts = append_opt(test_opts, optarg, NULL);
break;
case 'p': /* fd on which to read passwd */
- set_pfd(optarg);
+ error("mount: %s", _("--pass-fd is no longer supported"));
break;
case 'r': /* mount readonly */
readonly = 1;
diff --git a/sys-utils/losetup.8 b/sys-utils/losetup.8
index f50b072..8c69689 100644
--- a/sys-utils/losetup.8
+++ b/sys-utils/losetup.8
@@ -40,8 +40,6 @@ Setup loop device:
.sp
.in +5
.B losetup
-.RB [{ \-e | \-E }
-.IR encryption ]
.RB [ \-o
.IR offset ]
.RB [ \-\-sizelimit
@@ -82,8 +80,6 @@ force loop driver to reread size of the file associated with the specified loop
detach the file or device associated with the specified loop device(s)
.IP "\fB\-D, \-\-detach-all\fP"
detach all associated loop devices
-.IP "\fB\-e, \-E, \-\-encryption \fIencryption_type\fP"
-enable data encryption with specified name or number
.IP "\fB\-f, \-\-find\fP"
find the first unused loop device. If a
.I file
@@ -98,10 +94,6 @@ the data start is moved \fIoffset\fP bytes into the specified file or
device
.IP "\fB\-\-sizelimit \fIsize\fP"
the data end is set to no more than \fIsize\fP bytes after the data start
-.IP "\fB\-p, \-\-pass-fd \fInum\fP"
-read the passphrase from file descriptor with number
-.I num
-instead of from the terminal
.IP "\fB\-P, \-\-partscan\fP"
force kernel to scan partition table on newly created loop device
.IP "\fB\-r, \-\-read-only\fP"
@@ -116,25 +108,10 @@ argument are present.
verbose mode
.SH ENCRYPTION
-.B Cryptoloop is deprecated in favor of dm-crypt. For more details see
-.B cryptsetup (8). It is possible that all bug reports regarding to -E/-e
-.B options will be ignored.
-
-
-It is possible to specify transfer functions (for encryption/decryption
-or other purposes) using one of the
-.B \-E
+Cryptoloop is no longer supported in favor of dm-crypt. For more details see
+.B cryptsetup (8)
and
-.B \-e
-options.
-There are two mechanisms to specify the desired encryption: by number
-and by name. If an encryption is specified by number then one
-has to make sure that the Linux kernel knows about the encryption with that
-number, probably by patching the kernel. Standard numbers that are
-always present are 0 (no encryption) and 1 (XOR encryption).
-When the cryptoloop module is loaded (or compiled in), it uses number 18.
-This cryptoloop module will take the name of an arbitrary encryption type
-and find the module that knows how to perform that encryption.
+.B crypttab (5).
.SH RETURN VALUE
.B losetup
diff --git a/sys-utils/losetup.c b/sys-utils/losetup.c
index 9f03151..2513253 100644
--- a/sys-utils/losetup.c
+++ b/sys-utils/losetup.c
@@ -18,7 +18,6 @@
#include "nls.h"
#include "strutils.h"
#include "loopdev.h"
-#include "xgetpass.h"
enum {
A_CREATE = 1, /* setup a new device */
@@ -164,10 +163,8 @@ static void usage(FILE *out)
" -j, --associated <file> list all devices associated with <file>\n"), out);
fputs(USAGE_SEPARATOR, out);
- fputs(_(" -e, --encryption <type> enable encryption with specified <name/num>\n"
- " -o, --offset <num> start at offset <num> into file\n"
+ fputs(_(" -o, --offset <num> start at offset <num> into file\n"
" --sizelimit <num> device limited to <num> bytes of the file\n"
