This commit is contained in:
parent
ce79c8872c
commit
5e5e9235e7
3
raw.init
3
raw.init
@ -15,13 +15,14 @@
|
||||
# Required-Stop:
|
||||
# Default-Start: 2 3 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: raw devices
|
||||
# Description: raw-devices
|
||||
### END INIT INFO
|
||||
|
||||
. /etc/rc.status
|
||||
|
||||
CONFIG=/etc/raw
|
||||
RAW_BIN=/usr/sbin/raw
|
||||
RAW_BIN=/sbin/raw
|
||||
RAW_MODULE=raw
|
||||
test -x $RAW_BIN || exit 5
|
||||
|
||||
|
@ -1,39 +0,0 @@
|
||||
Index: util-linux-ng-2.12r+git20070330/disk-utils/mkswap.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.12r+git20070330.orig/disk-utils/mkswap.c
|
||||
+++ util-linux-ng-2.12r+git20070330/disk-utils/mkswap.c
|
||||
@@ -660,7 +660,7 @@ main(int argc, char ** argv) {
|
||||
usage();
|
||||
}
|
||||
|
||||
- DEV = open(device_name,O_RDWR);
|
||||
+ DEV = open(device_name, O_RDWR | O_EXCL);
|
||||
if (DEV < 0 || fstat(DEV, &statbuf) < 0) {
|
||||
perror(device_name);
|
||||
exit(1);
|
||||
Index: util-linux-ng-2.12r+git20070330/disk-utils/mkfs.minix.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.12r+git20070330.orig/disk-utils/mkfs.minix.c
|
||||
+++ util-linux-ng-2.12r+git20070330/disk-utils/mkfs.minix.c
|
||||
@@ -699,7 +699,7 @@ main(int argc, char ** argv) {
|
||||
tmp += dirsize;
|
||||
*(short *)tmp = 2;
|
||||
strcpy(tmp+2,".badblocks");
|
||||
- DEV = open(device_name,O_RDWR );
|
||||
+ DEV = open(device_name,O_RDWR | O_EXCL);
|
||||
if (DEV<0)
|
||||
die(_("unable to open %s"));
|
||||
if (fstat(DEV,&statbuf)<0)
|
||||
Index: util-linux-ng-2.12r+git20070330/disk-utils/mkfs.bfs.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.12r+git20070330.orig/disk-utils/mkfs.bfs.c
|
||||
+++ util-linux-ng-2.12r+git20070330/disk-utils/mkfs.bfs.c
|
||||
@@ -170,7 +170,7 @@ main(int argc, char *argv[]) {
|
||||
if (!S_ISBLK(statbuf.st_mode))
|
||||
fatal(_("%s is not a block special device"), device);
|
||||
|
||||
- fd = open(device, O_RDWR);
|
||||
+ fd = open(device, O_RDWR | O_EXCL);
|
||||
if (fd == -1) {
|
||||
perror(device);
|
||||
fatal(_("cannot open %s"), device);
|
13
util-linux-2.13-hwclock_rtc_wait_busy_tempfix.patch
Normal file
13
util-linux-2.13-hwclock_rtc_wait_busy_tempfix.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: util-linux-ng-2.13.0.1+git20071121/hwclock/rtc.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13.0.1+git20071121.orig/hwclock/rtc.c
|
||||
+++ util-linux-ng-2.13.0.1+git20071121/hwclock/rtc.c
|
||||
@@ -225,7 +225,7 @@ int ret;
|
||||
} else {
|
||||
int rc; /* Return code from ioctl */
|
||||
/* Turn on update interrupts (one per second) */
|
||||
-#if defined(__alpha__) || defined(__sparc__) || defined(__x86_64__)
|
||||
+#if defined(__alpha__) || defined(__sparc__) || defined(__x86_64__) || defined(__i386__)
|
||||
/* Not all alpha kernels reject RTC_UIE_ON, but probably they should. */
|
||||
rc = -1;
|
||||
errno = EINVAL;
|
@ -1,32 +0,0 @@
|
||||
--- util-linux-ng-2.13rc2+git20070725/mount/lomount.c.org 2007-08-16 17:09:33.258902000 +0200
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/lomount.c 2007-08-16 17:09:43.016135000 +0200
|
||||
@@ -398,6 +398,7 @@
|
||||
}
|
||||
if (ioctl (fd, LOOP_CLR_FD, 0) < 0) {
|
||||
perror ("ioctl: LOOP_CLR_FD");
|
||||
+ close(fd);
|
||||
return 1;
|
||||
}
|
||||
close (fd);
|
||||
--- util-linux-ng-2.13rc2+git20070725/mount/fsprobe_volumeid.c.org 2007-08-16 18:16:03.120065000 +0200
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/fsprobe_volumeid.c 2007-08-16 18:27:43.967526000 +0200
|
||||
@@ -34,8 +34,10 @@
|
||||
return NULL;
|
||||
|
||||
id = volume_id_open_fd(fd);
|
||||
- if (!id)
|
||||
+ if (!id) {
|
||||
+ close(fd);
|
||||
return NULL;
|
||||
+ }
|
||||
|
||||
/* TODO: use blkdev_get_size() */
|
||||
if (ioctl(fd, BLKGETSIZE64, &size) != 0)
|
||||
@@ -61,6 +63,7 @@
|
||||
}
|
||||
|
||||
volume_id_close(id);
|
||||
+ close(fd);
|
||||
return value;
|
||||
}
|
||||
|
@ -1,13 +0,0 @@
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13rc2+git20070725.orig/mount/mount.c
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
@@ -546,7 +546,7 @@ create_mtab (void) {
|
||||
char *extra_opts;
|
||||
parse_opts (fstab->m.mnt_opts, &flags, &extra_opts);
|
||||
mnt.mnt_dir = "/";
|
||||
- mnt.mnt_fsname = canonicalize (fstab->m.mnt_fsname);
|
||||
+ mnt.mnt_fsname = fsprobe_get_devname(fstab->m.mnt_fsname);
|
||||
mnt.mnt_type = fstab->m.mnt_type;
|
||||
mnt.mnt_opts = fix_opts_string (flags, extra_opts, NULL);
|
||||
mnt.mnt_freq = mnt.mnt_passno = 0;
|
5
util-linux-2.13-rpmlintrc
Normal file
5
util-linux-2.13-rpmlintrc
Normal file
@ -0,0 +1,5 @@
|
||||
addFilter("init-script-without-%stop_on_removal-preun /etc/init.d/raw")
|
||||
addFilter("incoherent-init-script-name raw")
|
||||
addFilter("no-reload-entry /etc/init.d/raw")
|
||||
addFilter("files-duplicate .*(rootflags|ramsize|vidmode)")
|
||||
|
@ -1,55 +0,0 @@
|
||||
Original patch from Bernhard Voelker.