- " -p, --pass-fd <num> read passphrase from file descriptor <num>\n"
" -P, --partscan create partitioned loop device\n"
" -r, --read-only setup read-only loop device\n"
" --show print device name after setup (with -f)\n"
@@ -185,8 +182,8 @@ static void usage(FILE *out)
int main(int argc, char **argv)
{
struct loopdev_cxt lc;
- int act = 0, flags = 0, passfd = -1, c;
- char *file = NULL, *encryption = NULL;
+ int act = 0, flags = 0, c;
+ char *file = NULL;
uint64_t offset = 0, sizelimit = 0;
int res = 0, showdev = 0, lo_flags = 0;
@@ -249,7 +246,7 @@ int main(int argc, char **argv)
break;
case 'E':
case 'e':
- encryption = optarg;
+ errx(EXIT_FAILURE, _("encryption not supported, use cryptsetup(8) instead"));
break;
case 'f':
act = A_FIND_FREE;
@@ -268,8 +265,7 @@ int main(int argc, char **argv)
flags |= LOOPDEV_FL_OFFSET;
break;
case 'p':
- passfd = strtol_or_err(optarg,
- _("invalid passphrase file descriptor"));
+ warn(_("--pass-fd is no longer supported"));
break;
case 'P':
lo_flags |= LO_FLAGS_PARTSCAN;
@@ -327,10 +323,10 @@ int main(int argc, char **argv)
}
if (act != A_CREATE &&
- (encryption || sizelimit || passfd != -1 || lo_flags || showdev))
+ (sizelimit || lo_flags || showdev))
errx(EXIT_FAILURE,
_("the options %s are allowed to loop device setup only"),
- "--{encryption,sizelimit,pass-fd,read-only,show}");
+ "--{sizelimit,read-only,show}");
if ((flags & LOOPDEV_FL_OFFSET) &&
act != A_CREATE && (act != A_SHOW || !file))
@@ -339,16 +335,8 @@ int main(int argc, char **argv)
switch (act) {
case A_CREATE:
{
- char *pass = NULL;
int hasdev = loopcxt_has_device(&lc);
- if (encryption) {
-#ifdef MCL_FUTURE
- if(mlockall(MCL_CURRENT | MCL_FUTURE))
- err(EXIT_FAILURE, _("couldn't lock into memory"));
-#endif
- pass = xgetpass(passfd, _("Password: "));
- }
do {
/* Note that loopcxt_{find_unused,set_device}() resets
* loopcxt struct.
@@ -357,8 +345,6 @@ int main(int argc, char **argv)
warnx(_("not found unused device"));
break;
}
- if (encryption && pass)
- loopcxt_set_encryption(&lc, encryption, pass);
if (flags & LOOPDEV_FL_OFFSET)
loopcxt_set_offset(&lc, offset);
if (flags & LOOPDEV_FL_SIZELIMIT)
@@ -379,8 +365,6 @@ int main(int argc, char **argv)
}
} while (hasdev == 0);
- free(pass);
-
if (showdev && res == 0)
printf("%s\n", loopcxt_get_device(&lc));
break;
diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
index 4f8af0a..73f5170 100644
--- a/sys-utils/mount.8
+++ b/sys-utils/mount.8
@@ -528,11 +528,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths
file. This option can be used together with the
.B \-f
flag for already canonicalized absolut paths.
-.IP "\fB\-p, \-\-pass\-fd \fInum\fP"
-In case of a loop mount with encryption, read the passphrase from
-file descriptor
-.I num
-instead of from the terminal.
.IP "\fB\-s\fP"
Tolerate sloppy mount options rather than failing. This will ignore
mount options not supported by a filesystem type. Not all filesystems
@@ -2715,7 +2710,7 @@ not specified or the filesystem is known for libblkid, for example:
.sp
.RE
This type of mount knows about four options, namely
-.BR loop ", " offset ", " sizelimit " and " encryption ,
+.BR loop ", " offset ", " sizelimit ",
that are really options to
.BR \%losetup (8).
(These options can be used in addition to those specific
diff --git a/sys-utils/mount.c b/sys-utils/mount.c
index 7f2d5d8..031fd31 100644
--- a/sys-utils/mount.c
+++ b/sys-utils/mount.c
@@ -36,7 +36,6 @@
#include "env.h"
#include "optutils.h"
#include "strutils.h"
-#include "xgetpass.h"
#include "exitcodes.h"
#include "xalloc.h"
@@ -49,7 +48,6 @@
* --options-source-force MNT_OMODE_FORCE
*/
-static int passfd = -1;
static int readwrite;
static int mk_exit_code(struct libmnt_context *cxt, int rc);
@@ -103,32 +101,6 @@ static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)
return 0;
}
-static char *encrypt_pass_get(struct libmnt_context *cxt)
-{
- if (!cxt)
- return 0;
-
-#ifdef MCL_FUTURE
- if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
- warn(_("couldn't lock into memory"));
- return NULL;
- }
-#endif
- return xgetpass(passfd, _("Password: "));
-}
-
-static void encrypt_pass_release(struct libmnt_context *cxt
- __attribute__((__unused__)), char *pwd)
-{
- char *p = pwd;
-
- while (p && *p)
- *p++ = '\0';
-
- free(pwd);
- munlockall();
-}
-
static void print_all(struct libmnt_context *cxt, char *pattern, int show_label)
{
struct libmnt_table *tb;
@@ -616,7 +588,6 @@ static void __attribute__((__noreturn__)) usage(FILE *out)
fprintf(out, _(
" -o, --options <list> comma-separated list of mount options\n"
" -O, --test-opts <list> limit the set of filesystems (use with -a)\n"
- " -p, --pass-fd <num> read the passphrase from file descriptor\n"
" -r, --read-only mount the filesystem read-only (same as -o ro)\n"
" -t, --types <list> limit the set of filesystem types\n"));
fprintf(out, _(
@@ -782,8 +753,7 @@ int main(int argc, char **argv)
err(MOUNT_EX_SYSERR, _("failed to set options pattern"));
break;
case 'p':
- passfd = strtol_or_err(optarg,
- _("invalid passphrase file descriptor"));
+ warnx(_("--pass-fd is no longer supported"));
break;
case 'L':
case 'U':
@@ -864,8 +834,6 @@ int main(int argc, char **argv)
else if (types)
mnt_context_set_fstype(cxt, types);
- mnt_context_set_passwd_cb(cxt, encrypt_pass_get, encrypt_pass_release);
-
if (all) {
/*
* A) Mount all
--
1.7.7

13
util-linux-2.23.1-eject-fpie.patch Normal file
View File

@ -0,0 +1,13 @@
--- util-linux-2.23.1/sys-utils/Makemodule.am
+++ util-linux-2.23.1/sys-utils/Makemodule.am 2013-06-05 12:55:10.921439066 +0000
@@ -142,8 +142,8 @@ endif # LINUX
if BUILD_EJECT
usrbin_exec_PROGRAMS += eject
eject_SOURCES = sys-utils/eject.c
-eject_LDADD = $(LDADD) libmount.la libcommon.la
-eject_CFLAGS = $(AM_CFLAGS) -I$(ul_libmount_incdir)
+eject_LDADD = $(SUID_LDFLAGS) $(LDADD) libmount.la libcommon.la
+eject_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir)
dist_man_MANS += sys-utils/eject.1
endif

20
util-linux-2.23.1-fdisk_remove_bogus_warnings.patch Normal file
View File

@ -0,0 +1,20 @@
--- util-linux-2.23.1/fdisks/fdiskdoslabel.c
+++ util-linux-2.23.1/fdisks/fdiskdoslabel.c 2013-06-05 10:11:14.121939007 +0000
@@ -817,7 +817,7 @@ static void check_consistency(struct fdi
/* compute logical ending (c, h, s) */
long2chs(cxt, get_start_sect(p) + get_nr_sects(p) - 1, &lec, &leh, &les);
-
+#if 0
/* Same physical / logical beginning? */
if (cxt->geom.cylinders <= 1024 && (pbc != lbc || pbh != lbh || pbs != lbs)) {
printf(_("Partition %zd has different physical/logical "
@@ -833,7 +833,7 @@ static void check_consistency(struct fdi
printf(_(" phys=(%d, %d, %d) "), pec, peh, pes);
printf(_("logical=(%d, %d, %d)\n"),lec, leh, les);
}
-
+#endif
/* Ending on cylinder boundary? */
if (peh != (cxt->geom.heads - 1) || pes != cxt->geom.sectors) {
printf(_("Partition %zd does not end on cylinder boundary.\n"),

12
util-linux-2.23.1-noenc-suse.diff Normal file
View File

@ -0,0 +1,12 @@
--- util-linux-2.23.1/libmount/src/context_loopdev.c
+++ util-linux-2.23.1/libmount/src/context_loopdev.c 2013-06-05 09:44:37.081939564 +0000
@@ -213,6 +213,9 @@ int mnt_context_setup_loopdev(struct lib
if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
+ // XXX: nasty for the lib but there's on better way to give a hint atm
+ fprintf(stderr, "mount: encryption no longer supported.\n"
+ " Please use /etc/crypttab instead (man 5 crypttab)\n");
rc = -MNT_ERR_MOUNTOPT;
}

3
util-linux-2.23.1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ad4a7831d7b27d0172996fd343e809716c2403b32a94e15194d8ea797223c4af
size 5539830

53
util-linux.changes
View File

@ -1,3 +1,56 @@
-------------------------------------------------------------------
Wed Jun 5 12:30:45 UTC 2013 - werner@suse.de
- Update to util-linux-2.23.1
+ Release highlights (2.22)
su(1):
* has been merged from coreutils into util-linux
* utils-linux version uses /etc/pam.d/su-l PAM config file for --login
(e.g. "su -") session.