|
||||
|
||||
Index: util-linux-ng-2.13rc2+git20070725/schedutils/ionice.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13rc2+git20070725.orig/schedutils/ionice.c
|
||||
+++ util-linux-ng-2.13rc2+git20070725/schedutils/ionice.c
|
||||
@@ -107,7 +107,7 @@ int main(int argc, char *argv[])
|
||||
case 'h':
|
||||
default:
|
||||
usage();
|
||||
- exit(0);
|
||||
+ exit(EXIT_SUCCESS);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -125,7 +125,7 @@ int main(int argc, char *argv[])
|
||||
break;
|
||||
default:
|
||||
printf("bad prio class %d\n", ioprio_class);
|
||||
- return 1;
|
||||
+ exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if (!set) {
|
||||
@@ -134,9 +134,10 @@ int main(int argc, char *argv[])
|
||||
|
||||
ioprio = ioprio_get(IOPRIO_WHO_PROCESS, pid);
|
||||
|
||||
- if (ioprio == -1)
|
||||
+ if (ioprio == -1) {
|
||||
perror("ioprio_get");
|
||||
- else {
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ } else {
|
||||
ioprio_class = ioprio >> IOPRIO_CLASS_SHIFT;
|
||||
if (ioprio_class != IOPRIO_CLASS_IDLE) {
|
||||
ioprio = ioprio & 0xff;
|
||||
@@ -147,11 +148,15 @@ int main(int argc, char *argv[])
|
||||
} else {
|
||||
if (ioprio_set(IOPRIO_WHO_PROCESS, pid, ioprio | ioprio_class << IOPRIO_CLASS_SHIFT) == -1) {
|
||||
perror("ioprio_set");
|
||||
- return 1;
|
||||
+ exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
- if (argv[optind])
|
||||
+ if (argv[optind]) {
|
||||
execvp(argv[optind], &argv[optind]);
|
||||
+ /* execvp should never return */
|
||||
+ perror("execvp");
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
}
|
||||
|
||||
return 0;
|
@ -1,16 +0,0 @@
|
||||
Index: util-linux-ng-2.13-rc1/sys-utils/Makefile.am
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13-rc1.orig/sys-utils/Makefile.am
|
||||
+++ util-linux-ng-2.13-rc1/sys-utils/Makefile.am
|
||||
@@ -26,6 +26,11 @@ usrsbinexec_PROGRAMS += rdev
|
||||
man_MANS += rdev.8 ramsize.8 rootflags.8 vidmode.8
|
||||
RDEV_LINKS = ramsize vidmode rootflags
|
||||
endif
|
||||
+if ARCH_86_64
|
||||
+usrsbinexec_PROGRAMS += rdev
|
||||
+man_MANS += rdev.8 ramsize.8 rootflags.8 vidmode.8
|
||||
+RDEV_LINKS = ramsize vidmode rootflags
|
||||
+endif
|
||||
endif
|
||||
|
||||
SETARCH_LINKS = linux32 linux64
|
@ -1,52 +1,70 @@
|
||||
* password hashing based on debian patch (rmd160, sha*) adds losetup options -k
|
||||
and -H
|
||||
* add support for loop-AES compatible strings like "twofish256"
|
||||
From a062df268df66641ed94d5c0e968e92c67b585e4 Mon Sep 17 00:00:00 2001
|
||||
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||
Date: Thu, 29 Nov 2007 17:46:36 +0100
|
||||
Subject: [PATCH] losetup: support password hashing and specifying the key length
|
||||
|
||||
* add support for password hashing (sha512, sha384, sha256, rmd160).
|
||||
* add support for loop-AES style strings like "twofish256" for
|
||||
specifying the encryption algorithm and key length.
|
||||
|
||||
Based on the SUSE patch from Ludwig Nussel <ludwig.nussel@suse.de>,
|
||||
this patch adds password hashing for cryptoloop devices. While
|
||||
cryptoloop is deprecated, users may still wish to access existing
|
||||
volumes.
|
||||
|
||||
Incompatible change:
|
||||
Default is now to hash using sha256, sha384 or sha512 depending
|
||||
on key length (16, 24, or 32 bytes). Debian users will need to
|
||||
specify "--phash rmd160" to access existing Debian devices.
|
||||
Others will need to specify '--phash none'.
|
||||
|
||||
sha512.c is from loop-AES.
|
||||
|
||||
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||
---
|
||||
mount/Makefile.am | 2 +
|
||||
mount/lomount.c | 178 +++++++++++++++---
|
||||
mount/lomount.h | 4 +-
|
||||
mount/losetup.8 | 11 +
|
||||
mount/mount.8 | 13 ++
|
||||
mount/mount.c | 23 ++-
|
||||
mount/my_dev_t.h | 5 +
|
||||
mount/rmd160.c | 532 +++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
mount/rmd160.h | 11 +
|
||||
mount/sha512.c | 432 +++++++++++++++++++++++++++++++++++++++++++
|
||||
mount/sha512.h | 45 +++++
|
||||
11 files changed, 1225 insertions(+), 31 deletions(-)
|
||||
create mode 100644 mount/my_dev_t.h
|
||||
create mode 100644 mount/rmd160.c
|
||||
create mode 100644 mount/rmd160.h
|
||||
create mode 100644 mount/sha512.c
|
||||
create mode 100644 mount/sha512.h
|
||||
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/Makefile.am
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13rc2+git20070725.orig/mount/Makefile.am
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/Makefile.am
|
||||
@@ -12,7 +12,7 @@ headers_common = fstab.h linux_fs.h moun
|
||||
mount_paths.h lomount.h fsprobe.h realpath.h xmalloc.h \
|
||||
diff --git a/mount/Makefile.am b/mount/Makefile.am
|
||||
index 01643b2..cb7af0a 100644
|
||||
--- a/mount/Makefile.am
|
||||
+++ b/mount/Makefile.am
|
||||
@@ -13,6 +13,7 @@ headers_common = fstab.h mount_mntent.h mount_constants.h \
|
||||
getusername.h loop.h sundries.h
|
||||
|
||||
-mount_common = fstab.c mount_mntent.c getusername.c lomount.c \
|
||||
+mount_common = fstab.c mount_mntent.c getusername.c lomount.c rmd160.c sha512.c \