sulogin(8):
* has been merged from sysvinit into util-linux
utmpdump(1):
* has been merged from sysvinit into util-linux
eject(1):
* has been merged from inactive upstream from sf.net and Fedora into util-linux
* supports new options --manualeject, --force and --no-partitions-unmount
lslocks(1)
* this NEW COMMAND prints local system locks and it's replacement to very
long time unmaintained lslk(1)
wdctl(8):
* this NEW COMMAND shows hardware watchdog status
libuuid:
* does NOT EXECUTE uuidd on demand, the daemon has to be started by
init scripts / systemd
uuidd:
* supports socket activation (for systemd)
* supports new options -no-fork, --no-pid and --socket-activation
+ Release highlights (2.23)
blkdiscard(8):
* this NEW COMMAND discard sectors on a device (for example on SSD disks)
sulogin(8):
* provides multi-console feature from SysVinit
- Removed following patches now upstream
* 0001-Test-for-secure_getenv-too.patch
* 0001-include-bitops.h-Use-the-operating-system-byteswappi.patch
* add-canonicalize_path_restricted.patch
* fdiskbsdlabel.patch
* libmount-add-MNT_ERR_LOOPDEV.patch
* libmount-add-special-MNT_ERR-codes.patch
* libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
* login-close-tty-before-vhangup.patch
* mount-new-add-loopdev-specific-error-message.patch
* mount-new-allow-sloppy-for-non-root.patch
* mount-new-improve-error-messages.patch
* mount-new-use-MNT_ERR-for-error-messages.patch
* mount-sanitize-paths-from-non-root-users.patch
* util-linux-2.21.2-noenc.diff
* umount-sanitize-paths-from-non-root-users.patch
- Removed following patch which otherwise cause to break build
* util-linux-2.20-libmount-deps.patch
- Add util-linux-2.23.1-eject-fpie.patch to compile and link eject
with PIE
-------------------------------------------------------------------
Wed May 29 11:45:04 UTC 2013 - ihno@suse.com

183
util-linux.spec
View File

@ -16,6 +16,16 @@
#
#
# Following package should be fixed:
# coreutils ... do not install su and kill
# sysvinit-tools ... do not install sulogin and utmpdump
# eject ... simply drop this package
#
%bcond_without sysvinit_tools
%bcond_without enable_su
%bcond_without enable_eject
Name: util-linux
BuildRequires: audit-devel
BuildRequires: binutils-devel
@ -28,8 +38,10 @@ BuildRequires: ncurses-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
BuildRequires: readline-devel
BuildRequires: utempter-devel
BuildRequires: zlib-devel
Version: 2.21.2
BuildRequires: pkgconfig(systemd)
Version: 2.23.1
Release: 0
# util-linux is a base package and uuidd pre-requiring pwdutils pulls
# that into the core build cycle. pwdutils also pulls in the whole
@ -37,7 +49,7 @@ Release: 0
# make the rpm install check of uuidd happy which has support to work without
# these tools as well
#!BuildIgnore: pwdutils
Url: http://kernel.org/~kzak/util-linux/
Url: https://www.kernel.org/pub/linux/utils/util-linux/
Supplements: filesystem(minix)