|
||||
$(utils_common) $(headers_common) ../lib/env.c
|
||||
|
||||
mount_SOURCES = mount.c $(mount_common) ../lib/setproctitle.c
|
||||
@@ -25,7 +25,7 @@ umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LD
|
||||
mount_common = fstab.c mount_mntent.c getusername.c lomount.c \
|
||||
+ rmd160.c sha512.c \
|
||||
$(utils_common) $(headers_common) ../lib/env.c ../lib/linux_version.c \
|
||||
../lib/blkdev.c
|
||||
|
||||
@@ -27,6 +28,7 @@ umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
|
||||
swapon_SOURCES = swapon.c swap_constants.h $(utils_common)
|
||||
|
||||
-losetup_SOURCES = lomount.c loop.h lomount.h
|
||||
+losetup_SOURCES = lomount.c loop.h lomount.h rmd160.c sha512.c
|
||||
losetup_SOURCES = lomount.c sundries.c xmalloc.c realpath.c \
|
||||
+ rmd160.c sha512.c \
|
||||
loop.h lomount.h xmalloc.h sundries.h realpath.h
|
||||
losetup_CPPFLAGS = -DMAIN $(AM_CPPFLAGS)
|
||||
|
||||
mount_LDADD = $(LDADD_common)
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/rmd160.h
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/rmd160.h
|
||||
@@ -0,0 +1,11 @@
|
||||
+#ifndef RMD160_H
|
||||
+#define RMD160_H
|
||||
+
|
||||
+#define RMD160_HASH_SIZE 20
|
||||
+
|
||||
+void
|
||||
+rmd160_hash_buffer( unsigned char *outbuf, const unsigned char *buffer, size_t length );
|
||||
+
|
||||
+#endif /*RMD160_H*/
|
||||
+
|
||||
+
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13rc2+git20070725.orig/mount/lomount.c
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
@@ -20,9 +20,15 @@
|
||||
diff --git a/mount/lomount.c b/mount/lomount.c
|
||||
index 5bd8954..98f144f 100644
|
||||
--- a/mount/lomount.c
|
||||
+++ b/mount/lomount.c
|
||||
@@ -20,12 +20,18 @@
|
||||
|
||||
#include "loop.h"
|
||||
#include "lomount.h"
|
||||
@ -54,19 +72,22 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
+#include "sha512.h"
|
||||
#include "xstrncpy.h"
|
||||
#include "nls.h"
|
||||
#include "sundries.h"
|
||||
#include "xmalloc.h"
|
||||
#include "realpath.h"
|
||||
|
||||
+#ifndef MAX
|
||||
+#define MAX(a,b) ((a>b)?(a):(b))
|
||||
+#ifndef MIN
|
||||
+#define MIN(a,b) ((a<b)?(a):(b))
|
||||
+#endif
|
||||
+
|
||||
extern int verbose;
|
||||
extern char *progname;
|
||||
extern char *xstrdup (const char *s); /* not: #include "sundries.h" */
|
||||
@@ -95,12 +101,22 @@ show_loop(char *device) {
|
||||
#define SIZE(a) (sizeof(a)/sizeof(a[0]))
|
||||
|
||||
#ifdef LOOP_SET_FD
|
||||
@@ -93,12 +99,22 @@ show_loop(char *device) {
|
||||
|
||||
if (loopinfo64.lo_encrypt_type ||
|
||||
loopinfo64.lo_crypt_name[0]) {
|
||||
- char *e = loopinfo64.lo_crypt_name;
|
||||
- char *e = (char *)loopinfo64.lo_crypt_name;
|
||||
+ const char *e = (const char*)loopinfo64.lo_crypt_name;
|
||||
|
||||
if (*e == 0 && loopinfo64.lo_encrypt_type == 1)
|
||||
@ -88,7 +109,7 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
}
|
||||
printf("\n");
|
||||
close (fd);
|
||||
@@ -259,7 +275,7 @@ xgetpass(int pfd, const char *prompt) {
|
||||
@@ -353,7 +369,7 @@ xgetpass(int pfd, const char *prompt) {
|
||||
}
|
||||
|
||||
if (pass == NULL)
|
||||
@ -97,13 +118,13 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
|
||||
pass[i] = 0;
|
||||
return pass;
|
||||
@@ -273,12 +289,30 @@ digits_only(const char *s) {
|
||||
@@ -367,12 +383,30 @@ digits_only(const char *s) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
+static void phash_none(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
|
||||
+{
|
||||
+ memcpy(buf, key, MAX(buflen, keylen));
|
||||
+ memcpy(buf, key, MIN(buflen, keylen));
|
||||
+}
|
||||
+
|
||||
+static void phash_rmd160(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
|
||||
@ -116,7 +137,7 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
+ rmd160_hash_buffer(tmpbuf + RMD160_HASH_SIZE, tmp, keylen+1);
|
||||
+ memset(tmp, 0, keylen+1);
|
||||
+ free(tmp);
|
||||
+ memcpy(buf, tmpbuf, MAX(buflen, sizeof(tmpbuf)));
|
||||
+ memcpy(buf, tmpbuf, MIN(buflen, sizeof(tmpbuf)));
|
||||
+}
|
||||
+
|
||||
int
|
||||
@ -127,31 +148,27 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
int fd, ffd, mode, i;
|
||||
- char *pass;
|
||||
+ char *pass = NULL;
|
||||
char *filename;
|
||||
|
||||
mode = (*loopro ? O_RDONLY : O_RDWR);
|
||||
if ((ffd = open(file, mode)) < 0) {
|
||||
@@ -297,15 +331,43 @@ set_loop(const char *device, const char
|
||||
if (verbose) {
|
||||
@@ -406,13 +440,37 @@ set_loop(const char *device, const char *file, unsigned long long offset,
|
||||
filename = (char *) file;
|
||||
xstrncpy((char *)loopinfo64.lo_file_name, filename, LO_NAME_SIZE);
|
||||
|
||||
memset(&loopinfo64, 0, sizeof(loopinfo64));
|
||||
|
||||
- xstrncpy(loopinfo64.lo_file_name, file, LO_NAME_SIZE);
|
||||
+ xstrncpy((char*)loopinfo64.lo_file_name, file, LO_NAME_SIZE);
|
||||
+
|
||||
+ loopinfo64.lo_encrypt_key_size = 0;
|
||||
|
||||
+
|
||||
if (encryption && *encryption) {
|
||||
- if (digits_only(encryption)) {
|
||||
+ // a hint for suse users
|
||||
+ if(!strcmp(encryption, "twofishSL92")) {
|
||||
+ fprintf(stderr, _("twofishSL92 is not supported via cryptoloop, please use dm-crypt to access the volume\n"));
|
||||
+ close(fd);
|
||||
+ close(ffd);
|
||||
+ return 1;
|
||||
+ }
|
||||
if (digits_only(encryption)) {
|
||||
+ if(!phash && (!strcmp(encryption, "twofishSL92") || (!strcmp(encryption, "twofish") && !keysz))) {
|
||||
+ fprintf(stderr,"Switching to old S.u.S.E. loop_fish2 compatibility mode.\n");
|
||||
+ fprintf(stderr, _("Warning: This mode is deprecated, support for it will be removed in the future.\n"));
|
||||
+ loopinfo64.lo_encrypt_type = 3; // LO_CRYPT_FISH
|
||||
+ } else if (digits_only(encryption)) {
|
||||
loopinfo64.lo_encrypt_type = atoi(encryption);
|
||||
} else {
|
||||
- loopinfo64.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
|
||||
- snprintf(loopinfo64.lo_crypt_name, LO_NAME_SIZE,
|
||||
- snprintf((char *)loopinfo64.lo_crypt_name, LO_NAME_SIZE,
|
||||
+ // check for something like twofish256
|
||||
+ unsigned len = strlen(encryption);
|
||||
+ snprintf((char*)loopinfo64.lo_crypt_name, LO_NAME_SIZE,
|
||||
@ -169,15 +186,13 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
+ fprintf(stderr, _("please either specify '%s%d' or -e '%s' -k '%d'\n"),
|
||||
+ loopinfo64.lo_crypt_name, loopinfo64.lo_encrypt_key_size<<3,
|
||||
+ loopinfo64.lo_crypt_name, keysz);
|
||||
+ close(fd);
|
||||
+ close(ffd);
|
||||
+ return 1;
|
||||
+ }
|
||||
+ loopinfo64.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -325,20 +387,64 @@ set_loop(const char *device, const char
|
||||
@@ -432,20 +490,70 @@ set_loop(const char *device, const char *file, unsigned long long offset,
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -195,20 +210,25 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
+ void (*hfunc)(const unsigned char*, size_t, unsigned char*, size_t) = NULL;
|
||||
+
|
||||
memset(loopinfo64.lo_encrypt_key, 0, LO_KEY_SIZE);
|
||||
- xstrncpy(loopinfo64.lo_encrypt_key, pass, LO_KEY_SIZE);
|
||||
- xstrncpy((char *)loopinfo64.lo_encrypt_key, pass, LO_KEY_SIZE);
|
||||
+
|
||||
+ pass = xgetpass(pfd, _("Password: "));
|
||||
+ if(!pass) {
|
||||
+ close(fd);
|
||||
+ close(ffd);
|
||||
+ if(!pass)
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ // set default hash functions, loop-AES compatible
|
||||
+ if(loopinfo64.lo_encrypt_type == LO_CRYPT_CRYPTOAPI) {
|
||||
+ hfunc = sha512_hash_buffer;
|
||||
+ hfunc = sha256_hash_buffer;
|
||||
+ if(loopinfo64.lo_encrypt_key_size == 24) hfunc = sha384_hash_buffer;
|
||||
+ if(loopinfo64.lo_encrypt_key_size == 32) hfunc = sha512_hash_buffer;
|
||||
+ } else if(loopinfo64.lo_encrypt_type == 3 ) { // LO_CRYPT_FISH
|
||||
+ if(!strcmp(encryption, "twofishSL92")) {
|
||||
+ hfunc = sha512_hash_buffer;
|
||||
+ loopinfo64.lo_encrypt_key_size = 32;
|
||||
+ } else {
|
||||
+ hfunc = phash_rmd160;
|
||||
+ loopinfo64.lo_encrypt_key_size = 20;
|
||||
+ }
|
||||
+ } else {
|
||||
+ hfunc = phash_none;
|
||||
+ loopinfo64.lo_encrypt_key_size = keysz?keysz>>3:LO_KEY_SIZE;
|
||||
@ -218,13 +238,16 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
+ if(!keysz) {
|
||||
+ if(verbose)
|
||||
+ fprintf(stderr, _("please specify a key length\n"));
|
||||
+ close(fd);
|
||||
+ close(ffd);
|
||||
+ return 1;
|
||||
+ }
|
||||
+ loopinfo64.lo_encrypt_key_size = keysz>>3;
|
||||
+ }
|
||||
+
|
||||
+ if((unsigned)loopinfo64.lo_encrypt_key_size > sizeof(loopinfo64.lo_encrypt_key)) {
|
||||
+ fprintf(stderr, _("invalid key length\n"));
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ if (phash) {
|
||||
+ if(!strcasecmp(phash, "sha512")) {
|
||||
+ hfunc = sha512_hash_buffer;
|
||||
@ -238,8 +261,6 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
+ hfunc = phash_none;
|
||||
+ } else {
|
||||
+ fprintf(stderr, _("unsupported hash method '%s'\n"), phash);
|
||||
+ close(fd);
|
||||
+ close(ffd);
|
||||
+ return 1;
|
||||
+ }
|
||||
+ }
|
||||
@ -254,7 +275,7 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
}
|
||||
|
||||
if (ioctl(fd, LOOP_SET_FD, ffd) < 0) {
|
||||
@@ -416,8 +522,8 @@ mutter(void) {
|
||||
@@ -532,8 +640,8 @@ mutter(void) {
|
||||
}
|
||||
|
||||
int
|
||||
@ -265,11 +286,11 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
mutter();
|
||||
return 1;
|
||||
}
|
||||
@@ -456,7 +562,13 @@ usage(void) {
|
||||
@@ -569,7 +677,13 @@ usage(void) {
|
||||
" %1$s [ options ] {-f|--find|loop_device} file # setup\n"
|
||||
"\nOptions:\n"
|
||||
" -e | --encryption <type> enable data encryption with specified <name/num>\n"
|
||||
+ " -H | --phash <type> hash password using specified algorithm (rmd160/sha512/sha256/sha384/none)\n"
|
||||
+ " -H | --phash <type> hash password using specified algorithm (sha512/sha256/sha384/rmd160/none)\n"
|
||||
" -h | --help this help\n"
|
||||
+ " -k | --keybits <num> specify number of bits in the hashed key given\n"
|
||||
+ " to the cipher. Some ciphers support several key\n"
|
||||
@ -279,7 +300,7 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
" -o | --offset <num> start at offset <num> into file\n"
|
||||
" -p | --pass-fd <num> read passphrase from file descriptor <num>\n"
|
||||
" -r | --read-only setup read-only loop device\n"