Provides: fsck-with-dev-lock = %{version}
# bnc#651598:
@ -60,7 +72,7 @@ Source8: login.pamd
Source9: remote.pamd
# TODO: split to separate package
Source11: klogconsole.tar.bz2
# XXX: needed?
# XXX: Run a program in a new session and with controlling tty
Source22: setctsid.c
Source23: setctsid.8
# XXX: ppc specific, still needed?
@ -76,40 +88,16 @@ Source51: blkid.conf
## util-linux patches
##
# 241372 - remove legacy warnings from fdisk
Patch1: util-linux-2.12r-fdisk_remove_bogus_warnings.patch
Patch2: util-linux-2.20-libmount-deps.patch
Patch1: util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
Patch2: util-linux-2.23.1-eject-fpie.patch
Patch3: fdisk-tinfo.patch
Patch4: mount-new-allow-sloppy-for-non-root.patch
Patch5: libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
# Patches 6-10: bcn#767208 (taken from upstream
Patch6: mount-new-improve-error-messages.patch
Patch7: libmount-add-special-MNT_ERR-codes.patch
Patch8: mount-new-use-MNT_ERR-for-error-messages.patch
Patch9: libmount-add-MNT_ERR_LOOPDEV.patch
Patch10: mount-new-add-loopdev-specific-error-message.patch
# disable encryption
Patch11: util-linux-2.21.2-noenc.diff
Patch12: util-linux-2.21.2-noenc-suse.diff
Patch13: login-close-tty-before-vhangup.patch
Patch12: util-linux-2.23.1-noenc-suse.diff
# hack for boot.localfs
Patch20: util-linux-HACK-boot.localfs.diff
Patch21: 0001-include-bitops.h-Use-the-operating-system-byteswappi.patch
#bnc#797002
Patch22: add-canonicalize_path_restricted.patch
Patch23: mount-sanitize-paths-from-non-root-users.patch
Patch24: umount-sanitize-paths-from-non-root-users.patch
#####
# There is no __secure_getenv anymore..
Patch25: 0001-Test-for-secure_getenv-too.patch
# fix fdisk compilation on aarch64
Patch26: fdiskbsdlabel.patch
##
## klogconsole
##
@ -215,48 +203,42 @@ Files to develop applications using the libmount library.
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
#
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
#
# setctsid
cp %{S:22} %{S:23} .
cp -p %{S:22} %{S:23} .
# nologin
cp %{S:2} %{S:3} %{S:26} %{S:30} .
cp -p %{S:2} %{S:3} %{S:26} %{S:30} .
%patch60 -p1
%patch61 -p1
cd ../klogconsole
pushd ../klogconsole
%patch55 -p1
%patch56 -p1
popd
%build
pushd ../
pushd ../klogconsole
# klogconsole build
cd klogconsole
make %{?_smp_mflags} CFLAGS="%{optflags}" CC="%{__cc}"
cd ..
popd
# setctsid build
rm -f setctsid
make %{?_smp_mflags} setctsid CFLAGS="%{optflags}" CC="%{__cc}"
#
# Version check for libutempter
#
uhead=$(find /usr/include -name utempter.h 2>/dev/null)
if test -n "$uhead" && grep -q utempter_add_record "$uhead"
then
uhead=--with-utempter
else
uhead=--without-utempter
fi
#
# util-linux itself
#
autoreconf -fi
@ -264,16 +246,41 @@ export SUID_CFLAGS="-fpie"
export SUID_LDFLAGS="-pie"
%configure \
--with-audit \
--with-gnu-ld \
--with-ncurses \
--with-selinux \
$uhead \
--with-systemdsystemunitdir=%_unitdir \
--with-bashcompletiondir=%{_datadir}/bash-completion \
--enable-mesg \
--enable-partx \
--enable-raw \
--enable-write \
--enable-line \
--enable-new-mount \
--enable-ddate \
--enable-login-utils \
--enable-tunelp \
--enable-logger \
%if %{with enable_eject}
--enable-eject \
%else
--disable-eject \
%endif
%if %{with sysvinit_tools}
--enable-sulogin \
--enable-sulogin-emergency-mount \
--enable-mountpoint \
%else
--disable-sulogin \
--disable-mountpoint \
%endif
%if %{with enable_su}
--enable-kill \
--enable-su \
%else
--disable-su \
--disable-kill \
%endif
--disable-use-tty-group \
--disable-static \
--disable-silent-rules \
@ -294,9 +301,8 @@ install -m 644 %{SOURCE51} %{buildroot}%{_sysconfdir}/blkid.conf
install -m 644 %{SOURCE8} %{buildroot}/etc/pam.d/login
install -m 644 %{SOURCE9} %{buildroot}/etc/pam.d/remote
mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates
pushd ..