|
||||
@@ -497,11 +609,14 @@ error (const char *fmt, ...) {
|
||||
@@ -582,11 +696,14 @@ usage(void) {
|
||||
int
|
||||
main(int argc, char **argv) {
|
||||
char *p, *offset, *encryption, *passfd, *device, *file;
|
||||
@ -294,7 +315,7 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
unsigned long long off;
|
||||
struct option longopts[] = {
|
||||
{ "all", 0, 0, 'a' },
|
||||
@@ -509,6 +624,8 @@ main(int argc, char **argv) {
|
||||
@@ -594,6 +711,8 @@ main(int argc, char **argv) {
|
||||
{ "encryption", 1, 0, 'e' },
|
||||
{ "find", 0, 0, 'f' },
|
||||
{ "help", 0, 0, 'h' },
|
||||
@ -303,7 +324,7 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
{ "offset", 1, 0, 'o' },
|
||||
{ "pass-fd", 1, 0, 'p' },
|
||||
{ "read-only", 0, 0, 'r' },
|
||||
@@ -524,12 +641,13 @@ main(int argc, char **argv) {
|
||||
@@ -609,12 +728,13 @@ main(int argc, char **argv) {
|
||||
delete = find = all = 0;
|
||||
off = 0;
|
||||
offset = encryption = passfd = NULL;
|
||||
@ -314,11 +335,11 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
progname = p+1;
|
||||
|
||||
- while ((c = getopt_long(argc, argv, "ade:E:fho:p:rsv",
|
||||
+ while ((c = getopt_long(argc, argv, "ade:E:fhk:No:p:rsvH:",
|
||||
+ while ((c = getopt_long(argc, argv, "ade:E:fhk:o:p:rsvH:",
|
||||
longopts, NULL)) != -1) {
|
||||
switch (c) {
|
||||
case 'a':
|
||||
@@ -548,6 +666,12 @@ main(int argc, char **argv) {
|
||||
@@ -633,6 +753,12 @@ main(int argc, char **argv) {
|
||||
case 'f':
|
||||
find = 1;
|
||||
break;
|
||||
@ -331,7 +352,7 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
case 'o':
|
||||
offset = optarg;
|
||||
break;
|
||||
@@ -611,8 +735,10 @@ main(int argc, char **argv) {
|
||||
@@ -696,8 +822,10 @@ main(int argc, char **argv) {
|
||||
usage();
|
||||
if (passfd && sscanf(passfd, "%d", &pfd) != 1)
|
||||
usage();
|
||||
@ -343,11 +364,83 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
if (res == 2 && find) {
|
||||
if (verbose)
|
||||
printf("stolen loop=%s...trying again\n",
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13rc2+git20070725.orig/mount/mount.c
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
@@ -93,6 +93,9 @@ static int suid = 0;
|
||||
diff --git a/mount/lomount.h b/mount/lomount.h
|
||||
index 38b3a48..3a6210f 100644
|
||||
--- a/mount/lomount.h
|
||||
+++ b/mount/lomount.h
|
||||
@@ -1,5 +1,5 @@
|
||||
-extern int set_loop(const char *, const char *, unsigned long long,
|
||||
- const char *, int, int *);
|
||||
+extern int set_loop(const char *device, const char *file, unsigned long long offset,
|
||||
+ const char *encryption, const char* phash, int pfd, int *loopro, int keysz);
|
||||
extern int del_loop(const char *);
|
||||
extern int is_loop_device(const char *);
|
||||
extern char * find_unused_loop_device(void);
|
||||
diff --git a/mount/losetup.8 b/mount/losetup.8
|
||||
index db2929f..54bbc94 100644
|
||||
--- a/mount/losetup.8
|
||||
+++ b/mount/losetup.8
|
||||
@@ -76,6 +76,15 @@ find the first unused loop device. If a
|
||||
argument is present, use this device. Otherwise, print its name.
|
||||
.IP "\fB\-h, \-\-help\fP"
|
||||
print help
|
||||
+.IP "\fB\-H, \-\-phash \fIhash_type\fP"
|
||||
+Specify the password hash function. Valid values are:
|
||||
+.BR sha512 (default),
|
||||
+.BR sha256 ,
|
||||
+.BR sha384 ,
|
||||
+.BR rmd160 ,
|
||||
+.BR none .
|
||||
+.IP "\fB\-k, \-\-keybits \fInum\fP"
|
||||
+set the number of bits to use in key to \fInum\fP.
|
||||
.IP "\fB\-o, \-\-offset \fIoffset\fP"
|
||||
The data start is moved \fIoffset\fP bytes into the specified file or
|
||||
device.
|
||||
@@ -140,6 +149,8 @@ the command
|
||||
.fi
|
||||
.SH RESTRICTION
|
||||
DES encryption is painfully slow. On the other hand, XOR is terribly weak.
|
||||
+Both are insecure nowadays. Some ciphers may require a licence for you to be
|
||||
+allowed to use them.
|
||||
|
||||
Cryptoloop is deprecated in favor of dm-crypt. For more details see
|
||||
.B cryptsetup(8).
|
||||
diff --git a/mount/mount.8 b/mount/mount.8
|
||||
index 54b11d4..e79ea04 100644
|
||||
--- a/mount/mount.8
|
||||
+++ b/mount/mount.8
|
||||
@@ -615,6 +615,15 @@ This option implies the options
|
||||
(unless overridden by subsequent options, as in the option line
|
||||
.BR group,dev,suid ).
|
||||
.TP
|
||||
+.B encryption
|
||||
+Specifies an encryption algorithm to use. Used in conjunction with the
|
||||
+.BR loop " option."
|
||||
+.TP
|
||||
+.B keybits
|
||||
+Specifies the key size to use for an encryption algorithm. Used in conjunction
|
||||
+with the
|
||||
+.BR loop " and " encryption " options."
|
||||
+.TP
|
||||
.B mand
|
||||
Allow mandatory locks on this filesystem. See
|
||||
.BR fcntl (2).
|
||||
@@ -2010,6 +2019,10 @@ that are really options to
|
||||
.BR \%losetup (8).
|
||||
(These options can be used in addition to those specific
|
||||
to the filesystem type.)
|
||||
+If the mount requires a passphrase, you will be prompted for one unless
|
||||
+you specify a file descriptor to read from instead with the
|
||||
+.BR \-\-pass-fd
|
||||
+option.
|
||||
|
||||
If no explicit loop device is mentioned
|
||||
(but just an option `\fB\-o loop\fP' is given), then
|
||||
diff --git a/mount/mount.c b/mount/mount.c
|
||||
index 60fe4fe..164ae3c 100644
|
||||
--- a/mount/mount.c
|
||||
+++ b/mount/mount.c
|
||||
@@ -88,6 +88,9 @@ static int suid = 0;
|
||||
/* Contains the fd to read the passphrase from, if any. */
|
||||
static int pfd = -1;
|
||||
|
||||
@ -357,25 +450,24 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
/* Map from -o and fstab option strings to the flag argument to mount(2). */
|
||||
struct opt_map {
|
||||
const char *opt; /* option name */
|
||||
@@ -190,6 +193,7 @@ static int opt_nofail = 0;
|
||||
@@ -182,6 +185,7 @@ static const struct opt_map opt_map[] = {
|
||||
|
||||
static const char *opt_loopdev, *opt_vfstype, *opt_offset, *opt_encryption,
|
||||
*opt_speed, *opt_comment, *opt_uhelper;
|
||||
+static const char *opt_keybits, *opt_phash, *opt_nohashpass;
|
||||
+static const char *opt_keybits, *opt_phash;
|
||||
|
||||
static int mounted (const char *spec0, const char *node0);
|
||||
static int check_special_mountprog(const char *spec, const char *node,
|
||||
@@ -204,6 +208,9 @@ static struct string_opt_map {
|
||||
@@ -196,6 +200,8 @@ static struct string_opt_map {
|
||||
{ "vfs=", 1, &opt_vfstype },
|
||||
{ "offset=", 0, &opt_offset },
|
||||
{ "encryption=", 0, &opt_encryption },
|
||||
+ { "phash=", 0, &opt_phash },
|
||||
+ { "keybits=", 0, &opt_keybits },
|
||||
+ { "nohashpass", 0, &opt_nohashpass },
|
||||
{ "speed=", 0, &opt_speed },
|
||||
{ "comment=", 1, &opt_comment },
|
||||
{ "uhelper=", 0, &opt_uhelper },
|
||||
@@ -858,7 +865,7 @@ loop_check(const char **spec, const char
|
||||
@@ -897,7 +903,7 @@ loop_check(const char **spec, const char **type, int *flags,
|
||||
*type = opt_vfstype;
|
||||
}
|
||||
|
||||
@ -384,44 +476,28 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
*loopfile = *spec;
|
||||
|
||||
if (*loop) {
|
||||
@@ -879,9 +886,17 @@ loop_check(const char **spec, const char
|
||||
@@ -923,9 +929,10 @@ loop_check(const char **spec, const char **type, int *flags,
|
||||
return EX_SYSERR; /* no more loop devices */
|
||||
if (verbose)
|
||||
printf(_("mount: going to use the loop device %s\n"), *loopdev);
|
||||
-
|
||||
+ if (!keysz && opt_keybits)
|
||||
+ keysz = strtoul(opt_keybits, NULL, 0);
|
||||
+ if (opt_nohashpass) {
|
||||
+ if(opt_phash && strcmp(opt_phash, "none")) {
|
||||
+ error(_("mount: please specify either phash=%s or nohashpass\n"));
|
||||
+ return EX_FAIL;
|
||||
+ }
|
||||
+ opt_phash = "none";
|
||||
+ }
|
||||
if ((res = set_loop(*loopdev, *loopfile, offset,
|
||||
- opt_encryption, pfd, &loopro))) {
|
||||
+ opt_encryption, opt_phash, pfd, &loopro, keysz))) {
|
||||
if (res == 2) {
|
||||
/* loop dev has been grabbed by some other process,
|
||||
try again, if not given explicitly */
|
||||
@@ -1184,7 +1199,7 @@ try_mount_one (const char *spec0, const
|
||||
error (_("mount: %s not mounted already, or bad option"), node);
|
||||
} else {
|
||||
error (_("mount: wrong fs type, bad option, bad superblock on %s,\n"
|
||||
- " missing codepage or other error"),
|
||||
+ " missing codepage or helper program, or other error"),
|
||||
spec);
|
||||
|
||||
if (stat(spec, &statbuf) == 0 && S_ISBLK(statbuf.st_mode)
|
||||
@@ -1629,6 +1644,7 @@ static struct option longopts[] = {
|
||||
@@ -1661,6 +1668,7 @@ static struct option longopts[] = {
|
||||
{ "options", 1, 0, 'o' },
|
||||
{ "test-opts", 1, 0, 'O' },
|
||||
{ "pass-fd", 1, 0, 'p' },
|
||||
+ { "keybits", 1, 0, 'k' },
|
||||
{ "types", 1, 0, 't' },
|
||||
{ "bind", 0, 0, 128 },
|
||||
{ "replace", 0, 0, 129 },
|
||||
@@ -1781,6 +1797,7 @@ main(int argc, char *argv[]) {
|
||||
{ "move", 0, 0, 133 },
|
||||
@@ -1807,6 +1815,7 @@ main(int argc, char *argv[]) {
|
||||
char *options = NULL, *test_opts = NULL, *node;
|
||||
const char *spec = NULL;
|
||||
char *label = NULL;
|
||||
@ -429,7 +505,7 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
char *uuid = NULL;
|
||||
char *types = NULL;
|
||||
char *p;
|
||||
@@ -1811,7 +1828,7 @@ main(int argc, char *argv[]) {
|
||||
@@ -1837,7 +1846,7 @@ main(int argc, char *argv[]) {
|
||||
initproctitle(argc, argv);
|
||||
#endif
|
||||
|
||||
@ -438,7 +514,7 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
longopts, NULL)) != -1) {
|
||||
switch (c) {
|
||||
case 'a': /* mount everything in fstab */
|
||||
@@ -1829,6 +1846,9 @@ main(int argc, char *argv[]) {
|
||||
@@ -1855,6 +1864,9 @@ main(int argc, char *argv[]) {
|
||||
case 'i':
|
||||
external_allowed = 0;
|
||||
break;
|
||||
@ -448,9 +524,9 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
case 'l':
|
||||
list_with_volumelabel = 1;
|
||||
break;
|
||||
@@ -1975,6 +1995,9 @@ main(int argc, char *argv[]) {
|
||||
create_mtab ();
|
||||
}
|
||||
@@ -1991,6 +2003,9 @@ main(int argc, char *argv[]) {
|
||||
|
||||
atexit(unlock_mtab);
|
||||
|
||||
+ if (keysize && sscanf(keysize,"%d",&keysz) != 1)
|
||||
+ die (EX_USAGE, _("mount: argument to --keybits or -k must be a number"));
|
||||
@ -458,23 +534,22 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
switch (argc+specseen) {
|
||||
case 0:
|
||||
/* mount -a */
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.h
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13rc2+git20070725.orig/mount/lomount.h
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/lomount.h
|
||||
@@ -1,6 +1,6 @@
|
||||
extern int verbose;
|
||||
-extern int set_loop(const char *, const char *, unsigned long long,
|
||||
- const char *, int, int *);
|
||||
+extern int set_loop(const char *device, const char *file, unsigned long long offset,
|
||||
+ const char *encryption, const char* phash, int pfd, int *loopro, int keysz);
|
||||
extern int del_loop(const char *);
|
||||
extern int is_loop_device(const char *);
|
||||
extern char * find_unused_loop_device(void);
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/rmd160.c
|
||||
===================================================================
|
||||
diff --git a/mount/my_dev_t.h b/mount/my_dev_t.h
|
||||
new file mode 100644
|
||||
index 0000000..5c4c0a1
|
||||
--- /dev/null
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/rmd160.c
|
||||
+++ b/mount/my_dev_t.h
|
||||
@@ -0,0 +1,5 @@
|
||||
+/* silliness to get dev_t defined as the kernel defines it */
|
||||
+/* glibc uses a different dev_t */
|
||||
+
|
||||
+#include <linux/posix_types.h>
|
||||
+#define my_dev_t __kernel_old_dev_t
|
||||
diff --git a/mount/rmd160.c b/mount/rmd160.c
|
||||
new file mode 100644
|
||||
index 0000000..3430954
|
||||
--- /dev/null
|
||||
+++ b/mount/rmd160.c
|
||||
@@ -0,0 +1,532 @@
|
||||
+/* rmd160.c - RIPE-MD160
|
||||
+ * Copyright (C) 1998 Free Software Foundation, Inc.