pushd ../klogconsole
# klogconsole install
cd klogconsole
make install DEST=%{buildroot}
popd
#
@ -304,6 +310,10 @@ popd
#
%make_install
#UsrMerge
%if %{with enable_su}
ln -s %{_bindir}/kill %{buildroot}/bin
ln -s %{_bindir}/su %{buildroot}/bin
%endif
ln -s %{_bindir}/logger %{buildroot}/bin
ln -s %{_bindir}/dmesg %{buildroot}/bin
ln -s %{_bindir}/more %{buildroot}/bin
@ -436,6 +446,12 @@ ln -sf ../..%{_sysconfdir}/init.d/uuidd %{buildroot}%{_sbindir}/rcuuidd
%run_permissions
%else
%set_permissions /usr/bin/wall /usr/bin/write /usr/bin/mount /usr/bin/umount
%if %{with sysvinit_tools}
%set_permissions /usr/bin/su
%endif
%if %{with enable_eject}
%set_permissions /usr/bin/eject
%endif
%endif
# mount option 'code=' is now called 'codepage=' so change fstab
@ -449,6 +465,12 @@ fi
%verifyscript
%verify_permissions -e /usr/bin/wall -e /usr/bin/write -e /usr/bin/mount -e /usr/bin/umount
%if %{with sysvinit_tools}
%verify_permissions -e /usr/bin/su
%endif
%if %{with enable_eject}
%verify_permissions -e /usr/bin/eject
%endif
%post -n libblkid1 -p /sbin/ldconfig
@ -495,7 +517,6 @@ fi
%doc Documentation/cal.txt
%doc Documentation/cfdisk.txt
%doc Documentation/col.txt
%doc Documentation/ddate.txt
%doc Documentation/deprecated.txt
%doc Documentation/fdisk.txt
%doc Documentation/getopt.txt
@ -512,6 +533,10 @@ fi
%config(noreplace) /etc/pam.d/login
%config(noreplace) /etc/pam.d/remote
#UsrMerge
%if %{with enable_su}
/bin/kill
/bin/su
%endif
/bin/dmesg
/bin/more
/bin/mount
@ -546,13 +571,19 @@ fi
/sbin/fstrim
/sbin/chcpu
#EndUsrMerge
%if %{with enable_su}
%{_bindir}/kill
%{_bindir}/su
%endif
%if %{with enable_eject}
%verify(not mode) %attr(4750,root,audio) %{_bindir}/eject
%endif
%{_bindir}/cal
%{_bindir}/chrt
%{_bindir}/col
%{_bindir}/colcrt
%{_bindir}/colrm
%{_bindir}/column
%{_bindir}/ddate
%{_bindir}/dmesg
%{_bindir}/fallocate
%{_bindir}/findmnt
@ -569,11 +600,13 @@ fi
%{_bindir}/look
%{_bindir}/lsblk
%{_bindir}/lscpu
%{_bindir}/lslocks
%{_bindir}/mcookie
%{_bindir}/mesg
%{_bindir}/more
%{_bindir}/mount
%{_bindir}/namei
%{_bindir}/nsenter
%{_bindir}/prlimit
%{_bindir}/rename
%{_bindir}/renice
@ -587,14 +620,20 @@ fi
%{_bindir}/ul
%{_bindir}/umount
%{_bindir}/unshare
%if %{with sysvinit_tools}
%{_bindir}/mountpoint
%{_bindir}/utmpdump
%endif
%{_bindir}/uuidgen
%ifnarch ppc ppc64
%{_bindir}/chrp-addnote
%{_bindir}/mkzimage_cmdline
%endif
%{_bindir}/wdctl
%{_sbindir}/addpart
%{_sbindir}/agetty
%{_sbindir}/blkid
%{_sbindir}/blkdiscard
%{_sbindir}/blockdev
%{_sbindir}/chcpu
%{_sbindir}/ctrlaltdel
@ -617,8 +656,13 @@ fi
%{_sbindir}/pivot_root
%{_sbindir}/raw
%{_sbindir}/rcraw
%{_sbindir}/resizepart