|
||||
@ -1008,10 +1083,28 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/rmd160.c
|
||||
+ rmd160_final( &hd );
|
||||
+ memcpy( outbuf, hd.buf, 20 );
|
||||
+}
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/sha512.c
|
||||
===================================================================
|
||||
diff --git a/mount/rmd160.h b/mount/rmd160.h
|
||||
new file mode 100644
|
||||
index 0000000..4b2c61d
|
||||
--- /dev/null
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/sha512.c
|
||||
+++ b/mount/rmd160.h
|
||||
@@ -0,0 +1,11 @@
|
||||
+#ifndef RMD160_H
|
||||
+#define RMD160_H
|
||||
+
|
||||
+#define RMD160_HASH_SIZE 20
|
||||
+
|
||||
+void
|
||||
+rmd160_hash_buffer( unsigned char *outbuf, const unsigned char *buffer, size_t length );
|
||||
+
|
||||
+#endif /*RMD160_H*/
|
||||
+
|
||||
+
|
||||
diff --git a/mount/sha512.c b/mount/sha512.c
|
||||
new file mode 100644
|
||||
index 0000000..e4c9c13
|
||||
--- /dev/null
|
||||
+++ b/mount/sha512.c
|
||||
@@ -0,0 +1,432 @@
|
||||
+/*
|
||||
+ * sha512.c
|
||||
@ -1445,10 +1538,11 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/sha512.c
|
||||
+ memset(&ctx, 0, sizeof(ctx));
|
||||
+}
|
||||
+#endif
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/sha512.h
|
||||
===================================================================
|
||||
diff --git a/mount/sha512.h b/mount/sha512.h
|
||||
new file mode 100644
|
||||
index 0000000..4b57c01
|
||||
--- /dev/null
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/sha512.h
|
||||
+++ b/mount/sha512.h
|
||||
@@ -0,0 +1,45 @@
|
||||
+/*
|
||||
+ * sha512.h
|
||||
@ -1495,3 +1589,6 @@ Index: util-linux-ng-2.13rc2+git20070725/mount/sha512.h
|
||||
+/* no sha384_write(), use sha512_write() */
|
||||
+/* no sha384_final(), use sha512_final(), result in ctx->sha_out[0...47] */
|
||||
+extern void sha384_hash_buffer(const unsigned char *, size_t, unsigned char *, size_t);
|
||||
--
|
||||
1.5.3.4
|
||||
|
3
util-linux-ng-2.13.0.1+git20071121.tar.bz2
Normal file
3
util-linux-ng-2.13.0.1+git20071121.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:901086dc7bc99a89b9f11839107a0dc83f6b9e89158bccb8b30ad0a5a609123b
|
||||
size 1585119
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:74640e1af0289d3be9397c8a7c8b62f147a3dbfad232fd4a7ec15a41e9ac1cf8
|
||||
size 1544622
|
@ -1,50 +0,0 @@
|
||||
commit ebbeb2c7ac1b00b6083905957837a271e80b187e
|
||||
Author: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||
Date: Thu Sep 20 14:57:20 2007 +0200
|
||||
|
||||
mount: doesn't drop privileges properly when calling helpers
|
||||
|
||||
{,u}mount calls setuid() and setgid() in the wrong order and doesn't checking
|
||||
the return value of set{u,g}id(() when running helpers like mount.nfs.
|
||||
|
||||
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13rc2+git20070725.orig/mount/mount.c
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/mount.c
|
||||
@@ -646,8 +646,12 @@ check_special_mountprog(const char *spec
|
||||
char *oo, *mountargs[10];
|
||||
int i = 0;
|
||||
|
||||
- setuid(getuid());
|
||||
- setgid(getgid());
|
||||
+ if(setgid(getgid()) < 0)
|
||||
+ die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno));
|
||||
+
|
||||
+ if(setuid(getuid()) < 0)
|
||||
+ die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno));
|
||||
+
|
||||
oo = fix_opts_string (flags, extra_opts, NULL);
|
||||
mountargs[i++] = mountprog; /* 1 */
|
||||
mountargs[i++] = (char *) spec; /* 2 */
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/umount.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13rc2+git20070725.orig/mount/umount.c
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/umount.c
|
||||
@@ -102,8 +102,12 @@ check_special_umountprog(const char *spe
|
||||
char *umountargs[8];
|
||||
int i = 0;
|
||||
|
||||
- setuid(getuid());
|
||||
- setgid(getgid());
|
||||
+ if(setgid(getgid()) < 0)
|
||||
+ die(EX_FAIL, _("umount: cannot set group id: %s"), strerror(errno));
|
||||
+
|
||||
+ if(setuid(getuid()) < 0)
|
||||
+ die(EX_FAIL, _("umount: cannot set user id: %s"), strerror(errno));
|
||||
+
|
||||
umountargs[i++] = umountprog;
|
||||
umountargs[i++] = xstrdup(node);
|
||||
if (nomtab)
|
@ -1,38 +0,0 @@
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13rc2+git20070725.orig/mount/lomount.c
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
@@ -338,13 +338,11 @@ set_loop(const char *device, const char
|
||||
|
||||
if (encryption && *encryption) {
|
||||
// a hint for suse users
|
||||
- if(!strcmp(encryption, "twofishSL92")) {
|
||||
- fprintf(stderr, _("twofishSL92 is not supported via cryptoloop, please use dm-crypt to access the volume\n"));
|
||||
- close(fd);
|
||||
- close(ffd);
|
||||
- return 1;
|
||||
- }
|
||||
- if (digits_only(encryption)) {
|
||||
+ if(!phash && (!strcmp(encryption, "twofishSL92") || (!strcmp(encryption, "twofish") && !keysz))) {
|
||||
+ fprintf(stderr,"Switching to old S.u.S.E. loop_fish2 compatibility mode.\n");
|
||||
+ fprintf(stderr, _("Warning: This mode is deprecated, support for it will be removed in the future.\n"));
|
||||
+ loopinfo64.lo_encrypt_type = 3; // LO_CRYPT_FISH
|
||||
+ } else if (digits_only(encryption)) {
|
||||
loopinfo64.lo_encrypt_type = atoi(encryption);
|
||||
} else {
|
||||
// check for something like twofish256
|
||||
@@ -405,6 +403,14 @@ set_loop(const char *device, const char
|
||||
hfunc = sha512_hash_buffer;
|
||||
if(loopinfo64.lo_encrypt_key_size == 24) hfunc = sha384_hash_buffer;
|
||||
if(loopinfo64.lo_encrypt_key_size == 32) hfunc = sha512_hash_buffer;
|
||||
+ } else if(loopinfo64.lo_encrypt_type == 3 ) { // LO_CRYPT_FISH
|
||||
+ if(!strcmp(encryption, "twofishSL92")) {
|
||||
+ hfunc = sha512_hash_buffer;
|
||||
+ loopinfo64.lo_encrypt_key_size = 32;
|
||||
+ } else {