%{_sbindir}/rtcwake
%{_sbindir}/runuser
%{_sbindir}/setctsid
%if %{with sysvinit_tools}
%{_sbindir}/sulogin
%endif
%{_sbindir}/swaplabel
%{_sbindir}/swapoff
%{_sbindir}/swapon
@ -627,14 +671,20 @@ fi
%verify(not mode) %attr(0755,root,tty) %{_bindir}/wall
%{_bindir}/whereis
%verify(not mode) %attr(0755,root,tty) %{_bindir}/write
%if %{with enable_su}
%{_mandir}/man1/kill.1.gz
%{_mandir}/man1/su.1.gz
%endif
%{_mandir}/man1/cal.1.gz
%{_mandir}/man1/chrt.1.gz
%{_mandir}/man1/col.1.gz
%{_mandir}/man1/colcrt.1.gz
%{_mandir}/man1/colrm.1.gz
%{_mandir}/man1/column.1.gz
%{_mandir}/man1/ddate.1.gz
%{_mandir}/man1/dmesg.1.gz
%if %{with enable_eject}
%{_mandir}/man1/eject.1.gz
%endif
%{_mandir}/man1/fallocate.1.gz
%{_mandir}/man1/flock.1.gz
%{_mandir}/man1/getopt.1.gz
@ -650,6 +700,7 @@ fi
%{_mandir}/man1/mesg.1.gz
%{_mandir}/man1/more.1.gz
%{_mandir}/man1/namei.1.gz
%{_mandir}/man1/nsenter.1.gz
%{_mandir}/man1/ionice.1.gz
%{_mandir}/man1/prlimit.1.gz
%{_mandir}/man1/rename.1.gz
@ -667,6 +718,11 @@ fi
%{_mandir}/man1/whereis.1.gz
%{_mandir}/man1/write.1.gz
%{_mandir}/man1/ipcmk.1.gz
%if %{with sysvinit_tools}
%{_mandir}/man1/mountpoint.1.gz
%{_mandir}/man1/utmpdump.1.gz
%endif
%{_mandir}/man1/runuser.1.gz
%{_mandir}/man1/uuidgen.1.gz
%{_mandir}/man5/fstab.5.gz
%{_mandir}/man8/addpart.8.gz
@ -675,16 +731,20 @@ fi
%{_mandir}/man8/delpart.8.gz
%{_mandir}/man8/ctrlaltdel.8.gz
%{_mandir}/man8/blkid.8.gz
%{_mandir}/man8/blkdiscard.8.gz
%{_mandir}/man8/switch_root.8.gz
%{_mandir}/man8/mkfs.bfs.8.gz
%{_mandir}/man8/mkfs.minix.8.gz
%{_mandir}/man8/findfs.8.gz
%{_mandir}/man8/fsck.8.gz
%{_mandir}/man8/fsck.cramfs.8.gz
%{_mandir}/man8/fsck.minix.8.gz
%{_mandir}/man8/isosize.8.gz
%{_mandir}/man8/ldattach.8.gz
%{_mandir}/man8/losetup.8.gz
%{_mandir}/man8/lslocks.8.gz
%{_mandir}/man8/mkfs.8.gz
%{_mandir}/man8/mkfs.cramfs.8.gz
%{_mandir}/man8/mkswap.8.gz
%{_mandir}/man8/mount.8.gz
%{_mandir}/man8/nologin.8.gz
@ -708,12 +768,17 @@ fi
%{_mandir}/man8/wipefs.8.gz
%{_mandir}/man8/fstrim.8.gz
%{_mandir}/man8/lsblk.8.gz
%{_mandir}/ru
%{_mandir}/man8/resizepart.8.gz
%if %{with sysvinit_tools}
%{_mandir}/man8/sulogin.8.gz
%endif
%{_mandir}/man8/wdctl.8.gz
%{_sbindir}/flushb
%{_sbindir}/readprofile
%dir %{_datadir}/getopt
%attr (755,root,root) %{_datadir}/getopt/getopt-parse.bash
%attr (755,root,root) %{_datadir}/getopt/getopt-parse.tcsh
%{_datadir}/bash-completion/*
%ifnarch ia64
#XXX: post our patches upstream
#XXX: call fdupes on /usr/share/man
@ -784,6 +849,8 @@ fi
%{_initddir}/uuidd
%{_mandir}/man8/uuidd.8.gz
%{_sbindir}/rcuuidd
%{_unitdir}/uuidd.service
%{_unitdir}/uuidd.socket
%files -n libuuid1
%defattr(-, root, root)