|
||||
+ hfunc = phash_rmd160;
|
||||
+ loopinfo64.lo_encrypt_key_size = 20;
|
||||
+ }
|
||||
} else {
|
||||
hfunc = phash_none;
|
||||
loopinfo64.lo_encrypt_key_size = keysz?keysz>>3:LO_KEY_SIZE;
|
@ -1,55 +0,0 @@
|
||||
From 0e7b44f7f89291d8ae75e4f099d8aa2bcca1cfc5 Mon Sep 17 00:00:00 2001
|
||||
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||
Date: Tue, 9 Oct 2007 14:34:15 +0200
|
||||
Subject: [PATCH] fix buffer overflow
|
||||
|
||||
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||
---
|
||||
mount/lomount.c | 13 +++++++++----
|
||||
1 files changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
===================================================================
|
||||
--- util-linux-ng-2.13rc2+git20070725.orig/mount/lomount.c
|
||||
+++ util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
||||
@@ -25,8 +25,8 @@
|
||||
#include "xstrncpy.h"
|
||||
#include "nls.h"
|
||||
|
||||
-#ifndef MAX
|
||||
-#define MAX(a,b) ((a>b)?(a):(b))
|
||||
+#ifndef MIN
|
||||
+#define MIN(a,b) ((a<b)?(a):(b))
|
||||
#endif
|
||||
|
||||
extern int verbose;
|
||||
@@ -291,7 +291,7 @@ digits_only(const char *s) {
|
||||
|
||||
static void phash_none(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
|
||||
{
|
||||
- memcpy(buf, key, MAX(buflen, keylen));
|
||||
+ memcpy(buf, key, MIN(buflen, keylen));
|
||||
}
|
||||
|
||||
static void phash_rmd160(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
|
||||
@@ -304,7 +304,7 @@ static void phash_rmd160(const unsigned
|
||||
rmd160_hash_buffer(tmpbuf + RMD160_HASH_SIZE, tmp, keylen+1);
|
||||
memset(tmp, 0, keylen+1);
|
||||
free(tmp);
|
||||
- memcpy(buf, tmpbuf, MAX(buflen, sizeof(tmpbuf)));
|
||||
+ memcpy(buf, tmpbuf, MIN(buflen, sizeof(tmpbuf)));
|
||||
}
|
||||
|
||||
int
|
||||
@@ -421,6 +421,11 @@ set_loop(const char *device, const char
|
||||
loopinfo64.lo_encrypt_key_size = keysz>>3;
|
||||
}
|
||||
|
||||
+ if((unsigned)loopinfo64.lo_encrypt_key_size > sizeof(loopinfo64.lo_encrypt_key)) {
|
||||
+ fprintf(stderr, _("invalid key length\n"));
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
if (phash) {
|
||||
if(!strcasecmp(phash, "sha512")) {
|
||||
hfunc = sha512_hash_buffer;
|
@ -1,9 +1,91 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 12 14:52:21 CEST 2007 - lnussel@suse.de
|
||||
Sun Feb 10 18:11:07 CET 2008 - lrupp@suse.de
|
||||
|
||||
- fix mount not checking return value of setuid (#327022, CVE-2007-5191)
|
||||
- fix mount buffer overflow when reading the passphrase (#332148)
|
||||
- add loop_fish2 compatability code to losetup/mount again (#332095)
|
||||
- revert to 2.13.0.1+git20071121
|
||||
breaks current 'mount' call in Buildservice
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 7 12:41:25 CET 2008 - mkoenig@suse.de
|
||||
|
||||
- update to version 2.13.1:
|
||||
mount:
|
||||
* -L|-U segfault when label or uuid doesn't exist
|
||||
* chain of symlinks to fstab causes use of pointer after free
|
||||
* don't call canonicalize(SPEC) for cifs, smbfs and nfs
|
||||
* improve error message when helper program not present
|
||||
losetup:
|
||||
* fix errno usage
|
||||
mkswap:
|
||||
* possible to crash with SELinux relabeling support
|
||||
sfdisk:
|
||||
* allow partitioning drives of over 2^31 sectors
|
||||
hwclock:
|
||||
* check for ENODEV
|
||||
- mount: fix problem with device canonicalization when using
|
||||
persistent name in fstab but call mount with real bd name
|
||||
- patches merged:
|
||||
util-linux-2.13-mount_fd_leak.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 18 15:55:19 CET 2007 - mkoenig@suse.de
|
||||
|
||||
- add temporary workaround for broken RTC update interrupts
|
||||
[#338419]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 3 11:03:57 CET 2007 - ro@suse.de
|
||||
|
||||
- remove "arch", in coreutils now
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 29 17:51:17 CET 2007 - lnussel@suse.de
|
||||
|
||||
- update crypto patch
|
||||
* fix mount buffer overflow when reading the passphrase (#332148)
|
||||
* add loop_fish2 compatability code to losetup/mount again (#332095)
|
||||
* change default hash size for 128bit keys to sha256 again
|
||||
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 21 13:43:31 CET 2007 - mkoenig@suse.de
|
||||
|
||||
- update to git20071121:
|
||||
add sector size check for mkfs.minix [#308256]
|
||||
fix canonicalization for cifs [#338375]
|
||||
- provide Short-Description for raw init script
|
||||
- add rpmlintrc
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 20 17:49:35 CET 2007 - mkoenig@suse.de
|
||||
|
||||
- fix raw path in init script
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 6 16:11:02 CET 2007 - mkoenig@suse.de
|
||||
|
||||
- update to 2.13.0.1+git20071106
|
||||
- prevent loop mounting the same file twice [#240653]
|
||||
- merged upstream:
|
||||
util-linux-2.13-mount_helper_fix.patch
|
||||
util-linux-2.13-hwclock_rtc_option.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 4 22:24:04 CEST 2007 - bg@suse.de
|
||||
|
||||
- don't use parisc, parisc32 and parisc64.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 1 17:08:06 CEST 2007 - mkoenig@suse.de
|
||||
|
||||
- update to version 2.13
|
||||
merged upstream:
|
||||
util-linux-2.12r-disk_utils_mkfs_open_exclusive.patch
|
||||
util-linux-2.13-loop.patch
|
||||
util-linux-2.13-mount_create_mtab.patch
|
||||
util-linux-2.13-schedutils_error_handling.patch
|
||||
util-linux-2.13-sys_utils_build_rdev_x86_64.patch
|
||||
- fix hwclock --rtc option [#326106]
|
||||
- fix setuid/setgid mixup and error checking [#327022]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 14 11:24:33 CEST 2007 - mkoenig@suse.de
|
||||
|
818
util-linux.spec
818
util-linux.spec
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user